diff options
Diffstat (limited to 'mcp/reclass/classes/cluster/all-mcp-arch-common/infra')
3 files changed, 268 insertions, 55 deletions
diff --git a/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/config_dpdk_pdf.yml.j2 b/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/config_dpdk_pdf.yml.j2 deleted file mode 100644 index 703d5350e..000000000 --- a/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/config_dpdk_pdf.yml.j2 +++ /dev/null @@ -1,42 +0,0 @@ -############################################################################## -# Copyright (c) 2018 Mirantis Inc., Enea AB and others. -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## -{%- import 'net_map.j2' as nm with context %} ---- -parameters: - reclass: - storage: - node: - # NOTE: Until SDF is in place, assume all computes are identical - openstack_compute_node01: &openstack_compute_node01 - params: -{#- No partial defaults, all or nothing. Defaults tuned for lf-pod2. #} -{%- if conf.idf.fuel.reclass is defined %} -{%- if conf.idf.fuel.reclass.node[nm.cmp001.idx].compute_params.dpdk is defined %} -{#- Can't dump json here due to dpdk0_* below, explicitly create yaml #} -{%- set _dpdk = conf.idf.fuel.reclass.node[nm.cmp001.idx].compute_params.dpdk %} -{%- for _i in _dpdk %} - {{ _i }}: '"{{ _dpdk[_i] }}"' -{%- endfor %} -{%- endif %} -{%- else %} - compute_hugepages_size: 2M - compute_hugepages_count: 8192 - compute_hugepages_mount: /mnt/hugepages_2M - compute_kernel_isolcpu: 2,3,10,11 - compute_dpdk_driver: uio - compute_ovs_pmd_cpu_mask: '"0xc04"' - compute_ovs_dpdk_socket_mem: '"2048,2048"' - compute_ovs_dpdk_lcore_mask: '"0x8"' - compute_ovs_memory_channels: '"2"' - dpdk0_driver: igb_uio - dpdk0_n_rxq: 2 -{%- endif %} - dpdk0_name: {{ nm.cmp001.nic_private }} - dpdk0_pci: '"{{ nm.cmp001.bus_private }}"' - openstack_compute_node02: - <<: *openstack_compute_node01 diff --git a/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/config_pdf.yml.j2 b/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/config_pdf.yml.j2 index fb25cc617..1178843d9 100644 --- a/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/config_pdf.yml.j2 +++ b/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/config_pdf.yml.j2 @@ -6,28 +6,111 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## {%- import 'net_map.j2' as nm with context %} +{%- import 'net_macros.j2' as ma with context %} --- +classes: + - system.reclass.storage.salt +{%- if nm.cluster.has_baremetal_nodes %} + - system.reclass.storage.system.infra_maas_single +{%- endif %} + - system.salt.master.api + - system.salt.master.single + - system.salt.minion.ca.salt_master parameters: + _param: + salt_master_environment_repository: "https://github.com/tcpcloud" + salt_master_environment_revision: master + reclass_data_repository: local + salt_master_base_environment: prd + # yamllint disable-line rule:line-length + salt_api_password_hash: "$6$sGnRlxGf$al5jMCetLP.vfI/fTl3Z0N7Za1aeiexL487jAtyRABVfT3NlwZxQGVhO7S1N8OwS/34VHYwZQA8lkXwKMN/GS1" + infra_maas_system_codename: bionic + linux: + system: + user: + salt: + home: /home/salt + salt: + master: + accept_policy: open_mode + file_recv: true + minion: + mine: + module: + x509.get_pem_entries: ['/etc/pki/all_cas/*'] reclass: storage: + data_source: + engine: local +{%- if nm.cmp_nodes > 0 %} node: - # NOTE: Until SDF is in place, assume all computes are identical - openstack_compute_node01: &openstack_compute_node01 + # We support per-node (not only per-role) compute configuration via IDF +{%- for cmp in range(1, nm.cmp_nodes + 1) %} + {%- set n = '%02d' | format(cmp) %} + {%- set i = nm.cmp001.idx + cmp - 1 %} + + {%- set admin = nm.net_admin_hosts | length + nm.start_ip[nm.net_admin] + loop.index %} + {%- set mgmt = nm.net_mgmt_hosts | length + nm.start_ip[nm.net_mgmt] + loop.index %} + {%- set pub = nm.net_public_hosts | length + nm.start_ip[nm.net_public] + loop.index %} + {%- set pri = nm.net_private_hosts | length + nm.start_ip[nm.net_private] + loop.index %} + openstack_compute_node{{ n }}: + name: cmp{{ '%03d' | format(cmp) }} + domain: ${_param:cluster_domain} + classes: + - cluster.${_param:cluster_name}.openstack.compute params: -{#- No partial defaults, all or nothing. Defaults tuned for lf-pod2. #} -{%- if conf.idf.fuel.reclass is defined %} -{%- if conf.idf.fuel.reclass.node[nm.cmp001.idx].compute_params.common is defined %} -{%- set _common = conf.idf.fuel.reclass.node[nm.cmp001.idx].compute_params.common %} -{%- for _i in _common %} + pxe_admin_address: {{ nm.net_admin | ipnet_hostaddr(admin) }} + pxe_admin_interface: {{ conf.idf.fuel.network.node[i].interfaces[nm.idx_admin] }} + single_address: {{ nm.net_mgmt | ipnet_hostaddr(mgmt) }} + tenant_address: {{ nm.net_private | ipnet_hostaddr(pri) }} + external_address: {{ nm.net_public | ipnet_hostaddr(pub) }} + salt_master_host: ${_param:reclass_config_master} + linux_system_codename: bionic + + {#- No partial defaults, all or nothing. Defaults tuned for lf-pod2. #} + {%- if '-ovs-' in conf.MCP_DEPLOY_SCENARIO or '-fdio-' in conf.MCP_DEPLOY_SCENARIO %} + {%- set private_speed = conf.nodes[i].interfaces[nm.idx_private].speed %} + {%- set private_pci = conf.idf.fuel.network.node[i].busaddr[nm.idx_private] %} + {%- if conf.idf.fuel.reclass is defined %} + {%- if conf.idf.fuel.reclass.node[i].compute_params.dpdk is defined %} + {#- Can't dump json here due to dpdk0_* below, explicitly create yaml #} + {%- set _dpdk = conf.idf.fuel.reclass.node[i].compute_params.dpdk %} + {%- set private_drv = _dpdk.dpdk0_driver %} + {%- for _i in _dpdk %} + {{ _i }}: '"{{ _dpdk[_i] }}"' + {%- endfor %} + {%- endif %} + {%- else %} + compute_hugepages_size: 2M + compute_hugepages_count: 13312 + compute_hugepages_mount: /mnt/hugepages_2M + compute_kernel_isolcpu: 3,8,9,10,11 + compute_dpdk_driver: uio + compute_ovs_pmd_cpu_mask: '"0x708"' + compute_ovs_dpdk_socket_mem: '"4096,4096"' + compute_ovs_dpdk_lcore_mask: '"0x800"' + compute_ovs_memory_channels: '"2"' + dpdk0_driver: igb_uio + dpdk0_n_rxq: 2 + {%- endif %} + dpdk0_name: {{ conf.idf.fuel.network.node[i].interfaces[nm.idx_private] }} + dpdk0_pci: '"{{ private_pci }}"' + dpdk0_vpp: {{ ma.vpp_interface_str(private_speed, private_pci, private_drv or '') }} + {%- else %} + {%- if conf.idf.fuel.reclass is defined %} + {%- if conf.idf.fuel.reclass.node[i].compute_params.common is defined %} + {%- set _common = conf.idf.fuel.reclass.node[i].compute_params.common %} + {%- for _i in _common %} {{ _i }}: '"{{ _common[_i] }}"' -{%- endfor %} -{%- else %} + {%- endfor %} + {%- else %} dummy_value: ~ -{%- endif %} -{%- else %} + {%- endif %} + {%- else %} compute_hugepages_size: 1G compute_hugepages_count: 16 compute_hugepages_mount: /mnt/hugepages_1G + {%- endif %} + {%- endif %} +{%- endfor %} {%- endif %} - openstack_compute_node02: - <<: *openstack_compute_node01 diff --git a/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/maas.yml.j2 b/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/maas.yml.j2 new file mode 100644 index 000000000..092febabb --- /dev/null +++ b/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/maas.yml.j2 @@ -0,0 +1,172 @@ +############################################################################## +# Copyright (c) 2018 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +{%- import 'net_map.j2' as nm with context %} +--- +# NOTE: pod_config is generated and transferred into its final location on +# cfg01 only during deployment to prevent leaking sensitive data +classes: + - system.maas.region.single + - service.maas.cluster.single + - cluster.all-mcp-arch-common.opnfv.lab_proxy_pdf + - cluster.all-mcp-arch-common.opnfv.pod_config +parameters: + _param: + linux_system_codename: bionic + maas_admin_username: opnfv + dns_server01: '{{ nm.dns_public[0] }}' + single_address: ${_param:infra_maas_node01_deploy_address} + hwe_kernel: 'ga-18.04' + opnfv_maas_timeout_comissioning: {{ nm.maas_timeout_comissioning }} + opnfv_maas_timeout_deploying: {{ nm.maas_timeout_deploying }} + maas: + region: + services: + - maas-regiond + - bind9 +{%- if '-ovs-' in conf.MCP_DEPLOY_SCENARIO or '-fdio-' in conf.MCP_DEPLOY_SCENARIO %} + tags: + aarch64_hugepages_1g: + comment: 'Enable 1G pagesizes on aarch64' + definition: '//capability[@id="asimd"]|//capability[@id="cp15_barrier"]' + kernel_opts: 'default_hugepagesz=1G hugepagesz=1G kpti=off' +{%- endif %} + enable_iframe: False + timeout: + # Set maas.wait_for_<state> timeouts to ~2.5x of MaaS <state> timeout + ready: {{ nm.maas_timeout_comissioning * 150 }} + deployed: {{ nm.maas_timeout_deploying * 150 }} + attempts: 3 + boot_sources_delete_all_others: true + boot_sources: + resources_mirror: + url: http://images.maas.io/ephemeral-v3/daily + keyring_file: /usr/share/keyrings/ubuntu-cloudimage-keyring.gpg + boot_sources_selections: + bionic: + url: "http://images.maas.io/ephemeral-v3/daily" + os: "ubuntu" + release: "${_param:linux_system_codename}" + arches: +{%- for arch in nm.cluster.arch %} + - "{{ arch | dpkg_arch }}" +{%- endfor %} + subarches: + - "generic" + - "ga-18.04" + labels: '"*"' + fabrics: + pxe_admin: + name: 'pxe_admin' + description: Fabric for PXE/admin + vlans: + 0: + name: 'vlan 0' + description: PXE/admin VLAN + dhcp: true + primary_rack: "${linux:network:hostname}" + subnets: + {{ nm.net_admin }}: + name: {{ nm.net_admin }} + cidr: {{ nm.net_admin }} + gateway_ip: ${_param:single_address} + fabric: ${maas:region:fabrics:pxe_admin:name} + vlan: 0 + ipranges: + 1: + start: {{ nm.net_admin_pool_start }} + end: {{ nm.net_admin_pool_end }} + type: dynamic + sshprefs: + - '{{ conf.MAAS_SSH_KEY }}' +{%- if 'aarch64' in nm.cluster.arch %} + package_repositories: + armband: + name: armband + enabled: '1' + url: 'http://linux.enea.com/mcp-repos/${_param:armband_repo_version}/xenial' + distributions: '${_param:armband_repo_version}-armband' + components: 'main' + arches: 'arm64' + key: ${_param:armband_key} +{%- endif %} + salt_master_ip: ${_param:reclass_config_master} + domain: ${_param:cluster_domain} + ~maas_config: + maas_name: mas01 + active_discovery_interval: 600 + ntp_external_only: true + upstream_dns: ${_param:dns_server01} + commissioning_distro_series: 'bionic' + default_distro_series: 'bionic' + default_osystem: 'ubuntu' + default_storage_layout: 'lvm' + enable_http_proxy: true + disk_erase_with_secure_erase: false + dnssec_validation: 'no' + enable_third_party_drivers: true + network_discovery: 'enabled' + default_min_hwe_kernel: ${_param:hwe_kernel} + kernel_opts: 'spectre_v2=off nopti kpti=off nospec_store_bypass_disable noibrs noibpb' + cluster: + saltstack_repo_bionic: "deb [arch=amd64] http://archive.repo.saltstack.com/apt/ubuntu/18.04/amd64/2017.7/ bionic main" + region: + host: ${_param:single_address} + port: 5240 +{%- if '-iec-' not in conf.MCP_DEPLOY_SCENARIO and conf.MCP_KERNEL_VER %} + curtin_vars: + amd64: + bionic: &curtin_vars_bionic + kernel_package: + enabled: True + value: 'linux-image-{{ conf.MCP_KERNEL_VER }}-generic' + extra_pkgs: + enabled: True + pkgs: + - linux-image-{{ conf.MCP_KERNEL_VER }}-generic + - linux-headers-{{ conf.MCP_KERNEL_VER }}-generic + - linux-modules-extra-{{ conf.MCP_KERNEL_VER }}-generic + arm64: + bionic: + <<: *curtin_vars_bionic +{%- endif %} + linux: + system: + repo: + armband_3: + enabled: false + ~locale: '' + ~kernel: + sysctl: + net.ipv4.ip_forward: 1 + iptables: + schema: + epoch: 1 + service: + v4: + enabled: true + persistent_config: /etc/iptables/rules.v4 + v6: + enabled: false + tables: + v4: + filter: + chains: + INPUT: + ruleset: + 10: + rule: -s ${_param:single_address}/${_param:opnfv_net_admin_mask} + 11: + rule: -d ${_param:single_address}/${_param:opnfv_net_admin_mask} + nat: + chains: + POSTROUTING: + policy: ACCEPT + ruleset: + 10: + rule: -s ${_param:single_address}/${_param:opnfv_net_admin_mask} + action: MASQUERADE |