diff options
Diffstat (limited to 'mcp/reclass/classes/cluster/mcp-common-ha')
19 files changed, 251 insertions, 406 deletions
diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/glusterfs_repo.yml b/mcp/reclass/classes/cluster/mcp-common-ha/glusterfs_repo.yml new file mode 100644 index 000000000..3ec73bec0 --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-common-ha/glusterfs_repo.yml @@ -0,0 +1,24 @@ +############################################################################## +# Copyright (c) 2018 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +classes: + - system.linux.system.repo.keystorage.glusterfs +parameters: + _param: + glusterfs_version: "3.13" + linux: + system: + repo: + mcp_glusterfs: + # yamllint disable-line rule:line-length + source: "deb http://ppa.launchpad.net/gluster/glusterfs-${_param:glusterfs_version}/ubuntu ${_param:linux_system_codename} main" + key: ${_param:linux_system_repo_mcp_glusterfs_key} + pin: + - package: '*' + pin: release o=LP-PPA-gluster-glusterfs-${_param:glusterfs_version} + priority: 1100 diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/include/lab_proxy_pdf.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-ha/include/lab_proxy_pdf.yml.j2 deleted file mode 100644 index 3f238d667..000000000 --- a/mcp/reclass/classes/cluster/mcp-common-ha/include/lab_proxy_pdf.yml.j2 +++ /dev/null @@ -1,25 +0,0 @@ -############################################################################## -# Copyright (c) 2018 Mirantis Inc., Enea AB and others. -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -# We'll craft this class so it can be reused on both cfg01 and mas01 -{%- if conf.idf.fuel.network.upstream_proxy is defined %} -{%- set upstream_proxy=conf.idf.fuel.network.upstream_proxy %} -parameters: - maas: - region: - upstream_proxy: - address: {{ upstream_proxy.address }} - port: {{ upstream_proxy.port }} - linux: - system: - proxy: - pkg: - enabled: true - http: http://{{ upstream_proxy.address }}:{{ upstream_proxy.port }} - https: http://{{ upstream_proxy.address }}:{{ upstream_proxy.port }} -{%- endif %} diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/include/maas_proxy.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-ha/include/maas_proxy.yml.j2 deleted file mode 100644 index 58ea46cad..000000000 --- a/mcp/reclass/classes/cluster/mcp-common-ha/include/maas_proxy.yml.j2 +++ /dev/null @@ -1,27 +0,0 @@ -############################################################################## -# Copyright (c) 2018 Mirantis Inc., Enea AB and others. -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## ---- -{%- if 'maas' in conf.cluster.states %} -parameters: - # NOTE: Apt proxy is set by curtin, Salt minion proxy is configured below, - # only enable proxy via /etc/environment if you need it for smth else - # linux: - # system: - # env: - # http_proxy: http://${_param:infra_maas_node01_deploy_address}:8000 - # https_proxy: http://${_param:infra_maas_node01_deploy_address}:8000 - # no_proxy: - # - .local - linux: - system: - proxy: - pkg: - enabled: true - http: http://${_param:infra_maas_node01_deploy_address}:8000 - https: http://${_param:infra_maas_node01_deploy_address}:8000 -{%- endif %} diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/infra/config.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-ha/infra/config.yml.j2 index f6e0baa11..0ecc2e364 100644 --- a/mcp/reclass/classes/cluster/mcp-common-ha/infra/config.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-common-ha/infra/config.yml.j2 @@ -8,7 +8,6 @@ {%- import 'net_map.j2' as nm with context %} --- classes: - - system.linux.system.repo.saltstack.xenial - system.reclass.storage.system.physical_control_cluster - system.reclass.storage.system.openstack_control_cluster - system.reclass.storage.system.openstack_proxy_cluster @@ -18,40 +17,11 @@ classes: # - system.reclass.storage.system.stacklight_log_cluster # - system.reclass.storage.system.stacklight_monitor_cluster # - system.reclass.storage.system.stacklight_telemetry_cluster - - system.reclass.storage.system.infra_maas_single - - cluster.mcp-common-ha.include.lab_proxy_pdf + - cluster.all-mcp-arch-common.opnfv.lab_proxy_pdf - cluster.all-mcp-arch-common.infra.config_pdf parameters: _param: salt_master_host: ${_param:infra_config_deploy_address} - single_address: ${_param:infra_config_address} - deploy_address: ${_param:infra_config_deploy_address} - pxe_admin_address: ${_param:opnfv_infra_config_pxe_admin_address} - mcpcontrol_nic: ${_param:opnfv_fn_vm_primary_interface} - single_nic: ${_param:opnfv_fn_vm_secondary_interface} - pxe_admin_nic: ${_param:opnfv_fn_vm_tertiary_interface} - linux: - network: - interface: - mcpcontrol_int: - enabled: true - type: eth - proto: dhcp - name: ${_param:mcpcontrol_nic} - single: - enabled: true - type: eth - proto: static - name: ${_param:single_nic} - address: ${_param:single_address} - netmask: ${_param:opnfv_net_mgmt_mask} - pxe_admin_int: - enabled: true - type: eth - proto: static - name: ${_param:pxe_admin_nic} - address: ${_param:pxe_admin_address} - netmask: ${_param:opnfv_net_admin_mask} salt: master: accept_policy: open_mode @@ -65,7 +35,7 @@ parameters: infra_kvm_node01: params: keepalived_vip_priority: 100 - linux_system_codename: xenial + linux_system_codename: bionic pxe_admin_address: ${_param:opnfv_infra_kvm_node01_pxe_admin_address} infra_kvm_node02: {%- if not conf.MCP_VCP %} @@ -74,16 +44,16 @@ parameters: {%- endif %} params: keepalived_vip_priority: 101 - linux_system_codename: xenial + linux_system_codename: bionic pxe_admin_address: ${_param:opnfv_infra_kvm_node02_pxe_admin_address} infra_kvm_node03: params: keepalived_vip_priority: 102 - linux_system_codename: xenial + linux_system_codename: bionic pxe_admin_address: ${_param:opnfv_infra_kvm_node03_pxe_admin_address} openstack_telemetry_node01: params: - linux_system_codename: xenial + linux_system_codename: bionic # create resources only from 1 controller # to prevent race conditions ceilometer_create_gnocchi_resources: true @@ -91,33 +61,33 @@ parameters: pxe_admin_address: ${_param:opnfv_openstack_telemetry_node01_pxe_admin_address} openstack_telemetry_node02: params: - linux_system_codename: xenial + linux_system_codename: bionic redis_cluster_role: 'slave' pxe_admin_address: ${_param:opnfv_openstack_telemetry_node02_pxe_admin_address} openstack_telemetry_node03: params: - linux_system_codename: xenial + linux_system_codename: bionic redis_cluster_role: 'slave' pxe_admin_address: ${_param:opnfv_openstack_telemetry_node03_pxe_admin_address} openstack_message_queue_node01: params: - linux_system_codename: xenial + linux_system_codename: bionic pxe_admin_address: ${_param:opnfv_openstack_message_queue_node01_pxe_admin_address} openstack_message_queue_node02: params: - linux_system_codename: xenial + linux_system_codename: bionic pxe_admin_address: ${_param:opnfv_openstack_message_queue_node02_pxe_admin_address} openstack_message_queue_node03: params: - linux_system_codename: xenial + linux_system_codename: bionic pxe_admin_address: ${_param:opnfv_openstack_message_queue_node03_pxe_admin_address} openstack_proxy_node01: params: - linux_system_codename: xenial + linux_system_codename: bionic pxe_admin_address: ${_param:opnfv_openstack_proxy_node01_pxe_admin_address} openstack_proxy_node02: params: - linux_system_codename: xenial + linux_system_codename: bionic pxe_admin_address: ${_param:opnfv_openstack_proxy_node02_pxe_admin_address} # stacklight_log_node01: # classes: @@ -130,31 +100,31 @@ parameters: classes: - cluster.mcp-common-ha.openstack_control_init params: - linux_system_codename: xenial + linux_system_codename: bionic # NOTE: When VCP is present, external_address is not used external_address: ${_param:openstack_proxy_node01_address} pxe_admin_address: ${_param:opnfv_openstack_control_node01_pxe_admin_address} openstack_control_node02: params: - linux_system_codename: xenial + linux_system_codename: bionic external_address: 0.0.0.0 pxe_admin_address: ${_param:opnfv_openstack_control_node02_pxe_admin_address} openstack_control_node03: params: - linux_system_codename: xenial + linux_system_codename: bionic external_address: ${_param:openstack_proxy_node02_address} pxe_admin_address: ${_param:opnfv_openstack_control_node03_pxe_admin_address} openstack_database_node01: classes: - cluster.mcp-common-ha.openstack_database_init params: - linux_system_codename: xenial + linux_system_codename: bionic pxe_admin_address: ${_param:opnfv_openstack_database_node01_pxe_admin_address} openstack_database_node02: params: - linux_system_codename: xenial + linux_system_codename: bionic pxe_admin_address: ${_param:opnfv_openstack_database_node02_pxe_admin_address} openstack_database_node03: params: - linux_system_codename: xenial + linux_system_codename: bionic pxe_admin_address: ${_param:opnfv_openstack_database_node03_pxe_admin_address} diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/infra/init.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-ha/infra/init.yml.j2 index 931dd1bab..2f4686767 100644 --- a/mcp/reclass/classes/cluster/mcp-common-ha/infra/init.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-common-ha/infra/init.yml.j2 @@ -7,22 +7,18 @@ ############################################################################## --- classes: - - system.linux.system.single - cluster.all-mcp-arch-common # - cluster.mcp-common-ha.stacklight # - cluster.mcp-common-ha.stacklight.client parameters: _param: - apt_mk_version: nightly - mcp_repo_version: 1.1 - salt_version: 2016.11 + salt_version: 2017.7 cluster_domain: ${_param:cluster_name}.local # stacklight_environment: ${_param:cluster_domain} reclass_data_revision: master reclass_config_master: ${_param:opnfv_infra_config_pxe_admin_address} cluster_public_host: ${_param:openstack_proxy_address} infra_config_hostname: cfg01 - infra_maas_database_password: opnfv_secret # infra service addresses infra_config_address: ${_param:opnfv_infra_config_address} diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/infra/kvm.yml b/mcp/reclass/classes/cluster/mcp-common-ha/infra/kvm.yml.j2 index 868f324f6..37bc42225 100644 --- a/mcp/reclass/classes/cluster/mcp-common-ha/infra/kvm.yml +++ b/mcp/reclass/classes/cluster/mcp-common-ha/infra/kvm.yml.j2 @@ -5,9 +5,9 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## +{%- import 'net_map.j2' as nm with context %} --- classes: - - system.linux.system.repo.glusterfs - service.keepalived.cluster.single - system.glusterfs.server.volume.glance - system.glusterfs.server.volume.keystone @@ -21,13 +21,14 @@ classes: # - system.salt.control.cluster.stacklight_server_cluster # - system.salt.control.cluster.stacklight_log_cluster # - system.salt.control.cluster.stacklight_telemetry_cluster + - cluster.all-mcp-arch-common.backports + - cluster.mcp-common-ha.glusterfs_repo - cluster.mcp-common-ha.infra.kvm_pdf - - cluster.mcp-common-ha.include.maas_proxy - - cluster.mcp-common-ha.include.lab_proxy_pdf + - cluster.all-mcp-arch-common.opnfv.maas_proxy + - cluster.all-mcp-arch-common.opnfv.lab_proxy_pdf parameters: _param: - linux_system_codename: xenial - glusterfs_version: '3.13' + linux_system_codename: bionic cluster_vip_address: ${_param:infra_kvm_address} cluster_node01_address: ${_param:infra_kvm_node01_address} cluster_node02_address: ${_param:infra_kvm_node02_address} @@ -40,6 +41,12 @@ parameters: boot_options: - spectre_v2=off - nopti + - kpti=off + - nospec_store_bypass_disable + - noibrs + - noibpb + sysctl: + net.ipv4.ip_forward: 0 libvirt: server: service: libvirtd @@ -47,6 +54,7 @@ parameters: unix_sock_group: libvirt salt: control: + virt_service: libvirtd size: # RAM 4096,8192,16384,32768,65536 # Default production sizing openstack.control: @@ -92,34 +100,44 @@ parameters: cluster: internal: node: - mdb01: - image: ${_param:salt_control_xenial_image} + mdb01: &salt_control_bionic_image_common_attr + image: ${_param:salt_control_bionic_image} +{%- if conf.nodes[nm.ctl01.idx].node.arch == 'aarch64' %} + seed: qemu-nbd + ~cloud_init: ~ + machine: virt + cpu_mode: host-passthrough + loader: + readonly: 'yes' + type: pflash + path: /usr/share/AAVMF/AAVMF_CODE.fd +{%- endif %} mdb02: - image: ${_param:salt_control_xenial_image} + <<: *salt_control_bionic_image_common_attr mdb03: - image: ${_param:salt_control_xenial_image} + <<: *salt_control_bionic_image_common_attr ctl01: - image: ${_param:salt_control_xenial_image} + <<: *salt_control_bionic_image_common_attr ctl02: - image: ${_param:salt_control_xenial_image} + <<: *salt_control_bionic_image_common_attr ctl03: - image: ${_param:salt_control_xenial_image} + <<: *salt_control_bionic_image_common_attr dbs01: - image: ${_param:salt_control_xenial_image} + <<: *salt_control_bionic_image_common_attr dbs02: - image: ${_param:salt_control_xenial_image} + <<: *salt_control_bionic_image_common_attr dbs03: - image: ${_param:salt_control_xenial_image} + <<: *salt_control_bionic_image_common_attr msg01: - image: ${_param:salt_control_xenial_image} + <<: *salt_control_bionic_image_common_attr msg02: - image: ${_param:salt_control_xenial_image} + <<: *salt_control_bionic_image_common_attr msg03: - image: ${_param:salt_control_xenial_image} + <<: *salt_control_bionic_image_common_attr prx01: - image: ${_param:salt_control_xenial_image} + <<: *salt_control_bionic_image_common_attr prx02: - image: ${_param:salt_control_xenial_image} + <<: *salt_control_bionic_image_common_attr provider: kvm03.${_param:cluster_domain} virt: nic: diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/infra/kvm_pdf.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-ha/infra/kvm_pdf.yml.j2 index 6754d13dd..484e53299 100644 --- a/mcp/reclass/classes/cluster/mcp-common-ha/infra/kvm_pdf.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-common-ha/infra/kvm_pdf.yml.j2 @@ -13,8 +13,6 @@ {%- set vlans = { nm.vlan_admin: nm.ctl01.nic_admin, nm.vlan_mgmt: nm.ctl01.nic_mgmt, nm.vlan_public: nm.ctl01.nic_public } %} --- parameters: - _param: - interface_mtu: 1500 linux: network: interface: diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/infra/maas.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-ha/infra/maas.yml.j2 deleted file mode 100644 index 29b12ab99..000000000 --- a/mcp/reclass/classes/cluster/mcp-common-ha/infra/maas.yml.j2 +++ /dev/null @@ -1,174 +0,0 @@ -############################################################################## -# Copyright (c) 2018 Mirantis Inc., Enea AB and others. -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## -{%- import 'net_map.j2' as nm with context %} ---- -# NOTE: pod_config is generated and transferred into its final location on -# cfg01 only during deployment to prevent leaking sensitive data -classes: - - system.maas.region.single - - service.maas.cluster.single - - cluster.mcp-common-ha.include.lab_proxy_pdf - - cluster.all-mcp-arch-common.opnfv.pod_config -parameters: - _param: - mcpcontrol_interface: ${_param:opnfv_fn_vm_primary_interface} - primary_interface: ${_param:opnfv_fn_vm_secondary_interface} - pxe_admin_interface: ${_param:opnfv_fn_vm_tertiary_interface} - interface_mtu: 1500 - # MaaS has issues using MTU > 1500 for PXE interface - pxe_admin_interface_mtu: 1500 - linux_system_codename: xenial - maas_admin_username: opnfv - maas_admin_password: opnfv_secret - maas_db_password: opnfv_secret - dns_server01: '{{ nm.dns_public[0] }}' - single_address: ${_param:infra_maas_node01_deploy_address} - hwe_kernel: 'hwe-16.04' - opnfv_maas_timeout_comissioning: {{ nm.maas_timeout_comissioning }} - opnfv_maas_timeout_deploying: {{ nm.maas_timeout_deploying }} - maas: - region: - boot_sources_delete_all_others: true - boot_sources: - resources_mirror: - url: http://images.maas.io/ephemeral-v3/daily - keyring_file: /usr/share/keyrings/ubuntu-cloudimage-keyring.gpg - boot_sources_selections: - xenial: - url: "http://images.maas.io/ephemeral-v3/daily" - os: "ubuntu" - release: "${_param:linux_system_codename}" - arches: -{%- for arch in nm.cluster.arch %} - - "{{ arch | dpkg_arch }}" -{%- endfor %} - subarches: - - "generic" - - "ga-16.04" - - "hwe-16.04" - labels: '"*"' - fabrics: - pxe_admin: - name: 'pxe_admin' - description: Fabric for PXE/admin - vlans: - 0: - name: 'vlan 0' - description: PXE/admin VLAN - dhcp: true - primary_rack: "${linux:network:hostname}" - subnets: - {{ nm.net_admin }}: - name: {{ nm.net_admin }} - cidr: {{ nm.net_admin }} - gateway_ip: ${_param:single_address} - fabric: ${maas:region:fabrics:pxe_admin:name} - vlan: 0 - ipranges: - 1: - start: {{ nm.net_admin_pool_start }} - end: {{ nm.net_admin_pool_end }} - type: dynamic - sshprefs: - - '{{ conf.MAAS_SSH_KEY }}' -{%- if 'aarch64' in nm.cluster.arch %} - package_repositories: - armband: - name: armband - enabled: '1' - url: 'http://linux.enea.com/mcp-repos/${_param:openstack_version}/${_param:linux_system_codename}' - distributions: '${_param:openstack_version}-armband' - components: 'main' - arches: 'arm64' - key: &armband_key | - -----BEGIN PGP PUBLIC KEY BLOCK----- - Version: GnuPG v2.0.14 (GNU/Linux) - - mQENBFagAroBCADWboNIjuF6lB1mWv2+EbvqY3lKl5mLKhr2DnSUkKeHUPBv8gNM - qK8Q00AMIyPiyEhgjA+dWizZ+5aBgxoiY7oMeLJ2Xym36U/8SYq2BWd3SGCbMNoz - SJDxDUSM/HFVs6atF1M3DY9oN65hSVnu4uy5Tu6asf6k4rhAyk0z4+pRcPBCu2vq - mnGi3COM/+9PShrEKeVOx5W2vRJywUFuq8EDvQnRoJ0GvM28JiJIanw17YwIPxhg - BKZVpZjan5X+ihVMXwA2h/G/FS5Omhd50RqV6LWSYs94VJJgYqHx8UMm7izcxI+P - ct3IcbD195bPbJ+SbuiFe45ZLsdY1MyGiU2BABEBAAG0K0VuZWEgQXJtYmFuZCBE - ZXZvcHMgVGVhbSA8YXJtYmFuZEBlbmVhLmNvbT6JATgEEwECACICGwMGCwkIBwMC - BhUIAgkKCwQWAgMBAh4BAheABQJaY3bYAAoJEN6rkLp5irHRoQMH/0PYl0A/6eWw - nQ/szhEFrr76Ln6wA4vEO+PiuWj9kTkZM2NaCnkisrIuHSPIVvOLfFmztbE6sKGe - t+a2b7Jqw48DZ/gq508aZE4Q307ookxdCOrzIu/796hFO34yXg3sqZoJh3VmKIjY - 4DL8yG1iAiQ5vOw3IFWQnATwIZUgaCcjmE7HGap+9ePuJfFuQ8mIG5cy28t8qocx - AB/B2tucfBMwomYxKqgbLI5AG7iSt58ajvrrNa9f8IX7Ihj/jiuXhUwX+geEp98K - IWVI1ftEthZvfBpZW4BS98J4z//dEPi31L4jb9RQXq3afF2RpXchDeUN85bW45nu - W/9PMAlgE/U= - =m+zE - -----END PGP PUBLIC KEY BLOCK----- -{%- endif %} - machines: - {%- set pxe_interface = conf.idf.net_config.admin.interface %} - {#- We only support exactly 5 nodes for now, hardcoded order #} - {%- set node_roles = ['kvm01', 'kvm02', 'kvm03', 'cmp001', 'cmp002'] %} - {%- for node in conf.nodes %} - {%- if node.node.type == 'baremetal' %} - {{ node_roles[loop.index0] }}: - interface: - mac: {{ node.interfaces[pxe_interface].mac_address }} - power_parameters: - power_address: {{ node.remote_management.address.rsplit('/')[0] }} - power_password: {{ node.remote_management.pass }} - power_type: {{ node.remote_management.type }} - power_user: {{ node.remote_management.user }} - architecture: {{ node.node.arch | dpkg_arch }}/generic - distro_series: xenial - hwe_kernel: ${_param:hwe_kernel} - {%- if loop.index0 >= node_roles.index('cmp001') %} - disk_layout: - type: lvm - root_device: sda - volume_group: vgroot - volume_name: lvroot - volume_size: 100 - {%- endif %} - {%- endif %} - {%- endfor %} - salt_master_ip: ${_param:reclass_config_master} - domain: ${_param:cluster_domain} - maas_config: - commissioning_distro_series: 'xenial' - default_distro_series: 'xenial' - default_osystem: 'ubuntu' - default_storage_layout: 'lvm' - enable_http_proxy: true - disk_erase_with_secure_erase: false - dnssec_validation: 'no' - enable_third_party_drivers: true - network_discovery: 'enabled' - default_min_hwe_kernel: ${_param:hwe_kernel} - cluster: - saltstack_repo_xenial: "deb http://repo.saltstack.com/apt/ubuntu/16.04/amd64/2016.11/ xenial main" - linux: - network: - interface: - mcpcontrol_interface: - enabled: true - name: ${_param:mcpcontrol_interface} - type: eth - proto: dhcp - primary_interface: - enabled: true - name: ${_param:primary_interface} - mtu: ${_param:interface_mtu} - proto: static - address: ${_param:infra_maas_node01_address} - netmask: ${_param:opnfv_net_mgmt_mask} - type: eth - pxe_admin_interface: - enabled: true - name: ${_param:pxe_admin_interface} - mtu: ${_param:pxe_admin_interface_mtu} - proto: static - address: ${_param:single_address} - netmask: ${_param:opnfv_net_admin_mask} - type: eth diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_compute.yml b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_compute.yml index c7c6f2fab..af87d9c2f 100644 --- a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_compute.yml +++ b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_compute.yml @@ -7,8 +7,6 @@ ############################################################################## --- classes: - - system.linux.system.repo.mcp.mirror.v1.openstack - - system.linux.system.repo.glusterfs - system.glusterfs.client.cluster - system.nova.compute.cluster - system.nova.compute.nfv.hugepages @@ -17,13 +15,16 @@ classes: - system.cinder.volume.backend.lvm - system.ceilometer.agent.cluster - system.ceilometer.agent.polling.default + - service.barbican.client.cluster + - cluster.all-mcp-arch-common.backports + - cluster.mcp-common-ha.glusterfs_repo - cluster.mcp-common-ha.openstack_compute_pdf - - cluster.mcp-common-ha.include.maas_proxy - - cluster.mcp-common-ha.include.lab_proxy_pdf + - cluster.all-mcp-arch-common.opnfv.maas_proxy + - cluster.all-mcp-arch-common.opnfv.lab_proxy_pdf parameters: _param: cluster_vip_address: ${_param:openstack_control_address} - cluster_local_address: ${_param:control_address} + cluster_local_address: ${_param:single_address} cluster_node01_hostname: ${_param:openstack_control_node01_hostname} cluster_node01_address: ${_param:openstack_control_node01_address} cluster_node02_hostname: ${_param:openstack_control_node02_hostname} @@ -31,12 +32,9 @@ parameters: cluster_node03_hostname: ${_param:openstack_control_node03_hostname} cluster_node03_address: ${_param:openstack_control_node03_address} nova_vncproxy_url: https://${_param:cluster_public_host}:6080 - interface_mtu: 1500 keepalived_vip_interface: br-ctl keepalived_vip_virtual_router_id: 69 - linux_system_codename: xenial - single_address: ${_param:control_address} - glusterfs_version: '3.13' + linux_system_codename: bionic glusterfs: client: volumes: @@ -47,12 +45,20 @@ parameters: opts: "defaults,backup-volfile-servers=${_param:cluster_node01_address}:${_param:cluster_node02_address}:${_param:cluster_node03_address}" cinder: volume: + my_ip: ${_param:single_address} backend: lvm-driver: # Align system.cinder.volume.backend.lvm and MaaS data volume_group: ${linux:storage:lvm:cinder-vg:name} database: connection_recycle_time: ${_param:db_connection_recycle_time} + barbican: + enabled: ${_param:barbican_integration_enabled} + pkgs: + - cinder-volume + openiscsi_services: + - tgt + - iscsid linux: storage: lvm: @@ -67,11 +73,29 @@ parameters: boot_options: - spectre_v2=off - nopti + - kpti=off + - nospec_store_bypass_disable + - noibrs + - noibpb neutron: gateway: vlan_aware_vms: true root_helper_daemon: false + dhcp_lease_duration: 3600 + report_interval: 120 nova: compute: + libvirt_service: libvirtd + libvirt_bin: /etc/default/libvirtd disk_cachemodes: file=directsync,block=none preallocate_images: space + heal_instance_info_cache_interval: 300 + barbican: + enabled: ${_param:barbican_integration_enabled} + image: + verify_glance_signatures: false + pkgs: + - nova-compute + - python3-novaclient + - pm-utils + - sysfsutils diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_compute_pdf.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_compute_pdf.yml.j2 index 51a6dbd68..0b1c5bbf2 100644 --- a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_compute_pdf.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_compute_pdf.yml.j2 @@ -15,6 +15,7 @@ parameters: _param: # Should later be determined via PDF/IDF, AArch64 has ESP on /dev/sda1 +{%- if nm.cmp001.idx < conf.nodes | length %} {%- if conf.nodes[nm.cmp001.idx].node.type == 'virtual' %} ~cinder_lvm_devices: ['/dev/vdb'] {%- elif conf.nodes[nm.cmp001.idx].node.arch == 'aarch64' or @@ -23,6 +24,7 @@ parameters: {%- else %} ~cinder_lvm_devices: ['/dev/sda1'] {%- endif %} +{%- endif %} linux: network: bridge: openvswitch @@ -30,7 +32,7 @@ parameters: # PXE/admin is always untagged on computes pxe_admin_int: enabled: true - name: {{ nm.cmp001.nic_admin }} + name: ${_param:pxe_admin_interface} proto: static type: eth address: ${_param:pxe_admin_address} @@ -42,6 +44,9 @@ parameters: {%- if nm.cmp001.nic_admin in nics %} {%- do nics.pop(nm.cmp001.nic_admin) %} {%- endif %} +{%- if ma.interface_str(nm.cmp001.nic_public, nm.vlan_public) in nics %} + {%- do nics.pop(nm.cmp001.nic_public) %} +{%- endif %} {{ ma.linux_network_interfaces_nic(nics) }} @@ -66,11 +71,12 @@ parameters: - {{ ma.interface_str(nm.cmp001.nic_public, nm.vlan_public) }} gateway: ${_param:opnfv_net_public_gw} name_servers: {{ nm.dns_public }} - ovs_port_{{ nm.cmp001.nic_public }}: + noifupdown: true + {{ ma.interface_str(nm.cmp001.nic_public, nm.vlan_public) }}: enabled: true - name: {{ ma.interface_str(nm.cmp001.nic_public, nm.vlan_public) }} proto: manual ovs_port_type: OVSPort type: ovs_port ovs_bridge: br-floating bridge: br-floating + mtu: ${_param:interface_mtu} diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_control.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_control.yml.j2 index 0189e038c..b3ab9e2c7 100644 --- a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_control.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_control.yml.j2 @@ -7,8 +7,6 @@ ############################################################################## --- classes: - - system.linux.system.repo.mcp.mirror.v1.openstack - - system.linux.system.repo.glusterfs - system.ceilometer.client - system.memcached.server.single - system.keystone.server.cluster @@ -20,11 +18,17 @@ classes: - system.heat.server.cluster - system.designate.server.cluster - system.designate.server.backend.bind + - system.barbican.server.cluster + - system.apache.server.site.barbican + - service.barbican.server.plugin.simple_crypto + - system.apache.server.single - system.bind.server.single - system.haproxy.proxy.listen.openstack.placement - system.glusterfs.client.cluster - system.glusterfs.client.volume.glance - system.glusterfs.client.volume.keystone + - cluster.all-mcp-arch-common.backports + - cluster.mcp-common-ha.glusterfs_repo {%- if not conf.MCP_VCP %} # sync from kvm - service.keepalived.cluster.single @@ -42,13 +46,13 @@ classes: # - system.salt.control.cluster.stacklight_log_cluster # - system.salt.control.cluster.stacklight_telemetry_cluster - cluster.mcp-common-ha.infra.kvm_pdf - - cluster.mcp-common-ha.include.maas_proxy - - cluster.mcp-common-ha.include.lab_proxy_pdf + - cluster.all-mcp-arch-common.opnfv.maas_proxy + - cluster.all-mcp-arch-common.opnfv.lab_proxy_pdf {%- endif %} parameters: _param: {%- if not conf.MCP_VCP %} - linux_system_codename: xenial # sync from kvm + linux_system_codename: bionic # sync from kvm # For NOVCP, we switch keepalived VIPs, to keep cluster_vip_address in ctl single_nic: br-ctl # for keepalive_vip_interface interpolation control_nic: ~ # Dummy value to keep reclass 1.5.2 happy @@ -66,28 +70,60 @@ parameters: cluster_node03_hostname: ${_param:openstack_control_node03_hostname} cluster_node03_address: ${_param:openstack_control_node03_address} nova_vncproxy_url: https://${_param:cluster_public_host}:6080 - glusterfs_version: '3.13' + barbican_integration_enabled: 'false' + fernet_rotation_driver: 'shared_filesystem' + credential_rotation_driver: 'shared_filesystem' + common_conn_recycle_time: &db_conn_recycle_time + database: + connection_recycle_time: ${_param:db_connection_recycle_time} nova: - controller: &db_conn_recycle_time - database: - connection_recycle_time: ${_param:db_connection_recycle_time} + controller: + <<: *db_conn_recycle_time + barbican: + enabled: ${_param:barbican_integration_enabled} + pkgs: + - nova-api + - nova-conductor + - nova-consoleauth + - nova-scheduler + - nova-novncproxy + - python3-novaclient cinder: controller: + pkgs: + - cinder-api + - cinder-scheduler <<: *db_conn_recycle_time neutron: server: <<: *db_conn_recycle_time vlan_aware_vms: true root_helper_daemon: false + agent_down_time: 300 + global_physnet_mtu: ${_param:interface_mtu} + backend: + external_mtu: ${_param:interface_mtu} + pkgs: + - neutron-server keystone: server: <<: *db_conn_recycle_time cacert: /etc/ssl/certs/mcp_os_cacert openrc_extra: - volume_device_name: vdc + volume_device_name: sdc + pkgs: + - keystone + - python3-memcache + - python3-openstackclient glance: server: <<: *db_conn_recycle_time + identity: + barbican_endpoint: ${barbican:server:host_href} + pkgs: + - glance + services: + - glance-api {%- if conf.MCP_VCP %} heat: server: @@ -104,6 +140,9 @@ parameters: host: ${_param:openstack_proxy_control_address} port: 8003 protocol: http + apache: + server: + mod_wsgi: libapache2-mod-wsgi-py3 {%- else %} libvirt: server: @@ -120,7 +159,8 @@ parameters: apache: server: bind: - ~ports: ~ + listen_default_ports: false + mod_wsgi: libapache2-mod-wsgi-py3 # sync from common-ha kvm role glusterfs: server: @@ -146,9 +186,17 @@ parameters: listen: heat_cloudwatch_api: enabled: false - neutron_api: - # Set source balancing - type: heat + barbican: + server: + ks_notifications_enable: true + store: + software: + crypto_plugin: simple_crypto + store_plugin: store_crypto + global_default: true + database: + connection_recycle_time: ${_param:db_connection_recycle_time} + host: ${_param:openstack_database_address} bind: server: control: @@ -164,6 +212,9 @@ parameters: keys: - designate designate: + _support: + sphinx: + enabled: False # Workaround broken meta/sphinx.yml in salt-formula-designate server: pools: default: diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_control_init.yml b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_control_init.yml index 0664c5399..aaa5e65f0 100644 --- a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_control_init.yml +++ b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_control_init.yml @@ -9,21 +9,31 @@ classes: - system.keystone.client.single - system.keystone.client.service.aodh - - system.keystone.client.service.ceilometer - system.keystone.client.service.nova21 - system.keystone.client.service.nova-placement - system.keystone.client.service.cinder3 - system.keystone.client.service.designate + - system.keystone.client.service.ceilometer - system.keystone.client.service.gnocchi - system.keystone.client.service.panko + - system.keystone.client.service.barbican - system.keystone.client.v3.service.keystone parameters: + _param: + ceilometer_endpoint_status: absent keystone: client: enabled: true resources: v3: enabled: true + services: + ceilometer: + status: absent + # required only for Rally validation + cinder: + type: volume + description: OpenStack Volume Service server: identity: admin: diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_database.yml b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_database.yml index 89c485e0f..9ed3f70cd 100644 --- a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_database.yml +++ b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_database.yml @@ -7,10 +7,8 @@ ############################################################################## --- classes: - - system.linux.system.repo.mcp.mirror.v1.openstack - system.galera.server.cluster - system.galera.server.database.aodh - - system.galera.server.database.ceilometer - system.galera.server.database.cinder - system.galera.server.database.designate - system.galera.server.database.glance @@ -21,6 +19,8 @@ classes: - system.galera.server.database.nova - system.galera.server.database.neutron - system.galera.server.database.panko + - system.galera.server.database.barbican + - cluster.all-mcp-arch-common.backports parameters: _param: keepalived_vip_interface: ${_param:single_nic} diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_init.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_init.yml.j2 index b0f28f9f1..a55485ea0 100644 --- a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_init.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_init.yml.j2 @@ -9,9 +9,6 @@ --- parameters: _param: - - openstack_version: queens - # openstack service addresses {%- if conf.MCP_VCP %} openstack_proxy_control_address: ${_param:opnfv_openstack_proxy_control_address} @@ -111,16 +108,6 @@ parameters: openstack_compute_node01_hostname: cmp001 openstack_compute_node02_hostname: cmp002 - # opendaylight options -{%- if conf.MCP_VCP %} - opendaylight_server_node01_hostname: odl01 - opendaylight_server_node01_single_address: ${_param:opnfv_opendaylight_server_node01_single_address} -{%- else %} - opendaylight_control_hostname: ${_param:openstack_control_node02_hostname} - opendaylight_server_node01_hostname: ${_param:opendaylight_control_hostname} - opendaylight_server_node01_single_address: ${_param:opnfv_openstack_control_node02_address} -{%- endif %} - openstack_region: RegionOne admin_email: root@localhost db_connection_recycle_time: 300 @@ -134,23 +121,16 @@ parameters: neutron_compute_agent_mode: legacy neutron_compute_external_access: 'True' galera_server_cluster_name: openstack_cluster - galera_server_maintenance_password: opnfv_secret - galera_server_admin_password: opnfv_secret - rabbitmq_secret_key: opnfv_secret - rabbitmq_admin_password: opnfv_secret - rabbitmq_openstack_password: opnfv_secret glance_version: ${_param:openstack_version} glance_service_host: ${_param:openstack_control_address} keystone_version: ${_param:openstack_version} keystone_service_host: ${_param:openstack_control_address} heat_version: ${_param:openstack_version} heat_service_host: ${_param:openstack_control_address} - heat_domain_admin_password: opnfv_secret cinder_version: ${_param:openstack_version} cinder_service_host: ${_param:openstack_control_address} ceilometer_version: ${_param:openstack_version} ceilometer_service_host: ${_param:openstack_telemetry_address} - ceilometer_influxdb_password: opnfv_secret nova_version: ${_param:openstack_version} nova_service_host: ${_param:openstack_control_address} neutron_version: ${_param:openstack_version} @@ -161,51 +141,26 @@ parameters: glusterfs_service_host: ${_param:openstack_control_address} {%- endif %} mysql_admin_user: root - mysql_admin_password: opnfv_secret - mysql_cinder_password: opnfv_secret - mysql_ceilometer_password: opnfv_secret - mysql_glance_password: opnfv_secret - mysql_grafana_password: opnfv_secret - mysql_heat_password: opnfv_secret - mysql_keystone_password: opnfv_secret - mysql_neutron_password: opnfv_secret - mysql_nova_password: opnfv_secret - mysql_aodh_password: opnfv_secret - mysql_designate_password: opnfv_secret aodh_version: ${_param:openstack_version} - keystone_aodh_password: opnfv_secret - keystone_service_token: opnfv_secret - keystone_admin_password: opnfv_secret - keystone_ceilometer_password: opnfv_secret - keystone_cinder_password: opnfv_secret - keystone_glance_password: opnfv_secret - keystone_heat_password: opnfv_secret - keystone_keystone_password: opnfv_secret - keystone_neutron_password: opnfv_secret - keystone_nova_password: opnfv_secret - keystone_designate_password: opnfv_secret - ceilometer_secret_key: opnfv_secret + barbican_version: ${_param:openstack_version} + barbican_service_host: ${_param:openstack_control_address} + apache_barbican_api_address: ${_param:single_address} + barbican_integration_enabled: true horizon_version: ${_param:openstack_version} - horizon_secret_key: opaesee8Que2yahJoh9fo0eefo1Aeyo6ahyei8zeiboh3aeth5loth7ieNa5xi5e horizon_identity_host: ${_param:openstack_control_address} horizon_identity_encryption: none horizon_identity_version: 3 - metadata_password: opnfv_secret - openstack_telemetry_keepalived_password: opnfv_secret + apache_mods_status_enabled: false + nginx_server_site_nginx_proxy_openstack_web_enabled: true aodh_service_host: ${_param:openstack_telemetry_address} - gnocchi_version: 4.2 + gnocchi_version: 4.3 gnocchi_service_host: ${_param:openstack_telemetry_address} - mysql_gnocchi_password: opnfv_secret - keystone_gnocchi_password: opnfv_secret panko_version: ${_param:openstack_version} panko_service_host: ${_param:openstack_telemetry_address} - mysql_panko_password: opnfv_secret - keystone_panko_password: opnfv_secret ceilometer_agent_default_polling_interval: 180 ceilometer_agent_default_polling_meters: - "*" designate_service_host: ${_param:openstack_control_address} - designate_bind9_rndc_key: 4pc+X4PDqb2q+5o72dISm72LM1Ds9X2EYZjqg+nmsS7FhdTwzFFY8l/iEDmHxnyjkA33EQC8H+z0fLLBunoitw== designate_domain_id: 5186883b-91fb-4891-bd49-e6769234a8fc designate_pool_ns_records: - hostname: 'ns1.example.org.' @@ -243,22 +198,22 @@ parameters: # billometer_identity_token: ${_param:keystone_service_token} linux: system: - repo: - uca: - source: "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/${_param:openstack_version} main" - key_id: EC4926EA - key_server: keyserver.ubuntu.com - pin: - - pin: 'release o=Canonical' - priority: 1200 - package: 'python-pymysql libvirt* *qemu*' {%- if 'aarch64' in nm.cluster.arch %} + repo: armband_3: # Should be in sync with the repo config generated via curtin/MaaS - source: "deb http://linux.enea.com/mcp-repos/${_param:openstack_version}/${_param:linux_system_codename} ${_param:openstack_version}-armband main" - pin: - - pin: 'release a=${_param:openstack_version}-armband' - priority: 1201 + source: "deb http://linux.enea.com/mcp-repos/${_param:armband_repo_version}/xenial ${_param:armband_repo_version}-armband main" + key: ${_param:armband_key} + pinning: + 15: + enabled: true + pin: 'release a=${_param:armband_repo_version}-armband' + priority: 15 package: '*' + 1200: + enabled: true + pin: 'release a=${_param:armband_repo_version}-armband' + priority: 1200 + package: 'qemu-efi' {%- endif %} kernel: sysctl: diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_interface_vcp_biport.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_interface_vcp_biport.yml.j2 index 3576acc2f..3b302aca8 100644 --- a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_interface_vcp_biport.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_interface_vcp_biport.yml.j2 @@ -9,8 +9,8 @@ --- {%- if conf.MCP_VCP %} classes: - - cluster.mcp-common-ha.include.maas_proxy - - cluster.mcp-common-ha.include.lab_proxy_pdf + - cluster.all-mcp-arch-common.opnfv.maas_proxy + - cluster.all-mcp-arch-common.opnfv.lab_proxy_pdf parameters: _param: pxe_admin_interface: ${_param:opnfv_vcp_vm_primary_interface} @@ -28,6 +28,8 @@ parameters: gateway: {{ nm.net_admin_gw }} name_servers: - {{ nm.net_admin_gw }} + noifupdown: true + mtu: ${_param:interface_mtu} single: enabled: true type: eth @@ -35,4 +37,5 @@ parameters: name: ${_param:single_nic} address: ${_param:single_address} netmask: ${_param:opnfv_net_public_mask} + mtu: ${_param:interface_mtu} {%- endif %} diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_interface_vcp_triport.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_interface_vcp_triport.yml.j2 index 1fa22aa7f..8815de99b 100644 --- a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_interface_vcp_triport.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_interface_vcp_triport.yml.j2 @@ -10,8 +10,8 @@ --- {%- if conf.MCP_VCP %} classes: - - cluster.mcp-common-ha.include.maas_proxy - - cluster.mcp-common-ha.include.lab_proxy_pdf + - cluster.all-mcp-arch-common.opnfv.maas_proxy + - cluster.all-mcp-arch-common.opnfv.lab_proxy_pdf parameters: _param: pxe_admin_interface: ${_param:opnfv_vcp_vm_primary_interface} @@ -27,6 +27,8 @@ parameters: name: ${_param:pxe_admin_interface} address: ${_param:pxe_admin_address} netmask: ${_param:opnfv_net_admin_mask} + noifupdown: true + mtu: ${_param:interface_mtu} single_int: enabled: true type: eth @@ -36,6 +38,7 @@ parameters: netmask: ${_param:opnfv_net_public_mask} gateway: ${_param:opnfv_net_public_gw} name_servers: {{ nm.dns_public }} + mtu: ${_param:interface_mtu} control_int: enabled: true type: eth @@ -43,6 +46,7 @@ parameters: name: ${_param:control_nic} address: ${_param:control_address} netmask: ${_param:opnfv_net_mgmt_mask} + mtu: ${_param:interface_mtu} {%- else %} {#- For NOVCP scenarios, base config is in kvm_pdf, only add/override gw #} parameters: diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_message_queue.yml b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_message_queue.yml index 855e63267..1871c2efa 100644 --- a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_message_queue.yml +++ b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_message_queue.yml @@ -7,9 +7,9 @@ ############################################################################## --- classes: - - system.linux.system.repo.mcp.mirror.v1.openstack - system.rabbitmq.server.cluster - system.rabbitmq.server.vhost.openstack + - cluster.all-mcp-arch-common.backports parameters: _param: keepalived_vip_interface: ${_param:single_nic} diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_proxy.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_proxy.yml.j2 index d7ccff532..31bfeddb4 100644 --- a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_proxy.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_proxy.yml.j2 @@ -7,23 +7,25 @@ ############################################################################## --- classes: - - system.linux.system.repo.mcp.mirror.v1.openstack - system.nginx.server.single - system.nginx.server.proxy.openstack_api - system.nginx.server.proxy.openstack_vnc - system.nginx.server.proxy.openstack_web - system.nginx.server.proxy.openstack.aodh - - system.nginx.server.proxy.openstack.ceilometer + - system.nginx.server.proxy.openstack.barbican + - system.apache.server.single - system.horizon.server.single - system.salt.minion.cert.proxy - system.sphinx.server.doc.reclass - service.keepalived.cluster.single - system.keepalived.cluster.instance.openstack_web_public_vip + - cluster.all-mcp-arch-common.backports parameters: _param: cluster_vip_address: ${_param:openstack_proxy_address} keepalived_openstack_web_public_vip_address: ${_param:cluster_vip_address} keepalived_openstack_web_public_vip_interface: ${_param:single_nic} + keepalived_openstack_web_public_vip_password: ${_param:opnfv_main_password} keepalived_vip_address: ${_param:openstack_proxy_control_address} keepalived_vip_interface: ${_param:control_nic} keepalived_vip_virtual_router_id: 240 @@ -48,8 +50,6 @@ parameters: address: ${_param:openstack_proxy_address} nginx_proxy_openstack_api_aodh: <<: *nginx_openstack_proxy_address - nginx_proxy_openstack_api_ceilometer: - <<: *nginx_openstack_proxy_address nginx_proxy_openstack_api_cinder: <<: *nginx_openstack_proxy_address nginx_proxy_openstack_api_glance: @@ -93,3 +93,8 @@ parameters: vrrp_scripts: check_pidof: args: 'nginx' + apache: + server: + mod_wsgi: libapache2-mod-wsgi-py3 + bind: + listen_default_ports: false diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_telemetry.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_telemetry.yml.j2 index c55ea0049..776e520d2 100644 --- a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_telemetry.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_telemetry.yml.j2 @@ -7,7 +7,6 @@ ############################################################################## --- classes: - - system.linux.system.repo.mcp.mirror.v1.openstack - service.redis.server.single - system.ceilometer.server.cluster - system.ceilometer.server.coordination.redis @@ -23,6 +22,7 @@ classes: - system.gnocchi.common.storage.redis - system.gnocchi.common.coordination.redis - system.panko.server.cluster + - cluster.all-mcp-arch-common.backports parameters: _param: keepalived_openstack_telemetry_vip_interface: ${_param:single_nic} @@ -42,15 +42,21 @@ parameters: openstack_telemetry_redis_url: redis://${_param:redis_sentinel_node01_address}:26379?sentinel=master_1&sentinel_fallback=${_param:redis_sentinel_node02_address}:26379&sentinel_fallback=${_param:redis_sentinel_node03_address}:26379 gnocchi_coordination_url: ${_param:openstack_telemetry_redis_url} gnocchi_storage_incoming_redis_url: ${_param:openstack_telemetry_redis_url} + linux: + system: + sysfs: + transparent_hugepages: + kernel/mm/transparent_hugepage/enabled: never redis: server: - version: 3.0 + version: 5.0 appendfsync: 'no' bind: address: ${_param:single_address} cluster: enabled: true mode: sentinel + password: ${_param:opnfv_main_password} role: ${_param:redis_cluster_role} quorum: 2 master: @@ -69,6 +75,7 @@ parameters: - python-memcache apache: server: + mod_wsgi: libapache2-mod-wsgi-py3 ~modules: - rewrite {%- if conf.MCP_VCP %} {#- wsgi module will be enabled by a different class inherited later #} |