diff options
Diffstat (limited to 'mcp/reclass/classes/cluster')
117 files changed, 2876 insertions, 691 deletions
diff --git a/mcp/reclass/classes/cluster/.gitignore b/mcp/reclass/classes/cluster/.gitignore index a7efc5744..9ab39928b 100644 --- a/mcp/reclass/classes/cluster/.gitignore +++ b/mcp/reclass/classes/cluster/.gitignore @@ -3,25 +3,26 @@ all-mcp-arch-common/init.yml all-mcp-arch-common/opnfv/init.yml mcp*common-*/infra/config.yml mcp-common-ha/infra/init.yml -mcp-common-ha/infra/maas.yml +all-mcp-arch-common/infra/maas.yml mcp-common-ha/infra/kvm_novcp.yml -mcp-common-ha/include/maas_proxy.yml -mcp-common-ha/openstack_control.yml +all-mcp-arch-common/opnfv/maas_proxy.yml +mcp-common-*/openstack_control.yml mcp-common-ha/openstack_telemetry.yml mcp*common-*/openstack_init.yml mcp-common-ha/openstack_interface_vcp_biport.yml mcp-common-ha/openstack_interface_vcp_triport.yml mcp-common-ha/openstack_proxy.yml -mcp-ovs-ha/infra/init_vcp.yml -mcp-ovs-ha/infra/kvm.yml -mcp-ovs-dpdk-ha/infra/init_vcp.yml -mcp-ovs-dpdk-ha/infra/kvm.yml -mcp-odl-ha/infra/init_vcp.yml -mcp-odl-ha/infra/kvm.yml +mcp-*-ha/infra/kvm.yml +mcp-*-ha/infra/init_vcp.yml mcp-odl-ha/infra/maas.yml -mcp-ovn-ha/infra/init_vcp.yml -mcp-ovn-ha/infra/kvm.yml -mcp-odl-ha/opendaylight/control.yml +mcp-odl-*/opendaylight/control.yml mcp-odl-ha/openstack/init.yml -mcp-odl-noha/infra/config.yml +mcp-odl-*/infra/config.yml mcp-*-noha/openstack/compute.yml +mcp-common-noha/infra/init.yml +mcp-*-noha/openstack/gateway.yml +mcp-fdio-noha/infra/config.yml +mcp-iec-noha/akraino/iec.yml +mcp-iec-noha/infra/config.yml +mcp-iec-noha/infra/init.yml +mcp-iec-noha/infra/kvm.yml diff --git a/mcp/reclass/classes/cluster/README.rst b/mcp/reclass/classes/cluster/README.rst index 69234043a..2bb0f265b 100644 --- a/mcp/reclass/classes/cluster/README.rst +++ b/mcp/reclass/classes/cluster/README.rst @@ -2,22 +2,22 @@ .. http://creativecommons.org/licenses/by/4.0 .. (c) 2017 Mirantis Inc., Enea AB and others. -Fuel@OPNFV Cluster Reclass Models +OPNFV Fuel Cluster Reclass Models ================================= Overview -------- -#. Common classes (HA + noHA) +#. Common classes (HA **and** noHA) - - all-mcp-arch-common + - all-mcp-arch-common -#. Common classes (HA baremetal/virtual, noHA virtual) +#. Common classes (HA **or** noHA) - - mcp-<release>-common-ha - - mcp-<release>-common-noha + - mcp-common-ha + - mcp-common-noha #. Cluster specific classes - - mcp-<release>-*-{ha,noha} - - mcp-<release>-*-{ha,noha} + - mcp-\*-ha + - mcp-\*-noha diff --git a/mcp/reclass/classes/cluster/all-mcp-arch-common/backports.yml b/mcp/reclass/classes/cluster/all-mcp-arch-common/backports.yml new file mode 100644 index 000000000..04b38abae --- /dev/null +++ b/mcp/reclass/classes/cluster/all-mcp-arch-common/backports.yml @@ -0,0 +1,74 @@ +############################################################################## +# Copyright (c) 2019 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +classes: + - system.linux.system.repo.keystorage.mirantis_com + - cluster.all-mcp-arch-common.uca_repo +parameters: + _param: + backports_version: rocky + fakeinitscripts_ppa_key: | + -----BEGIN PGP PUBLIC KEY BLOCK----- + + xsFNBFwKq9ABEADqWu9anJFs3RJ87i53tU8lBC8JGa55YmRlN7LgvkPYMtXj3xOR + tBn8HJ3B0b2fKx2htUs+oWtFFCkNUmptnNz+tMVdwXt1lXSr2MEzO6PgBBAvak0j + GMLSsI4p60YqoPARMjPXvZ+VNcGZ6RSOKlNnEqSb+M76iaVaqEWBipDR1g+llCd9 + lgUVQ8iKolw+5iCnPnjmm0GdE9iw7Az0aUIv3yXNaEZwnGb9egdoioY4OvkY9HqR + KkgsrTVBWiTOsoDctrPkLNsB1BZLA/Qkgv4Sih2Bc7atgid6SvvuGClex+9MdBPQ + r0nT03O0uiXQ4Zk/ULlXaE2ci9dhMD5SNspgZnEULcubqL/Xd2iq6DlW22iXmj2X + PSoF6YxrtxlocaC2ChKFGITR7yiudxDYSCyBzXBMP7zfLVwZC3IX309HaxJRPCk5 + PEatmq0++z3lWfNXEjQ48Rt0mYTC5ktcJQGpSSp30hjrIfz5Jxa/FACQCJBGbr0/ + jO6cB6TJpHDnwdsEvCLJmeI6+OYkEzExarL8Wg8DdQUo5uppS4zANAgMsUbVqFz5 + 7WDlLMKPRAheEdZJIwCHXZrB3TibZTNUuafmQD+4a50cfKgNHlb+ks/5gbkxRdNj + DdZYI6gbh7PZcvIKOvakrEer8RIpqgSXyWPxIviyCGpp/+webUyapFwstQARAQAB + zRxMYXVuY2hwYWQgUFBBIGZvciBPUE5GViBGdWVswsF4BBMBAgAiBQJcCqvQAhsD + BgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCVWdwe/i1a+JgbEADZPwsdXStw + kqS+bg+bL4sCK55LnYAPWWnqXLuqpEEXusuGYEyahu69SOidL3/AXY1iM9FnbBE0 + qyycLQVOv/lt7Bs1WVg7M3gNjTsnCH7RbZsGVWDnOuZ1G0KP2o72dmrR9GYFArHA + MMc3YVoKAWhRBWHUKdSp/D68i/cfJ4V1PNhDpchOz4ytPjo2xyHyBW+wxLxNiC32 + 3uZeT7EpO8UbhuFDd3+PLaNrI1p2mkYxdmTpVBLIdKdAMq1QYi0B1nLvJ7Cp2yck + 2HKrI6pb74l7dkQOxx+x/inAMbZKX/AvKSjzyJ+Fxc4TT28m79QLuHtORiaPWCep + HePcl/0Qu2n85qOtWbWFWCJwlmvfTkHw2u7PEjutTgX9zOLdEFliu3v9nhvec7Mk + AzwpilBD6eAHav8Yhx6CKNR5GReK3viJ8+lso/D/56ap7el+W+M6K59imJ/r8WVx + 79qPXTAB29Co8hC5ky2qqeHMHw39VqC/JpCYPjH7qZNyWWhXBwHcobktuCc+tXdq + t1qlTz0aU/DLGUW8Buk9R6ZZTvSUibT8tRqDYtVhyJ7u/2qCdqhFoculWr6e6DQF + KP41NGKN4LtqQh7HmFCswvBnlu7BpkVlBqlHEMpqRUbJd7fg0oGkEf6P8hhWwdd2 + 0keWK/lCMRHDEN6+/1ppP7M90/JyUPXfFA== + =stQK + -----END PGP PUBLIC KEY BLOCK----- + linux: + system: + repo: + opnfv_fakeinitscripts: + source: "deb http://ppa.launchpad.net/opnfv-fuel/fakeinitscripts/ubuntu ${_param:linux_system_codename} main" + key: ${_param:fakeinitscripts_ppa_key} + mirantis_openstack: + # yamllint disable-line rule:line-length + source: "deb ${_param:linux_system_repo_url}/openstack-${_param:backports_version}/xenial xenial main" + key: ${_param:linux_system_repo_mirror_mirantis_key} + architectures: ${_param:linux_system_architecture} + clean_file: true + pinning: + 10: + enabled: true + pin: 'release o=Mirantis' + priority: 1101 + package: '/jinja2|redis/' + 15: + enabled: true + pin: 'release o=Mirantis,l=extra-nightly' + priority: -1 + package: 'mysql-common' + 20: + enabled: true + pin: 'release o=Mirantis,l=openstack-rocky-nightly' + priority: 1 + mirantis_extra: + # yamllint disable-line rule:line-length + source: "deb ${_param:linux_system_repo_url}extra/${_param:linux_system_codename} ${_param:linux_system_codename} main" + key: ${_param:linux_system_repo_mirror_mirantis_key} diff --git a/mcp/reclass/classes/cluster/all-mcp-arch-common/fdio_repo.yml b/mcp/reclass/classes/cluster/all-mcp-arch-common/fdio_repo.yml new file mode 100644 index 000000000..2a3bfddc4 --- /dev/null +++ b/mcp/reclass/classes/cluster/all-mcp-arch-common/fdio_repo.yml @@ -0,0 +1,118 @@ +############################################################################## +# Copyright (c) 2019 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +parameters: + _param: + vpp_version: '19.08.1-*' + linux: + system: + repo: + fdio-ubuntu: + source: "deb https://packagecloud.io/fdio/1908/ubuntu/ ${_param:linux_system_codename} main" + key: | + -----BEGIN PGP PUBLIC KEY BLOCK----- + + mQINBF1LI+cBEAC8PxQ5U6GUwSfd1iYf8UgTr4MKvQ9+rEhpZFBb/p6KYjeDKC+R + ZcSMO115J9vVMUFw05gZ76o4qAOe9u3WXEpTx8XGgCI7hx1r7TMhPNgbwUBRBunj + iRafzb+E8THX1lO2rE9W71AcFgBMS/+4LyofsVofBd7ldJaNeGUmOiOESpqmLkTz + KIv/w+XvJmeZViRupRY8RK/J6DDruE66UgPaQv3A0Bb3tMeKago0+dC74NEqDYez + eIKqZCh0xCxt+DhVXH4jykt5qka+Z4XWwac7jNG5nWK38af6pj/jYto9yQ3FVTkd + MBsq0haZiul4jtl1/29ydEfcPKojuxBrImUk1K5EEghTvKH8iX97oFn5df+dTpY9 + oZaYjWoLPhqxC8ruTBQyU2Tj0J2k70LK7QtB5XXYVUb5pTHLAkabQIEajtYnYsUl + 538/SMVk++U/gMpfM/DTConIiA2Vr2lSRU/zD2O1fR4fXtCsHSqCc7wUiMfkXjWN + mPfspeb5wwBU3j6EVWejf264oSY5BDUMJlgw/fpm0OO/814tCJAvM8mpGxNMqmNc + MmJTvqH5VWsMswhP/oLkniNfOZ7uRmEHP+wdmeE+D9F/IRAp59Zw4YptuZw/yjum + caLpPa5g+XR5ThxnaehUDJPRr/jIBA7oncb61cLgvEL9yLwBiOpxDYO3ywARAQAB + tGZodHRwczovL3BhY2thZ2VjbG91ZC5pby9mZGlvLzE5MDggKGh0dHBzOi8vcGFj + a2FnZWNsb3VkLmlvL2RvY3MjZ3BnX3NpZ25pbmcpIDxzdXBwb3J0QHBhY2thZ2Vj + bG91ZC5pbz6JAk4EEwEKADgWIQQsCK0NKJY6yc/hkfO+1QWW1GNBDwUCXUsj5wIb + LwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRC+1QWW1GNBDyYWD/sHWt0oyD+f + k9wk8y2Ot8o2yrpRVeY1mr3EI+AKQlZ3f2ABeQ6cBJHPQiqq+YORsw+gGX7UKkIR + 83J1hSdRshPomwOOnml9kDGVfH+cF2F9UC4xvsGp9LovOoDptgeGXnndv1IIFFvl + G6WIVz1OHeOH8xLoaL5QamQ5SrZkbMHDqPZ/FiS8SVK3y81O2CwGPJg7c/MBl7bK + FrRveA5ZkpvfjbHlv+Hd8AN8EjWjzU9HRETHuG2wMRZbHFlKYQSWKbAVjE8MotSh + c7pVCGYOMFh/jiFWVd9/6nD61AWKqLk9M7hxg4baQbz5kB2A14vNQWCtT9xq8QvC + JtE5wSNkeW+2yvntxsFxwLwsXtVfFuETro3c2ocUv7tgmR7x81h2fSYg6JP6Ch49 + u7URVpXU4NfAfw9Ii1PuHFPhLbJL0jHJKPWRkv2iUOv72tnb8Op2O7sAqSbdky8a + vNfMsr9aR53wFErTJnxitAMuUaEaS42SqmYP1H1De2ejw2NTsM0cFaNqF9tkYRaI + HOxLEkVtnWZ0eQkT+erRw0MRY9Y0btCRVTKAO8kW8WbNyBIQ8pynJsRHuMqWHgqC + pdzycyC70uyXMPhPtuaf7JdXbcH4Drg/x1CDA7KQPmOfmSI8RxzrFTigvVQ0zrmf + s0UoEAcFH269I8D4qmxsZajk91V93PK2dLkCDQRdSyPnARAAx5Y3uV3D8xp5HlUX + qVY2D1Mf75Qkn/oJbPAc/E9OetNA92ry1TLSq4chgLd46iMaCmLxXTLM7DRs9TMP + vqPM5kFI9ogKUxSwpjvrgDNscmPTUNA+/oyy4MCZROEGlP2wqGoISFC01MqQDm2i + 3yneqNcO/LFTJWpvjj3n+4GrEhQkc4o69QKZrjaWi79O58FMxLM/4ePHViPLMaX0 + y1JAt/qp8A0mr1mBXUfG6SireC5JAqmbB+pxONIuf7tgLGqIHqRKo+Kgk6/bqGN+ + UU/bGqLMVeTKHavp/vPjH24r70fL/j06IdEbYQxajjeIGp8hx1r0xRvw/4ktgfEf + LNqH7n8/tKdp6j/TEU4nJANzp+SLtewaWCNPlLvU9AkHngydbmknaVyjgZJe05UD + zdUBfFcHtJPiMcge7il+mhRA+7LSwiPQfRBFHWti/7z5D7sxSCt3o5XRIuzzjZKU + wjkoxh2x7b4Vt32UCVa2f/tAYAlWlEuPydZgvAsI0azym/TWmVVP+xQO9auGsvOK + 7H9/QgYmpIcOZwezyDWmySHC/8ju2bJXNmvUC9OP5oqMgfkfOEJr5xRihH9f1Xvw + DM4EU99ITYP36fD0kH6Xd6OdBPTk1W6R5Trr2zlxQfpts5JKyaH2PU4fJeXoQLFH + Al5m7f5Z9YayNKp1I1tZmZjgWasAEQEAAYkEbAQYAQoAIBYhBCwIrQ0oljrJz+GR + 877VBZbUY0EPBQJdSyPnAhsuAkAJEL7VBZbUY0EPwXQgBBkBCgAdFiEEC9r8C6QH + M4zVmwdGcMYVlT/IHRcFAl1LI+cACgkQcMYVlT/IHRetbxAAlKgcBsBuTtmdtzhQ + TkKIjm+eizcwkPVYl5WKZkp6uZV9hJFlpKWnnli2IosRy678NVdQFaT79/ImpH4t + uN5WNAh2WS15ZjYFCTOLygNNqGepXR0pwYG66oY8WKHBqk9FTOf5aSOl0gQvH2oX + x5HJI0dIJ3RcA+qozmXbRuF+uCmPlkfAQRSHyUpeveCwCUF4l568yCRhe4V63KI8 + klfVRx0wBzfgAgwrz2+Bsfr7NehU4LJYfklGIvZI4CzGuH49J3wZXDDmtWj2V6pf + WF1gCqpn5J6BTj/FSPJ6o3c1esECb/CDNnxm+V6xknE0yl2niwG/uEVf5v8VpTZK + f9Ct9nSp7Y9hzvzsajALKcYmEVB8hjyUBCf/LS2TGw/oNnnRfJFb/L1hxJsFZOw/ + kdaTuxJhM3M5UsM+snOxeGWe5sdfA/q0B1reVvbnjOE4aBLRm+NP/YJwZo7JMXGV + YBuOE1Qu4GYtAJ99G8/JoyEApc9sy+UPGNhdYApjDxsnbDVqDQ6Ge7tgtf+kFU8T + 9rCMDo/0riS+hSIeQn4XA65xDSBfP9WfEwLjYBl6P5aAKrV3yYs8qqeC0L4caOr/ + 2abq5zp5ZnQb2XEqoKiNY8M+/rbaIPuZJPJg/tOr4u6WZdDClZzoFx3JTBk7sAOI + /iHa3HxNcd6JHgKDT4R0G3NvvW47ghAAr0YdMziI7dJZlIYjcO3kx7fRbUP5xOdn + W793aaC5SGmHXBARmhgaqwfj4HA0OYAajdoUiG1cvhiNb2hHOKaNOn+2aLABapDT + v2cJtpl5B+hZycYE2Iidg4ezTUYEMOLJW961XICXlYWeZVDx7QI9VTGyTyTuUZaf + UbKgrOtIEeqR9wgVM67iyhvEqkngeCVmewIPlBA9TrysDHH3a2r3kuG+N5NMXHDt + Cgkj78jvZzQE9mvgIZGjWIiS4WHj2IOBr34kSQkKZtcUxqsWTm8JORoM2USG/RMg + 5ODQGurz1sNkILPvUIbAVLBnLj5ePC6pV0wrDfWg98h1Y3HuNr/UsD6A1NyfY1hD + 6nHogzKntI6S3oGhxx3JwK1Bh9vagZJpxINYDJdo3pOkbYCE7XbiBAsHyAI7JIK1 + rWzuzs/ofkcEfy7CdplNwIjhAwH3EmA7VfJ/R7WPEqqzWoM1ip0uhjerpbRU+Qf/ + iRi32wIfnk1t7dTdd8nYtR299o7nKHb9rYRrVgIAaNf2SuCmCFJ2+DTD96s1ka95 + i/uC/rNY0kKqoAWv1kn2Y4mPZJ8S1un/MjLSKO/P7f//fK15pwFGWQCozOXO1bCc + +9E6qetMManZflq+NUP3MsnPQb+2adtVyGSmYqFNIv8B+RSbJ0/7n0eRYmwGvuxR + Stl5YLE/10c= + =/RWK + -----END PGP PUBLIC KEY BLOCK----- + pin: + - pin: 'version ${_param:vpp_version}' + priority: 1200 + package: 'vpp*' + networking-vpp: + source: "deb http://ppa.launchpad.net/opnfv-fuel/networking-vpp/ubuntu ${_param:linux_system_codename} main" + key: | + -----BEGIN PGP PUBLIC KEY BLOCK----- + Version: GnuPG v1 + + mQINBFwKq9ABEADqWu9anJFs3RJ87i53tU8lBC8JGa55YmRlN7LgvkPYMtXj3xOR + tBn8HJ3B0b2fKx2htUs+oWtFFCkNUmptnNz+tMVdwXt1lXSr2MEzO6PgBBAvak0j + GMLSsI4p60YqoPARMjPXvZ+VNcGZ6RSOKlNnEqSb+M76iaVaqEWBipDR1g+llCd9 + lgUVQ8iKolw+5iCnPnjmm0GdE9iw7Az0aUIv3yXNaEZwnGb9egdoioY4OvkY9HqR + KkgsrTVBWiTOsoDctrPkLNsB1BZLA/Qkgv4Sih2Bc7atgid6SvvuGClex+9MdBPQ + r0nT03O0uiXQ4Zk/ULlXaE2ci9dhMD5SNspgZnEULcubqL/Xd2iq6DlW22iXmj2X + PSoF6YxrtxlocaC2ChKFGITR7yiudxDYSCyBzXBMP7zfLVwZC3IX309HaxJRPCk5 + PEatmq0++z3lWfNXEjQ48Rt0mYTC5ktcJQGpSSp30hjrIfz5Jxa/FACQCJBGbr0/ + jO6cB6TJpHDnwdsEvCLJmeI6+OYkEzExarL8Wg8DdQUo5uppS4zANAgMsUbVqFz5 + 7WDlLMKPRAheEdZJIwCHXZrB3TibZTNUuafmQD+4a50cfKgNHlb+ks/5gbkxRdNj + DdZYI6gbh7PZcvIKOvakrEer8RIpqgSXyWPxIviyCGpp/+webUyapFwstQARAQAB + tBxMYXVuY2hwYWQgUFBBIGZvciBPUE5GViBGdWVsiQI4BBMBAgAiBQJcCqvQAhsD + BgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCVWdwe/i1a+JgbEADZPwsdXStw + kqS+bg+bL4sCK55LnYAPWWnqXLuqpEEXusuGYEyahu69SOidL3/AXY1iM9FnbBE0 + qyycLQVOv/lt7Bs1WVg7M3gNjTsnCH7RbZsGVWDnOuZ1G0KP2o72dmrR9GYFArHA + MMc3YVoKAWhRBWHUKdSp/D68i/cfJ4V1PNhDpchOz4ytPjo2xyHyBW+wxLxNiC32 + 3uZeT7EpO8UbhuFDd3+PLaNrI1p2mkYxdmTpVBLIdKdAMq1QYi0B1nLvJ7Cp2yck + 2HKrI6pb74l7dkQOxx+x/inAMbZKX/AvKSjzyJ+Fxc4TT28m79QLuHtORiaPWCep + HePcl/0Qu2n85qOtWbWFWCJwlmvfTkHw2u7PEjutTgX9zOLdEFliu3v9nhvec7Mk + AzwpilBD6eAHav8Yhx6CKNR5GReK3viJ8+lso/D/56ap7el+W+M6K59imJ/r8WVx + 79qPXTAB29Co8hC5ky2qqeHMHw39VqC/JpCYPjH7qZNyWWhXBwHcobktuCc+tXdq + t1qlTz0aU/DLGUW8Buk9R6ZZTvSUibT8tRqDYtVhyJ7u/2qCdqhFoculWr6e6DQF + KP41NGKN4LtqQh7HmFCswvBnlu7BpkVlBqlHEMpqRUbJd7fg0oGkEf6P8hhWwdd2 + 0keWK/lCMRHDEN6+/1ppP7M90/JyUPXfFA== + =73aY + -----END PGP PUBLIC KEY BLOCK----- diff --git a/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/config_pdf.yml.j2 b/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/config_pdf.yml.j2 index c129a0a12..1178843d9 100644 --- a/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/config_pdf.yml.j2 +++ b/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/config_pdf.yml.j2 @@ -6,14 +6,15 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## {%- import 'net_map.j2' as nm with context %} +{%- import 'net_macros.j2' as ma with context %} --- classes: - - service.git.client - - system.linux.system.single - - system.linux.system.repo.mcp.salt - system.reclass.storage.salt +{%- if nm.cluster.has_baremetal_nodes %} + - system.reclass.storage.system.infra_maas_single +{%- endif %} - system.salt.master.api - - system.salt.master.pkg + - system.salt.master.single - system.salt.minion.ca.salt_master parameters: _param: @@ -23,14 +24,25 @@ parameters: salt_master_base_environment: prd # yamllint disable-line rule:line-length salt_api_password_hash: "$6$sGnRlxGf$al5jMCetLP.vfI/fTl3Z0N7Za1aeiexL487jAtyRABVfT3NlwZxQGVhO7S1N8OwS/34VHYwZQA8lkXwKMN/GS1" + infra_maas_system_codename: bionic + linux: + system: + user: + salt: + home: /home/salt salt: master: accept_policy: open_mode file_recv: true + minion: + mine: + module: + x509.get_pem_entries: ['/etc/pki/all_cas/*'] reclass: storage: data_source: engine: local +{%- if nm.cmp_nodes > 0 %} node: # We support per-node (not only per-role) compute configuration via IDF {%- for cmp in range(1, nm.cmp_nodes + 1) %} @@ -48,37 +60,42 @@ parameters: - cluster.${_param:cluster_name}.openstack.compute params: pxe_admin_address: {{ nm.net_admin | ipnet_hostaddr(admin) }} - control_address: {{ nm.net_mgmt | ipnet_hostaddr(mgmt) }} + pxe_admin_interface: {{ conf.idf.fuel.network.node[i].interfaces[nm.idx_admin] }} + single_address: {{ nm.net_mgmt | ipnet_hostaddr(mgmt) }} tenant_address: {{ nm.net_private | ipnet_hostaddr(pri) }} external_address: {{ nm.net_public | ipnet_hostaddr(pub) }} salt_master_host: ${_param:reclass_config_master} - linux_system_codename: xenial + linux_system_codename: bionic {#- No partial defaults, all or nothing. Defaults tuned for lf-pod2. #} - {%- if 'dpdk' in conf.cluster.domain or conf.MCP_DPDK_MODE %} + {%- if '-ovs-' in conf.MCP_DEPLOY_SCENARIO or '-fdio-' in conf.MCP_DEPLOY_SCENARIO %} + {%- set private_speed = conf.nodes[i].interfaces[nm.idx_private].speed %} + {%- set private_pci = conf.idf.fuel.network.node[i].busaddr[nm.idx_private] %} {%- if conf.idf.fuel.reclass is defined %} {%- if conf.idf.fuel.reclass.node[i].compute_params.dpdk is defined %} {#- Can't dump json here due to dpdk0_* below, explicitly create yaml #} {%- set _dpdk = conf.idf.fuel.reclass.node[i].compute_params.dpdk %} + {%- set private_drv = _dpdk.dpdk0_driver %} {%- for _i in _dpdk %} {{ _i }}: '"{{ _dpdk[_i] }}"' {%- endfor %} {%- endif %} {%- else %} compute_hugepages_size: 2M - compute_hugepages_count: 8192 + compute_hugepages_count: 13312 compute_hugepages_mount: /mnt/hugepages_2M - compute_kernel_isolcpu: 2,3,10,11 + compute_kernel_isolcpu: 3,8,9,10,11 compute_dpdk_driver: uio - compute_ovs_pmd_cpu_mask: '"0xc04"' - compute_ovs_dpdk_socket_mem: '"2048,2048"' - compute_ovs_dpdk_lcore_mask: '"0x8"' + compute_ovs_pmd_cpu_mask: '"0x708"' + compute_ovs_dpdk_socket_mem: '"4096,4096"' + compute_ovs_dpdk_lcore_mask: '"0x800"' compute_ovs_memory_channels: '"2"' dpdk0_driver: igb_uio dpdk0_n_rxq: 2 {%- endif %} dpdk0_name: {{ conf.idf.fuel.network.node[i].interfaces[nm.idx_private] }} - dpdk0_pci: '"{{ conf.idf.fuel.network.node[i].busaddr[nm.idx_private] }}"' + dpdk0_pci: '"{{ private_pci }}"' + dpdk0_vpp: {{ ma.vpp_interface_str(private_speed, private_pci, private_drv or '') }} {%- else %} {%- if conf.idf.fuel.reclass is defined %} {%- if conf.idf.fuel.reclass.node[i].compute_params.common is defined %} @@ -96,3 +113,4 @@ parameters: {%- endif %} {%- endif %} {%- endfor %} +{%- endif %} diff --git a/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/maas.yml.j2 b/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/maas.yml.j2 new file mode 100644 index 000000000..092febabb --- /dev/null +++ b/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/maas.yml.j2 @@ -0,0 +1,172 @@ +############################################################################## +# Copyright (c) 2018 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +{%- import 'net_map.j2' as nm with context %} +--- +# NOTE: pod_config is generated and transferred into its final location on +# cfg01 only during deployment to prevent leaking sensitive data +classes: + - system.maas.region.single + - service.maas.cluster.single + - cluster.all-mcp-arch-common.opnfv.lab_proxy_pdf + - cluster.all-mcp-arch-common.opnfv.pod_config +parameters: + _param: + linux_system_codename: bionic + maas_admin_username: opnfv + dns_server01: '{{ nm.dns_public[0] }}' + single_address: ${_param:infra_maas_node01_deploy_address} + hwe_kernel: 'ga-18.04' + opnfv_maas_timeout_comissioning: {{ nm.maas_timeout_comissioning }} + opnfv_maas_timeout_deploying: {{ nm.maas_timeout_deploying }} + maas: + region: + services: + - maas-regiond + - bind9 +{%- if '-ovs-' in conf.MCP_DEPLOY_SCENARIO or '-fdio-' in conf.MCP_DEPLOY_SCENARIO %} + tags: + aarch64_hugepages_1g: + comment: 'Enable 1G pagesizes on aarch64' + definition: '//capability[@id="asimd"]|//capability[@id="cp15_barrier"]' + kernel_opts: 'default_hugepagesz=1G hugepagesz=1G kpti=off' +{%- endif %} + enable_iframe: False + timeout: + # Set maas.wait_for_<state> timeouts to ~2.5x of MaaS <state> timeout + ready: {{ nm.maas_timeout_comissioning * 150 }} + deployed: {{ nm.maas_timeout_deploying * 150 }} + attempts: 3 + boot_sources_delete_all_others: true + boot_sources: + resources_mirror: + url: http://images.maas.io/ephemeral-v3/daily + keyring_file: /usr/share/keyrings/ubuntu-cloudimage-keyring.gpg + boot_sources_selections: + bionic: + url: "http://images.maas.io/ephemeral-v3/daily" + os: "ubuntu" + release: "${_param:linux_system_codename}" + arches: +{%- for arch in nm.cluster.arch %} + - "{{ arch | dpkg_arch }}" +{%- endfor %} + subarches: + - "generic" + - "ga-18.04" + labels: '"*"' + fabrics: + pxe_admin: + name: 'pxe_admin' + description: Fabric for PXE/admin + vlans: + 0: + name: 'vlan 0' + description: PXE/admin VLAN + dhcp: true + primary_rack: "${linux:network:hostname}" + subnets: + {{ nm.net_admin }}: + name: {{ nm.net_admin }} + cidr: {{ nm.net_admin }} + gateway_ip: ${_param:single_address} + fabric: ${maas:region:fabrics:pxe_admin:name} + vlan: 0 + ipranges: + 1: + start: {{ nm.net_admin_pool_start }} + end: {{ nm.net_admin_pool_end }} + type: dynamic + sshprefs: + - '{{ conf.MAAS_SSH_KEY }}' +{%- if 'aarch64' in nm.cluster.arch %} + package_repositories: + armband: + name: armband + enabled: '1' + url: 'http://linux.enea.com/mcp-repos/${_param:armband_repo_version}/xenial' + distributions: '${_param:armband_repo_version}-armband' + components: 'main' + arches: 'arm64' + key: ${_param:armband_key} +{%- endif %} + salt_master_ip: ${_param:reclass_config_master} + domain: ${_param:cluster_domain} + ~maas_config: + maas_name: mas01 + active_discovery_interval: 600 + ntp_external_only: true + upstream_dns: ${_param:dns_server01} + commissioning_distro_series: 'bionic' + default_distro_series: 'bionic' + default_osystem: 'ubuntu' + default_storage_layout: 'lvm' + enable_http_proxy: true + disk_erase_with_secure_erase: false + dnssec_validation: 'no' + enable_third_party_drivers: true + network_discovery: 'enabled' + default_min_hwe_kernel: ${_param:hwe_kernel} + kernel_opts: 'spectre_v2=off nopti kpti=off nospec_store_bypass_disable noibrs noibpb' + cluster: + saltstack_repo_bionic: "deb [arch=amd64] http://archive.repo.saltstack.com/apt/ubuntu/18.04/amd64/2017.7/ bionic main" + region: + host: ${_param:single_address} + port: 5240 +{%- if '-iec-' not in conf.MCP_DEPLOY_SCENARIO and conf.MCP_KERNEL_VER %} + curtin_vars: + amd64: + bionic: &curtin_vars_bionic + kernel_package: + enabled: True + value: 'linux-image-{{ conf.MCP_KERNEL_VER }}-generic' + extra_pkgs: + enabled: True + pkgs: + - linux-image-{{ conf.MCP_KERNEL_VER }}-generic + - linux-headers-{{ conf.MCP_KERNEL_VER }}-generic + - linux-modules-extra-{{ conf.MCP_KERNEL_VER }}-generic + arm64: + bionic: + <<: *curtin_vars_bionic +{%- endif %} + linux: + system: + repo: + armband_3: + enabled: false + ~locale: '' + ~kernel: + sysctl: + net.ipv4.ip_forward: 1 + iptables: + schema: + epoch: 1 + service: + v4: + enabled: true + persistent_config: /etc/iptables/rules.v4 + v6: + enabled: false + tables: + v4: + filter: + chains: + INPUT: + ruleset: + 10: + rule: -s ${_param:single_address}/${_param:opnfv_net_admin_mask} + 11: + rule: -d ${_param:single_address}/${_param:opnfv_net_admin_mask} + nat: + chains: + POSTROUTING: + policy: ACCEPT + ruleset: + 10: + rule: -s ${_param:single_address}/${_param:opnfv_net_admin_mask} + action: MASQUERADE diff --git a/mcp/reclass/classes/cluster/all-mcp-arch-common/init.yml.j2 b/mcp/reclass/classes/cluster/all-mcp-arch-common/init.yml.j2 index 19475c717..fc5bbaa7b 100644 --- a/mcp/reclass/classes/cluster/all-mcp-arch-common/init.yml.j2 +++ b/mcp/reclass/classes/cluster/all-mcp-arch-common/init.yml.j2 @@ -7,35 +7,54 @@ ############################################################################## --- classes: + - system.defaults + - system.linux.system.single - cluster.all-mcp-arch-common.opnfv + - cluster.all-mcp-arch-common.passwords parameters: _param: + openstack_version: stein + armband_repo_version: rocky + mcp_version: nightly + + banner_company_name: OPNFV + salt_control_trusty_image: '' # Dummy value, to keep reclass 1.5.2 happy - salt_control_xenial_image: salt://salt/files/control/images/base_image_opnfv_fuel_vcp.img + salt_control_bionic_image: salt://salt/files/control/images/base_image_opnfv_fuel_vcp.img - # VMs spawned on Foundation Node / Jump Host net ifaces (max 4) # VCP VMs spawned on KVM Hosts net ifaces (max 3) - # NOTE(armband): Only x86 VCP VMs spawned via salt.control names differ - {%- if conf.MCP_JUMP_ARCH == 'aarch64' %} - opnfv_fn_vm_primary_interface: enp1s0 - opnfv_fn_vm_secondary_interface: enp2s0 - opnfv_fn_vm_tertiary_interface: enp3s0 - opnfv_fn_vm_quaternary_interface: enp4s0 - - opnfv_vcp_vm_primary_interface: ${_param:opnfv_fn_vm_primary_interface} - opnfv_vcp_vm_secondary_interface: ${_param:opnfv_fn_vm_secondary_interface} - opnfv_vcp_vm_tertiary_interface: ${_param:opnfv_fn_vm_tertiary_interface} + opnfv_vcp_vm_primary_interface: enp1s0 + opnfv_vcp_vm_secondary_interface: enp2s0 + opnfv_vcp_vm_tertiary_interface: enp3s0 {%- else %} - opnfv_fn_vm_primary_interface: ens3 - opnfv_fn_vm_secondary_interface: ens4 - opnfv_fn_vm_tertiary_interface: ens5 - opnfv_fn_vm_quaternary_interface: ens6 - opnfv_vcp_vm_primary_interface: ens2 opnfv_vcp_vm_secondary_interface: ens3 opnfv_vcp_vm_tertiary_interface: ens4 {%- endif %} + interface_mtu: {{ conf.idf.fuel.network.interface_mtu or 1500 }} + ntp_strata_host1: {{ conf.idf.fuel.network.ntp_strata_host1 or '1.pool.ntp.org' }} ntp_strata_host2: {{ conf.idf.fuel.network.ntp_strata_host2 or '0.pool.ntp.org' }} + + armband_key: | + -----BEGIN PGP PUBLIC KEY BLOCK----- + Version: GnuPG v2.0.14 (GNU/Linux) + + mQENBFagAroBCADWboNIjuF6lB1mWv2+EbvqY3lKl5mLKhr2DnSUkKeHUPBv8gNM + qK8Q00AMIyPiyEhgjA+dWizZ+5aBgxoiY7oMeLJ2Xym36U/8SYq2BWd3SGCbMNoz + SJDxDUSM/HFVs6atF1M3DY9oN65hSVnu4uy5Tu6asf6k4rhAyk0z4+pRcPBCu2vq + mnGi3COM/+9PShrEKeVOx5W2vRJywUFuq8EDvQnRoJ0GvM28JiJIanw17YwIPxhg + BKZVpZjan5X+ihVMXwA2h/G/FS5Omhd50RqV6LWSYs94VJJgYqHx8UMm7izcxI+P + ct3IcbD195bPbJ+SbuiFe45ZLsdY1MyGiU2BABEBAAG0K0VuZWEgQXJtYmFuZCBE + ZXZvcHMgVGVhbSA8YXJtYmFuZEBlbmVhLmNvbT6JATgEEwECACICGwMGCwkIBwMC + BhUIAgkKCwQWAgMBAh4BAheABQJaY3bYAAoJEN6rkLp5irHRoQMH/0PYl0A/6eWw + nQ/szhEFrr76Ln6wA4vEO+PiuWj9kTkZM2NaCnkisrIuHSPIVvOLfFmztbE6sKGe + t+a2b7Jqw48DZ/gq508aZE4Q307ookxdCOrzIu/796hFO34yXg3sqZoJh3VmKIjY + 4DL8yG1iAiQ5vOw3IFWQnATwIZUgaCcjmE7HGap+9ePuJfFuQ8mIG5cy28t8qocx + AB/B2tucfBMwomYxKqgbLI5AG7iSt58ajvrrNa9f8IX7Ihj/jiuXhUwX+geEp98K + IWVI1ftEthZvfBpZW4BS98J4z//dEPi31L4jb9RQXq3afF2RpXchDeUN85bW45nu + W/9PMAlgE/U= + =m+zE + -----END PGP PUBLIC KEY BLOCK----- diff --git a/mcp/reclass/classes/cluster/all-mcp-arch-common/opnfv/init.yml.j2 b/mcp/reclass/classes/cluster/all-mcp-arch-common/opnfv/init.yml.j2 index 894d3bcc6..755d2cb08 100644 --- a/mcp/reclass/classes/cluster/all-mcp-arch-common/opnfv/init.yml.j2 +++ b/mcp/reclass/classes/cluster/all-mcp-arch-common/opnfv/init.yml.j2 @@ -27,3 +27,20 @@ parameters: {{key}}: {{ network | ipnet_hostaddr(i) }} {%- endfor %} {%- endfor %} + salt: + minion: + tcp_keepalive: True + tcp_keepalive_idle: 60 + linux: + network: + resolv: + dns: +{%- for server in nm.dns_public %} + - {{ server }} +{%- endfor %} +{%- if '-iec-' not in conf.MCP_DEPLOY_SCENARIO and conf.MCP_KERNEL_VER %} + system: + kernel: + version: '{{ conf.MCP_KERNEL_VER }}' + headers: True +{%- endif %} diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/include/lab_proxy_pdf.yml.j2 b/mcp/reclass/classes/cluster/all-mcp-arch-common/opnfv/lab_proxy_pdf.yml.j2 index 3f238d667..3f238d667 100644 --- a/mcp/reclass/classes/cluster/mcp-common-ha/include/lab_proxy_pdf.yml.j2 +++ b/mcp/reclass/classes/cluster/all-mcp-arch-common/opnfv/lab_proxy_pdf.yml.j2 diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/include/maas_proxy.yml.j2 b/mcp/reclass/classes/cluster/all-mcp-arch-common/opnfv/maas_proxy.yml.j2 index 58ea46cad..58ea46cad 100644 --- a/mcp/reclass/classes/cluster/mcp-common-ha/include/maas_proxy.yml.j2 +++ b/mcp/reclass/classes/cluster/all-mcp-arch-common/opnfv/maas_proxy.yml.j2 diff --git a/mcp/reclass/classes/cluster/all-mcp-arch-common/passwords.yml b/mcp/reclass/classes/cluster/all-mcp-arch-common/passwords.yml new file mode 100644 index 000000000..f51563e7c --- /dev/null +++ b/mcp/reclass/classes/cluster/all-mcp-arch-common/passwords.yml @@ -0,0 +1,64 @@ +############################################################################## +# Copyright (c) 2018 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +parameters: + _param: + opnfv_main_password: opnfv_secret + + maas_admin_password: ${_param:opnfv_main_password} + maas_db_password: ${_param:opnfv_main_password} + infra_maas_database_password: ${_param:opnfv_main_password} + + galera_server_maintenance_password: ${_param:opnfv_main_password} + galera_server_admin_password: ${_param:opnfv_main_password} + rabbitmq_secret_key: ${_param:opnfv_main_password} + rabbitmq_admin_password: ${_param:opnfv_main_password} + rabbitmq_openstack_password: ${_param:opnfv_main_password} + rabbitmq_cold_password: ${_param:opnfv_main_password} + mysql_admin_password: ${_param:opnfv_main_password} + mysql_cinder_password: ${_param:opnfv_main_password} + mysql_ceilometer_password: ${_param:opnfv_main_password} + mysql_glance_password: ${_param:opnfv_main_password} + mysql_grafana_password: ${_param:opnfv_main_password} + mysql_heat_password: ${_param:opnfv_main_password} + mysql_keystone_password: ${_param:opnfv_main_password} + mysql_neutron_password: ${_param:opnfv_main_password} + mysql_nova_password: ${_param:opnfv_main_password} + mysql_aodh_password: ${_param:opnfv_main_password} + mysql_designate_password: ${_param:opnfv_main_password} + keystone_aodh_password: ${_param:opnfv_main_password} + keystone_service_token: ${_param:opnfv_main_password} + keystone_admin_password: ${_param:opnfv_main_password} + keystone_ceilometer_password: ${_param:opnfv_main_password} + keystone_cinder_password: ${_param:opnfv_main_password} + keystone_glance_password: ${_param:opnfv_main_password} + keystone_heat_password: ${_param:opnfv_main_password} + keystone_keystone_password: ${_param:opnfv_main_password} + keystone_neutron_password: ${_param:opnfv_main_password} + keystone_nova_password: ${_param:opnfv_main_password} + keystone_designate_password: ${_param:opnfv_main_password} + mysql_barbican_password: ${_param:opnfv_main_password} + keystone_barbican_password: ${_param:opnfv_main_password} + metadata_password: ${_param:opnfv_main_password} + openstack_telemetry_keepalived_password: ${_param:opnfv_main_password} + mysql_panko_password: ${_param:opnfv_main_password} + keystone_panko_password: ${_param:opnfv_main_password} + mysql_gnocchi_password: ${_param:opnfv_main_password} + keystone_gnocchi_password: ${_param:opnfv_main_password} + mysql_tacker_password: ${_param:opnfv_main_password} + keystone_tacker_password: ${_param:opnfv_main_password} + heat_domain_admin_password: ${_param:opnfv_main_password} + ceilometer_influxdb_password: ${_param:opnfv_main_password} + ceilometer_secret_key: ${_param:opnfv_main_password} + openstack_telemetry_redis_password: ${_param:opnfv_main_password} + + opendaylight_password: admin + + barbican_simple_crypto_kek: "YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTY=" + horizon_secret_key: opaesee8Que2yahJoh9fo0eefo1Aeyo6ahyei8zeiboh3aeth5loth7ieNa5xi5e + designate_bind9_rndc_key: 4pc+X4PDqb2q+5o72dISm72LM1Ds9X2EYZjqg+nmsS7FhdTwzFFY8l/iEDmHxnyjkA33EQC8H+z0fLLBunoitw== diff --git a/mcp/reclass/classes/cluster/all-mcp-arch-common/uca_repo.yml b/mcp/reclass/classes/cluster/all-mcp-arch-common/uca_repo.yml new file mode 100644 index 000000000..2ca6f01d4 --- /dev/null +++ b/mcp/reclass/classes/cluster/all-mcp-arch-common/uca_repo.yml @@ -0,0 +1,68 @@ +############################################################################## +# Copyright (c) 2018 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +parameters: + linux: + system: + repo: + uca: + # yamllint disable-line rule:line-length + source: "deb http://ubuntu-cloud.archive.canonical.com/ubuntu ${_param:linux_system_codename}-updates/${_param:openstack_version} main" + key: | + -----BEGIN PGP PUBLIC KEY BLOCK----- + Version: GnuPG v1 + + mQINBFAqSlgBEADPKwXUwqbgoDYgR20zFypxSZlSbrttOKVPEMb0HSUx9Wj8VvNC + r+mT4E9wAyq7NTIs5ad2cUhXoyenrjcfGqK6k9R6yRHDbvAxCSWTnJjw7mzsajDN + ocXC6THKVW8BSjrh0aOBLpht6d5QCO2vyWxw65FKM65GOsbX03ZngUPMuOuiOEHQ + Zo97VSH2pSB+L+B3d9B0nw3QnU8qZMne+nVWYLYRXhCIxSv1/h39SXzHRgJoRUFH + vL2aiiVrn88NjqfDW15HFhVJcGOFuACZnRA0/EqTq0qNo3GziQO4mxuZi3bTVL5s + GABiYW9uIlokPqcS7Fa0FRVIU9R+bBdHZompcYnKAeGag+uRvuTqC3MMRcLUS9Oi + /P9I8fPARXUPwzYN3fagCGB8ffYVqMunnFs0L6td08BgvWwer+Buu4fPGsQ5OzMc + lgZ0TJmXyOlIW49lc1UXnORp4sm7HS6okA7P6URbqyGbaplSsNUVTgVbi+vc8/jY + dfExt/3HxVqgrPlq9htqYgwhYvGIbBAxmeFQD8Ak/ShSiWb1FdQ+f7Lty+4mZLfN + 8x4zPZ//7fD5d/PETPh9P0msF+lLFlP564+1j75wx+skFO4v1gGlBcDaeipkFzeo + zndAgpegydKSNTF4QK9iTYobTIwsYfGuS8rV21zE2saLM0CE3T90aHYB/wARAQAB + tD1DYW5vbmljYWwgQ2xvdWQgQXJjaGl2ZSBTaWduaW5nIEtleSA8ZnRwbWFzdGVy + QGNhbm9uaWNhbC5jb20+iQI3BBMBCAAhBQJQKkpYAhsDBQsJCAcDBRUKCQgLBRYC + AwEAAh4BAheAAAoJEF7bG2LsSSbqKxkQAIKtgImrk02YCDldg6tLt3b69ZK0kIVI + 3Xso/zCBZbrYFmgGQEFHAa58mIgpv5GcgHHxWjpX3n4tu2RM9EneKvFjFBstTTgo + yuCgFr7iblvs/aMW4jFJAiIbmjjXWVc0CVB/JlLqzBJ/MlHdR9OWmojN9ZzoIA+i + +tWlypgUot8iIxkR6JENxit5v9dN8i6anmnWybQ6PXFMuNi6GzQ0JgZIVs37n0ks + 2wh0N8hBjAKuUgqu4MPMwvNtz8FxEzyKwLNSMnjLAhzml/oje/Nj1GBB8roj5dmw + 7PSul5pAqQ5KTaXzl6gJN5vMEZzO4tEoGtRpA0/GTSXIlcx/SGkUK5+lqdQIMdyS + n8bImU6V6rDSoOaI9YWHZtpv5WeUsNTdf68jZsFCRD+2+NEmIqBVm11yhmUoasC6 + dYw5l9P/PBdwmFm6NBUSEwxb+ROfpL1ICaZk9Jy++6akxhY//+cYEPLin02r43Z3 + o5Piqujrs1R2Hs7kX84gL5SlBzTM4Ed+ob7KVtQHTefpbO35bQllkPNqfBsC8AIC + 8xvTP2S8FicYOPATEuiRWs7Kn31TWC2iwswRKEKVRmN0fdpu/UPdMikyoNu9szBZ + RxvkRAezh3WheJ6MW6Fmg9d+uTFJohZt5qHdpxYa4beuN4me8LF0TYzgfEbFT6b9 + D6IyTFoT0LequQINBFAqSlgBEADmL3TEq5ejBYrA+64zo8FYvCF4gziPa5rCIJGZ + /gZXQ7pm5zek/lOe9C80mhxNWeLmrWMkMOWKCeaDMFpMBOQhZZmRdakOnH/xxO5x + +fRdOOhy+5GTRJiwkuGOV6rB9eYJ3UN9caP2hfipCMpJjlg3j/GwktjhuqcBHXhA + HMhzxEOIDE5hmpDqZ051f8LGXld9aSL8RctoYFM8sgafPVmICTCq0Wh03dr5c2JA + gEXy3ushYm/8i2WFmyldo7vbtTfx3DpmJc/EMpGKV+GxcI3/ERqSkde0kWlmfPZb + o/5+hRqSryqfQtRKnFEQgAqAhPIwXwOkjCpPnDNfrkvzVEtl2/BWP/1/SOqzXjk9 + TIb1Q7MHANeFMrTCprzPLX6IdC4zLp+LpV91W2zygQJzPgWqH/Z/WFH4gXcBBqmI + 8bFpMPONYc9/67AWUABo2VOCojgtQmjxuFn+uGNw9PvxJAF3yjl781PVLUw3n66d + wHRmYj4hqxNDLywhhnL/CC7KUDtBnUU/CKn/0Xgm9oz3thuxG6i3F3pQgpp7MeMn + tKhLFWRXo9Bie8z/c0NV4K5HcpbGa8QPqoDseB5WaO4yGIBOt+nizM4DLrI+v07y + Xe3Jm7zBSpYSrGarZGK68qamS3XPzMshPdoXXz33bkQrTPpivGYQVRZuzd/R6b+6 + IurV+QARAQABiQIfBBgBCAAJBQJQKkpYAhsMAAoJEF7bG2LsSSbq59EP/1U3815/ + yHV3cf/JeHgh6WS/Oy2kRHp/kJt3ev/l/qIxfMIpyM3u/D6siORPTUXHPm3AaZrb + w0EDWByA3jHQEzlLIbsDGZgrnl+mxFuHwC1yEuW3xrzgjtGZCJureZ/BD6xfRuRc + mvnetAZv/z98VN/oj3rvYhUi71NApqSvMExpNBGrdO6gQlI5azhOu8xGNy4OSke8 + J6pAsMUXIcEwjVEIvewJuqBW/3rj3Hh14tmWjQ7shNnYBuSJwbLeUW2e8bURnfXE + TxrCmXzDmQldD5GQWCcD5WDosk/HVHBmHlqrqy0VO2nE3c73dQlNcI4jVWeC4b4Q + SpYVsFz/6Iqy5ZQkCOpQ57MCf0B6P5nF92c5f3TYPMxHf0x3DrjDbUVZytxDiZZa + XsbZzsejbbc1bSNp4hb+IWhmWoFnq/hNHXzKPHBTapObnQju+9zUlQngV0BlPT62 + hOHOw3Pv7suOuzzfuOO7qpz0uAy8cFKe7kBtLSFVjBwaG5JX89mgttYW+lw9Rmsb + p9Iw4KKFHIBLOwk7s+u0LUhP3d8neBI6NfkOYKZZCm3CuvkiOeQP9/2okFjtj+29 + jEL+9KQwrGNFEVNe85Un5MJfYIjgyqX3nJcwypYxidntnhMhr2VD3HL2R/4CiswB + Oa4g9309p/+af/HU1smBrOfIeRoxb8jQoHu3 + =xg4S + -----END PGP PUBLIC KEY BLOCK----- diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/glusterfs_repo.yml b/mcp/reclass/classes/cluster/mcp-common-ha/glusterfs_repo.yml new file mode 100644 index 000000000..3ec73bec0 --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-common-ha/glusterfs_repo.yml @@ -0,0 +1,24 @@ +############################################################################## +# Copyright (c) 2018 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +classes: + - system.linux.system.repo.keystorage.glusterfs +parameters: + _param: + glusterfs_version: "3.13" + linux: + system: + repo: + mcp_glusterfs: + # yamllint disable-line rule:line-length + source: "deb http://ppa.launchpad.net/gluster/glusterfs-${_param:glusterfs_version}/ubuntu ${_param:linux_system_codename} main" + key: ${_param:linux_system_repo_mcp_glusterfs_key} + pin: + - package: '*' + pin: release o=LP-PPA-gluster-glusterfs-${_param:glusterfs_version} + priority: 1100 diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/infra/config.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-ha/infra/config.yml.j2 index f6e0baa11..0ecc2e364 100644 --- a/mcp/reclass/classes/cluster/mcp-common-ha/infra/config.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-common-ha/infra/config.yml.j2 @@ -8,7 +8,6 @@ {%- import 'net_map.j2' as nm with context %} --- classes: - - system.linux.system.repo.saltstack.xenial - system.reclass.storage.system.physical_control_cluster - system.reclass.storage.system.openstack_control_cluster - system.reclass.storage.system.openstack_proxy_cluster @@ -18,40 +17,11 @@ classes: # - system.reclass.storage.system.stacklight_log_cluster # - system.reclass.storage.system.stacklight_monitor_cluster # - system.reclass.storage.system.stacklight_telemetry_cluster - - system.reclass.storage.system.infra_maas_single - - cluster.mcp-common-ha.include.lab_proxy_pdf + - cluster.all-mcp-arch-common.opnfv.lab_proxy_pdf - cluster.all-mcp-arch-common.infra.config_pdf parameters: _param: salt_master_host: ${_param:infra_config_deploy_address} - single_address: ${_param:infra_config_address} - deploy_address: ${_param:infra_config_deploy_address} - pxe_admin_address: ${_param:opnfv_infra_config_pxe_admin_address} - mcpcontrol_nic: ${_param:opnfv_fn_vm_primary_interface} - single_nic: ${_param:opnfv_fn_vm_secondary_interface} - pxe_admin_nic: ${_param:opnfv_fn_vm_tertiary_interface} - linux: - network: - interface: - mcpcontrol_int: - enabled: true - type: eth - proto: dhcp - name: ${_param:mcpcontrol_nic} - single: - enabled: true - type: eth - proto: static - name: ${_param:single_nic} - address: ${_param:single_address} - netmask: ${_param:opnfv_net_mgmt_mask} - pxe_admin_int: - enabled: true - type: eth - proto: static - name: ${_param:pxe_admin_nic} - address: ${_param:pxe_admin_address} - netmask: ${_param:opnfv_net_admin_mask} salt: master: accept_policy: open_mode @@ -65,7 +35,7 @@ parameters: infra_kvm_node01: params: keepalived_vip_priority: 100 - linux_system_codename: xenial + linux_system_codename: bionic pxe_admin_address: ${_param:opnfv_infra_kvm_node01_pxe_admin_address} infra_kvm_node02: {%- if not conf.MCP_VCP %} @@ -74,16 +44,16 @@ parameters: {%- endif %} params: keepalived_vip_priority: 101 - linux_system_codename: xenial + linux_system_codename: bionic pxe_admin_address: ${_param:opnfv_infra_kvm_node02_pxe_admin_address} infra_kvm_node03: params: keepalived_vip_priority: 102 - linux_system_codename: xenial + linux_system_codename: bionic pxe_admin_address: ${_param:opnfv_infra_kvm_node03_pxe_admin_address} openstack_telemetry_node01: params: - linux_system_codename: xenial + linux_system_codename: bionic # create resources only from 1 controller # to prevent race conditions ceilometer_create_gnocchi_resources: true @@ -91,33 +61,33 @@ parameters: pxe_admin_address: ${_param:opnfv_openstack_telemetry_node01_pxe_admin_address} openstack_telemetry_node02: params: - linux_system_codename: xenial + linux_system_codename: bionic redis_cluster_role: 'slave' pxe_admin_address: ${_param:opnfv_openstack_telemetry_node02_pxe_admin_address} openstack_telemetry_node03: params: - linux_system_codename: xenial + linux_system_codename: bionic redis_cluster_role: 'slave' pxe_admin_address: ${_param:opnfv_openstack_telemetry_node03_pxe_admin_address} openstack_message_queue_node01: params: - linux_system_codename: xenial + linux_system_codename: bionic pxe_admin_address: ${_param:opnfv_openstack_message_queue_node01_pxe_admin_address} openstack_message_queue_node02: params: - linux_system_codename: xenial + linux_system_codename: bionic pxe_admin_address: ${_param:opnfv_openstack_message_queue_node02_pxe_admin_address} openstack_message_queue_node03: params: - linux_system_codename: xenial + linux_system_codename: bionic pxe_admin_address: ${_param:opnfv_openstack_message_queue_node03_pxe_admin_address} openstack_proxy_node01: params: - linux_system_codename: xenial + linux_system_codename: bionic pxe_admin_address: ${_param:opnfv_openstack_proxy_node01_pxe_admin_address} openstack_proxy_node02: params: - linux_system_codename: xenial + linux_system_codename: bionic pxe_admin_address: ${_param:opnfv_openstack_proxy_node02_pxe_admin_address} # stacklight_log_node01: # classes: @@ -130,31 +100,31 @@ parameters: classes: - cluster.mcp-common-ha.openstack_control_init params: - linux_system_codename: xenial + linux_system_codename: bionic # NOTE: When VCP is present, external_address is not used external_address: ${_param:openstack_proxy_node01_address} pxe_admin_address: ${_param:opnfv_openstack_control_node01_pxe_admin_address} openstack_control_node02: params: - linux_system_codename: xenial + linux_system_codename: bionic external_address: 0.0.0.0 pxe_admin_address: ${_param:opnfv_openstack_control_node02_pxe_admin_address} openstack_control_node03: params: - linux_system_codename: xenial + linux_system_codename: bionic external_address: ${_param:openstack_proxy_node02_address} pxe_admin_address: ${_param:opnfv_openstack_control_node03_pxe_admin_address} openstack_database_node01: classes: - cluster.mcp-common-ha.openstack_database_init params: - linux_system_codename: xenial + linux_system_codename: bionic pxe_admin_address: ${_param:opnfv_openstack_database_node01_pxe_admin_address} openstack_database_node02: params: - linux_system_codename: xenial + linux_system_codename: bionic pxe_admin_address: ${_param:opnfv_openstack_database_node02_pxe_admin_address} openstack_database_node03: params: - linux_system_codename: xenial + linux_system_codename: bionic pxe_admin_address: ${_param:opnfv_openstack_database_node03_pxe_admin_address} diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/infra/init.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-ha/infra/init.yml.j2 index 931dd1bab..2f4686767 100644 --- a/mcp/reclass/classes/cluster/mcp-common-ha/infra/init.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-common-ha/infra/init.yml.j2 @@ -7,22 +7,18 @@ ############################################################################## --- classes: - - system.linux.system.single - cluster.all-mcp-arch-common # - cluster.mcp-common-ha.stacklight # - cluster.mcp-common-ha.stacklight.client parameters: _param: - apt_mk_version: nightly - mcp_repo_version: 1.1 - salt_version: 2016.11 + salt_version: 2017.7 cluster_domain: ${_param:cluster_name}.local # stacklight_environment: ${_param:cluster_domain} reclass_data_revision: master reclass_config_master: ${_param:opnfv_infra_config_pxe_admin_address} cluster_public_host: ${_param:openstack_proxy_address} infra_config_hostname: cfg01 - infra_maas_database_password: opnfv_secret # infra service addresses infra_config_address: ${_param:opnfv_infra_config_address} diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/infra/kvm.yml b/mcp/reclass/classes/cluster/mcp-common-ha/infra/kvm.yml.j2 index 868f324f6..37bc42225 100644 --- a/mcp/reclass/classes/cluster/mcp-common-ha/infra/kvm.yml +++ b/mcp/reclass/classes/cluster/mcp-common-ha/infra/kvm.yml.j2 @@ -5,9 +5,9 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## +{%- import 'net_map.j2' as nm with context %} --- classes: - - system.linux.system.repo.glusterfs - service.keepalived.cluster.single - system.glusterfs.server.volume.glance - system.glusterfs.server.volume.keystone @@ -21,13 +21,14 @@ classes: # - system.salt.control.cluster.stacklight_server_cluster # - system.salt.control.cluster.stacklight_log_cluster # - system.salt.control.cluster.stacklight_telemetry_cluster + - cluster.all-mcp-arch-common.backports + - cluster.mcp-common-ha.glusterfs_repo - cluster.mcp-common-ha.infra.kvm_pdf - - cluster.mcp-common-ha.include.maas_proxy - - cluster.mcp-common-ha.include.lab_proxy_pdf + - cluster.all-mcp-arch-common.opnfv.maas_proxy + - cluster.all-mcp-arch-common.opnfv.lab_proxy_pdf parameters: _param: - linux_system_codename: xenial - glusterfs_version: '3.13' + linux_system_codename: bionic cluster_vip_address: ${_param:infra_kvm_address} cluster_node01_address: ${_param:infra_kvm_node01_address} cluster_node02_address: ${_param:infra_kvm_node02_address} @@ -40,6 +41,12 @@ parameters: boot_options: - spectre_v2=off - nopti + - kpti=off + - nospec_store_bypass_disable + - noibrs + - noibpb + sysctl: + net.ipv4.ip_forward: 0 libvirt: server: service: libvirtd @@ -47,6 +54,7 @@ parameters: unix_sock_group: libvirt salt: control: + virt_service: libvirtd size: # RAM 4096,8192,16384,32768,65536 # Default production sizing openstack.control: @@ -92,34 +100,44 @@ parameters: cluster: internal: node: - mdb01: - image: ${_param:salt_control_xenial_image} + mdb01: &salt_control_bionic_image_common_attr + image: ${_param:salt_control_bionic_image} +{%- if conf.nodes[nm.ctl01.idx].node.arch == 'aarch64' %} + seed: qemu-nbd + ~cloud_init: ~ + machine: virt + cpu_mode: host-passthrough + loader: + readonly: 'yes' + type: pflash + path: /usr/share/AAVMF/AAVMF_CODE.fd +{%- endif %} mdb02: - image: ${_param:salt_control_xenial_image} + <<: *salt_control_bionic_image_common_attr mdb03: - image: ${_param:salt_control_xenial_image} + <<: *salt_control_bionic_image_common_attr ctl01: - image: ${_param:salt_control_xenial_image} + <<: *salt_control_bionic_image_common_attr ctl02: - image: ${_param:salt_control_xenial_image} + <<: *salt_control_bionic_image_common_attr ctl03: - image: ${_param:salt_control_xenial_image} + <<: *salt_control_bionic_image_common_attr dbs01: - image: ${_param:salt_control_xenial_image} + <<: *salt_control_bionic_image_common_attr dbs02: - image: ${_param:salt_control_xenial_image} + <<: *salt_control_bionic_image_common_attr dbs03: - image: ${_param:salt_control_xenial_image} + <<: *salt_control_bionic_image_common_attr msg01: - image: ${_param:salt_control_xenial_image} + <<: *salt_control_bionic_image_common_attr msg02: - image: ${_param:salt_control_xenial_image} + <<: *salt_control_bionic_image_common_attr msg03: - image: ${_param:salt_control_xenial_image} + <<: *salt_control_bionic_image_common_attr prx01: - image: ${_param:salt_control_xenial_image} + <<: *salt_control_bionic_image_common_attr prx02: - image: ${_param:salt_control_xenial_image} + <<: *salt_control_bionic_image_common_attr provider: kvm03.${_param:cluster_domain} virt: nic: diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/infra/kvm_pdf.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-ha/infra/kvm_pdf.yml.j2 index 6754d13dd..484e53299 100644 --- a/mcp/reclass/classes/cluster/mcp-common-ha/infra/kvm_pdf.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-common-ha/infra/kvm_pdf.yml.j2 @@ -13,8 +13,6 @@ {%- set vlans = { nm.vlan_admin: nm.ctl01.nic_admin, nm.vlan_mgmt: nm.ctl01.nic_mgmt, nm.vlan_public: nm.ctl01.nic_public } %} --- parameters: - _param: - interface_mtu: 1500 linux: network: interface: diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/infra/maas.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-ha/infra/maas.yml.j2 deleted file mode 100644 index 29b12ab99..000000000 --- a/mcp/reclass/classes/cluster/mcp-common-ha/infra/maas.yml.j2 +++ /dev/null @@ -1,174 +0,0 @@ -############################################################################## -# Copyright (c) 2018 Mirantis Inc., Enea AB and others. -# All rights reserved. This program and the accompanying materials -# are made available under the terms of the Apache License, Version 2.0 -# which accompanies this distribution, and is available at -# http://www.apache.org/licenses/LICENSE-2.0 -############################################################################## -{%- import 'net_map.j2' as nm with context %} ---- -# NOTE: pod_config is generated and transferred into its final location on -# cfg01 only during deployment to prevent leaking sensitive data -classes: - - system.maas.region.single - - service.maas.cluster.single - - cluster.mcp-common-ha.include.lab_proxy_pdf - - cluster.all-mcp-arch-common.opnfv.pod_config -parameters: - _param: - mcpcontrol_interface: ${_param:opnfv_fn_vm_primary_interface} - primary_interface: ${_param:opnfv_fn_vm_secondary_interface} - pxe_admin_interface: ${_param:opnfv_fn_vm_tertiary_interface} - interface_mtu: 1500 - # MaaS has issues using MTU > 1500 for PXE interface - pxe_admin_interface_mtu: 1500 - linux_system_codename: xenial - maas_admin_username: opnfv - maas_admin_password: opnfv_secret - maas_db_password: opnfv_secret - dns_server01: '{{ nm.dns_public[0] }}' - single_address: ${_param:infra_maas_node01_deploy_address} - hwe_kernel: 'hwe-16.04' - opnfv_maas_timeout_comissioning: {{ nm.maas_timeout_comissioning }} - opnfv_maas_timeout_deploying: {{ nm.maas_timeout_deploying }} - maas: - region: - boot_sources_delete_all_others: true - boot_sources: - resources_mirror: - url: http://images.maas.io/ephemeral-v3/daily - keyring_file: /usr/share/keyrings/ubuntu-cloudimage-keyring.gpg - boot_sources_selections: - xenial: - url: "http://images.maas.io/ephemeral-v3/daily" - os: "ubuntu" - release: "${_param:linux_system_codename}" - arches: -{%- for arch in nm.cluster.arch %} - - "{{ arch | dpkg_arch }}" -{%- endfor %} - subarches: - - "generic" - - "ga-16.04" - - "hwe-16.04" - labels: '"*"' - fabrics: - pxe_admin: - name: 'pxe_admin' - description: Fabric for PXE/admin - vlans: - 0: - name: 'vlan 0' - description: PXE/admin VLAN - dhcp: true - primary_rack: "${linux:network:hostname}" - subnets: - {{ nm.net_admin }}: - name: {{ nm.net_admin }} - cidr: {{ nm.net_admin }} - gateway_ip: ${_param:single_address} - fabric: ${maas:region:fabrics:pxe_admin:name} - vlan: 0 - ipranges: - 1: - start: {{ nm.net_admin_pool_start }} - end: {{ nm.net_admin_pool_end }} - type: dynamic - sshprefs: - - '{{ conf.MAAS_SSH_KEY }}' -{%- if 'aarch64' in nm.cluster.arch %} - package_repositories: - armband: - name: armband - enabled: '1' - url: 'http://linux.enea.com/mcp-repos/${_param:openstack_version}/${_param:linux_system_codename}' - distributions: '${_param:openstack_version}-armband' - components: 'main' - arches: 'arm64' - key: &armband_key | - -----BEGIN PGP PUBLIC KEY BLOCK----- - Version: GnuPG v2.0.14 (GNU/Linux) - - mQENBFagAroBCADWboNIjuF6lB1mWv2+EbvqY3lKl5mLKhr2DnSUkKeHUPBv8gNM - qK8Q00AMIyPiyEhgjA+dWizZ+5aBgxoiY7oMeLJ2Xym36U/8SYq2BWd3SGCbMNoz - SJDxDUSM/HFVs6atF1M3DY9oN65hSVnu4uy5Tu6asf6k4rhAyk0z4+pRcPBCu2vq - mnGi3COM/+9PShrEKeVOx5W2vRJywUFuq8EDvQnRoJ0GvM28JiJIanw17YwIPxhg - BKZVpZjan5X+ihVMXwA2h/G/FS5Omhd50RqV6LWSYs94VJJgYqHx8UMm7izcxI+P - ct3IcbD195bPbJ+SbuiFe45ZLsdY1MyGiU2BABEBAAG0K0VuZWEgQXJtYmFuZCBE - ZXZvcHMgVGVhbSA8YXJtYmFuZEBlbmVhLmNvbT6JATgEEwECACICGwMGCwkIBwMC - BhUIAgkKCwQWAgMBAh4BAheABQJaY3bYAAoJEN6rkLp5irHRoQMH/0PYl0A/6eWw - nQ/szhEFrr76Ln6wA4vEO+PiuWj9kTkZM2NaCnkisrIuHSPIVvOLfFmztbE6sKGe - t+a2b7Jqw48DZ/gq508aZE4Q307ookxdCOrzIu/796hFO34yXg3sqZoJh3VmKIjY - 4DL8yG1iAiQ5vOw3IFWQnATwIZUgaCcjmE7HGap+9ePuJfFuQ8mIG5cy28t8qocx - AB/B2tucfBMwomYxKqgbLI5AG7iSt58ajvrrNa9f8IX7Ihj/jiuXhUwX+geEp98K - IWVI1ftEthZvfBpZW4BS98J4z//dEPi31L4jb9RQXq3afF2RpXchDeUN85bW45nu - W/9PMAlgE/U= - =m+zE - -----END PGP PUBLIC KEY BLOCK----- -{%- endif %} - machines: - {%- set pxe_interface = conf.idf.net_config.admin.interface %} - {#- We only support exactly 5 nodes for now, hardcoded order #} - {%- set node_roles = ['kvm01', 'kvm02', 'kvm03', 'cmp001', 'cmp002'] %} - {%- for node in conf.nodes %} - {%- if node.node.type == 'baremetal' %} - {{ node_roles[loop.index0] }}: - interface: - mac: {{ node.interfaces[pxe_interface].mac_address }} - power_parameters: - power_address: {{ node.remote_management.address.rsplit('/')[0] }} - power_password: {{ node.remote_management.pass }} - power_type: {{ node.remote_management.type }} - power_user: {{ node.remote_management.user }} - architecture: {{ node.node.arch | dpkg_arch }}/generic - distro_series: xenial - hwe_kernel: ${_param:hwe_kernel} - {%- if loop.index0 >= node_roles.index('cmp001') %} - disk_layout: - type: lvm - root_device: sda - volume_group: vgroot - volume_name: lvroot - volume_size: 100 - {%- endif %} - {%- endif %} - {%- endfor %} - salt_master_ip: ${_param:reclass_config_master} - domain: ${_param:cluster_domain} - maas_config: - commissioning_distro_series: 'xenial' - default_distro_series: 'xenial' - default_osystem: 'ubuntu' - default_storage_layout: 'lvm' - enable_http_proxy: true - disk_erase_with_secure_erase: false - dnssec_validation: 'no' - enable_third_party_drivers: true - network_discovery: 'enabled' - default_min_hwe_kernel: ${_param:hwe_kernel} - cluster: - saltstack_repo_xenial: "deb http://repo.saltstack.com/apt/ubuntu/16.04/amd64/2016.11/ xenial main" - linux: - network: - interface: - mcpcontrol_interface: - enabled: true - name: ${_param:mcpcontrol_interface} - type: eth - proto: dhcp - primary_interface: - enabled: true - name: ${_param:primary_interface} - mtu: ${_param:interface_mtu} - proto: static - address: ${_param:infra_maas_node01_address} - netmask: ${_param:opnfv_net_mgmt_mask} - type: eth - pxe_admin_interface: - enabled: true - name: ${_param:pxe_admin_interface} - mtu: ${_param:pxe_admin_interface_mtu} - proto: static - address: ${_param:single_address} - netmask: ${_param:opnfv_net_admin_mask} - type: eth diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_compute.yml b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_compute.yml index c7c6f2fab..af87d9c2f 100644 --- a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_compute.yml +++ b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_compute.yml @@ -7,8 +7,6 @@ ############################################################################## --- classes: - - system.linux.system.repo.mcp.mirror.v1.openstack - - system.linux.system.repo.glusterfs - system.glusterfs.client.cluster - system.nova.compute.cluster - system.nova.compute.nfv.hugepages @@ -17,13 +15,16 @@ classes: - system.cinder.volume.backend.lvm - system.ceilometer.agent.cluster - system.ceilometer.agent.polling.default + - service.barbican.client.cluster + - cluster.all-mcp-arch-common.backports + - cluster.mcp-common-ha.glusterfs_repo - cluster.mcp-common-ha.openstack_compute_pdf - - cluster.mcp-common-ha.include.maas_proxy - - cluster.mcp-common-ha.include.lab_proxy_pdf + - cluster.all-mcp-arch-common.opnfv.maas_proxy + - cluster.all-mcp-arch-common.opnfv.lab_proxy_pdf parameters: _param: cluster_vip_address: ${_param:openstack_control_address} - cluster_local_address: ${_param:control_address} + cluster_local_address: ${_param:single_address} cluster_node01_hostname: ${_param:openstack_control_node01_hostname} cluster_node01_address: ${_param:openstack_control_node01_address} cluster_node02_hostname: ${_param:openstack_control_node02_hostname} @@ -31,12 +32,9 @@ parameters: cluster_node03_hostname: ${_param:openstack_control_node03_hostname} cluster_node03_address: ${_param:openstack_control_node03_address} nova_vncproxy_url: https://${_param:cluster_public_host}:6080 - interface_mtu: 1500 keepalived_vip_interface: br-ctl keepalived_vip_virtual_router_id: 69 - linux_system_codename: xenial - single_address: ${_param:control_address} - glusterfs_version: '3.13' + linux_system_codename: bionic glusterfs: client: volumes: @@ -47,12 +45,20 @@ parameters: opts: "defaults,backup-volfile-servers=${_param:cluster_node01_address}:${_param:cluster_node02_address}:${_param:cluster_node03_address}" cinder: volume: + my_ip: ${_param:single_address} backend: lvm-driver: # Align system.cinder.volume.backend.lvm and MaaS data volume_group: ${linux:storage:lvm:cinder-vg:name} database: connection_recycle_time: ${_param:db_connection_recycle_time} + barbican: + enabled: ${_param:barbican_integration_enabled} + pkgs: + - cinder-volume + openiscsi_services: + - tgt + - iscsid linux: storage: lvm: @@ -67,11 +73,29 @@ parameters: boot_options: - spectre_v2=off - nopti + - kpti=off + - nospec_store_bypass_disable + - noibrs + - noibpb neutron: gateway: vlan_aware_vms: true root_helper_daemon: false + dhcp_lease_duration: 3600 + report_interval: 120 nova: compute: + libvirt_service: libvirtd + libvirt_bin: /etc/default/libvirtd disk_cachemodes: file=directsync,block=none preallocate_images: space + heal_instance_info_cache_interval: 300 + barbican: + enabled: ${_param:barbican_integration_enabled} + image: + verify_glance_signatures: false + pkgs: + - nova-compute + - python3-novaclient + - pm-utils + - sysfsutils diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_compute_pdf.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_compute_pdf.yml.j2 index 51a6dbd68..0b1c5bbf2 100644 --- a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_compute_pdf.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_compute_pdf.yml.j2 @@ -15,6 +15,7 @@ parameters: _param: # Should later be determined via PDF/IDF, AArch64 has ESP on /dev/sda1 +{%- if nm.cmp001.idx < conf.nodes | length %} {%- if conf.nodes[nm.cmp001.idx].node.type == 'virtual' %} ~cinder_lvm_devices: ['/dev/vdb'] {%- elif conf.nodes[nm.cmp001.idx].node.arch == 'aarch64' or @@ -23,6 +24,7 @@ parameters: {%- else %} ~cinder_lvm_devices: ['/dev/sda1'] {%- endif %} +{%- endif %} linux: network: bridge: openvswitch @@ -30,7 +32,7 @@ parameters: # PXE/admin is always untagged on computes pxe_admin_int: enabled: true - name: {{ nm.cmp001.nic_admin }} + name: ${_param:pxe_admin_interface} proto: static type: eth address: ${_param:pxe_admin_address} @@ -42,6 +44,9 @@ parameters: {%- if nm.cmp001.nic_admin in nics %} {%- do nics.pop(nm.cmp001.nic_admin) %} {%- endif %} +{%- if ma.interface_str(nm.cmp001.nic_public, nm.vlan_public) in nics %} + {%- do nics.pop(nm.cmp001.nic_public) %} +{%- endif %} {{ ma.linux_network_interfaces_nic(nics) }} @@ -66,11 +71,12 @@ parameters: - {{ ma.interface_str(nm.cmp001.nic_public, nm.vlan_public) }} gateway: ${_param:opnfv_net_public_gw} name_servers: {{ nm.dns_public }} - ovs_port_{{ nm.cmp001.nic_public }}: + noifupdown: true + {{ ma.interface_str(nm.cmp001.nic_public, nm.vlan_public) }}: enabled: true - name: {{ ma.interface_str(nm.cmp001.nic_public, nm.vlan_public) }} proto: manual ovs_port_type: OVSPort type: ovs_port ovs_bridge: br-floating bridge: br-floating + mtu: ${_param:interface_mtu} diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_control.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_control.yml.j2 index 0189e038c..b3ab9e2c7 100644 --- a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_control.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_control.yml.j2 @@ -7,8 +7,6 @@ ############################################################################## --- classes: - - system.linux.system.repo.mcp.mirror.v1.openstack - - system.linux.system.repo.glusterfs - system.ceilometer.client - system.memcached.server.single - system.keystone.server.cluster @@ -20,11 +18,17 @@ classes: - system.heat.server.cluster - system.designate.server.cluster - system.designate.server.backend.bind + - system.barbican.server.cluster + - system.apache.server.site.barbican + - service.barbican.server.plugin.simple_crypto + - system.apache.server.single - system.bind.server.single - system.haproxy.proxy.listen.openstack.placement - system.glusterfs.client.cluster - system.glusterfs.client.volume.glance - system.glusterfs.client.volume.keystone + - cluster.all-mcp-arch-common.backports + - cluster.mcp-common-ha.glusterfs_repo {%- if not conf.MCP_VCP %} # sync from kvm - service.keepalived.cluster.single @@ -42,13 +46,13 @@ classes: # - system.salt.control.cluster.stacklight_log_cluster # - system.salt.control.cluster.stacklight_telemetry_cluster - cluster.mcp-common-ha.infra.kvm_pdf - - cluster.mcp-common-ha.include.maas_proxy - - cluster.mcp-common-ha.include.lab_proxy_pdf + - cluster.all-mcp-arch-common.opnfv.maas_proxy + - cluster.all-mcp-arch-common.opnfv.lab_proxy_pdf {%- endif %} parameters: _param: {%- if not conf.MCP_VCP %} - linux_system_codename: xenial # sync from kvm + linux_system_codename: bionic # sync from kvm # For NOVCP, we switch keepalived VIPs, to keep cluster_vip_address in ctl single_nic: br-ctl # for keepalive_vip_interface interpolation control_nic: ~ # Dummy value to keep reclass 1.5.2 happy @@ -66,28 +70,60 @@ parameters: cluster_node03_hostname: ${_param:openstack_control_node03_hostname} cluster_node03_address: ${_param:openstack_control_node03_address} nova_vncproxy_url: https://${_param:cluster_public_host}:6080 - glusterfs_version: '3.13' + barbican_integration_enabled: 'false' + fernet_rotation_driver: 'shared_filesystem' + credential_rotation_driver: 'shared_filesystem' + common_conn_recycle_time: &db_conn_recycle_time + database: + connection_recycle_time: ${_param:db_connection_recycle_time} nova: - controller: &db_conn_recycle_time - database: - connection_recycle_time: ${_param:db_connection_recycle_time} + controller: + <<: *db_conn_recycle_time + barbican: + enabled: ${_param:barbican_integration_enabled} + pkgs: + - nova-api + - nova-conductor + - nova-consoleauth + - nova-scheduler + - nova-novncproxy + - python3-novaclient cinder: controller: + pkgs: + - cinder-api + - cinder-scheduler <<: *db_conn_recycle_time neutron: server: <<: *db_conn_recycle_time vlan_aware_vms: true root_helper_daemon: false + agent_down_time: 300 + global_physnet_mtu: ${_param:interface_mtu} + backend: + external_mtu: ${_param:interface_mtu} + pkgs: + - neutron-server keystone: server: <<: *db_conn_recycle_time cacert: /etc/ssl/certs/mcp_os_cacert openrc_extra: - volume_device_name: vdc + volume_device_name: sdc + pkgs: + - keystone + - python3-memcache + - python3-openstackclient glance: server: <<: *db_conn_recycle_time + identity: + barbican_endpoint: ${barbican:server:host_href} + pkgs: + - glance + services: + - glance-api {%- if conf.MCP_VCP %} heat: server: @@ -104,6 +140,9 @@ parameters: host: ${_param:openstack_proxy_control_address} port: 8003 protocol: http + apache: + server: + mod_wsgi: libapache2-mod-wsgi-py3 {%- else %} libvirt: server: @@ -120,7 +159,8 @@ parameters: apache: server: bind: - ~ports: ~ + listen_default_ports: false + mod_wsgi: libapache2-mod-wsgi-py3 # sync from common-ha kvm role glusterfs: server: @@ -146,9 +186,17 @@ parameters: listen: heat_cloudwatch_api: enabled: false - neutron_api: - # Set source balancing - type: heat + barbican: + server: + ks_notifications_enable: true + store: + software: + crypto_plugin: simple_crypto + store_plugin: store_crypto + global_default: true + database: + connection_recycle_time: ${_param:db_connection_recycle_time} + host: ${_param:openstack_database_address} bind: server: control: @@ -164,6 +212,9 @@ parameters: keys: - designate designate: + _support: + sphinx: + enabled: False # Workaround broken meta/sphinx.yml in salt-formula-designate server: pools: default: diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_control_init.yml b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_control_init.yml index 0664c5399..aaa5e65f0 100644 --- a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_control_init.yml +++ b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_control_init.yml @@ -9,21 +9,31 @@ classes: - system.keystone.client.single - system.keystone.client.service.aodh - - system.keystone.client.service.ceilometer - system.keystone.client.service.nova21 - system.keystone.client.service.nova-placement - system.keystone.client.service.cinder3 - system.keystone.client.service.designate + - system.keystone.client.service.ceilometer - system.keystone.client.service.gnocchi - system.keystone.client.service.panko + - system.keystone.client.service.barbican - system.keystone.client.v3.service.keystone parameters: + _param: + ceilometer_endpoint_status: absent keystone: client: enabled: true resources: v3: enabled: true + services: + ceilometer: + status: absent + # required only for Rally validation + cinder: + type: volume + description: OpenStack Volume Service server: identity: admin: diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_database.yml b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_database.yml index 89c485e0f..9ed3f70cd 100644 --- a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_database.yml +++ b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_database.yml @@ -7,10 +7,8 @@ ############################################################################## --- classes: - - system.linux.system.repo.mcp.mirror.v1.openstack - system.galera.server.cluster - system.galera.server.database.aodh - - system.galera.server.database.ceilometer - system.galera.server.database.cinder - system.galera.server.database.designate - system.galera.server.database.glance @@ -21,6 +19,8 @@ classes: - system.galera.server.database.nova - system.galera.server.database.neutron - system.galera.server.database.panko + - system.galera.server.database.barbican + - cluster.all-mcp-arch-common.backports parameters: _param: keepalived_vip_interface: ${_param:single_nic} diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_init.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_init.yml.j2 index b0f28f9f1..a55485ea0 100644 --- a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_init.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_init.yml.j2 @@ -9,9 +9,6 @@ --- parameters: _param: - - openstack_version: queens - # openstack service addresses {%- if conf.MCP_VCP %} openstack_proxy_control_address: ${_param:opnfv_openstack_proxy_control_address} @@ -111,16 +108,6 @@ parameters: openstack_compute_node01_hostname: cmp001 openstack_compute_node02_hostname: cmp002 - # opendaylight options -{%- if conf.MCP_VCP %} - opendaylight_server_node01_hostname: odl01 - opendaylight_server_node01_single_address: ${_param:opnfv_opendaylight_server_node01_single_address} -{%- else %} - opendaylight_control_hostname: ${_param:openstack_control_node02_hostname} - opendaylight_server_node01_hostname: ${_param:opendaylight_control_hostname} - opendaylight_server_node01_single_address: ${_param:opnfv_openstack_control_node02_address} -{%- endif %} - openstack_region: RegionOne admin_email: root@localhost db_connection_recycle_time: 300 @@ -134,23 +121,16 @@ parameters: neutron_compute_agent_mode: legacy neutron_compute_external_access: 'True' galera_server_cluster_name: openstack_cluster - galera_server_maintenance_password: opnfv_secret - galera_server_admin_password: opnfv_secret - rabbitmq_secret_key: opnfv_secret - rabbitmq_admin_password: opnfv_secret - rabbitmq_openstack_password: opnfv_secret glance_version: ${_param:openstack_version} glance_service_host: ${_param:openstack_control_address} keystone_version: ${_param:openstack_version} keystone_service_host: ${_param:openstack_control_address} heat_version: ${_param:openstack_version} heat_service_host: ${_param:openstack_control_address} - heat_domain_admin_password: opnfv_secret cinder_version: ${_param:openstack_version} cinder_service_host: ${_param:openstack_control_address} ceilometer_version: ${_param:openstack_version} ceilometer_service_host: ${_param:openstack_telemetry_address} - ceilometer_influxdb_password: opnfv_secret nova_version: ${_param:openstack_version} nova_service_host: ${_param:openstack_control_address} neutron_version: ${_param:openstack_version} @@ -161,51 +141,26 @@ parameters: glusterfs_service_host: ${_param:openstack_control_address} {%- endif %} mysql_admin_user: root - mysql_admin_password: opnfv_secret - mysql_cinder_password: opnfv_secret - mysql_ceilometer_password: opnfv_secret - mysql_glance_password: opnfv_secret - mysql_grafana_password: opnfv_secret - mysql_heat_password: opnfv_secret - mysql_keystone_password: opnfv_secret - mysql_neutron_password: opnfv_secret - mysql_nova_password: opnfv_secret - mysql_aodh_password: opnfv_secret - mysql_designate_password: opnfv_secret aodh_version: ${_param:openstack_version} - keystone_aodh_password: opnfv_secret - keystone_service_token: opnfv_secret - keystone_admin_password: opnfv_secret - keystone_ceilometer_password: opnfv_secret - keystone_cinder_password: opnfv_secret - keystone_glance_password: opnfv_secret - keystone_heat_password: opnfv_secret - keystone_keystone_password: opnfv_secret - keystone_neutron_password: opnfv_secret - keystone_nova_password: opnfv_secret - keystone_designate_password: opnfv_secret - ceilometer_secret_key: opnfv_secret + barbican_version: ${_param:openstack_version} + barbican_service_host: ${_param:openstack_control_address} + apache_barbican_api_address: ${_param:single_address} + barbican_integration_enabled: true horizon_version: ${_param:openstack_version} - horizon_secret_key: opaesee8Que2yahJoh9fo0eefo1Aeyo6ahyei8zeiboh3aeth5loth7ieNa5xi5e horizon_identity_host: ${_param:openstack_control_address} horizon_identity_encryption: none horizon_identity_version: 3 - metadata_password: opnfv_secret - openstack_telemetry_keepalived_password: opnfv_secret + apache_mods_status_enabled: false + nginx_server_site_nginx_proxy_openstack_web_enabled: true aodh_service_host: ${_param:openstack_telemetry_address} - gnocchi_version: 4.2 + gnocchi_version: 4.3 gnocchi_service_host: ${_param:openstack_telemetry_address} - mysql_gnocchi_password: opnfv_secret - keystone_gnocchi_password: opnfv_secret panko_version: ${_param:openstack_version} panko_service_host: ${_param:openstack_telemetry_address} - mysql_panko_password: opnfv_secret - keystone_panko_password: opnfv_secret ceilometer_agent_default_polling_interval: 180 ceilometer_agent_default_polling_meters: - "*" designate_service_host: ${_param:openstack_control_address} - designate_bind9_rndc_key: 4pc+X4PDqb2q+5o72dISm72LM1Ds9X2EYZjqg+nmsS7FhdTwzFFY8l/iEDmHxnyjkA33EQC8H+z0fLLBunoitw== designate_domain_id: 5186883b-91fb-4891-bd49-e6769234a8fc designate_pool_ns_records: - hostname: 'ns1.example.org.' @@ -243,22 +198,22 @@ parameters: # billometer_identity_token: ${_param:keystone_service_token} linux: system: - repo: - uca: - source: "deb http://ubuntu-cloud.archive.canonical.com/ubuntu xenial-updates/${_param:openstack_version} main" - key_id: EC4926EA - key_server: keyserver.ubuntu.com - pin: - - pin: 'release o=Canonical' - priority: 1200 - package: 'python-pymysql libvirt* *qemu*' {%- if 'aarch64' in nm.cluster.arch %} + repo: armband_3: # Should be in sync with the repo config generated via curtin/MaaS - source: "deb http://linux.enea.com/mcp-repos/${_param:openstack_version}/${_param:linux_system_codename} ${_param:openstack_version}-armband main" - pin: - - pin: 'release a=${_param:openstack_version}-armband' - priority: 1201 + source: "deb http://linux.enea.com/mcp-repos/${_param:armband_repo_version}/xenial ${_param:armband_repo_version}-armband main" + key: ${_param:armband_key} + pinning: + 15: + enabled: true + pin: 'release a=${_param:armband_repo_version}-armband' + priority: 15 package: '*' + 1200: + enabled: true + pin: 'release a=${_param:armband_repo_version}-armband' + priority: 1200 + package: 'qemu-efi' {%- endif %} kernel: sysctl: diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_interface_vcp_biport.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_interface_vcp_biport.yml.j2 index 3576acc2f..3b302aca8 100644 --- a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_interface_vcp_biport.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_interface_vcp_biport.yml.j2 @@ -9,8 +9,8 @@ --- {%- if conf.MCP_VCP %} classes: - - cluster.mcp-common-ha.include.maas_proxy - - cluster.mcp-common-ha.include.lab_proxy_pdf + - cluster.all-mcp-arch-common.opnfv.maas_proxy + - cluster.all-mcp-arch-common.opnfv.lab_proxy_pdf parameters: _param: pxe_admin_interface: ${_param:opnfv_vcp_vm_primary_interface} @@ -28,6 +28,8 @@ parameters: gateway: {{ nm.net_admin_gw }} name_servers: - {{ nm.net_admin_gw }} + noifupdown: true + mtu: ${_param:interface_mtu} single: enabled: true type: eth @@ -35,4 +37,5 @@ parameters: name: ${_param:single_nic} address: ${_param:single_address} netmask: ${_param:opnfv_net_public_mask} + mtu: ${_param:interface_mtu} {%- endif %} diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_interface_vcp_triport.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_interface_vcp_triport.yml.j2 index 1fa22aa7f..8815de99b 100644 --- a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_interface_vcp_triport.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_interface_vcp_triport.yml.j2 @@ -10,8 +10,8 @@ --- {%- if conf.MCP_VCP %} classes: - - cluster.mcp-common-ha.include.maas_proxy - - cluster.mcp-common-ha.include.lab_proxy_pdf + - cluster.all-mcp-arch-common.opnfv.maas_proxy + - cluster.all-mcp-arch-common.opnfv.lab_proxy_pdf parameters: _param: pxe_admin_interface: ${_param:opnfv_vcp_vm_primary_interface} @@ -27,6 +27,8 @@ parameters: name: ${_param:pxe_admin_interface} address: ${_param:pxe_admin_address} netmask: ${_param:opnfv_net_admin_mask} + noifupdown: true + mtu: ${_param:interface_mtu} single_int: enabled: true type: eth @@ -36,6 +38,7 @@ parameters: netmask: ${_param:opnfv_net_public_mask} gateway: ${_param:opnfv_net_public_gw} name_servers: {{ nm.dns_public }} + mtu: ${_param:interface_mtu} control_int: enabled: true type: eth @@ -43,6 +46,7 @@ parameters: name: ${_param:control_nic} address: ${_param:control_address} netmask: ${_param:opnfv_net_mgmt_mask} + mtu: ${_param:interface_mtu} {%- else %} {#- For NOVCP scenarios, base config is in kvm_pdf, only add/override gw #} parameters: diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_message_queue.yml b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_message_queue.yml index 855e63267..1871c2efa 100644 --- a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_message_queue.yml +++ b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_message_queue.yml @@ -7,9 +7,9 @@ ############################################################################## --- classes: - - system.linux.system.repo.mcp.mirror.v1.openstack - system.rabbitmq.server.cluster - system.rabbitmq.server.vhost.openstack + - cluster.all-mcp-arch-common.backports parameters: _param: keepalived_vip_interface: ${_param:single_nic} diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_proxy.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_proxy.yml.j2 index d7ccff532..31bfeddb4 100644 --- a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_proxy.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_proxy.yml.j2 @@ -7,23 +7,25 @@ ############################################################################## --- classes: - - system.linux.system.repo.mcp.mirror.v1.openstack - system.nginx.server.single - system.nginx.server.proxy.openstack_api - system.nginx.server.proxy.openstack_vnc - system.nginx.server.proxy.openstack_web - system.nginx.server.proxy.openstack.aodh - - system.nginx.server.proxy.openstack.ceilometer + - system.nginx.server.proxy.openstack.barbican + - system.apache.server.single - system.horizon.server.single - system.salt.minion.cert.proxy - system.sphinx.server.doc.reclass - service.keepalived.cluster.single - system.keepalived.cluster.instance.openstack_web_public_vip + - cluster.all-mcp-arch-common.backports parameters: _param: cluster_vip_address: ${_param:openstack_proxy_address} keepalived_openstack_web_public_vip_address: ${_param:cluster_vip_address} keepalived_openstack_web_public_vip_interface: ${_param:single_nic} + keepalived_openstack_web_public_vip_password: ${_param:opnfv_main_password} keepalived_vip_address: ${_param:openstack_proxy_control_address} keepalived_vip_interface: ${_param:control_nic} keepalived_vip_virtual_router_id: 240 @@ -48,8 +50,6 @@ parameters: address: ${_param:openstack_proxy_address} nginx_proxy_openstack_api_aodh: <<: *nginx_openstack_proxy_address - nginx_proxy_openstack_api_ceilometer: - <<: *nginx_openstack_proxy_address nginx_proxy_openstack_api_cinder: <<: *nginx_openstack_proxy_address nginx_proxy_openstack_api_glance: @@ -93,3 +93,8 @@ parameters: vrrp_scripts: check_pidof: args: 'nginx' + apache: + server: + mod_wsgi: libapache2-mod-wsgi-py3 + bind: + listen_default_ports: false diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_telemetry.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_telemetry.yml.j2 index c55ea0049..776e520d2 100644 --- a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_telemetry.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_telemetry.yml.j2 @@ -7,7 +7,6 @@ ############################################################################## --- classes: - - system.linux.system.repo.mcp.mirror.v1.openstack - service.redis.server.single - system.ceilometer.server.cluster - system.ceilometer.server.coordination.redis @@ -23,6 +22,7 @@ classes: - system.gnocchi.common.storage.redis - system.gnocchi.common.coordination.redis - system.panko.server.cluster + - cluster.all-mcp-arch-common.backports parameters: _param: keepalived_openstack_telemetry_vip_interface: ${_param:single_nic} @@ -42,15 +42,21 @@ parameters: openstack_telemetry_redis_url: redis://${_param:redis_sentinel_node01_address}:26379?sentinel=master_1&sentinel_fallback=${_param:redis_sentinel_node02_address}:26379&sentinel_fallback=${_param:redis_sentinel_node03_address}:26379 gnocchi_coordination_url: ${_param:openstack_telemetry_redis_url} gnocchi_storage_incoming_redis_url: ${_param:openstack_telemetry_redis_url} + linux: + system: + sysfs: + transparent_hugepages: + kernel/mm/transparent_hugepage/enabled: never redis: server: - version: 3.0 + version: 5.0 appendfsync: 'no' bind: address: ${_param:single_address} cluster: enabled: true mode: sentinel + password: ${_param:opnfv_main_password} role: ${_param:redis_cluster_role} quorum: 2 master: @@ -69,6 +75,7 @@ parameters: - python-memcache apache: server: + mod_wsgi: libapache2-mod-wsgi-py3 ~modules: - rewrite {%- if conf.MCP_VCP %} {#- wsgi module will be enabled by a different class inherited later #} diff --git a/mcp/reclass/classes/cluster/mcp-common-noha/haproxy_openstack_api.yml b/mcp/reclass/classes/cluster/mcp-common-noha/haproxy_openstack_api.yml index 9fe5247a4..dd3bc4761 100644 --- a/mcp/reclass/classes/cluster/mcp-common-noha/haproxy_openstack_api.yml +++ b/mcp/reclass/classes/cluster/mcp-common-noha/haproxy_openstack_api.yml @@ -8,7 +8,7 @@ --- parameters: _param: - haproxy_check: check inter 15s fastinter 2s downinter 4s rise 3 fall 3 + haproxy_check: check inter 30m fastinter 2s downinter 4s rise 3 fall 3 haproxy: proxy: listen: @@ -131,25 +131,36 @@ parameters: host: ${_param:cluster_node01_address} port: 8775 params: ${_param:haproxy_check} - ceilometer_api: - type: general-service - check: false + aodh-api: + type: openstack-service + service_name: aodh binds: - address: ${_param:cluster_vip_address} - port: 8777 + port: 8042 servers: - - name: ${_param:cluster_node01_hostname} + - name: ctl01 host: ${_param:cluster_node01_address} - port: 8777 + port: 8042 params: ${_param:haproxy_check} - aodh-api: + barbican_api: type: openstack-service - service_name: aodh + service_name: barbican binds: - address: ${_param:cluster_vip_address} - port: 8042 + port: 9311 servers: - name: ctl01 host: ${_param:cluster_node01_address} - port: 8042 + port: 9311 + params: ${_param:haproxy_check} + barbican_admin_api: + type: openstack-service + service_name: barbican + binds: + - address: ${_param:cluster_vip_address} + port: 9312 + servers: + - name: ctl01 + host: ${_param:cluster_node01_address} + port: 9312 params: ${_param:haproxy_check} diff --git a/mcp/reclass/classes/cluster/mcp-common-noha/infra/config.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-noha/infra/config.yml.j2 index ac53e8225..90e6ffc8d 100644 --- a/mcp/reclass/classes/cluster/mcp-common-noha/infra/config.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-common-noha/infra/config.yml.j2 @@ -8,37 +8,14 @@ {%- import 'net_map.j2' as nm with context %} --- classes: - - system.mysql.client.single - cluster.all-mcp-arch-common.infra.config_pdf parameters: _param: openstack_control_node01_hostname: ctl01 - reclass_config_master: ${_param:opnfv_infra_config_pxe_admin_address} + pxe_admin_address: ${_param:reclass_config_master} single_address: ${_param:opnfv_infra_config_address} salt_master_host: 127.0.0.1 salt_minion_ca_host: ${linux:network:fqdn} - linux: - network: - interface: - mcpcontrol_int: - enabled: true - type: eth - proto: dhcp - name: ${_param:opnfv_fn_vm_primary_interface} - single_int: - enabled: true - name: ${_param:opnfv_fn_vm_secondary_interface} - type: eth - proto: static - address: ${_param:single_address} - netmask: ${_param:opnfv_net_mgmt_mask} - pxe_admin_int: - enabled: true - type: eth - proto: static - name: ${_param:opnfv_fn_vm_tertiary_interface} - address: ${_param:opnfv_infra_config_pxe_admin_address} - netmask: ${_param:opnfv_net_admin_mask} salt: master: file_recv: true @@ -53,7 +30,7 @@ parameters: classes: - cluster.${_param:cluster_name}.openstack.control params: - linux_system_codename: xenial + linux_system_codename: bionic salt_master_host: ${_param:reclass_config_master} single_address: ${_param:openstack_control_node01_address} pxe_admin_address: ${_param:opnfv_openstack_control_node01_pxe_admin_address} diff --git a/mcp/reclass/classes/cluster/mcp-common-noha/infra/init.yml b/mcp/reclass/classes/cluster/mcp-common-noha/infra/init.yml.j2 index 772d0880b..d3e07e106 100644 --- a/mcp/reclass/classes/cluster/mcp-common-noha/infra/init.yml +++ b/mcp/reclass/classes/cluster/mcp-common-noha/infra/init.yml.j2 @@ -5,10 +5,20 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## +{%- import 'net_map.j2' as nm with context %} --- +classes: + - cluster.all-mcp-arch-common parameters: _param: + # infra service addresses + infra_config_address: ${_param:opnfv_infra_config_address} + infra_config_deploy_address: {{ conf.SALT_MASTER }} cluster_domain: ${_param:cluster_name}.local + reclass_config_master: ${_param:opnfv_infra_config_pxe_admin_address} + infra_maas_node01_hostname: mas01 + infra_maas_node01_address: ${_param:opnfv_infra_maas_node01_address} + infra_maas_node01_deploy_address: ${_param:opnfv_infra_maas_node01_deploy_address} linux: system: apt: @@ -20,12 +30,19 @@ parameters: network: host: cfg01: - address: ${_param:infra_config_address} + address: ${_param:opnfv_infra_config_address} names: - cfg01 - cfg01.${_param:cluster_domain} cfg: - address: ${_param:infra_config_address} + address: ${_param:opnfv_infra_config_address} names: - cfg - cfg.${_param:cluster_domain} +{%- if nm.cluster.has_baremetal_nodes %} + mas01: + address: ${_param:infra_maas_node01_address} + names: + - ${_param:infra_maas_node01_hostname} + - ${_param:infra_maas_node01_hostname}.${_param:cluster_domain} +{%- endif %} diff --git a/mcp/reclass/classes/cluster/mcp-common-noha/init_options.yml b/mcp/reclass/classes/cluster/mcp-common-noha/init_options.yml index 462ab8312..4b5a4dec8 100644 --- a/mcp/reclass/classes/cluster/mcp-common-noha/init_options.yml +++ b/mcp/reclass/classes/cluster/mcp-common-noha/init_options.yml @@ -10,8 +10,6 @@ classes: - cluster.all-mcp-arch-common parameters: _param: - # infra service addresses - infra_config_address: ${_param:opnfv_infra_config_address} # openstack service addresses openstack_control_address: ${_param:opnfv_openstack_control_node01_address} openstack_control_node01_address: ${_param:opnfv_openstack_control_node01_address} diff --git a/mcp/reclass/classes/cluster/mcp-common-noha/openstack_compute.yml b/mcp/reclass/classes/cluster/mcp-common-noha/openstack_compute.yml index 671f6eb07..edaf5190a 100644 --- a/mcp/reclass/classes/cluster/mcp-common-noha/openstack_compute.yml +++ b/mcp/reclass/classes/cluster/mcp-common-noha/openstack_compute.yml @@ -15,19 +15,17 @@ classes: - system.ceilometer.client.nova_compute - system.ceilometer.client.cinder_volume - system.ceilometer.agent.polling.default - - system.linux.system.repo.mcp.openstack + - service.barbican.client.single + - cluster.all-mcp-arch-common.backports - cluster.mcp-common-noha.openstack_compute_pdf parameters: - _param: - interface_mtu: 9000 - linux_system_codename: xenial - single_address: ${_param:control_address} nova: compute: libvirt_service: libvirtd libvirt_bin: /etc/default/libvirtd disk_cachemodes: file=directsync,block=none vncproxy_url: http://${_param:cluster_vip_address}:6080 + heal_instance_info_cache_interval: 300 bind: vnc_address: ${_param:single_address} network: @@ -35,11 +33,21 @@ parameters: user: neutron tenant: service password: ${_param:keystone_neutron_password} + barbican: + enabled: ${_param:barbican_integration_enabled} + image: + verify_glance_signatures: false + pkgs: + - nova-compute + - python3-novaclient + - pm-utils + - sysfsutils neutron: compute: notification: true vlan_aware_vms: true root_helper_daemon: false + report_interval: 120 agent_mode: ${_param:neutron_compute_agent_mode} message_queue: host: ${_param:openstack_control_address} @@ -47,6 +55,11 @@ parameters: host: ${_param:openstack_control_address} cinder: volume: + backend: + lvm-driver: + # Align system.cinder.volume.backend.lvm and MaaS data + volume_group: ${linux:storage:lvm:cinder-vg:name} + my_ip: ${_param:single_address} database: host: ${_param:cluster_local_address} identity: @@ -55,6 +68,13 @@ parameters: host: ${_param:cluster_local_address} message_queue: host: ${_param:cluster_local_address} + barbican: + enabled: ${_param:barbican_integration_enabled} + pkgs: + - cinder-volume + openiscsi_services: + - tgt + - iscsid nfs: client: mount: @@ -63,6 +83,11 @@ parameters: fstype: nfs device: ${_param:openstack_control_address}:/srv/nova/instances linux: + storage: + lvm: + # Align with both system.cinder.volume.backend.lvm and MaaS data + cinder-vg: + name: vgroot system: kernel: sysctl: diff --git a/mcp/reclass/classes/cluster/mcp-common-noha/openstack_compute_pdf.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-noha/openstack_compute_pdf.yml.j2 index aebd88828..b63555339 100644 --- a/mcp/reclass/classes/cluster/mcp-common-noha/openstack_compute_pdf.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-common-noha/openstack_compute_pdf.yml.j2 @@ -7,10 +7,19 @@ ############################################################################## {#- NOTE: br-{mgmt,ctl} are cross-referenced, careful when changing names #} {%- import 'net_map.j2' as nm with context %} +{%- import 'net_macros.j2' as ma with context %} +{#- Filter-out NIC duplicates by constructing a dict (used NICs only) #} +{%- set nics = { nm.cmp001.nic_mgmt: True, nm.cmp001.nic_private: True } %} +{%- set vlans = { nm.vlan_mgmt: nm.cmp001.nic_mgmt } %} +{%- if '-ovs-' not in conf.MCP_DEPLOY_SCENARIO and '-fdio-' not in conf.MCP_DEPLOY_SCENARIO %} +{%- set vlan_private_start = (nm.vlan_private | string).rsplit('-')[0] %} +{%- do vlans.update({ vlan_private_start: nm.cmp001.nic_private }) %} +{%- endif %} --- parameters: _param: # Should later be determined via PDF/IDF, AArch64 has ESP on /dev/sda1 +{%- if nm.cmp001.idx < conf.nodes | length %} {%- if conf.nodes[nm.cmp001.idx].node.type == 'virtual' %} ~cinder_lvm_devices: ['/dev/vdb'] {%- elif conf.nodes[nm.cmp001.idx].node.arch == 'aarch64' or @@ -19,32 +28,44 @@ parameters: {%- else %} ~cinder_lvm_devices: ['/dev/sda1'] {%- endif %} - primary_interface: {{ nm.cmp001.nic_mgmt }} - tenant_interface: {{ nm.cmp001.nic_private }} - external_interface: {{ nm.cmp001.nic_public }} +{%- endif %} linux: network: +{%- if '-fdio-' not in conf.MCP_DEPLOY_SCENARIO %} + ovs_nowait: true bridge: openvswitch +{%- else %} + dpdk: + enabled: true + driver: "${_param:compute_dpdk_driver}" + vpp: + enabled: true + decimal_interface_names: true + # Reuse ovs-dpdk socket mem configuration from IDF + dpdk_socket_mem: ${_param:compute_ovs_dpdk_socket_mem} + main_core: ${linux:system:kernel:isolcpu} + gid: 'neutron' +{%- endif %} interface: pxe_admin_int: enabled: true - name: {{ nm.cmp001.nic_admin }} + name: ${_param:pxe_admin_interface} proto: static type: eth address: ${_param:pxe_admin_address} netmask: ${_param:opnfv_net_admin_mask} mtu: ${_param:interface_mtu} - primary_interface: - enabled: true - name: ${_param:primary_interface} - proto: manual - type: eth - tenant_interface: - enabled: true - name: ${_param:tenant_interface} - mtu: ${_param:interface_mtu} - proto: manual - type: eth + noifupdown: true + +{#- prevent duplicates for tagged mgmt on the same physical interface as PXE/admin #} +{%- if nm.cmp001.nic_admin in nics %} + {%- do nics.pop(nm.cmp001.nic_admin) %} +{%- endif %} + +{{ ma.linux_network_interfaces_nic(nics) }} + +{{ ma.linux_network_interfaces_vlan(vlans) }} + br-mgmt: enabled: true type: bridge @@ -52,4 +73,4 @@ parameters: address: ${_param:single_address} netmask: ${_param:opnfv_net_mgmt_mask} use_interfaces: - - ${_param:primary_interface} + - {{ ma.interface_str(nm.cmp001.nic_mgmt, nm.vlan_mgmt) }} diff --git a/mcp/reclass/classes/cluster/mcp-common-noha/openstack_control.yml b/mcp/reclass/classes/cluster/mcp-common-noha/openstack_control.yml.j2 index f458281ce..e383edd16 100644 --- a/mcp/reclass/classes/cluster/mcp-common-noha/openstack_control.yml +++ b/mcp/reclass/classes/cluster/mcp-common-noha/openstack_control.yml.j2 @@ -8,7 +8,6 @@ --- classes: - system.linux.system.lowmem - - system.linux.system.repo.mcp.openstack - service.nfs.server - system.ceilometer.client - system.ceilometer.client.neutron @@ -26,6 +25,7 @@ classes: - system.keystone.client.service.aodh - system.keystone.client.service.gnocchi - system.keystone.client.service.panko + - system.keystone.client.service.barbican - system.glance.control.single - system.nova.control.single - system.cinder.control.single @@ -34,56 +34,73 @@ classes: - service.mysql.server.single - system.galera.server.database.cinder - system.galera.server.database.glance - - system.galera.server.database.grafana + - system.galera.server.database.neutron - system.galera.server.database.heat - system.galera.server.database.keystone - system.galera.server.database.nova - - system.galera.server.database.ceilometer - system.galera.server.database.aodh - system.galera.server.database.gnocchi - system.galera.server.database.panko + - system.galera.server.database.barbican + - system.barbican.server.single + - service.barbican.server.plugin.simple_crypto - service.redis.server.single - service.ceilometer.server.single - - system.ceilometer.server.coordination.redis - system.ceilometer.server.backend.default - system.aodh.server.single - - system.aodh.server.coordination.redis - system.gnocchi.server.single - - system.gnocchi.common.storage.incoming.redis - - system.gnocchi.common.storage.redis - - system.gnocchi.common.coordination.redis - service.panko.server.single + - system.apache.server.site.aodh - system.apache.server.site.gnocchi - system.apache.server.site.panko + - system.apache.server.site.barbican + - system.apache.server.single - system.horizon.server.single + - system.nginx.server.single + - system.nginx.server.proxy.openstack_web - service.haproxy.proxy.single +{%- if '-sfc-' in conf.MCP_DEPLOY_SCENARIO %} + - system.keystone.client.service.tacker + - system.galera.server.database.tacker + - service.tacker.server.single +{%- endif %} + - cluster.all-mcp-arch-common.backports - cluster.mcp-common-noha.haproxy_openstack_api - cluster.mcp-common-noha.openstack_control_pdf parameters: _param: - linux_system_codename: xenial ceilometer_create_gnocchi_resources: 'True' + ceilometer_endpoint_status: absent + barbican_integration_enabled: 'false' linux: system: package: python-msgpack: version: latest + sysfs: + transparent_hugepages: + kernel/mm/transparent_hugepage/enabled: never keystone: server: admin_email: ${_param:admin_email} openrc_extra: - volume_device_name: vdc + volume_device_name: sdc pkgs: - keystone - - python-psycopg2 - - python-mysqldb - - python-openstackclient - - python-tornado + - python3-memcache + - python3-openstackclient client: enabled: true resources: v3: enabled: true + services: + ceilometer: + status: absent + # required only for Rally validation + cinder: + type: volume + description: OpenStack Volume Service server: identity: admin: @@ -99,10 +116,23 @@ parameters: engine: file images: [] workers: 1 + barbican: + enabled: ${_param:barbican_integration_enabled} + identity: + barbican_endpoint: ${barbican:server:host_href} + pkgs: + - glance + services: + - glance-api + cinder: + controller: + barbican: + enabled: ${_param:barbican_integration_enabled} + pkgs: + - cinder-api + - cinder-scheduler nova: controller: - networking: dvr - cpu_allocation: 54 metadata: password: ${_param:metadata_password} bind: @@ -111,6 +141,15 @@ parameters: novncproxy_port: 6080 vncproxy_url: http://${_param:cluster_vip_address}:6080 workers: 1 + barbican: + enabled: ${_param:barbican_integration_enabled} + pkgs: + - nova-api + - nova-conductor + - nova-consoleauth + - nova-scheduler + - nova-novncproxy + - python3-novaclient horizon: server: # yamllint disable-line rule:truthy @@ -139,10 +178,18 @@ parameters: ~database: ~ redis: server: - version: 3.0 + version: 5.0 appendfsync: 'no' bind: address: ${_param:single_address} + gnocchi: + common: + storage: + driver: redis + redis_url: redis://${_param:single_address}:6379 + incoming: + driver: redis + redis_url: redis://${_param:single_address}:6379 nfs: server: share: @@ -159,9 +206,42 @@ parameters: server: vlan_aware_vms: true root_helper_daemon: false + agent_down_time: 300 + global_physnet_mtu: ${_param:interface_mtu} + backend: + external_mtu: ${_param:interface_mtu} +{%- if '-bgpvpn-' in conf.MCP_DEPLOY_SCENARIO %} + bgp_vpn: + enabled: True + driver: opendaylight_v2 +{%- endif %} apache: server: + bind: + listen_default_ports: false site: - gnocchi: + gnocchi: &wsgi_threads wsgi: threads: 1 + barbican: + <<: *wsgi_threads + barbican_admin: + <<: *wsgi_threads + mod_wsgi: libapache2-mod-wsgi-py3 + barbican: + server: + ks_notifications_enable: true + store: + software: + crypto_plugin: simple_crypto + store_plugin: store_crypto + global_default: true + rabbitmq: + server: + env_variables: + hostname: localhost + nginx: + server: + site: + nginx_ssl_redirect_openstack_web: + enabled: false diff --git a/mcp/reclass/classes/cluster/mcp-common-noha/openstack_control_pdf.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-noha/openstack_control_pdf.yml.j2 index b0b55afb9..06df3b845 100644 --- a/mcp/reclass/classes/cluster/mcp-common-noha/openstack_control_pdf.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-common-noha/openstack_control_pdf.yml.j2 @@ -6,6 +6,10 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## {%- import 'net_map.j2' as nm with context %} +{%- import 'net_macros.j2' as ma with context %} +{#- Filter-out NIC duplicates by constructing a dict (used NICs only) #} +{%- set nics = { nm.ctl01.nic_mgmt: True, nm.ctl01.nic_public: True } %} +{%- set vlans = { nm.vlan_mgmt: nm.ctl01.nic_mgmt, nm.vlan_public: nm.ctl01.nic_public } %} --- parameters: linux: @@ -18,19 +22,35 @@ parameters: type: eth address: ${_param:pxe_admin_address} netmask: ${_param:opnfv_net_admin_mask} - single_int: + mtu: ${_param:interface_mtu} + noifupdown: true + +{#- prevent duplicates for tagged mgmt on the same physical interface as PXE/admin #} +{%- if nm.ctl01.nic_admin in nics %} + {%- do nics.pop(nm.ctl01.nic_admin) %} +{%- endif %} + +{{ ma.linux_network_interfaces_nic(nics) }} + +{{ ma.linux_network_interfaces_vlan(vlans) }} + + br-ctl: enabled: true - name: {{ nm.ctl01.nic_mgmt }} - type: eth + type: bridge proto: static address: ${_param:single_address} netmask: ${_param:opnfv_net_mgmt_mask} - public_int: + noifupdown: true + use_interfaces: + - {{ ma.interface_str(nm.ctl01.nic_mgmt, nm.vlan_mgmt) }} + br-ext: enabled: true - name: {{ nm.ctl01.nic_public }} - type: eth + type: bridge proto: static address: ${_param:cluster_public_host} netmask: ${_param:opnfv_net_public_mask} gateway: ${_param:opnfv_net_public_gw} name_servers: {{ nm.dns_public }} + use_interfaces: + - {{ ma.interface_str(nm.ctl01.nic_public, nm.vlan_public) }} + noifupdown: true diff --git a/mcp/reclass/classes/cluster/mcp-common-noha/openstack_gateway.yml b/mcp/reclass/classes/cluster/mcp-common-noha/openstack_gateway.yml index 0062adf16..e59263c99 100644 --- a/mcp/reclass/classes/cluster/mcp-common-noha/openstack_gateway.yml +++ b/mcp/reclass/classes/cluster/mcp-common-noha/openstack_gateway.yml @@ -7,15 +7,14 @@ ############################################################################## --- classes: - - system.linux.system.repo.mcp.openstack + - cluster.all-mcp-arch-common.backports - cluster.mcp-common-noha.openstack_gateway_pdf parameters: - _param: - interface_mtu: 9000 - linux_system_codename: xenial neutron: gateway: notification: true agent_mode: ${_param:neutron_gateway_agent_mode} vlan_aware_vms: true root_helper_daemon: false + dhcp_lease_duration: 3600 + report_interval: 120 diff --git a/mcp/reclass/classes/cluster/mcp-common-noha/openstack_gateway_pdf.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-noha/openstack_gateway_pdf.yml.j2 index 6bd61a2d4..00d8fbd8c 100644 --- a/mcp/reclass/classes/cluster/mcp-common-noha/openstack_gateway_pdf.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-common-noha/openstack_gateway_pdf.yml.j2 @@ -7,14 +7,39 @@ ############################################################################## --- {%- import 'net_map.j2' as nm with context %} +{%- import 'net_macros.j2' as ma with context %} +{#- Filter-out NIC duplicates by constructing a dict (used NICs only) #} +{%- set nics = { nm.ctl01.nic_mgmt: True, nm.ctl01.nic_private: True } %} +{%- set vlans = { nm.vlan_mgmt: nm.ctl01.nic_mgmt } %} +{%- if '-fdio-' in conf.MCP_DEPLOY_SCENARIO %} +{%- do nics.update({ nm.ctl01.nic_public: True }) %} +{%- do vlans.update({ nm.vlan_public: nm.ctl01.nic_public }) %} +{%- elif '-ovs-' not in conf.MCP_DEPLOY_SCENARIO %} +{%- set vlan_private_start = (nm.vlan_private | string).rsplit('-')[0] %} +{%- do vlans.update({ vlan_private_start: nm.ctl01.nic_private }) %} +{%- endif %} parameters: - _param: - primary_interface: {{ nm.ctl01.nic_mgmt }} - tenant_interface: {{ nm.ctl01.nic_private }} - external_interface: {{ nm.ctl01.nic_public }} linux: network: +{%- if '-fdio-' not in conf.MCP_DEPLOY_SCENARIO %} +{%- set floating_br_type = 'ovs_bridge' %} bridge: openvswitch +{%- else %} +{%- set floating_br_type = 'bridge' %} + vpp: + enabled: true + decimal_interface_names: true + # Reuse ovs-dpdk socket mem configuration from IDF + dpdk_socket_mem: ${_param:compute_ovs_dpdk_socket_mem} + main_core: ${linux:system:kernel:isolcpu} + gid: 'neutron' + commands: | + create tap host-if-name vpp_ext_tap host-bridge br-floating rx-ring-size 1024 tx-ring-size 1024 + set interface state ${_param:external_vpp_tap} up + dpdk: + enabled: true + driver: "${_param:compute_dpdk_driver}" +{%- endif %} interface: pxe_admin_int: enabled: true @@ -24,30 +49,38 @@ parameters: address: ${_param:pxe_admin_address} netmask: ${_param:opnfv_net_admin_mask} mtu: ${_param:interface_mtu} - primary_interface: + noifupdown: true + +{#- prevent duplicates for tagged mgmt on the same physical interface as PXE/admin #} +{%- if nm.ctl01.nic_admin in nics %} + {%- do nics.pop(nm.ctl01.nic_admin) %} +{%- endif %} + +{{ ma.linux_network_interfaces_nic(nics) }} + +{{ ma.linux_network_interfaces_vlan(vlans) }} + +{%- if '-fdio-' not in conf.MCP_DEPLOY_SCENARIO %} + {{ ma.interface_str(nm.ctl01.nic_public, nm.vlan_public) }}: enabled: true - name: ${_param:primary_interface} mtu: ${_param:interface_mtu} proto: manual - type: eth - tenant_interface: - enabled: true - name: ${_param:tenant_interface} - mtu: ${_param:interface_mtu} - proto: manual - type: eth - external_interface: + ovs_port_type: OVSPort + type: ovs_port + ovs_bridge: br-floating + bridge: br-floating +{%- endif %} + br-floating: enabled: true - name: ${_param:external_interface} - mtu: ${_param:interface_mtu} - proto: manual - type: eth + type: {{ floating_br_type }} + proto: static + address: ${_param:external_address} + netmask: ${_param:opnfv_net_public_mask} gateway: ${_param:opnfv_net_public_gw} name_servers: {{ nm.dns_public }} - br-floating: - enabled: true - type: ovs_bridge - mtu: ${_param:interface_mtu} + use_interfaces: + - {{ ma.interface_str(nm.ctl01.nic_public, nm.vlan_public) }} + noifupdown: true br-mgmt: enabled: true type: bridge @@ -56,19 +89,4 @@ parameters: netmask: ${_param:opnfv_net_mgmt_mask} mtu: ${_param:interface_mtu} use_interfaces: - - ${_param:primary_interface} - float-to-ex: - enabled: true - type: ovs_port - mtu: ${_param:interface_mtu} - bridge: br-floating - br-ex: - enabled: true - type: bridge - mtu: ${_param:interface_mtu} - address: ${_param:external_address} - netmask: ${_param:opnfv_net_public_mask} - use_interfaces: - - ${_param:external_interface} - use_ovs_ports: - - float-to-ex + - {{ ma.interface_str(nm.ctl01.nic_mgmt, nm.vlan_mgmt) }} diff --git a/mcp/reclass/classes/cluster/mcp-common-noha/openstack_init.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-noha/openstack_init.yml.j2 index 872156574..3f3ff0ab8 100644 --- a/mcp/reclass/classes/cluster/mcp-common-noha/openstack_init.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-common-noha/openstack_init.yml.j2 @@ -9,9 +9,6 @@ --- parameters: _param: - openstack_version: queens - apt_mk_version: nightly - mcp_repo_version: 1.1 openstack_region: RegionOne admin_email: root@localhost cluster_public_protocol: http @@ -27,8 +24,6 @@ parameters: neutron_compute_agent_mode: legacy neutron_compute_external_access: 'False' galera_server_cluster_name: openstack_cluster - galera_server_maintenance_password: opnfv_secret - galera_server_admin_password: opnfv_secret cluster_vip_address: ${_param:cluster_public_host} cluster_local_address: ${_param:openstack_control_address} cluster_node01_hostname: ctl01 @@ -37,17 +32,12 @@ parameters: cluster_node02_address: ${_param:opnfv_openstack_control_node02_address} cluster_node03_hostname: ctl03 cluster_node03_address: ${_param:opnfv_openstack_control_node03_address} - rabbitmq_secret_key: opnfv_secret - rabbitmq_admin_password: opnfv_secret - rabbitmq_openstack_password: opnfv_secret - rabbitmq_cold_password: opnfv_secret glance_version: ${_param:openstack_version} glance_service_host: ${_param:cluster_local_address} keystone_version: ${_param:openstack_version} keystone_service_host: ${_param:cluster_local_address} heat_version: ${_param:openstack_version} heat_service_host: ${_param:cluster_local_address} - heat_domain_admin_password: opnfv_secret ceilometer_version: ${_param:openstack_version} ceilometer_service_host: ${_param:cluster_local_address} ceilometer_database_host: ${_param:cluster_local_address} @@ -59,43 +49,34 @@ parameters: neutron_version: ${_param:openstack_version} neutron_service_host: ${_param:cluster_local_address} mysql_admin_user: root - mysql_admin_password: opnfv_secret - mysql_cinder_password: opnfv_secret - mysql_ceilometer_password: opnfv_secret - mysql_glance_password: opnfv_secret - mysql_grafana_password: opnfv_secret - mysql_heat_password: opnfv_secret - mysql_keystone_password: opnfv_secret - mysql_neutron_password: opnfv_secret - mysql_nova_password: opnfv_secret - mysql_aodh_password: opnfv_secret - keystone_service_token: opnfv_secret - keystone_admin_password: opnfv_secret - keystone_ceilometer_password: opnfv_secret - keystone_cinder_password: opnfv_secret - keystone_glance_password: opnfv_secret - keystone_heat_password: opnfv_secret - keystone_keystone_password: opnfv_secret - keystone_neutron_password: opnfv_secret - keystone_nova_password: opnfv_secret - ceilometer_secret_key: opnfv_secret - metadata_password: opnfv_secret horizon_version: ${_param:openstack_version} horizon_secret_key: opaesee8Que2yahJoh9fo0eefo1Aeyo6ahyei8zeiboh3aeth5loth7ieNa5xi5e horizon_identity_host: ${_param:cluster_vip_address} horizon_identity_encryption: none horizon_identity_version: 3 + horizon_public_protocol: http + horizon_public_port: 80 + apache_mods_status_enabled: false + nginx_server_site_nginx_proxy_openstack_web_enabled: true + nginx_proxy_ssl: + enabled: false + + barbican_version: ${_param:openstack_version} + barbican_service_host: ${_param:cluster_local_address} + apache_barbican_api_address: ${_param:single_address} + barbican_simple_crypto_kek: "YWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXoxMjM0NTY=" + barbican_integration_enabled: true + +{%- if '-sfc-' in conf.MCP_DEPLOY_SCENARIO %} + tacker_service_host: ${_param:cluster_local_address} +{%- endif %} + aodh_version: ${_param:openstack_version} - keystone_aodh_password: opnfv_secret aodh_service_host: ${_param:cluster_local_address} - gnocchi_version: 4.2 + gnocchi_version: 4.3 gnocchi_service_host: ${_param:cluster_local_address} - mysql_gnocchi_password: opnfv_secret - keystone_gnocchi_password: opnfv_secret panko_version: ${_param:openstack_version} panko_service_host: ${_param:cluster_local_address} - mysql_panko_password: opnfv_secret - keystone_panko_password: opnfv_secret ceilometer_agent_default_polling_interval: 180 ceilometer_agent_default_polling_meters: - "*" @@ -106,6 +87,23 @@ parameters: net.ipv4.tcp_congestion_control: yeah net.ipv4.tcp_slow_start_after_idle: 0 net.ipv4.tcp_fin_timeout: 30 +{%- if 'aarch64' in nm.cluster.arch %} + repo: + armband_3: # Should be in sync with the repo config generated via curtin/MaaS + source: "deb http://linux.enea.com/mcp-repos/${_param:armband_repo_version}/xenial ${_param:armband_repo_version}-armband main" + key: ${_param:armband_key} + pinning: + 15: + enabled: true + pin: 'release a=${_param:armband_repo_version}-armband' + priority: 15 + package: '*' + 1200: + enabled: true + pin: 'release a=${_param:armband_repo_version}-armband' + priority: 1200 + package: 'qemu-efi' +{%- endif %} network: host: ctl: diff --git a/mcp/reclass/classes/cluster/mcp-fdio-ha/infra/config.yml b/mcp/reclass/classes/cluster/mcp-fdio-ha/infra/config.yml new file mode 100644 index 000000000..1bf5f0014 --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-fdio-ha/infra/config.yml @@ -0,0 +1,12 @@ +############################################################################## +# Copyright (c) 2018 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +classes: + - cluster.mcp-common-ha.infra.config + - cluster.mcp-fdio-ha.infra + - cluster.all-mcp-arch-common.infra.config_pdf diff --git a/mcp/reclass/classes/cluster/mcp-odl-noha/openstack/gateway.yml b/mcp/reclass/classes/cluster/mcp-fdio-ha/infra/init.yml index 678740f40..3ab122e13 100644 --- a/mcp/reclass/classes/cluster/mcp-odl-noha/openstack/gateway.yml +++ b/mcp/reclass/classes/cluster/mcp-fdio-ha/infra/init.yml @@ -7,19 +7,8 @@ ############################################################################## --- classes: - - cluster.mcp-common-noha.openstack_gateway - - service.neutron.gateway.opendaylight.single - - cluster.mcp-odl-noha + - cluster.mcp-common-ha.infra + - cluster.mcp-fdio-ha.openstack parameters: - linux: - network: - interface: - br-mesh: - enabled: true - type: bridge - mtu: ${_param:interface_mtu} - proto: static - address: ${_param:tenant_address} - netmask: ${_param:opnfv_net_private_mask} - use_interfaces: - - ${_param:tenant_interface} + _param: + cluster_name: mcp-fdio-ha diff --git a/mcp/reclass/classes/cluster/mcp-fdio-ha/infra/init_vcp.yml.j2 b/mcp/reclass/classes/cluster/mcp-fdio-ha/infra/init_vcp.yml.j2 new file mode 100644 index 000000000..8ab411876 --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-fdio-ha/infra/init_vcp.yml.j2 @@ -0,0 +1,12 @@ +############################################################################## +# Copyright (c) 2018 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +{%- if conf.MCP_VCP %} +classes: + - cluster.mcp-fdio-ha.infra +{%- endif %} diff --git a/mcp/reclass/classes/cluster/mcp-fdio-ha/infra/kvm.yml.j2 b/mcp/reclass/classes/cluster/mcp-fdio-ha/infra/kvm.yml.j2 new file mode 100644 index 000000000..dbbea5235 --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-fdio-ha/infra/kvm.yml.j2 @@ -0,0 +1,14 @@ +############################################################################## +# Copyright (c) 2018 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +{%- if conf.MCP_VCP %} +# NOTE(armband): we don't want to pull in salt.control for novcp +classes: + - cluster.mcp-common-ha.infra.kvm + - cluster.mcp-fdio-ha.infra +{%- endif %} diff --git a/mcp/reclass/classes/cluster/mcp-fdio-ha/infra/maas.yml b/mcp/reclass/classes/cluster/mcp-fdio-ha/infra/maas.yml new file mode 100644 index 000000000..55c737f3f --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-fdio-ha/infra/maas.yml @@ -0,0 +1,11 @@ +############################################################################## +# Copyright (c) 2018 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +classes: + - cluster.mcp-fdio-ha.infra + - cluster.all-mcp-arch-common.infra.maas diff --git a/mcp/reclass/classes/cluster/mcp-fdio-ha/init.yml b/mcp/reclass/classes/cluster/mcp-fdio-ha/init.yml new file mode 100644 index 000000000..daeecfcc7 --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-fdio-ha/init.yml @@ -0,0 +1,12 @@ +############################################################################## +# Copyright (c) 2018 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +classes: + - cluster.all-mcp-arch-common + - cluster.mcp-fdio-ha.infra + - cluster.mcp-fdio-ha.openstack diff --git a/mcp/reclass/classes/cluster/mcp-fdio-ha/openstack/compute.yml b/mcp/reclass/classes/cluster/mcp-fdio-ha/openstack/compute.yml new file mode 100644 index 000000000..ffc3b5309 --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-fdio-ha/openstack/compute.yml @@ -0,0 +1,12 @@ +############################################################################## +# Copyright (c) 2018 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +classes: + - cluster.mcp-common-ha.openstack_compute + - cluster.mcp-fdio-ha.openstack.compute_pdf + - cluster.mcp-fdio-ha.infra diff --git a/mcp/reclass/classes/cluster/mcp-fdio-ha/openstack/compute_pdf.yml.j2 b/mcp/reclass/classes/cluster/mcp-fdio-ha/openstack/compute_pdf.yml.j2 new file mode 100644 index 000000000..f3844ad8c --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-fdio-ha/openstack/compute_pdf.yml.j2 @@ -0,0 +1,36 @@ +############################################################################## +# Copyright (c) 2018 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +{%- import 'net_map.j2' as nm with context %} +{%- import 'net_macros.j2' as ma with context %} +{#- Filter-out NIC duplicates by constructing a dict (used NICs only) #} +{%- set nics = { nm.cmp001.nic_private: True } %} +{%- set vlan_private_start = (nm.vlan_private | string).rsplit('-')[0] %} +{%- set vlans = { vlan_private_start: nm.cmp001.nic_private } %} +--- +parameters: + linux: + network: + interface: + +{#- prevent duplicates for tagged mgmt on the same physical interface as PXE/admin #} +{%- if nm.cmp001.nic_admin in nics %} + {%- do nics.pop(nm.cmp001.nic_admin) %} +{%- endif %} + +{{ ma.linux_network_interfaces_nic(nics) }} + +{{ ma.linux_network_interfaces_vlan(vlans) }} + + br-mesh: + enabled: true + type: bridge + address: ${_param:tenant_address} + netmask: ${_param:opnfv_net_private_mask} + mtu: 1500 + use_interfaces: + - {{ ma.interface_str(nm.cmp001.nic_private, vlan_private_start) }} diff --git a/mcp/reclass/classes/cluster/mcp-fdio-ha/openstack/control.yml b/mcp/reclass/classes/cluster/mcp-fdio-ha/openstack/control.yml new file mode 100644 index 000000000..a9bb44907 --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-fdio-ha/openstack/control.yml @@ -0,0 +1,13 @@ +############################################################################## +# Copyright (c) 2018 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +classes: + - system.neutron.control.openvswitch.cluster + - cluster.mcp-common-ha.openstack_interface_vcp_biport + - cluster.mcp-common-ha.openstack_control + - cluster.mcp-fdio-ha.infra diff --git a/mcp/reclass/classes/cluster/mcp-fdio-ha/openstack/database.yml b/mcp/reclass/classes/cluster/mcp-fdio-ha/openstack/database.yml new file mode 100644 index 000000000..7ba9e5660 --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-fdio-ha/openstack/database.yml @@ -0,0 +1,12 @@ +############################################################################## +# Copyright (c) 2018 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +classes: + - cluster.mcp-common-ha.openstack_interface_vcp_biport + - cluster.mcp-common-ha.openstack_database + - cluster.mcp-fdio-ha.infra.init_vcp diff --git a/mcp/reclass/classes/cluster/mcp-fdio-ha/openstack/init.yml b/mcp/reclass/classes/cluster/mcp-fdio-ha/openstack/init.yml new file mode 100644 index 000000000..8aa203d0c --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-fdio-ha/openstack/init.yml @@ -0,0 +1,14 @@ +############################################################################## +# Copyright (c) 2018 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +classes: + - cluster.mcp-common-ha.openstack_init + - cluster.all-mcp-arch-common.fdio_repo +parameters: + _param: + neutron_tenant_network_types: "flat,vxlan" diff --git a/mcp/reclass/classes/cluster/mcp-fdio-ha/openstack/message_queue.yml b/mcp/reclass/classes/cluster/mcp-fdio-ha/openstack/message_queue.yml new file mode 100644 index 000000000..175215502 --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-fdio-ha/openstack/message_queue.yml @@ -0,0 +1,12 @@ +############################################################################## +# Copyright (c) 2018 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +classes: + - cluster.mcp-common-ha.openstack_interface_vcp_biport + - cluster.mcp-common-ha.openstack_message_queue + - cluster.mcp-fdio-ha.infra.init_vcp diff --git a/mcp/reclass/classes/cluster/mcp-fdio-ha/openstack/proxy.yml b/mcp/reclass/classes/cluster/mcp-fdio-ha/openstack/proxy.yml new file mode 100644 index 000000000..bafbbaa6a --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-fdio-ha/openstack/proxy.yml @@ -0,0 +1,12 @@ +############################################################################## +# Copyright (c) 2018 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +classes: + - cluster.mcp-common-ha.openstack_interface_vcp_triport + - cluster.mcp-common-ha.openstack_proxy + - cluster.mcp-fdio-ha.infra.init_vcp diff --git a/mcp/reclass/classes/cluster/mcp-fdio-ha/openstack/telemetry.yml b/mcp/reclass/classes/cluster/mcp-fdio-ha/openstack/telemetry.yml new file mode 100644 index 000000000..9cb8fcd5e --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-fdio-ha/openstack/telemetry.yml @@ -0,0 +1,12 @@ +############################################################################## +# Copyright (c) 2018 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +classes: + - cluster.mcp-common-ha.openstack_interface_vcp_biport + - cluster.mcp-common-ha.openstack_telemetry + - cluster.mcp-fdio-ha.infra.init_vcp diff --git a/mcp/reclass/classes/cluster/mcp-fdio-noha/infra/config.yml.j2 b/mcp/reclass/classes/cluster/mcp-fdio-noha/infra/config.yml.j2 new file mode 100644 index 000000000..0c5eef8c2 --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-fdio-noha/infra/config.yml.j2 @@ -0,0 +1,58 @@ +############################################################################## +# Copyright (c) 2018 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +{%- import 'net_map.j2' as nm with context %} +{%- import 'net_macros.j2' as ma with context %} +{#- Until SDF is implemented, hardcode gtw01 node index in IDF as ctl01 +1 #} +{%- set gi = nm.ctl01.idx + 1 %} +--- +classes: + - system.reclass.storage.system.openstack_gateway_single + - cluster.mcp-common-noha.infra.config + - cluster.mcp-fdio-noha + - cluster.all-mcp-arch-common.infra.config_pdf +parameters: + reclass: + storage: + node: + openstack_gateway_node01: + params: + tenant_address: ${_param:opnfv_openstack_gateway_node01_tenant_address} + external_address: ${_param:opnfv_openstack_gateway_node01_external_address} + pxe_admin_address: ${_param:opnfv_openstack_gateway_node01_pxe_admin_address} +{%- if '-fdio-' in conf.MCP_DEPLOY_SCENARIO %} +{%- set private_speed = conf.nodes[gi].interfaces[nm.idx_private].speed %} +{%- set private_pci = conf.idf.fuel.network.node[gi].busaddr[nm.idx_private] %} + # We reuse compute-specific configuration from IDF, so we don't have + # to rework everything in both Pharos and Fuel + # However, OVS-related configuration is unused and only DPDK is relevant + {%- if conf.idf.fuel.reclass is defined %} + {%- if conf.idf.fuel.reclass.node[gi].compute_params.dpdk is defined %} + {#- Can't dump json here due to dpdk0_* below, explicitly create yaml #} + {%- set _dpdk = conf.idf.fuel.reclass.node[gi].compute_params.dpdk %} + {%- set private_drv = _dpdk.dpdk0_driver %} + {%- for _i in _dpdk %} + {{ _i }}: '"{{ _dpdk[_i] }}"' + {%- endfor %} + {%- endif %} + {%- else %} + compute_hugepages_size: 2M + compute_hugepages_count: 13312 + compute_hugepages_mount: /mnt/hugepages_2M + compute_kernel_isolcpu: 3,8,9,10,11 + compute_dpdk_driver: uio + compute_ovs_pmd_cpu_mask: '"0x708"' + compute_ovs_dpdk_socket_mem: '"4096,4096"' + compute_ovs_dpdk_lcore_mask: '"0x800"' + compute_ovs_memory_channels: '"2"' + dpdk0_driver: igb_uio + dpdk0_n_rxq: 2 + {%- endif %} + dpdk0_name: {{ conf.idf.fuel.network.node[gi].interfaces[nm.idx_private] }} + dpdk0_pci: '"{{ conf.idf.fuel.network.node[gi].busaddr[nm.idx_private] }}"' + dpdk0_vpp: {{ ma.vpp_interface_str(private_speed, private_pci, private_drv or '') }} +{%- endif %} diff --git a/mcp/reclass/classes/cluster/mcp-fdio-noha/infra/init.yml b/mcp/reclass/classes/cluster/mcp-fdio-noha/infra/init.yml new file mode 100644 index 000000000..b1d890dfb --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-fdio-noha/infra/init.yml @@ -0,0 +1,14 @@ +############################################################################## +# Copyright (c) 2018 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +classes: + - cluster.mcp-common-noha.infra + +parameters: + _param: + cluster_name: mcp-fdio-noha diff --git a/mcp/reclass/classes/cluster/mcp-fdio-noha/infra/maas.yml b/mcp/reclass/classes/cluster/mcp-fdio-noha/infra/maas.yml new file mode 100644 index 000000000..e64e9a137 --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-fdio-noha/infra/maas.yml @@ -0,0 +1,11 @@ +############################################################################## +# Copyright (c) 2018 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +classes: + - cluster.mcp-fdio-noha.infra + - cluster.all-mcp-arch-common.infra.maas diff --git a/mcp/reclass/classes/cluster/mcp-fdio-noha/init.yml b/mcp/reclass/classes/cluster/mcp-fdio-noha/init.yml new file mode 100644 index 000000000..6e4f952fd --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-fdio-noha/init.yml @@ -0,0 +1,12 @@ +############################################################################## +# Copyright (c) 2018 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +classes: + - cluster.mcp-common-noha.init_options + - cluster.mcp-fdio-noha.infra + - cluster.mcp-fdio-noha.openstack diff --git a/mcp/reclass/classes/cluster/mcp-fdio-noha/openstack/compute.yml.j2 b/mcp/reclass/classes/cluster/mcp-fdio-noha/openstack/compute.yml.j2 new file mode 100644 index 000000000..14b8a268b --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-fdio-noha/openstack/compute.yml.j2 @@ -0,0 +1,68 @@ +############################################################################## +# Copyright (c) 2018 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +{%- import 'net_map.j2' as nm with context %} +--- +classes: + - service.neutron.compute.single + - system.nova.compute.nfv.hugepages + - cluster.mcp-common-noha.openstack_compute + - cluster.mcp-fdio-noha +parameters: + nova: + compute: + # yamllint disable-line rule:truthy + vif_plugging_is_fatal: False + vif_plugging_timeout: 10 + neutron: + compute: + backend: + router: 'vpp-router' + tenant_network_types: "${_param:neutron_tenant_network_types}" + ~mechanism: + vpp: + driver: vpp + etcd_port: ${_param:node_port} + etcd_host: ${_param:node_address} + l3_hosts: ${_param:openstack_gateway_node01_hostname} + physnets: + physnet1: + vpp_interface: ${_param:external_vpp_tap} + physnet2: + vpp_interface: ${_param:dpdk0_vpp} + linux: + system: + kernel: + isolcpu: 1 # NOTE: Hardcoded for now + boot_options: + - spectre_v2=off + - nopti + - kpti=off + - nospec_store_bypass_disable + - noibrs + - noibpb + - intel_iommu=on + - iommu=pt + - nohz_full=${linux:system:kernel:isolcpu} + - rcu_nocbs=${linux:system:kernel:isolcpu} + - iommu.passthrough=1 + network: + interface: + dpdk0: + name: ${_param:dpdk0_name} + pci: ${_param:dpdk0_pci} + driver: ${_param:dpdk0_driver} + enabled: true + type: dpdk_vpp_port + mtu: ${_param:interface_mtu} + {{ nm.cmp001.nic_private }}: + type: dpdk # Not a meaningful type, just match 'dpdk' for filtering + pxe_admin_int: + # For scenarios without public network on cmp, set admin gw + gateway: {{ nm.net_admin_gw }} + name_servers: + - {{ nm.net_admin_gw }} diff --git a/mcp/reclass/classes/cluster/mcp-fdio-noha/openstack/control.yml b/mcp/reclass/classes/cluster/mcp-fdio-noha/openstack/control.yml new file mode 100644 index 000000000..afce77f4b --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-fdio-noha/openstack/control.yml @@ -0,0 +1,76 @@ +############################################################################## +# Copyright (c) 2018 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +classes: + - cluster.mcp-common-noha.openstack_control + - cluster.mcp-fdio-noha + - system.neutron.control.single + - service.etcd.server.single + - system.galera.server.database.neutron +# NOTE: All this configuration should later be moved to reclass.system as +# neutron.control.vpp.single +parameters: + _param: + # yamllint disable rule:truthy + neutron_control_dvr: True + neutron_l3_ha: False + neutron_enable_qos: False + neutron_enable_vlan_aware_vms: False + neutron_enable_bgp_vpn: False + # yamllint enable rule:truthy + neutron_global_physnet_mtu: 1500 + neutron_external_mtu: 1500 + neutron_bgp_vpn_driver: bagpipe + internal_protocol: 'http' + neutron_firewall_driver: 'iptables_hybrid' + openstack_node_role: primary + nova: + controller: + # yamllint disable-line rule:truthy + vif_plugging_is_fatal: False + vif_plugging_timeout: 10 + neutron: + server: + role: ${_param:openstack_node_role} + global_physnet_mtu: ${_param:neutron_global_physnet_mtu} + l3_ha: ${_param:neutron_l3_ha} + dvr: ${_param:neutron_control_dvr} + qos: ${_param:neutron_enable_qos} + vlan_aware_vms: ${_param:neutron_enable_vlan_aware_vms} + firewall_driver: ${_param:neutron_firewall_driver} + bgp_vpn: + enabled: ${_param:neutron_enable_bgp_vpn} + driver: ${_param:neutron_bgp_vpn_driver} + backend: + engine: ml2 + router: 'vpp-router' + tenant_network_types: "${_param:neutron_tenant_network_types}" + external_mtu: ${_param:neutron_external_mtu} + mechanism: + vpp: + driver: vpp + etcd_port: ${_param:node_port} + etcd_host: ${_param:node_address} + l3_hosts: ${_param:openstack_gateway_node01_hostname} + physnets: + physnet1: + vpp_interface: ${_param:external_vpp_tap} + physnet2: + # NOTE: Not a meaningful interface name, just avoid a filter-out + vpp_interface: 'dummy' + vlan_range: '${_param:opnfv_net_tenant_vlan}' + compute: + region: ${_param:openstack_region} + database: + host: ${_param:openstack_database_address} + identity: + region: ${_param:openstack_region} + protocol: ${_param:internal_protocol} + message_queue: + members: + - host: ${_param:single_address} diff --git a/mcp/reclass/classes/cluster/mcp-fdio-noha/openstack/gateway.yml b/mcp/reclass/classes/cluster/mcp-fdio-noha/openstack/gateway.yml new file mode 100644 index 000000000..c330b677c --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-fdio-noha/openstack/gateway.yml @@ -0,0 +1,68 @@ +############################################################################## +# Copyright (c) 2018 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +classes: + - cluster.mcp-common-noha.openstack_gateway + - service.neutron.gateway.single + - cluster.mcp-fdio-noha +parameters: + _param: + compute_hugepages_size: 1G + compute_hugepages_mount: /mnt/hugepages_1G + neutron: + gateway: + agents: + l3: + interface_driver: neutron.agent.linux.interface.BridgeInterfaceDriver + dhcp: + interface_driver: neutron.agent.linux.interface.BridgeInterfaceDriver + backend: + router: 'vpp-router' + tenant_network_types: "${_param:neutron_tenant_network_types}" + ~mechanism: + vpp: + driver: vpp + etcd_port: ${_param:node_port} + etcd_host: ${_param:node_address} + l3_hosts: ${_param:openstack_gateway_node01_hostname} + physnets: + physnet1: + vpp_interface: ${_param:external_vpp_tap} + physnet2: + vpp_interface: ${_param:dpdk0_vpp} + linux: + system: + kernel: + hugepages: + large: + default: true + size: ${_param:compute_hugepages_size} + count: ${_param:compute_hugepages_count} + mount_point: ${_param:compute_hugepages_mount} + isolcpu: 1 # NOTE: Hardcoded for now + boot_options: + - spectre_v2=off + - nopti + - kpti=off + - nospec_store_bypass_disable + - noibrs + - noibpb + - intel_iommu=on + - iommu=pt + - nohz_full=${linux:system:kernel:isolcpu} + - rcu_nocbs=${linux:system:kernel:isolcpu} + - iommu.passthrough=1 + network: + interface: + dpdk0: + name: ${_param:dpdk0_name} + pci: ${_param:dpdk0_pci} + driver: ${_param:dpdk0_driver} + enabled: true + type: dpdk_vpp_port + mtu: ${_param:interface_mtu} diff --git a/mcp/reclass/classes/cluster/mcp-fdio-noha/openstack/init.yml b/mcp/reclass/classes/cluster/mcp-fdio-noha/openstack/init.yml new file mode 100644 index 000000000..858da65a7 --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-fdio-noha/openstack/init.yml @@ -0,0 +1,30 @@ +############################################################################## +# Copyright (c) 2018 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +classes: + - cluster.mcp-common-noha.openstack_init + - cluster.all-mcp-arch-common.fdio_repo +parameters: + _param: + openstack_gateway_node01_hostname: 'gtw01' + neutron_tenant_network_types: "vlan" + etcd_initial_token: ${_param:opnfv_main_password} + node_address: ${_param:cluster_node01_address} + node_hostname: ${_param:cluster_node01_hostname} + node_port: 4001 + external_vpp_tap: 'tap0' + linux: + system: + file: + /etc/systemd/network/99-default.link: + contents: | + # Workaround tap/bridge MAC generation issue + # https://github.com/systemd/systemd/issues/3374 + [Link] + NamePolicy=kernel database onboard slot path + MACAddressPolicy=none diff --git a/mcp/reclass/classes/cluster/mcp-iec-noha/akraino/iec.yml.j2 b/mcp/reclass/classes/cluster/mcp-iec-noha/akraino/iec.yml.j2 new file mode 100644 index 000000000..ccd378b73 --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-iec-noha/akraino/iec.yml.j2 @@ -0,0 +1,117 @@ +############################################################################## +# Copyright (c) 2019 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +{%- import 'net_map.j2' as nm with context %} +{%- import 'net_macros.j2' as ma with context %} +{#- Filter-out NIC duplicates by constructing a dict (used NICs only) #} +{%- if '-vcp-' in conf.MCP_DEPLOY_SCENARIO %} +{%- set nics = {} %} +{%- set vlans = {} %} +{%- else %} +{%- set nics = { nm.ctl01.nic_mgmt: True, nm.ctl01.nic_public: True } %} +{%- set vlans = { nm.vlan_mgmt: nm.ctl01.nic_mgmt, nm.vlan_public: nm.ctl01.nic_public } %} +{%- endif %} +--- +classes: + - cluster.mcp-iec-noha + - cluster.all-mcp-arch-common.opnfv.maas_proxy + - cluster.all-mcp-arch-common.opnfv.lab_proxy_pdf +parameters: + _param: +{%- if '-vcp-' in conf.MCP_DEPLOY_SCENARIO %} + pxe_admin_interface: ${_param:opnfv_vcp_vm_primary_interface} + external_nic: ${_param:opnfv_vcp_vm_secondary_interface} + single_nic: ${_param:opnfv_vcp_vm_tertiary_interface} +{%- else %} + pxe_admin_interface: {{ nm.ctl01.nic_admin }} + external_nic: {{ ma.interface_str(nm.ctl01.nic_public, nm.vlan_public) }} + single_nic: {{ ma.interface_str(nm.ctl01.nic_mgmt, nm.vlan_mgmt) }} +{%- endif %} + linux: +{%- if 'centos' not in conf.MCP_OS %} +{%- set proto_manual = 'manual' %} +{%- else %} +{%- set proto_manual = 'none' %} + system: + file: + /etc/gshadow: + group: root + /etc/shadow: + group: root + /etc/udev/rules.d/70-persistent-net.rules: + contents: '' +{%- if conf.nodes[nm.ctl01.idx].node.arch == 'aarch64' %} + /etc/modprobe.d/vfat.conf: + contents: '' + /boot/efi/EFI/centos/grub.cfg: + source: /boot/grub2/grub.cfg +{%- endif %} + kernel: + boot_options: + - net.ifnames=1 + - biosdevname=1 + modules: + - br_netfilter + at: + enabled: False + cron: + enabled: False +{%- endif %} + network: + interface: + pxe_admin_int: + enabled: true + name: ${_param:pxe_admin_interface} + type: eth + address: ${_param:pxe_admin_address} + netmask: ${_param:opnfv_net_admin_mask} + mtu: ${_param:interface_mtu} + noifupdown: true + +{#- prevent duplicates for tagged mgmt on the same physical interface as PXE/admin #} +{%- if nm.ctl01.nic_admin in nics %} + {%- do nics.pop(nm.ctl01.nic_admin) %} +{%- endif %} + +{{ ma.linux_network_interfaces_nic(nics, proto_manual) }} + +{{ ma.linux_network_interfaces_vlan(vlans, proto_manual) }} + +{%- if '-vcp-' in conf.MCP_DEPLOY_SCENARIO %} + single: + enabled: true + type: eth + proto: {{ proto_manual }} + name: ${_param:single_nic} + mtu: ${_param:interface_mtu} + external: + enabled: true + type: eth + proto: {{ proto_manual }} + name: ${_param:external_nic} + mtu: ${_param:interface_mtu} +{%- endif %} + br-ctl: + enabled: true + type: bridge + address: ${_param:single_address} + netmask: ${_param:opnfv_net_mgmt_mask} + noifupdown: true + use_interfaces: + - ${_param:single_nic} + mtu: ${_param:interface_mtu} + br-ex: + enabled: true + type: bridge + address: ${_param:external_address} + netmask: ${_param:opnfv_net_public_mask} + noifupdown: true + use_interfaces: + - ${_param:external_nic} + mtu: ${_param:interface_mtu} + gateway: ${_param:opnfv_net_public_gw} + name_servers: {{ nm.dns_public }} diff --git a/mcp/reclass/classes/cluster/mcp-iec-noha/akraino/init.yml b/mcp/reclass/classes/cluster/mcp-iec-noha/akraino/init.yml new file mode 100644 index 000000000..18bdf215a --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-iec-noha/akraino/init.yml @@ -0,0 +1,32 @@ +############################################################################## +# Copyright (c) 2019 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +parameters: + _param: + # NOTE(armband): reuse Openstack definitions + akraino_iec_node01_address: ${_param:opnfv_openstack_control_node01_address} + akraino_iec_node02_address: ${_param:opnfv_openstack_control_node02_address} + akraino_iec_node03_address: ${_param:opnfv_openstack_control_node03_address} + linux: + network: + host: + iec01: + address: ${_param:akraino_iec_node01_address} + names: + - iec01 + - iec01.${_param:cluster_domain} + iec02: + address: ${_param:akraino_iec_node02_address} + names: + - iec02 + - iec02.${_param:cluster_domain} + iec03: + address: ${_param:akraino_iec_node03_address} + names: + - iec03 + - iec03.${_param:cluster_domain} diff --git a/mcp/reclass/classes/cluster/mcp-iec-noha/infra/config.yml.j2 b/mcp/reclass/classes/cluster/mcp-iec-noha/infra/config.yml.j2 new file mode 100644 index 000000000..9a1c9b8d1 --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-iec-noha/infra/config.yml.j2 @@ -0,0 +1,57 @@ +############################################################################## +# Copyright (c) 2019 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +{%- import 'net_map.j2' as nm with context %} +--- +classes: + - cluster.mcp-common-noha.infra.config + - cluster.mcp-iec-noha + - cluster.all-mcp-arch-common.opnfv.lab_proxy_pdf + - cluster.all-mcp-arch-common.infra.config_pdf +parameters: + reclass: + storage: + ~node: +{%- if nm.cluster.has_baremetal_nodes %} +{#- Since we overwrite the ~node key, we need to re-add maas node explicitly #} + infra_maas_node01: + name: ${_param:infra_maas_node01_hostname} + domain: ${_param:cluster_domain} + classes: + - cluster.${_param:cluster_name}.infra.maas + params: + salt_master_host: ${_param:infra_config_deploy_address} + linux_system_codename: ${_param:infra_maas_system_codename} + single_address: ${_param:infra_maas_node01_deploy_address} +{%- endif %} +{%- if '-vcp-' in conf.MCP_DEPLOY_SCENARIO %} +{%- for i in range(1, 4) %} + infra_kvm_node0{{ i }}: + name: ${_param:infra_kvm_node0{{ i }}_hostname} + domain: ${_param:cluster_domain} + classes: + - cluster.${_param:cluster_name}.infra.kvm + params: + salt_master_host: ${_param:reclass_config_master} + linux_system_codename: ${_param:linux_system_codename} + single_address: ${_param:opnfv_infra_kvm_node0{{ i }}_address} + pxe_admin_address: ${_param:opnfv_infra_kvm_node0{{ i }}_pxe_admin_address} +{%- endfor %} +{%- endif %} +{%- for i in range(1, 4) %} + akraino_iec_node0{{ i }}: + name: ${_param:akraino_iec_node0{{ i }}_hostname} + domain: ${_param:cluster_domain} + classes: + - cluster.${_param:cluster_name}.akraino.iec + params: + salt_master_host: ${_param:reclass_config_master} + linux_system_codename: ${_param:linux_system_codename} + single_address: ${_param:opnfv_openstack_control_node0{{ i }}_address} + external_address: ${_param:opnfv_openstack_control_node0{{ i }}_external_address} + pxe_admin_address: ${_param:opnfv_openstack_control_node0{{ i }}_pxe_admin_address} +{%- endfor %} diff --git a/mcp/reclass/classes/cluster/mcp-iec-noha/infra/init.yml.j2 b/mcp/reclass/classes/cluster/mcp-iec-noha/infra/init.yml.j2 new file mode 100644 index 000000000..1b68b6c44 --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-iec-noha/infra/init.yml.j2 @@ -0,0 +1,31 @@ +############################################################################## +# Copyright (c) 2019 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +classes: + - cluster.mcp-common-noha.infra +parameters: + _param: + cluster_name: mcp-iec-noha + infra_kvm_node01_hostname: kvm01 + infra_kvm_node02_hostname: kvm02 + infra_kvm_node03_hostname: kvm03 + akraino_iec_node01_hostname: iec01 + akraino_iec_node02_hostname: iec02 + akraino_iec_node03_hostname: iec03 +{%- if '-vcp-' in conf.MCP_DEPLOY_SCENARIO %} + linux: + network: + host: +{%- for i in range(1, 4) %} + kvm0{{ i }}: + address: ${_param:opnfv_infra_kvm_node0{{ i }}_address} + names: + - ${_param:infra_kvm_node0{{ i }}_hostname} + - ${_param:infra_kvm_node0{{ i }}_hostname}.${_param:cluster_domain} +{%- endfor %} +{%- endif %} diff --git a/mcp/reclass/classes/cluster/mcp-iec-noha/infra/kvm.yml.j2 b/mcp/reclass/classes/cluster/mcp-iec-noha/infra/kvm.yml.j2 new file mode 100644 index 000000000..34372c69c --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-iec-noha/infra/kvm.yml.j2 @@ -0,0 +1,112 @@ +############################################################################## +# Copyright (c) 2019 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +{#- NOTE: br-{mgmt,ctl} are cross-referenced, careful when changing names #} +{%- import 'net_map.j2' as nm with context %} +{%- import 'net_macros.j2' as ma with context %} +{#- Filter-out NIC duplicates by constructing a dict (used NICs only) #} +{%- set nics = { nm.ctl01.nic_admin: True, nm.ctl01.nic_mgmt: True, nm.ctl01.nic_public: True } %} +{%- set vlans = { nm.vlan_admin: nm.ctl01.nic_admin, nm.vlan_mgmt: nm.ctl01.nic_mgmt, nm.vlan_public: nm.ctl01.nic_public } %} +--- +classes: + - system.salt.control.virt + - cluster.all-mcp-arch-common.opnfv.maas_proxy + - cluster.all-mcp-arch-common.opnfv.lab_proxy_pdf + - cluster.mcp-iec-noha.infra +parameters: + _param: + linux_system_codename: bionic + linux: + network: + interface: + +{{ ma.linux_network_interfaces_nic(nics) }} + +{{ ma.linux_network_interfaces_vlan(vlans) }} + + br-mgmt: + enabled: true + proto: static + address: ${_param:pxe_admin_address} + netmask: ${_param:opnfv_net_admin_mask} + gateway: {{ nm.net_admin_gw }} + name_servers: + - {{ nm.net_admin_gw }} + type: bridge + use_interfaces: + - {{ ma.interface_str(nm.ctl01.nic_admin, nm.vlan_admin) }} + noifupdown: true + br-ctl: + enabled: true + type: bridge + proto: static + address: ${_param:single_address} + netmask: ${_param:opnfv_net_mgmt_mask} + use_interfaces: + - {{ ma.interface_str(nm.ctl01.nic_mgmt, nm.vlan_mgmt) }} + noifupdown: true + br-ex: + enabled: true + proto: manual + netmask: ${_param:opnfv_net_public_mask} + type: bridge + use_interfaces: + - {{ ma.interface_str(nm.ctl01.nic_public, nm.vlan_public) }} + noifupdown: true + system: + kernel: + boot_options: + - spectre_v2=off + - nopti + - kpti=off + sysctl: + net.ipv4.ip_forward: 0 + libvirt: + server: + service: libvirtd + config_sys: /etc/default/libvirtd + unix_sock_group: libvirt + salt: + control: + size: + akraino.iec: + cpu: 8 + ram: 12288 + disk_profile: small + net_profile: default + cluster: + internal: + domain: ${_param:cluster_domain} + engine: virt + node: +{%- for i in range(1, 4) %} + iec0{{ i }}: + name: ${_param:akraino_iec_node0{{ i }}_hostname} + provider: ${_param:infra_kvm_node0{{ i }}_hostname}.${_param:cluster_domain} + size: akraino.iec + image: ${_param:salt_control_bionic_image} +{%- if conf.nodes[nm.ctl01.idx].node.arch == 'aarch64' %} + machine: virt + cpu_mode: host-passthrough + loader: + readonly: 'yes' + type: pflash + path: /usr/share/AAVMF/AAVMF_CODE.fd +{%- endif %} +{%- endfor %} + virt: + nic: + default: + eth2: + bridge: br-mgmt + model: virtio + eth1: + bridge: br-ex + model: virtio + eth0: + bridge: br-ctl + model: virtio diff --git a/mcp/reclass/classes/cluster/mcp-iec-noha/infra/maas.yml b/mcp/reclass/classes/cluster/mcp-iec-noha/infra/maas.yml new file mode 100644 index 000000000..393eb73a4 --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-iec-noha/infra/maas.yml @@ -0,0 +1,11 @@ +############################################################################## +# Copyright (c) 2019 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +classes: + - cluster.mcp-iec-noha.infra + - cluster.all-mcp-arch-common.infra.maas diff --git a/mcp/reclass/classes/cluster/mcp-iec-noha/init.yml b/mcp/reclass/classes/cluster/mcp-iec-noha/init.yml new file mode 100644 index 000000000..e0224ebac --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-iec-noha/init.yml @@ -0,0 +1,12 @@ +############################################################################## +# Copyright (c) 2019 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +classes: + - cluster.mcp-common-noha.init_options + - cluster.mcp-iec-noha.infra + - cluster.mcp-iec-noha.akraino diff --git a/mcp/reclass/classes/cluster/mcp-k8s-calico-noha/infra/config.yml.j2 b/mcp/reclass/classes/cluster/mcp-k8s-calico-noha/infra/config.yml.j2 new file mode 100644 index 000000000..e3cd67bdf --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-k8s-calico-noha/infra/config.yml.j2 @@ -0,0 +1,79 @@ +############################################################################## +# Copyright (c) 2019 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +{%- import 'net_map.j2' as nm with context %} +--- +classes: + - system.reclass.storage.salt + - system.reclass.storage.system.kubernetes_control_single +{%- if nm.cluster.has_baremetal_nodes %} + - system.reclass.storage.system.infra_maas_single +{%- endif %} + - system.salt.master.api + - system.salt.master.single + - system.salt.minion.ca.salt_master + - system.salt.minion.cert.k8s_server_single + - cluster.mcp-k8s-calico-noha +parameters: + _param: + salt_master_environment_repository: 'https://github.com/salt-formulas' + salt_master_environment_revision: master + reclass_data_repository: local + salt_master_base_environment: prd + salt_master_host: 127.0.0.1 + salt_minion_ca_host: ${linux:network:fqdn} + # yamllint disable-line rule:line-length + salt_api_password_hash: "$6$sGnRlxGf$al5jMCetLP.vfI/fTl3Z0N7Za1aeiexL487jAtyRABVfT3NlwZxQGVhO7S1N8OwS/34VHYwZQA8lkXwKMN/GS1" + kubernetes_control_node01_deploy_address: ${_param:opnfv_openstack_control_node01_pxe_admin_address} + kubernetes_control_system_codename: bionic + linux: + system: + user: + salt: + home: /home/salt + salt: + master: + accept_policy: open_mode + file_recv: true + worker_threads: 4 + command_timeout: 20 + minion: + mine: + module: + x509.get_pem_entries: ['/etc/pki/all_cas/*'] + reclass: + storage: + data_source: + engine: local + node: + kubernetes_control_node01: + params: + pxe_admin_interface: {{ nm.ctl01.nic_admin }} + pxe_admin_address: ${_param:opnfv_openstack_control_node01_pxe_admin_address} + # We support per-node (not only per-role) compute configuration via IDF +{%- for cmp in range(1, nm.cmp_nodes + 1) %} + {%- set n = '%02d' | format(cmp) %} + {%- set i = nm.cmp001.idx + cmp - 1 %} + + {%- set admin = nm.net_admin_hosts | length + nm.start_ip[nm.net_admin] + loop.index %} + {%- set mgmt = nm.net_mgmt_hosts | length + nm.start_ip[nm.net_mgmt] + loop.index %} + {%- set pub = nm.net_public_hosts | length + nm.start_ip[nm.net_public] + loop.index %} + {%- set pri = nm.net_private_hosts | length + nm.start_ip[nm.net_private] + loop.index %} + kubernetes_compute_node{{ n }}: + name: cmp{{ '%03d' | format(cmp) }} + domain: ${_param:cluster_domain} + classes: + - cluster.${_param:cluster_name}.kubernetes.compute + params: + pxe_admin_address: {{ nm.net_admin | ipnet_hostaddr(admin) }} + pxe_admin_interface: {{ conf.idf.fuel.network.node[i].interfaces[nm.idx_admin] }} + single_address: {{ nm.net_mgmt | ipnet_hostaddr(mgmt) }} + tenant_address: {{ nm.net_private | ipnet_hostaddr(pri) }} + external_address: {{ nm.net_public | ipnet_hostaddr(pub) }} + salt_master_host: ${_param:reclass_config_master} + linux_system_codename: ${_param:kubernetes_control_system_codename} +{%- endfor %} diff --git a/mcp/reclass/classes/cluster/mcp-k8s-calico-noha/infra/init.yml b/mcp/reclass/classes/cluster/mcp-k8s-calico-noha/infra/init.yml new file mode 100644 index 000000000..b01eeeda1 --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-k8s-calico-noha/infra/init.yml @@ -0,0 +1,13 @@ +############################################################################## +# Copyright (c) 2019 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +classes: + - cluster.mcp-common-noha.infra +parameters: + _param: + cluster_name: mcp-k8s-calico-noha diff --git a/mcp/reclass/classes/cluster/mcp-k8s-calico-noha/init.yml b/mcp/reclass/classes/cluster/mcp-k8s-calico-noha/init.yml new file mode 100644 index 000000000..f464dca54 --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-k8s-calico-noha/init.yml @@ -0,0 +1,12 @@ +############################################################################## +# Copyright (c) 2019 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +classes: + - cluster.mcp-common-noha.init_options + - cluster.mcp-k8s-calico-noha.kubernetes + - cluster.mcp-k8s-calico-noha.infra diff --git a/mcp/reclass/classes/cluster/mcp-k8s-calico-noha/kubernetes/common.yml.j2 b/mcp/reclass/classes/cluster/mcp-k8s-calico-noha/kubernetes/common.yml.j2 new file mode 100644 index 000000000..bd6e48fce --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-k8s-calico-noha/kubernetes/common.yml.j2 @@ -0,0 +1,75 @@ +############################################################################## +# Copyright (c) 2019 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +{%- import 'net_map.j2' as nm with context %} +--- +classes: + - system.kubernetes.pool.single + - system.salt.minion.cert.k8s_client_single + - system.salt.minion.cert.etcd_client_single + - cluster.all-mcp-arch-common.backports + - cluster.mcp-common-noha.openstack_compute_pdf +parameters: + _param: + kubernetes_containerd_package: containerd + kubernetes: + common: + hyperkube: + source: ${_param:kubernetes_hyperkube_source} + source_hash: ${_param:kubernetes_hyperkube_source_hash} + pause_image: ${_param:kubernetes_pause_image} + pool: + proxy: + daemon_opts: + cluster-cidr: ${_param:calico_private_network}/${_param:calico_private_netmask} + kubelet: + address: ${_param:single_address} + fail_on_swap: ${_param:kubelet_fail_on_swap} + network: + calico: + enabled: true + no_default_pools: false + image: ${_param:kubernetes_calico_image} + calicoctl_image: ${_param:kubernetes_calico_calicoctl_image} + cni_image: ${_param:kubernetes_calico_cni_image} + kube_controllers_image: ${_param:kubernetes_calico_kube_controllers_image} + birdcl_source: ${_param:kubernetes_calico_birdcl_source} + birdcl_source_hash: ${_param:kubernetes_calico_birdcl_source_hash} + calicoctl_source: ${_param:kubernetes_calico_calicoctl_source} + calicoctl_source_hash: ${_param:kubernetes_calico_calicoctl_source_hash} + cni_ipam_source: ${_param:kubernetes_calico_cni_ipam_source} + cni_ipam_source_hash: ${_param:kubernetes_calico_cni_ipam_source_hash} + cni_source: ${_param:kubernetes_calico_cni_source} + cni_source_hash: ${_param:kubernetes_calico_cni_source_hash} + etcd: + ssl: + enabled: true + policy: + enabled: ${_param:kubernetes_calico_policy_enabled} + linux: + system: + kernel: + sysctl: + # The default operating system limits on mmap counts is likely to be too low, + # which may result in out of memory exceptions. + vm.max_map_count: 262144 + network: + interface: + br-mgmt: + post_up_cmds: + - ip r rep 10.254.0.0/16 via ${_param:single_address} + pxe_admin_int: + gateway: {{ nm.net_admin_gw }} + name_servers: + - {{ nm.net_admin_gw }} + storage: + enabled: true + swap: + img: + enabled: false + engine: file + device: /swap.img diff --git a/mcp/reclass/classes/cluster/mcp-k8s-calico-noha/kubernetes/compute.yml b/mcp/reclass/classes/cluster/mcp-k8s-calico-noha/kubernetes/compute.yml new file mode 100644 index 000000000..f2ab4e9e8 --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-k8s-calico-noha/kubernetes/compute.yml @@ -0,0 +1,12 @@ +############################################################################## +# Copyright (c) 2019 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +classes: + - system.linux.network.hosts + - cluster.mcp-k8s-calico-noha.kubernetes.common + - cluster.mcp-k8s-calico-noha diff --git a/mcp/reclass/classes/cluster/mcp-k8s-calico-noha/kubernetes/control.yml b/mcp/reclass/classes/cluster/mcp-k8s-calico-noha/kubernetes/control.yml new file mode 100644 index 000000000..25c17dc65 --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-k8s-calico-noha/kubernetes/control.yml @@ -0,0 +1,99 @@ +############################################################################## +# Copyright (c) 2019 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +classes: + - service.etcd.server.single + - service.kubernetes.control.cluster + - system.salt.minion.cert.etcd_server_single + - system.kubernetes.master.single + - system.kubernetes.master.auth.rbac + - system.kubernetes.control.roles.cluster-admin + - cluster.mcp-k8s-calico-noha.kubernetes.common + - cluster.mcp-k8s-calico-noha +parameters: + _param: + docker_image_etcd: quay.io/coreos/etcd:v3.3.12 + kubernetes_etcd_repo: https://github.com/etcd-io/etcd/releases/download + kubernetes_etcd_source: ${_param:kubernetes_etcd_repo}/v3.3.12/etcd-v3.3.12-linux-amd64.tar.gz + kubernetes_etcd_source_hash: md5=079af00546443b686df31e7ec605135e + etcd: + server: + image: ${_param:docker_image_etcd} + source: + engine: archive + etcd_source: ${_param:kubernetes_etcd_source} + etcd_source_hash: ${_param:kubernetes_etcd_source_hash} + setup: + calico: + key: /calico/ipam/v2/assignment/ipv4/block/${_param:calico_private_network}-${_param:calico_private_netmask} + value: '{"masquerade":true,"cidr":"${_param:calico_private_network}/${_param:calico_private_netmask}"}' + ssl: + enabled: true + kubernetes: + common: + addons: + virtlet: + enabled: ${_param:kubernetes_virtlet_enabled} + namespace: ${_param:kubernetes_addon_namespace} + image: ${_param:kubernetes_virtlet_image} + criproxy_version: ${_param:kubernetes_criproxy_version} + criproxy_source: ${_param:kubernetes_criproxy_checksum} + hosts: + - ${_param:kubernetes_compute01_hostname} + dashboard: + enabled: ${_param:kubernetes_dashboard} + image: ${_param:kubernetes_dashboard_image} + helm: + enabled: ${_param:kubernetes_helm_enabled} + netchecker: + enabled: ${_param:kubernetes_netchecker_enabled} + agent_probeurls: ${_param:kubernetes_netchecker_agent_probeurls} + externaldns: + enabled: ${_param:kubernetes_externaldns_enabled} + image: ${_param:kubernetes_externaldns_image} + provider: ${_param:kubernetes_externaldns_provider} + metallb: + enabled: ${_param:kubernetes_metallb_enabled} + addresses: + - ${_param:kubernetes_metallb_addresses_pool} + ingress-nginx: + enabled: ${_param:kubernetes_ingressnginx_enabled} + metrics-server: + enabled: ${_param:kubernetes_metrics_server_enabled} + master: + apiserver: + insecure_address: 0.0.0.0 + kubelet: + address: ${_param:single_address} + fail_on_swap: ${_param:kubelet_fail_on_swap} + etcd: + ssl: + enabled: true + network: + calico: + enabled: true + image: ${_param:kubernetes_calico_image} + calicoctl_image: ${_param:kubernetes_calico_calicoctl_image} + cni_image: ${_param:kubernetes_calico_cni_image} + kube_controllers_image: ${_param:kubernetes_calico_kube_controllers_image} + birdcl_source: ${_param:kubernetes_calico_birdcl_source} + birdcl_source_hash: ${_param:kubernetes_calico_birdcl_source_hash} + calicoctl_source: ${_param:kubernetes_calico_calicoctl_source} + calicoctl_source_hash: ${_param:kubernetes_calico_calicoctl_source_hash} + cni_ipam_source: ${_param:kubernetes_calico_cni_ipam_source} + cni_ipam_source_hash: ${_param:kubernetes_calico_cni_ipam_source_hash} + cni_source: ${_param:kubernetes_calico_cni_source} + cni_source_hash: ${_param:kubernetes_calico_cni_source_hash} + etcd: + ssl: + enabled: true + policy: + enabled: ${_param:kubernetes_calico_policy_enabled} + namespace: + netchecker: + enabled: true diff --git a/mcp/reclass/classes/cluster/mcp-k8s-calico-noha/kubernetes/init.yml.j2 b/mcp/reclass/classes/cluster/mcp-k8s-calico-noha/kubernetes/init.yml.j2 new file mode 100644 index 000000000..ef8785aa4 --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-k8s-calico-noha/kubernetes/init.yml.j2 @@ -0,0 +1,108 @@ +############################################################################## +# Copyright (c) 2019 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +{%- import 'net_map.j2' as nm with context %} +--- +parameters: + _param: + salt_minion_ca_authority: salt_master_ca + + # kubelet + kubelet_fail_on_swap: true + + # kubernetes settings + kubernetes_admin_user: admin + kubernetes_admin_password: sbPfel23ZigJF3Bm + kubernetes_admin_token: PpP6Mm3pAoPVqcKOKUu0x1dh7b1959Fi + kubernetes_kubelet_token: JJ2PKHxjiU6EYvIt18BqwdSK1HvWh8pt + kubernetes_kube-proxy_token: jT0hJk9L6cIw5UpYDNhsRwcj3Z2n62B6 + kubernetes_scheduler_token: VgkUHfrW07zNxrb0ucFyX7NBnSJN9Xp6 + kubernetes_controller-manager_token: uXrdZ1YKF6qlYm3sHje2iEXMGAGDWOIU + kubernetes_dns_token: 0S1I4iJeFjq5fopPwwCwTp3xFpEZfeUl + etcd_initial_token: IN7KaRMSo3xkGxkjAAPtkRkAgqN4ZNRq + kubernetes_netchecker_agent_probeurls: "http://ipinfo.io" + + # addresses and hostnames + kubernetes_internal_api_address: 10.254.0.1 + kubernetes_internal_dns_address: 10.254.0.10 + kubernetes_control_hostname: ctl + kubernetes_control_node01_hostname: ctl01 + kubernetes_compute01_hostname: cmp001 + kubernetes_compute02_hostname: cmp002 + kubernetes_control_node01_address: ${_param:openstack_control_address} + kubernetes_control_address: ${_param:kubernetes_control_node01_address} + master_address: ${_param:kubernetes_control_node01_address} + cluster_local_address: ${_param:single_address} + + # cert + control_address: ${_param:kubernetes_control_node01_address} + + # etcd stuff + node_hostname: ${_param:kubernetes_control_node01_hostname} + node_address: ${_param:kubernetes_control_node01_address} + node_port: 4001 + + # calico + calico_private_network: 192.168.0.0 + calico_private_netmask: 16 + + # coredns + kubernetes_externaldns_provider: coredns + kubernetes_metallb_addresses_pool: 172.16.10.70-172.16.10.95 + + # switches of addons + kubernetes_kubedns_enabled: false + kubernetes_externaldns_enabled: false + kubernetes_coredns_enabled: true + kubernetes_dashboard: false + kubernetes_virtlet_enabled: false + kubernetes_flannel_enabled: false + kubernetes_genie_enabled: false + kubernetes_calico_enabled: true + kubernetes_opencontrail_enabled: false + kubernetes_contrail_network_controller_enabled: false + kubernetes_metallb_enabled: false + kubernetes_ingressnginx_enabled: false + kubernetes_rbd_enabled: false + kubernetes_helm_enabled: false + kubernetes_netchecker_enabled: true + kubernetes_calico_policy_enabled: false + kubernetes_metrics_server_enabled: false + + kubernetes_ingressnginx_controller_replicas: 1 + kubernetes_virtlet_use_apparmor: false + + kubernetes_addon_namespace: kube-system + + + # Cloud providers parameters + kubernetes_cloudprovider_enabled: false + kubernetes_cloudprovider_type: 'openstack' + + linux: + system: + kernel: + sysctl: + net.ipv4.tcp_congestion_control: yeah + net.ipv4.tcp_slow_start_after_idle: 0 + net.ipv4.tcp_fin_timeout: 30 + network: + host: + ctl01: + address: ${_param:kubernetes_control_node01_address} + names: + - ctl01 + - ctl01.${_param:cluster_domain} +{%- for cmp in range(1, nm.cmp_nodes + 1) %} + {%- set h = 'cmp%03d' | format(cmp) %} + {%- set mgmt = nm.net_mgmt_hosts | length + nm.start_ip[nm.net_mgmt] + loop.index %} + {{ h }}: + address: {{ nm.net_mgmt | ipnet_hostaddr(mgmt) }} + names: + - {{ h }} + - {{ h }}.${_param:cluster_domain} +{%- endfor %} diff --git a/mcp/reclass/classes/cluster/mcp-odl-ha/infra/config.yml b/mcp/reclass/classes/cluster/mcp-odl-ha/infra/config.yml.j2 index f72993f89..950c49355 100644 --- a/mcp/reclass/classes/cluster/mcp-odl-ha/infra/config.yml +++ b/mcp/reclass/classes/cluster/mcp-odl-ha/infra/config.yml.j2 @@ -7,17 +7,26 @@ ############################################################################## --- classes: - - system.reclass.storage.system.opendaylight_control_single - cluster.mcp-common-ha.infra.config - cluster.mcp-odl-ha.infra parameters: + _param: + opendaylight_server_node01_hostname: odl01 + opendaylight_server_node02_hostname: odl02 + opendaylight_server_node03_hostname: odl03 reclass: storage: node: - opendaylight_control_node01: +{%- for i in range(1, 4) %} + opendaylight_control_node0{{ i }}: + name: ${_param:opendaylight_server_node0{{ i }}_hostname} + domain: ${_param:cluster_domain} classes: - cluster.${_param:cluster_name}.opendaylight.control params: - linux_system_codename: xenial - single_address: ${_param:opendaylight_server_node01_single_address} - pxe_admin_address: ${_param:opnfv_opendaylight_server_node01_pxe_admin_address} + salt_master_host: ${_param:reclass_config_master} + linux_system_codename: ${_param:linux_system_codename} + single_address: ${_param:opendaylight_server_node0{{ i }}_address} + pxe_admin_address: ${_param:opnfv_opendaylight_server_node0{{ i }}_pxe_admin_address} + keepalived_vip_priority: 10{{ i }} +{%- endfor %} diff --git a/mcp/reclass/classes/cluster/mcp-odl-ha/infra/kvm.yml.j2 b/mcp/reclass/classes/cluster/mcp-odl-ha/infra/kvm.yml.j2 index ab0da39b3..9ff091941 100644 --- a/mcp/reclass/classes/cluster/mcp-odl-ha/infra/kvm.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-odl-ha/infra/kvm.yml.j2 @@ -5,6 +5,7 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## +{%- import 'net_map.j2' as nm with context %} --- {%- if conf.MCP_VCP %} # NOTE(armband): we don't want to pull in salt.control for novcp @@ -24,9 +25,19 @@ parameters: cluster: internal: node: - odl01: - name: ${_param:opendaylight_server_node01_hostname} - provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain} - image: ${_param:salt_control_xenial_image} + {%- for i in range(1, 4) %} + odl0{{ i }}: + name: ${_param:opendaylight_server_node0{{ i }}_hostname} + provider: ${_param:infra_kvm_node0{{ i }}_hostname}.${_param:cluster_domain} + image: ${_param:salt_control_bionic_image} size: opendaylight.server + {%- if conf.nodes[nm.ctl01.idx].node.arch == 'aarch64' %} + machine: virt + cpu_mode: host-passthrough + loader: + readonly: 'yes' + type: pflash + path: /usr/share/AAVMF/AAVMF_CODE.fd + {%- endif %} + {%- endfor %} {%- endif %} diff --git a/mcp/reclass/classes/cluster/mcp-odl-ha/infra/maas.yml.j2 b/mcp/reclass/classes/cluster/mcp-odl-ha/infra/maas.yml.j2 index c06643089..3a87ab558 100644 --- a/mcp/reclass/classes/cluster/mcp-odl-ha/infra/maas.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-odl-ha/infra/maas.yml.j2 @@ -8,10 +8,5 @@ {%- import 'net_map.j2' as nm with context %} --- classes: - - cluster.mcp-common-ha.infra.maas - cluster.mcp-odl-ha.infra -{%- if 'aarch64' not in nm.cluster.arch %} -parameters: - _param: - hwe_kernel: 'ga-16.04' -{%- endif %} + - cluster.all-mcp-arch-common.infra.maas diff --git a/mcp/reclass/classes/cluster/mcp-odl-ha/opendaylight/control.yml.j2 b/mcp/reclass/classes/cluster/mcp-odl-ha/opendaylight/control.yml.j2 index 685cd9ec1..23d1072d7 100644 --- a/mcp/reclass/classes/cluster/mcp-odl-ha/opendaylight/control.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-odl-ha/opendaylight/control.yml.j2 @@ -7,14 +7,14 @@ ############################################################################## --- classes: - - service.opendaylight.server.single + - service.opendaylight.server.cluster - cluster.mcp-common-ha.openstack_interface_vcp_biport {%- if conf.MCP_VCP %} - cluster.mcp-odl-ha {%- endif %} parameters: _param: - linux_system_codename: xenial + linux_system_codename: bionic opendaylight: server: odl_bind_ip: ${_param:single_address} @@ -22,9 +22,12 @@ parameters: java_min_mem: 6g java_max_mem: 6g router_enabled: true + netvirt_natservice: + nat_mode: conntrack karaf_features: odl_default: - odl-restconf-all - odl-aaa-authn netvirt: - odl-netvirt-openstack + seed_nodes_list: {%- for i in range(1, 4) %} ${_param:opendaylight_server_node0{{ i }}_address}{%- endfor %} diff --git a/mcp/reclass/classes/cluster/mcp-odl-ha/openstack/compute.yml b/mcp/reclass/classes/cluster/mcp-odl-ha/openstack/compute.yml index 992d1c8bf..3a49a69be 100644 --- a/mcp/reclass/classes/cluster/mcp-odl-ha/openstack/compute.yml +++ b/mcp/reclass/classes/cluster/mcp-odl-ha/openstack/compute.yml @@ -15,3 +15,20 @@ parameters: neutron: gateway: agent_mode: ${_param:neutron_gateway_agent_mode} + backend: + ovsdb_connection: tcp:127.0.0.1:6640 + opendaylight: + ovsdb_server_iface: ptcp:6640:127.0.0.1 + linux: + system: + file: + /var/tmp/odl_hostconfig.patch: + contents: | + 420c420 + < if datapath_types.find(datapath_type) >= 0) + --- + > if datapath_type in datapath_types) + 460c460 + < return subprocess.check_output(command_line).strip() # nosec + --- + > return subprocess.check_output(command_line).strip().decode() # nosec diff --git a/mcp/reclass/classes/cluster/mcp-odl-ha/openstack/control.yml b/mcp/reclass/classes/cluster/mcp-odl-ha/openstack/control.yml index 7b03f29e4..fe5a29714 100644 --- a/mcp/reclass/classes/cluster/mcp-odl-ha/openstack/control.yml +++ b/mcp/reclass/classes/cluster/mcp-odl-ha/openstack/control.yml @@ -17,7 +17,11 @@ parameters: openrc_extra: # For HA, all public services are available through nginx on prx sdn_controller_ip: ${_param:cluster_public_host} - sdn_username: admin # Hardcoded to default ODL values for now - sdn_password: admin + sdn_controller_user: admin # Hardcoded to default ODL values for now + sdn_controller_password: ${_param:opendaylight_password} sdn_controller_webport: ${_param:opendaylight_rest_port} sdn_controller_restconfport: ${_param:opendaylight_rest_port} + neutron: + server: + backend: + password: ${_param:opendaylight_password} diff --git a/mcp/reclass/classes/cluster/mcp-odl-ha/openstack/init.yml.j2 b/mcp/reclass/classes/cluster/mcp-odl-ha/openstack/init.yml.j2 index 6301e737a..1dd02bb8a 100644 --- a/mcp/reclass/classes/cluster/mcp-odl-ha/openstack/init.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-odl-ha/openstack/init.yml.j2 @@ -10,18 +10,30 @@ classes: - cluster.mcp-common-ha.openstack_init parameters: _param: + neutron_tenant_network_types: "flat,vxlan" + # opendaylight options - opendaylight_service_host: ${_param:opendaylight_server_node01_single_address} + opendaylight_service_host: ${_param:opnfv_opendaylight_server_address} opendaylight_rest_port: 8282 - - neutron_tenant_network_types: "flat,vxlan" {%- if conf.MCP_VCP %} + opendaylight_server_node01_hostname: odl01 + opendaylight_server_node02_hostname: odl02 + opendaylight_server_node03_hostname: odl03 + opendaylight_server_node01_address: ${_param:opnfv_opendaylight_server_node01_address} + opendaylight_server_node02_address: ${_param:opnfv_opendaylight_server_node02_address} + opendaylight_server_node03_address: ${_param:opnfv_opendaylight_server_node03_address} linux: network: host: - odl01: - address: ${_param:opendaylight_service_host} + {%- for i in range(1, 4) %} + odl0{{ i }}: + address: ${_param:opendaylight_server_node0{{ i }}_address} names: - - ${_param:opendaylight_server_node01_hostname} - - ${_param:opendaylight_server_node01_hostname}.${_param:cluster_domain} + - ${_param:opendaylight_server_node0{{ i }}_hostname} + - ${_param:opendaylight_server_node0{{ i }}_hostname}.${_param:cluster_domain} + {%- endfor %} +{%- else %} + opendaylight_control_hostname: ${_param:openstack_control_node02_hostname} + opendaylight_server_node01_hostname: ${_param:opendaylight_control_hostname} + opendaylight_server_node01_address: ${_param:opnfv_openstack_control_node02_address} {%- endif %} diff --git a/mcp/reclass/classes/cluster/mcp-odl-noha/infra/config.yml.j2 b/mcp/reclass/classes/cluster/mcp-odl-noha/infra/config.yml.j2 index 9e7dda947..9b84a84b7 100644 --- a/mcp/reclass/classes/cluster/mcp-odl-noha/infra/config.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-odl-noha/infra/config.yml.j2 @@ -20,7 +20,7 @@ parameters: classes: - cluster.${_param:cluster_name}.opendaylight.control params: - linux_system_codename: xenial + linux_system_codename: bionic single_address: ${_param:opendaylight_service_host} pxe_admin_address: ${_param:opnfv_opendaylight_server_node01_pxe_admin_address} openstack_gateway_node01: diff --git a/mcp/reclass/classes/cluster/mcp-odl-noha/infra/maas.yml b/mcp/reclass/classes/cluster/mcp-odl-noha/infra/maas.yml new file mode 100644 index 000000000..b91ba2c33 --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-odl-noha/infra/maas.yml @@ -0,0 +1,11 @@ +############################################################################## +# Copyright (c) 2018 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +classes: + - cluster.mcp-odl-noha.infra + - cluster.all-mcp-arch-common.infra.maas diff --git a/mcp/reclass/classes/cluster/mcp-odl-noha/init.yml b/mcp/reclass/classes/cluster/mcp-odl-noha/init.yml index a595bf0b5..64b2a16f9 100644 --- a/mcp/reclass/classes/cluster/mcp-odl-noha/init.yml +++ b/mcp/reclass/classes/cluster/mcp-odl-noha/init.yml @@ -7,11 +7,10 @@ ############################################################################## --- classes: - - system.linux.system.single - cluster.mcp-common-noha.init_options - cluster.mcp-odl-noha.infra - cluster.mcp-odl-noha.openstack parameters: _param: - opendaylight_service_host: ${_param:opnfv_opendaylight_server_node01_single_address} + opendaylight_service_host: ${_param:opnfv_opendaylight_server_node01_address} diff --git a/mcp/reclass/classes/cluster/mcp-odl-noha/opendaylight/control.yml b/mcp/reclass/classes/cluster/mcp-odl-noha/opendaylight/control.yml.j2 index 536ebfad7..c3d0d187d 100644 --- a/mcp/reclass/classes/cluster/mcp-odl-noha/opendaylight/control.yml +++ b/mcp/reclass/classes/cluster/mcp-odl-noha/opendaylight/control.yml.j2 @@ -7,24 +7,27 @@ ############################################################################## --- classes: - - system.linux.system.repo.mcp.openstack - - system.linux.system.repo.mcp.extra - service.opendaylight.server.single + - service.quagga.server.single + - cluster.all-mcp-arch-common.backports - cluster.mcp-odl-noha - cluster.mcp-odl-noha.opendaylight.control_pdf parameters: - _param: - linux_system_codename: xenial opendaylight: server: odl_bind_ip: ${_param:single_address} odl_rest_port: ${_param:opendaylight_rest_port} - java_min_mem: 3g - java_max_mem: 3g + java_min_mem: 4g + java_max_mem: 4g router_enabled: true + netvirt_natservice: + nat_mode: conntrack karaf_features: odl_default: - odl-restconf-all - odl-aaa-authn netvirt: - odl-netvirt-openstack +{%- if '-sfc-' in conf.MCP_DEPLOY_SCENARIO %} + - odl-netvirt-sfc +{%- endif %} diff --git a/mcp/reclass/classes/cluster/mcp-odl-noha/opendaylight/control_pdf.yml.j2 b/mcp/reclass/classes/cluster/mcp-odl-noha/opendaylight/control_pdf.yml.j2 index 5bb591765..b21131dfe 100644 --- a/mcp/reclass/classes/cluster/mcp-odl-noha/opendaylight/control_pdf.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-odl-noha/opendaylight/control_pdf.yml.j2 @@ -6,6 +6,14 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## {%- import 'net_map.j2' as nm with context %} +{%- import 'net_macros.j2' as ma with context %} +{#- Filter-out NIC duplicates by constructing a dict (used NICs only) #} +{%- set nics = { nm.ctl01.nic_mgmt: True } %} +{%- set vlans = { nm.vlan_mgmt: nm.ctl01.nic_mgmt } %} +{%- if '-bgpvpn-' in conf.MCP_DEPLOY_SCENARIO %} + {%- do nics.update({nm.ctl01.nic_public: True}) %} + {%- do vlans.update({nm.vlan_public: nm.ctl01.nic_public}) %} +{%- endif %} --- parameters: linux: @@ -18,13 +26,38 @@ parameters: type: eth address: ${_param:pxe_admin_address} netmask: ${_param:opnfv_net_admin_mask} + mtu: ${_param:interface_mtu} + noifupdown: true gateway: {{ nm.net_admin_gw }} name_servers: - {{ nm.net_admin_gw }} - single_int: +{%- if '-bgpvpn-' in conf.MCP_DEPLOY_SCENARIO %} + br-ext: enabled: true - name: {{ nm.ctl01.nic_mgmt }} - type: eth + type: bridge + proto: static + address: ${_param:opnfv_opendaylight_server_external_address} + netmask: ${_param:opnfv_net_public_mask} + mtu: ${_param:interface_mtu} + use_interfaces: + - {{ ma.interface_str(nm.ctl01.nic_public, nm.vlan_public) }} + noifupdown: true +{%- endif %} + +{#- prevent duplicates for tagged mgmt on the same physical interface as PXE/admin #} +{%- if nm.ctl01.nic_admin in nics %} + {%- do nics.pop(nm.ctl01.nic_admin) %} +{%- endif %} + +{{ ma.linux_network_interfaces_nic(nics) }} + +{{ ma.linux_network_interfaces_vlan(vlans) }} + + br-ctl: + enabled: true + type: bridge proto: static address: ${_param:single_address} netmask: ${_param:opnfv_net_mgmt_mask} + use_interfaces: + - {{ ma.interface_str(nm.ctl01.nic_mgmt, nm.vlan_mgmt) }} diff --git a/mcp/reclass/classes/cluster/mcp-odl-noha/openstack/compute.yml.j2 b/mcp/reclass/classes/cluster/mcp-odl-noha/openstack/compute.yml.j2 index 18b73d7ea..44ebb86b1 100644 --- a/mcp/reclass/classes/cluster/mcp-odl-noha/openstack/compute.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-odl-noha/openstack/compute.yml.j2 @@ -6,21 +6,32 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## {%- import 'net_map.j2' as nm with context %} +{%- import 'net_macros.j2' as ma with context %} +{%- set vlan_private_start = (nm.vlan_private | string).rsplit('-')[0] %} --- classes: - service.neutron.compute.single - service.neutron.compute.opendaylight.single -{%- if conf.MCP_DPDK_MODE %} +{%- if '-ovs-' in conf.MCP_DEPLOY_SCENARIO %} - system.nova.compute.nfv.hugepages - system.neutron.compute.nfv.dpdk {%- endif %} - cluster.mcp-common-noha.openstack_compute - cluster.mcp-odl-noha parameters: + nova: + compute: + vif_plugging_is_fatal: false + vif_plugging_timeout: 60 + neutron: + compute: + opendaylight: + ovsdb_server_iface: ptcp:6640:127.0.0.1 linux: network: + ovs_nowait: false interface: -{%- if conf.MCP_DPDK_MODE %} +{%- if '-ovs-' in conf.MCP_DEPLOY_SCENARIO %} dpdk0: name: ${_param:dpdk0_name} pci: ${_param:dpdk0_pci} @@ -29,14 +40,48 @@ parameters: bridge: br-prv type: dpdk_ovs_port n_rxq: ${_param:dpdk0_n_rxq} + mtu: ${_param:interface_mtu} br-prv: enabled: true type: dpdk_ovs_bridge proto: static address: ${_param:tenant_address} netmask: ${_param:opnfv_net_private_mask} - tenant_interface: + {{ nm.cmp001.nic_private }}: type: dpdk # Not a meaningful type, just match 'dpdk' for filtering + +{%- set nics = { nm.cmp001.nic_public: True } %} +{%- set vlans = { nm.vlan_public: nm.cmp001.nic_public } %} + +{{ ma.linux_network_interfaces_nic(nics) }} + +{{ ma.linux_network_interfaces_vlan(vlans) }} + + br-floating: + enabled: true + type: ovs_bridge + datapath_type: netdev + use_interfaces: + - float-to-ex + float-to-ex: + enabled: true + type: ovs_port + mtu: ${_param:interface_mtu} + bridge: br-floating + ovs_bridge: br-floating + noifupdown: true + br-ex: + enabled: true + type: bridge + address: ${_param:external_address} + netmask: ${_param:opnfv_net_public_mask} + use_interfaces: + - {{ ma.interface_str(nm.cmp001.nic_public, nm.vlan_public) }} + use_ovs_ports: + - float-to-ex + gateway: ${_param:opnfv_net_public_gw} + name_servers: {{ nm.dns_public }} + noifupdown: true {%- else %} br-mesh: enabled: true @@ -45,32 +90,36 @@ parameters: address: ${_param:tenant_address} netmask: ${_param:opnfv_net_private_mask} use_interfaces: - - ${_param:tenant_interface} -{%- endif %} - external_interface: + - {{ ma.interface_str(nm.cmp001.nic_private, vlan_private_start) }} + {{ ma.interface_str(nm.cmp001.nic_public, nm.vlan_public) }}: enabled: true - type: eth - name: ${_param:external_interface} mtu: ${_param:interface_mtu} proto: manual - br-floating: - enabled: true - type: ovs_bridge - mtu: ${_param:interface_mtu} - float-to-ex: - enabled: true + ovs_port_type: OVSPort type: ovs_port - mtu: ${_param:interface_mtu} + ovs_bridge: br-floating bridge: br-floating - br-ex: + br-floating: enabled: true - type: bridge - mtu: ${_param:interface_mtu} + type: ovs_bridge + proto: static address: ${_param:external_address} netmask: ${_param:opnfv_net_public_mask} use_interfaces: - - ${_param:external_interface} - use_ovs_ports: - - float-to-ex + - {{ ma.interface_str(nm.cmp001.nic_public, nm.vlan_public) }} gateway: ${_param:opnfv_net_public_gw} name_servers: {{ nm.dns_public }} + noifupdown: true +{%- endif %} + system: + file: + /var/tmp/odl_hostconfig.patch: + contents: | + 420c420 + < if datapath_types.find(datapath_type) >= 0) + --- + > if datapath_type in datapath_types) + 460c460 + < return subprocess.check_output(command_line).strip() # nosec + --- + > return subprocess.check_output(command_line).strip().decode() # nosec diff --git a/mcp/reclass/classes/cluster/mcp-odl-noha/openstack/control.yml b/mcp/reclass/classes/cluster/mcp-odl-noha/openstack/control.yml index c9c683fc7..4b0beb5be 100644 --- a/mcp/reclass/classes/cluster/mcp-odl-noha/openstack/control.yml +++ b/mcp/reclass/classes/cluster/mcp-odl-noha/openstack/control.yml @@ -30,7 +30,11 @@ parameters: openrc_extra: # For noHA, all public services are available through haproxy on ctl sdn_controller_ip: ${_param:cluster_vip_address} - sdn_username: admin # Hardcoded to default ODL values for now - sdn_password: admin + sdn_controller_user: admin # Hardcoded to default ODL values for now + sdn_controller_password: ${_param:opendaylight_password} sdn_controller_webport: ${_param:opendaylight_rest_port} sdn_controller_restconfport: ${_param:opendaylight_rest_port} + neutron: + server: + backend: + password: ${_param:opendaylight_password} diff --git a/mcp/reclass/classes/cluster/mcp-odl-noha/openstack/gateway.yml.j2 b/mcp/reclass/classes/cluster/mcp-odl-noha/openstack/gateway.yml.j2 new file mode 100644 index 000000000..946cdda03 --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-odl-noha/openstack/gateway.yml.j2 @@ -0,0 +1,57 @@ +############################################################################## +# Copyright (c) 2018 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +{%- import 'net_map.j2' as nm with context %} +{%- import 'net_macros.j2' as ma with context %} +{%- set vlan_private_start = (nm.vlan_private | string).rsplit('-')[0] %} +--- +classes: + - cluster.mcp-common-noha.openstack_gateway + - service.neutron.gateway.opendaylight.single + - cluster.mcp-odl-noha +parameters: + linux: + network: + interface: +{%- if '-ovs-' in conf.MCP_DEPLOY_SCENARIO %} + {{ nm.ctl01.nic_private }}: + ovs_port_type: OVSPort + type: ovs_port + bridge: br-prv + ovs_bridge: br-prv + br-prv: + enabled: true + type: ovs_bridge + mtu: ${_param:interface_mtu} + proto: static + address: ${_param:tenant_address} + netmask: ${_param:opnfv_net_private_mask} + use_interfaces: + - {{ nm.ctl01.nic_private }} +{%- else %} + br-mesh: + enabled: true + type: bridge + mtu: ${_param:interface_mtu} + proto: static + address: ${_param:tenant_address} + netmask: ${_param:opnfv_net_private_mask} + use_interfaces: + - {{ ma.interface_str(nm.ctl01.nic_private, vlan_private_start) }} +{%- endif %} + system: + file: + /var/tmp/odl_hostconfig.patch: + contents: | + 420c420 + < if datapath_types.find(datapath_type) >= 0) + --- + > if datapath_type in datapath_types) + 460c460 + < return subprocess.check_output(command_line).strip() # nosec + --- + > return subprocess.check_output(command_line).strip().decode() # nosec diff --git a/mcp/reclass/classes/cluster/mcp-odl-noha/openstack/init.yml b/mcp/reclass/classes/cluster/mcp-odl-noha/openstack/init.yml index a3918b231..87c41b048 100644 --- a/mcp/reclass/classes/cluster/mcp-odl-noha/openstack/init.yml +++ b/mcp/reclass/classes/cluster/mcp-odl-noha/openstack/init.yml @@ -17,7 +17,7 @@ parameters: network: host: odl01: - address: ${_param:opnfv_opendaylight_server_node01_single_address} + address: ${_param:opnfv_opendaylight_server_node01_address} names: - odl01 - odl01.${_param:cluster_domain} diff --git a/mcp/reclass/classes/cluster/mcp-ovn-ha/infra/maas.yml b/mcp/reclass/classes/cluster/mcp-ovn-ha/infra/maas.yml index 72a451652..5007749d1 100644 --- a/mcp/reclass/classes/cluster/mcp-ovn-ha/infra/maas.yml +++ b/mcp/reclass/classes/cluster/mcp-ovn-ha/infra/maas.yml @@ -7,5 +7,5 @@ ############################################################################## --- classes: - - cluster.mcp-common-ha.infra.maas - cluster.mcp-ovn-ha.infra + - cluster.all-mcp-arch-common.infra.maas diff --git a/mcp/reclass/classes/cluster/mcp-ovn-ha/openstack/compute.yml b/mcp/reclass/classes/cluster/mcp-ovn-ha/openstack/compute.yml index 7afb40e52..9af431b9a 100644 --- a/mcp/reclass/classes/cluster/mcp-ovn-ha/openstack/compute.yml +++ b/mcp/reclass/classes/cluster/mcp-ovn-ha/openstack/compute.yml @@ -7,11 +7,11 @@ ############################################################################## --- classes: + - service.neutron.compute.ovn.single - cluster.mcp-common-ha.openstack_compute - cluster.mcp-ovn-ha.openstack.compute_pdf - cluster.mcp-ovn-ha.infra parameters: - nova: - compute: - libvirt_service: libvirtd - libvirt_bin: /etc/default/libvirtd + neutron: + gateway: + ~message_queue: ~ diff --git a/mcp/reclass/classes/cluster/mcp-ovn-ha/openstack/control.yml b/mcp/reclass/classes/cluster/mcp-ovn-ha/openstack/control.yml index 811957600..94ca6ebb8 100644 --- a/mcp/reclass/classes/cluster/mcp-ovn-ha/openstack/control.yml +++ b/mcp/reclass/classes/cluster/mcp-ovn-ha/openstack/control.yml @@ -7,7 +7,47 @@ ############################################################################## --- classes: - - system.neutron.control.openvswitch.cluster + - system.neutron.control.cluster - cluster.mcp-common-ha.openstack_interface_vcp_biport - cluster.mcp-common-ha.openstack_control - cluster.mcp-ovn-ha.infra +parameters: + _param: + neutron_control_dvr: "False" + neutron_l3_ha: "False" + neutron_global_physnet_mtu: 1500 + neutron_external_mtu: 1500 + neutron_enable_qos: "False" + neutron_enable_vlan_aware_vms: "False" + neutron: + server: + global_physnet_mtu: ${_param:neutron_global_physnet_mtu} + l3_ha: ${_param:neutron_l3_ha} + dvr: ${_param:neutron_control_dvr} + qos: ${_param:neutron_enable_qos} + vlan_aware_vms: ${_param:neutron_enable_vlan_aware_vms} + backend: + engine: ovn + tenant_network_types: "${_param:neutron_tenant_network_types}" + external_mtu: ${_param:neutron_external_mtu} + mechanism: + ovn: + driver: ovn + ovn: + metadata_enabled: true + compute: + region: ${_param:openstack_region} + database: + host: ${_param:opnfv_openstack_database_address} + identity: + region: ${_param:openstack_region} + message_queue: + members: + - host: ${_param:openstack_message_queue_node01_address} + - host: ${_param:openstack_message_queue_node02_address} + - host: ${_param:openstack_message_queue_node03_address} + ovn_ctl_opts: + db-nb-create-insecure-remote: 'yes' + db-sb-create-insecure-remote: 'yes' + db-nb-addr: ${_param:cluster_vip_address} + db-sb-addr: ${_param:cluster_vip_address} diff --git a/mcp/reclass/classes/cluster/mcp-ovn-ha/openstack/database.yml b/mcp/reclass/classes/cluster/mcp-ovn-ha/openstack/database.yml index b8e441a36..f0e96daa6 100644 --- a/mcp/reclass/classes/cluster/mcp-ovn-ha/openstack/database.yml +++ b/mcp/reclass/classes/cluster/mcp-ovn-ha/openstack/database.yml @@ -9,4 +9,4 @@ classes: - cluster.mcp-common-ha.openstack_interface_vcp_biport - cluster.mcp-common-ha.openstack_database - - cluster.mcp-ovn-ha.infra_vcp + - cluster.mcp-ovn-ha.infra.init_vcp diff --git a/mcp/reclass/classes/cluster/mcp-ovn-ha/openstack/init.yml b/mcp/reclass/classes/cluster/mcp-ovn-ha/openstack/init.yml index 9dbfd59a1..737af52e3 100644 --- a/mcp/reclass/classes/cluster/mcp-ovn-ha/openstack/init.yml +++ b/mcp/reclass/classes/cluster/mcp-ovn-ha/openstack/init.yml @@ -10,4 +10,4 @@ classes: - cluster.mcp-common-ha.openstack_init parameters: _param: - neutron_tenant_network_types: "flat,vxlan" + neutron_tenant_network_types: "geneve,flat" diff --git a/mcp/reclass/classes/cluster/mcp-ovn-ha/openstack/message_queue.yml b/mcp/reclass/classes/cluster/mcp-ovn-ha/openstack/message_queue.yml index de0561d31..9b2f5c1c0 100644 --- a/mcp/reclass/classes/cluster/mcp-ovn-ha/openstack/message_queue.yml +++ b/mcp/reclass/classes/cluster/mcp-ovn-ha/openstack/message_queue.yml @@ -9,4 +9,4 @@ classes: - cluster.mcp-common-ha.openstack_interface_vcp_biport - cluster.mcp-common-ha.openstack_message_queue - - cluster.mcp-ovn-ha.infra_vcp + - cluster.mcp-ovn-ha.infra.init_vcp diff --git a/mcp/reclass/classes/cluster/mcp-ovn-ha/openstack/proxy.yml b/mcp/reclass/classes/cluster/mcp-ovn-ha/openstack/proxy.yml index 95b78758c..3979af548 100644 --- a/mcp/reclass/classes/cluster/mcp-ovn-ha/openstack/proxy.yml +++ b/mcp/reclass/classes/cluster/mcp-ovn-ha/openstack/proxy.yml @@ -9,4 +9,4 @@ classes: - cluster.mcp-common-ha.openstack_interface_vcp_triport - cluster.mcp-common-ha.openstack_proxy - - cluster.mcp-ovn-ha.infra_vcp + - cluster.mcp-ovn-ha.infra.init_vcp diff --git a/mcp/reclass/classes/cluster/mcp-ovn-ha/openstack/telemetry.yml b/mcp/reclass/classes/cluster/mcp-ovn-ha/openstack/telemetry.yml index eb7910faa..aee142c43 100644 --- a/mcp/reclass/classes/cluster/mcp-ovn-ha/openstack/telemetry.yml +++ b/mcp/reclass/classes/cluster/mcp-ovn-ha/openstack/telemetry.yml @@ -9,4 +9,4 @@ classes: - cluster.mcp-common-ha.openstack_interface_vcp_biport - cluster.mcp-common-ha.openstack_telemetry - - cluster.mcp-ovn-ha.infra_vcp + - cluster.mcp-ovn-ha.infra.init_vcp diff --git a/mcp/reclass/classes/cluster/mcp-ovn-noha/infra/maas.yml b/mcp/reclass/classes/cluster/mcp-ovn-noha/infra/maas.yml new file mode 100644 index 000000000..359ef36bb --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-ovn-noha/infra/maas.yml @@ -0,0 +1,11 @@ +############################################################################## +# Copyright (c) 2018 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +classes: + - cluster.mcp-ovn-noha.infra + - cluster.all-mcp-arch-common.infra.maas diff --git a/mcp/reclass/classes/cluster/mcp-ovn-noha/init.yml b/mcp/reclass/classes/cluster/mcp-ovn-noha/init.yml index d4b6d85b7..82f4632bd 100644 --- a/mcp/reclass/classes/cluster/mcp-ovn-noha/init.yml +++ b/mcp/reclass/classes/cluster/mcp-ovn-noha/init.yml @@ -7,7 +7,6 @@ ############################################################################## --- classes: - - system.linux.system.single - cluster.mcp-common-noha.init_options - cluster.mcp-ovn-noha.infra - cluster.mcp-ovn-noha.openstack diff --git a/mcp/reclass/classes/cluster/mcp-ovn-noha/openstack/compute.yml.j2 b/mcp/reclass/classes/cluster/mcp-ovn-noha/openstack/compute.yml.j2 index 89ba3b074..ec6a1e7d3 100644 --- a/mcp/reclass/classes/cluster/mcp-ovn-noha/openstack/compute.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-ovn-noha/openstack/compute.yml.j2 @@ -6,6 +6,8 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## {%- import 'net_map.j2' as nm with context %} +{%- import 'net_macros.j2' as ma with context %} +{%- set vlan_private_start = (nm.vlan_private | string).rsplit('-')[0] %} --- classes: - service.neutron.compute.ovn.single @@ -15,15 +17,18 @@ parameters: neutron: compute: controller_vip: ${_param:cluster_local_address} + ~message_queue: ~ linux: network: interface: - external_interface: + {{ ma.interface_str(nm.cmp001.nic_public, nm.vlan_public) }}: enabled: true - name: ${_param:external_interface} mtu: ${_param:interface_mtu} proto: manual - type: eth + ovs_port_type: OVSPort + type: ovs_port + ovs_bridge: br-floating + bridge: br-floating br-mesh: enabled: true type: bridge @@ -31,25 +36,16 @@ parameters: address: ${_param:tenant_address} netmask: ${_param:opnfv_net_private_mask} use_interfaces: - - ${_param:tenant_interface} + - {{ ma.interface_str(nm.cmp001.nic_private, vlan_private_start) }} br-floating: enabled: true type: ovs_bridge mtu: ${_param:interface_mtu} - float-to-ex: - enabled: true - type: ovs_port - mtu: ${_param:interface_mtu} - bridge: br-floating - br-ex: - enabled: true - type: bridge - mtu: ${_param:interface_mtu} + proto: static address: ${_param:external_address} netmask: ${_param:opnfv_net_public_mask} use_interfaces: - - ${_param:external_interface} - use_ovs_ports: - - float-to-ex + - {{ ma.interface_str(nm.cmp001.nic_public, nm.vlan_public) }} gateway: ${_param:opnfv_net_public_gw} name_servers: {{ nm.dns_public }} + noifupdown: true diff --git a/mcp/reclass/classes/cluster/mcp-ovn-noha/openstack/control.yml b/mcp/reclass/classes/cluster/mcp-ovn-noha/openstack/control.yml index 235beff26..f99a460bd 100644 --- a/mcp/reclass/classes/cluster/mcp-ovn-noha/openstack/control.yml +++ b/mcp/reclass/classes/cluster/mcp-ovn-noha/openstack/control.yml @@ -10,3 +10,9 @@ classes: - system.neutron.control.ovn.single - cluster.mcp-common-noha.openstack_control - cluster.mcp-ovn-noha +parameters: + neutron: + server: + backend: + ovn: + metadata_enabled: true diff --git a/mcp/reclass/classes/cluster/mcp-ovs-dpdk-ha/infra/maas.yml b/mcp/reclass/classes/cluster/mcp-ovs-dpdk-ha/infra/maas.yml index f3d605494..2187ba78f 100644 --- a/mcp/reclass/classes/cluster/mcp-ovs-dpdk-ha/infra/maas.yml +++ b/mcp/reclass/classes/cluster/mcp-ovs-dpdk-ha/infra/maas.yml @@ -7,5 +7,5 @@ ############################################################################## --- classes: - - cluster.mcp-common-ha.infra.maas - cluster.mcp-ovs-dpdk-ha.infra + - cluster.all-mcp-arch-common.infra.maas diff --git a/mcp/reclass/classes/cluster/mcp-ovs-dpdk-ha/openstack/compute.yml b/mcp/reclass/classes/cluster/mcp-ovs-dpdk-ha/openstack/compute.yml index 106a2a7ac..52e63dfd6 100644 --- a/mcp/reclass/classes/cluster/mcp-ovs-dpdk-ha/openstack/compute.yml +++ b/mcp/reclass/classes/cluster/mcp-ovs-dpdk-ha/openstack/compute.yml @@ -18,10 +18,6 @@ parameters: vhost_socket_dir: ${_param:compute_ovs_vhost_socket_dir} backend: tenant_vlan_range: ${_param:neutron_tenant_vlan_range} - nova: - compute: - libvirt_service: libvirtd - libvirt_bin: /etc/default/libvirtd linux: system: kernel: diff --git a/mcp/reclass/classes/cluster/mcp-ovs-dpdk-noha/infra/maas.yml b/mcp/reclass/classes/cluster/mcp-ovs-dpdk-noha/infra/maas.yml new file mode 100644 index 000000000..49d214304 --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-ovs-dpdk-noha/infra/maas.yml @@ -0,0 +1,11 @@ +############################################################################## +# Copyright (c) 2018 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +classes: + - cluster.mcp-ovs-dpdk-noha.infra + - cluster.all-mcp-arch-common.infra.maas diff --git a/mcp/reclass/classes/cluster/mcp-ovs-dpdk-noha/init.yml b/mcp/reclass/classes/cluster/mcp-ovs-dpdk-noha/init.yml index 96e2c9425..35c3e7655 100644 --- a/mcp/reclass/classes/cluster/mcp-ovs-dpdk-noha/init.yml +++ b/mcp/reclass/classes/cluster/mcp-ovs-dpdk-noha/init.yml @@ -7,7 +7,6 @@ ############################################################################## --- classes: - - system.linux.system.single - cluster.mcp-common-noha.init_options - cluster.mcp-ovs-dpdk-noha.infra - cluster.mcp-ovs-dpdk-noha.openstack diff --git a/mcp/reclass/classes/cluster/mcp-ovs-dpdk-noha/openstack/compute.yml.j2 b/mcp/reclass/classes/cluster/mcp-ovs-dpdk-noha/openstack/compute.yml.j2 index 3e4eeceab..25fc82624 100644 --- a/mcp/reclass/classes/cluster/mcp-ovs-dpdk-noha/openstack/compute.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-ovs-dpdk-noha/openstack/compute.yml.j2 @@ -34,8 +34,9 @@ parameters: bridge: br-prv type: dpdk_ovs_port n_rxq: ${_param:dpdk0_n_rxq} + mtu: ${_param:interface_mtu} br-prv: enabled: true type: dpdk_ovs_bridge - tenant_interface: + {{ nm.cmp001.nic_private }}: type: dpdk # Not a meaningful type, just match 'dpdk' for filtering diff --git a/mcp/reclass/classes/cluster/mcp-ovs-dpdk-noha/openstack/gateway.yml b/mcp/reclass/classes/cluster/mcp-ovs-dpdk-noha/openstack/gateway.yml.j2 index 2f9aee6fd..c45b75569 100644 --- a/mcp/reclass/classes/cluster/mcp-ovs-dpdk-noha/openstack/gateway.yml +++ b/mcp/reclass/classes/cluster/mcp-ovs-dpdk-noha/openstack/gateway.yml.j2 @@ -5,6 +5,7 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## +{%- import 'net_map.j2' as nm with context %} --- classes: - cluster.mcp-common-noha.openstack_gateway @@ -18,9 +19,14 @@ parameters: linux: network: interface: - tenant_interface: + {{ nm.ctl01.nic_private }}: + ovs_port_type: OVSPort + type: ovs_port + bridge: br-prv ovs_bridge: br-prv br-prv: enabled: true type: ovs_bridge mtu: ${_param:interface_mtu} + use_interfaces: + - {{ nm.ctl01.nic_private }} diff --git a/mcp/reclass/classes/cluster/mcp-ovs-ha/infra/maas.yml b/mcp/reclass/classes/cluster/mcp-ovs-ha/infra/maas.yml index c9102ea70..154675f79 100644 --- a/mcp/reclass/classes/cluster/mcp-ovs-ha/infra/maas.yml +++ b/mcp/reclass/classes/cluster/mcp-ovs-ha/infra/maas.yml @@ -7,5 +7,5 @@ ############################################################################## --- classes: - - cluster.mcp-common-ha.infra.maas - cluster.mcp-ovs-ha.infra + - cluster.all-mcp-arch-common.infra.maas diff --git a/mcp/reclass/classes/cluster/mcp-ovs-ha/openstack/compute.yml b/mcp/reclass/classes/cluster/mcp-ovs-ha/openstack/compute.yml index 1e157cfa7..2507f2bae 100644 --- a/mcp/reclass/classes/cluster/mcp-ovs-ha/openstack/compute.yml +++ b/mcp/reclass/classes/cluster/mcp-ovs-ha/openstack/compute.yml @@ -10,8 +10,3 @@ classes: - cluster.mcp-common-ha.openstack_compute - cluster.mcp-ovs-ha.openstack.compute_pdf - cluster.mcp-ovs-ha.infra -parameters: - nova: - compute: - libvirt_service: libvirtd - libvirt_bin: /etc/default/libvirtd diff --git a/mcp/reclass/classes/cluster/mcp-ovs-noha/infra/maas.yml b/mcp/reclass/classes/cluster/mcp-ovs-noha/infra/maas.yml new file mode 100644 index 000000000..0d54d3be1 --- /dev/null +++ b/mcp/reclass/classes/cluster/mcp-ovs-noha/infra/maas.yml @@ -0,0 +1,11 @@ +############################################################################## +# Copyright (c) 2018 Mirantis Inc., Enea AB and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +--- +classes: + - cluster.mcp-ovs-noha.infra + - cluster.all-mcp-arch-common.infra.maas diff --git a/mcp/reclass/classes/cluster/mcp-ovs-noha/init.yml b/mcp/reclass/classes/cluster/mcp-ovs-noha/init.yml index a453af50b..24de77a24 100644 --- a/mcp/reclass/classes/cluster/mcp-ovs-noha/init.yml +++ b/mcp/reclass/classes/cluster/mcp-ovs-noha/init.yml @@ -7,7 +7,6 @@ ############################################################################## --- classes: - - system.linux.system.single - cluster.mcp-common-noha.init_options - cluster.mcp-ovs-noha.infra - cluster.mcp-ovs-noha.openstack diff --git a/mcp/reclass/classes/cluster/mcp-ovs-noha/openstack/compute.yml.j2 b/mcp/reclass/classes/cluster/mcp-ovs-noha/openstack/compute.yml.j2 index c949de4f4..2707c7f5e 100644 --- a/mcp/reclass/classes/cluster/mcp-ovs-noha/openstack/compute.yml.j2 +++ b/mcp/reclass/classes/cluster/mcp-ovs-noha/openstack/compute.yml.j2 @@ -6,9 +6,12 @@ # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## {%- import 'net_map.j2' as nm with context %} +{%- import 'net_macros.j2' as ma with context %} +{%- set vlan_private_start = (nm.vlan_private | string).rsplit('-')[0] %} --- classes: - service.neutron.compute.single + - system.nova.compute.nfv.hugepages - cluster.mcp-common-noha.openstack_compute - cluster.mcp-ovs-noha parameters: @@ -27,4 +30,8 @@ parameters: address: ${_param:tenant_address} netmask: ${_param:opnfv_net_private_mask} use_interfaces: - - ${_param:tenant_interface} + - {{ ma.interface_str(nm.cmp001.nic_private, vlan_private_start) }} + system: + package: + cgroup-tools: + version: latest diff --git a/mcp/reclass/classes/cluster/mcp-ovs-noha/openstack/control.yml b/mcp/reclass/classes/cluster/mcp-ovs-noha/openstack/control.yml index 939cb2834..dd0245344 100644 --- a/mcp/reclass/classes/cluster/mcp-ovs-noha/openstack/control.yml +++ b/mcp/reclass/classes/cluster/mcp-ovs-noha/openstack/control.yml @@ -10,3 +10,9 @@ classes: - system.neutron.control.openvswitch.single - cluster.mcp-common-noha.openstack_control - cluster.mcp-ovs-noha +parameters: + nova: + controller: + scheduler_default_filters: "DifferentHostFilter,SameHostFilter,RetryFilter,AvailabilityZoneFilter,RamFilter,\ + CoreFilter,DiskFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,\ + ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter,NUMATopologyFilter" diff --git a/mcp/reclass/classes/cluster/mcp-ovs-noha/openstack/gateway.yml b/mcp/reclass/classes/cluster/mcp-ovs-noha/openstack/gateway.yml.j2 index 5c5547cfc..685402da8 100644 --- a/mcp/reclass/classes/cluster/mcp-ovs-noha/openstack/gateway.yml +++ b/mcp/reclass/classes/cluster/mcp-ovs-noha/openstack/gateway.yml.j2 @@ -5,6 +5,9 @@ # which accompanies this distribution, and is available at # http://www.apache.org/licenses/LICENSE-2.0 ############################################################################## +{%- import 'net_map.j2' as nm with context %} +{%- import 'net_macros.j2' as ma with context %} +{%- set vlan_private_start = (nm.vlan_private | string).rsplit('-')[0] %} --- classes: - cluster.mcp-common-noha.openstack_gateway @@ -22,4 +25,4 @@ parameters: address: ${_param:tenant_address} netmask: ${_param:opnfv_net_private_mask} use_interfaces: - - ${_param:tenant_interface} + - {{ ma.interface_str(nm.ctl01.nic_private, vlan_private_start) }} |