summaryrefslogtreecommitdiffstats
path: root/mcp
diff options
context:
space:
mode:
Diffstat (limited to 'mcp')
-rwxr-xr-xmcp/config/states/baremetal_init1
-rwxr-xr-xmcp/config/states/openstack_ha10
-rwxr-xr-xmcp/config/states/openstack_noha10
-rwxr-xr-xmcp/config/states/virtual_control_plane1
-rw-r--r--mcp/patches/0011-system.repo-Debian-Add-keyserver-proxy-support.patch110
-rw-r--r--mcp/patches/patches.list1
-rw-r--r--mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/include/proxy.yml9
-rw-r--r--mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/config.yml1
-rw-r--r--mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/init.yml2
-rw-r--r--mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/lab_proxy_pdf.yml.j224
-rw-r--r--mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/maas.yml1
-rw-r--r--mcp/reclass/classes/cluster/baremetal-mcp-pike-odl-ha/openstack/compute_pdf.yml.j24
-rw-r--r--mcp/reclass/classes/cluster/baremetal-mcp-pike-ovs-ha/openstack/compute_pdf.yml.j24
-rw-r--r--mcp/reclass/classes/cluster/virtual-mcp-pike-common-noha/openstack_init.yml2
-rw-r--r--mcp/salt-formulas/opendaylight/server.sls16
-rwxr-xr-xmcp/scripts/salt.sh2
16 files changed, 187 insertions, 11 deletions
diff --git a/mcp/config/states/baremetal_init b/mcp/config/states/baremetal_init
index 9718a4176..cd254ddd3 100755
--- a/mcp/config/states/baremetal_init
+++ b/mcp/config/states/baremetal_init
@@ -25,7 +25,6 @@ salt -C 'kvm* or cmp*' file.replace $debian_ip_source \
salt -C 'kvm*' pkg.install bridge-utils
salt -C 'kvm*' state.apply linux.network
salt -C 'kvm* or cmp*' state.apply salt.minion
-salt -C 'kvm* or cmp*' service.force_reload salt-minion
salt -C 'cmp*' state.apply linux.system
salt -C 'cmp*' state.apply linux.network || true
diff --git a/mcp/config/states/openstack_ha b/mcp/config/states/openstack_ha
index 4948a504d..0bbf7cde5 100755
--- a/mcp/config/states/openstack_ha
+++ b/mcp/config/states/openstack_ha
@@ -65,6 +65,16 @@ salt -I 'ceilometer:agent' state.sls ceilometer
salt -I 'horizon:server' state.sls horizon
salt -I 'nginx:server' state.sls nginx,sphinx
+# workaround for the pike horizon is missing css, FUEL-324
+salt -I 'horizon:server' file.symlink \
+ /var/lib/openstack-dashboard/static \
+ /usr/share/openstack-dashboard/static
+salt -I 'horizon:server' cmd.run "/usr/share/openstack-dashboard/manage.py collectstatic --noinput"
+salt -I 'horizon:server' cmd.run "/usr/share/openstack-dashboard/manage.py compress --force"
+salt -I 'horizon:server' file.append /etc/openstack-dashboard/local_settings.py \
+ "AVAILABLE_THEMES = [ ('default', 'Default', 'themes/default'),]"
+salt -I 'horizon:server' service.reload apache2
+
clstr_vip_addr=$(salt -C 'I@nginx:server and *01*' --out=yaml \
pillar.get _param:cluster_vip_address | awk '{print $2; exit}')
salt -C 'I@nginx:server and *01*' cp.push \
diff --git a/mcp/config/states/openstack_noha b/mcp/config/states/openstack_noha
index bcb780738..9fc30bbf1 100755
--- a/mcp/config/states/openstack_noha
+++ b/mcp/config/states/openstack_noha
@@ -51,3 +51,13 @@ salt -I 'ceilometer:server' state.sls ceilometer
salt -I 'ceilometer:agent' state.sls ceilometer
salt -I 'horizon:server' state.sls horizon
+
+# workaround for the pike horizon is missing css, FUEL-324
+salt -I 'horizon:server' file.symlink \
+ /var/lib/openstack-dashboard/static \
+ /usr/share/openstack-dashboard/static
+salt -I 'horizon:server' cmd.run "/usr/share/openstack-dashboard/manage.py collectstatic --noinput"
+salt -I 'horizon:server' cmd.run "/usr/share/openstack-dashboard/manage.py compress --force"
+salt -I 'horizon:server' file.append /etc/openstack-dashboard/local_settings.py \
+ "AVAILABLE_THEMES = [ ('default', 'Default', 'themes/default'),]"
+salt -I 'horizon:server' service.reload apache2
diff --git a/mcp/config/states/virtual_control_plane b/mcp/config/states/virtual_control_plane
index 0607b318b..75347d918 100755
--- a/mcp/config/states/virtual_control_plane
+++ b/mcp/config/states/virtual_control_plane
@@ -59,7 +59,6 @@ salt -C 'E@^(?!cfg01|mas01|kvm|cmp00).*' cp.get_file \
"salt://maas/files/$(basename "${APT_CONF_D_CURTIN}")" "${APT_CONF_D_CURTIN}"
wait_for 10 "salt -C 'E@^(?!cfg01|mas01|kvm|cmp00).*' state.apply salt"
-wait_for 10 "salt -C 'E@^(?!cfg01|mas01|kvm|cmp00).*' service.force_reload salt-minion"
wait_for 10.0 "salt -C 'E@^(?!cfg01|mas01|kvm|cmp00).*' state.apply linux,ntp"
wait_for 10 "salt -C 'E@^(?!cfg01|mas01|kvm|cmp00).*' ssh.set_auth_key ${SUDO_USER} \
diff --git a/mcp/patches/0011-system.repo-Debian-Add-keyserver-proxy-support.patch b/mcp/patches/0011-system.repo-Debian-Add-keyserver-proxy-support.patch
new file mode 100644
index 000000000..1ff519e84
--- /dev/null
+++ b/mcp/patches/0011-system.repo-Debian-Add-keyserver-proxy-support.patch
@@ -0,0 +1,110 @@
+From: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
+Date: Mon, 22 Jan 2018 00:28:09 +0100
+Subject: [PATCH] system.repo: Debian: Add keyserver proxy support
+
+Introduce a new, optional set of parameters to configure the proxy
+used for key fetching / keyserver access under:
+linux:system:proxy:keyserver:http(s).
+
+Previously, when fetching GPG keys for APT keyring, either using
+public key download & import (as for default repos) or via keyserver,
+we relied on simple `curl` calls or passed it down to Salt aptpkg
+module.
+To be able to retrieve APT keys behind a proxy, one used to have to
+configure the proxy for the Salt minion, which does not yet have
+`no_proxy` support (either *all* or *no* traffic hits the proxy).
+
+When the new http(s) proxy param is set:
+- no longer pass key configuration to Salt aptpkg (until it properly
+ supports `no_proxy`);
+- handle all keys explicitly with `curl` and `apt-key`;
+- set 'http(s)_proxy' env vars for `cmd.run`/`cmd.wait` calls;
+
+If linux:system:proxy:keyserver is not defined, the behavior is
+unchanged for backwards compatibility.
+
+Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
+---
+ README.rst | 16 ++++++++++++++++
+ linux/system/repo.sls | 40 ++++++++++++++++++++++++++++++++++++++++
+ 2 files changed, 56 insertions(+)
+
+diff --git a/linux/system/repo.sls b/linux/system/repo.sls
+index 5d4d059..724db5a 100644
+--- a/linux/system/repo.sls
++++ b/linux/system/repo.sls
+@@ -96,13 +96,50 @@ linux_repo_{{ name }}_key:
+ - name: "curl -s {{ repo.key_url }} | apt-key add -"
+ - watch:
+ - file: default_repo_list
++{%- if system.proxy.keyserver is defined %}
++ - env:
++ - http_proxy: {{ system.proxy.get('keyserver', {}).get('http', '') }}
++ - https_proxy: {{ system.proxy.get('keyserver', {}).get('https', '') }}
++{%- endif %}
+
+ {%- endif %}
+
++{#- repo.default is false #}
+ {%- else %}
+
+ {%- if repo.get('enabled', True) %}
+
++{%- if system.proxy.keyserver is defined %}
++
++{%- if repo.get('key') %}
++
++linux_repo_{{ name }}_key:
++ cmd.run:
++ - name: "echo '{{ repo.key }}' | apt-key add -"
++
++{%- elif repo.key_url|default(False) %}
++
++linux_repo_{{ name }}_key:
++ cmd.run:
++ - name: "curl -s {{ repo.key_url }} | apt-key add -"
++ - env:
++ - http_proxy: {{ system.proxy.get('keyserver', {}).get('http', '') }}
++ - https_proxy: {{ system.proxy.get('keyserver', {}).get('https', '') }}
++
++{%- elif repo.key_id is defined and repo.key_server is defined %}
++
++linux_repo_{{ name }}_key:
++ cmd.run:
++ - name: "apt-key adv --keyserver {{ repo.key_server }} --recv {{ repo.key_id }}"
++ - env:
++ - http_proxy: {{ system.proxy.get('keyserver', {}).get('http', '') }}
++ - https_proxy: {{ system.proxy.get('keyserver', {}).get('https', '') }}
++
++{%- endif %}
++
++{#- system.proxy.keyserver #}
++{%- endif %}
++
+ linux_repo_{{ name }}:
+ pkgrepo.managed:
+ {%- if repo.ppa is defined %}
+@@ -115,6 +152,7 @@ linux_repo_{{ name }}:
+ {%- endif %}
+ - file: /etc/apt/sources.list.d/{{ name }}.list
+ - clean_file: {{ repo.clean|default(True) }}
++ {%- if system.proxy.keyserver is not defined %}
+ {%- if repo.key_id is defined %}
+ - keyid: {{ repo.key_id }}
+ {%- endif %}
+@@ -124,6 +162,7 @@ linux_repo_{{ name }}:
+ {%- if repo.key_url is defined %}
+ - key_url: {{ repo.key_url }}
+ {%- endif %}
++ {%- endif %}
+ - consolidate: {{ repo.get('consolidate', False) }}
+ - clean_file: {{ repo.get('clean_file', False) }}
+ - refresh_db: {{ repo.get('refresh_db', True) }}
+@@ -140,6 +179,7 @@ linux_repo_{{ name }}:
+ {%- endif %}
+ {%- endif %}
+
++{#- repo.enabled is false #}
+ {%- else %}
+
+ linux_repo_{{ name }}_absent:
diff --git a/mcp/patches/patches.list b/mcp/patches/patches.list
index 284f1bcec..1b3bfeab0 100644
--- a/mcp/patches/patches.list
+++ b/mcp/patches/patches.list
@@ -15,4 +15,5 @@
/usr/share/salt-formulas/env: 0008-Handle-file_recv-option.patch
/usr/share/salt-formulas/env: 0009-controller-Use-keystoneclient-to-check-project-ID.patch
/usr/share/salt-formulas/env: 0010-maas-region-allow-timeout-override.patch
+/usr/share/salt-formulas/env: 0011-system.repo-Debian-Add-keyserver-proxy-support.patch
/usr/share/salt-formulas/env: 0012-linux.storage.lvm-Disable-filter.patch
diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/include/proxy.yml b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/include/proxy.yml
index 5d7475812..3c324db8b 100644
--- a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/include/proxy.yml
+++ b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/include/proxy.yml
@@ -16,8 +16,9 @@ parameters:
# https_proxy: http://${_param:infra_maas_node01_deploy_address}:8000
# no_proxy:
# - .local
- salt:
- minion:
+ linux:
+ system:
proxy:
- host: ${_param:infra_maas_node01_deploy_address}
- port: 8000
+ keyserver:
+ http: http://${_param:infra_maas_node01_deploy_address}:8000
+ https: http://${_param:infra_maas_node01_deploy_address}:8000
diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/config.yml b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/config.yml
index 6b44be6a4..4d7fa1eb1 100644
--- a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/config.yml
+++ b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/config.yml
@@ -25,6 +25,7 @@ classes:
# - system.reclass.storage.system.stacklight_monitor_cluster
# - system.reclass.storage.system.stacklight_telemetry_cluster
- system.reclass.storage.system.infra_maas_single
+ - cluster.baremetal-mcp-pike-common-ha.infra.lab_proxy_pdf
parameters:
_param:
salt_master_base_environment: prd
diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/init.yml b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/init.yml
index f2a6b4e68..7d513e9bf 100644
--- a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/init.yml
+++ b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/init.yml
@@ -13,7 +13,7 @@ classes:
# - cluster.baremetal-mcp-pike-common-ha.stacklight.client
parameters:
_param:
- apt_mk_version: nightly
+ apt_mk_version: stable
mcp_repo_version: 1.1
salt_version: 2016.11
cluster_domain: ${_param:cluster_name}.local
diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/lab_proxy_pdf.yml.j2 b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/lab_proxy_pdf.yml.j2
new file mode 100644
index 000000000..0e95d2d1d
--- /dev/null
+++ b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/lab_proxy_pdf.yml.j2
@@ -0,0 +1,24 @@
+##############################################################################
+# Copyright (c) 2018 Mirantis Inc., Enea AB and others.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+---
+# We'll craft this class so it can be reused on both cfg01 and mas01
+{%- if conf.idf.fuel.network.upstream_proxy is defined %}
+{%- set upstream_proxy=conf.idf.fuel.network.upstream_proxy %}
+parameters:
+ maas:
+ region:
+ upstream_proxy:
+ address: {{ upstream_proxy.address }}
+ port: {{ upstream_proxy.port }}
+ linux:
+ system:
+ proxy:
+ keyserver:
+ http: http://{{ upstream_proxy.address }}:{{ upstream_proxy.port }}
+ https: http://{{ upstream_proxy.address }}:{{ upstream_proxy.port }}
+{%- endif %}
diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/maas.yml b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/maas.yml
index 325e0639c..da28abf06 100644
--- a/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/maas.yml
+++ b/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/infra/maas.yml
@@ -9,6 +9,7 @@
classes:
- system.maas.region.single
- service.maas.cluster.single
+ - cluster.baremetal-mcp-pike-common-ha.infra.lab_proxy_pdf
parameters:
_param:
dhcp_interface: ${_param:opnfv_fn_vm_primary_interface}
diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-pike-odl-ha/openstack/compute_pdf.yml.j2 b/mcp/reclass/classes/cluster/baremetal-mcp-pike-odl-ha/openstack/compute_pdf.yml.j2
index 21ab8e937..52090cc0a 100644
--- a/mcp/reclass/classes/cluster/baremetal-mcp-pike-odl-ha/openstack/compute_pdf.yml.j2
+++ b/mcp/reclass/classes/cluster/baremetal-mcp-pike-odl-ha/openstack/compute_pdf.yml.j2
@@ -53,7 +53,11 @@ parameters:
{{ nic }}:
enabled: true
type: eth
+ {%- if nic == nic_admin %}
+ proto: dhcp
+ {%- else %}
proto: manual
+ {%- endif %}
name: {{ nic }}
{%- endfor %}
diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-pike-ovs-ha/openstack/compute_pdf.yml.j2 b/mcp/reclass/classes/cluster/baremetal-mcp-pike-ovs-ha/openstack/compute_pdf.yml.j2
index 88e3117b7..7b90c727a 100644
--- a/mcp/reclass/classes/cluster/baremetal-mcp-pike-ovs-ha/openstack/compute_pdf.yml.j2
+++ b/mcp/reclass/classes/cluster/baremetal-mcp-pike-ovs-ha/openstack/compute_pdf.yml.j2
@@ -53,7 +53,11 @@ parameters:
{{ nic }}:
enabled: true
type: eth
+ {%- if nic == nic_admin %}
+ proto: dhcp
+ {%- else %}
proto: manual
+ {%- endif %}
name: {{ nic }}
{%- endfor %}
diff --git a/mcp/reclass/classes/cluster/virtual-mcp-pike-common-noha/openstack_init.yml b/mcp/reclass/classes/cluster/virtual-mcp-pike-common-noha/openstack_init.yml
index 89b06fb7e..d5606b594 100644
--- a/mcp/reclass/classes/cluster/virtual-mcp-pike-common-noha/openstack_init.yml
+++ b/mcp/reclass/classes/cluster/virtual-mcp-pike-common-noha/openstack_init.yml
@@ -9,7 +9,7 @@
parameters:
_param:
openstack_version: pike
- apt_mk_version: nightly
+ apt_mk_version: stable
mcp_repo_version: 1.1
openstack_region: RegionOne
admin_email: root@localhost
diff --git a/mcp/salt-formulas/opendaylight/server.sls b/mcp/salt-formulas/opendaylight/server.sls
index 30c337c00..f953cddc0 100644
--- a/mcp/salt-formulas/opendaylight/server.sls
+++ b/mcp/salt-formulas/opendaylight/server.sls
@@ -6,9 +6,23 @@
# http://www.apache.org/licenses/LICENSE-2.0
##############################################################################
{% from "opendaylight/map.jinja" import server with context %}
+{% from "linux/map.jinja" import system with context %}
{%- if server.enabled %}
+opendaylight_repo_key:
+ cmd.run:
+ - name: "apt-key adv --keyserver keyserver.ubuntu.com --recv 44C05248"
+{%- if system.proxy is defined and system.proxy.keyserver is defined %}
+ - env:
+{%- if system.proxy.keyserver.http is defined %}
+ - http_proxy: {{ system.proxy.keyserver.http }}
+{%- endif %}
+{%- if system.proxy.keyserver.https is defined %}
+ - https_proxy: {{ system.proxy.keyserver.https }}
+{%- endif %}
+{%- endif %}
+
opendaylight_repo:
pkgrepo.managed:
# NOTE(armband): PPA handling behind proxy broken, define it explicitly
@@ -17,8 +31,6 @@ opendaylight_repo:
- human_name: opendaylight-ppa
- name: deb http://ppa.launchpad.net/odl-team/nitrogen/ubuntu xenial main
- file: /etc/apt/sources.list.d/odl-team-ubuntu-nitrogen-xenial.list
- - keyid: 49B07274951063870A8B7EAE7B8AA1A344C05248
- - keyserver: keyserver.ubuntu.com
opendaylight:
pkg.installed:
diff --git a/mcp/scripts/salt.sh b/mcp/scripts/salt.sh
index a13194363..1975f9e54 100755
--- a/mcp/scripts/salt.sh
+++ b/mcp/scripts/salt.sh
@@ -54,7 +54,7 @@ ssh ${SSH_OPTS} "${SSH_SALT}" bash -s -e << SALT_INSTALL_END
echo ' done'
mkdir -p /srv/salt /usr/share/salt-formulas/reclass
- rm -rf ${OPNFV_GIT_DIR}
+ rm -rf ${OPNFV_GIT_DIR} ${OPNFV_FUEL_DIR}
mv ${OPNFV_TMP_DIR} ${OPNFV_GIT_DIR} && chown -R root.root ${OPNFV_GIT_DIR}
find ${OPNFV_GIT_DIR} -name '.git' -type f | while read f_git; do
sed -i 's@${LOCAL_GIT_DIR}@${OPNFV_GIT_DIR}@g' \$f_git