summaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2019-03-04Turn off meltdown/spectre patchesMichael Polenchuk4-0/+12
Change-Id: Id75ffe4db808a4ec250ba8b86c5d49f1206c3784 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2019-02-28Tune up nova/neutron intervalsMichael Polenchuk17-144/+28
Also re-align resources for virtual scenarios. Change-Id: Id0d55407fd5b1720a24e30c364219f8b08e89d06 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2019-02-26Fix race condition with nova privsep utimeMichael Polenchuk3-0/+16
Bug: https://bugs.launchpad.net/nova/+bug/1809123 Change-Id: I14622c21826aeeddac6ea7bf7f9d116cd3e68cfb Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2019-02-26Merge "[cfg01] Reduce mine_interval to 15 min"Michael Polenchuk1-1/+1
2019-02-22[lib] Add fatal validation of old kernel on UbuntuAlexandru Avadanii1-0/+8
As reported in [1], kernel 4.4 seems to break nested virtualization, add a fatal check against it. [1] https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1797332 Change-Id: I0aef8a7340dd82bfeb2e58c9642623b9ec13dca5 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2019-02-22[cfg01] Reduce mine_interval to 15 minAlexandru Avadanii1-1/+1
Some PODs are fast enough to get past installing, syncing and using MaaS to provision the OS on the baremetal nodes before the 1h mine refresh. Since mine.update operation is fast enough to go unnoticed and we only collect IP addresses, grains and pem entries, schedule it every 15 minutes. Due to reclass class inheritance, we can't easily override this via pillar data, so handle it via entrypoint.sh. Change-Id: I0d8ed2da838ad09c94e9327d0131d3e239de4f08 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2019-02-22Install missing gnocchi dependenciesMichael Polenchuk3-0/+13
Change-Id: Ifc4fff90551344c69295990b220f0778967887a4 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2019-02-19Merge "[baremetal] Containerize MaaS"Alexandru Avadanii35-223/+240
2019-02-15Merge "[cfg01] Schedule x509.get_pem_entries mine update"Alexandru Avadanii1-0/+4
2019-02-15[cfg01] Schedule x509.get_pem_entries mine updateAlexandru Avadanii1-0/+4
Previously, Salt Master CA mine was only sent once, during salt.minion.ca state execution at cfg01 bringup / bootstrap. This causes possible issues with: - Salt Master container restart (mine data is lost); - UNH Lab deployment (uknown rootcause, might be related to XFS and overlay2 being used with Docker on CentOS); To bypass this issue, make x509.get_pem_entries module send mine data at the default mine interval (60 minutes). Change-Id: I5f6334ae18f5af6cbe0a164791603b67f0a3668f Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2019-02-14[baremetal] Containerize MaaSAlexandru Avadanii35-223/+240
- replace mas01 VM with a Docker container; - drop `mcpcontrol` virsh-managed network, including special handling previously required for it across all scripts; - drop infrastructure VMs handling from scripts, the only VMs we still handle are cluster VMs for virtual and/or hybrid deployments; - drop SSH server from mas01; - stop running linux state on mas01, as all prerequisites are properly handled durin Docker build or via entrypoint.sh - for completeness, we still keep pillar data in sync with the actual contents of mas01 configuration, so running the state manually would still work; - make port 5240 available on the jumpserver for MaaS dashboard access; - docs: update diagrams and text to reflect the new changes; Change-Id: I6d9424995e9a90c530fd7577edf401d552bab929 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2019-02-14Rise up salt's gather job timeoutMichael Polenchuk1-1/+2
While the minions are working their jobs the CLI is waiting for the first initial timeout period (timeout) to start. When that hits, the CLI sends sends the first "find_job" query. This kicks off the gather_job_timeout timer. Sometimes a minion doesn't respond to the request within the gather_job_timeout time period (default is 10s), so rise up this value to give a chance for a minion to report actual status. Change-Id: Ic3756b82fdeb17718870ab30e9578263d25309f7 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2019-02-11Merge "[odl] Settle the broken pkg->config dependency"Michael Polenchuk2-49/+60
2019-02-11Merge "[docker] Add MaaS container build support"Alexandru Avadanii6-5/+120
2019-02-08[odl] Settle the broken pkg->config dependencyMichael Polenchuk2-49/+60
Change-Id: I3bbe3e4be520ccac198654bb4a7d493aa8450023 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2019-02-07[docker] Add MaaS container build supportAlexandru Avadanii6-5/+120
Change-Id: I7709c9ca9e701b656447154919eb084a710f49af Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2019-02-07[odl] Disable PaxOsgi logging by defaultMichael Polenchuk3-125/+139
The PaxOsgi logging has a performance impact (i.e. makes pressure to the Java GC). Change-Id: Ic0bc2c0d1cfac195a04d1cfa90fa7fa47fc37612 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2019-02-05Merge "[odl/noha] Make vif_plugging non-fatal"Michael Polenchuk6-6/+10
2019-02-05Merge "[cfg01] Use ssh config to set default user & key"Michael Polenchuk2-1/+7
2019-02-04Merge "[fdio] Fix VPP package pinning"Alexandru Avadanii1-2/+2
2019-02-04[fdio] Fix VPP package pinningAlexandru Avadanii1-2/+2
Previously, Ubuntu ignored the VPP pinning with: N: Ignoring file 'fdio.ubuntu' in directory '/etc/apt/preferences.d/' as it has an invalid filename extension Change-Id: I5ee60c1715bea3b4180b55125dc72962a70c2754 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2019-02-04[cfg01] Use ssh config to set default user & keyAlexandru Avadanii2-1/+7
Change-Id: I7486569568207f7652f8bdfcf1060ce51a9dbb0e Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2019-02-04[submodule] Bump Pharos for arm-pod10 cmp changeAlexandru Avadanii1-0/+0
Change-Id: Ia7f8845017333e54db110bca5b3715702948b76b Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2019-02-04[odl/noha] Make vif_plugging non-fatalMichael Polenchuk6-6/+10
In order to mitigate live migration procedure make VIF plugging event non-fatal for nova-compute. Also align max value of memory for instance of ODL controller. Change-Id: I0d00cc97c652eef3bd3404fac4715e2e7f2f02c7 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2019-01-30Merge "[deploy] Allow only operating system install"Cristina Pauna2-7/+11
2019-01-30Merge "[fdio] Pin VPP packages to 18.07-release"Cristina Pauna1-1/+7
2019-01-29[deploy] Allow only operating system installAlexandru Avadanii2-7/+11
Extend one of the existing deployment arguments to allow the installation of only the operating system and infrastructure networks, skipping cloud setup. Change-Id: Ibc5d0f324ed15b66f809839cfce49a0324b6fe4d Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2019-01-29Merge "[ovs] Start ovs services before networking"Alexandru Avadanii13-22/+141
2019-01-29[fdio] Pin VPP packages to 18.07-releaseAlexandru Avadanii1-1/+7
VPP 18.10 has a weird bug triggered by certain packets, e.g. from inside a guest VM on a compute node, these behave differently: $ udhcpc -x hostname:1234567890123456789012 # works $ udhcpc -x hostname:12345678901234567890123 # confuses VPP on gtw01 To avoid this bug, pin VPP to the previous release, which does not exhibit the issue. Change-Id: I8c1e085731909d4b9296e8b09608887a4b5bfdd6 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2019-01-27[fdio] Increase VIF plug-in timeoutAlexandru Avadanii2-2/+2
Baremetal clusters might benefit from having a little more time to plug in the VIFs. Change-Id: I9406a0ef24de2177827b3acd27b7c60b293a4572 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2019-01-27[ovs] Start ovs services before networkingAlexandru Avadanii13-22/+141
Fix broken systemd service unit dependecies: - OVS should start before networking service; - OVS ports & bridges should not be automatically ifup-ed by networking service to avoid races, so drop 'auto' for both (OVS ports are automatically handled when part of an OVS bridge); - explicitly ifup OVS bridges as part of networking service, but after all Linux interfaces have been handled; - use 'allow-ovs br-prv' to let OVS handle br-prv and avoid another race condition; While at it, fix some other related issues: - make OVS service start after DPDK service (if present); - bump OVS-DPDK compute VMs RAM since since switching from MTU 1500 to jumbo frames for virtual PODs a while ago failed to do so [1]; - avoid creating conflicting reclass linux.network.interfaces entries for OVS ports by using their name (drop 'ovs_port_' prefix): * for untagged networks they will override existing common defs; * for tagged networks, they will create separate entries; - DPDK scenarios: make gtw01 br-prv members OVS ports to avoid race conditions after node reboot by letting OVS handle them; [1] https://developers.redhat.com/blog/2018/03/16/\ ovs-dpdk-hugepage-memory/ Change-Id: I0266ba67f3849b6f7e331a758146b331730bae55 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2019-01-24Merge "Enable back auto for ports network script"Michael Polenchuk2-15/+26
2019-01-24Merge "[fdio] Make VIF timeout non-fatal"Alexandru Avadanii2-0/+10
2019-01-24Enable back auto for ports network scriptMichael Polenchuk2-15/+26
The ovs port remains in down state after reboot if "auto" is off. Also turn off no_wait option for odl-noha scenarios. Change-Id: I0121b3190869528e5f2e9985f9e9299ac6c6724e Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2019-01-24[fdio] Make VIF timeout non-fatalAlexandru Avadanii2-0/+10
The first VMs spawned still exhibit the race condition described in the ticket, so apply the same workaround proposed during the Fraser release cycle in FDS. JIRA: FDS-156 Change-Id: I3b2b1ed7b5711daf81b5f4a263e4dbee9f502259 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2019-01-23[docs] Update Gambia 7.2 release dateAlexandru Avadanii1-1/+1
Change-Id: I27d13cafcfa45f70413695dbb6fe29e5bb222a3e Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2019-01-22Pass domain name properly for heat stack userMichael Polenchuk5-9/+34
Change-Id: I74c1c85310e2012e664764b6129fc4a52faaf106 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2019-01-21Merge "[uefi_cleanup] Use grain targeting"Alexandru Avadanii1-8/+3
2019-01-21Merge "[noha] baremetal: Fix undef armband_repo_version"Michael Polenchuk3-2/+1
2019-01-19[uefi_cleanup] Use grain targetingAlexandru Avadanii1-8/+3
Alternating HA and no-HA scenario deployments on baremetal requires non-hostname targeting for UEFI cleanup (e.g. ctl01/gtw01/kvm01). Change-Id: I9f0e967b500856b65a69ea0ab6ea13e15b327d8b Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2019-01-17Merge "Sync heat domain name with keystone defined"Alexandru Avadanii2-0/+4
2019-01-17[submodule] Bump Pharos for arm-pod10 cmp NIC syncAlexandru Avadanii1-0/+0
Change-Id: I177598d4d20539e50aab5f283e8d10022a4f1a14 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2019-01-17Sync heat domain name with keystone definedMichael Polenchuk2-0/+4
Change-Id: Ibf88f179af2570a707ade78f772342b7da23b74f Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2019-01-16[noha] baremetal: Fix undef armband_repo_versionAlexandru Avadanii3-2/+1
Change-Id: I0e56261fc2fc2a0a3f164531c72d88f7c46f5ca1 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2019-01-16[submodule] Bump Pharos for arm-pod10 NIC reorderAlexandru Avadanii1-0/+0
Change-Id: I79d3167432d48500346d5c8294d447c54e0cb6be Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2019-01-16Merge "Align patches"Michael Polenchuk4-116/+44
2019-01-16Align patchesMichael Polenchuk4-116/+44
* patch is merged into oslo-templates * rocky repo key name is made as for others * jinja package is updated to fix incorrect quoted value [https://github.com/saltstack/salt/issues/46594] Change-Id: Ia6359cf89579b4d892ae40c4d087168edcd86ebb Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2019-01-16Make shutdown only on physical nodesMichael Polenchuk2-2/+6
Change-Id: If167e7a6bdcdccd6b6df43bd5cac54250abec61a Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2019-01-15Merge "[baremetal] Shutdown nodes from previous deploy"Alexandru Avadanii1-0/+1
2019-01-14[odl] Set conntrack as netvirt nat modeMichael Polenchuk4-0/+36
The conntrack-based SNAT uses the Linux netfilter framework to do the NAPT and track the connection. The first packet in a traffic is passed to the netfilter to be translated with the external IP. The following packets will use the netfilter for further inbound and outbound translation. Change-Id: I1090b4fe041f8d9533aa4ce1964284a4a5c073ce Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>