aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2018-01-22Merge "[baremetal] Fix cmp proto dhcp on PXE/admin"Michael Polenchuk2-0/+8
2018-01-22[patch] system.repo: Add keyserver proxy supportAlexandru Avadanii6-8/+122
Instead of defining a http proxy for all salt-minion traffic, which also includes some Openstack API accesses we can't filter (no_proxy is not yet supported), add & leverage support for proxy configuration during APT keyserver access / key download. JIRA: FUEL-331 Change-Id: I9470807633596c610cfafb141b139ddda2ff096b Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-21[baremetal] Fix cmp proto dhcp on PXE/adminAlexandru Avadanii2-0/+8
Although we properly filter the PXE/admin interface in the common openstack_compute_pdf.yml.j2 template and use DHCP instead of manual setup, we failed to do the same in scenario-specific overrides (ODL, OVS), so we end up with 'proto: manual' on PXE/admin on cmp nodes. The fix is trivial and reuses the mechanism in the common class in scenario-specific templates (if interface is PXE/admin, use 'DHCP' instead of 'manual'). This solves the issue of broken connectivity to Salt master after cmp reboot. Change-Id: I1953d03343190acb2efcab4412a3d37e130b0ea9 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-21reclass: apt_mk_version: stableAlexandru Avadanii3-3/+3
Although previous commit d1b6119 changed the first reference of apt-mk repos to 'stable' from 'nightly', it missed the cluster model. This fixes redeploys with `-f`, which fail due to conflicts between already installed 'stable' packages and 'nightly' ones. Fixes: d1b6119 Change-Id: I854bac86feaaa61da0b68d158e270eec1ee0ccb7 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-19Get back to the GA kernelMichael Polenchuk2-3/+1
- openvswitch 2.8 officially supports kernel versions from 3.10 to 4.12 - ODL baremetal scenario is acting up with floating/public SNAT flow under hwe edge kernel 4.13 Change-Id: I099d528b3b1c2ea34f8f856cd60f809f90defea6 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-01-18INFO: Add Guillermo as Fuel committerAlexandru Avadanii1-0/+2
Change-Id: Ibdd21a1fd07ee8e05d3dffb89048f7430543da97 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-15Setup mongodb master primarilyMichael Polenchuk2-4/+4
Initiate mongodb master at first to avoid race conditaion with unwanted master election which causes cluster setup failure. Change-Id: I6d2f75f3f002849cac3a5f52a7dcfb4646b7822a Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-01-12Retry cinder volume stateMichael Polenchuk2-2/+5
The service of cinder-volume restarts too quickly after package installation with default/incorrect configuration and goes over restart threshold, so systemd stops attempt to restart any further causing state faulure. To fix it properly the RestartSec (i.e. restart delay) param should be added into cinder-volume.service unit. Change-Id: Ic8591e8ef52a3d439122f276d275e56bd2442ce6 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-01-11Merge "docs: AArch64: Jumpserver min libvirt version"Alexandru Avadanii1-37/+96
2018-01-11docs: AArch64: Jumpserver min libvirt versionting wu1-37/+96
- For the Jumpserver configuration Add bridge config Add Armband repository list Add minimum libvirt version requirement - Fix various typo - Add option -S, -D in deploy script JIRA: ARMBAND-337 Change-Id: Ic62819dbb28699cf8a2dba81b7d65a39e3f0b011 Signed-off-by: ting wu <ting.wu@enea.com>
2018-01-11[baremetal] Disable dhcp offered routesMichael Polenchuk2-0/+5
Prevent dhcp client from setting an unwanted default routes on compute nodes. Change-Id: I2529491bbc977647e5f457d5f1ba88b0cc4372ee Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-01-08Merge "[centos jump] Add missing dependency for nbd build"Alexandru Avadanii1-0/+1
2018-01-08[centos jump] Add missing dependency for nbd buildAlexandru Avadanii1-0/+1
Change-Id: Icb23d2e6d3bb6e49b54e2d51cc8a35cb03702fcd Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-08lib.sh: base image: Prevent using incomplete imgAlexandru Avadanii1-4/+4
In case the previous deploy attempt already copied the base image as the VCP image in order to perform offline operations and failed, leaving an incomplete image in place, current code might try to use it instead of building it from scratch. Use the hash-agnostic link names as checkpoints for successful image handling. Change-Id: I1e99e515e18ba1dec534c520811c127b2b528afe Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-08lib.sh: Fix `modprobe -f` on UbuntuAlexandru Avadanii1-3/+4
For some reason, `modprobe -f` for a clean nbd module (from vanilla Ubuntu) fails with exec format error randomly, while a simple `modprobe` works. Change-Id: I79785e510cab757e2482baf442054be984c24019 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-07MaaS: Set commission/deploy timeouts via reclassAlexandru Avadanii3-2/+10
Allow end-users to easily change the MaaS commissioning/deploying timeouts by simply editing the reclass model. While at it, use arch-specific values and bump deploy timeout on AArch64 to 20 minutes instead of 15. Change-Id: I37ae434ecebdd64effb007baa06c722b1db15c66 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-07lib.sh: Fix stop condition in wait_forAlexandru Avadanii1-5/+5
Change-Id: Ida693b6dd328db283d6992ac33500f4dd1a73eb8 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-07salt.sh: Fix linux state apply on cfg01Alexandru Avadanii1-4/+4
cfg01 does not repond or is not connected while trying to apply linux state via salt.sh, use wait_for macro to account for this. JIRA: ARMBAND-315 Change-Id: I2d4c63d43f806b65f9ce327f4a00a6334be88750 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-07lib.sh: Extend wait_for function to catch no respAlexandru Avadanii5-16/+19
wait_for function should be able to also check for minions that did not return or not respond, in addition to the return code. To keep it backwards compatible, condition the new check on the max attempt number being specified in decimal format (e.g. '10.0' unlike old '10'). Change-Id: If2512cf9121cdd795638efe7362ef0485d4e8d91 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-07user-data.template: Remove salt-minion installAlexandru Avadanii2-12/+1
salt-minion is now pre-provisioned inside the image using qemu-nbd. Revert "lib.sh: Limit envsubst to certain variables" This reverts commit 3a76d07dbd409b781abdb8520f55a1b20edf07db. Change-Id: Icceb8bcf439e28ab01c7731c3602c1113290454d Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-07lib.sh: Cache base image(s) between deploysAlexandru Avadanii1-13/+36
Fingerprint and re-use base image artifacts. Change-Id: Ic7a73c04e27d25addd50e4e9880619a0028956d3 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-06deploy.sh: Print sysinfoAlexandru Avadanii4-0/+23
JIRA: FUEL-323 Change-Id: I0dcbcfbedc7e9ef013ca50dcc08f804323f91701 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-05Merge "[baremetal] ODL: Move ODL VCP VM to kvm02"Alexandru Avadanii1-1/+1
2018-01-05[baremetal] ODL: Move ODL VCP VM to kvm02Alexandru Avadanii1-1/+1
Balance VM distribution on the 3 kvm nodes, as kvm02 has 4 VCP VMs while kvm{01,03} have 5 VCP VMs each (without ODL). Instead of spawning the ODL VCP VM on kvm03, move it to kvm02. Change-Id: Id03b9453ee7c15cd6785c0bc073a38b87034aede Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-05deploy.sh: Silence cleanup outputAlexandru Avadanii1-14/+1
Cleanup sequence might print some warnings/errors that are misleading for new users, so let's silence them. While at it, remove unused `cleanup` function stub. Change-Id: Ic4225f7d4b701cd15d96e1bfc5eecfe2c4291eb6 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-04[centos jump] nbd build: Fix REQ_TYPE_SPECIALAlexandru Avadanii1-1/+5
Change-Id: Ia514418d2aae1b4f7e752d4610fa6c9829c67e51 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-04[centos jump] Add nbd build supportAlexandru Avadanii2-4/+74
RHEL distros do not maintain nbd, so add a best-effort function to build it on the fly. Change-Id: Ie0419f0fed8a0b12f6b878b3093d6ca34f72d140 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-04requirements_rpm: Add epel-release, nbdAlexandru Avadanii1-0/+2
qemu-nbd requires the 'nbd' kernel module, which is not available by default on CentOS 7, but is available from EPEL repo. Change-Id: I3e8f722d31a97293b077115499a97c93a4751917 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-03[baremetal] Switch VCP base image to UCAAlexandru Avadanii6-36/+17
Since Mirantis prebuilt image comes with salt-minion 2016.3 instead of 2016.11 and upgrading it leads to a hard to break catch-22, use the Ubuntu cloud archive image we already download for FN VMs and pre-install: - a newer kernel (hwe-edge); - salt-minion (2016.11); This also implicitly aligns the image handling on AArch64 and x86_64. Change-Id: I86d1c777449d37bdd0348936a598e3ffe9d265af Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-03Revert "patches: Drop salt ver sync patch, now upstream"Alexandru Avadanii2-0/+35
Unlike nightly dist, stable/2017.12 distributions of salt formulas repo do not yet include this change, so bring it back. This reverts commit 8fbafdf8a665fb8fff4d6f9f14c343e109c122ec. Change-Id: I7f7011750d385a28f4653faeeb74edb1cac1bcf2 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-03[baremetal] curtin: Bump salt-minion to 2016.11Alexandru Avadanii1-0/+2
By default, MaaS formula will install Salt minion 2016.3 via curtin on physical nodes. 2016.3 does not properly support proxy_host config option, causing timeouts during `linux.system.repo` SLS apply. Change-Id: I3d6245f0d4b425170c43b3b62a21ad9acc6cb97e Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-03[baremetal] Retire mas01 NATAlexandru Avadanii2-38/+0
Isolate networks by retiring NAT on mas01; also cutting direct internet access from cluster nodes that are not facing the public network (prx, cmp). NOTE: Since we are removing mas01 NAT, VCP VMs (except prx which have public IPs) and kvm nodes (cmp also have public IPs) will no longer have direct internet connectivity. Cluster deployment and operations will work without it, but if it is required for different reasons, the MaaS proxy could be enabled by uncommenting the /etc/enviroment section in: - cluster.baremetal-mcp-pike-common-ha.include.proxy.yml JIRA: FUEL-317 Change-Id: I5ed8b420296b27df34a54ec1ebd7b7cf58041425 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-03[patch] Use keystoneclient to check project IDAlexandru Avadanii2-0/+169
Another prerequisite for decoupling public network from Openstack internal management network (upstream won't fix it for Pike): - port fix from [1] for using the internal network when connecting to keystone during project ID validation in nova, instead of going through public endpoint (and using SSL). [1] https://bugs.launchpad.net/nova/+bug/1716344 Change-Id: Ic9a307df9af78fcd58cbcc07b5e62a7e07cc8d7d Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-03[patch] keystone: Use v3 for admin endpointAlexandru Avadanii1-0/+35
Now that v2 API is obsolete, also switch 'admin' endpoint to v3 (previously it was kept back for OCL compatibility). Change-Id: I9775d59d5e6b93d7351157f7550a0dd7114bee2f Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-02Merge "[baremetal] heat: Switch metadata API URL to mgmt"Alexandru Avadanii1-0/+14
2018-01-02Merge "[baremetal] prx: Add management network VIP"Alexandru Avadanii4-3/+38
2018-01-02[patch] Fix OVS ifup workaroundAlexandru Avadanii2-6/+16
Do not assume routes are on the same OVS port as the one currently being configured. Instead, apply the `unless` ifup condition for any OVS port. Change-Id: Iea8084f9e50401d300feb7ed16f90b430680cac5 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-02[baremetal] heat: Switch metadata API URL to mgmtAlexandru Avadanii1-0/+14
Prepare for decoupling management from public (drop mas01 NAT): - ctl: change heat URLs to use new management VIP instead of public; Change-Id: I8e220ee37bd4177c3afd58a9ee401f815d046706 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-02[baremetal] prx: Add management network VIPAlexandru Avadanii5-4/+42
Include `openstack_web_public_vip` class for setting up the old VIP in the public network, use old class for mgmt VIP. Also change the generic hostname 'prx' to point inside mgmt net. Change-Id: Iff69394f16ede290d149a26b054a85371f00f8e0 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-01docs: diagrams: Add PXE/admin on cfg01Alexandru Avadanii3-0/+0
Refresh diagrams to reflect that the internal network is not used anymore on jumpserver after PXE/admin was hooked to cfg01. Change-Id: I4c162d59824e182bc76c0a395742050544e95291 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-01[baremetal] MaaS: Enable HTTP proxyAlexandru Avadanii10-3/+51
Instead of using NAT on the mas01 node for all cluster node outgoing traffic, use the MaaS built-in proxy for APT traffic to leverage its caching capabilities too. Also enable the proxy for salt minions, so they can access public keyservers et al. Cleanup public DNS from kvm nodes, interferes with MaaS proxy. Add example config for global env proxy, but don't enable it: - default environment settings - /etc/environment (via reclass); The MaaS proxy will not be used (at least for now) on nodes: - cfg01; - mas01; NOTE: We can't yet drop the maas.pxe_nat state completely, as certain Openstack services are still accessed via public addresses from ctl nodes. JIRA: FUEL-317 JIRA: FUEL-318 Change-Id: I6c5f6872bb94afb838580571080e808bc262fc68 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-31[baremetal] cmp: Add missing public gw (default)Alexandru Avadanii3-0/+38
When we dropped the default gw via mas01 NAT, we uncovered a bug, compute nodes do not have the proper public gw set up and used to reach public network via mas01, slowing everything down. Add gw similar to prx nodes. Fixes: d4ab072 Change-Id: I4343c31c376a7a223670cdd623366454396d8d92 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-30salt: Use apt-mk 'stable' distributionAlexandru Avadanii1-1/+1
'nightly' repo dist from apt-mk is broken, so switch to 'stable'. Change-Id: Ie12dfc2a499910b8b98a63886ba16044e66435f5 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-29Merge "[netconfig] APT: Prefer ipv4 connections over ipv6"Alexandru Avadanii2-0/+9
2017-12-29[netconfig] APT: Prefer ipv4 connections over ipv6Alexandru Avadanii2-0/+9
Ubuntu prefers ipv6 connections therefore in some networks, this breaks software updates (it does a AAAA DNS lookup before A record lookups). Let's prefer old style ipv4 connections over the new ipv6 in order to save some processing and resource utilization. Based on previous work from [1] (but without /etc/gai.conf, only APT). [1] https://review.openstack.org/#/c/462502/ JIRA: FUEL-321 Change-Id: Ic3dff3baa1c0be9ac95972557d6a2d26641bfe1b Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-29[maas] artifact sync: improve barrier conditionAlexandru Avadanii1-3/+2
Simplify wait condition for MaaS service up, since it's fragile and often adds extra time when not really needed. Instead, retry starting boot image import right away. Change-Id: I131d6c82127449cecf6685d4cc7484a366e658c6 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-28Merge "[patch] haproxy hostname parameterization upstream"Alexandru Avadanii3-550/+0
2017-12-28[patch] haproxy hostname parameterization upstreamAlexandru Avadanii3-550/+0
PR [1] was merged upstream. [1] https://github.com/Mirantis/reclass-system-salt-model/pull/298 Change-Id: I335ac265b0b0b625c2f488755c5d11710ab354c2 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-28[patch] Use keystone v3 endpoints by defaultMichael Polenchuk1-0/+31
Change-Id: I98fc378fbec3679acf5bad4c089972340daea92c Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-12-27Merge "lib.sh: Add delay after `kpartx -av`"Alexandru Avadanii1-0/+1