aboutsummaryrefslogtreecommitdiffstats
AgeCommit message (Collapse)AuthorFilesLines
2018-01-03[baremetal] Switch VCP base image to UCAAlexandru Avadanii6-36/+17
Since Mirantis prebuilt image comes with salt-minion 2016.3 instead of 2016.11 and upgrading it leads to a hard to break catch-22, use the Ubuntu cloud archive image we already download for FN VMs and pre-install: - a newer kernel (hwe-edge); - salt-minion (2016.11); This also implicitly aligns the image handling on AArch64 and x86_64. Change-Id: I86d1c777449d37bdd0348936a598e3ffe9d265af Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-03Revert "patches: Drop salt ver sync patch, now upstream"Alexandru Avadanii2-0/+35
Unlike nightly dist, stable/2017.12 distributions of salt formulas repo do not yet include this change, so bring it back. This reverts commit 8fbafdf8a665fb8fff4d6f9f14c343e109c122ec. Change-Id: I7f7011750d385a28f4653faeeb74edb1cac1bcf2 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-03[baremetal] curtin: Bump salt-minion to 2016.11Alexandru Avadanii1-0/+2
By default, MaaS formula will install Salt minion 2016.3 via curtin on physical nodes. 2016.3 does not properly support proxy_host config option, causing timeouts during `linux.system.repo` SLS apply. Change-Id: I3d6245f0d4b425170c43b3b62a21ad9acc6cb97e Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-03[baremetal] Retire mas01 NATAlexandru Avadanii2-38/+0
Isolate networks by retiring NAT on mas01; also cutting direct internet access from cluster nodes that are not facing the public network (prx, cmp). NOTE: Since we are removing mas01 NAT, VCP VMs (except prx which have public IPs) and kvm nodes (cmp also have public IPs) will no longer have direct internet connectivity. Cluster deployment and operations will work without it, but if it is required for different reasons, the MaaS proxy could be enabled by uncommenting the /etc/enviroment section in: - cluster.baremetal-mcp-pike-common-ha.include.proxy.yml JIRA: FUEL-317 Change-Id: I5ed8b420296b27df34a54ec1ebd7b7cf58041425 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-03[patch] Use keystoneclient to check project IDAlexandru Avadanii2-0/+169
Another prerequisite for decoupling public network from Openstack internal management network (upstream won't fix it for Pike): - port fix from [1] for using the internal network when connecting to keystone during project ID validation in nova, instead of going through public endpoint (and using SSL). [1] https://bugs.launchpad.net/nova/+bug/1716344 Change-Id: Ic9a307df9af78fcd58cbcc07b5e62a7e07cc8d7d Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-03[patch] keystone: Use v3 for admin endpointAlexandru Avadanii1-0/+35
Now that v2 API is obsolete, also switch 'admin' endpoint to v3 (previously it was kept back for OCL compatibility). Change-Id: I9775d59d5e6b93d7351157f7550a0dd7114bee2f Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-02Merge "[baremetal] heat: Switch metadata API URL to mgmt"Alexandru Avadanii1-0/+14
2018-01-02Merge "[baremetal] prx: Add management network VIP"Alexandru Avadanii4-3/+38
2018-01-02[patch] Fix OVS ifup workaroundAlexandru Avadanii2-6/+16
Do not assume routes are on the same OVS port as the one currently being configured. Instead, apply the `unless` ifup condition for any OVS port. Change-Id: Iea8084f9e50401d300feb7ed16f90b430680cac5 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-02[baremetal] heat: Switch metadata API URL to mgmtAlexandru Avadanii1-0/+14
Prepare for decoupling management from public (drop mas01 NAT): - ctl: change heat URLs to use new management VIP instead of public; Change-Id: I8e220ee37bd4177c3afd58a9ee401f815d046706 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-02[baremetal] prx: Add management network VIPAlexandru Avadanii5-4/+42
Include `openstack_web_public_vip` class for setting up the old VIP in the public network, use old class for mgmt VIP. Also change the generic hostname 'prx' to point inside mgmt net. Change-Id: Iff69394f16ede290d149a26b054a85371f00f8e0 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-01docs: diagrams: Add PXE/admin on cfg01Alexandru Avadanii3-0/+0
Refresh diagrams to reflect that the internal network is not used anymore on jumpserver after PXE/admin was hooked to cfg01. Change-Id: I4c162d59824e182bc76c0a395742050544e95291 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-01[baremetal] MaaS: Enable HTTP proxyAlexandru Avadanii10-3/+51
Instead of using NAT on the mas01 node for all cluster node outgoing traffic, use the MaaS built-in proxy for APT traffic to leverage its caching capabilities too. Also enable the proxy for salt minions, so they can access public keyservers et al. Cleanup public DNS from kvm nodes, interferes with MaaS proxy. Add example config for global env proxy, but don't enable it: - default environment settings - /etc/environment (via reclass); The MaaS proxy will not be used (at least for now) on nodes: - cfg01; - mas01; NOTE: We can't yet drop the maas.pxe_nat state completely, as certain Openstack services are still accessed via public addresses from ctl nodes. JIRA: FUEL-317 JIRA: FUEL-318 Change-Id: I6c5f6872bb94afb838580571080e808bc262fc68 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-31[baremetal] cmp: Add missing public gw (default)Alexandru Avadanii3-0/+38
When we dropped the default gw via mas01 NAT, we uncovered a bug, compute nodes do not have the proper public gw set up and used to reach public network via mas01, slowing everything down. Add gw similar to prx nodes. Fixes: d4ab072 Change-Id: I4343c31c376a7a223670cdd623366454396d8d92 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-30salt: Use apt-mk 'stable' distributionAlexandru Avadanii1-1/+1
'nightly' repo dist from apt-mk is broken, so switch to 'stable'. Change-Id: Ie12dfc2a499910b8b98a63886ba16044e66435f5 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-29Merge "[netconfig] APT: Prefer ipv4 connections over ipv6"Alexandru Avadanii2-0/+9
2017-12-29[netconfig] APT: Prefer ipv4 connections over ipv6Alexandru Avadanii2-0/+9
Ubuntu prefers ipv6 connections therefore in some networks, this breaks software updates (it does a AAAA DNS lookup before A record lookups). Let's prefer old style ipv4 connections over the new ipv6 in order to save some processing and resource utilization. Based on previous work from [1] (but without /etc/gai.conf, only APT). [1] https://review.openstack.org/#/c/462502/ JIRA: FUEL-321 Change-Id: Ic3dff3baa1c0be9ac95972557d6a2d26641bfe1b Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-29[maas] artifact sync: improve barrier conditionAlexandru Avadanii1-3/+2
Simplify wait condition for MaaS service up, since it's fragile and often adds extra time when not really needed. Instead, retry starting boot image import right away. Change-Id: I131d6c82127449cecf6685d4cc7484a366e658c6 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-28Merge "[patch] haproxy hostname parameterization upstream"Alexandru Avadanii3-550/+0
2017-12-28[patch] haproxy hostname parameterization upstreamAlexandru Avadanii3-550/+0
PR [1] was merged upstream. [1] https://github.com/Mirantis/reclass-system-salt-model/pull/298 Change-Id: I335ac265b0b0b625c2f488755c5d11710ab354c2 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-28[patch] Use keystone v3 endpoints by defaultMichael Polenchuk1-0/+31
Change-Id: I98fc378fbec3679acf5bad4c089972340daea92c Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-12-27Merge "lib.sh: Add delay after `kpartx -av`"Alexandru Avadanii1-0/+1
2017-12-27lib.sh: Add delay after `kpartx -av`Alexandru Avadanii1-0/+1
On rare occassions, mapper bindings created by kpartx take longer to show up, leading to errors when we try to mount them on. Bring back the hardcoded delay to bypass such issues. Change-Id: Ib386c04fc55cd85235a2156dba08fda378e4cdfd Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-27Merge "patches: Squash maas region changes"Alexandru Avadanii3-47/+26
2017-12-27[ovn] Inject ovn central optionsMichael Polenchuk2-0/+16
Change-Id: Ib9021ee3ca15c05cc137ae42c263383acb4393bd Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-12-27patches: Squash maas region changesAlexandru Avadanii3-47/+26
When re-deploying with `-f` flag, `patch -R` cannot cleanly revert maas region changes with overlapping context lines, so squash them into a single file. Change-Id: I87dae72a12fea833e9e6729de21d4ce5f262695e Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-25[ovn] Mend state name of openstackMichael Polenchuk1-3/+3
* rename openstack state name with noha suffix * increase vcpus for compute nodes Change-Id: I03386c4c1c92d329d847aa506589823e57644ef4 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-12-22Merge "[ovn] Weed out gateway node from reclass storage"Alexandru Avadanii4-5/+19
2017-12-22[vcp] Catch 'no response' of salt minion as wellMichael Polenchuk3-6/+1
Salt minion could return 'no response' and cause an unconfigured state of the vcp node(s), so catch this output after linux state as well. Also clean up excess route on proxy nodes. Change-Id: I3183fa09ff41a8f027ee789869bdae0c3962ab8f Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-12-22[ovn] Weed out gateway node from reclass storageMichael Polenchuk5-5/+19
Change-Id: I87efd87f8ac05ed9b3189e5dba80748e07c86d5d Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-12-21Bring in ovn based scenarioMichael Polenchuk18-2/+175
OVN based scenario doesn't require conventional gateway node since connectivity to external networks and routing occurs on compute nodes. Change-Id: I81e0d497170d5ffb067adf13b0e46290525f26a6 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-12-20[maas] Adjust deployment order/timeoutsMichael Polenchuk1-3/+7
Change-Id: I9dbb51ce2387450e4ae19f8b3444f5e52cfdc71d Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-12-19[dpdk] Remove user/group setting for ovs rundirMichael Polenchuk2-3/+1
The proper patches have been merged into upstream (nova/neutron formulas, system reclass) to use a separate dir for vhost_user sockets. Change-Id: Iba8d8a9a05c5ab681b5b5ffbea786dca92704c82 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-12-19Merge "[baremetal] MaaS: Reduce timeout values"Alexandru Avadanii3-12/+11
2017-12-19Set libvirt unix_sock_group as an optionMichael Polenchuk4-30/+1
Updated libvirt formula now supports group name as an option for unix socket parameter. Change-Id: I683e38971fe6c939fd09e95b805d611ddc596f28 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-12-19[baremetal] MaaS: Reduce timeout valuesAlexandru Avadanii3-12/+11
`maas_fixup` is already re-entrant, so we can execute it more than once during a commissioning/deploy cycle. Reduce the timeout waiting for all nodes to reach a stable state, so nodes stuck in 'Ready' state instead of reaching 'Deploying' get dealt with sooner (~5 min vs old 30 min). While at it, let `maas_fixup` handle machine deploy as well, so we can catch nodes stuck in 'Ready' state and re-trigger the deploy. Change-Id: Id24cc97b17489835c5846288639a9a6032bd320a Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-18Merge "states: networks: Use role-based addressing"Alexandru Avadanii2-6/+6
2017-12-18Merge "[baremetal] cleanup: Remove unused gtw node data"Alexandru Avadanii2-23/+0
2017-12-18Merge "[baremetal] Move salt master IP to PXE/admin"Alexandru Avadanii9-25/+18
2017-12-18[maas] Set edge hwe kernel as a default minimumMichael Polenchuk1-6/+7
Change-Id: I360dcb675c90b6f20687979ebc493afe6682c821 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-12-18Merge "salt.sh: Use salt-call to apply linux sls on cfg01"Michael Polenchuk1-1/+1
2017-12-18Merge "[baremetal] MaaS: Fix DHCP dynamic reserved range"Michael Polenchuk7-8/+109
2017-12-18Merge "ci/deploy.sh: maas: cleanup_uefi on env erase"Michael Polenchuk2-10/+9
2017-12-18[baremetal] Move salt master IP to PXE/adminAlexandru Avadanii9-25/+18
Use PXE/admin network for salt traffic from/to all minions except cfg01, mas01. This allows us to drop the route to admin net from cfg01. Change-Id: Ic2526f1ff77afe5d92ced900971f4c8f78d2d8a2 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-18salt.sh: Use salt-call to apply linux sls on cfg01Alexandru Avadanii1-1/+1
Also, retry applying linux high state up to twice, due to rare spurious failures with 'No reponse' status. Change-Id: Ic7839a5c9501673cb127412136afb91e05f87a7e Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-18[baremetal] MaaS: Fix DHCP dynamic reserved rangeAlexandru Avadanii7-8/+109
- patch MaaS to default to `DHCP` instead of `AUTO` for physical PXE interfaces (all IPs will be handed out by MaaS DHCP *inside* the defined dynamic DHCP IP range); - reduce range to silence bogus MaaS warning about address exhaustion; - regenerate pod_config.yml.example to reflect the changes; - drop `opnfv_infra_maas_pxe_address` (duplicate of `opnfv_infra_maas_node01_deploy_address`); - add `opnfv_infra_config_pxe_address` for future usage; - while at it, fix missing patch copyright; JIRA: FUEL-316 Change-Id: I81fad333e77f7c8508cd2b2b267c7b39c130e3e1 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-16[baremetal] cleanup: Remove unused gtw node dataAlexandru Avadanii2-23/+0
Change-Id: I48f73caa0f7cae532d4d9b3f68e1d8de59f8dd9e Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-16states: networks: Use role-based addressingAlexandru Avadanii2-6/+6
JIRA: FUEL-310 Change-Id: Ice6d6bbb2d2ee8e21f2757b02056873d1a030ea3 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-15ci/deploy.sh: maas: cleanup_uefi on env eraseAlexandru Avadanii2-10/+9
Running `ci/deploy.sh -EE` should also perform an UEFI boot option cleanup, otherwise we risk booting the previously installed OS. While at it, reduce delay between nodes removal and fix a rare failure for `-EE` when no nodes are defined in MaaS. Change-Id: I789ffd3e22545921216f7d5ee3509c76354542eb Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-14[baremetal] Move VCP iface config to own ymlAlexandru Avadanii28-91/+100
- move linux.network.interface definitions to their own classes, which also removes the previous requirement of defining {dhcp,single}_nic parameters in classes that don't actually use them; - drop now useless {dhcp,single}_nic parameters; - expand linux_{dhcp,single}_interface macros, since they cause issues with reclass dict-merge while attempting to override sub-vars (i.e. it's not possible to set 'enabled: false' via reclass interpolation); JIRA: FUEL-310 Change-Id: I29d921f545e761de335a60e242a4523d13b06c78 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>