Age | Commit message (Collapse) | Author | Files | Lines |
|
Change-Id: I84a4789ff2155d7c14f9ffd9bfe54c5bca7a0d4f
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
- noha: 'accept_policy: open_mode' to align with ha scenarios;
- s/cmp01/cmp001/g to align all scenarios and allow code reuse;
- rename network params: s/dhcp/mcpcontrol/g, cleanup;
- computes XDF data: drop 'opnfv_*' layer of params, cleanup;
- local vPDF: add comments with default roles by node index;
- parameterize all netmasks;
- drop unused address/netmask for 'proto: manual' interfaces;
- virsh_net: cleanup definitions, remove hardcodes, align IP on
jumpserver and DHCP range with MaaS for pxebr;
- maas: parameterize hardcoded '/24' cidr for PXE/admin, refactor
maas.region.machines parameterization;
- merge <all-mcp-arch-common/infra/config_*pdf.yaml.j2> templates;
- move reclass.storage definitions of compute nodes to common dir;
- drop 'openstack_compute_*' reclass params in favor of expanding
them via j2 directly in reclass.storage params;
- adopt `nm.cluster.has_*_nodes` where possible;
- obsolete `runtime.yml` from reclass model;
- refactor arch-specific reclass param selection;
- remove unused defaults in favor of mandatory IDF properties;
- noha: prepare for baremetal node support in cinder_lvm_devices;
- interfaces: add interface_mtu and 'noifupdown: true' everywhere;
- interfaces: use j2 macros to generate eth/vlan config;
- states cleanup: remove DHCP route disable workaround on prx/cmp;
- allow configuring NTP servers via:
`idf.fuel.network.ntp_strata_host{1,2}`;
- ovs_bridge: Allow setting gateway, dns-nameservers
- apache: Adjust module list for novcp class inheritance;
- glusterfs PPA: pin with same prio of MCP repos for novcp scenario;
JIRA: FUEL-319
JIRA: FUEL-326
JIRA: FUEL-337
Change-Id: Ia6ad64ba8cade85a75fb22c9a2505decc3834360
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Baremental compute nodes time out with 'Not connected' or
'No response' while trying to apply `salt.minion` highstate after
the Salt 2017.7 bump, retry applying it up to 5 times.
Change-Id: I67f74c65a7cebe0a0b4c2812fa0ced6c1144be58
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Now that the `linux.network` state applies cleanly on all nodes,
stop expecting failures to prevent false-positive passes.
Change-Id: I8a283474e12b85deb95815e4e7a0af4a74d143ac
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Catch & retry transient errors / timeouts while applying the
`linux.system` state on cmp nodes.
Change-Id: Id314b5a29673e0bcaa78611fc787491056830952
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Similar to cmp, when route already exists, networking service fails
to start on 'nginx:server' slaves ('kvm' in novcp case).
JIRA: FUEL-349
Change-Id: I2dc83ea78528533e92c9b9125e78b6e4387bdfe2
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
- fix `route-br-ex` if-up.d script failing when route already exists
by adding a wrapper around distro's '/sbin/route' binary in
'/usr/local/sbin/route', exploiting default order in Ubuntu PATH;
- fix 'br-prv' duplicate entry in 'interfaces.d/ifcfg-br-prv' and
'interfaces' caused by upstream bug [1];
- add barrier waiting for all baremetal nodes online before attempting
reboot, trying to catch rare failures which are undetectable in logs
as both a succesful reboot and a disconneted minion report 'n/c';
With the above in place, networking service should no longer fail
to start on cmp nodes w/ DPDK.
[1] https://github.com/saltstack/salt/issues/40262
Change-Id: I6d4895376ce323c14c997e6c9af2ea3eeeee0184
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Based on Canonical research (https://goo.gl/QJykMa) there is
low-risk of attack for private clouds environments, therefore
turn off the related kernel patches & regain performance back.
Change-Id: I661fa127241e327b07d21a29d58d584997607123
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Instead of defining a http proxy for all salt-minion traffic, which
also includes some Openstack API accesses we can't filter (no_proxy
is not yet supported), add & leverage support for proxy configuration
during APT keyserver access / key download.
JIRA: FUEL-331
Change-Id: I9470807633596c610cfafb141b139ddda2ff096b
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Prevent dhcp client from setting an unwanted
default routes on compute nodes.
Change-Id: I2529491bbc977647e5f457d5f1ba88b0cc4372ee
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
wait_for function should be able to also check for minions that did
not return or not respond, in addition to the return code.
To keep it backwards compatible, condition the new check on the max
attempt number being specified in decimal format (e.g. '10.0' unlike
old '10').
Change-Id: If2512cf9121cdd795638efe7362ef0485d4e8d91
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Instead of using NAT on the mas01 node for all cluster node outgoing
traffic, use the MaaS built-in proxy for APT traffic to leverage its
caching capabilities too.
Also enable the proxy for salt minions, so they can access public
keyservers et al.
Cleanup public DNS from kvm nodes, interferes with MaaS proxy.
Add example config for global env proxy, but don't enable it:
- default environment settings - /etc/environment (via reclass);
The MaaS proxy will not be used (at least for now) on nodes:
- cfg01;
- mas01;
NOTE: We can't yet drop the maas.pxe_nat state completely, as certain
Openstack services are still accessed via public addresses from ctl
nodes.
JIRA: FUEL-317
JIRA: FUEL-318
Change-Id: I6c5f6872bb94afb838580571080e808bc262fc68
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
MaaS installs a few packages via curtin, which don't get upgraded
later, even if we add extra repos (it will be the case for novcp).
Perform a package upgrade on all baremetal nodes, as it's also a
good security practice.
JIRA: FUEL-310
Change-Id: Ib365e42a0d2f65813fc9bef516326ec89fe407de
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
To align with new cluster naming convention, rename 'openstack'
state file to 'openstack_noha'.
While at it, factor out baremetal setup from 'virtual_control_plane'
into a new state that will be reused in upcoming scenarios, remove
useless sync_all (automatically done after node reboot).
FUEL-310
Change-Id: I6d7e5db8f09305f2fd8eeca0199a2e85b08d2202
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|