summaryrefslogtreecommitdiffstats
path: root/mcp/config/states/baremetal_init
AgeCommit message (Collapse)AuthorFilesLines
2018-07-16[salt-formulas] opnfv: Drop obsolete route_wrapperAlexandru Avadanii1-4/+1
Change-Id: I84a4789ff2155d7c14f9ffd9bfe54c5bca7a0d4f Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-06-19Enforce static configuration instead of DHCPAlexandru Avadanii1-4/+0
- noha: 'accept_policy: open_mode' to align with ha scenarios; - s/cmp01/cmp001/g to align all scenarios and allow code reuse; - rename network params: s/dhcp/mcpcontrol/g, cleanup; - computes XDF data: drop 'opnfv_*' layer of params, cleanup; - local vPDF: add comments with default roles by node index; - parameterize all netmasks; - drop unused address/netmask for 'proto: manual' interfaces; - virsh_net: cleanup definitions, remove hardcodes, align IP on jumpserver and DHCP range with MaaS for pxebr; - maas: parameterize hardcoded '/24' cidr for PXE/admin, refactor maas.region.machines parameterization; - merge <all-mcp-arch-common/infra/config_*pdf.yaml.j2> templates; - move reclass.storage definitions of compute nodes to common dir; - drop 'openstack_compute_*' reclass params in favor of expanding them via j2 directly in reclass.storage params; - adopt `nm.cluster.has_*_nodes` where possible; - obsolete `runtime.yml` from reclass model; - refactor arch-specific reclass param selection; - remove unused defaults in favor of mandatory IDF properties; - noha: prepare for baremetal node support in cinder_lvm_devices; - interfaces: add interface_mtu and 'noifupdown: true' everywhere; - interfaces: use j2 macros to generate eth/vlan config; - states cleanup: remove DHCP route disable workaround on prx/cmp; - allow configuring NTP servers via: `idf.fuel.network.ntp_strata_host{1,2}`; - ovs_bridge: Allow setting gateway, dns-nameservers - apache: Adjust module list for novcp class inheritance; - glusterfs PPA: pin with same prio of MCP repos for novcp scenario; JIRA: FUEL-319 JIRA: FUEL-326 JIRA: FUEL-337 Change-Id: Ia6ad64ba8cade85a75fb22c9a2505decc3834360 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-06-11[ha] Retry salt.minion state applyAlexandru Avadanii1-1/+1
Baremental compute nodes time out with 'Not connected' or 'No response' while trying to apply `salt.minion` highstate after the Salt 2017.7 bump, retry applying it up to 5 times. Change-Id: I67f74c65a7cebe0a0b4c2812fa0ced6c1144be58 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-06-08[state] Stop expecting linux.network failuresAlexandru Avadanii1-2/+2
Now that the `linux.network` state applies cleanly on all nodes, stop expecting failures to prevent false-positive passes. Change-Id: I8a283474e12b85deb95815e4e7a0af4a74d143ac Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-04-18[baremetal] cmp linux.system: catch 'no response'Alexandru Avadanii1-1/+1
Catch & retry transient errors / timeouts while applying the `linux.system` state on cmp nodes. Change-Id: Id314b5a29673e0bcaa78611fc787491056830952 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-03-07[ha] Add route_wrapper to prx, kvmAlexandru Avadanii1-1/+1
Similar to cmp, when route already exists, networking service fails to start on 'nginx:server' slaves ('kvm' in novcp case). JIRA: FUEL-349 Change-Id: I2dc83ea78528533e92c9b9125e78b6e4387bdfe2 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-02-25[ovs/dpdk] Add opnfv.route_wrapper slsAlexandru Avadanii1-1/+4
- fix `route-br-ex` if-up.d script failing when route already exists by adding a wrapper around distro's '/sbin/route' binary in '/usr/local/sbin/route', exploiting default order in Ubuntu PATH; - fix 'br-prv' duplicate entry in 'interfaces.d/ifcfg-br-prv' and 'interfaces' caused by upstream bug [1]; - add barrier waiting for all baremetal nodes online before attempting reboot, trying to catch rare failures which are undetectable in logs as both a succesful reboot and a disconneted minion report 'n/c'; With the above in place, networking service should no longer fail to start on cmp nodes w/ DPDK. [1] https://github.com/saltstack/salt/issues/40262 Change-Id: I6d4895376ce323c14c997e6c9af2ea3eeeee0184 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-31Turn off Retpoline and KPTI protectionMichael Polenchuk1-1/+1
Based on Canonical research (https://goo.gl/QJykMa) there is low-risk of attack for private clouds environments, therefore turn off the related kernel patches & regain performance back. Change-Id: I661fa127241e327b07d21a29d58d584997607123 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-01-22[patch] system.repo: Add keyserver proxy supportAlexandru Avadanii1-1/+0
Instead of defining a http proxy for all salt-minion traffic, which also includes some Openstack API accesses we can't filter (no_proxy is not yet supported), add & leverage support for proxy configuration during APT keyserver access / key download. JIRA: FUEL-331 Change-Id: I9470807633596c610cfafb141b139ddda2ff096b Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-11[baremetal] Disable dhcp offered routesMichael Polenchuk1-0/+5
Prevent dhcp client from setting an unwanted default routes on compute nodes. Change-Id: I2529491bbc977647e5f457d5f1ba88b0cc4372ee Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-01-07lib.sh: Extend wait_for function to catch no respAlexandru Avadanii1-2/+1
wait_for function should be able to also check for minions that did not return or not respond, in addition to the return code. To keep it backwards compatible, condition the new check on the max attempt number being specified in decimal format (e.g. '10.0' unlike old '10'). Change-Id: If2512cf9121cdd795638efe7362ef0485d4e8d91 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-01[baremetal] MaaS: Enable HTTP proxyAlexandru Avadanii1-1/+3
Instead of using NAT on the mas01 node for all cluster node outgoing traffic, use the MaaS built-in proxy for APT traffic to leverage its caching capabilities too. Also enable the proxy for salt minions, so they can access public keyservers et al. Cleanup public DNS from kvm nodes, interferes with MaaS proxy. Add example config for global env proxy, but don't enable it: - default environment settings - /etc/environment (via reclass); The MaaS proxy will not be used (at least for now) on nodes: - cfg01; - mas01; NOTE: We can't yet drop the maas.pxe_nat state completely, as certain Openstack services are still accessed via public addresses from ctl nodes. JIRA: FUEL-317 JIRA: FUEL-318 Change-Id: I6c5f6872bb94afb838580571080e808bc262fc68 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-14[baremetal] Upgrade packages on kvm, cmp nodes tooAlexandru Avadanii1-0/+1
MaaS installs a few packages via curtin, which don't get upgraded later, even if we add extra repos (it will be the case for novcp). Perform a package upgrade on all baremetal nodes, as it's also a good security practice. JIRA: FUEL-310 Change-Id: Ib365e42a0d2f65813fc9bef516326ec89fe407de Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-04states: Rename openstack, add baremetal_initAlexandru Avadanii1-0/+33
To align with new cluster naming convention, rename 'openstack' state file to 'openstack_noha'. While at it, factor out baremetal setup from 'virtual_control_plane' into a new state that will be reused in upcoming scenarios, remove useless sync_all (automatically done after node reboot). FUEL-310 Change-Id: I6d7e5db8f09305f2fd8eeca0199a2e85b08d2202 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>