summaryrefslogtreecommitdiffstats
path: root/mcp/config/states/baremetal_init
AgeCommit message (Collapse)AuthorFilesLines
2018-01-31Turn off Retpoline and KPTI protectionMichael Polenchuk1-1/+1
Based on Canonical research (https://goo.gl/QJykMa) there is low-risk of attack for private clouds environments, therefore turn off the related kernel patches & regain performance back. Change-Id: I661fa127241e327b07d21a29d58d584997607123 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-01-22[patch] system.repo: Add keyserver proxy supportAlexandru Avadanii1-1/+0
Instead of defining a http proxy for all salt-minion traffic, which also includes some Openstack API accesses we can't filter (no_proxy is not yet supported), add & leverage support for proxy configuration during APT keyserver access / key download. JIRA: FUEL-331 Change-Id: I9470807633596c610cfafb141b139ddda2ff096b Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-11[baremetal] Disable dhcp offered routesMichael Polenchuk1-0/+5
Prevent dhcp client from setting an unwanted default routes on compute nodes. Change-Id: I2529491bbc977647e5f457d5f1ba88b0cc4372ee Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-01-07lib.sh: Extend wait_for function to catch no respAlexandru Avadanii1-2/+1
wait_for function should be able to also check for minions that did not return or not respond, in addition to the return code. To keep it backwards compatible, condition the new check on the max attempt number being specified in decimal format (e.g. '10.0' unlike old '10'). Change-Id: If2512cf9121cdd795638efe7362ef0485d4e8d91 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-01[baremetal] MaaS: Enable HTTP proxyAlexandru Avadanii1-1/+3
Instead of using NAT on the mas01 node for all cluster node outgoing traffic, use the MaaS built-in proxy for APT traffic to leverage its caching capabilities too. Also enable the proxy for salt minions, so they can access public keyservers et al. Cleanup public DNS from kvm nodes, interferes with MaaS proxy. Add example config for global env proxy, but don't enable it: - default environment settings - /etc/environment (via reclass); The MaaS proxy will not be used (at least for now) on nodes: - cfg01; - mas01; NOTE: We can't yet drop the maas.pxe_nat state completely, as certain Openstack services are still accessed via public addresses from ctl nodes. JIRA: FUEL-317 JIRA: FUEL-318 Change-Id: I6c5f6872bb94afb838580571080e808bc262fc68 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-14[baremetal] Upgrade packages on kvm, cmp nodes tooAlexandru Avadanii1-0/+1
MaaS installs a few packages via curtin, which don't get upgraded later, even if we add extra repos (it will be the case for novcp). Perform a package upgrade on all baremetal nodes, as it's also a good security practice. JIRA: FUEL-310 Change-Id: Ib365e42a0d2f65813fc9bef516326ec89fe407de Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-04states: Rename openstack, add baremetal_initAlexandru Avadanii1-0/+33
To align with new cluster naming convention, rename 'openstack' state file to 'openstack_noha'. While at it, factor out baremetal setup from 'virtual_control_plane' into a new state that will be reused in upcoming scenarios, remove useless sync_all (automatically done after node reboot). FUEL-310 Change-Id: I6d7e5db8f09305f2fd8eeca0199a2e85b08d2202 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>