summaryrefslogtreecommitdiffstats
path: root/mcp/config/states
AgeCommit message (Collapse)AuthorFilesLines
2018-01-03[baremetal] Retire mas01 NATAlexandru Avadanii1-1/+0
Isolate networks by retiring NAT on mas01; also cutting direct internet access from cluster nodes that are not facing the public network (prx, cmp). NOTE: Since we are removing mas01 NAT, VCP VMs (except prx which have public IPs) and kvm nodes (cmp also have public IPs) will no longer have direct internet connectivity. Cluster deployment and operations will work without it, but if it is required for different reasons, the MaaS proxy could be enabled by uncommenting the /etc/enviroment section in: - cluster.baremetal-mcp-pike-common-ha.include.proxy.yml JIRA: FUEL-317 Change-Id: I5ed8b420296b27df34a54ec1ebd7b7cf58041425 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-01[baremetal] MaaS: Enable HTTP proxyAlexandru Avadanii2-1/+13
Instead of using NAT on the mas01 node for all cluster node outgoing traffic, use the MaaS built-in proxy for APT traffic to leverage its caching capabilities too. Also enable the proxy for salt minions, so they can access public keyservers et al. Cleanup public DNS from kvm nodes, interferes with MaaS proxy. Add example config for global env proxy, but don't enable it: - default environment settings - /etc/environment (via reclass); The MaaS proxy will not be used (at least for now) on nodes: - cfg01; - mas01; NOTE: We can't yet drop the maas.pxe_nat state completely, as certain Openstack services are still accessed via public addresses from ctl nodes. JIRA: FUEL-317 JIRA: FUEL-318 Change-Id: I6c5f6872bb94afb838580571080e808bc262fc68 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-27[ovn] Inject ovn central optionsMichael Polenchuk1-0/+15
Change-Id: Ib9021ee3ca15c05cc137ae42c263383acb4393bd Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-12-22[vcp] Catch 'no response' of salt minion as wellMichael Polenchuk1-1/+1
Salt minion could return 'no response' and cause an unconfigured state of the vcp node(s), so catch this output after linux state as well. Also clean up excess route on proxy nodes. Change-Id: I3183fa09ff41a8f027ee789869bdae0c3962ab8f Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-12-21Bring in ovn based scenarioMichael Polenchuk2-1/+12
OVN based scenario doesn't require conventional gateway node since connectivity to external networks and routing occurs on compute nodes. Change-Id: I81e0d497170d5ffb067adf13b0e46290525f26a6 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-12-20[maas] Adjust deployment order/timeoutsMichael Polenchuk1-3/+7
Change-Id: I9dbb51ce2387450e4ae19f8b3444f5e52cfdc71d Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-12-19[dpdk] Remove user/group setting for ovs rundirMichael Polenchuk1-3/+0
The proper patches have been merged into upstream (nova/neutron formulas, system reclass) to use a separate dir for vhost_user sockets. Change-Id: Iba8d8a9a05c5ab681b5b5ffbea786dca92704c82 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-12-19[baremetal] MaaS: Reduce timeout valuesAlexandru Avadanii1-9/+8
`maas_fixup` is already re-entrant, so we can execute it more than once during a commissioning/deploy cycle. Reduce the timeout waiting for all nodes to reach a stable state, so nodes stuck in 'Ready' state instead of reaching 'Deploying' get dealt with sooner (~5 min vs old 30 min). While at it, let `maas_fixup` handle machine deploy as well, so we can catch nodes stuck in 'Ready' state and re-trigger the deploy. Change-Id: Id24cc97b17489835c5846288639a9a6032bd320a Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-18Merge "states: networks: Use role-based addressing"Alexandru Avadanii1-5/+5
2017-12-18Merge "[baremetal] Move salt master IP to PXE/admin"Alexandru Avadanii1-2/+0
2017-12-18[baremetal] Move salt master IP to PXE/adminAlexandru Avadanii1-2/+0
Use PXE/admin network for salt traffic from/to all minions except cfg01, mas01. This allows us to drop the route to admin net from cfg01. Change-Id: Ic2526f1ff77afe5d92ced900971f4c8f78d2d8a2 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-16states: networks: Use role-based addressingAlexandru Avadanii1-5/+5
JIRA: FUEL-310 Change-Id: Ice6d6bbb2d2ee8e21f2757b02056873d1a030ea3 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-15ci/deploy.sh: maas: cleanup_uefi on env eraseAlexandru Avadanii1-8/+6
Running `ci/deploy.sh -EE` should also perform an UEFI boot option cleanup, otherwise we risk booting the previously installed OS. While at it, reduce delay between nodes removal and fix a rare failure for `-EE` when no nodes are defined in MaaS. Change-Id: I789ffd3e22545921216f7d5ee3509c76354542eb Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-14[baremetal] Upgrade packages on kvm, cmp nodes tooAlexandru Avadanii1-0/+1
MaaS installs a few packages via curtin, which don't get upgraded later, even if we add extra repos (it will be the case for novcp). Perform a package upgrade on all baremetal nodes, as it's also a good security practice. JIRA: FUEL-310 Change-Id: Ib365e42a0d2f65813fc9bef516326ec89fe407de Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-13patches: libvirt: Use "libvirt" unix_sock_groupAlexandru Avadanii1-2/+0
Now that libvirt 3.6 is used on kvm nodes (via UCA repos), which by default uses "libvirt" group for socket ownership, change old "libvirtd" in salt-formula-libvirt's: - libvirt/files/libvirtd.conf.Debian This allows us to remove the manual group creation from VCP state file, which was not re-entrant (failed if group already existed). Change-Id: Id61fecd82daec1c0716ff4796b79dce47d096c3a Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-12[baremetal] Fixup pike deployment (2)Michael Polenchuk1-0/+2
* align dpdk packages list * add missing libvirtd group to vcp host nodes Change-Id: Ideab2b16ca0561035b225e58bf3d0c5653d303bb Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-12-11[baremetal] Fixup pike deploymentMichael Polenchuk2-4/+6
* up glusterfs.client state before actual volume usage * handle keystone server state * specify suitable nova packages list for uca repo (consoleproxy vs novncproxy) * upgrade vcp nodes to get proper cryptography library for keystone * align service names for libvirt & glusterfs Change-Id: Iaeb7d147e6d407bbeaec2d40fd81037c939c3fe0 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-12-10states: maas: Stop using maas-stable PPAAlexandru Avadanii1-2/+0
Currently, Xenial repos provide MaaS 2.2.x, while the PPA bumped it to 2.3.x. Since we switched to 2.3, we observed a rare wrongful state transition from 'Deploying' back to 'Ready'. Drop the PPA, falling back to 2.2 from mainline distro repos. JIRA: FUEL-312 Change-Id: I3daa118059f37cbeca076da685661c28f3a28a97 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-04states: Rename openstack, add baremetal_initAlexandru Avadanii3-22/+35
To align with new cluster naming convention, rename 'openstack' state file to 'openstack_noha'. While at it, factor out baremetal setup from 'virtual_control_plane' into a new state that will be reused in upcoming scenarios, remove useless sync_all (automatically done after node reboot). FUEL-310 Change-Id: I6d7e5db8f09305f2fd8eeca0199a2e85b08d2202 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-01[virtual] Update dpdk scenario with pikeMichael Polenchuk1-5/+2
Change-Id: I879f565fe17539a54770fa22a6088c6493524e0c Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-11-28[baremetal] Fix prx stale route via MaaS DHCPAlexandru Avadanii1-0/+3
Although we add default routes via public network and disable DHCP client from setting new routes, until we reboot the prx* nodes we still have the stale route originally set at initial boot. Change-Id: Ib8e5fb67c7da00684e0ac21984fc4661d3820d83 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-11-28[virtual] Update openstack version to pikeMichael Polenchuk1-2/+4
Change-Id: I1df0228cb44bf9122aaf93dd25fc16a0d26a5240 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-11-27Merge "[baremetal] Retry cinder.controller on failure"Michael Polenchuk1-1/+1
2017-11-26[baremetal] Retry cinder.controller on failureAlexandru Avadanii1-1/+1
Occasionally, cinderng.volume_type_present errors with: ClientException: Service Unavailable (HTTP 503) Instead of retrying the whole state file, use `wait_for` macro to retry only this high state up to 5 times. Change-Id: Ib9ef017aca737e53c853007c13107d56d856c016 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-11-24Revert "Apply apache state on proxy nodes"Alexandru Avadanii1-1/+0
Upstream fixed the salt-formula-horizon in commit 95387ec, by defining 8078 (and only that) port in Apache's ports.conf. This fixes the port 80 overlap, so running the `apache` high state after the `horizon` high state not only is unnecessary now, but also would lead to new breakage, since `apache` state would overwrite the ports.conf (removing 8078 and adding 80), i.e. creating a new port conflict and breaking Horizon port completely. This reverts commit eb4645206d6d74992fca3b8726ee2eebca97205f. Conflicts: mcp/config/states/openstack_ha mcp/reclass/classes/cluster/baremetal-mcp-ocata-common/openstack_proxy.yml Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> Change-Id: Iea8f0bd90ee8d12f399aad16247dda274d6a907a
2017-11-24Switch nofeature-ha compute nodes to UCA repoMichael Polenchuk1-3/+1
Employ UCA repo on computes nodes for nosdn-nofeature-ha scenario as well to prevent a regression (creation of ports failed for 1+n instances) of neutron ovs agent from mcp/openstack repos. Change-Id: Ie65ae122096c0d3a93c09d46191787a934bd7d4f Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-11-22Merge "ci/deploy.sh: Add new `-E` arg for env erase"Alexandru Avadanii2-0/+27
2017-11-22[virtual] Apply nova controller state twiceMichael Polenchuk1-0/+4
In order to complete broken database sync run nova state on controller one more time. Change-Id: I761f26667ebb531b848a62e096f3d79f588d9f24 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-11-21ci/deploy.sh: Add new `-E` arg for env eraseAlexandru Avadanii2-0/+27
NOTE: In order to undefine VCP VMs with NVRAM (e.g. AArch64 VMs using AAVMF), an additional parameter should be passed to libvirt by Salt virt core module (equivalent to `virsh undefine --nvram`). While at it, pass CI_DEBUG, ERASE_ENV enviroment variables to state execution, and stop force-applying patches. Also refactor the rsync between foundation node and Salt master, so the whole git repo is copied as </root/opnfv>, and <root/fuel> becomes a link to it; useful for Armband, where 'fuel' is a git submodule. Fix .git paths after rsync, so git submodules work as expected in cfg01 repos. JIRA: FUEL-307 Change-Id: Ic62f03e786581c019168c50ccc50107238021d7f Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-11-20[baremetal] public gateway setup on prx nodesGuillermo Herrero1-1/+4
- prx: add route for public traffic to public interface - prx: add route towards salt master through maas - remove dashboard class from proxy node (already implements horizon) - remove dashboard (and benchmark) class definitions (no longer used) - (temporary) backport Pharos change for adapter template JIRA: FUEL-305 Change-Id: Ia14a18ac0123c1134d8d99dc43da9a1f770001d0 Signed-off-by: Guillermo Herrero <guillermo.herrero@enea.com>
2017-11-17Merge "[baremetal] MaaS: Remove curtin netconfig via Salt"Alexandru Avadanii1-2/+0
2017-11-16Merge "[baremetal] Retry keystone.client state on failure"Alexandru Avadanii1-1/+1
2017-11-15[baremetal] Retry keystone.client state on failureAlexandru Avadanii1-1/+1
JIRA: FUEL-306 Change-Id: I648545890c1f7dc59176beac1a0593aed54079cb Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> Signed-off-by: Delia Popescu <delia.popescu@enea.com>
2017-11-13[baremetal] SaltStack Deployment DocumentationAlexandru Avadanii1-1/+1
Generate documentation automatically using `reclass-doc`. nginx is already configured to serve said documentation on proxy's public VIP on port 8090. Change-Id: If2aef646a0ec44d5cc7e9d425e565e5c0aa581b3 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-11-13[baremetal] MaaS: Remove curtin netconfig via SaltAlexandru Avadanii1-2/+0
JIRA: FUEL-301 Change-Id: Id6b2b423b8045c581fa5c02133cf91702d9915c9 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-11-10Apply apache state on proxy nodesMichael Polenchuk1-0/+1
Apache module will take care of ports.conf file to prevent bind socket conflict between apache & nginx services. Change-Id: Ia76ec356002e1db0dabd20d8f355a1b16fc07b30 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-11-09Handle vlan package to avoid downgradeMichael Polenchuk1-2/+9
Change-Id: Ic81507f3f7b3fec593b507e0c534434e8489b01b Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-11-07MaaS: Fix conflicting curtin network configAlexandru Avadanii1-0/+1
JIRA: FUEL-301 Change-Id: I9de98fb961fd1d480b45a774de61ad6a93e9addf Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-11-07[maas] Conform regex to machines status outputMichael Polenchuk1-3/+3
Change-Id: Icc30d27951abb1e231c9269c6293782a39e08fb6 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-11-03Merge "Enable glance v1 api for orchestra tests"Alexandru Avadanii1-0/+4
2017-11-03salt modules: debian_ip: Accept uppercase ifacesAlexandru Avadanii1-0/+3
Since VMs are not affected by this limitation, only apply the fixup to baremetal nodes. JIRA: FUEL-299 Change-Id: Ib94c481627538d900295df03b8c8fdc7b61cd718 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-11-03Enable glance v1 api for orchestra testsMichael Polenchuk1-0/+4
Change-Id: Ia896c3f9fcd96dd498eef6d1f83d46e29df0cd6b Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-10-26Run aodh state one by oneMichael Polenchuk1-1/+1
Apply aodh state in consecutive order to avoid a race condition with database synchronization. Change-Id: I4684fbeaaba2c9780084e0a64fe6453bccfb67e0 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-10-21Catch expected failuresMichael Polenchuk2-2/+2
* neutron on computes (dpdk case: void state) * mongodb server (incomplete initialization) Change-Id: I3dd3266b5c2d1b155981f725e15742cd38ed899d Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-10-20[vcp] Increase timeout till VCP VMs onlineAlexandru Avadanii1-1/+1
Change-Id: I95c284cbf374194694360bffbeaf6770db6111bf Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-10-19[baremetal] Remove infinite loops from node checksAlexandru Avadanii2-5/+10
Change-Id: I7a21c30d49aecca948f45535fec164c2f643450e Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-10-19[baremetal] cmp: run linux.network before rebootAlexandru Avadanii1-0/+1
The recent addition of `linux.system`, combined with `system.reboot` for the baremetal compute nodes leaves compute nodes unconfigured after reboot. Run `system.network` too, but expect a failure (only for DPDK, which requires hugepages to be already active, hence a prior reboot). Fixes: 64920b8 Change-Id: I8c73b24ae15e1f87dee64ae2aba7af86db1e942f Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-10-19[baremetal] maas state: Wait for all nodes onlineAlexandru Avadanii1-0/+13
After MaaS reports baremetal provisioning finished successfully, check that all nodes are online before attempting a `sync_all`. Change-Id: I6ba4b3e4ba5b5258ace4da8c39e0fc77354885e3 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-10-19[baremetal] maas state: Retry sync_all on failureAlexandru Avadanii1-1/+1
Change-Id: Ib4aa3f2cb4fc7129d502b4332cd7fedd83a0e1fe Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-10-16[baremetal] Fix DPDK by running linux.system firstAlexandru Avadanii1-2/+4
DPDK scenario requires hugepages to be set up and enabled before configuring OVS ports, so apply `linux.system` on compute nodes and reboot them before attempting to run `linux.network` state. Change-Id: I2b685361b07727a4740a3676c5f219a6443d1cf2 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>