Age | Commit message (Collapse) | Author | Files | Lines |
|
Isolate networks by retiring NAT on mas01; also cutting direct
internet access from cluster nodes that are not facing the public
network (prx, cmp).
NOTE: Since we are removing mas01 NAT, VCP VMs (except prx which have
public IPs) and kvm nodes (cmp also have public IPs) will no longer
have direct internet connectivity.
Cluster deployment and operations will work without it, but if it is
required for different reasons, the MaaS proxy could be enabled by
uncommenting the /etc/enviroment section in:
- cluster.baremetal-mcp-pike-common-ha.include.proxy.yml
JIRA: FUEL-317
Change-Id: I5ed8b420296b27df34a54ec1ebd7b7cf58041425
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
(cherry picked from commit 9a6e655e0b851ff6e449027c01ac1a66188b0064)
|
|
Instead of using NAT on the mas01 node for all cluster node outgoing
traffic, use the MaaS built-in proxy for APT traffic to leverage its
caching capabilities too.
Also enable the proxy for salt minions, so they can access public
keyservers et al.
Cleanup public DNS from kvm nodes, interferes with MaaS proxy.
Add example config for global env proxy, but don't enable it:
- default environment settings - /etc/environment (via reclass);
The MaaS proxy will not be used (at least for now) on nodes:
- cfg01;
- mas01;
NOTE: We can't yet drop the maas.pxe_nat state completely, as certain
Openstack services are still accessed via public addresses from ctl
nodes.
JIRA: FUEL-317
JIRA: FUEL-318
Change-Id: I6c5f6872bb94afb838580571080e808bc262fc68
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
(cherry picked from commit 90c0b369c01a2185fe86651f8ad9e0a172d6941d)
|
|
Salt minion could return 'no response' and cause an
unconfigured state of the vcp node(s), so catch this output after linux
state as well. Also clean up excess route on proxy nodes.
Change-Id: I3183fa09ff41a8f027ee789869bdae0c3962ab8f
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
(cherry picked from commmit a183db4b3404bd12073b5691eb5d4fbd8135b44b)
|
|
Use PXE/admin network for salt traffic from/to all minions
except cfg01, mas01.
This allows us to drop the route to admin net from cfg01.
Change-Id: Ic2526f1ff77afe5d92ced900971f4c8f78d2d8a2
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
(cherry picked from commit d4ab072aeab143ce72e4b81122d4580915a4ad1a)
|
|
To align with new cluster naming convention, rename 'openstack'
state file to 'openstack_noha'.
While at it, factor out baremetal setup from 'virtual_control_plane'
into a new state that will be reused in upcoming scenarios, remove
useless sync_all (automatically done after node reboot).
FUEL-310
Change-Id: I6d7e5db8f09305f2fd8eeca0199a2e85b08d2202
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
(cherry picked from commmit 52e37b795bb975b1cb3bf1f684b009848c50a2d6)
|
|
Change-Id: I9dbb51ce2387450e4ae19f8b3444f5e52cfdc71d
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
(cherry-picked from commit 52bd5a8f6c5b27ec3070625a51aea8ff85f5a8db)
|
|
`maas_fixup` is already re-entrant, so we can execute it more than
once during a commissioning/deploy cycle. Reduce the timeout waiting
for all nodes to reach a stable state, so nodes stuck in 'Ready'
state instead of reaching 'Deploying' get dealt with sooner (~5 min
vs old 30 min).
While at it, let `maas_fixup` handle machine deploy as well, so we
can catch nodes stuck in 'Ready' state and re-trigger the deploy.
Change-Id: Id24cc97b17489835c5846288639a9a6032bd320a
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
(cherry picked from commit 8da73521d3b9347a982ea6e77114bba0d0f0adeb)
|
|
Running `ci/deploy.sh -EE` should also perform an UEFI boot option
cleanup, otherwise we risk booting the previously installed OS.
While at it, reduce delay between nodes removal and fix a rare failure
for `-EE` when no nodes are defined in MaaS.
Change-Id: I789ffd3e22545921216f7d5ee3509c76354542eb
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
(cherry picked from commit 15173a83dba08729e62da277b9165677323675d8)
|
|
In common openstack_ha state the networking service restart
has no expected effect, so split it out into the detached
post-deployment state.
Change-Id: Iaaae0cd048474667895b7abf2a77196ee3dee14b
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Currently, Xenial repos provide MaaS 2.2.x, while the PPA bumped it
to 2.3.x. Since we switched to 2.3, we observed a rare wrongful state
transition from 'Deploying' back to 'Ready'.
Drop the PPA, falling back to 2.2 from mainline distro repos.
JIRA: FUEL-312
Change-Id: I3daa118059f37cbeca076da685661c28f3a28a97
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
(cherry picked from commit 9da33bc85d681950a09452f28ca39df2108b0b56)
|
|
Make sure all missing interfaces/links are up & running
(e.g. br-ex <-> float-to-ex <-> br-floating).
Fix (for https://github.com/saltstack/salt/issues/40262)
into linux formula brought in a weird behaviour with
network/interfaces.u/ items.
Change-Id: Ic13f0ed2063455ae191bbc99920f97c5ecaa61fd
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Although we add default routes via public network and disable
DHCP client from setting new routes, until we reboot the prx* nodes
we still have the stale route originally set at initial boot.
Change-Id: Ib8e5fb67c7da00684e0ac21984fc4661d3820d83
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
(cherry picked from commit 7daf7f128714021711970557129a23a86cce2a72)
|
|
Occasionally, cinderng.volume_type_present errors with:
ClientException: Service Unavailable (HTTP 503)
Instead of retrying the whole state file, use `wait_for` macro
to retry only this high state up to 5 times.
Change-Id: Ib9ef017aca737e53c853007c13107d56d856c016
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
(cherry picked from commit 92fb2b5e303b5e097a21d43612d5c8132f23152b)
|
|
Upstream fixed the salt-formula-horizon in commit 95387ec, by
defining 8078 (and only that) port in Apache's ports.conf.
This fixes the port 80 overlap, so running the `apache` high state
after the `horizon` high state not only is unnecessary now, but
also would lead to new breakage, since `apache` state would
overwrite the ports.conf (removing 8078 and adding 80), i.e.
creating a new port conflict and breaking Horizon port completely.
This reverts commit eb4645206d6d74992fca3b8726ee2eebca97205f.
Conflicts:
mcp/config/states/openstack_ha
mcp/reclass/classes/cluster/baremetal-mcp-ocata-common/openstack_proxy.yml
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Change-Id: Iea8f0bd90ee8d12f399aad16247dda274d6a907a
(cherry picked from commit 0c71112ec06bd73a3ddc42ba0aacd666e9a00553)
|
|
|
|
|
|
Employ UCA repo on computes nodes for nosdn-nofeature-ha scenario as
well to prevent a regression (creation of ports failed for 1+n instances)
of neutron ovs agent from mcp/openstack repos.
Change-Id: Ie65ae122096c0d3a93c09d46191787a934bd7d4f
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
(cherry picked from commit 8ba3a1a4ed0ce41a76fa6d712778904bb56b60ac)
|
|
|
|
NOTE: In order to undefine VCP VMs with NVRAM (e.g. AArch64 VMs
using AAVMF), an additional parameter should be passed to libvirt
by Salt virt core module (equivalent to `virsh undefine --nvram`).
While at it, pass CI_DEBUG, ERASE_ENV enviroment variables to
state execution, and stop force-applying patches.
Also refactor the rsync between foundation node and Salt master,
so the whole git repo is copied as </root/opnfv>, and <root/fuel>
becomes a link to it; useful for Armband, where 'fuel' is a git
submodule. Fix .git paths after rsync, so git submodules work as
expected in cfg01 repos.
JIRA: FUEL-307
Change-Id: Ic62f03e786581c019168c50ccc50107238021d7f
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
(cherry picked from commit 77942178b3aff6adc83b5f83645acfff467fa76a)
|
|
In order to complete broken database sync run
nova state on controller one more time.
Change-Id: I761f26667ebb531b848a62e096f3d79f588d9f24
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
(cherry picked from commit 246928006daf99de2317dc8d171c2b0735a3c605)
|
|
- prx: add route for public traffic to public interface
- prx: add route towards salt master through maas
- remove dashboard class from proxy node (already implements horizon)
- remove dashboard (and benchmark) class definitions (no longer used)
- (temporary) backport Pharos change for adapter template
JIRA: FUEL-305
Change-Id: Ia14a18ac0123c1134d8d99dc43da9a1f770001d0
Signed-off-by: Guillermo Herrero <guillermo.herrero@enea.com>
(cherry picked from commit 07f4e0238646fcb77072769feb8a0b68df52caca)
|
|
JIRA: FUEL-301
Change-Id: Id6b2b423b8045c581fa5c02133cf91702d9915c9
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
(cherry picked from commit 4010ea45c703d82e2fb95dcc869ff72bbca088b7)
|
|
|
|
JIRA: FUEL-306
Change-Id: I648545890c1f7dc59176beac1a0593aed54079cb
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Signed-off-by: Delia Popescu <delia.popescu@enea.com>
(cherry picked from commit dcbc90f89292bf5070e8e0b54a760755b8206346)
|
|
Generate documentation automatically using `reclass-doc`.
nginx is already configured to serve said documentation on
proxy's public VIP on port 8090.
Change-Id: If2aef646a0ec44d5cc7e9d425e565e5c0aa581b3
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
(cherry picked from commit f3a355d5644a7271d9df0a48febc3a93cceddb8e)
|
|
Apache module will take care of ports.conf file to prevent
bind socket conflict between apache & nginx services.
Change-Id: Ia76ec356002e1db0dabd20d8f355a1b16fc07b30
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
(cherry picked from commit eb4645206d6d74992fca3b8726ee2eebca97205f)
|
|
Change-Id: Ic81507f3f7b3fec593b507e0c534434e8489b01b
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
(cherry picked from commit ceedb354822eb672fdde6d63d49cbe2f05f29cdb)
|
|
JIRA: FUEL-301
Change-Id: I9de98fb961fd1d480b45a774de61ad6a93e9addf
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
(cherry picked from commit 3803f9ff798b5c186e605cb8366b5153ab4e19fc)
|
|
|
|
|
|
Change-Id: Icc30d27951abb1e231c9269c6293782a39e08fb6
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
(cherry picked from commit f31a33c3f576733728118bbd181707f4db55f903)
|
|
Change-Id: Ia896c3f9fcd96dd498eef6d1f83d46e29df0cd6b
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
(cherry picked from commit c2925b6d13a20468845f8af1b54665cbac8b9bef)
|
|
Since VMs are not affected by this limitation, only apply the fixup
to baremetal nodes.
JIRA: FUEL-299
Change-Id: Ib94c481627538d900295df03b8c8fdc7b61cd718
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
(cherry picked from commit 8f39b4895fa66223ef6293630556457f8fb9a348)
|
|
Apply aodh state in consecutive order to avoid
a race condition with database synchronization.
Change-Id: I4684fbeaaba2c9780084e0a64fe6453bccfb67e0
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
(cherry picked from commit 9cfa75272ba2fd9abab416db1f22df5989c9959e)
|
|
* neutron on computes (dpdk case: void state)
* mongodb server (incomplete initialization)
Change-Id: I3dd3266b5c2d1b155981f725e15742cd38ed899d
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
(cherry picked from commit 24d9cdd384635d8c1a037d6341d63a9c9be039b1)
|
|
Change-Id: I95c284cbf374194694360bffbeaf6770db6111bf
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
(cherry picked from commit 4b63bd0ea961d06723b277b874168c2aaddb96c5)
|
|
Change-Id: I7a21c30d49aecca948f45535fec164c2f643450e
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
(cherry picked from commit 9cfa3c11bbd71ce4ec24dba9dbd9a2289b76a4a3)
|
|
The recent addition of `linux.system`, combined with `system.reboot`
for the baremetal compute nodes leaves compute nodes unconfigured
after reboot.
Run `system.network` too, but expect a failure (only for DPDK, which
requires hugepages to be already active, hence a prior reboot).
Fixes: 64920b8
Change-Id: I8c73b24ae15e1f87dee64ae2aba7af86db1e942f
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
(cherry picked from commit 595119281c50edb86b987f5fdd6eac25e28147ae)
|
|
After MaaS reports baremetal provisioning finished successfully,
check that all nodes are online before attempting a `sync_all`.
Change-Id: I6ba4b3e4ba5b5258ace4da8c39e0fc77354885e3
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
(cherry picked from commit b9918f1f8df52c52cd2ab76eec3b540b37789e55)
|
|
Change-Id: Ib4aa3f2cb4fc7129d502b4332cd7fedd83a0e1fe
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
(cherry picked from commit 51f374b055999fbc121b624424c21ee45d061538)
|
|
In order to set properly keystone fernet keys, apply glusterfs client
state before second keystone server state. Also leave out user/group
settings for glusterfs volume of nova instances as it will be set later
by nova compute packages themselves.
Change-Id: I069e37c67f08c51ed29f45cf6f92d4a00a1ac97b
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
(cherry picked from commit 0224929b3a87d0e0ec011311c46872e6142497cf)
|
|
|
|
DPDK scenario requires hugepages to be set up and enabled before
configuring OVS ports, so apply `linux.system` on compute nodes
and reboot them before attempting to run `linux.network` state.
Change-Id: I2b685361b07727a4740a3676c5f219a6443d1cf2
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
(cherry picked from commit 64920b8bb1e95389146451598221f2c7eb97f5e3)
|
|
While applying scenario states, break on error, and retry failed
state up to 5 times. Apply the same behavior for `salt.sh`.
Add new deploy parameter, '-D', backed up by 'CI_DEBUG' env var,
which gates deploy sh scripts logging (set -x).
Also extend '-f' deploy parameter, allowing it to be specified
more than once; the first occurence will skip infra VM creation,
but still sync reclass & other config from local repo, while a
second occurence will also disable config sync.
To prevent glusterfs client state from failing due to non-existent
nova user/group, move it after nova:compute's nova state is applied.
Change-Id: I234e126e16be0e133d878957bd88fed946955de8
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
(cherry picked from commit 23f9ef727310a8ef449372313785241df6557559)
|
|
While at it, compact 'set' into bash shebang where possible and
add `make patches-copyright` target to simplify adding patch
license headers.
Change-Id: I0c841de72e5709e5eef915a52c5ec4a7fc0f7c37
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
(cherry picked from commit 644e5fdfa2f49b988a5150e2a4eefc12daecd845)
|
|
While at it, fix some shellcheck warnings, and s/fgrep/grep -F/g.
Change-Id: I093b7b4c196731b1ecc0c27a4111955b2e412762
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
(cherry picked from commit 089585ad5370109d4c2a476b94b0017153d7713d)
|
|
We should eventually also support baremetal deploys without a
virtualized control plane (VCP), so decouple MaaS provisioning
from VCP provisioning.
While at it, move "wait_for" bash function from maas state to
common library file, lib.sh.
Change-Id: I32c33135655cb6aceae901a5f92b51265a8c84b4
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
(cherry picked from commit ebd7067904b36ae32566da63e433365948a1f973)
|
|
* use pseudo agentdb port binding controller instead of
the deprecated network topology one
* disable superfluous l2population mechanism driver
* tidy up the duplicated haproxy neutron listen opts
* straighten karaf features list
* update jetty config
Change-Id: Ifacf8de11eb56ab72df13a312151a510b280dea2
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
(cherry picked from commit fca7d22742df82fc6e502b17ad45ebc11c0ba89b)
|
|
Change-Id: If7cb8473f5c290d1d5f22fce5567f7b8da24fd9f
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
(cherry picked from commit 0c00f813d709fd1b65e5dd52abcf16fd81b3d0e1)
|
|
Test of snaps_health_check gets console output of instance, which is
empty (https://bugs.launchpad.net/ubuntu/+source/libvirt/+bug/1667033),
therefore take affected packages of computes from UCA repo.
Change-Id: I4e13a40dd47caf305efd9f393b3c3cf5a17ef312
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
(cherry picked from commit c76d5e92d9e6cdfc614be4a1ed7b9e630c711008)
|