summaryrefslogtreecommitdiffstats
path: root/mcp/config
AgeCommit message (Collapse)AuthorFilesLines
2018-01-03[baremetal] Retire mas01 NATAlexandru Avadanii1-1/+0
Isolate networks by retiring NAT on mas01; also cutting direct internet access from cluster nodes that are not facing the public network (prx, cmp). NOTE: Since we are removing mas01 NAT, VCP VMs (except prx which have public IPs) and kvm nodes (cmp also have public IPs) will no longer have direct internet connectivity. Cluster deployment and operations will work without it, but if it is required for different reasons, the MaaS proxy could be enabled by uncommenting the /etc/enviroment section in: - cluster.baremetal-mcp-pike-common-ha.include.proxy.yml JIRA: FUEL-317 Change-Id: I5ed8b420296b27df34a54ec1ebd7b7cf58041425 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-01[baremetal] MaaS: Enable HTTP proxyAlexandru Avadanii2-1/+13
Instead of using NAT on the mas01 node for all cluster node outgoing traffic, use the MaaS built-in proxy for APT traffic to leverage its caching capabilities too. Also enable the proxy for salt minions, so they can access public keyservers et al. Cleanup public DNS from kvm nodes, interferes with MaaS proxy. Add example config for global env proxy, but don't enable it: - default environment settings - /etc/environment (via reclass); The MaaS proxy will not be used (at least for now) on nodes: - cfg01; - mas01; NOTE: We can't yet drop the maas.pxe_nat state completely, as certain Openstack services are still accessed via public addresses from ctl nodes. JIRA: FUEL-317 JIRA: FUEL-318 Change-Id: I6c5f6872bb94afb838580571080e808bc262fc68 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-27[ovn] Inject ovn central optionsMichael Polenchuk2-0/+16
Change-Id: Ib9021ee3ca15c05cc137ae42c263383acb4393bd Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-12-25[ovn] Mend state name of openstackMichael Polenchuk1-3/+3
* rename openstack state name with noha suffix * increase vcpus for compute nodes Change-Id: I03386c4c1c92d329d847aa506589823e57644ef4 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-12-22[vcp] Catch 'no response' of salt minion as wellMichael Polenchuk1-1/+1
Salt minion could return 'no response' and cause an unconfigured state of the vcp node(s), so catch this output after linux state as well. Also clean up excess route on proxy nodes. Change-Id: I3183fa09ff41a8f027ee789869bdae0c3962ab8f Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-12-21Bring in ovn based scenarioMichael Polenchuk6-1/+44
OVN based scenario doesn't require conventional gateway node since connectivity to external networks and routing occurs on compute nodes. Change-Id: I81e0d497170d5ffb067adf13b0e46290525f26a6 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-12-20[maas] Adjust deployment order/timeoutsMichael Polenchuk1-3/+7
Change-Id: I9dbb51ce2387450e4ae19f8b3444f5e52cfdc71d Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-12-19[dpdk] Remove user/group setting for ovs rundirMichael Polenchuk1-3/+0
The proper patches have been merged into upstream (nova/neutron formulas, system reclass) to use a separate dir for vhost_user sockets. Change-Id: Iba8d8a9a05c5ab681b5b5ffbea786dca92704c82 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-12-19[baremetal] MaaS: Reduce timeout valuesAlexandru Avadanii1-9/+8
`maas_fixup` is already re-entrant, so we can execute it more than once during a commissioning/deploy cycle. Reduce the timeout waiting for all nodes to reach a stable state, so nodes stuck in 'Ready' state instead of reaching 'Deploying' get dealt with sooner (~5 min vs old 30 min). While at it, let `maas_fixup` handle machine deploy as well, so we can catch nodes stuck in 'Ready' state and re-trigger the deploy. Change-Id: Id24cc97b17489835c5846288639a9a6032bd320a Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-18Merge "states: networks: Use role-based addressing"Alexandru Avadanii1-5/+5
2017-12-18Merge "[baremetal] Move salt master IP to PXE/admin"Alexandru Avadanii1-2/+0
2017-12-18[baremetal] Move salt master IP to PXE/adminAlexandru Avadanii1-2/+0
Use PXE/admin network for salt traffic from/to all minions except cfg01, mas01. This allows us to drop the route to admin net from cfg01. Change-Id: Ic2526f1ff77afe5d92ced900971f4c8f78d2d8a2 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-16states: networks: Use role-based addressingAlexandru Avadanii1-5/+5
JIRA: FUEL-310 Change-Id: Ice6d6bbb2d2ee8e21f2757b02056873d1a030ea3 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-15ci/deploy.sh: maas: cleanup_uefi on env eraseAlexandru Avadanii1-8/+6
Running `ci/deploy.sh -EE` should also perform an UEFI boot option cleanup, otherwise we risk booting the previously installed OS. While at it, reduce delay between nodes removal and fix a rare failure for `-EE` when no nodes are defined in MaaS. Change-Id: I789ffd3e22545921216f7d5ee3509c76354542eb Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-14[baremetal] Upgrade packages on kvm, cmp nodes tooAlexandru Avadanii1-0/+1
MaaS installs a few packages via curtin, which don't get upgraded later, even if we add extra repos (it will be the case for novcp). Perform a package upgrade on all baremetal nodes, as it's also a good security practice. JIRA: FUEL-310 Change-Id: Ib365e42a0d2f65813fc9bef516326ec89fe407de Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-13patches: libvirt: Use "libvirt" unix_sock_groupAlexandru Avadanii1-2/+0
Now that libvirt 3.6 is used on kvm nodes (via UCA repos), which by default uses "libvirt" group for socket ownership, change old "libvirtd" in salt-formula-libvirt's: - libvirt/files/libvirtd.conf.Debian This allows us to remove the manual group creation from VCP state file, which was not re-entrant (failed if group already existed). Change-Id: Id61fecd82daec1c0716ff4796b79dce47d096c3a Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-12AArch64: Move to pike-armband repoAlexandru Avadanii1-4/+1
Armband restructured its repos to support UCA-only virtual deploys, propagate the change to our base image pre-build. Drop apt-mk repos, should only be added later by Salt, when MCP repos are also present. JIRA: ARMBAND-338 Change-Id: Ieafa6d3fb0599679341053187b4a7d778af86428 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-12[baremetal] Fixup pike deployment (2)Michael Polenchuk1-0/+2
* align dpdk packages list * add missing libvirtd group to vcp host nodes Change-Id: Ideab2b16ca0561035b225e58bf3d0c5653d303bb Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-12-11AArch64: s/ocata/pike/g in scenario defaultsAlexandru Avadanii1-3/+3
We hard set some repo URLs used for base image pre-building, so bump those to Pike, now that Armband repos for Pike are populated. JIRA: ARMBAND-335 Change-Id: Ibd7267b628985a3c7a33d9d8a93c824077c69f10 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-11[baremetal] Fixup pike deploymentMichael Polenchuk2-4/+6
* up glusterfs.client state before actual volume usage * handle keystone server state * specify suitable nova packages list for uca repo (consoleproxy vs novncproxy) * upgrade vcp nodes to get proper cryptography library for keystone * align service names for libvirt & glusterfs Change-Id: Iaeb7d147e6d407bbeaec2d40fd81037c939c3fe0 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-12-11Merge "[baremetal] Update openstack version to pike"Michael Polenchuk3-3/+3
2017-12-11[baremetal] Update openstack version to pikeMichael Polenchuk3-3/+3
Change-Id: If4208e937734df72b10aad259c65a2617ff5e19c Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-12-10states: maas: Stop using maas-stable PPAAlexandru Avadanii1-2/+0
Currently, Xenial repos provide MaaS 2.2.x, while the PPA bumped it to 2.3.x. Since we switched to 2.3, we observed a rare wrongful state transition from 'Deploying' back to 'Ready'. Drop the PPA, falling back to 2.2 from mainline distro repos. JIRA: FUEL-312 Change-Id: I3daa118059f37cbeca076da685661c28f3a28a97 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-04states: Rename openstack, add baremetal_initAlexandru Avadanii9-25/+41
To align with new cluster naming convention, rename 'openstack' state file to 'openstack_noha'. While at it, factor out baremetal setup from 'virtual_control_plane' into a new state that will be reused in upcoming scenarios, remove useless sync_all (automatically done after node reboot). FUEL-310 Change-Id: I6d7e5db8f09305f2fd8eeca0199a2e85b08d2202 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-04Rename reclass models to add "-ha" or "-noha"Alexandru Avadanii3-3/+3
Parse all reclass j2 templates, not only common + current scenario (useful when adding new scenarios later). JIRA: FUEL-310 Change-Id: I8e87af702f83c42cb8f766bf6f121449aa5f2c26 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-01[virtual] Update dpdk scenario with pikeMichael Polenchuk1-5/+2
Change-Id: I879f565fe17539a54770fa22a6088c6493524e0c Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-11-29Merge "AArch64: base image: pre-install salt-minion"Michael Polenchuk1-0/+2
2017-11-28[baremetal] Fix prx stale route via MaaS DHCPAlexandru Avadanii1-0/+3
Although we add default routes via public network and disable DHCP client from setting new routes, until we reboot the prx* nodes we still have the stale route originally set at initial boot. Change-Id: Ib8e5fb67c7da00684e0ac21984fc4661d3820d83 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-11-28[virtual] Update openstack version to pikeMichael Polenchuk4-5/+7
Change-Id: I1df0228cb44bf9122aaf93dd25fc16a0d26a5240 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-11-27AArch64: base image: pre-install salt-minionAlexandru Avadanii1-0/+2
While at it, rename apt repo in foundation node user-data template from "salt" to "saltstack", to align with reclass model naming. Change-Id: I5b216492349ae187b568884b1ab4046c52b1c6b2 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-11-27Add pre-{install,purge} support for base imageAlexandru Avadanii1-0/+18
Extend <lib.sh> and its invocation from <ci.deploy.sh> with support for modifying foundation node VMs base image prior to using it with: - additional APT GPG keys; - additional APT repos; - packages to pre-install; - packages to pre-remove; - (non-configurable) cloud init datasource via NoCloud only, so VCP VMs won't wait for metadata service; While at it, re-use the resulting image as a base for another round of pre-patching (same operations as above are supported) to provide a base image for VCP VMs. Add AArch64-specific configuration based on new mechanisms: - pre-install linux-image-generic-hwe-16.04-edge (and headers) for foundation node and VCP (common) image (also requires new repo and its key); - pre-install cloud-init for VCP image (it should already be installed, but script needs non-empty config for VCP to create the VCP image and transfer it over to Salt Master); NOTE: cloud-init is required on VCP VMs for DHCP on 1st iface. JIRA: FUEL-309 Change-Id: I7dcaf0ffd9c57009133c6d339496ec831ab14375 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-11-27Merge "[baremetal] Retry cinder.controller on failure"Michael Polenchuk1-1/+1
2017-11-26[baremetal] Retry cinder.controller on failureAlexandru Avadanii1-1/+1
Occasionally, cinderng.volume_type_present errors with: ClientException: Service Unavailable (HTTP 503) Instead of retrying the whole state file, use `wait_for` macro to retry only this high state up to 5 times. Change-Id: Ib9ef017aca737e53c853007c13107d56d856c016 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-11-24Revert "Apply apache state on proxy nodes"Alexandru Avadanii1-1/+0
Upstream fixed the salt-formula-horizon in commit 95387ec, by defining 8078 (and only that) port in Apache's ports.conf. This fixes the port 80 overlap, so running the `apache` high state after the `horizon` high state not only is unnecessary now, but also would lead to new breakage, since `apache` state would overwrite the ports.conf (removing 8078 and adding 80), i.e. creating a new port conflict and breaking Horizon port completely. This reverts commit eb4645206d6d74992fca3b8726ee2eebca97205f. Conflicts: mcp/config/states/openstack_ha mcp/reclass/classes/cluster/baremetal-mcp-ocata-common/openstack_proxy.yml Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> Change-Id: Iea8f0bd90ee8d12f399aad16247dda274d6a907a
2017-11-24Switch nofeature-ha compute nodes to UCA repoMichael Polenchuk2-4/+1
Employ UCA repo on computes nodes for nosdn-nofeature-ha scenario as well to prevent a regression (creation of ports failed for 1+n instances) of neutron ovs agent from mcp/openstack repos. Change-Id: Ie65ae122096c0d3a93c09d46191787a934bd7d4f Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-11-22Merge "ci/deploy.sh: Add new `-E` arg for env erase"Alexandru Avadanii2-0/+27
2017-11-22[virtual] Apply nova controller state twiceMichael Polenchuk1-0/+4
In order to complete broken database sync run nova state on controller one more time. Change-Id: I761f26667ebb531b848a62e096f3d79f588d9f24 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-11-21ci/deploy.sh: Add new `-E` arg for env eraseAlexandru Avadanii2-0/+27
NOTE: In order to undefine VCP VMs with NVRAM (e.g. AArch64 VMs using AAVMF), an additional parameter should be passed to libvirt by Salt virt core module (equivalent to `virsh undefine --nvram`). While at it, pass CI_DEBUG, ERASE_ENV enviroment variables to state execution, and stop force-applying patches. Also refactor the rsync between foundation node and Salt master, so the whole git repo is copied as </root/opnfv>, and <root/fuel> becomes a link to it; useful for Armband, where 'fuel' is a git submodule. Fix .git paths after rsync, so git submodules work as expected in cfg01 repos. JIRA: FUEL-307 Change-Id: Ic62f03e786581c019168c50ccc50107238021d7f Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-11-20[baremetal] public gateway setup on prx nodesGuillermo Herrero1-1/+4
- prx: add route for public traffic to public interface - prx: add route towards salt master through maas - remove dashboard class from proxy node (already implements horizon) - remove dashboard (and benchmark) class definitions (no longer used) - (temporary) backport Pharos change for adapter template JIRA: FUEL-305 Change-Id: Ia14a18ac0123c1134d8d99dc43da9a1f770001d0 Signed-off-by: Guillermo Herrero <guillermo.herrero@enea.com>
2017-11-17Merge "[baremetal] MaaS: Remove curtin netconfig via Salt"Alexandru Avadanii1-2/+0
2017-11-16Merge "[baremetal] Retry keystone.client state on failure"Alexandru Avadanii1-1/+1
2017-11-15[baremetal] Retry keystone.client state on failureAlexandru Avadanii1-1/+1
JIRA: FUEL-306 Change-Id: I648545890c1f7dc59176beac1a0593aed54079cb Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> Signed-off-by: Delia Popescu <delia.popescu@enea.com>
2017-11-13[baremetal] SaltStack Deployment DocumentationAlexandru Avadanii1-1/+1
Generate documentation automatically using `reclass-doc`. nginx is already configured to serve said documentation on proxy's public VIP on port 8090. Change-Id: If2aef646a0ec44d5cc7e9d425e565e5c0aa581b3 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-11-13[baremetal] MaaS: Remove curtin netconfig via SaltAlexandru Avadanii1-2/+0
JIRA: FUEL-301 Change-Id: Id6b2b423b8045c581fa5c02133cf91702d9915c9 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-11-10Apply apache state on proxy nodesMichael Polenchuk1-0/+1
Apache module will take care of ports.conf file to prevent bind socket conflict between apache & nginx services. Change-Id: Ia76ec356002e1db0dabd20d8f355a1b16fc07b30 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-11-09Handle vlan package to avoid downgradeMichael Polenchuk1-2/+9
Change-Id: Ic81507f3f7b3fec593b507e0c534434e8489b01b Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-11-07MaaS: Fix conflicting curtin network configAlexandru Avadanii1-0/+1
JIRA: FUEL-301 Change-Id: I9de98fb961fd1d480b45a774de61ad6a93e9addf Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-11-07[maas] Conform regex to machines status outputMichael Polenchuk1-3/+3
Change-Id: Icc30d27951abb1e231c9269c6293782a39e08fb6 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-11-03Merge "Enable glance v1 api for orchestra tests"Alexandru Avadanii1-0/+4
2017-11-03salt modules: debian_ip: Accept uppercase ifacesAlexandru Avadanii1-0/+3
Since VMs are not affected by this limitation, only apply the fixup to baremetal nodes. JIRA: FUEL-299 Change-Id: Ib94c481627538d900295df03b8c8fdc7b61cd718 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>