Age | Commit message (Collapse) | Author | Files | Lines |
|
Isolate networks by retiring NAT on mas01; also cutting direct
internet access from cluster nodes that are not facing the public
network (prx, cmp).
NOTE: Since we are removing mas01 NAT, VCP VMs (except prx which have
public IPs) and kvm nodes (cmp also have public IPs) will no longer
have direct internet connectivity.
Cluster deployment and operations will work without it, but if it is
required for different reasons, the MaaS proxy could be enabled by
uncommenting the /etc/enviroment section in:
- cluster.baremetal-mcp-pike-common-ha.include.proxy.yml
JIRA: FUEL-317
Change-Id: I5ed8b420296b27df34a54ec1ebd7b7cf58041425
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Instead of using NAT on the mas01 node for all cluster node outgoing
traffic, use the MaaS built-in proxy for APT traffic to leverage its
caching capabilities too.
Also enable the proxy for salt minions, so they can access public
keyservers et al.
Cleanup public DNS from kvm nodes, interferes with MaaS proxy.
Add example config for global env proxy, but don't enable it:
- default environment settings - /etc/environment (via reclass);
The MaaS proxy will not be used (at least for now) on nodes:
- cfg01;
- mas01;
NOTE: We can't yet drop the maas.pxe_nat state completely, as certain
Openstack services are still accessed via public addresses from ctl
nodes.
JIRA: FUEL-317
JIRA: FUEL-318
Change-Id: I6c5f6872bb94afb838580571080e808bc262fc68
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: Ib9021ee3ca15c05cc137ae42c263383acb4393bd
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
* rename openstack state name with noha suffix
* increase vcpus for compute nodes
Change-Id: I03386c4c1c92d329d847aa506589823e57644ef4
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Salt minion could return 'no response' and cause an
unconfigured state of the vcp node(s), so catch this output after linux
state as well. Also clean up excess route on proxy nodes.
Change-Id: I3183fa09ff41a8f027ee789869bdae0c3962ab8f
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
OVN based scenario doesn't require conventional gateway
node since connectivity to external networks and routing
occurs on compute nodes.
Change-Id: I81e0d497170d5ffb067adf13b0e46290525f26a6
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: I9dbb51ce2387450e4ae19f8b3444f5e52cfdc71d
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
The proper patches have been merged into upstream (nova/neutron
formulas, system reclass) to use a separate dir for vhost_user sockets.
Change-Id: Iba8d8a9a05c5ab681b5b5ffbea786dca92704c82
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
`maas_fixup` is already re-entrant, so we can execute it more than
once during a commissioning/deploy cycle. Reduce the timeout waiting
for all nodes to reach a stable state, so nodes stuck in 'Ready'
state instead of reaching 'Deploying' get dealt with sooner (~5 min
vs old 30 min).
While at it, let `maas_fixup` handle machine deploy as well, so we
can catch nodes stuck in 'Ready' state and re-trigger the deploy.
Change-Id: Id24cc97b17489835c5846288639a9a6032bd320a
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
|
|
|
|
Use PXE/admin network for salt traffic from/to all minions
except cfg01, mas01.
This allows us to drop the route to admin net from cfg01.
Change-Id: Ic2526f1ff77afe5d92ced900971f4c8f78d2d8a2
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
JIRA: FUEL-310
Change-Id: Ice6d6bbb2d2ee8e21f2757b02056873d1a030ea3
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Running `ci/deploy.sh -EE` should also perform an UEFI boot option
cleanup, otherwise we risk booting the previously installed OS.
While at it, reduce delay between nodes removal and fix a rare failure
for `-EE` when no nodes are defined in MaaS.
Change-Id: I789ffd3e22545921216f7d5ee3509c76354542eb
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
MaaS installs a few packages via curtin, which don't get upgraded
later, even if we add extra repos (it will be the case for novcp).
Perform a package upgrade on all baremetal nodes, as it's also a
good security practice.
JIRA: FUEL-310
Change-Id: Ib365e42a0d2f65813fc9bef516326ec89fe407de
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Now that libvirt 3.6 is used on kvm nodes (via UCA repos), which
by default uses "libvirt" group for socket ownership,
change old "libvirtd" in salt-formula-libvirt's:
- libvirt/files/libvirtd.conf.Debian
This allows us to remove the manual group creation from VCP state
file, which was not re-entrant (failed if group already existed).
Change-Id: Id61fecd82daec1c0716ff4796b79dce47d096c3a
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Armband restructured its repos to support UCA-only virtual deploys,
propagate the change to our base image pre-build. Drop apt-mk repos,
should only be added later by Salt, when MCP repos are also present.
JIRA: ARMBAND-338
Change-Id: Ieafa6d3fb0599679341053187b4a7d778af86428
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
* align dpdk packages list
* add missing libvirtd group to vcp host nodes
Change-Id: Ideab2b16ca0561035b225e58bf3d0c5653d303bb
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
We hard set some repo URLs used for base image pre-building, so bump
those to Pike, now that Armband repos for Pike are populated.
JIRA: ARMBAND-335
Change-Id: Ibd7267b628985a3c7a33d9d8a93c824077c69f10
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
* up glusterfs.client state before actual volume usage
* handle keystone server state
* specify suitable nova packages list for uca repo
(consoleproxy vs novncproxy)
* upgrade vcp nodes to get proper cryptography
library for keystone
* align service names for libvirt & glusterfs
Change-Id: Iaeb7d147e6d407bbeaec2d40fd81037c939c3fe0
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
|
|
Change-Id: If4208e937734df72b10aad259c65a2617ff5e19c
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Currently, Xenial repos provide MaaS 2.2.x, while the PPA bumped it
to 2.3.x. Since we switched to 2.3, we observed a rare wrongful state
transition from 'Deploying' back to 'Ready'.
Drop the PPA, falling back to 2.2 from mainline distro repos.
JIRA: FUEL-312
Change-Id: I3daa118059f37cbeca076da685661c28f3a28a97
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
To align with new cluster naming convention, rename 'openstack'
state file to 'openstack_noha'.
While at it, factor out baremetal setup from 'virtual_control_plane'
into a new state that will be reused in upcoming scenarios, remove
useless sync_all (automatically done after node reboot).
FUEL-310
Change-Id: I6d7e5db8f09305f2fd8eeca0199a2e85b08d2202
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Parse all reclass j2 templates, not only common + current scenario
(useful when adding new scenarios later).
JIRA: FUEL-310
Change-Id: I8e87af702f83c42cb8f766bf6f121449aa5f2c26
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: I879f565fe17539a54770fa22a6088c6493524e0c
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
|
|
Although we add default routes via public network and disable
DHCP client from setting new routes, until we reboot the prx* nodes
we still have the stale route originally set at initial boot.
Change-Id: Ib8e5fb67c7da00684e0ac21984fc4661d3820d83
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: I1df0228cb44bf9122aaf93dd25fc16a0d26a5240
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
While at it, rename apt repo in foundation node user-data template
from "salt" to "saltstack", to align with reclass model naming.
Change-Id: I5b216492349ae187b568884b1ab4046c52b1c6b2
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Extend <lib.sh> and its invocation from <ci.deploy.sh> with
support for modifying foundation node VMs base image prior to
using it with:
- additional APT GPG keys;
- additional APT repos;
- packages to pre-install;
- packages to pre-remove;
- (non-configurable) cloud init datasource via NoCloud only,
so VCP VMs won't wait for metadata service;
While at it, re-use the resulting image as a base for another
round of pre-patching (same operations as above are supported)
to provide a base image for VCP VMs.
Add AArch64-specific configuration based on new mechanisms:
- pre-install linux-image-generic-hwe-16.04-edge (and headers)
for foundation node and VCP (common) image (also requires new
repo and its key);
- pre-install cloud-init for VCP image (it should already be
installed, but script needs non-empty config for VCP to create
the VCP image and transfer it over to Salt Master);
NOTE: cloud-init is required on VCP VMs for DHCP on 1st iface.
JIRA: FUEL-309
Change-Id: I7dcaf0ffd9c57009133c6d339496ec831ab14375
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
|
|
Occasionally, cinderng.volume_type_present errors with:
ClientException: Service Unavailable (HTTP 503)
Instead of retrying the whole state file, use `wait_for` macro
to retry only this high state up to 5 times.
Change-Id: Ib9ef017aca737e53c853007c13107d56d856c016
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Upstream fixed the salt-formula-horizon in commit 95387ec, by
defining 8078 (and only that) port in Apache's ports.conf.
This fixes the port 80 overlap, so running the `apache` high state
after the `horizon` high state not only is unnecessary now, but
also would lead to new breakage, since `apache` state would
overwrite the ports.conf (removing 8078 and adding 80), i.e.
creating a new port conflict and breaking Horizon port completely.
This reverts commit eb4645206d6d74992fca3b8726ee2eebca97205f.
Conflicts:
mcp/config/states/openstack_ha
mcp/reclass/classes/cluster/baremetal-mcp-ocata-common/openstack_proxy.yml
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Change-Id: Iea8f0bd90ee8d12f399aad16247dda274d6a907a
|
|
Employ UCA repo on computes nodes for nosdn-nofeature-ha scenario as
well to prevent a regression (creation of ports failed for 1+n instances)
of neutron ovs agent from mcp/openstack repos.
Change-Id: Ie65ae122096c0d3a93c09d46191787a934bd7d4f
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
|
|
In order to complete broken database sync run
nova state on controller one more time.
Change-Id: I761f26667ebb531b848a62e096f3d79f588d9f24
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
NOTE: In order to undefine VCP VMs with NVRAM (e.g. AArch64 VMs
using AAVMF), an additional parameter should be passed to libvirt
by Salt virt core module (equivalent to `virsh undefine --nvram`).
While at it, pass CI_DEBUG, ERASE_ENV enviroment variables to
state execution, and stop force-applying patches.
Also refactor the rsync between foundation node and Salt master,
so the whole git repo is copied as </root/opnfv>, and <root/fuel>
becomes a link to it; useful for Armband, where 'fuel' is a git
submodule. Fix .git paths after rsync, so git submodules work as
expected in cfg01 repos.
JIRA: FUEL-307
Change-Id: Ic62f03e786581c019168c50ccc50107238021d7f
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
- prx: add route for public traffic to public interface
- prx: add route towards salt master through maas
- remove dashboard class from proxy node (already implements horizon)
- remove dashboard (and benchmark) class definitions (no longer used)
- (temporary) backport Pharos change for adapter template
JIRA: FUEL-305
Change-Id: Ia14a18ac0123c1134d8d99dc43da9a1f770001d0
Signed-off-by: Guillermo Herrero <guillermo.herrero@enea.com>
|
|
|
|
|
|
JIRA: FUEL-306
Change-Id: I648545890c1f7dc59176beac1a0593aed54079cb
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Signed-off-by: Delia Popescu <delia.popescu@enea.com>
|
|
Generate documentation automatically using `reclass-doc`.
nginx is already configured to serve said documentation on
proxy's public VIP on port 8090.
Change-Id: If2aef646a0ec44d5cc7e9d425e565e5c0aa581b3
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
JIRA: FUEL-301
Change-Id: Id6b2b423b8045c581fa5c02133cf91702d9915c9
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Apache module will take care of ports.conf file to prevent
bind socket conflict between apache & nginx services.
Change-Id: Ia76ec356002e1db0dabd20d8f355a1b16fc07b30
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: Ic81507f3f7b3fec593b507e0c534434e8489b01b
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
JIRA: FUEL-301
Change-Id: I9de98fb961fd1d480b45a774de61ad6a93e9addf
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: Icc30d27951abb1e231c9269c6293782a39e08fb6
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
|
|
Since VMs are not affected by this limitation, only apply the fixup
to baremetal nodes.
JIRA: FUEL-299
Change-Id: Ib94c481627538d900295df03b8c8fdc7b61cd718
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|