aboutsummaryrefslogtreecommitdiffstats
path: root/mcp/config
AgeCommit message (Collapse)AuthorFilesLines
2018-02-07[states] Fix broken online check for bm, vcp nodesAlexandru Avadanii2-5/+5
Previous commit replacing explicit loops with `wait_for` failed to properly escape a nested variable, leading to deploy failure. Also, the logic was flawed, not breaking for offline nodes, rendering the whole barrier check useless. Fixes: 1a0e8e7e Change-Id: I038dbf90fb53c6b61da2e5c9b6867e31d78867af Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-02-07Merge "[virtual] Rename all to drop virtual prefix"Alexandru Avadanii4-4/+4
2018-02-07Merge "[hybrid] Merge config/scenario/{baremetal,virtual}"Alexandru Avadanii11-26/+28
2018-02-07Merge "[states] maas, vcp: Use `wait_for` in online check"Alexandru Avadanii2-25/+8
2018-02-07Merge "Add NOVCP HA OVS scenario (baremetal, virtual)"Alexandru Avadanii2-0/+56
2018-02-07Switch off broken sphinx stateMichael Polenchuk1-1/+1
Deactivate documentation related optional state until it get fixed in upstream. Change-Id: I5242ed307548c4f37f81d271a1f4f6bee9903f4e Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-02-06[virtual] Rename all to drop virtual prefixAlexandru Avadanii4-4/+4
JIRA: FUEL-322 Change-Id: I99c4b1774a7c3afbc834a6f6e8468f7baf1bc329 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-02-06[hybrid] Merge config/scenario/{baremetal,virtual}Alexandru Avadanii11-26/+28
Instead of classifying scenarios by underlying machine type, switch to HA/NOHA differentiantion only. This allows us to add support for hybrid scenarios (with some virtual and some baremetal nodes in the same cluster). To facilitate this, we will template the scenario files, which is a small step towards SDF (Scenario Descriptor File) definition and adoption later. JIRA: FUEL-338 Change-Id: If5787991869a3105d82c27ffa0a86ac79b4b08ba Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-02-06[states] maas, vcp: Use `wait_for` in online checkAlexandru Avadanii2-25/+8
Change-Id: I7b583c354843f0116a65b3a31f3be4589087b8a5 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-02-06Add NOVCP HA OVS scenario (baremetal, virtual)Alexandru Avadanii2-0/+56
Add a new class of scenarios, based on existing baremetal HA scenarios, but instead of having a virtualized control plane (VCP), all Openstack controller services will run directly on the cluster nodes. This change adds the common scaffolding, as well as the OVS scenario. The new scenario(s) can be used on full-baremetal clusters, soon on full-virtual clusters and later on hybrid (virt + bare) clusters. This change defines old (current) style scenario definitions for both baremetal and virtual, both named: - os-nosdn-nofeature-novcp-ha; Prerequisites: 1. Merge-able by name reclass.storage.node definitions Each cluster (e.g. database, telemetry) adds its own set of reclass storage node defitions, which for novcp scenarios should be merged into a single node (kvm) based on the 'name' property. This is not currently supported by upstream reclass 'node.sls' high state, so add support for it via an early patch (required before salt-master-init.sh tries to handle reclass.storage). 2. common reclass classes for novcp Some of the classes in `baremetal-...-common-ha` are not fit for novcp as they define VCP-specific config/inheritance, so add new versions of said classes with novcp in mind or adapt old classes: - parameterize ctl hostname in `openstack_compute.yml`; - new `openstack_control_novcp.yml`; - new `openstack_init_novcp.yml`; 3. Handle hard set names in state files for baremetal nodes Some of our state files (e.g. maas) hardcodes baremetal node names to 'kvm', 'cmp', so we need to align the names in novcp scenario with these values to re-use the maas state. As a future improvement we should parameterize these names in all state files. As a consequence, our baremetal controller nodes will also use 'kvm*' hostnames (instead of 'ctl*'). 4. Add 'noifupdown' to all interfaces on kvm nodes to prevent duplicate IPs/routes created at *any* ifup due to /etc/network/route-br-ex. Patch salt-formula-linux to skip network restart on 'noifupdown', also when routes are present on that interface. JIRA: FUEL-310 Change-Id: Ic67778f63e5ee0334dbfe9547c7109ec1a938d61 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-02-06[HA] Use cluster_public_host for SSL cert fetchAlexandru Avadanii1-5/+7
For VCP-enabled scenarios, `cluster_public_host` and `cluster_vip_address` both point to the public VIP of the cluster. However, for upcoming NOVCP scenarios, `cluster_vip_address` resides inside the management segment, so use `cluster_public_host` instead. JIRA: FUEL-310 Change-Id: I13ef482e2c3116c991dfe91be81d0964f140f8e9 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-02-06[Horizon] Limit css fixup to Ubuntu packageAlexandru Avadanii1-9/+11
Horizon package from Mirantis mcp-repos does not require the fixup, so limit its application to non-mcp packages. Required for upcoming NOVCP scenarios, where we also have mcp-repos APT source on the proxy nodes. JIRA: FUEL-324 JIRA: FUEL-310 Change-Id: I4399af803c0a17e0aa8f3d7a7330e501a5eedf55 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-02-05[baremetal] Rename all to drop baremetal prefixAlexandru Avadanii3-3/+3
A few things differ between baremetal and virtual nodes: - provisioning method; - network setup; Since now we support completely dynamic network config based on PDF + IDF, as well as dynamic provisioning of VMs on jumpserver (as virtual cluster nodes), respectively MaaS-driven baremetal provisioning, let's drop the 'baremetal-' prefix from cluster model names and prepare for unified scenarios. Note that some limitations still apply, e.g. virtual nodes are spawned only on jumpserver (localhost) for now. JIRA: FUEL-310 Change-Id: If20077ac37c6f15961468abc58db7e16f2c29260 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-02-05[FN VM] Reboot VMs on jump, wait for all onlineAlexandru Avadanii2-4/+1
- apply `linux` state on cfg01 first, so PXE/admin IP is added and FN VM minions are available; - add barrier and wait for all FN VMs to register with cfg01; - use batch-mode execution while applying `linux.network` on FN VMs; - retry all states executed via <salt.sh> on FN VMs; JIRA: FUEL-310 Change-Id: I72e1c565370072500df1d486fe76e6315f583c75 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-02-05[vPDF] Add experimental vPOD lab configAlexandru Avadanii2-0/+206
JIRA: FUEL-322 Change-Id: I1482badbbbf66b4855faf6daf486520fc71e09b0 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-02-05[PDF] pod1: Refresh PDF, IDF examplesAlexandru Avadanii2-65/+66
Sync latest changes from pharos git repo for our sample PDF/IDF: - move net_config from PDF to IDF; - minor cleanup; JIRA: FUEL-322 Change-Id: If6865ac61a4942a1dd5daf7081fd8faa67e0e7bf Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-31Turn off Retpoline and KPTI protectionMichael Polenchuk1-1/+1
Based on Canonical research (https://goo.gl/QJykMa) there is low-risk of attack for private clouds environments, therefore turn off the related kernel patches & regain performance back. Change-Id: I661fa127241e327b07d21a29d58d584997607123 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-01-31[VCP] Catch 'no response' when adding ssh auth keyAlexandru Avadanii1-1/+1
On rare occassions, one or more minions might fail to respond in due time, so catch 'no reponse' using `wait_for`. Change-Id: I8e6b0dc44a39e79c2874ff9a657e152620ba3f13 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-26[ovs/dpdk] Configure vxlan for baremetal scenarioMichael Polenchuk2-0/+13
* switch ovs/dpdk scenario from vlan to vxlan mode * force br-ex interface to mitigate race with incorrect state * remove dpdk packages list (already in upstream) Change-Id: Ib827cef2d67879fd2a86d286ca2118b22493274d Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-01-25Merge "Add support for different public network netmask"Alexandru Avadanii1-12/+15
2018-01-25Merge "Horizon: Fix and reload missing css in Pike"Alexandru Avadanii2-0/+20
2018-01-23Horizon: Fix and reload missing css in Piketing wu2-0/+20
The horizon in Pike release is broken due to missing the static content. This workaround is to: - create a missing symbolic link. The link is defined as an alias in the apache configuraion - collecting and compressing static assets - add single "Default" theme as AVAILABLE_THEMES - restart apache2 service - apply the workaround to Salt states 'openstack_ha' and 'openstack_noha' JIRA: FUEL-324 Change-Id: Idd70165f1be8d31967a3ab518323e6f3e8406624 Signed-off-by: ting wu <ting.wu@enea.com>
2018-01-22Add support for different public network netmaskGuillermo Herrero1-12/+15
- Remove hardcoded /24 mask - Use PDF as source for public network, with reclass params: opnfv_net_public, _mask, _gw, _pool_start, _pool_end JIRA: FUEL-315 Change-Id: Idf3a4ed8f63f58fa90d9c1dcb7751ef3b1c9bd36 Signed-off-by: Guillermo Herrero <guillermo.herrero@enea.com>
2018-01-22[patch] system.repo: Add keyserver proxy supportAlexandru Avadanii2-2/+0
Instead of defining a http proxy for all salt-minion traffic, which also includes some Openstack API accesses we can't filter (no_proxy is not yet supported), add & leverage support for proxy configuration during APT keyserver access / key download. JIRA: FUEL-331 Change-Id: I9470807633596c610cfafb141b139ddda2ff096b Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-19Get back to the GA kernelMichael Polenchuk1-2/+0
- openvswitch 2.8 officially supports kernel versions from 3.10 to 4.12 - ODL baremetal scenario is acting up with floating/public SNAT flow under hwe edge kernel 4.13 Change-Id: I099d528b3b1c2ea34f8f856cd60f809f90defea6 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-01-15Setup mongodb master primarilyMichael Polenchuk2-4/+4
Initiate mongodb master at first to avoid race conditaion with unwanted master election which causes cluster setup failure. Change-Id: I6d2f75f3f002849cac3a5f52a7dcfb4646b7822a Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-01-12Retry cinder volume stateMichael Polenchuk2-2/+5
The service of cinder-volume restarts too quickly after package installation with default/incorrect configuration and goes over restart threshold, so systemd stops attempt to restart any further causing state faulure. To fix it properly the RestartSec (i.e. restart delay) param should be added into cinder-volume.service unit. Change-Id: Ic8591e8ef52a3d439122f276d275e56bd2442ce6 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-01-11[baremetal] Disable dhcp offered routesMichael Polenchuk1-0/+5
Prevent dhcp client from setting an unwanted default routes on compute nodes. Change-Id: I2529491bbc977647e5f457d5f1ba88b0cc4372ee Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-01-07lib.sh: Extend wait_for function to catch no respAlexandru Avadanii4-13/+8
wait_for function should be able to also check for minions that did not return or not respond, in addition to the return code. To keep it backwards compatible, condition the new check on the max attempt number being specified in decimal format (e.g. '10.0' unlike old '10'). Change-Id: If2512cf9121cdd795638efe7362ef0485d4e8d91 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-03[baremetal] Switch VCP base image to UCAAlexandru Avadanii1-0/+16
Since Mirantis prebuilt image comes with salt-minion 2016.3 instead of 2016.11 and upgrading it leads to a hard to break catch-22, use the Ubuntu cloud archive image we already download for FN VMs and pre-install: - a newer kernel (hwe-edge); - salt-minion (2016.11); This also implicitly aligns the image handling on AArch64 and x86_64. Change-Id: I86d1c777449d37bdd0348936a598e3ffe9d265af Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-03[baremetal] Retire mas01 NATAlexandru Avadanii1-1/+0
Isolate networks by retiring NAT on mas01; also cutting direct internet access from cluster nodes that are not facing the public network (prx, cmp). NOTE: Since we are removing mas01 NAT, VCP VMs (except prx which have public IPs) and kvm nodes (cmp also have public IPs) will no longer have direct internet connectivity. Cluster deployment and operations will work without it, but if it is required for different reasons, the MaaS proxy could be enabled by uncommenting the /etc/enviroment section in: - cluster.baremetal-mcp-pike-common-ha.include.proxy.yml JIRA: FUEL-317 Change-Id: I5ed8b420296b27df34a54ec1ebd7b7cf58041425 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-01[baremetal] MaaS: Enable HTTP proxyAlexandru Avadanii2-1/+13
Instead of using NAT on the mas01 node for all cluster node outgoing traffic, use the MaaS built-in proxy for APT traffic to leverage its caching capabilities too. Also enable the proxy for salt minions, so they can access public keyservers et al. Cleanup public DNS from kvm nodes, interferes with MaaS proxy. Add example config for global env proxy, but don't enable it: - default environment settings - /etc/environment (via reclass); The MaaS proxy will not be used (at least for now) on nodes: - cfg01; - mas01; NOTE: We can't yet drop the maas.pxe_nat state completely, as certain Openstack services are still accessed via public addresses from ctl nodes. JIRA: FUEL-317 JIRA: FUEL-318 Change-Id: I6c5f6872bb94afb838580571080e808bc262fc68 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-27[ovn] Inject ovn central optionsMichael Polenchuk2-0/+16
Change-Id: Ib9021ee3ca15c05cc137ae42c263383acb4393bd Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-12-25[ovn] Mend state name of openstackMichael Polenchuk1-3/+3
* rename openstack state name with noha suffix * increase vcpus for compute nodes Change-Id: I03386c4c1c92d329d847aa506589823e57644ef4 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-12-22[vcp] Catch 'no response' of salt minion as wellMichael Polenchuk1-1/+1
Salt minion could return 'no response' and cause an unconfigured state of the vcp node(s), so catch this output after linux state as well. Also clean up excess route on proxy nodes. Change-Id: I3183fa09ff41a8f027ee789869bdae0c3962ab8f Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-12-21Bring in ovn based scenarioMichael Polenchuk6-1/+44
OVN based scenario doesn't require conventional gateway node since connectivity to external networks and routing occurs on compute nodes. Change-Id: I81e0d497170d5ffb067adf13b0e46290525f26a6 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-12-20[maas] Adjust deployment order/timeoutsMichael Polenchuk1-3/+7
Change-Id: I9dbb51ce2387450e4ae19f8b3444f5e52cfdc71d Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-12-19[dpdk] Remove user/group setting for ovs rundirMichael Polenchuk1-3/+0
The proper patches have been merged into upstream (nova/neutron formulas, system reclass) to use a separate dir for vhost_user sockets. Change-Id: Iba8d8a9a05c5ab681b5b5ffbea786dca92704c82 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-12-19[baremetal] MaaS: Reduce timeout valuesAlexandru Avadanii1-9/+8
`maas_fixup` is already re-entrant, so we can execute it more than once during a commissioning/deploy cycle. Reduce the timeout waiting for all nodes to reach a stable state, so nodes stuck in 'Ready' state instead of reaching 'Deploying' get dealt with sooner (~5 min vs old 30 min). While at it, let `maas_fixup` handle machine deploy as well, so we can catch nodes stuck in 'Ready' state and re-trigger the deploy. Change-Id: Id24cc97b17489835c5846288639a9a6032bd320a Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-18Merge "states: networks: Use role-based addressing"Alexandru Avadanii1-5/+5
2017-12-18Merge "[baremetal] Move salt master IP to PXE/admin"Alexandru Avadanii1-2/+0
2017-12-18[baremetal] Move salt master IP to PXE/adminAlexandru Avadanii1-2/+0
Use PXE/admin network for salt traffic from/to all minions except cfg01, mas01. This allows us to drop the route to admin net from cfg01. Change-Id: Ic2526f1ff77afe5d92ced900971f4c8f78d2d8a2 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-16states: networks: Use role-based addressingAlexandru Avadanii1-5/+5
JIRA: FUEL-310 Change-Id: Ice6d6bbb2d2ee8e21f2757b02056873d1a030ea3 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-15ci/deploy.sh: maas: cleanup_uefi on env eraseAlexandru Avadanii1-8/+6
Running `ci/deploy.sh -EE` should also perform an UEFI boot option cleanup, otherwise we risk booting the previously installed OS. While at it, reduce delay between nodes removal and fix a rare failure for `-EE` when no nodes are defined in MaaS. Change-Id: I789ffd3e22545921216f7d5ee3509c76354542eb Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-14[baremetal] Upgrade packages on kvm, cmp nodes tooAlexandru Avadanii1-0/+1
MaaS installs a few packages via curtin, which don't get upgraded later, even if we add extra repos (it will be the case for novcp). Perform a package upgrade on all baremetal nodes, as it's also a good security practice. JIRA: FUEL-310 Change-Id: Ib365e42a0d2f65813fc9bef516326ec89fe407de Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-13patches: libvirt: Use "libvirt" unix_sock_groupAlexandru Avadanii1-2/+0
Now that libvirt 3.6 is used on kvm nodes (via UCA repos), which by default uses "libvirt" group for socket ownership, change old "libvirtd" in salt-formula-libvirt's: - libvirt/files/libvirtd.conf.Debian This allows us to remove the manual group creation from VCP state file, which was not re-entrant (failed if group already existed). Change-Id: Id61fecd82daec1c0716ff4796b79dce47d096c3a Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-12AArch64: Move to pike-armband repoAlexandru Avadanii1-4/+1
Armband restructured its repos to support UCA-only virtual deploys, propagate the change to our base image pre-build. Drop apt-mk repos, should only be added later by Salt, when MCP repos are also present. JIRA: ARMBAND-338 Change-Id: Ieafa6d3fb0599679341053187b4a7d778af86428 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-12[baremetal] Fixup pike deployment (2)Michael Polenchuk1-0/+2
* align dpdk packages list * add missing libvirtd group to vcp host nodes Change-Id: Ideab2b16ca0561035b225e58bf3d0c5653d303bb Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-12-11AArch64: s/ocata/pike/g in scenario defaultsAlexandru Avadanii1-3/+3
We hard set some repo URLs used for base image pre-building, so bump those to Pike, now that Armband repos for Pike are populated. JIRA: ARMBAND-335 Change-Id: Ibd7267b628985a3c7a33d9d8a93c824077c69f10 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-11[baremetal] Fixup pike deploymentMichael Polenchuk2-4/+6
* up glusterfs.client state before actual volume usage * handle keystone server state * specify suitable nova packages list for uca repo (consoleproxy vs novncproxy) * upgrade vcp nodes to get proper cryptography library for keystone * align service names for libvirt & glusterfs Change-Id: Iaeb7d147e6d407bbeaec2d40fd81037c939c3fe0 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>