summaryrefslogtreecommitdiffstats
path: root/mcp/patches/patches.list
AgeCommit message (Collapse)AuthorFilesLines
2018-02-13[patch] MaaS: mcp.rsa.pub to auth keys via pillarAlexandru Avadanii1-1/+0
Drop one questionable patch responsible for MaaS node authorized keys to include mcp.rsa.pub by reading the contents of authorized keys on mas01, assuming mcp.rsa.pub will be on the first line. Instead, export the contents of the public key using a shell env var during deploy, which gets expanded via maas_pdf j2 template into a reclass param, leveraging existing salt-formula-maas sshprefs mechanism for delivering the key to MaaS. Since we require the public key to exist before expanding templates, move `generate_ssh_key` call outside the current infrastructure handling block, allowing it to execute during all `deploy.sh` calls, even for dry-runs. Change-Id: I0f53b0f764a2fafd292e0ffd399c284acf61bd30 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-02-06Add NOVCP HA OVS scenario (baremetal, virtual)Alexandru Avadanii1-0/+1
Add a new class of scenarios, based on existing baremetal HA scenarios, but instead of having a virtualized control plane (VCP), all Openstack controller services will run directly on the cluster nodes. This change adds the common scaffolding, as well as the OVS scenario. The new scenario(s) can be used on full-baremetal clusters, soon on full-virtual clusters and later on hybrid (virt + bare) clusters. This change defines old (current) style scenario definitions for both baremetal and virtual, both named: - os-nosdn-nofeature-novcp-ha; Prerequisites: 1. Merge-able by name reclass.storage.node definitions Each cluster (e.g. database, telemetry) adds its own set of reclass storage node defitions, which for novcp scenarios should be merged into a single node (kvm) based on the 'name' property. This is not currently supported by upstream reclass 'node.sls' high state, so add support for it via an early patch (required before salt-master-init.sh tries to handle reclass.storage). 2. common reclass classes for novcp Some of the classes in `baremetal-...-common-ha` are not fit for novcp as they define VCP-specific config/inheritance, so add new versions of said classes with novcp in mind or adapt old classes: - parameterize ctl hostname in `openstack_compute.yml`; - new `openstack_control_novcp.yml`; - new `openstack_init_novcp.yml`; 3. Handle hard set names in state files for baremetal nodes Some of our state files (e.g. maas) hardcodes baremetal node names to 'kvm', 'cmp', so we need to align the names in novcp scenario with these values to re-use the maas state. As a future improvement we should parameterize these names in all state files. As a consequence, our baremetal controller nodes will also use 'kvm*' hostnames (instead of 'ctl*'). 4. Add 'noifupdown' to all interfaces on kvm nodes to prevent duplicate IPs/routes created at *any* ifup due to /etc/network/route-br-ex. Patch salt-formula-linux to skip network restart on 'noifupdown', also when routes are present on that interface. JIRA: FUEL-310 Change-Id: Ic67778f63e5ee0334dbfe9547c7109ec1a938d61 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-31Turn off Retpoline and KPTI protectionMichael Polenchuk1-1/+1
Based on Canonical research (https://goo.gl/QJykMa) there is low-risk of attack for private clouds environments, therefore turn off the related kernel patches & regain performance back. Change-Id: I661fa127241e327b07d21a29d58d584997607123 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-01-26[ovs/dpdk] Configure vxlan for baremetal scenarioMichael Polenchuk1-0/+1
* switch ovs/dpdk scenario from vlan to vxlan mode * force br-ex interface to mitigate race with incorrect state * remove dpdk packages list (already in upstream) Change-Id: Ib827cef2d67879fd2a86d286ca2118b22493274d Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-01-22[patch] system.repo: Add keyserver proxy supportAlexandru Avadanii1-0/+1
Instead of defining a http proxy for all salt-minion traffic, which also includes some Openstack API accesses we can't filter (no_proxy is not yet supported), add & leverage support for proxy configuration during APT keyserver access / key download. JIRA: FUEL-331 Change-Id: I9470807633596c610cfafb141b139ddda2ff096b Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-03[baremetal] Switch VCP base image to UCAAlexandru Avadanii1-1/+0
Since Mirantis prebuilt image comes with salt-minion 2016.3 instead of 2016.11 and upgrading it leads to a hard to break catch-22, use the Ubuntu cloud archive image we already download for FN VMs and pre-install: - a newer kernel (hwe-edge); - salt-minion (2016.11); This also implicitly aligns the image handling on AArch64 and x86_64. Change-Id: I86d1c777449d37bdd0348936a598e3ffe9d265af Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-03Revert "patches: Drop salt ver sync patch, now upstream"Alexandru Avadanii1-0/+1
Unlike nightly dist, stable/2017.12 distributions of salt formulas repo do not yet include this change, so bring it back. This reverts commit 8fbafdf8a665fb8fff4d6f9f14c343e109c122ec. Change-Id: I7f7011750d385a28f4653faeeb74edb1cac1bcf2 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-03[patch] Use keystoneclient to check project IDAlexandru Avadanii1-0/+1
Another prerequisite for decoupling public network from Openstack internal management network (upstream won't fix it for Pike): - port fix from [1] for using the internal network when connecting to keystone during project ID validation in nova, instead of going through public endpoint (and using SSL). [1] https://bugs.launchpad.net/nova/+bug/1716344 Change-Id: Ic9a307df9af78fcd58cbcc07b5e62a7e07cc8d7d Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-31[baremetal] cmp: Add missing public gw (default)Alexandru Avadanii1-0/+1
When we dropped the default gw via mas01 NAT, we uncovered a bug, compute nodes do not have the proper public gw set up and used to reach public network via mas01, slowing everything down. Add gw similar to prx nodes. Fixes: d4ab072 Change-Id: I4343c31c376a7a223670cdd623366454396d8d92 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-27patches: Squash maas region changesAlexandru Avadanii1-1/+0
When re-deploying with `-f` flag, `patch -R` cannot cleanly revert maas region changes with overlapping context lines, so squash them into a single file. Change-Id: I87dae72a12fea833e9e6729de21d4ce5f262695e Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-19Set libvirt unix_sock_group as an optionMichael Polenchuk1-1/+0
Updated libvirt formula now supports group name as an option for unix socket parameter. Change-Id: I683e38971fe6c939fd09e95b805d611ddc596f28 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-12-18[baremetal] MaaS: Fix DHCP dynamic reserved rangeAlexandru Avadanii1-0/+1
- patch MaaS to default to `DHCP` instead of `AUTO` for physical PXE interfaces (all IPs will be handed out by MaaS DHCP *inside* the defined dynamic DHCP IP range); - reduce range to silence bogus MaaS warning about address exhaustion; - regenerate pod_config.yml.example to reflect the changes; - drop `opnfv_infra_maas_pxe_address` (duplicate of `opnfv_infra_maas_node01_deploy_address`); - add `opnfv_infra_config_pxe_address` for future usage; - while at it, fix missing patch copyright; JIRA: FUEL-316 Change-Id: I81fad333e77f7c8508cd2b2b267c7b39c130e3e1 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-14patches: Drop salt ver sync patch, now upstreamAlexandru Avadanii1-1/+0
Upstream pull request [1] was merged, drop out patch. [1] https://github.com/salt-formulas/salt-formula-salt/pull/64 Change-Id: I7aac66349a4bec718f7821b75dbad711cd6acd58 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-14Revert "Horizon: service: Default to v2 API"Alexandru Avadanii1-1/+0
Pike Horizon packages contain the fix for full v3 compatibility. Also update the reclass models to use v3 API. JIRA: FUEL-284 This reverts commit 68ff467c4c2d9d0f201e2912c97616402f8109a3. Change-Id: I7795197100a67f892889eefce73252ec90d289cc Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-13patches: libvirt: Use "libvirt" unix_sock_groupAlexandru Avadanii1-0/+1
Now that libvirt 3.6 is used on kvm nodes (via UCA repos), which by default uses "libvirt" group for socket ownership, change old "libvirtd" in salt-formula-libvirt's: - libvirt/files/libvirtd.conf.Debian This allows us to remove the manual group creation from VCP state file, which was not re-entrant (failed if group already existed). Change-Id: Id61fecd82daec1c0716ff4796b79dce47d096c3a Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-05Clean up noifupdown support patchMichael Polenchuk1-1/+0
The patch has been merged to upstream linux formula. Change-Id: I09f96be920c5c3ecd09fd2ab132e25519902239b Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-11-28Revert "[baremetal] Fix maas_subnets without maas_fabrics"Michael Polenchuk1-1/+0
The upstream commit has been merged https://github.com/salt-formulas/salt-formula-maas/commit/0c622327 This reverts commit 2c48915a1a77aa3ac0133155fd0cdadbf280493d. Change-Id: Iff86f3dc171371903e3294eed43977eb6197a5e7 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-11-23[baremetal] Fix maas_subnets without maas_fabricsAlexandru Avadanii1-0/+1
Change-Id: I603b39d46d3f2f2448b8f9746ad0745e416bbee7 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-11-18patches: linux.storage.lvm: Disable filterAlexandru Avadanii1-0/+1
JIRA: FUEL-304 Change-Id: I52ae89f933f976b678b27f79e2ad67c3699ef8ec Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-11-12salt formulas: Pin via reclass instead of salt.shAlexandru Avadanii1-0/+1
Previous commit pinned the salt-formula-package by installing a specific version after OPNFV-specific patches were applied by `patch.sh`. To prevent patch bypass, move the pin to reclass model. While at it, also move salt-formula-neutron pinning to reclass to bypass wrong minimum length of 2 for version-pinned formula pkgs. Change-Id: I35c2773c130d79ec919685cd771311d6c11e11a8 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-10-18Horizon: service: Default to v2 APIAlexandru Avadanii1-0/+1
Horizon service definition hardcodes the API version to v3, and also overrides the value in our reclass model during interpolation. Adjust the default to '2'. While at it, move 'reclass' patching later in `salt.sh`, after the salt formula packages are installed. JIRA: FUEL-284 Change-Id: I6f63b4d00ae85c82b076b3efef857e7cc4f3fd35 Signed-off-by: Ting Wu <ting.wu@enea.com> Signed-off-by: Junaid Ali <junaidali.yahya@gmail.com> Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-10-14Add license headers where missingAlexandru Avadanii1-0/+7
While at it, compact 'set' into bash shebang where possible and add `make patches-copyright` target to simplify adding patch license headers. Change-Id: I0c841de72e5709e5eef915a52c5ec4a7fc0f7c37 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-10-03Apply neutron formula patch after formula updateMichael Polenchuk1-1/+0
Change-Id: I8dba3676adc8cc49731d91db7cc028a9c5b1627d Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-09-23MaaS: Reduce C/D timeouts, minor fixesAlexandru Avadanii1-0/+1
- add new patch for maas.region, extending it poorly with a timeout override mechanism; the new comissioning/deploying timeout defaults (10/15min) will be used instead of MaaS defaults (20/40min), unless reclass params are defined with different values; - add 30s delay between 'machine mark-broken' and 'machine mark-fixed' MaaS cli commands (fixes a rare race condition); - fix forgotten replace in 'maas.pxe_route': s/opnfv_fuel_/opnfv_/g; Change-Id: I71c562b80031bac2793dd470d52928c2d62e5300 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-08-29patches: seedng: module: Sync salt versionAlexandru Avadanii1-0/+1
JIRA: FUEL-282 Change-Id: I6c86ce0b1113ca674b1756e7997559eee90a4e5f Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-08-28Sync os cacert from proxy to salt masterMichael Polenchuk1-0/+1
JIRA: FUEL-274 Change-Id: I2c8161b24cb18a0d1f9dc6fd509ce18af7ea8cf5 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-08-19MaaS: Add support for dynamic fabric numberingAlexandru Avadanii1-2/+3
Previously, we hardcoded the fabric name for our 3rd interface (which serves PXE/DHCP for the target nodes) to "fabric-2", relying on predictable index numbers to be provided by MaaS based on the interfaces defined in /etc/network/interfaces. However, the fabric IDs/names generated by MaaS are not predictable, and therefore cannot be hardcoded in our reclass model / scripts. Work around this by: - adding support for fabric ID deduction based on CIDR matching during subnet create/update operation in MaaS py module; - adding support for VLAN DHCP enablement to MaaS py module, which was previously handled via shell MaaS API operations from maas/region.sls; While at it, revert previous commit that disabled network discovery ("MaaS: Disable network discovery"), since it turns out that network discovery was not the culprit for subnet creation failure, but wrong fabric numbering. This reverts commit 8cdf22d1a1bae4694a373873cab4feb6251069b7. Change-Id: I15fa059004356cb4aaabb38999ea378dd3c0e0bb Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-08-17Bring in baremetal supportAlexandru Avadanii1-0/+3
- ci/deploy.sh: fail if default scenario file is missing; - start by copying reclass/classes/cluster/virtual-mcp-ocata-ovs as classes/cluster/baremetal-mcp-ocata-ovs; - add new state (maas) that will handle MaaS configuration; - Split PXE network in two for baremetal: * rename old "pxe" virtual network to "mcpcontrol", make it non-configurable and identical for baremetal/virtual deploys; * new "pxebr" bridge is dedicated for MaaS fabric network, which comes with its own DHCP, TFTP etc.; - Drop hardcoded PXE gateway & static IP for MaaS node, since "mcpcontrol" remains a NAT-ed virtual network, with its own DHCP; - Keep internet access available on first interfaces for cfg01/mas01; - Align MaaS IP addrs (all x.y.z.3), add public IP for easy debug via MaaS dashboard; - Add static IP in new network segment (192.168.11.3/24) on MaaS node's PXE interface; - Set MaaS PXE interface MTU 1500 (weird network errors with jumbo); - MaaS node: Add NAT iptables traffic forward from "mcpcontrol" to "pxebr" interfaces; - MaaS: Add harcoded lf-pod2 machine info (fixed identation in v6); - Switch our targeted scenario to HA; * scenario: s/os-nosdn-nofeature-noha/os-nosdn-nofeature-ha/ - maas region: Use mcp.rsa.pub from ~ubuntu/.ssh/authorized_keys; - add route for 192.168.11.0/24 via mas01 on cfg01; - fix race condition on kvm nodes network setup: * add "noifupdown" support in salt formula for linux.network; * keep primary eth/br-mgmt unconfigured till reboot; TODO: - Read all this info from PDF (Pod Descriptor File) later; - investigate leftover references to eno2, eth3; - add public network interfaces config, IPs; - improve wait conditions for MaaS commision/deploy; - report upstream breakage in system.single; Change-Id: Ie8dd584b140991d2bd992acdfe47f5644bf51409 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com> Signed-off-by: Guillermo Herrero <Guillermo.Herrero@enea.com> Signed-off-by: Charalampos Kominos <Charalampos.Kominos@enea.com> Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-08-10maas: region: credentials workaround, force syncAlexandru Avadanii1-1/+3
Workaround the issues described in [1], stating that salt-formula-maas package cannot set an autogenerated PostgreSQL password, respectively the known error thrown during initial setup. FIXME: These should be reverted later, after fixing the MaaS password update and initial artifact sync in the salt formula / scripts. [1] https://docs.mirantis.com/mcp/1.0/mcp-deployment-guide/\ install-base-infra/set-up-bare-metal-provisioner/configure-maas-vm.html Change-Id: I8b37f55d3caa4119c64f9549578850dd4eb9e3ad Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-08-01salt.sh: Drop upstream clone in favor of local gitAlexandru Avadanii1-1/+0
salt.sh currently clones the full Fuel@OPNFV git repo from upstream public mirror, preventing us from testing locally edited or new patches. Instead, bring back git submodule handling from old f_repos, clone and patch each submodule locally, then copy the whole parent repo over to cfg01. This is also a first step towards implementing offline deploy support. NOTE: This adds new deploy prerequisite packages: - git (for submodule clone/update); - make (for submodule patching); - rsync (for parent repo replication to cfg01); NOTE: Parent repository is expected to be a git repo, in order to work with git submodules. While at it, perform some minor related changes: - add deploy artifacts (ISOs, qcow2 files) to .gitignore, also used to filter-out such files during rsync to cfg01; - remove obsolete Fuel patches (old f_repos mechanism); - rename "reclass-system-salt-model" submodule; Change-Id: I6210d80d41010b2802e4f1b31acf249a18db7963 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-07-12Apply reclass patches before salt master initMichael Polenchuk1-2/+2
Change-Id: I7bb984880e98b7bdec9aa0b3895a3be9fd75cac0 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-07-11Apply upstream patchesMichael Polenchuk1-0/+2
For opendaylight support: * neutron formula * reclass system model Plus missing apply of haproxy state. Change-Id: Ic9e3672b51d5331656d636c44c3f891e49437e23 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>