| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
* Refactor OPNFV salt-formulas mechanism to resemble upstream git
structure:
- git submodules: add new submodule for each formula we patch;
- create salt-formula-x directories for OPNFV formulas;
- move mcp/metadata/service contents to their each formula subdir;
- use `make patches-import` for patches previously handled by
patch.sh;
- retire patch.sh
* states: add virtual_init:
- mostly based on old salt.sh, which is now obsolete;
- exclude salt-master service restart (it would kill the container);
* scenarios: cleanup (rm cfg01 virtual node def), adopt virtual_init;
* reclass: align our model with prebuilt container's Salt config:
- drop linux:network pillar data (handled by Docker);
- stop applying linux.system state on cfg01;
- align salt user homedir;
- drop salt-formula packages (preprovisioned);
* minor plumbing in deploy.sh and lib.sh;
JIRA: FUEL-383
Change-Id: I28708a9b399d3f19012212c71966ebda9d6fc0ac
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: I61ee8e19e783437dce7a9ddd666cd60e9d22a2e1
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Configure barbican for cinder-volumes and nova-compute
to use encrypted volumes
Disable default glance image signature verification with
barbican enabled
JIRA: FUNCTEST-981
Change-Id: I35660234526780a2277e459f3fa21a67d96ce7d7
Signed-off-by: Delia Popescu <delia.popescu@enea.com>
|
|
Since we switched all scenarios to using only global gateway settings
instead of per-interface routes, drop the obsolete patch for OVS
ports with explicit routes.
Change-Id: Ibd28849437b598add9847c991e0276b4d0fc505e
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Obsolete our out of tree patch in favor of upstream mechanisms for
creating fabrics/VLANs/subnets.
Change-Id: I57d6d59764a825b428f423d48c5d90af7f2e676f
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: I1e1490f4d0a0bee2783450c6369d7ab6c45b193f
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: Ida4cf736dfe60886384e7e180d3e43faf811bd58
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
JIRA: FUEL-364
Change-Id: I891514f85cf694509003a3b0a6f3568524d0a461
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: I0c8f87bad0fbe55684bd43547674ed91a31f39f8
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: Iad2a27d059b43ed14fb70bdee01b3db29613615b
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
This reverts commit c7dff6e1ae6444f60d3fe20b1f495609c7980051.
The patch has been merged into upstream.
Change-Id: Idf768b9b94b3498994601d50feeeef008430ba27
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Upstream PR [1] should fix recently introduced issues with nginx
state for SSL-enabled sites.
[1] https://github.com/salt-formulas/salt-formula-nginx/pull/40
Change-Id: I52b5e4f51539e535249e0850f0b34c2801f4d74a
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Preseed Armband common repo-comp for Pike, so we get
the updated kernel & other packages from the start.
Requires upstream PR [1].
While at it, also handle related PR merged upstream [2] by
explicitly setting maas.region.subnets name via j2 instead of reclass
param expansion in name (allows us to drop the remaining chunk of the
fabric-from-CIDR patch we used to carry).
Note: opnfv_infra_maas_pxe_network_addres can now be dropped from
pod_config j2 template in Pharos Fuel installer adapter.
[1] https://github.com/salt-formulas/salt-formula-maas/pull/26
[2] https://github.com/salt-formulas/salt-formula-maas/pull/22
Change-Id: I356adb73b80f0f2d85db4ab060e804cb9a053862
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Select xenial image explicitly to avoid getting latest bionic one.
Change-Id: Iee872b8dd2ce309231829a0ad8e5a3cf1a75f796
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
* remove client patch (has been merged to upstream)
* websocket now is disabled by default
* purge deprecated/unneeded features (odl-mdsal-apidocs, odl-dlux-all)
Change-Id: Id247a3c74e66730049bfeafc4a5164aad0d9b662
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: Ia517b7cf1723a5afaf43cb0709716f3a67a29e9f
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Since we brought back NAT over MaaS PXE/admin, drop out-of-tree patch
that was only needed for full network isolation (no cross-talk
between public and admin).
Change-Id: I577b1116bbdcc19647b3c01fe6f2acb7bb9ce627
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
|
|
This evironment variable is required by test suite to refer
to an attached volume (vdb is reserved for config drive).
JIRA: FUEL-353
Change-Id: I4f7c96b2344575fcd9b785e3c74b27ef4c4d64f8
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: I078e11219fb8dea4505c46e7f75c295c5a72c59b
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
While at it, drop patch now upstream.
JIRA: FUEL-348
Fixes: cf6cd9cd
Change-Id: Ieb4c93e9dc79a4e4dec140433574e042a1a6f2dc
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
- submodule: bump Pharos to pick up installer adapter support, as well
as IDF updates for Ericsson baremetal pod1;
- labs/local/virtual: Bump mgmt, public networks start addresses from
.1 to .10, similar to ericsson-pod1;
While at it, drop patch now upstream and instead adopt the new param
'neutron:server:root_helper_daemon'.
JIRA: FUEL-351
Change-Id: I9bc244a7fd8698861a390ed2b6a27804be46c285
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
* class including order (default was used)
* disable root_helper_daemon (incompatible with UCA)
* turn off websocket for pseudo agent updates
Change-Id: I4d7971d393da184bdd55f65b4d3fd8d9e898543f
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: If7d51555bc13dbcaa63f93ab1993f3655e2ce643
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: I503c8ad32900406e1fa375cec9a91b454889d8bf
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: Icee56da3720f0926e42390965581639f6a344b77
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Now we explicitly add a LVM PV on /dev/sda{1,2} for Cinder storage,
so we can safely drop the patch disabling LVM volume filtering.
If we later move the PV to a different disk, we can just add the VG
and LV definitions to linux:storage via reclass, and Salt will skip
setting them up (as they're already created by MaaS), yet keep the
filtering sane.
While at it, fix 'nova_cpu_pinning' param expr; constructs based on
reclass interpolation (e.g. '${_param:x}') do not work when
parameters are passed via reclass.storage templating, so change
reclass interpolation syntax with classic YAML anchors.
Fixes: 672ae12
Change-Id: Ieb41635ddeb630543d7e4d1079f45d636d9a43af
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
- fix `route-br-ex` if-up.d script failing when route already exists
by adding a wrapper around distro's '/sbin/route' binary in
'/usr/local/sbin/route', exploiting default order in Ubuntu PATH;
- fix 'br-prv' duplicate entry in 'interfaces.d/ifcfg-br-prv' and
'interfaces' caused by upstream bug [1];
- add barrier waiting for all baremetal nodes online before attempting
reboot, trying to catch rare failures which are undetectable in logs
as both a succesful reboot and a disconneted minion report 'n/c';
With the above in place, networking service should no longer fail
to start on cmp nodes w/ DPDK.
[1] https://github.com/saltstack/salt/issues/40262
Change-Id: I6d4895376ce323c14c997e6c9af2ea3eeeee0184
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Drop one questionable patch responsible for MaaS node authorized
keys to include mcp.rsa.pub by reading the contents of authorized
keys on mas01, assuming mcp.rsa.pub will be on the first line.
Instead, export the contents of the public key using a shell env
var during deploy, which gets expanded via maas_pdf j2 template
into a reclass param, leveraging existing salt-formula-maas sshprefs
mechanism for delivering the key to MaaS.
Since we require the public key to exist before expanding templates,
move `generate_ssh_key` call outside the current infrastructure
handling block, allowing it to execute during all `deploy.sh` calls,
even for dry-runs.
Change-Id: I0f53b0f764a2fafd292e0ffd399c284acf61bd30
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Add a new class of scenarios, based on existing baremetal HA
scenarios, but instead of having a virtualized control plane (VCP),
all Openstack controller services will run directly on the cluster
nodes.
This change adds the common scaffolding, as well as the OVS scenario.
The new scenario(s) can be used on full-baremetal clusters, soon on
full-virtual clusters and later on hybrid (virt + bare) clusters.
This change defines old (current) style scenario definitions for
both baremetal and virtual, both named:
- os-nosdn-nofeature-novcp-ha;
Prerequisites:
1. Merge-able by name reclass.storage.node definitions
Each cluster (e.g. database, telemetry) adds its own set of
reclass storage node defitions, which for novcp scenarios should
be merged into a single node (kvm) based on the 'name' property.
This is not currently supported by upstream reclass 'node.sls'
high state, so add support for it via an early patch (required
before salt-master-init.sh tries to handle reclass.storage).
2. common reclass classes for novcp
Some of the classes in `baremetal-...-common-ha` are not fit for
novcp as they define VCP-specific config/inheritance, so add new
versions of said classes with novcp in mind or adapt old classes:
- parameterize ctl hostname in `openstack_compute.yml`;
- new `openstack_control_novcp.yml`;
- new `openstack_init_novcp.yml`;
3. Handle hard set names in state files for baremetal nodes
Some of our state files (e.g. maas) hardcodes baremetal node names
to 'kvm', 'cmp', so we need to align the names in novcp scenario
with these values to re-use the maas state. As a future improvement
we should parameterize these names in all state files.
As a consequence, our baremetal controller nodes will also use
'kvm*' hostnames (instead of 'ctl*').
4. Add 'noifupdown' to all interfaces on kvm nodes to prevent duplicate
IPs/routes created at *any* ifup due to /etc/network/route-br-ex.
Patch salt-formula-linux to skip network restart on 'noifupdown',
also when routes are present on that interface.
JIRA: FUEL-310
Change-Id: Ic67778f63e5ee0334dbfe9547c7109ec1a938d61
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Based on Canonical research (https://goo.gl/QJykMa) there is
low-risk of attack for private clouds environments, therefore
turn off the related kernel patches & regain performance back.
Change-Id: I661fa127241e327b07d21a29d58d584997607123
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
* switch ovs/dpdk scenario from vlan to vxlan mode
* force br-ex interface to mitigate race with incorrect state
* remove dpdk packages list (already in upstream)
Change-Id: Ib827cef2d67879fd2a86d286ca2118b22493274d
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Instead of defining a http proxy for all salt-minion traffic, which
also includes some Openstack API accesses we can't filter (no_proxy
is not yet supported), add & leverage support for proxy configuration
during APT keyserver access / key download.
JIRA: FUEL-331
Change-Id: I9470807633596c610cfafb141b139ddda2ff096b
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Since Mirantis prebuilt image comes with salt-minion 2016.3 instead
of 2016.11 and upgrading it leads to a hard to break catch-22, use
the Ubuntu cloud archive image we already download for FN VMs and
pre-install:
- a newer kernel (hwe-edge);
- salt-minion (2016.11);
This also implicitly aligns the image handling on AArch64 and x86_64.
Change-Id: I86d1c777449d37bdd0348936a598e3ffe9d265af
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Unlike nightly dist, stable/2017.12 distributions of salt formulas
repo do not yet include this change, so bring it back.
This reverts commit 8fbafdf8a665fb8fff4d6f9f14c343e109c122ec.
Change-Id: I7f7011750d385a28f4653faeeb74edb1cac1bcf2
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Another prerequisite for decoupling public network from Openstack
internal management network (upstream won't fix it for Pike):
- port fix from [1] for using the internal network when connecting
to keystone during project ID validation in nova, instead of
going through public endpoint (and using SSL).
[1] https://bugs.launchpad.net/nova/+bug/1716344
Change-Id: Ic9a307df9af78fcd58cbcc07b5e62a7e07cc8d7d
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
When we dropped the default gw via mas01 NAT, we uncovered a bug,
compute nodes do not have the proper public gw set up and used
to reach public network via mas01, slowing everything down.
Add gw similar to prx nodes.
Fixes: d4ab072
Change-Id: I4343c31c376a7a223670cdd623366454396d8d92
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
When re-deploying with `-f` flag, `patch -R` cannot cleanly revert
maas region changes with overlapping context lines, so squash them
into a single file.
Change-Id: I87dae72a12fea833e9e6729de21d4ce5f262695e
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Updated libvirt formula now supports group
name as an option for unix socket parameter.
Change-Id: I683e38971fe6c939fd09e95b805d611ddc596f28
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
- patch MaaS to default to `DHCP` instead of `AUTO` for physical
PXE interfaces (all IPs will be handed out by MaaS DHCP *inside* the
defined dynamic DHCP IP range);
- reduce range to silence bogus MaaS warning about address exhaustion;
- regenerate pod_config.yml.example to reflect the changes;
- drop `opnfv_infra_maas_pxe_address` (duplicate of
`opnfv_infra_maas_node01_deploy_address`);
- add `opnfv_infra_config_pxe_address` for future usage;
- while at it, fix missing patch copyright;
JIRA: FUEL-316
Change-Id: I81fad333e77f7c8508cd2b2b267c7b39c130e3e1
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Upstream pull request [1] was merged, drop out patch.
[1] https://github.com/salt-formulas/salt-formula-salt/pull/64
Change-Id: I7aac66349a4bec718f7821b75dbad711cd6acd58
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Pike Horizon packages contain the fix for full v3 compatibility.
Also update the reclass models to use v3 API.
JIRA: FUEL-284
This reverts commit 68ff467c4c2d9d0f201e2912c97616402f8109a3.
Change-Id: I7795197100a67f892889eefce73252ec90d289cc
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Now that libvirt 3.6 is used on kvm nodes (via UCA repos), which
by default uses "libvirt" group for socket ownership,
change old "libvirtd" in salt-formula-libvirt's:
- libvirt/files/libvirtd.conf.Debian
This allows us to remove the manual group creation from VCP state
file, which was not re-entrant (failed if group already existed).
Change-Id: Id61fecd82daec1c0716ff4796b79dce47d096c3a
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
The patch has been merged to upstream linux formula.
Change-Id: I09f96be920c5c3ecd09fd2ab132e25519902239b
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
The upstream commit has been merged
https://github.com/salt-formulas/salt-formula-maas/commit/0c622327
This reverts commit 2c48915a1a77aa3ac0133155fd0cdadbf280493d.
Change-Id: Iff86f3dc171371903e3294eed43977eb6197a5e7
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: I603b39d46d3f2f2448b8f9746ad0745e416bbee7
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
JIRA: FUEL-304
Change-Id: I52ae89f933f976b678b27f79e2ad67c3699ef8ec
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Previous commit pinned the salt-formula-package by installing a
specific version after OPNFV-specific patches were applied by
`patch.sh`. To prevent patch bypass, move the pin to reclass model.
While at it, also move salt-formula-neutron pinning to reclass to
bypass wrong minimum length of 2 for version-pinned formula pkgs.
Change-Id: I35c2773c130d79ec919685cd771311d6c11e11a8
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Horizon service definition hardcodes the API version to v3, and
also overrides the value in our reclass model during interpolation.
Adjust the default to '2'.
While at it, move 'reclass' patching later in `salt.sh`, after
the salt formula packages are installed.
JIRA: FUEL-284
Change-Id: I6f63b4d00ae85c82b076b3efef857e7cc4f3fd35
Signed-off-by: Ting Wu <ting.wu@enea.com>
Signed-off-by: Junaid Ali <junaidali.yahya@gmail.com>
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
While at it, compact 'set' into bash shebang where possible and
add `make patches-copyright` target to simplify adding patch
license headers.
Change-Id: I0c841de72e5709e5eef915a52c5ec4a7fc0f7c37
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
Alexandru Avadanii
Michael Polenchuk
Delia Popescu