Age | Commit message (Collapse) | Author | Files | Lines |
|
Fix broken systemd service unit dependecies:
- OVS should start before networking service;
- OVS ports & bridges should not be automatically ifup-ed by
networking service to avoid races, so drop 'auto' for both
(OVS ports are automatically handled when part of an OVS bridge);
- explicitly ifup OVS bridges as part of networking service, but
after all Linux interfaces have been handled;
- use 'allow-ovs br-prv' to let OVS handle br-prv and avoid another
race condition;
While at it, fix some other related issues:
- make OVS service start after DPDK service (if present);
- bump OVS-DPDK compute VMs RAM since since switching from MTU 1500
to jumbo frames for virtual PODs a while ago failed to do so [1];
- avoid creating conflicting reclass linux.network.interfaces entries
for OVS ports by using their name (drop 'ovs_port_' prefix):
* for untagged networks they will override existing common defs;
* for tagged networks, they will create separate entries;
- DPDK scenarios: make gtw01 br-prv members OVS ports to avoid race
conditions after node reboot by letting OVS handle them;
[1] https://developers.redhat.com/blog/2018/03/16/\
ovs-dpdk-hugepage-memory/
Change-Id: I0266ba67f3849b6f7e331a758146b331730bae55
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
The ovs port remains in down state after reboot if "auto" is off.
Also turn off no_wait option for odl-noha scenarios.
Change-Id: I0121b3190869528e5f2e9985f9e9299ac6c6724e
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: I74c1c85310e2012e664764b6129fc4a52faaf106
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
* patch is merged into oslo-templates
* rocky repo key name is made as for others
* jinja package is updated to fix incorrect quoted value
[https://github.com/saltstack/salt/issues/46594]
Change-Id: Ia6359cf89579b4d892ae40c4d087168edcd86ebb
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
|
|
MCP repos no longer publish arm64 metadata, so drop our patch that
selected arm64 metadata on arm64 systems.
Instead, let it default to 'deb [arch=amd64]', which will allow
arm64 systems to fetch amd64 metadata and inherintely fetch all
arch-independent packages from the same repos.
While at it, switch to 'rocky-armband' repos on arm64 systems.
Change-Id: I07fda895f5162bfa576c62336cbb4d74e985f37a
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Handle noifupdown option for all cmd.run states
with explicit ifup call as well.
Change-Id: Ie855a0810bcfe4a856cf9d29bd0755643d71ff4d
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
- cmp, gtw: bump RAM allocation to accomodate hugepages/VPP;
for now we overcommit, gtw01 resources can probably be lowered;
- submodule: add salt-formula-neutron so we can locally patch it;
- repo:
* FD.IO repos for VPP packages;
* networking-vpp PPA for python-networking-vpp Neutron driver;
- use vpp-router for L3, disable neutron-l3-agent;
- baremetal_init: apply repo config before network (otherwise UCA
repo is missing when trying to install DPDK on baremetal nodes);
- arm64: iommu.passthrough=1 is required on ThunderX for VPP on
newer kernels;
Design quirks:
- vpp service runs as 'neutron' user, which does not exist at the
time VPP is installed and initially started, hence the need to
restart it before starting the vpp-agent service;
- gtw01 node has DPDK, yet to configure it via IDF we use the
compute-specific OVS-targeted parameters like
`compute_ovs_dpdk_socket_mem`, which is a bit misleading;
- vpp-agent requires ml2_conf.ini on ALL compute AND network nodes
to parse per-node physnet-to-real interface names;
- vpp process is bound to core '1' (not parameterized via IDF);
Change-Id: I659f7dbebcab7b154e7b1fb829cd7159b4372ec8
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
On AArch64, 1G hugepages need to be enabled via kernel cmdline
before mounting hugetlbfs [1].
Leverage MaaS tags to apply custom kernel args to AArch64 nodes.
[1] https://wiki.debian.org/Hugepages
Change-Id: Ie68ddf805836ee62f725019b0b873082b1d40948
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
`make patches-export` trims trailing whitespace from patch file,
bring it back to prevent issues with `patches-import`.
Change-Id: Ie9fe31f4480164ce19d3ccd47c2050e28382410a
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
This commit should be reverted once original formulas
get required support of rocky version.
Change-Id: Ia3458381bced0cae8dbfacc9781c90933ad5c822
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
JIRA: FUEL-364
Change-Id: Ia470fc8103713e7a06cd9647675b0edfb4342bf8
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
JIRA: FUEL-336
Change-Id: I1c8d22b8322f700eb727d9077035ba4c9f9f9753
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
For x86_64, the Saltstack bootstrapping scripts fetch a custom build
of `python-tornado` DEB package, which being arch-specific won't be
picked up on AArch64 (and a similar version from Ubuntu Xenial repos
will be used instead).
Although the Ubuntu package works just fine, it lacks a hard
dependency on `python-futures`, which became mandatory in Salt
2017.7.8, see [1].
Explicitly install `python-futures` inside cfg01 Docker container
during build, which will be a no-op on x86_64 and fix the issue on
AArch64.
[1] https://github.com/saltstack/salt/issues/50220
Change-Id: Ie4aad064572788c0852aaf398f21437b456becbe
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
While at it, fix emoji issues with latest virtualenv [1].
JIRA: FUEL-398
[1] https://github.com/pypa/pipenv/issues/3223
Change-Id: Ice5937222bf75c1ddadc6b9f1994635bc10faf57
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
|
|
Workaround broken configuration default option in `reclass` [1].
[1] https://github.com/salt-formulas/reclass/issues/77
Change-Id: I8a6e1d9fcd20f32e2c9edff59f6b538dc94008fb
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
* bump salt-formula-maas git submodule;
* sync AArch64 initial salt config with the x86_64 default config;
* bump Pharos git submodule to sync `power_pass` MaaS configuration
paramater naming;
Change-Id: Ic59dd8becb6d83a9e67004c38d51681c88c4be7c
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Also disable transparent hugepages on telemetry hosted nodes
to avoid latency and memory usage issues with Redis.
Change-Id: I3c7a0be6edbc51141f5d79d7368583afacef9025
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
- s/Fuel@OPNFV/OPNFV Fuel/g;
- added README files for ci/scenarios/patches directories;
- refresh & simplify cluster overview diagrams;
- unify labels across docs;
- fix TOC numbering;
- remove local labs PDF/IDF files, as they are merely duplicates of
Pharos files included as a git submodule;
JIRA: FUEL-397
Change-Id: I87f61938eeb67f13fd9205d5226a30f02e55d267
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
By default castellan key manager gets public endpoint of barbican
service which isn't preferable in terms of cluster ops, so specify
internal endpoint explicitly.
Change-Id: Ie686ceb936132143743af18fcb4960ea15a8b93c
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: Idf8b4b42dcc68bc55debaac9a8b5f1ca6b5b398e
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
IPv6 has been enabled back by commenting out the
cis-3-3-3 yaml/class source in linux service reclass.
Change-Id: Ia8f4e2ddbb98f9316e6ce5136badbb14ecb277c5
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: Id75fbee34a6cfc6e7fc60df053cccaaff21cb15a
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: Id2f93d0274b102a5eef5271a6d15cb91428d7a0c
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: I9ef3a1dd570abf90b222609af350565d385326c8
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Workaround issues like [1]. Requires bumping formulas for
salt-formula-salt support of tcp_keepalive_* params.
[1] https://github.com/saltstack/salt/issues/38157
Change-Id: I7093437fb696809f73a24b10144c6321d0f1be32
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
JIRA: FUEL-392
Change-Id: Ia21840c7561a14a5eeed3d08bf89eb2dbf9acc3a
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
- bump formulas baseline during docker build;
- refresh patches;
Change-Id: I0a54863f57344c5f8897dc981f704c4d265c5522
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
In order to get tacker definitions and latest changes.
Change-Id: Ib5bf5034f140e708fb596dd4b622f0b2bdee8a59
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
* ship prebuilt salt master conf for better readability:
- enable x509.sign_remote_certificate (for prx VCP nodes);
* refactor Salt master CA handling:
- preinstall `salt_minion_dependency_packages` and
`salt_minion_reclass_dependencies` inside docker image;
- persistent /etc/pki;
- run salt.minion on cfg01 to generate master keys;
* bump container formulas to 1 Sep 2018 versions or newer:
- inject date into Docker makefile, forcing a fresh fetch of all
salt formulas from upstream git repos;
* workaround broken salt-formula-designate's meta/sphinx.yml:
- the DEB package version of salt-formula-designate uses `cmd.shell`
to query dpkg on the minion, while the git repo version still
uses `cmd.run`, running into parsing issues;
- temporarily disable sphinx metadata generation for designate until
upstream git repo syncs with the DEB version;
* upstream: salt-formula-salt AArch64 salt.control.virt support:
- retire salt-formula-salt git submodule and related patches;
* skip installing reclass distro package (already installed via pip
inside the container);
* limit initial pillar_refresh call to nodes on jumphost;
* remove unused salt-formula-nova git submodule;
JIRA: FUEL-383
Change-Id: I883b825e556f887a5e31f8a43676dcd8ece6dfde
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
* shift MTU from public bridge to physical interface
* add neutron related settings
Change-Id: Ia57d1ca7976968d6e7ee23f58a0abae1a1a256c0
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Salt relies on a limiting libvirt_domain j2 template to generate the
XML it passes to libvirt for salt.control managed virtual machines.
For AArch64, we need to set up 3 XML nodes in a non-default way:
1. UEFI firmware (AAVMF) should be enabled by passing a pflash loader;
2. CPU mode should be 'host-passthrough';
3. QEMU machine type should be 'virt';
To allow configuring the above using pillar data:
- virtng module: implement functionality similar to upstream changes:
* 219b84a512 virt module: Allow NVRAM unlinking on DOM undefine
in develop, not in 2018.2;
* 9cace9adb9 Add support to virt for libvirt loader
in develop, not in 2018.2;
- virtng module: extend it with:
* pass virt machine type to vm;
* pass cpu_mode to vm;
JIRA: ARMBAND-404
Change-Id: Ib2123e7170991b3dfbdb42bd1a2baa5a4360b200
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Since we reboot all nodes, applying the network configuration via
Salt before reboot is pointless and creates a race condition with
OVS.
While at it, add `--ignore-errors` to ifup call for OVS bridge to
prevent a race condition during linux.network state apply.
Change-Id: I22fe0afaffecd7b850a6b77d7b810ed296bfc9ca
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Salt bootstrap scripts are no longer used directly, so it is now safe
to retire the whole git submodule and its related patches.
JIRA: FUEL-383
Change-Id: I1fbdfe4fbd4930bfb3c999a3a68033d12565682b
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
* Refactor OPNFV salt-formulas mechanism to resemble upstream git
structure:
- git submodules: add new submodule for each formula we patch;
- create salt-formula-x directories for OPNFV formulas;
- move mcp/metadata/service contents to their each formula subdir;
- use `make patches-import` for patches previously handled by
patch.sh;
- retire patch.sh
* states: add virtual_init:
- mostly based on old salt.sh, which is now obsolete;
- exclude salt-master service restart (it would kill the container);
* scenarios: cleanup (rm cfg01 virtual node def), adopt virtual_init;
* reclass: align our model with prebuilt container's Salt config:
- drop linux:network pillar data (handled by Docker);
- stop applying linux.system state on cfg01;
- align salt user homedir;
- drop salt-formula packages (preprovisioned);
* minor plumbing in deploy.sh and lib.sh;
JIRA: FUEL-383
Change-Id: I28708a9b399d3f19012212c71966ebda9d6fc0ac
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
JIRA: FUEL-383
Change-Id: Ie4374d44993bd738b90e9b6e357014d0c5657da0
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
* changes:
[docker build] Install OpenSSH server
[submodule] Add docker-salt-formulas, ci/build.sh
[deploy.sh] Install Docker if not present
[jump req] Add build/deploy specific requirements
|
|
While at it, create the 'ubuntu' user with passwordless sudo
and preinstall salt-formula-gnocchi (missing git repo workaround),
as well as various useful packages (e.g. net-tools).
JIRA: FUEL-383
Change-Id: I5902c37110331acfd3fd4fccb92104de7b5ece6b
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Armband has been carrying a few arch-enablement patches that are
required for the default reclass system classes to work as expected
on AArch64 systems.
Change-Id: I1f96c062eb3f9dcabb8513aadd1ea41be4fbc098
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
- add new git submodule pointing to upstream docker build scripts;
- add patch extending Docker tags with an '-(arch)' suffix,
aligning with OPNFV tagging requiremnts;
- add <ci/build.sh> wrapper for starting Docker builds;
- install build-specific distro package requirements, as well as
pip-managed packages (e.g. pipenv);
JIRA: FUEL-383
Change-Id: Id4fc886206d7eaf7e6d02810380f2391609ba405
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: I61ee8e19e783437dce7a9ddd666cd60e9d22a2e1
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
bootstrap-salt.sh now has arm64 support [1], so drop our obsoleted
workaround.
JIRA: ARMBAND-399
[1] https://github.com/saltstack/salt-bootstrap/pull/1251
Change-Id: I8b06520b2c41564ed2eda338e7633ce1637bb866
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Configure barbican for cinder-volumes and nova-compute
to use encrypted volumes
Disable default glance image signature verification with
barbican enabled
JIRA: FUNCTEST-981
Change-Id: I35660234526780a2277e459f3fa21a67d96ce7d7
Signed-off-by: Delia Popescu <delia.popescu@enea.com>
|
|
Rebase patch on top of upstream commit [1].
[1] https://github.com/salt-formulas/salt-formula-linux/commit/45cf452d
Change-Id: Id44eab58150ff69140f630352a299633cdb4f4ac
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: Iad2502e876600ba966a38f2df3e71bd579f80e8f
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
https://github.com/salt-formulas/salt-formula-linux/commit/f27f436
Change-Id: I9662dcff23c363430b6a04808f4e03617a10c160
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Since we switched all scenarios to using only global gateway settings
instead of per-interface routes, drop the obsolete patch for OVS
ports with explicit routes.
Change-Id: Ibd28849437b598add9847c991e0276b4d0fc505e
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Obsolete our out of tree patch in favor of upstream mechanisms for
creating fabrics/VLANs/subnets.
Change-Id: I57d6d59764a825b428f423d48c5d90af7f2e676f
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: I1e1490f4d0a0bee2783450c6369d7ab6c45b193f
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|