summaryrefslogtreecommitdiffstats
path: root/mcp/patches
AgeCommit message (Collapse)AuthorFilesLines
2019-01-27[ovs] Start ovs services before networkingAlexandru Avadanii4-8/+118
Fix broken systemd service unit dependecies: - OVS should start before networking service; - OVS ports & bridges should not be automatically ifup-ed by networking service to avoid races, so drop 'auto' for both (OVS ports are automatically handled when part of an OVS bridge); - explicitly ifup OVS bridges as part of networking service, but after all Linux interfaces have been handled; - use 'allow-ovs br-prv' to let OVS handle br-prv and avoid another race condition; While at it, fix some other related issues: - make OVS service start after DPDK service (if present); - bump OVS-DPDK compute VMs RAM since since switching from MTU 1500 to jumbo frames for virtual PODs a while ago failed to do so [1]; - avoid creating conflicting reclass linux.network.interfaces entries for OVS ports by using their name (drop 'ovs_port_' prefix): * for untagged networks they will override existing common defs; * for tagged networks, they will create separate entries; - DPDK scenarios: make gtw01 br-prv members OVS ports to avoid race conditions after node reboot by letting OVS handle them; [1] https://developers.redhat.com/blog/2018/03/16/\ ovs-dpdk-hugepage-memory/ Change-Id: I0266ba67f3849b6f7e331a758146b331730bae55 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2019-01-24Enable back auto for ports network scriptMichael Polenchuk1-15/+21
The ovs port remains in down state after reboot if "auto" is off. Also turn off no_wait option for odl-noha scenarios. Change-Id: I0121b3190869528e5f2e9985f9e9299ac6c6724e Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2019-01-22Pass domain name properly for heat stack userMichael Polenchuk2-5/+34
Change-Id: I74c1c85310e2012e664764b6129fc4a52faaf106 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2019-01-16Align patchesMichael Polenchuk3-116/+44
* patch is merged into oslo-templates * rocky repo key name is made as for others * jinja package is updated to fix incorrect quoted value [https://github.com/saltstack/salt/issues/46594] Change-Id: Ia6359cf89579b4d892ae40c4d087168edcd86ebb Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2019-01-14Merge "[patch] Drop reclass.system patch for repo arch"Michael Polenchuk1-15/+10
2019-01-12[patch] Drop reclass.system patch for repo archAlexandru Avadanii1-15/+10
MCP repos no longer publish arm64 metadata, so drop our patch that selected arm64 metadata on arm64 systems. Instead, let it default to 'deb [arch=amd64]', which will allow arm64 systems to fetch amd64 metadata and inherintely fetch all arch-independent packages from the same repos. While at it, switch to 'rocky-armband' repos on arm64 systems. Change-Id: I07fda895f5162bfa576c62336cbb4d74e985f37a Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2019-01-11[patch] Avoid ifup run if noifupdown is turned onMichael Polenchuk1-13/+18
Handle noifupdown option for all cmd.run states with explicit ifup call as well. Change-Id: Ie855a0810bcfe4a856cf9d29bd0755643d71ff4d Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2019-01-09Bring in FDIO (VPP+DPDK) scenarioAlexandru Avadanii3-0/+339
- cmp, gtw: bump RAM allocation to accomodate hugepages/VPP; for now we overcommit, gtw01 resources can probably be lowered; - submodule: add salt-formula-neutron so we can locally patch it; - repo: * FD.IO repos for VPP packages; * networking-vpp PPA for python-networking-vpp Neutron driver; - use vpp-router for L3, disable neutron-l3-agent; - baremetal_init: apply repo config before network (otherwise UCA repo is missing when trying to install DPDK on baremetal nodes); - arm64: iommu.passthrough=1 is required on ThunderX for VPP on newer kernels; Design quirks: - vpp service runs as 'neutron' user, which does not exist at the time VPP is installed and initially started, hence the need to restart it before starting the vpp-agent service; - gtw01 node has DPDK, yet to configure it via IDF we use the compute-specific OVS-targeted parameters like `compute_ovs_dpdk_socket_mem`, which is a bit misleading; - vpp-agent requires ml2_conf.ini on ALL compute AND network nodes to parse per-node physnet-to-real interface names; - vpp process is bound to core '1' (not parameterized via IDF); Change-Id: I659f7dbebcab7b154e7b1fb829cd7159b4372ec8 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2019-01-03[MaaS] Implement aarch64 tags for kernel_optsAlexandru Avadanii1-0/+95
On AArch64, 1G hugepages need to be enabled via kernel cmdline before mounting hugetlbfs [1]. Leverage MaaS tags to apply custom kernel args to AArch64 nodes. [1] https://wiki.debian.org/Hugepages Change-Id: Ie68ddf805836ee62f725019b0b873082b1d40948 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-12-22[patch] Fix whitespace at EOLAlexandru Avadanii2-2/+2
`make patches-export` trims trailing whitespace from patch file, bring it back to prevent issues with `patches-import`. Change-Id: Ie9fe31f4480164ce19d3ccd47c2050e28382410a Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-12-21Pull out rocky patchesMichael Polenchuk9-79/+383
This commit should be reverted once original formulas get required support of rocky version. Change-Id: Ia3458381bced0cae8dbfacc9781c90933ad5c822 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-12-14[maas] Adopt maas, maasng proposed functionsAlexandru Avadanii4-139/+260
JIRA: FUEL-364 Change-Id: Ia470fc8103713e7a06cd9647675b0edfb4342bf8 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-12-12Make MTU cluster-level configurable via IDFAlexandru Avadanii1-14/+4
JIRA: FUEL-336 Change-Id: I1c8d22b8322f700eb727d9077035ba4c9f9f9753 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-11-29[patch] docker: Explicitly install python-futuresAlexandru Avadanii1-4/+5
For x86_64, the Saltstack bootstrapping scripts fetch a custom build of `python-tornado` DEB package, which being arch-specific won't be picked up on AArch64 (and a similar version from Ubuntu Xenial repos will be used instead). Although the Ubuntu package works just fine, it lacks a hard dependency on `python-futures`, which became mandatory in Salt 2017.7.8, see [1]. Explicitly install `python-futures` inside cfg01 Docker container during build, which will be a no-op on x86_64 and fix the issue on AArch64. [1] https://github.com/saltstack/salt/issues/50220 Change-Id: Ie4aad064572788c0852aaf398f21437b456becbe Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-11-21[docker] build: Allow cache invalidationAlexandru Avadanii4-20/+80
While at it, fix emoji issues with latest virtualenv [1]. JIRA: FUEL-398 [1] https://github.com/pypa/pipenv/issues/3223 Change-Id: Ice5937222bf75c1ddadc6b9f1994635bc10faf57 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-11-21Merge "submodule: Bump salt-formula-maas"Alexandru Avadanii5-4/+50
2018-11-20[patch] Set ignore_overwritten_missing_referencesAlexandru Avadanii1-0/+34
Workaround broken configuration default option in `reclass` [1]. [1] https://github.com/salt-formulas/reclass/issues/77 Change-Id: I8a6e1d9fcd20f32e2c9edff59f6b538dc94008fb Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-11-09submodule: Bump salt-formula-maasAlexandru Avadanii5-4/+50
* bump salt-formula-maas git submodule; * sync AArch64 initial salt config with the x86_64 default config; * bump Pharos git submodule to sync `power_pass` MaaS configuration paramater naming; Change-Id: Ic59dd8becb6d83a9e67004c38d51681c88c4be7c Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-11-09Conform configs to updated Redis v5.0 packageMichael Polenchuk1-5/+11
Also disable transparent hugepages on telemetry hosted nodes to avoid latency and memory usage issues with Redis. Change-Id: I3c7a0be6edbc51141f5d79d7368583afacef9025 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-11-05[docs] Refresh for Gambia releaseAlexandru Avadanii3-81/+82
- s/Fuel@OPNFV/OPNFV Fuel/g; - added README files for ci/scenarios/patches directories; - refresh & simplify cluster overview diagrams; - unify labels across docs; - fix TOC numbering; - remove local labs PDF/IDF files, as they are merely duplicates of Pharos files included as a git submodule; JIRA: FUEL-397 Change-Id: I87f61938eeb67f13fd9205d5226a30f02e55d267 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-10-29Specify barbican endpoint for glance serviceMichael Polenchuk1-1/+1
By default castellan key manager gets public endpoint of barbican service which isn't preferable in terms of cluster ops, so specify internal endpoint explicitly. Change-Id: Ie686ceb936132143743af18fcb4960ea15a8b93c Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-10-26Fix salt target option in opendaylight stateMichael Polenchuk1-1/+1
Change-Id: Idf8b4b42dcc68bc55debaac9a8b5f1ca6b5b398e Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-10-23Enable IPv6 on entire cluster by defaultMichael Polenchuk1-1/+1
IPv6 has been enabled back by commenting out the cis-3-3-3 yaml/class source in linux service reclass. Change-Id: Ia8f4e2ddbb98f9316e6ce5136badbb14ecb277c5 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-10-22[ha] Run OpenDaylight in cluster modeMichael Polenchuk1-1/+1
Change-Id: Id75fbee34a6cfc6e7fc60df053cccaaff21cb15a Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-09-27Update salt formulas versionsMichael Polenchuk1-1/+1
Change-Id: Id2f93d0274b102a5eef5271a6d15cb91428d7a0c Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-09-26[ovn] Enable metadata agentMichael Polenchuk1-1/+1
Change-Id: I9ef3a1dd570abf90b222609af350565d385326c8 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-09-24[minion] Set tcp_keepalive for flaky networksAlexandru Avadanii1-2/+2
Workaround issues like [1]. Requires bumping formulas for salt-formula-salt support of tcp_keepalive_* params. [1] https://github.com/saltstack/salt/issues/38157 Change-Id: I7093437fb696809f73a24b10144c6321d0f1be32 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-09-23[repos] Replace keyserver accesses with pillar GPGAlexandru Avadanii2-157/+0
JIRA: FUEL-392 Change-Id: Ia21840c7561a14a5eeed3d08bf89eb2dbf9acc3a Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-09-19[noha] Bring in OpenDaylight SFC scenarioMichael Polenchuk4-3/+3
- bump formulas baseline during docker build; - refresh patches; Change-Id: I0a54863f57344c5f8897dc981f704c4d265c5522 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-09-19Update system reclass modelMichael Polenchuk2-69/+0
In order to get tacker definitions and latest changes. Change-Id: Ib5bf5034f140e708fb596dd4b622f0b2bdee8a59 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-09-01[docker] Cleanup, minor fixes, formula bumpAlexandru Avadanii3-164/+22
* ship prebuilt salt master conf for better readability: - enable x509.sign_remote_certificate (for prx VCP nodes); * refactor Salt master CA handling: - preinstall `salt_minion_dependency_packages` and `salt_minion_reclass_dependencies` inside docker image; - persistent /etc/pki; - run salt.minion on cfg01 to generate master keys; * bump container formulas to 1 Sep 2018 versions or newer: - inject date into Docker makefile, forcing a fresh fetch of all salt formulas from upstream git repos; * workaround broken salt-formula-designate's meta/sphinx.yml: - the DEB package version of salt-formula-designate uses `cmd.shell` to query dpkg on the minion, while the git repo version still uses `cmd.run`, running into parsing issues; - temporarily disable sphinx metadata generation for designate until upstream git repo syncs with the DEB version; * upstream: salt-formula-salt AArch64 salt.control.virt support: - retire salt-formula-salt git submodule and related patches; * skip installing reclass distro package (already installed via pip inside the container); * limit initial pillar_refresh call to nodes on jumphost; * remove unused salt-formula-nova git submodule; JIRA: FUEL-383 Change-Id: I883b825e556f887a5e31f8a43676dcd8ece6dfde Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-08-31[noha] Align MTU settingsMichael Polenchuk1-2/+1
* shift MTU from public bridge to physical interface * add neutron related settings Change-Id: Ia57d1ca7976968d6e7ee23f58a0abae1a1a256c0 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-08-30[AArch64] salt.control.virt supportAlexandru Avadanii1-0/+157
Salt relies on a limiting libvirt_domain j2 template to generate the XML it passes to libvirt for salt.control managed virtual machines. For AArch64, we need to set up 3 XML nodes in a non-default way: 1. UEFI firmware (AAVMF) should be enabled by passing a pflash loader; 2. CPU mode should be 'host-passthrough'; 3. QEMU machine type should be 'virt'; To allow configuring the above using pillar data: - virtng module: implement functionality similar to upstream changes: * 219b84a512 virt module: Allow NVRAM unlinking on DOM undefine in develop, not in 2018.2; * 9cace9adb9 Add support to virt for libvirt loader in develop, not in 2018.2; - virtng module: extend it with: * pass virt machine type to vm; * pass cpu_mode to vm; JIRA: ARMBAND-404 Change-Id: Ib2123e7170991b3dfbdb42bd1a2baa5a4360b200 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-08-29Add noifupdown for all br-floatingAlexandru Avadanii1-2/+2
Since we reboot all nodes, applying the network configuration via Salt before reboot is pointless and creates a race condition with OVS. While at it, add `--ignore-errors` to ifup call for OVS bridge to prevent a race condition during linux.network state apply. Change-Id: I22fe0afaffecd7b850a6b77d7b810ed296bfc9ca Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-08-29[submodule] Cleanup: Retire scripts sub & patchesAlexandru Avadanii1-68/+0
Salt bootstrap scripts are no longer used directly, so it is now safe to retire the whole git submodule and its related patches. JIRA: FUEL-383 Change-Id: I1fbdfe4fbd4930bfb3c999a3a68033d12565682b Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-08-29[docker] Switch to containerized Salt MasterAlexandru Avadanii8-42/+161
* Refactor OPNFV salt-formulas mechanism to resemble upstream git structure: - git submodules: add new submodule for each formula we patch; - create salt-formula-x directories for OPNFV formulas; - move mcp/metadata/service contents to their each formula subdir; - use `make patches-import` for patches previously handled by patch.sh; - retire patch.sh * states: add virtual_init: - mostly based on old salt.sh, which is now obsolete; - exclude salt-master service restart (it would kill the container); * scenarios: cleanup (rm cfg01 virtual node def), adopt virtual_init; * reclass: align our model with prebuilt container's Salt config: - drop linux:network pillar data (handled by Docker); - stop applying linux.system state on cfg01; - align salt user homedir; - drop salt-formula packages (preprovisioned); * minor plumbing in deploy.sh and lib.sh; JIRA: FUEL-383 Change-Id: I28708a9b399d3f19012212c71966ebda9d6fc0ac Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-08-25[build.sh] Fix quotes, missing deb arch for repoAlexandru Avadanii1-2/+2
JIRA: FUEL-383 Change-Id: Ie4374d44993bd738b90e9b6e357014d0c5657da0 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-08-23Merge changes from topic 'docker-build'Alexandru Avadanii2-0/+141
* changes: [docker build] Install OpenSSH server [submodule] Add docker-salt-formulas, ci/build.sh [deploy.sh] Install Docker if not present [jump req] Add build/deploy specific requirements
2018-08-23[docker build] Install OpenSSH serverAlexandru Avadanii1-0/+63
While at it, create the 'ubuntu' user with passwordless sudo and preinstall salt-formula-gnocchi (missing git repo workaround), as well as various useful packages (e.g. net-tools). JIRA: FUEL-383 Change-Id: I5902c37110331acfd3fd4fccb92104de7b5ece6b Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-08-22[patch] AArch64: reclass system arch tweaksAlexandru Avadanii3-0/+115
Armband has been carrying a few arch-enablement patches that are required for the default reclass system classes to work as expected on AArch64 systems. Change-Id: I1f96c062eb3f9dcabb8513aadd1ea41be4fbc098 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-08-21[submodule] Add docker-salt-formulas, ci/build.shAlexandru Avadanii1-0/+78
- add new git submodule pointing to upstream docker build scripts; - add patch extending Docker tags with an '-(arch)' suffix, aligning with OPNFV tagging requiremnts; - add <ci/build.sh> wrapper for starting Docker builds; - install build-specific distro package requirements, as well as pip-managed packages (e.g. pipenv); JIRA: FUEL-383 Change-Id: Id4fc886206d7eaf7e6d02810380f2391609ba405 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-08-21Turn off glance signatures verificationMichael Polenchuk2-37/+0
Change-Id: I61ee8e19e783437dce7a9ddd666cd60e9d22a2e1 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-08-17[scripts] Leverage upstream arm64 bootstrap suppAlexandru Avadanii3-63/+4
bootstrap-salt.sh now has arm64 support [1], so drop our obsoleted workaround. JIRA: ARMBAND-399 [1] https://github.com/saltstack/salt-bootstrap/pull/1251 Change-Id: I8b06520b2c41564ed2eda338e7633ce1637bb866 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-08-07Enable barbican itegration on compute nodesDelia Popescu2-0/+37
Configure barbican for cinder-volumes and nova-compute to use encrypted volumes Disable default glance image signature verification with barbican enabled JIRA: FUNCTEST-981 Change-Id: I35660234526780a2277e459f3fa21a67d96ce7d7 Signed-off-by: Delia Popescu <delia.popescu@enea.com>
2018-08-06[patch] Rebase keyserver patch for disabled reposAlexandru Avadanii1-36/+15
Rebase patch on top of upstream commit [1]. [1] https://github.com/salt-formulas/salt-formula-linux/commit/45cf452d Change-Id: Id44eab58150ff69140f630352a299633cdb4f4ac Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-08-03[patch] Rebase keyserver support for update logicAlexandru Avadanii1-18/+23
Change-Id: Iad2502e876600ba966a38f2df3e71bd579f80e8f Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-07-30[patch] Rebase keyserver proxy supportMichael Polenchuk1-84/+76
https://github.com/salt-formulas/salt-formula-linux/commit/f27f436 Change-Id: I9662dcff23c363430b6a04808f4e03617a10c160 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-07-09[patch] Drop obsolete OVS port with route supportAlexandru Avadanii2-40/+0
Since we switched all scenarios to using only global gateway settings instead of per-interface routes, drop the obsolete patch for OVS ports with explicit routes. Change-Id: Ibd28849437b598add9847c991e0276b4d0fc505e Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-07-09[patch] MaaS: Switch to upstream fabric/vlan mgmtAlexandru Avadanii2-88/+0
Obsolete our out of tree patch in favor of upstream mechanisms for creating fabrics/VLANs/subnets. Change-Id: I57d6d59764a825b428f423d48c5d90af7f2e676f Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-06-29[patch] MaaS: fabric ID from CIDRAlexandru Avadanii2-0/+88
Change-Id: I1e1490f4d0a0bee2783450c6369d7ab6c45b193f Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>