summaryrefslogtreecommitdiffstats
path: root/mcp/patches
AgeCommit message (Collapse)AuthorFilesLines
2018-05-22[patch] Backport proposed generate_dhparams fixAlexandru Avadanii2-0/+42
Upstream PR [1] should fix recently introduced issues with nginx state for SSL-enabled sites. [1] https://github.com/salt-formulas/salt-formula-nginx/pull/40 Change-Id: I52b5e4f51539e535249e0850f0b34c2801f4d74a Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> (cherry picked from commit c7dff6e1ae6444f60d3fe20b1f495609c7980051)
2018-05-22[maas] AArch64: Preseed Armband repositoriesAlexandru Avadanii2-66/+0
Preseed Armband common repo-comp for Pike, so we get the updated kernel & other packages from the start. Requires upstream PR [1]. While at it, also handle related PR merged upstream [2] by explicitly setting maas.region.subnets name via j2 instead of reclass param expansion in name (allows us to drop the remaining chunk of the fabric-from-CIDR patch we used to carry). Note: opnfv_infra_maas_pxe_network_addres can now be dropped from pod_config j2 template in Pharos Fuel installer adapter. [1] https://github.com/salt-formulas/salt-formula-maas/pull/26 [2] https://github.com/salt-formulas/salt-formula-maas/pull/22 Change-Id: I356adb73b80f0f2d85db4ab060e804cb9a053862 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> (cherry picked from commit 52af46f2cac395e893007029d24d5365e27a4328)
2018-04-26[maas] Make boot-source-selection ops idempotentAlexandru Avadanii1-3/+3
- add `unless` clause; - instead of adding a new boot sources, update the existing one, assuming standard MaaS installation (always updates id '1'); Change-Id: I2db92a3b14d0588095c69545cbb6977ca109613e Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> (cherry picked from commit d7ab894b988d8dd6fe49714e0d8d6077e08ebb16)
2018-04-26[maas] Set boot source selectionsMichael Polenchuk2-0/+32
Select xenial image explicitly to avoid getting latest bionic one. Change-Id: Iee872b8dd2ce309231829a0ad8e5a3cf1a75f796 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com> (cherry picked from commit 4b28a7bb0097434381e5a0508ee865a2c2fba9c2)
2018-04-23Add ports to ovs bridge configMichael Polenchuk1-3/+6
To avoid race with interfaces initialization specify all the ports that belong to a bridge in the config file. Change-Id: Ie4f48e7a81d4659a0f43749cdd518dbeffe2e35f Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com> (cherry picked from commit 9c9a1adc6f2501507a68b1926ea93efcb40782d1)
2018-04-13Clean up opendaylight configurationMichael Polenchuk5-176/+2
* remove client patch (has been merged to upstream) * websocket now is disabled by default * purge deprecated/unneeded features (odl-mdsal-apidocs, odl-dlux-all) Change-Id: Id247a3c74e66730049bfeafc4a5164aad0d9b662 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com> (cherry picked from commit 0a8568d9f170d6c3b42d2dd35db440b4251f9a5d)
2018-03-29[odl] Fire up ovs host config after other settingsMichael Polenchuk1-14/+11
Change-Id: I9a42e0373f551da9f5c968ae169e0eff1a58972e Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-03-28[odl] Setup manager target after ovs host configMichael Polenchuk3-40/+146
Change-Id: Ia517b7cf1723a5afaf43cb0709716f3a67a29e9f Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-03-21[patch] Drop keystoneclient project ID checkingAlexandru Avadanii2-169/+0
Since we brought back NAT over MaaS PXE/admin, drop out-of-tree patch that was only needed for full network isolation (no cross-talk between public and admin). Change-Id: I577b1116bbdcc19647b3c01fe6f2acb7bb9ce627 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-03-16[ovs/dpdk] Set bridge datapath_type to netdevMichael Polenchuk1-9/+7
This prevents neutron ovs agent to re-create existing bridge which might cause unpredictable/faulty state of network interfaces. Change-Id: I289365e1dea7d178b5b72eb506f5c711f6d60199 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-03-12Merge "[virtual/odl] Apply missing neutron.compute state"Alexandru Avadanii2-0/+40
2018-03-12Merge "Set volume_device_name variable"Alexandru Avadanii2-0/+26
2018-03-12Update patch with ovs bridges as L3 ifacesMichael Polenchuk1-7/+7
Apply this patch if protocol is set to static to be intended for the ip address settings action only. Change-Id: I758340ff22376c01edd2a9a3555fe0fd9db3f4a9 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-03-12Set volume_device_name variableMichael Polenchuk2-0/+26
This evironment variable is required by test suite to refer to an attached volume (vdb is reserved for config drive). JIRA: FUEL-353 Change-Id: I4f7c96b2344575fcd9b785e3c74b27ef4c4d64f8 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-03-12[virtual/odl] Apply missing neutron.compute stateMichael Polenchuk2-0/+40
Change-Id: I078e11219fb8dea4505c46e7f75c295c5a72c59b Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-03-08Fix missing root_helper_daemon for cmp, gtwAlexandru Avadanii2-33/+0
While at it, drop patch now upstream. JIRA: FUEL-348 Fixes: cf6cd9cd Change-Id: Ieb4c93e9dc79a4e4dec140433574e042a1a6f2dc Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-03-07[IDF] net_config: Add support for custom ip-rangeAlexandru Avadanii3-41/+33
- submodule: bump Pharos to pick up installer adapter support, as well as IDF updates for Ericsson baremetal pod1; - labs/local/virtual: Bump mgmt, public networks start addresses from .1 to .10, similar to ericsson-pod1; While at it, drop patch now upstream and instead adopt the new param 'neutron:server:root_helper_daemon'. JIRA: FUEL-351 Change-Id: I9bc244a7fd8698861a390ed2b6a27804be46c285 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-03-06[patch] Fixup ceilometer server publisher defaultAlexandru Avadanii4-37/+31
- backport proposed fixup for ceilometer; - remove 'ignore: all' from .gitmodules to make it easier to bump the submodule; - bump system submodule to upstream latest; - drop patch merged upstream; JIRA: FUEL-350 Change-Id: I68f232e0da5af368a1669a7379eedde5c4168b84 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-03-06Mend opendaylight settingsMichael Polenchuk2-0/+41
* class including order (default was used) * disable root_helper_daemon (incompatible with UCA) * turn off websocket for pseudo agent updates Change-Id: I4d7971d393da184bdd55f65b4d3fd8d9e898543f Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-03-05Align opendaylight settings with upstreamMichael Polenchuk3-246/+0
Change-Id: If7d51555bc13dbcaa63f93ab1993f3655e2ce643 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-03-02Conform network scheme to tagged public interfaceMichael Polenchuk2-0/+86
Change-Id: I503c8ad32900406e1fa375cec9a91b454889d8bf Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-02-28Clean up upstreamed patchesMichael Polenchuk3-102/+1
Change-Id: Icee56da3720f0926e42390965581639f6a344b77 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-02-26[patch] cleanup: Drop LVM filter disableAlexandru Avadanii3-37/+1
Now we explicitly add a LVM PV on /dev/sda{1,2} for Cinder storage, so we can safely drop the patch disabling LVM volume filtering. If we later move the PV to a different disk, we can just add the VG and LV definitions to linux:storage via reclass, and Salt will skip setting them up (as they're already created by MaaS), yet keep the filtering sane. While at it, fix 'nova_cpu_pinning' param expr; constructs based on reclass interpolation (e.g. '${_param:x}') do not work when parameters are passed via reclass.storage templating, so change reclass interpolation syntax with classic YAML anchors. Fixes: 672ae12 Change-Id: Ieb41635ddeb630543d7e4d1079f45d636d9a43af Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-02-25[ovs/dpdk] Add opnfv.route_wrapper slsAlexandru Avadanii2-0/+42
- fix `route-br-ex` if-up.d script failing when route already exists by adding a wrapper around distro's '/sbin/route' binary in '/usr/local/sbin/route', exploiting default order in Ubuntu PATH; - fix 'br-prv' duplicate entry in 'interfaces.d/ifcfg-br-prv' and 'interfaces' caused by upstream bug [1]; - add barrier waiting for all baremetal nodes online before attempting reboot, trying to catch rare failures which are undetectable in logs as both a succesful reboot and a disconneted minion report 'n/c'; With the above in place, networking service should no longer fail to start on cmp nodes w/ DPDK. [1] https://github.com/saltstack/salt/issues/40262 Change-Id: I6d4895376ce323c14c997e6c9af2ea3eeeee0184 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-02-22[MaaS] Force Maas to use a fixed ip packet sizeCharalampos Kominos1-1/+16
Maas uses a tftp library during commisioning which in turn uses another library which tries to find the best packet size to use. For some reason during commisioning the library uses smaller sizes than the infrastructure can handle and therefore takes a lot of time to deploy. JIRA: ARMBAND-351 Change-Id: I9b3083a059c04b118e8b7f0f2723af67d96d2aad Signed-off-by: Charalampos Kominos <charalampos.kominos@enea.com>
2018-02-20[salt.sh] Armband extra repo for forked reclassAlexandru Avadanii20-22/+30
- add Armband nightly/extra DEB repository; - install forked and updated reclass 1.5.2 which includes: * better error reporting; * support for deleting existing keys during list interpolation; * various other improvements and optimizations; While at it, update copyright year for patches. JIRA: FUEL-345 Change-Id: I00d8b625fe191648e7ea34b3dd4c8375691384e6 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-02-13[patch] MaaS: mcp.rsa.pub to auth keys via pillarAlexandru Avadanii2-46/+0
Drop one questionable patch responsible for MaaS node authorized keys to include mcp.rsa.pub by reading the contents of authorized keys on mas01, assuming mcp.rsa.pub will be on the first line. Instead, export the contents of the public key using a shell env var during deploy, which gets expanded via maas_pdf j2 template into a reclass param, leveraging existing salt-formula-maas sshprefs mechanism for delivering the key to MaaS. Since we require the public key to exist before expanding templates, move `generate_ssh_key` call outside the current infrastructure handling block, allowing it to execute during all `deploy.sh` calls, even for dry-runs. Change-Id: I0f53b0f764a2fafd292e0ffd399c284acf61bd30 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-02-06Add NOVCP HA OVS scenario (baremetal, virtual)Alexandru Avadanii6-5/+121
Add a new class of scenarios, based on existing baremetal HA scenarios, but instead of having a virtualized control plane (VCP), all Openstack controller services will run directly on the cluster nodes. This change adds the common scaffolding, as well as the OVS scenario. The new scenario(s) can be used on full-baremetal clusters, soon on full-virtual clusters and later on hybrid (virt + bare) clusters. This change defines old (current) style scenario definitions for both baremetal and virtual, both named: - os-nosdn-nofeature-novcp-ha; Prerequisites: 1. Merge-able by name reclass.storage.node definitions Each cluster (e.g. database, telemetry) adds its own set of reclass storage node defitions, which for novcp scenarios should be merged into a single node (kvm) based on the 'name' property. This is not currently supported by upstream reclass 'node.sls' high state, so add support for it via an early patch (required before salt-master-init.sh tries to handle reclass.storage). 2. common reclass classes for novcp Some of the classes in `baremetal-...-common-ha` are not fit for novcp as they define VCP-specific config/inheritance, so add new versions of said classes with novcp in mind or adapt old classes: - parameterize ctl hostname in `openstack_compute.yml`; - new `openstack_control_novcp.yml`; - new `openstack_init_novcp.yml`; 3. Handle hard set names in state files for baremetal nodes Some of our state files (e.g. maas) hardcodes baremetal node names to 'kvm', 'cmp', so we need to align the names in novcp scenario with these values to re-use the maas state. As a future improvement we should parameterize these names in all state files. As a consequence, our baremetal controller nodes will also use 'kvm*' hostnames (instead of 'ctl*'). 4. Add 'noifupdown' to all interfaces on kvm nodes to prevent duplicate IPs/routes created at *any* ifup due to /etc/network/route-br-ex. Patch salt-formula-linux to skip network restart on 'noifupdown', also when routes are present on that interface. JIRA: FUEL-310 Change-Id: Ic67778f63e5ee0334dbfe9547c7109ec1a938d61 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-02-05[virtual] Split 'pxebr' from 'mcpcontrol' netAlexandru Avadanii1-4/+8
- add new virsh managed network 'pxebr' (to mimic baremetal behavior on virtual PODs, this will be the equivalent of PXE/admin network); - connect 'pxebr' to 3rd interface for cfg01, mas01 for all deploys (used to be baremetal-specific), replacing 'internal'; - keep 'mcpcontrol' connected only to 'cfg01' (+ 'mas01' if present) for initial infrastructure bring-up (1st interface); - switch all virtual cluster nodes to 'pxebr' (1st interface); - use 'pxebr' for all Salt cluster nodes traffic, 'mcpcontrol' only for mas01<=>cfg01 Salt traffic; - convert <user-data.template> to jinja2 and expand it based on PDF instead of using `envsubst`; - split <user-data.sh.j2> into two versions, one for each network used for Salt traffic; - ci/deploy.sh: Read scenario data before template parsing for cluster domain variable, needed in virsh network def; - leave docs diagram refresh to later after all possible deploy types have settled; - limit keyserver proxy usage to nodes where the configured http proxy matches the first nameserver (true for all MaaS-provisioned nodes), so we can re-use the same pillar for FN VMs and baremetal nodes; - add PXE/admin IP on cfg01's 3rd interface and switch other vnodes `salt_master_host` to point to it; JIRA: FUEL-322 Change-Id: Ie4f7aedddf2ef81046f1127b377d88dce79f0fda Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-31Turn off Retpoline and KPTI protectionMichael Polenchuk3-27/+70
Based on Canonical research (https://goo.gl/QJykMa) there is low-risk of attack for private clouds environments, therefore turn off the related kernel patches & regain performance back. Change-Id: I661fa127241e327b07d21a29d58d584997607123 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-01-31Merge "[patch] Group APT calls for salt formula install"Michael Polenchuk1-0/+68
2018-01-30[patch] Group APT calls for salt formula installAlexandru Avadanii1-0/+68
When installing salt-formula-* on cfg01, we used to call APT for each package. Instead, handle them all at once. While at it, stop using colored output on terminals that don't support it (e.g. 'vt220' used by OPNFV Jenkins). Change-Id: Ib8f2cee9638c43cdf648487bf05b07cd49802d3e Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-30Update reclass system modelMichael Polenchuk1-4/+5
Get the latest reclass system model to be in sync with salt formulas code. Adjust keystone v3 admin endpoint patch. Change-Id: Ia7ce6187b875cc9e18af2784ef1eb5df1c145c7d Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-01-29[patch] Point neutron opendaylight configs to pikeMichael Polenchuk1-12/+12
Change-Id: I3fae38da88b170b84ea926abf93da8b178e9ca8a Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-01-29Merge "[cfg01] apt.conf.d: Dpkg::Use-Pty: 0"Michael Polenchuk1-0/+8
2018-01-28[cfg01] apt.conf.d: Dpkg::Use-Pty: 0Alexandru Avadanii1-0/+8
This will silence all 'Reading database ...' noise during Salt formula installation. Change-Id: I734d727194e276443db1e1581f40ec494562196e Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-26[ovs/dpdk] Configure vxlan for baremetal scenarioMichael Polenchuk2-0/+31
* switch ovs/dpdk scenario from vlan to vxlan mode * force br-ex interface to mitigate race with incorrect state * remove dpdk packages list (already in upstream) Change-Id: Ib827cef2d67879fd2a86d286ca2118b22493274d Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-01-25Merge "[lab-config] Use Pharos submodule by default"Alexandru Avadanii2-76/+0
2018-01-24[lab-config] Use Pharos submodule by defaultAlexandru Avadanii2-76/+0
- switch from securedlab to pharos as lab-config structure; - accomodate the move net_config from PDF to IDF in j2 templates; Change-Id: Ib04e4fb384568a6efd9e78a080857b663521ae88 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-23Rectify ODL repository apt keyMichael Polenchuk1-13/+15
Change-Id: Iaa917be9f8f86c328ce4d503923a0d7cca680434 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-01-22[patch] system.repo: Add keyserver proxy supportAlexandru Avadanii2-0/+109
Instead of defining a http proxy for all salt-minion traffic, which also includes some Openstack API accesses we can't filter (no_proxy is not yet supported), add & leverage support for proxy configuration during APT keyserver access / key download. JIRA: FUEL-331 Change-Id: I9470807633596c610cfafb141b139ddda2ff096b Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-07MaaS: Set commission/deploy timeouts via reclassAlexandru Avadanii1-2/+2
Allow end-users to easily change the MaaS commissioning/deploying timeouts by simply editing the reclass model. While at it, use arch-specific values and bump deploy timeout on AArch64 to 20 minutes instead of 15. Change-Id: I37ae434ecebdd64effb007baa06c722b1db15c66 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-03[baremetal] Switch VCP base image to UCAAlexandru Avadanii2-35/+0
Since Mirantis prebuilt image comes with salt-minion 2016.3 instead of 2016.11 and upgrading it leads to a hard to break catch-22, use the Ubuntu cloud archive image we already download for FN VMs and pre-install: - a newer kernel (hwe-edge); - salt-minion (2016.11); This also implicitly aligns the image handling on AArch64 and x86_64. Change-Id: I86d1c777449d37bdd0348936a598e3ffe9d265af Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-03Revert "patches: Drop salt ver sync patch, now upstream"Alexandru Avadanii2-0/+35
Unlike nightly dist, stable/2017.12 distributions of salt formulas repo do not yet include this change, so bring it back. This reverts commit 8fbafdf8a665fb8fff4d6f9f14c343e109c122ec. Change-Id: I7f7011750d385a28f4653faeeb74edb1cac1bcf2 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-03[patch] Use keystoneclient to check project IDAlexandru Avadanii2-0/+169
Another prerequisite for decoupling public network from Openstack internal management network (upstream won't fix it for Pike): - port fix from [1] for using the internal network when connecting to keystone during project ID validation in nova, instead of going through public endpoint (and using SSL). [1] https://bugs.launchpad.net/nova/+bug/1716344 Change-Id: Ic9a307df9af78fcd58cbcc07b5e62a7e07cc8d7d Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-03[patch] keystone: Use v3 for admin endpointAlexandru Avadanii1-0/+35
Now that v2 API is obsolete, also switch 'admin' endpoint to v3 (previously it was kept back for OCL compatibility). Change-Id: I9775d59d5e6b93d7351157f7550a0dd7114bee2f Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-02Merge "[baremetal] prx: Add management network VIP"Alexandru Avadanii1-0/+29
2018-01-02[patch] Fix OVS ifup workaroundAlexandru Avadanii2-6/+16
Do not assume routes are on the same OVS port as the one currently being configured. Instead, apply the `unless` ifup condition for any OVS port. Change-Id: Iea8084f9e50401d300feb7ed16f90b430680cac5 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-02[baremetal] prx: Add management network VIPAlexandru Avadanii2-1/+33
Include `openstack_web_public_vip` class for setting up the old VIP in the public network, use old class for mgmt VIP. Also change the generic hostname 'prx' to point inside mgmt net. Change-Id: Iff69394f16ede290d149a26b054a85371f00f8e0 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-31[baremetal] cmp: Add missing public gw (default)Alexandru Avadanii2-0/+33
When we dropped the default gw via mas01 NAT, we uncovered a bug, compute nodes do not have the proper public gw set up and used to reach public network via mas01, slowing everything down. Add gw similar to prx nodes. Fixes: d4ab072 Change-Id: I4343c31c376a7a223670cdd623366454396d8d92 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>