Age | Commit message (Collapse) | Author | Files | Lines |
|
Upstream PR [1] should fix recently introduced issues with nginx
state for SSL-enabled sites.
[1] https://github.com/salt-formulas/salt-formula-nginx/pull/40
Change-Id: I52b5e4f51539e535249e0850f0b34c2801f4d74a
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
(cherry picked from commit c7dff6e1ae6444f60d3fe20b1f495609c7980051)
|
|
Preseed Armband common repo-comp for Pike, so we get
the updated kernel & other packages from the start.
Requires upstream PR [1].
While at it, also handle related PR merged upstream [2] by
explicitly setting maas.region.subnets name via j2 instead of reclass
param expansion in name (allows us to drop the remaining chunk of the
fabric-from-CIDR patch we used to carry).
Note: opnfv_infra_maas_pxe_network_addres can now be dropped from
pod_config j2 template in Pharos Fuel installer adapter.
[1] https://github.com/salt-formulas/salt-formula-maas/pull/26
[2] https://github.com/salt-formulas/salt-formula-maas/pull/22
Change-Id: I356adb73b80f0f2d85db4ab060e804cb9a053862
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
(cherry picked from commit 52af46f2cac395e893007029d24d5365e27a4328)
|
|
- add `unless` clause;
- instead of adding a new boot sources, update the existing one,
assuming standard MaaS installation (always updates id '1');
Change-Id: I2db92a3b14d0588095c69545cbb6977ca109613e
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
(cherry picked from commit d7ab894b988d8dd6fe49714e0d8d6077e08ebb16)
|
|
Select xenial image explicitly to avoid getting latest bionic one.
Change-Id: Iee872b8dd2ce309231829a0ad8e5a3cf1a75f796
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
(cherry picked from commit 4b28a7bb0097434381e5a0508ee865a2c2fba9c2)
|
|
To avoid race with interfaces initialization specify all
the ports that belong to a bridge in the config file.
Change-Id: Ie4f48e7a81d4659a0f43749cdd518dbeffe2e35f
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
(cherry picked from commit 9c9a1adc6f2501507a68b1926ea93efcb40782d1)
|
|
* remove client patch (has been merged to upstream)
* websocket now is disabled by default
* purge deprecated/unneeded features (odl-mdsal-apidocs, odl-dlux-all)
Change-Id: Id247a3c74e66730049bfeafc4a5164aad0d9b662
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
(cherry picked from commit 0a8568d9f170d6c3b42d2dd35db440b4251f9a5d)
|
|
Change-Id: I9a42e0373f551da9f5c968ae169e0eff1a58972e
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: Ia517b7cf1723a5afaf43cb0709716f3a67a29e9f
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Since we brought back NAT over MaaS PXE/admin, drop out-of-tree patch
that was only needed for full network isolation (no cross-talk
between public and admin).
Change-Id: I577b1116bbdcc19647b3c01fe6f2acb7bb9ce627
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
This prevents neutron ovs agent to re-create existing bridge which
might cause unpredictable/faulty state of network interfaces.
Change-Id: I289365e1dea7d178b5b72eb506f5c711f6d60199
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
|
|
|
|
Apply this patch if protocol is set to static to be
intended for the ip address settings action only.
Change-Id: I758340ff22376c01edd2a9a3555fe0fd9db3f4a9
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
This evironment variable is required by test suite to refer
to an attached volume (vdb is reserved for config drive).
JIRA: FUEL-353
Change-Id: I4f7c96b2344575fcd9b785e3c74b27ef4c4d64f8
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: I078e11219fb8dea4505c46e7f75c295c5a72c59b
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
While at it, drop patch now upstream.
JIRA: FUEL-348
Fixes: cf6cd9cd
Change-Id: Ieb4c93e9dc79a4e4dec140433574e042a1a6f2dc
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
- submodule: bump Pharos to pick up installer adapter support, as well
as IDF updates for Ericsson baremetal pod1;
- labs/local/virtual: Bump mgmt, public networks start addresses from
.1 to .10, similar to ericsson-pod1;
While at it, drop patch now upstream and instead adopt the new param
'neutron:server:root_helper_daemon'.
JIRA: FUEL-351
Change-Id: I9bc244a7fd8698861a390ed2b6a27804be46c285
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
- backport proposed fixup for ceilometer;
- remove 'ignore: all' from .gitmodules to make it easier to bump the
submodule;
- bump system submodule to upstream latest;
- drop patch merged upstream;
JIRA: FUEL-350
Change-Id: I68f232e0da5af368a1669a7379eedde5c4168b84
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
* class including order (default was used)
* disable root_helper_daemon (incompatible with UCA)
* turn off websocket for pseudo agent updates
Change-Id: I4d7971d393da184bdd55f65b4d3fd8d9e898543f
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: If7d51555bc13dbcaa63f93ab1993f3655e2ce643
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: I503c8ad32900406e1fa375cec9a91b454889d8bf
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: Icee56da3720f0926e42390965581639f6a344b77
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Now we explicitly add a LVM PV on /dev/sda{1,2} for Cinder storage,
so we can safely drop the patch disabling LVM volume filtering.
If we later move the PV to a different disk, we can just add the VG
and LV definitions to linux:storage via reclass, and Salt will skip
setting them up (as they're already created by MaaS), yet keep the
filtering sane.
While at it, fix 'nova_cpu_pinning' param expr; constructs based on
reclass interpolation (e.g. '${_param:x}') do not work when
parameters are passed via reclass.storage templating, so change
reclass interpolation syntax with classic YAML anchors.
Fixes: 672ae12
Change-Id: Ieb41635ddeb630543d7e4d1079f45d636d9a43af
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
- fix `route-br-ex` if-up.d script failing when route already exists
by adding a wrapper around distro's '/sbin/route' binary in
'/usr/local/sbin/route', exploiting default order in Ubuntu PATH;
- fix 'br-prv' duplicate entry in 'interfaces.d/ifcfg-br-prv' and
'interfaces' caused by upstream bug [1];
- add barrier waiting for all baremetal nodes online before attempting
reboot, trying to catch rare failures which are undetectable in logs
as both a succesful reboot and a disconneted minion report 'n/c';
With the above in place, networking service should no longer fail
to start on cmp nodes w/ DPDK.
[1] https://github.com/saltstack/salt/issues/40262
Change-Id: I6d4895376ce323c14c997e6c9af2ea3eeeee0184
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Maas uses a tftp library during commisioning which in turn uses another
library which tries to find the best packet size to use. For some reason
during commisioning the library uses smaller sizes than the
infrastructure can handle and therefore takes a lot of time to deploy.
JIRA: ARMBAND-351
Change-Id: I9b3083a059c04b118e8b7f0f2723af67d96d2aad
Signed-off-by: Charalampos Kominos <charalampos.kominos@enea.com>
|
|
- add Armband nightly/extra DEB repository;
- install forked and updated reclass 1.5.2 which includes:
* better error reporting;
* support for deleting existing keys during list interpolation;
* various other improvements and optimizations;
While at it, update copyright year for patches.
JIRA: FUEL-345
Change-Id: I00d8b625fe191648e7ea34b3dd4c8375691384e6
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Drop one questionable patch responsible for MaaS node authorized
keys to include mcp.rsa.pub by reading the contents of authorized
keys on mas01, assuming mcp.rsa.pub will be on the first line.
Instead, export the contents of the public key using a shell env
var during deploy, which gets expanded via maas_pdf j2 template
into a reclass param, leveraging existing salt-formula-maas sshprefs
mechanism for delivering the key to MaaS.
Since we require the public key to exist before expanding templates,
move `generate_ssh_key` call outside the current infrastructure
handling block, allowing it to execute during all `deploy.sh` calls,
even for dry-runs.
Change-Id: I0f53b0f764a2fafd292e0ffd399c284acf61bd30
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Add a new class of scenarios, based on existing baremetal HA
scenarios, but instead of having a virtualized control plane (VCP),
all Openstack controller services will run directly on the cluster
nodes.
This change adds the common scaffolding, as well as the OVS scenario.
The new scenario(s) can be used on full-baremetal clusters, soon on
full-virtual clusters and later on hybrid (virt + bare) clusters.
This change defines old (current) style scenario definitions for
both baremetal and virtual, both named:
- os-nosdn-nofeature-novcp-ha;
Prerequisites:
1. Merge-able by name reclass.storage.node definitions
Each cluster (e.g. database, telemetry) adds its own set of
reclass storage node defitions, which for novcp scenarios should
be merged into a single node (kvm) based on the 'name' property.
This is not currently supported by upstream reclass 'node.sls'
high state, so add support for it via an early patch (required
before salt-master-init.sh tries to handle reclass.storage).
2. common reclass classes for novcp
Some of the classes in `baremetal-...-common-ha` are not fit for
novcp as they define VCP-specific config/inheritance, so add new
versions of said classes with novcp in mind or adapt old classes:
- parameterize ctl hostname in `openstack_compute.yml`;
- new `openstack_control_novcp.yml`;
- new `openstack_init_novcp.yml`;
3. Handle hard set names in state files for baremetal nodes
Some of our state files (e.g. maas) hardcodes baremetal node names
to 'kvm', 'cmp', so we need to align the names in novcp scenario
with these values to re-use the maas state. As a future improvement
we should parameterize these names in all state files.
As a consequence, our baremetal controller nodes will also use
'kvm*' hostnames (instead of 'ctl*').
4. Add 'noifupdown' to all interfaces on kvm nodes to prevent duplicate
IPs/routes created at *any* ifup due to /etc/network/route-br-ex.
Patch salt-formula-linux to skip network restart on 'noifupdown',
also when routes are present on that interface.
JIRA: FUEL-310
Change-Id: Ic67778f63e5ee0334dbfe9547c7109ec1a938d61
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
- add new virsh managed network 'pxebr' (to mimic baremetal behavior
on virtual PODs, this will be the equivalent of PXE/admin network);
- connect 'pxebr' to 3rd interface for cfg01, mas01 for all deploys
(used to be baremetal-specific), replacing 'internal';
- keep 'mcpcontrol' connected only to 'cfg01' (+ 'mas01' if present)
for initial infrastructure bring-up (1st interface);
- switch all virtual cluster nodes to 'pxebr' (1st interface);
- use 'pxebr' for all Salt cluster nodes traffic, 'mcpcontrol' only
for mas01<=>cfg01 Salt traffic;
- convert <user-data.template> to jinja2 and expand it based on PDF
instead of using `envsubst`;
- split <user-data.sh.j2> into two versions, one for each network
used for Salt traffic;
- ci/deploy.sh: Read scenario data before template parsing for
cluster domain variable, needed in virsh network def;
- leave docs diagram refresh to later after all possible deploy types
have settled;
- limit keyserver proxy usage to nodes where the configured http proxy
matches the first nameserver (true for all MaaS-provisioned nodes),
so we can re-use the same pillar for FN VMs and baremetal nodes;
- add PXE/admin IP on cfg01's 3rd interface and switch other vnodes
`salt_master_host` to point to it;
JIRA: FUEL-322
Change-Id: Ie4f7aedddf2ef81046f1127b377d88dce79f0fda
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Based on Canonical research (https://goo.gl/QJykMa) there is
low-risk of attack for private clouds environments, therefore
turn off the related kernel patches & regain performance back.
Change-Id: I661fa127241e327b07d21a29d58d584997607123
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
|
|
When installing salt-formula-* on cfg01, we used to call APT for
each package. Instead, handle them all at once.
While at it, stop using colored output on terminals that don't
support it (e.g. 'vt220' used by OPNFV Jenkins).
Change-Id: Ib8f2cee9638c43cdf648487bf05b07cd49802d3e
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Get the latest reclass system model to be in sync with salt
formulas code. Adjust keystone v3 admin endpoint patch.
Change-Id: Ia7ce6187b875cc9e18af2784ef1eb5df1c145c7d
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: I3fae38da88b170b84ea926abf93da8b178e9ca8a
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
|
|
This will silence all 'Reading database ...' noise during Salt formula
installation.
Change-Id: I734d727194e276443db1e1581f40ec494562196e
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
* switch ovs/dpdk scenario from vlan to vxlan mode
* force br-ex interface to mitigate race with incorrect state
* remove dpdk packages list (already in upstream)
Change-Id: Ib827cef2d67879fd2a86d286ca2118b22493274d
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
|
|
- switch from securedlab to pharos as lab-config structure;
- accomodate the move net_config from PDF to IDF in j2 templates;
Change-Id: Ib04e4fb384568a6efd9e78a080857b663521ae88
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: Iaa917be9f8f86c328ce4d503923a0d7cca680434
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Instead of defining a http proxy for all salt-minion traffic, which
also includes some Openstack API accesses we can't filter (no_proxy
is not yet supported), add & leverage support for proxy configuration
during APT keyserver access / key download.
JIRA: FUEL-331
Change-Id: I9470807633596c610cfafb141b139ddda2ff096b
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Allow end-users to easily change the MaaS commissioning/deploying
timeouts by simply editing the reclass model.
While at it, use arch-specific values and bump deploy timeout on
AArch64 to 20 minutes instead of 15.
Change-Id: I37ae434ecebdd64effb007baa06c722b1db15c66
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Since Mirantis prebuilt image comes with salt-minion 2016.3 instead
of 2016.11 and upgrading it leads to a hard to break catch-22, use
the Ubuntu cloud archive image we already download for FN VMs and
pre-install:
- a newer kernel (hwe-edge);
- salt-minion (2016.11);
This also implicitly aligns the image handling on AArch64 and x86_64.
Change-Id: I86d1c777449d37bdd0348936a598e3ffe9d265af
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Unlike nightly dist, stable/2017.12 distributions of salt formulas
repo do not yet include this change, so bring it back.
This reverts commit 8fbafdf8a665fb8fff4d6f9f14c343e109c122ec.
Change-Id: I7f7011750d385a28f4653faeeb74edb1cac1bcf2
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Another prerequisite for decoupling public network from Openstack
internal management network (upstream won't fix it for Pike):
- port fix from [1] for using the internal network when connecting
to keystone during project ID validation in nova, instead of
going through public endpoint (and using SSL).
[1] https://bugs.launchpad.net/nova/+bug/1716344
Change-Id: Ic9a307df9af78fcd58cbcc07b5e62a7e07cc8d7d
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Now that v2 API is obsolete, also switch 'admin' endpoint to v3
(previously it was kept back for OCL compatibility).
Change-Id: I9775d59d5e6b93d7351157f7550a0dd7114bee2f
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
|
|
Do not assume routes are on the same OVS port as the one currently
being configured. Instead, apply the `unless` ifup condition for
any OVS port.
Change-Id: Iea8084f9e50401d300feb7ed16f90b430680cac5
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Include `openstack_web_public_vip` class for setting up the
old VIP in the public network, use old class for mgmt VIP.
Also change the generic hostname 'prx' to point inside mgmt net.
Change-Id: Iff69394f16ede290d149a26b054a85371f00f8e0
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
When we dropped the default gw via mas01 NAT, we uncovered a bug,
compute nodes do not have the proper public gw set up and used
to reach public network via mas01, slowing everything down.
Add gw similar to prx nodes.
Fixes: d4ab072
Change-Id: I4343c31c376a7a223670cdd623366454396d8d92
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|