summaryrefslogtreecommitdiffstats
path: root/mcp/patches
AgeCommit message (Collapse)AuthorFilesLines
2018-10-25Enable IPv6 on entire cluster by defaultMichael Polenchuk1-1/+1
IPv6 has been enabled back by commenting out the cis-3-3-3 yaml/class source in linux service reclass. Change-Id: Ia8f4e2ddbb98f9316e6ce5136badbb14ecb277c5 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-09-26[ovn] Enable metadata agentMichael Polenchuk1-1/+1
Change-Id: I9ef3a1dd570abf90b222609af350565d385326c8 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com> (cherry picked from commit 637e149c0af5ef96612846bf9f0b3482ce11fc5b)
2018-09-26[minion] Set tcp_keepalive for flaky networksAlexandru Avadanii1-2/+2
Workaround issues like [1]. Requires bumping formulas for salt-formula-salt support of tcp_keepalive_* params. [1] https://github.com/saltstack/salt/issues/38157 Change-Id: I7093437fb696809f73a24b10144c6321d0f1be32 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> (cherry picked from commit 8e59fcfd2d9a0f8d2b7e3824d918accb23edcca6)
2018-09-23[repos] Replace keyserver accesses with pillar GPGAlexandru Avadanii2-157/+0
JIRA: FUEL-392 Change-Id: Ia21840c7561a14a5eeed3d08bf89eb2dbf9acc3a Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> (cherry picked from commit d7bf560e12151853c3121ba39ad9bf6bd47befcf)
2018-09-19[noha] Bring in OpenDaylight SFC scenarioMichael Polenchuk4-3/+3
- bump formulas baseline during docker build; - refresh patches; Change-Id: I0a54863f57344c5f8897dc981f704c4d265c5522 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-09-19Update system reclass modelMichael Polenchuk2-69/+0
In order to get tacker definitions and latest changes. Change-Id: Ib5bf5034f140e708fb596dd4b622f0b2bdee8a59 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-09-01[docker] Cleanup, minor fixes, formula bumpAlexandru Avadanii3-164/+22
* ship prebuilt salt master conf for better readability: - enable x509.sign_remote_certificate (for prx VCP nodes); * refactor Salt master CA handling: - preinstall `salt_minion_dependency_packages` and `salt_minion_reclass_dependencies` inside docker image; - persistent /etc/pki; - run salt.minion on cfg01 to generate master keys; * bump container formulas to 1 Sep 2018 versions or newer: - inject date into Docker makefile, forcing a fresh fetch of all salt formulas from upstream git repos; * workaround broken salt-formula-designate's meta/sphinx.yml: - the DEB package version of salt-formula-designate uses `cmd.shell` to query dpkg on the minion, while the git repo version still uses `cmd.run`, running into parsing issues; - temporarily disable sphinx metadata generation for designate until upstream git repo syncs with the DEB version; * upstream: salt-formula-salt AArch64 salt.control.virt support: - retire salt-formula-salt git submodule and related patches; * skip installing reclass distro package (already installed via pip inside the container); * limit initial pillar_refresh call to nodes on jumphost; * remove unused salt-formula-nova git submodule; JIRA: FUEL-383 Change-Id: I883b825e556f887a5e31f8a43676dcd8ece6dfde Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-08-31[noha] Align MTU settingsMichael Polenchuk1-2/+1
* shift MTU from public bridge to physical interface * add neutron related settings Change-Id: Ia57d1ca7976968d6e7ee23f58a0abae1a1a256c0 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-08-30[AArch64] salt.control.virt supportAlexandru Avadanii1-0/+157
Salt relies on a limiting libvirt_domain j2 template to generate the XML it passes to libvirt for salt.control managed virtual machines. For AArch64, we need to set up 3 XML nodes in a non-default way: 1. UEFI firmware (AAVMF) should be enabled by passing a pflash loader; 2. CPU mode should be 'host-passthrough'; 3. QEMU machine type should be 'virt'; To allow configuring the above using pillar data: - virtng module: implement functionality similar to upstream changes: * 219b84a512 virt module: Allow NVRAM unlinking on DOM undefine in develop, not in 2018.2; * 9cace9adb9 Add support to virt for libvirt loader in develop, not in 2018.2; - virtng module: extend it with: * pass virt machine type to vm; * pass cpu_mode to vm; JIRA: ARMBAND-404 Change-Id: Ib2123e7170991b3dfbdb42bd1a2baa5a4360b200 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-08-29Add noifupdown for all br-floatingAlexandru Avadanii1-2/+2
Since we reboot all nodes, applying the network configuration via Salt before reboot is pointless and creates a race condition with OVS. While at it, add `--ignore-errors` to ifup call for OVS bridge to prevent a race condition during linux.network state apply. Change-Id: I22fe0afaffecd7b850a6b77d7b810ed296bfc9ca Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-08-29[submodule] Cleanup: Retire scripts sub & patchesAlexandru Avadanii1-68/+0
Salt bootstrap scripts are no longer used directly, so it is now safe to retire the whole git submodule and its related patches. JIRA: FUEL-383 Change-Id: I1fbdfe4fbd4930bfb3c999a3a68033d12565682b Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-08-29[docker] Switch to containerized Salt MasterAlexandru Avadanii8-42/+161
* Refactor OPNFV salt-formulas mechanism to resemble upstream git structure: - git submodules: add new submodule for each formula we patch; - create salt-formula-x directories for OPNFV formulas; - move mcp/metadata/service contents to their each formula subdir; - use `make patches-import` for patches previously handled by patch.sh; - retire patch.sh * states: add virtual_init: - mostly based on old salt.sh, which is now obsolete; - exclude salt-master service restart (it would kill the container); * scenarios: cleanup (rm cfg01 virtual node def), adopt virtual_init; * reclass: align our model with prebuilt container's Salt config: - drop linux:network pillar data (handled by Docker); - stop applying linux.system state on cfg01; - align salt user homedir; - drop salt-formula packages (preprovisioned); * minor plumbing in deploy.sh and lib.sh; JIRA: FUEL-383 Change-Id: I28708a9b399d3f19012212c71966ebda9d6fc0ac Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-08-25[build.sh] Fix quotes, missing deb arch for repoAlexandru Avadanii1-2/+2
JIRA: FUEL-383 Change-Id: Ie4374d44993bd738b90e9b6e357014d0c5657da0 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-08-23Merge changes from topic 'docker-build'Alexandru Avadanii2-0/+141
* changes: [docker build] Install OpenSSH server [submodule] Add docker-salt-formulas, ci/build.sh [deploy.sh] Install Docker if not present [jump req] Add build/deploy specific requirements
2018-08-23[docker build] Install OpenSSH serverAlexandru Avadanii1-0/+63
While at it, create the 'ubuntu' user with passwordless sudo and preinstall salt-formula-gnocchi (missing git repo workaround), as well as various useful packages (e.g. net-tools). JIRA: FUEL-383 Change-Id: I5902c37110331acfd3fd4fccb92104de7b5ece6b Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-08-22[patch] AArch64: reclass system arch tweaksAlexandru Avadanii3-0/+115
Armband has been carrying a few arch-enablement patches that are required for the default reclass system classes to work as expected on AArch64 systems. Change-Id: I1f96c062eb3f9dcabb8513aadd1ea41be4fbc098 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-08-21[submodule] Add docker-salt-formulas, ci/build.shAlexandru Avadanii1-0/+78
- add new git submodule pointing to upstream docker build scripts; - add patch extending Docker tags with an '-(arch)' suffix, aligning with OPNFV tagging requiremnts; - add <ci/build.sh> wrapper for starting Docker builds; - install build-specific distro package requirements, as well as pip-managed packages (e.g. pipenv); JIRA: FUEL-383 Change-Id: Id4fc886206d7eaf7e6d02810380f2391609ba405 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-08-21Turn off glance signatures verificationMichael Polenchuk2-37/+0
Change-Id: I61ee8e19e783437dce7a9ddd666cd60e9d22a2e1 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-08-17[scripts] Leverage upstream arm64 bootstrap suppAlexandru Avadanii3-63/+4
bootstrap-salt.sh now has arm64 support [1], so drop our obsoleted workaround. JIRA: ARMBAND-399 [1] https://github.com/saltstack/salt-bootstrap/pull/1251 Change-Id: I8b06520b2c41564ed2eda338e7633ce1637bb866 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-08-07Enable barbican itegration on compute nodesDelia Popescu2-0/+37
Configure barbican for cinder-volumes and nova-compute to use encrypted volumes Disable default glance image signature verification with barbican enabled JIRA: FUNCTEST-981 Change-Id: I35660234526780a2277e459f3fa21a67d96ce7d7 Signed-off-by: Delia Popescu <delia.popescu@enea.com>
2018-08-06[patch] Rebase keyserver patch for disabled reposAlexandru Avadanii1-36/+15
Rebase patch on top of upstream commit [1]. [1] https://github.com/salt-formulas/salt-formula-linux/commit/45cf452d Change-Id: Id44eab58150ff69140f630352a299633cdb4f4ac Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-08-03[patch] Rebase keyserver support for update logicAlexandru Avadanii1-18/+23
Change-Id: Iad2502e876600ba966a38f2df3e71bd579f80e8f Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-07-30[patch] Rebase keyserver proxy supportMichael Polenchuk1-84/+76
https://github.com/salt-formulas/salt-formula-linux/commit/f27f436 Change-Id: I9662dcff23c363430b6a04808f4e03617a10c160 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-07-09[patch] Drop obsolete OVS port with route supportAlexandru Avadanii2-40/+0
Since we switched all scenarios to using only global gateway settings instead of per-interface routes, drop the obsolete patch for OVS ports with explicit routes. Change-Id: Ibd28849437b598add9847c991e0276b4d0fc505e Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-07-09[patch] MaaS: Switch to upstream fabric/vlan mgmtAlexandru Avadanii2-88/+0
Obsolete our out of tree patch in favor of upstream mechanisms for creating fabrics/VLANs/subnets. Change-Id: I57d6d59764a825b428f423d48c5d90af7f2e676f Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-06-29[patch] MaaS: fabric ID from CIDRAlexandru Avadanii2-0/+88
Change-Id: I1e1490f4d0a0bee2783450c6369d7ab6c45b193f Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-06-26[ha] Add fabric to maas admin subnetMichael Polenchuk2-90/+0
Change-Id: Ida4cf736dfe60886384e7e180d3e43faf811bd58 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-06-25[MaaS] Adopt boot-resources control from maasngAlexandru Avadanii3-112/+0
JIRA: FUEL-364 Change-Id: I891514f85cf694509003a3b0a6f3568524d0a461 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-06-19Enforce static configuration instead of DHCPAlexandru Avadanii2-1/+40
- noha: 'accept_policy: open_mode' to align with ha scenarios; - s/cmp01/cmp001/g to align all scenarios and allow code reuse; - rename network params: s/dhcp/mcpcontrol/g, cleanup; - computes XDF data: drop 'opnfv_*' layer of params, cleanup; - local vPDF: add comments with default roles by node index; - parameterize all netmasks; - drop unused address/netmask for 'proto: manual' interfaces; - virsh_net: cleanup definitions, remove hardcodes, align IP on jumpserver and DHCP range with MaaS for pxebr; - maas: parameterize hardcoded '/24' cidr for PXE/admin, refactor maas.region.machines parameterization; - merge <all-mcp-arch-common/infra/config_*pdf.yaml.j2> templates; - move reclass.storage definitions of compute nodes to common dir; - drop 'openstack_compute_*' reclass params in favor of expanding them via j2 directly in reclass.storage params; - adopt `nm.cluster.has_*_nodes` where possible; - obsolete `runtime.yml` from reclass model; - refactor arch-specific reclass param selection; - remove unused defaults in favor of mandatory IDF properties; - noha: prepare for baremetal node support in cinder_lvm_devices; - interfaces: add interface_mtu and 'noifupdown: true' everywhere; - interfaces: use j2 macros to generate eth/vlan config; - states cleanup: remove DHCP route disable workaround on prx/cmp; - allow configuring NTP servers via: `idf.fuel.network.ntp_strata_host{1,2}`; - ovs_bridge: Allow setting gateway, dns-nameservers - apache: Adjust module list for novcp class inheritance; - glusterfs PPA: pin with same prio of MCP repos for novcp scenario; JIRA: FUEL-319 JIRA: FUEL-326 JIRA: FUEL-337 Change-Id: Ia6ad64ba8cade85a75fb22c9a2505decc3834360 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-06-18[patch] OVS bridges should not use 'auto'Alexandru Avadanii1-2/+5
Change-Id: I0db7b9ee5af77f9e2d580c4ace9fa7d7f17c8d85 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-06-14[patch] Rebase keyserver proxy support (3)Alexandru Avadanii1-21/+8
Rebased on top of [1]. [1] https://github.com/salt-formulas/salt-formula-linux/commit/9f30456 Change-Id: Iad5aef674c47d622a94d1c21cae3f46fbb3c52d8 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-06-11[patch] Rebase keyserver proxy supportAlexandru Avadanii1-30/+42
Rebase on top of [1]. [1] https://github.com/salt-formulas/salt-formula-linux/commit/6f5e69e Change-Id: Ic34bb9c1fad8778262f2e876c91667e903d143bf Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-06-07[patch] Rebase APT keyserver proxy support patchAlexandru Avadanii1-66/+126
Sync our patch with upstream PR [1]. [1] https://github.com/salt-formulas/salt-formula-linux/pull/138 Change-Id: If3a51d3aef51accee0901c59e1342b42dbe4be4b Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-06-05Clean out merged upstream patchMichael Polenchuk2-42/+0
Change-Id: I0c8f87bad0fbe55684bd43547674ed91a31f39f8 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-06-04[patch] Drop upstream reclass formula patchesAlexandru Avadanii5-125/+0
Change-Id: Iad2a27d059b43ed14fb70bdee01b3db29613615b Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-06-03[patch] maas: rebase artifact downloadAlexandru Avadanii1-24/+30
Upstream refactored maas/regions.sls to introduce kitchen tests in [1], rebase our patches on top of it. [1] https://github.com/salt-formulas/salt-formula-maas/commit/8a0d52e Change-Id: I491fb2e05679ebc226a27141e685d429e0ff8bcc Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-05-24[maas] Download only used subarches imagesAlexandru Avadanii2-2/+2
- reduce download size/time for MaaS images by downloading only the subarch images we use; - fix stop condition in MaaS artifact download script; - stop importing images before updating the boot resources to prevent race conditions; Change-Id: I3b15fae3463bc6c54be2cc06e0cb31edcbd307cb Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-05-24maas: boot-resources: Dynamic arch list from PDFAlexandru Avadanii2-2/+2
Instead of leaving MaaS default to 'amd64', explicitly set the list of architectures to support based on PDF data. Change-Id: I852a3ce156db3df0c090f10c0b45c26058dbb6c6 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-05-23Revert "[patch] Backport proposed generate_dhparams fix"Michael Polenchuk2-42/+0
This reverts commit c7dff6e1ae6444f60d3fe20b1f495609c7980051. The patch has been merged into upstream. Change-Id: Idf768b9b94b3498994601d50feeeef008430ba27 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-05-22[patch] Backport proposed generate_dhparams fixAlexandru Avadanii2-0/+42
Upstream PR [1] should fix recently introduced issues with nginx state for SSL-enabled sites. [1] https://github.com/salt-formulas/salt-formula-nginx/pull/40 Change-Id: I52b5e4f51539e535249e0850f0b34c2801f4d74a Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-05-22[maas] AArch64: Preseed Armband repositoriesAlexandru Avadanii2-66/+0
Preseed Armband common repo-comp for Pike, so we get the updated kernel & other packages from the start. Requires upstream PR [1]. While at it, also handle related PR merged upstream [2] by explicitly setting maas.region.subnets name via j2 instead of reclass param expansion in name (allows us to drop the remaining chunk of the fabric-from-CIDR patch we used to carry). Note: opnfv_infra_maas_pxe_network_addres can now be dropped from pod_config j2 template in Pharos Fuel installer adapter. [1] https://github.com/salt-formulas/salt-formula-maas/pull/26 [2] https://github.com/salt-formulas/salt-formula-maas/pull/22 Change-Id: I356adb73b80f0f2d85db4ab060e804cb9a053862 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-04-26[maas] Make boot-source-selection ops idempotentAlexandru Avadanii1-3/+3
- add `unless` clause; - instead of adding a new boot sources, update the existing one, assuming standard MaaS installation (always updates id '1'); Change-Id: I2db92a3b14d0588095c69545cbb6977ca109613e Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-04-26[maas] Set boot source selectionsMichael Polenchuk2-0/+32
Select xenial image explicitly to avoid getting latest bionic one. Change-Id: Iee872b8dd2ce309231829a0ad8e5a3cf1a75f796 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-04-11Clean up opendaylight configurationMichael Polenchuk5-176/+2
* remove client patch (has been merged to upstream) * websocket now is disabled by default * purge deprecated/unneeded features (odl-mdsal-apidocs, odl-dlux-all) Change-Id: Id247a3c74e66730049bfeafc4a5164aad0d9b662 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-04-09Add ports to ovs bridge configMichael Polenchuk1-3/+6
To avoid race with interfaces initialization specify all the ports that belong to a bridge in the config file. Change-Id: Ie4f48e7a81d4659a0f43749cdd518dbeffe2e35f Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-03-29[odl] Fire up ovs host config after other settingsMichael Polenchuk1-14/+11
Change-Id: I9a42e0373f551da9f5c968ae169e0eff1a58972e Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-03-28[odl] Setup manager target after ovs host configMichael Polenchuk3-40/+146
Change-Id: Ia517b7cf1723a5afaf43cb0709716f3a67a29e9f Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-03-21[patch] Drop keystoneclient project ID checkingAlexandru Avadanii2-169/+0
Since we brought back NAT over MaaS PXE/admin, drop out-of-tree patch that was only needed for full network isolation (no cross-talk between public and admin). Change-Id: I577b1116bbdcc19647b3c01fe6f2acb7bb9ce627 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-03-16[ovs/dpdk] Set bridge datapath_type to netdevMichael Polenchuk1-9/+7
This prevents neutron ovs agent to re-create existing bridge which might cause unpredictable/faulty state of network interfaces. Change-Id: I289365e1dea7d178b5b72eb506f5c711f6d60199 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-03-12Merge "[virtual/odl] Apply missing neutron.compute state"Alexandru Avadanii2-0/+40