aboutsummaryrefslogtreecommitdiffstats
path: root/mcp/patches
AgeCommit message (Collapse)AuthorFilesLines
2018-02-28Clean up upstreamed patchesMichael Polenchuk3-102/+1
Change-Id: Icee56da3720f0926e42390965581639f6a344b77 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-02-26[patch] cleanup: Drop LVM filter disableAlexandru Avadanii3-37/+1
Now we explicitly add a LVM PV on /dev/sda{1,2} for Cinder storage, so we can safely drop the patch disabling LVM volume filtering. If we later move the PV to a different disk, we can just add the VG and LV definitions to linux:storage via reclass, and Salt will skip setting them up (as they're already created by MaaS), yet keep the filtering sane. While at it, fix 'nova_cpu_pinning' param expr; constructs based on reclass interpolation (e.g. '${_param:x}') do not work when parameters are passed via reclass.storage templating, so change reclass interpolation syntax with classic YAML anchors. Fixes: 672ae12 Change-Id: Ieb41635ddeb630543d7e4d1079f45d636d9a43af Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-02-25[ovs/dpdk] Add opnfv.route_wrapper slsAlexandru Avadanii2-0/+42
- fix `route-br-ex` if-up.d script failing when route already exists by adding a wrapper around distro's '/sbin/route' binary in '/usr/local/sbin/route', exploiting default order in Ubuntu PATH; - fix 'br-prv' duplicate entry in 'interfaces.d/ifcfg-br-prv' and 'interfaces' caused by upstream bug [1]; - add barrier waiting for all baremetal nodes online before attempting reboot, trying to catch rare failures which are undetectable in logs as both a succesful reboot and a disconneted minion report 'n/c'; With the above in place, networking service should no longer fail to start on cmp nodes w/ DPDK. [1] https://github.com/saltstack/salt/issues/40262 Change-Id: I6d4895376ce323c14c997e6c9af2ea3eeeee0184 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-02-22[MaaS] Force Maas to use a fixed ip packet sizeCharalampos Kominos1-1/+16
Maas uses a tftp library during commisioning which in turn uses another library which tries to find the best packet size to use. For some reason during commisioning the library uses smaller sizes than the infrastructure can handle and therefore takes a lot of time to deploy. JIRA: ARMBAND-351 Change-Id: I9b3083a059c04b118e8b7f0f2723af67d96d2aad Signed-off-by: Charalampos Kominos <charalampos.kominos@enea.com>
2018-02-20[salt.sh] Armband extra repo for forked reclassAlexandru Avadanii20-22/+30
- add Armband nightly/extra DEB repository; - install forked and updated reclass 1.5.2 which includes: * better error reporting; * support for deleting existing keys during list interpolation; * various other improvements and optimizations; While at it, update copyright year for patches. JIRA: FUEL-345 Change-Id: I00d8b625fe191648e7ea34b3dd4c8375691384e6 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-02-13[patch] MaaS: mcp.rsa.pub to auth keys via pillarAlexandru Avadanii2-46/+0
Drop one questionable patch responsible for MaaS node authorized keys to include mcp.rsa.pub by reading the contents of authorized keys on mas01, assuming mcp.rsa.pub will be on the first line. Instead, export the contents of the public key using a shell env var during deploy, which gets expanded via maas_pdf j2 template into a reclass param, leveraging existing salt-formula-maas sshprefs mechanism for delivering the key to MaaS. Since we require the public key to exist before expanding templates, move `generate_ssh_key` call outside the current infrastructure handling block, allowing it to execute during all `deploy.sh` calls, even for dry-runs. Change-Id: I0f53b0f764a2fafd292e0ffd399c284acf61bd30 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-02-06Add NOVCP HA OVS scenario (baremetal, virtual)Alexandru Avadanii6-5/+121
Add a new class of scenarios, based on existing baremetal HA scenarios, but instead of having a virtualized control plane (VCP), all Openstack controller services will run directly on the cluster nodes. This change adds the common scaffolding, as well as the OVS scenario. The new scenario(s) can be used on full-baremetal clusters, soon on full-virtual clusters and later on hybrid (virt + bare) clusters. This change defines old (current) style scenario definitions for both baremetal and virtual, both named: - os-nosdn-nofeature-novcp-ha; Prerequisites: 1. Merge-able by name reclass.storage.node definitions Each cluster (e.g. database, telemetry) adds its own set of reclass storage node defitions, which for novcp scenarios should be merged into a single node (kvm) based on the 'name' property. This is not currently supported by upstream reclass 'node.sls' high state, so add support for it via an early patch (required before salt-master-init.sh tries to handle reclass.storage). 2. common reclass classes for novcp Some of the classes in `baremetal-...-common-ha` are not fit for novcp as they define VCP-specific config/inheritance, so add new versions of said classes with novcp in mind or adapt old classes: - parameterize ctl hostname in `openstack_compute.yml`; - new `openstack_control_novcp.yml`; - new `openstack_init_novcp.yml`; 3. Handle hard set names in state files for baremetal nodes Some of our state files (e.g. maas) hardcodes baremetal node names to 'kvm', 'cmp', so we need to align the names in novcp scenario with these values to re-use the maas state. As a future improvement we should parameterize these names in all state files. As a consequence, our baremetal controller nodes will also use 'kvm*' hostnames (instead of 'ctl*'). 4. Add 'noifupdown' to all interfaces on kvm nodes to prevent duplicate IPs/routes created at *any* ifup due to /etc/network/route-br-ex. Patch salt-formula-linux to skip network restart on 'noifupdown', also when routes are present on that interface. JIRA: FUEL-310 Change-Id: Ic67778f63e5ee0334dbfe9547c7109ec1a938d61 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-02-05[virtual] Split 'pxebr' from 'mcpcontrol' netAlexandru Avadanii1-4/+8
- add new virsh managed network 'pxebr' (to mimic baremetal behavior on virtual PODs, this will be the equivalent of PXE/admin network); - connect 'pxebr' to 3rd interface for cfg01, mas01 for all deploys (used to be baremetal-specific), replacing 'internal'; - keep 'mcpcontrol' connected only to 'cfg01' (+ 'mas01' if present) for initial infrastructure bring-up (1st interface); - switch all virtual cluster nodes to 'pxebr' (1st interface); - use 'pxebr' for all Salt cluster nodes traffic, 'mcpcontrol' only for mas01<=>cfg01 Salt traffic; - convert <user-data.template> to jinja2 and expand it based on PDF instead of using `envsubst`; - split <user-data.sh.j2> into two versions, one for each network used for Salt traffic; - ci/deploy.sh: Read scenario data before template parsing for cluster domain variable, needed in virsh network def; - leave docs diagram refresh to later after all possible deploy types have settled; - limit keyserver proxy usage to nodes where the configured http proxy matches the first nameserver (true for all MaaS-provisioned nodes), so we can re-use the same pillar for FN VMs and baremetal nodes; - add PXE/admin IP on cfg01's 3rd interface and switch other vnodes `salt_master_host` to point to it; JIRA: FUEL-322 Change-Id: Ie4f7aedddf2ef81046f1127b377d88dce79f0fda Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-31Turn off Retpoline and KPTI protectionMichael Polenchuk3-27/+70
Based on Canonical research (https://goo.gl/QJykMa) there is low-risk of attack for private clouds environments, therefore turn off the related kernel patches & regain performance back. Change-Id: I661fa127241e327b07d21a29d58d584997607123 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-01-31Merge "[patch] Group APT calls for salt formula install"Michael Polenchuk1-0/+68
2018-01-30[patch] Group APT calls for salt formula installAlexandru Avadanii1-0/+68
When installing salt-formula-* on cfg01, we used to call APT for each package. Instead, handle them all at once. While at it, stop using colored output on terminals that don't support it (e.g. 'vt220' used by OPNFV Jenkins). Change-Id: Ib8f2cee9638c43cdf648487bf05b07cd49802d3e Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-30Update reclass system modelMichael Polenchuk1-4/+5
Get the latest reclass system model to be in sync with salt formulas code. Adjust keystone v3 admin endpoint patch. Change-Id: Ia7ce6187b875cc9e18af2784ef1eb5df1c145c7d Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-01-29[patch] Point neutron opendaylight configs to pikeMichael Polenchuk1-12/+12
Change-Id: I3fae38da88b170b84ea926abf93da8b178e9ca8a Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-01-29Merge "[cfg01] apt.conf.d: Dpkg::Use-Pty: 0"Michael Polenchuk1-0/+8
2018-01-28[cfg01] apt.conf.d: Dpkg::Use-Pty: 0Alexandru Avadanii1-0/+8
This will silence all 'Reading database ...' noise during Salt formula installation. Change-Id: I734d727194e276443db1e1581f40ec494562196e Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-26[ovs/dpdk] Configure vxlan for baremetal scenarioMichael Polenchuk2-0/+31
* switch ovs/dpdk scenario from vlan to vxlan mode * force br-ex interface to mitigate race with incorrect state * remove dpdk packages list (already in upstream) Change-Id: Ib827cef2d67879fd2a86d286ca2118b22493274d Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-01-25Merge "[lab-config] Use Pharos submodule by default"Alexandru Avadanii2-76/+0
2018-01-24[lab-config] Use Pharos submodule by defaultAlexandru Avadanii2-76/+0
- switch from securedlab to pharos as lab-config structure; - accomodate the move net_config from PDF to IDF in j2 templates; Change-Id: Ib04e4fb384568a6efd9e78a080857b663521ae88 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-23Rectify ODL repository apt keyMichael Polenchuk1-13/+15
Change-Id: Iaa917be9f8f86c328ce4d503923a0d7cca680434 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-01-22[patch] system.repo: Add keyserver proxy supportAlexandru Avadanii2-0/+109
Instead of defining a http proxy for all salt-minion traffic, which also includes some Openstack API accesses we can't filter (no_proxy is not yet supported), add & leverage support for proxy configuration during APT keyserver access / key download. JIRA: FUEL-331 Change-Id: I9470807633596c610cfafb141b139ddda2ff096b Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-07MaaS: Set commission/deploy timeouts via reclassAlexandru Avadanii1-2/+2
Allow end-users to easily change the MaaS commissioning/deploying timeouts by simply editing the reclass model. While at it, use arch-specific values and bump deploy timeout on AArch64 to 20 minutes instead of 15. Change-Id: I37ae434ecebdd64effb007baa06c722b1db15c66 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-03[baremetal] Switch VCP base image to UCAAlexandru Avadanii2-35/+0
Since Mirantis prebuilt image comes with salt-minion 2016.3 instead of 2016.11 and upgrading it leads to a hard to break catch-22, use the Ubuntu cloud archive image we already download for FN VMs and pre-install: - a newer kernel (hwe-edge); - salt-minion (2016.11); This also implicitly aligns the image handling on AArch64 and x86_64. Change-Id: I86d1c777449d37bdd0348936a598e3ffe9d265af Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-03Revert "patches: Drop salt ver sync patch, now upstream"Alexandru Avadanii2-0/+35
Unlike nightly dist, stable/2017.12 distributions of salt formulas repo do not yet include this change, so bring it back. This reverts commit 8fbafdf8a665fb8fff4d6f9f14c343e109c122ec. Change-Id: I7f7011750d385a28f4653faeeb74edb1cac1bcf2 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-03[patch] Use keystoneclient to check project IDAlexandru Avadanii2-0/+169
Another prerequisite for decoupling public network from Openstack internal management network (upstream won't fix it for Pike): - port fix from [1] for using the internal network when connecting to keystone during project ID validation in nova, instead of going through public endpoint (and using SSL). [1] https://bugs.launchpad.net/nova/+bug/1716344 Change-Id: Ic9a307df9af78fcd58cbcc07b5e62a7e07cc8d7d Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-03[patch] keystone: Use v3 for admin endpointAlexandru Avadanii1-0/+35
Now that v2 API is obsolete, also switch 'admin' endpoint to v3 (previously it was kept back for OCL compatibility). Change-Id: I9775d59d5e6b93d7351157f7550a0dd7114bee2f Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-02Merge "[baremetal] prx: Add management network VIP"Alexandru Avadanii1-0/+29
2018-01-02[patch] Fix OVS ifup workaroundAlexandru Avadanii2-6/+16
Do not assume routes are on the same OVS port as the one currently being configured. Instead, apply the `unless` ifup condition for any OVS port. Change-Id: Iea8084f9e50401d300feb7ed16f90b430680cac5 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-02[baremetal] prx: Add management network VIPAlexandru Avadanii2-1/+33
Include `openstack_web_public_vip` class for setting up the old VIP in the public network, use old class for mgmt VIP. Also change the generic hostname 'prx' to point inside mgmt net. Change-Id: Iff69394f16ede290d149a26b054a85371f00f8e0 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-31[baremetal] cmp: Add missing public gw (default)Alexandru Avadanii2-0/+33
When we dropped the default gw via mas01 NAT, we uncovered a bug, compute nodes do not have the proper public gw set up and used to reach public network via mas01, slowing everything down. Add gw similar to prx nodes. Fixes: d4ab072 Change-Id: I4343c31c376a7a223670cdd623366454396d8d92 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-29[maas] artifact sync: improve barrier conditionAlexandru Avadanii1-3/+2
Simplify wait condition for MaaS service up, since it's fragile and often adds extra time when not really needed. Instead, retry starting boot image import right away. Change-Id: I131d6c82127449cecf6685d4cc7484a366e658c6 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-28Merge "[patch] haproxy hostname parameterization upstream"Alexandru Avadanii2-550/+0
2017-12-28[patch] haproxy hostname parameterization upstreamAlexandru Avadanii2-550/+0
PR [1] was merged upstream. [1] https://github.com/Mirantis/reclass-system-salt-model/pull/298 Change-Id: I335ac265b0b0b625c2f488755c5d11710ab354c2 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-28[patch] Use keystone v3 endpoints by defaultMichael Polenchuk1-0/+31
Change-Id: I98fc378fbec3679acf5bad4c089972340daea92c Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-12-27patches: Squash maas region changesAlexandru Avadanii3-47/+26
When re-deploying with `-f` flag, `patch -R` cannot cleanly revert maas region changes with overlapping context lines, so squash them into a single file. Change-Id: I87dae72a12fea833e9e6729de21d4ce5f262695e Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-19Merge "[baremetal] MaaS: Reduce timeout values"Alexandru Avadanii1-2/+2
2017-12-19Set libvirt unix_sock_group as an optionMichael Polenchuk2-30/+0
Updated libvirt formula now supports group name as an option for unix socket parameter. Change-Id: I683e38971fe6c939fd09e95b805d611ddc596f28 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-12-19[baremetal] MaaS: Reduce timeout valuesAlexandru Avadanii1-2/+2
`maas_fixup` is already re-entrant, so we can execute it more than once during a commissioning/deploy cycle. Reduce the timeout waiting for all nodes to reach a stable state, so nodes stuck in 'Ready' state instead of reaching 'Deploying' get dealt with sooner (~5 min vs old 30 min). While at it, let `maas_fixup` handle machine deploy as well, so we can catch nodes stuck in 'Ready' state and re-trigger the deploy. Change-Id: Id24cc97b17489835c5846288639a9a6032bd320a Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-18[baremetal] MaaS: Fix DHCP dynamic reserved rangeAlexandru Avadanii4-0/+100
- patch MaaS to default to `DHCP` instead of `AUTO` for physical PXE interfaces (all IPs will be handed out by MaaS DHCP *inside* the defined dynamic DHCP IP range); - reduce range to silence bogus MaaS warning about address exhaustion; - regenerate pod_config.yml.example to reflect the changes; - drop `opnfv_infra_maas_pxe_address` (duplicate of `opnfv_infra_maas_node01_deploy_address`); - add `opnfv_infra_config_pxe_address` for future usage; - while at it, fix missing patch copyright; JIRA: FUEL-316 Change-Id: I81fad333e77f7c8508cd2b2b267c7b39c130e3e1 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-14patches: Drop salt ver sync patch, now upstreamAlexandru Avadanii2-35/+0
Upstream pull request [1] was merged, drop out patch. [1] https://github.com/salt-formulas/salt-formula-salt/pull/64 Change-Id: I7aac66349a4bec718f7821b75dbad711cd6acd58 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-14Revert "Horizon: service: Default to v2 API"Alexandru Avadanii2-34/+0
Pike Horizon packages contain the fix for full v3 compatibility. Also update the reclass models to use v3 API. JIRA: FUEL-284 This reverts commit 68ff467c4c2d9d0f201e2912c97616402f8109a3. Change-Id: I7795197100a67f892889eefce73252ec90d289cc Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-13patches: libvirt: Use "libvirt" unix_sock_groupAlexandru Avadanii2-0/+22
Now that libvirt 3.6 is used on kvm nodes (via UCA repos), which by default uses "libvirt" group for socket ownership, change old "libvirtd" in salt-formula-libvirt's: - libvirt/files/libvirtd.conf.Debian This allows us to remove the manual group creation from VCP state file, which was not re-entrant (failed if group already existed). Change-Id: Id61fecd82daec1c0716ff4796b79dce47d096c3a Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-11patches: pharos: Bump & drop upstream patchesAlexandru Avadanii2-97/+0
All our staged patches for Pharos repo are now upstream, so bump the git submodule and remove the patch files. Change-Id: I0d68eb3bdd9abfa286c3640acc1f13ce6100801d Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-11[baremetal] cleanup: Parameterize VCP hostnamesAlexandru Avadanii2-0/+587
We already define the hostnames in a central location (openstack_init), so use the reclass params instead of hardcodes. Also handle hardcoded hostnames in system.haproxy.proxy.listen and system.mongodb.server.cluster. This will also simplify later changes for novcp scenarios. JIRA: FUEL-310 Change-Id: I2a8b4cd1fcb61a7c63f9047123d985bb688dca0a Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-07patches: pharos: Drop patches merged upstreamAlexandru Avadanii7-184/+5
Also, remove redundant pharos patch that adds prx mgmt IPs: - "Re-assign mgmt network to proxy nodes" as those values are set already (to different values!) by patch: + "extend public gateway support" While at it, `make patches-export` should clean the patch dir first. Change-Id: Ice106e5d48c7b4cd90ffc6af7441199034d4f546 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-05Clean up noifupdown support patchMichael Polenchuk2-34/+0
The patch has been merged to upstream linux formula. Change-Id: I09f96be920c5c3ecd09fd2ab132e25519902239b Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-11-28Revert "[baremetal] Fix maas_subnets without maas_fabrics"Michael Polenchuk2-32/+0
The upstream commit has been merged https://github.com/salt-formulas/salt-formula-maas/commit/0c622327 This reverts commit 2c48915a1a77aa3ac0133155fd0cdadbf280493d. Change-Id: Iff86f3dc171371903e3294eed43977eb6197a5e7 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-11-27[baremetal] MaaS: Fix adding mcp.rsa.pubAlexandru Avadanii1-3/+6
Upstream salt-formula-maas change [1] gated applying "maas_sshprefs" low state by `region.sshprefs` being declared in reclass, which is not true for our model. Mend our region.sls patch to pass mcp.rsa.pub to MaaS unconditionally. This fixes baremetal SSH login with mcp.rsa. While at it, fix duplicate SSH key upload on MaaS state retry. JIRA: FUEL-281 [1] https://github.com/salt-formulas/salt-formula-maas/commit/ec61dd6 Change-Id: I93941a689058f9f48f34861898fbe3ee6ce4e2b4 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-11-24Switch nofeature-ha compute nodes to UCA repoMichael Polenchuk1-2/+20
Employ UCA repo on computes nodes for nosdn-nofeature-ha scenario as well to prevent a regression (creation of ports failed for 1+n instances) of neutron ovs agent from mcp/openstack repos. Change-Id: Ie65ae122096c0d3a93c09d46191787a934bd7d4f Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-11-23[baremetal] Fix maas_subnets without maas_fabricsAlexandru Avadanii2-0/+32
Change-Id: I603b39d46d3f2f2448b8f9746ad0745e416bbee7 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-11-21ci/deploy.sh: Add new `-E` arg for env eraseAlexandru Avadanii1-1/+1
NOTE: In order to undefine VCP VMs with NVRAM (e.g. AArch64 VMs using AAVMF), an additional parameter should be passed to libvirt by Salt virt core module (equivalent to `virsh undefine --nvram`). While at it, pass CI_DEBUG, ERASE_ENV enviroment variables to state execution, and stop force-applying patches. Also refactor the rsync between foundation node and Salt master, so the whole git repo is copied as </root/opnfv>, and <root/fuel> becomes a link to it; useful for Armband, where 'fuel' is a git submodule. Fix .git paths after rsync, so git submodules work as expected in cfg01 repos. JIRA: FUEL-307 Change-Id: Ic62f03e786581c019168c50ccc50107238021d7f Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>