Age | Commit message (Collapse) | Author | Files | Lines |
|
By default castellan key manager gets public endpoint of barbican
service which isn't preferable in terms of cluster ops, so specify
internal endpoint explicitly.
Change-Id: Ie686ceb936132143743af18fcb4960ea15a8b93c
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: Idf8b4b42dcc68bc55debaac9a8b5f1ca6b5b398e
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
IPv6 has been enabled back by commenting out the
cis-3-3-3 yaml/class source in linux service reclass.
Change-Id: Ia8f4e2ddbb98f9316e6ce5136badbb14ecb277c5
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: Id75fbee34a6cfc6e7fc60df053cccaaff21cb15a
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: Id2f93d0274b102a5eef5271a6d15cb91428d7a0c
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: I9ef3a1dd570abf90b222609af350565d385326c8
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Workaround issues like [1]. Requires bumping formulas for
salt-formula-salt support of tcp_keepalive_* params.
[1] https://github.com/saltstack/salt/issues/38157
Change-Id: I7093437fb696809f73a24b10144c6321d0f1be32
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
JIRA: FUEL-392
Change-Id: Ia21840c7561a14a5eeed3d08bf89eb2dbf9acc3a
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
- bump formulas baseline during docker build;
- refresh patches;
Change-Id: I0a54863f57344c5f8897dc981f704c4d265c5522
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
In order to get tacker definitions and latest changes.
Change-Id: Ib5bf5034f140e708fb596dd4b622f0b2bdee8a59
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
* ship prebuilt salt master conf for better readability:
- enable x509.sign_remote_certificate (for prx VCP nodes);
* refactor Salt master CA handling:
- preinstall `salt_minion_dependency_packages` and
`salt_minion_reclass_dependencies` inside docker image;
- persistent /etc/pki;
- run salt.minion on cfg01 to generate master keys;
* bump container formulas to 1 Sep 2018 versions or newer:
- inject date into Docker makefile, forcing a fresh fetch of all
salt formulas from upstream git repos;
* workaround broken salt-formula-designate's meta/sphinx.yml:
- the DEB package version of salt-formula-designate uses `cmd.shell`
to query dpkg on the minion, while the git repo version still
uses `cmd.run`, running into parsing issues;
- temporarily disable sphinx metadata generation for designate until
upstream git repo syncs with the DEB version;
* upstream: salt-formula-salt AArch64 salt.control.virt support:
- retire salt-formula-salt git submodule and related patches;
* skip installing reclass distro package (already installed via pip
inside the container);
* limit initial pillar_refresh call to nodes on jumphost;
* remove unused salt-formula-nova git submodule;
JIRA: FUEL-383
Change-Id: I883b825e556f887a5e31f8a43676dcd8ece6dfde
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
* shift MTU from public bridge to physical interface
* add neutron related settings
Change-Id: Ia57d1ca7976968d6e7ee23f58a0abae1a1a256c0
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Salt relies on a limiting libvirt_domain j2 template to generate the
XML it passes to libvirt for salt.control managed virtual machines.
For AArch64, we need to set up 3 XML nodes in a non-default way:
1. UEFI firmware (AAVMF) should be enabled by passing a pflash loader;
2. CPU mode should be 'host-passthrough';
3. QEMU machine type should be 'virt';
To allow configuring the above using pillar data:
- virtng module: implement functionality similar to upstream changes:
* 219b84a512 virt module: Allow NVRAM unlinking on DOM undefine
in develop, not in 2018.2;
* 9cace9adb9 Add support to virt for libvirt loader
in develop, not in 2018.2;
- virtng module: extend it with:
* pass virt machine type to vm;
* pass cpu_mode to vm;
JIRA: ARMBAND-404
Change-Id: Ib2123e7170991b3dfbdb42bd1a2baa5a4360b200
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Since we reboot all nodes, applying the network configuration via
Salt before reboot is pointless and creates a race condition with
OVS.
While at it, add `--ignore-errors` to ifup call for OVS bridge to
prevent a race condition during linux.network state apply.
Change-Id: I22fe0afaffecd7b850a6b77d7b810ed296bfc9ca
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Salt bootstrap scripts are no longer used directly, so it is now safe
to retire the whole git submodule and its related patches.
JIRA: FUEL-383
Change-Id: I1fbdfe4fbd4930bfb3c999a3a68033d12565682b
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
* Refactor OPNFV salt-formulas mechanism to resemble upstream git
structure:
- git submodules: add new submodule for each formula we patch;
- create salt-formula-x directories for OPNFV formulas;
- move mcp/metadata/service contents to their each formula subdir;
- use `make patches-import` for patches previously handled by
patch.sh;
- retire patch.sh
* states: add virtual_init:
- mostly based on old salt.sh, which is now obsolete;
- exclude salt-master service restart (it would kill the container);
* scenarios: cleanup (rm cfg01 virtual node def), adopt virtual_init;
* reclass: align our model with prebuilt container's Salt config:
- drop linux:network pillar data (handled by Docker);
- stop applying linux.system state on cfg01;
- align salt user homedir;
- drop salt-formula packages (preprovisioned);
* minor plumbing in deploy.sh and lib.sh;
JIRA: FUEL-383
Change-Id: I28708a9b399d3f19012212c71966ebda9d6fc0ac
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
JIRA: FUEL-383
Change-Id: Ie4374d44993bd738b90e9b6e357014d0c5657da0
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
* changes:
[docker build] Install OpenSSH server
[submodule] Add docker-salt-formulas, ci/build.sh
[deploy.sh] Install Docker if not present
[jump req] Add build/deploy specific requirements
|
|
While at it, create the 'ubuntu' user with passwordless sudo
and preinstall salt-formula-gnocchi (missing git repo workaround),
as well as various useful packages (e.g. net-tools).
JIRA: FUEL-383
Change-Id: I5902c37110331acfd3fd4fccb92104de7b5ece6b
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Armband has been carrying a few arch-enablement patches that are
required for the default reclass system classes to work as expected
on AArch64 systems.
Change-Id: I1f96c062eb3f9dcabb8513aadd1ea41be4fbc098
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
- add new git submodule pointing to upstream docker build scripts;
- add patch extending Docker tags with an '-(arch)' suffix,
aligning with OPNFV tagging requiremnts;
- add <ci/build.sh> wrapper for starting Docker builds;
- install build-specific distro package requirements, as well as
pip-managed packages (e.g. pipenv);
JIRA: FUEL-383
Change-Id: Id4fc886206d7eaf7e6d02810380f2391609ba405
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: I61ee8e19e783437dce7a9ddd666cd60e9d22a2e1
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
bootstrap-salt.sh now has arm64 support [1], so drop our obsoleted
workaround.
JIRA: ARMBAND-399
[1] https://github.com/saltstack/salt-bootstrap/pull/1251
Change-Id: I8b06520b2c41564ed2eda338e7633ce1637bb866
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Configure barbican for cinder-volumes and nova-compute
to use encrypted volumes
Disable default glance image signature verification with
barbican enabled
JIRA: FUNCTEST-981
Change-Id: I35660234526780a2277e459f3fa21a67d96ce7d7
Signed-off-by: Delia Popescu <delia.popescu@enea.com>
|
|
Rebase patch on top of upstream commit [1].
[1] https://github.com/salt-formulas/salt-formula-linux/commit/45cf452d
Change-Id: Id44eab58150ff69140f630352a299633cdb4f4ac
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: Iad2502e876600ba966a38f2df3e71bd579f80e8f
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
https://github.com/salt-formulas/salt-formula-linux/commit/f27f436
Change-Id: I9662dcff23c363430b6a04808f4e03617a10c160
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Since we switched all scenarios to using only global gateway settings
instead of per-interface routes, drop the obsolete patch for OVS
ports with explicit routes.
Change-Id: Ibd28849437b598add9847c991e0276b4d0fc505e
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Obsolete our out of tree patch in favor of upstream mechanisms for
creating fabrics/VLANs/subnets.
Change-Id: I57d6d59764a825b428f423d48c5d90af7f2e676f
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: I1e1490f4d0a0bee2783450c6369d7ab6c45b193f
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: Ida4cf736dfe60886384e7e180d3e43faf811bd58
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
JIRA: FUEL-364
Change-Id: I891514f85cf694509003a3b0a6f3568524d0a461
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
- noha: 'accept_policy: open_mode' to align with ha scenarios;
- s/cmp01/cmp001/g to align all scenarios and allow code reuse;
- rename network params: s/dhcp/mcpcontrol/g, cleanup;
- computes XDF data: drop 'opnfv_*' layer of params, cleanup;
- local vPDF: add comments with default roles by node index;
- parameterize all netmasks;
- drop unused address/netmask for 'proto: manual' interfaces;
- virsh_net: cleanup definitions, remove hardcodes, align IP on
jumpserver and DHCP range with MaaS for pxebr;
- maas: parameterize hardcoded '/24' cidr for PXE/admin, refactor
maas.region.machines parameterization;
- merge <all-mcp-arch-common/infra/config_*pdf.yaml.j2> templates;
- move reclass.storage definitions of compute nodes to common dir;
- drop 'openstack_compute_*' reclass params in favor of expanding
them via j2 directly in reclass.storage params;
- adopt `nm.cluster.has_*_nodes` where possible;
- obsolete `runtime.yml` from reclass model;
- refactor arch-specific reclass param selection;
- remove unused defaults in favor of mandatory IDF properties;
- noha: prepare for baremetal node support in cinder_lvm_devices;
- interfaces: add interface_mtu and 'noifupdown: true' everywhere;
- interfaces: use j2 macros to generate eth/vlan config;
- states cleanup: remove DHCP route disable workaround on prx/cmp;
- allow configuring NTP servers via:
`idf.fuel.network.ntp_strata_host{1,2}`;
- ovs_bridge: Allow setting gateway, dns-nameservers
- apache: Adjust module list for novcp class inheritance;
- glusterfs PPA: pin with same prio of MCP repos for novcp scenario;
JIRA: FUEL-319
JIRA: FUEL-326
JIRA: FUEL-337
Change-Id: Ia6ad64ba8cade85a75fb22c9a2505decc3834360
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: I0db7b9ee5af77f9e2d580c4ace9fa7d7f17c8d85
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Rebased on top of [1].
[1] https://github.com/salt-formulas/salt-formula-linux/commit/9f30456
Change-Id: Iad5aef674c47d622a94d1c21cae3f46fbb3c52d8
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Rebase on top of [1].
[1] https://github.com/salt-formulas/salt-formula-linux/commit/6f5e69e
Change-Id: Ic34bb9c1fad8778262f2e876c91667e903d143bf
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Sync our patch with upstream PR [1].
[1] https://github.com/salt-formulas/salt-formula-linux/pull/138
Change-Id: If3a51d3aef51accee0901c59e1342b42dbe4be4b
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: I0c8f87bad0fbe55684bd43547674ed91a31f39f8
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: Iad2a27d059b43ed14fb70bdee01b3db29613615b
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Upstream refactored maas/regions.sls to introduce kitchen tests in
[1], rebase our patches on top of it.
[1] https://github.com/salt-formulas/salt-formula-maas/commit/8a0d52e
Change-Id: I491fb2e05679ebc226a27141e685d429e0ff8bcc
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
- reduce download size/time for MaaS images by downloading only the
subarch images we use;
- fix stop condition in MaaS artifact download script;
- stop importing images before updating the boot resources to prevent
race conditions;
Change-Id: I3b15fae3463bc6c54be2cc06e0cb31edcbd307cb
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Instead of leaving MaaS default to 'amd64', explicitly set the list
of architectures to support based on PDF data.
Change-Id: I852a3ce156db3df0c090f10c0b45c26058dbb6c6
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
This reverts commit c7dff6e1ae6444f60d3fe20b1f495609c7980051.
The patch has been merged into upstream.
Change-Id: Idf768b9b94b3498994601d50feeeef008430ba27
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Upstream PR [1] should fix recently introduced issues with nginx
state for SSL-enabled sites.
[1] https://github.com/salt-formulas/salt-formula-nginx/pull/40
Change-Id: I52b5e4f51539e535249e0850f0b34c2801f4d74a
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Preseed Armband common repo-comp for Pike, so we get
the updated kernel & other packages from the start.
Requires upstream PR [1].
While at it, also handle related PR merged upstream [2] by
explicitly setting maas.region.subnets name via j2 instead of reclass
param expansion in name (allows us to drop the remaining chunk of the
fabric-from-CIDR patch we used to carry).
Note: opnfv_infra_maas_pxe_network_addres can now be dropped from
pod_config j2 template in Pharos Fuel installer adapter.
[1] https://github.com/salt-formulas/salt-formula-maas/pull/26
[2] https://github.com/salt-formulas/salt-formula-maas/pull/22
Change-Id: I356adb73b80f0f2d85db4ab060e804cb9a053862
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
- add `unless` clause;
- instead of adding a new boot sources, update the existing one,
assuming standard MaaS installation (always updates id '1');
Change-Id: I2db92a3b14d0588095c69545cbb6977ca109613e
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Select xenial image explicitly to avoid getting latest bionic one.
Change-Id: Iee872b8dd2ce309231829a0ad8e5a3cf1a75f796
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
* remove client patch (has been merged to upstream)
* websocket now is disabled by default
* purge deprecated/unneeded features (odl-mdsal-apidocs, odl-dlux-all)
Change-Id: Id247a3c74e66730049bfeafc4a5164aad0d9b662
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
To avoid race with interfaces initialization specify all
the ports that belong to a bridge in the config file.
Change-Id: Ie4f48e7a81d4659a0f43749cdd518dbeffe2e35f
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: I9a42e0373f551da9f5c968ae169e0eff1a58972e
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|