| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Change-Id: If0d2c175bb8786a8c509619988c353b66da85b62
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
|
|
arm64 kernels use a different kernel option (kpti=off vs nopti) to
disable PTI, so sync the two platform configurations.
Conveniently, this also bypasses kernel 4.15 issues described in [1],
so apply the kernel option customisation via MaaS too, to allow aarch64
deployments to bootstrap using 4.15 kernel (with the downside of these
args being duplicated by Salt later in HA scenarios).
PTI is now disabled for baremetal nodes (via MaaS, no matter the
scenario) and/or for kvm/cmp hosts (in HA scenarios only).
While at it, install missing thin provisioning tools in aarch64
bootstrap image for MaaS deploy stage to succeed.
[1] https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1857074
Change-Id: Ibd1f57f24abc690b0f13b6298f25d7e8a1af1567
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
When more than one node enters a failure state during a deploy attempt,
we recover the first one and issue another deploy request; avoid raising
an exception for the second node (which is not in 'Ready' state either),
allowing the retries to continue.
Change-Id: I4a3e037e78b5c48aebf6e700115c0bbf848c7cd5
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: I4fd461c0ea861d541ab001431c9e2f21cfaea1b4
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
|
|
When installing a custom kernel, purge the generic linux-image/headers
packages too to avoid dependency conflicts.
Change-Id: I4108350643fb97845decf48b9a281c471dad2a82
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Pin salt-formula-nfs to a commit before 'mount.opts' was introduced.
Adapt salt-formula-maas bits for MaaS 2.4 (shipped by default in
Bionic) compatibility.
Change-Id: I42f436203d3fbdb777d6b3eff9ac185240088742
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Python2.7 is deprecated and packages are starting to enforce py3
usage (e.g. dockermake recently started supporting only 3.6).
Switch pipenv to python3, but allow pyhton3.5 by pinning dockermake
to v0.8 since Ubuntu Xenial does not have python3.6 easily available.
While at it, switch deploy tooling (PDF/IDF configuration parsing)
from python2 to pyhton3 too and fix some jumphost package requirements.
Change-Id: Id66d08d0f51a1bc35c1d78c1956df832a5536bde
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Ubuntu kernel meta packages are all broken on at least one platform
architecture, so pin the kernel version to 5.0.0-37, which is known to
be stable.
Make the kernel version configurable via a new enviroment variable,
MCP_KERNEL_VER in globals.sh. If not defined, the ga-18.04 kernel is
left unchanged (based on upstream kernel 4.15), except for baremetal
nodes providioned by MaaS which currently use the HWE kernel (based on
5.3 in Bionic).
Change-Id: I648d09b22f6080efd2bce26b6a06fecc3f6b4599
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
- ha, noha: Fix misaligned python 3 requirement for Horizon:
* python3-pylibmc
- ha, noha: Partially revert commit 63b712d:
"[Horizon] Drop the obsolete Horizon workaround"
Since we switched back from MCP Horizon package to UCA,
fix misaligned expected static resources location.
- noha: Enable nginx proxy on ctl01 node for serving the Horizon
dashboard at http://<cluster public VIP>:80 (http only, no SSL).
Change-Id: I5f930a5826a818791183d3910aa0e5607924e8f3
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
- refresh formula patches with new package names where necessary;
- switch to packagecloud.io repositories;
Change-Id: I1178a387891d34117c162380d8247eb7a4212359
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: If3f8cb6bfeedeb766a050d5a271b21c90bb3ba1c
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
With DPDK 18.11 the vhost owner/perm options have to be removed
since libvirt creates the server side of the socket and OVS
connects to it using DPDK as a client.
Change-Id: Ic33de66dcc0830cd31fc54880c524f850e2c4ea1
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: Ib2b1525957929c39e4b602ad1b7f4fbfd16a375c
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: I9c1e97144ffd46040d32a0edf8253fc393b73c89
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
- reclass: iec: CentOS compatibility changes:
* drop `proto: static` in favor of letting the linux formula set
the appropiate default based on target OS;
* replace `proto: manual` with `proto: none` on RHEL systems;
* system.file: Avoid using non-existing `shadow` group for system
files;
* load br_netfilter kernel module to avoid `linux.network` state
failures;
* disable `at`, `cron` due to incomplete defaults in
salt-formula-linux (since we don't use them on iec nodes anyway);
- jumpserver/VCP VMs: centos: enable predictable interface names:
* CentOS cloud image defaults to old 'eth' naming scheme;
* add necessary kernel boot options via linux state;
* cleanup auto-generated udev rules for old eth interface names;
- salt-formula-linux: network: RHEL: Set bridge for member interfaces
* Find the bridge containing the interface being currently
configured (if any) and pass it to the `network.managed` Salt call;
- deploy.sh: Add new deploy argument `-o` for specifying the operating
system to preinstall on jumpserver and/or VCP VMs;
* defaults to 'ubuntu1604';
* only iec scenarios will also support 'centos' for now;
- user-data: minor tweaks for CentOS compatability:
* use `systemctl` instead of `service` utility;
* explicitly enable `salt-minion` service, since it defaults to
disabled on RHEL systems;
* explicitly call `ldconfig` to work around stale cache on RHEL,
preventing `salt-minion` from using OpenSSL library;
- states: virtual_init: Skip non-existing sysctl options on CentOS:
* CentOS currently uses a 3.x kernel which lacks certain sysctl
options that were only introduced in 4.x kernels, so skip them;
- state: akraino_iec: Add centos support:
* move iec repo to `/var/lib/akraino/iec` on both Salt Master and
cluster nodes;
- scenario defaults: Add CentOS configuration:
* OS-dependent configuration split;
* CentOS base image, default packages etc.;
- AArch64 deploy requirements: Add `xz` dependency
* CentOS AArch64 cloud image is archived using xz, install xz tools
for decompression;
- xdf_data: Make yaml parsing OS agnostic:
* rename `apt` to `repo` where appropiate;
* OS-dependent configuration parsing;
- lib_jump_deploy: CentOS handling changes:
* skip filesystem resize of cloud image for CentOS;
* add repo handling, package intallation/removal handling for CentOS;
* unxz base image if necessary (CentOS AArch64 cloud image);
Change-Id: Ic3538bacd53198701ff4ef77db62218eabc662e7
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
To avoid ports conflict of nginx/apache disable unused apache's
status module, which is binded on 80 port by default.
Also remove patch with double locations content
(formula already has such configuration).
JIRA: FUEL-408
Change-Id: Ib06dac8abe36299cf77747bdb3fc0fe7216b6096
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Starting with MCP 2019.2, Horizon was moved under haproxy in
Active/Active mode by default via upstream changes:
- Adding haproxy class for horizon [1];
- Cleanup nginx horizon sites by default [2];
This change re-enables the old behavior where Horizon is served by
nginx instead of haproxy.
While at it, fix missing support in salt-formula-apache for wsgi
`locations`, so Horizon dashboard can access '/static' resources
(e.g. CSS/images).
JIRA: FUEL-408
[1] https://github.com/Mirantis/reclass-system-salt-model/commit/81c4c21a
[2] https://github.com/Mirantis/reclass-system-salt-model/commit/a3b38f46
Change-Id: I9b35d5d0ce4e0b53dae808c2620a31ca80290b55
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Hugepage count has been recently bumped for virtual PODs via IDF
changes in Pharos, so align our FDio scenarios with the new RAM
requirements.
While at it, fix wrong pod_config template evaluation by moving it
after the templated scenario files are expanded, since pod_config
relies on scenario node definition.
Also, configure VPP to use decimal interface names by default to
align with Pharos macro for the VPP interface name string.
Change-Id: Ib3a89c294a3a2755567fdbe07e3be2b8ca1a5714
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
The per port model potentially requires an increase in memory
resource requirements (which is limited by labs) to support the
same number of ports and configuration as the shared port model.
Set linux:network:openvswitch:per_port_memory explicitly to true
to enable per port mempools support for DPDK devices.
Change-Id: I130885afc50e7a047f8835113d370840827ad718
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
The per port memory model provides a more transparent memory usage model
and avoids pool exhaustion due to competing memory requirements for
interfaces. (http://docs.openvswitch.org/en/latest/topics/dpdk/memory/)
Change-Id: I5add0f49cdcdf2fc3d24affee10a275abe3ca46a
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
After Rocky support was added upstream to salt-formula-neutron, our
FDIO patch continued to be applied only for Queens, so refresh the
patch by switching to Rocky.
Change-Id: If0bbb9c4ec674d386ceade00ef8fe936482fb49c
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Also re-align resources for virtual scenarios.
Change-Id: Id0d55407fd5b1720a24e30c364219f8b08e89d06
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: I7709c9ca9e701b656447154919eb084a710f49af
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Fix broken systemd service unit dependecies:
- OVS should start before networking service;
- OVS ports & bridges should not be automatically ifup-ed by
networking service to avoid races, so drop 'auto' for both
(OVS ports are automatically handled when part of an OVS bridge);
- explicitly ifup OVS bridges as part of networking service, but
after all Linux interfaces have been handled;
- use 'allow-ovs br-prv' to let OVS handle br-prv and avoid another
race condition;
While at it, fix some other related issues:
- make OVS service start after DPDK service (if present);
- bump OVS-DPDK compute VMs RAM since since switching from MTU 1500
to jumbo frames for virtual PODs a while ago failed to do so [1];
- avoid creating conflicting reclass linux.network.interfaces entries
for OVS ports by using their name (drop 'ovs_port_' prefix):
* for untagged networks they will override existing common defs;
* for tagged networks, they will create separate entries;
- DPDK scenarios: make gtw01 br-prv members OVS ports to avoid race
conditions after node reboot by letting OVS handle them;
[1] https://developers.redhat.com/blog/2018/03/16/\
ovs-dpdk-hugepage-memory/
Change-Id: I0266ba67f3849b6f7e331a758146b331730bae55
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
The ovs port remains in down state after reboot if "auto" is off.
Also turn off no_wait option for odl-noha scenarios.
Change-Id: I0121b3190869528e5f2e9985f9e9299ac6c6724e
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: I74c1c85310e2012e664764b6129fc4a52faaf106
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
* patch is merged into oslo-templates
* rocky repo key name is made as for others
* jinja package is updated to fix incorrect quoted value
[https://github.com/saltstack/salt/issues/46594]
Change-Id: Ia6359cf89579b4d892ae40c4d087168edcd86ebb
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
|
|
MCP repos no longer publish arm64 metadata, so drop our patch that
selected arm64 metadata on arm64 systems.
Instead, let it default to 'deb [arch=amd64]', which will allow
arm64 systems to fetch amd64 metadata and inherintely fetch all
arch-independent packages from the same repos.
While at it, switch to 'rocky-armband' repos on arm64 systems.
Change-Id: I07fda895f5162bfa576c62336cbb4d74e985f37a
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Handle noifupdown option for all cmd.run states
with explicit ifup call as well.
Change-Id: Ie855a0810bcfe4a856cf9d29bd0755643d71ff4d
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
- cmp, gtw: bump RAM allocation to accomodate hugepages/VPP;
for now we overcommit, gtw01 resources can probably be lowered;
- submodule: add salt-formula-neutron so we can locally patch it;
- repo:
* FD.IO repos for VPP packages;
* networking-vpp PPA for python-networking-vpp Neutron driver;
- use vpp-router for L3, disable neutron-l3-agent;
- baremetal_init: apply repo config before network (otherwise UCA
repo is missing when trying to install DPDK on baremetal nodes);
- arm64: iommu.passthrough=1 is required on ThunderX for VPP on
newer kernels;
Design quirks:
- vpp service runs as 'neutron' user, which does not exist at the
time VPP is installed and initially started, hence the need to
restart it before starting the vpp-agent service;
- gtw01 node has DPDK, yet to configure it via IDF we use the
compute-specific OVS-targeted parameters like
`compute_ovs_dpdk_socket_mem`, which is a bit misleading;
- vpp-agent requires ml2_conf.ini on ALL compute AND network nodes
to parse per-node physnet-to-real interface names;
- vpp process is bound to core '1' (not parameterized via IDF);
Change-Id: I659f7dbebcab7b154e7b1fb829cd7159b4372ec8
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
On AArch64, 1G hugepages need to be enabled via kernel cmdline
before mounting hugetlbfs [1].
Leverage MaaS tags to apply custom kernel args to AArch64 nodes.
[1] https://wiki.debian.org/Hugepages
Change-Id: Ie68ddf805836ee62f725019b0b873082b1d40948
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
`make patches-export` trims trailing whitespace from patch file,
bring it back to prevent issues with `patches-import`.
Change-Id: Ie9fe31f4480164ce19d3ccd47c2050e28382410a
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
This commit should be reverted once original formulas
get required support of rocky version.
Change-Id: Ia3458381bced0cae8dbfacc9781c90933ad5c822
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
JIRA: FUEL-364
Change-Id: Ia470fc8103713e7a06cd9647675b0edfb4342bf8
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
JIRA: FUEL-336
Change-Id: I1c8d22b8322f700eb727d9077035ba4c9f9f9753
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
For x86_64, the Saltstack bootstrapping scripts fetch a custom build
of `python-tornado` DEB package, which being arch-specific won't be
picked up on AArch64 (and a similar version from Ubuntu Xenial repos
will be used instead).
Although the Ubuntu package works just fine, it lacks a hard
dependency on `python-futures`, which became mandatory in Salt
2017.7.8, see [1].
Explicitly install `python-futures` inside cfg01 Docker container
during build, which will be a no-op on x86_64 and fix the issue on
AArch64.
[1] https://github.com/saltstack/salt/issues/50220
Change-Id: Ie4aad064572788c0852aaf398f21437b456becbe
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
While at it, fix emoji issues with latest virtualenv [1].
JIRA: FUEL-398
[1] https://github.com/pypa/pipenv/issues/3223
Change-Id: Ice5937222bf75c1ddadc6b9f1994635bc10faf57
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
|
|
Workaround broken configuration default option in `reclass` [1].
[1] https://github.com/salt-formulas/reclass/issues/77
Change-Id: I8a6e1d9fcd20f32e2c9edff59f6b538dc94008fb
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
* bump salt-formula-maas git submodule;
* sync AArch64 initial salt config with the x86_64 default config;
* bump Pharos git submodule to sync `power_pass` MaaS configuration
paramater naming;
Change-Id: Ic59dd8becb6d83a9e67004c38d51681c88c4be7c
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Also disable transparent hugepages on telemetry hosted nodes
to avoid latency and memory usage issues with Redis.
Change-Id: I3c7a0be6edbc51141f5d79d7368583afacef9025
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
- s/Fuel@OPNFV/OPNFV Fuel/g;
- added README files for ci/scenarios/patches directories;
- refresh & simplify cluster overview diagrams;
- unify labels across docs;
- fix TOC numbering;
- remove local labs PDF/IDF files, as they are merely duplicates of
Pharos files included as a git submodule;
JIRA: FUEL-397
Change-Id: I87f61938eeb67f13fd9205d5226a30f02e55d267
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
By default castellan key manager gets public endpoint of barbican
service which isn't preferable in terms of cluster ops, so specify
internal endpoint explicitly.
Change-Id: Ie686ceb936132143743af18fcb4960ea15a8b93c
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: Idf8b4b42dcc68bc55debaac9a8b5f1ca6b5b398e
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
IPv6 has been enabled back by commenting out the
cis-3-3-3 yaml/class source in linux service reclass.
Change-Id: Ia8f4e2ddbb98f9316e6ce5136badbb14ecb277c5
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: Id75fbee34a6cfc6e7fc60df053cccaaff21cb15a
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: Id2f93d0274b102a5eef5271a6d15cb91428d7a0c
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
Alexandru Avadanii
Michael Polenchuk