| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Configure barbican for cinder-volumes and nova-compute
to use encrypted volumes
Disable default glance image signature verification with
barbican enabled
JIRA: FUNCTEST-981
Change-Id: I35660234526780a2277e459f3fa21a67d96ce7d7
Signed-off-by: Delia Popescu <delia.popescu@enea.com>
|
|
Rebase patch on top of upstream commit [1].
[1] https://github.com/salt-formulas/salt-formula-linux/commit/45cf452d
Change-Id: Id44eab58150ff69140f630352a299633cdb4f4ac
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: Iad2502e876600ba966a38f2df3e71bd579f80e8f
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
https://github.com/salt-formulas/salt-formula-linux/commit/f27f436
Change-Id: I9662dcff23c363430b6a04808f4e03617a10c160
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Since we switched all scenarios to using only global gateway settings
instead of per-interface routes, drop the obsolete patch for OVS
ports with explicit routes.
Change-Id: Ibd28849437b598add9847c991e0276b4d0fc505e
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Obsolete our out of tree patch in favor of upstream mechanisms for
creating fabrics/VLANs/subnets.
Change-Id: I57d6d59764a825b428f423d48c5d90af7f2e676f
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: I1e1490f4d0a0bee2783450c6369d7ab6c45b193f
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: Ida4cf736dfe60886384e7e180d3e43faf811bd58
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
JIRA: FUEL-364
Change-Id: I891514f85cf694509003a3b0a6f3568524d0a461
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
- noha: 'accept_policy: open_mode' to align with ha scenarios;
- s/cmp01/cmp001/g to align all scenarios and allow code reuse;
- rename network params: s/dhcp/mcpcontrol/g, cleanup;
- computes XDF data: drop 'opnfv_*' layer of params, cleanup;
- local vPDF: add comments with default roles by node index;
- parameterize all netmasks;
- drop unused address/netmask for 'proto: manual' interfaces;
- virsh_net: cleanup definitions, remove hardcodes, align IP on
jumpserver and DHCP range with MaaS for pxebr;
- maas: parameterize hardcoded '/24' cidr for PXE/admin, refactor
maas.region.machines parameterization;
- merge <all-mcp-arch-common/infra/config_*pdf.yaml.j2> templates;
- move reclass.storage definitions of compute nodes to common dir;
- drop 'openstack_compute_*' reclass params in favor of expanding
them via j2 directly in reclass.storage params;
- adopt `nm.cluster.has_*_nodes` where possible;
- obsolete `runtime.yml` from reclass model;
- refactor arch-specific reclass param selection;
- remove unused defaults in favor of mandatory IDF properties;
- noha: prepare for baremetal node support in cinder_lvm_devices;
- interfaces: add interface_mtu and 'noifupdown: true' everywhere;
- interfaces: use j2 macros to generate eth/vlan config;
- states cleanup: remove DHCP route disable workaround on prx/cmp;
- allow configuring NTP servers via:
`idf.fuel.network.ntp_strata_host{1,2}`;
- ovs_bridge: Allow setting gateway, dns-nameservers
- apache: Adjust module list for novcp class inheritance;
- glusterfs PPA: pin with same prio of MCP repos for novcp scenario;
JIRA: FUEL-319
JIRA: FUEL-326
JIRA: FUEL-337
Change-Id: Ia6ad64ba8cade85a75fb22c9a2505decc3834360
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: I0db7b9ee5af77f9e2d580c4ace9fa7d7f17c8d85
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Rebased on top of [1].
[1] https://github.com/salt-formulas/salt-formula-linux/commit/9f30456
Change-Id: Iad5aef674c47d622a94d1c21cae3f46fbb3c52d8
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Rebase on top of [1].
[1] https://github.com/salt-formulas/salt-formula-linux/commit/6f5e69e
Change-Id: Ic34bb9c1fad8778262f2e876c91667e903d143bf
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Sync our patch with upstream PR [1].
[1] https://github.com/salt-formulas/salt-formula-linux/pull/138
Change-Id: If3a51d3aef51accee0901c59e1342b42dbe4be4b
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: I0c8f87bad0fbe55684bd43547674ed91a31f39f8
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: Iad2a27d059b43ed14fb70bdee01b3db29613615b
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Upstream refactored maas/regions.sls to introduce kitchen tests in
[1], rebase our patches on top of it.
[1] https://github.com/salt-formulas/salt-formula-maas/commit/8a0d52e
Change-Id: I491fb2e05679ebc226a27141e685d429e0ff8bcc
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
- reduce download size/time for MaaS images by downloading only the
subarch images we use;
- fix stop condition in MaaS artifact download script;
- stop importing images before updating the boot resources to prevent
race conditions;
Change-Id: I3b15fae3463bc6c54be2cc06e0cb31edcbd307cb
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Instead of leaving MaaS default to 'amd64', explicitly set the list
of architectures to support based on PDF data.
Change-Id: I852a3ce156db3df0c090f10c0b45c26058dbb6c6
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
This reverts commit c7dff6e1ae6444f60d3fe20b1f495609c7980051.
The patch has been merged into upstream.
Change-Id: Idf768b9b94b3498994601d50feeeef008430ba27
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Upstream PR [1] should fix recently introduced issues with nginx
state for SSL-enabled sites.
[1] https://github.com/salt-formulas/salt-formula-nginx/pull/40
Change-Id: I52b5e4f51539e535249e0850f0b34c2801f4d74a
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Preseed Armband common repo-comp for Pike, so we get
the updated kernel & other packages from the start.
Requires upstream PR [1].
While at it, also handle related PR merged upstream [2] by
explicitly setting maas.region.subnets name via j2 instead of reclass
param expansion in name (allows us to drop the remaining chunk of the
fabric-from-CIDR patch we used to carry).
Note: opnfv_infra_maas_pxe_network_addres can now be dropped from
pod_config j2 template in Pharos Fuel installer adapter.
[1] https://github.com/salt-formulas/salt-formula-maas/pull/26
[2] https://github.com/salt-formulas/salt-formula-maas/pull/22
Change-Id: I356adb73b80f0f2d85db4ab060e804cb9a053862
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
- add `unless` clause;
- instead of adding a new boot sources, update the existing one,
assuming standard MaaS installation (always updates id '1');
Change-Id: I2db92a3b14d0588095c69545cbb6977ca109613e
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Select xenial image explicitly to avoid getting latest bionic one.
Change-Id: Iee872b8dd2ce309231829a0ad8e5a3cf1a75f796
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
* remove client patch (has been merged to upstream)
* websocket now is disabled by default
* purge deprecated/unneeded features (odl-mdsal-apidocs, odl-dlux-all)
Change-Id: Id247a3c74e66730049bfeafc4a5164aad0d9b662
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
To avoid race with interfaces initialization specify all
the ports that belong to a bridge in the config file.
Change-Id: Ie4f48e7a81d4659a0f43749cdd518dbeffe2e35f
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: I9a42e0373f551da9f5c968ae169e0eff1a58972e
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: Ia517b7cf1723a5afaf43cb0709716f3a67a29e9f
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Since we brought back NAT over MaaS PXE/admin, drop out-of-tree patch
that was only needed for full network isolation (no cross-talk
between public and admin).
Change-Id: I577b1116bbdcc19647b3c01fe6f2acb7bb9ce627
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
This prevents neutron ovs agent to re-create existing bridge which
might cause unpredictable/faulty state of network interfaces.
Change-Id: I289365e1dea7d178b5b72eb506f5c711f6d60199
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
|
|
|
|
Apply this patch if protocol is set to static to be
intended for the ip address settings action only.
Change-Id: I758340ff22376c01edd2a9a3555fe0fd9db3f4a9
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
This evironment variable is required by test suite to refer
to an attached volume (vdb is reserved for config drive).
JIRA: FUEL-353
Change-Id: I4f7c96b2344575fcd9b785e3c74b27ef4c4d64f8
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: I078e11219fb8dea4505c46e7f75c295c5a72c59b
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
While at it, drop patch now upstream.
JIRA: FUEL-348
Fixes: cf6cd9cd
Change-Id: Ieb4c93e9dc79a4e4dec140433574e042a1a6f2dc
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
- submodule: bump Pharos to pick up installer adapter support, as well
as IDF updates for Ericsson baremetal pod1;
- labs/local/virtual: Bump mgmt, public networks start addresses from
.1 to .10, similar to ericsson-pod1;
While at it, drop patch now upstream and instead adopt the new param
'neutron:server:root_helper_daemon'.
JIRA: FUEL-351
Change-Id: I9bc244a7fd8698861a390ed2b6a27804be46c285
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
- backport proposed fixup for ceilometer;
- remove 'ignore: all' from .gitmodules to make it easier to bump the
submodule;
- bump system submodule to upstream latest;
- drop patch merged upstream;
JIRA: FUEL-350
Change-Id: I68f232e0da5af368a1669a7379eedde5c4168b84
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
* class including order (default was used)
* disable root_helper_daemon (incompatible with UCA)
* turn off websocket for pseudo agent updates
Change-Id: I4d7971d393da184bdd55f65b4d3fd8d9e898543f
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: If7d51555bc13dbcaa63f93ab1993f3655e2ce643
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: I503c8ad32900406e1fa375cec9a91b454889d8bf
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: Icee56da3720f0926e42390965581639f6a344b77
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Now we explicitly add a LVM PV on /dev/sda{1,2} for Cinder storage,
so we can safely drop the patch disabling LVM volume filtering.
If we later move the PV to a different disk, we can just add the VG
and LV definitions to linux:storage via reclass, and Salt will skip
setting them up (as they're already created by MaaS), yet keep the
filtering sane.
While at it, fix 'nova_cpu_pinning' param expr; constructs based on
reclass interpolation (e.g. '${_param:x}') do not work when
parameters are passed via reclass.storage templating, so change
reclass interpolation syntax with classic YAML anchors.
Fixes: 672ae12
Change-Id: Ieb41635ddeb630543d7e4d1079f45d636d9a43af
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
- fix `route-br-ex` if-up.d script failing when route already exists
by adding a wrapper around distro's '/sbin/route' binary in
'/usr/local/sbin/route', exploiting default order in Ubuntu PATH;
- fix 'br-prv' duplicate entry in 'interfaces.d/ifcfg-br-prv' and
'interfaces' caused by upstream bug [1];
- add barrier waiting for all baremetal nodes online before attempting
reboot, trying to catch rare failures which are undetectable in logs
as both a succesful reboot and a disconneted minion report 'n/c';
With the above in place, networking service should no longer fail
to start on cmp nodes w/ DPDK.
[1] https://github.com/saltstack/salt/issues/40262
Change-Id: I6d4895376ce323c14c997e6c9af2ea3eeeee0184
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Maas uses a tftp library during commisioning which in turn uses another
library which tries to find the best packet size to use. For some reason
during commisioning the library uses smaller sizes than the
infrastructure can handle and therefore takes a lot of time to deploy.
JIRA: ARMBAND-351
Change-Id: I9b3083a059c04b118e8b7f0f2723af67d96d2aad
Signed-off-by: Charalampos Kominos <charalampos.kominos@enea.com>
|
|
- add Armband nightly/extra DEB repository;
- install forked and updated reclass 1.5.2 which includes:
* better error reporting;
* support for deleting existing keys during list interpolation;
* various other improvements and optimizations;
While at it, update copyright year for patches.
JIRA: FUEL-345
Change-Id: I00d8b625fe191648e7ea34b3dd4c8375691384e6
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Drop one questionable patch responsible for MaaS node authorized
keys to include mcp.rsa.pub by reading the contents of authorized
keys on mas01, assuming mcp.rsa.pub will be on the first line.
Instead, export the contents of the public key using a shell env
var during deploy, which gets expanded via maas_pdf j2 template
into a reclass param, leveraging existing salt-formula-maas sshprefs
mechanism for delivering the key to MaaS.
Since we require the public key to exist before expanding templates,
move `generate_ssh_key` call outside the current infrastructure
handling block, allowing it to execute during all `deploy.sh` calls,
even for dry-runs.
Change-Id: I0f53b0f764a2fafd292e0ffd399c284acf61bd30
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Add a new class of scenarios, based on existing baremetal HA
scenarios, but instead of having a virtualized control plane (VCP),
all Openstack controller services will run directly on the cluster
nodes.
This change adds the common scaffolding, as well as the OVS scenario.
The new scenario(s) can be used on full-baremetal clusters, soon on
full-virtual clusters and later on hybrid (virt + bare) clusters.
This change defines old (current) style scenario definitions for
both baremetal and virtual, both named:
- os-nosdn-nofeature-novcp-ha;
Prerequisites:
1. Merge-able by name reclass.storage.node definitions
Each cluster (e.g. database, telemetry) adds its own set of
reclass storage node defitions, which for novcp scenarios should
be merged into a single node (kvm) based on the 'name' property.
This is not currently supported by upstream reclass 'node.sls'
high state, so add support for it via an early patch (required
before salt-master-init.sh tries to handle reclass.storage).
2. common reclass classes for novcp
Some of the classes in `baremetal-...-common-ha` are not fit for
novcp as they define VCP-specific config/inheritance, so add new
versions of said classes with novcp in mind or adapt old classes:
- parameterize ctl hostname in `openstack_compute.yml`;
- new `openstack_control_novcp.yml`;
- new `openstack_init_novcp.yml`;
3. Handle hard set names in state files for baremetal nodes
Some of our state files (e.g. maas) hardcodes baremetal node names
to 'kvm', 'cmp', so we need to align the names in novcp scenario
with these values to re-use the maas state. As a future improvement
we should parameterize these names in all state files.
As a consequence, our baremetal controller nodes will also use
'kvm*' hostnames (instead of 'ctl*').
4. Add 'noifupdown' to all interfaces on kvm nodes to prevent duplicate
IPs/routes created at *any* ifup due to /etc/network/route-br-ex.
Patch salt-formula-linux to skip network restart on 'noifupdown',
also when routes are present on that interface.
JIRA: FUEL-310
Change-Id: Ic67778f63e5ee0334dbfe9547c7109ec1a938d61
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
- add new virsh managed network 'pxebr' (to mimic baremetal behavior
on virtual PODs, this will be the equivalent of PXE/admin network);
- connect 'pxebr' to 3rd interface for cfg01, mas01 for all deploys
(used to be baremetal-specific), replacing 'internal';
- keep 'mcpcontrol' connected only to 'cfg01' (+ 'mas01' if present)
for initial infrastructure bring-up (1st interface);
- switch all virtual cluster nodes to 'pxebr' (1st interface);
- use 'pxebr' for all Salt cluster nodes traffic, 'mcpcontrol' only
for mas01<=>cfg01 Salt traffic;
- convert <user-data.template> to jinja2 and expand it based on PDF
instead of using `envsubst`;
- split <user-data.sh.j2> into two versions, one for each network
used for Salt traffic;
- ci/deploy.sh: Read scenario data before template parsing for
cluster domain variable, needed in virsh network def;
- leave docs diagram refresh to later after all possible deploy types
have settled;
- limit keyserver proxy usage to nodes where the configured http proxy
matches the first nameserver (true for all MaaS-provisioned nodes),
so we can re-use the same pillar for FN VMs and baremetal nodes;
- add PXE/admin IP on cfg01's 3rd interface and switch other vnodes
`salt_master_host` to point to it;
JIRA: FUEL-322
Change-Id: Ie4f7aedddf2ef81046f1127b377d88dce79f0fda
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Based on Canonical research (https://goo.gl/QJykMa) there is
low-risk of attack for private clouds environments, therefore
turn off the related kernel patches & regain performance back.
Change-Id: I661fa127241e327b07d21a29d58d584997607123
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
Delia Popescu
Alexandru Avadanii
Michael Polenchuk
Charalampos Kominos