| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
- centos: Update qcow2 URL for aarch64 image after upstream refactored
its repository structure;
- saltstack: Update repo URLs after upstream archived Saltstack 2017.7
release artifacts due to recently discovered CVEs (which do not affect
us since we run Salt Master in a Docker container without exposing its
ports to the public network);
Change-Id: I022ba0739386734eec931c35bad51805a61b964d
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
arm64 kernels use a different kernel option (kpti=off vs nopti) to
disable PTI, so sync the two platform configurations.
Conveniently, this also bypasses kernel 4.15 issues described in [1],
so apply the kernel option customisation via MaaS too, to allow aarch64
deployments to bootstrap using 4.15 kernel (with the downside of these
args being duplicated by Salt later in HA scenarios).
PTI is now disabled for baremetal nodes (via MaaS, no matter the
scenario) and/or for kvm/cmp hosts (in HA scenarios only).
While at it, install missing thin provisioning tools in aarch64
bootstrap image for MaaS deploy stage to succeed.
[1] https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1857074
Change-Id: Ibd1f57f24abc690b0f13b6298f25d7e8a1af1567
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Pin salt-formula-nfs to a commit before 'mount.opts' was introduced.
Adapt salt-formula-maas bits for MaaS 2.4 (shipped by default in
Bionic) compatibility.
Change-Id: I42f436203d3fbdb777d6b3eff9ac185240088742
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
hwe-18.04, currently based on 5.3 kernel in Bionic, has issues on both
x86_64 and aarch64 nodes, so use ga-18.04, currently based on 4.15.
If MCP_KERNEL_VER is set (currently pinned to 5.0), the ga-18.04 kernel
is replaced by the specified version after the MaaS commissioning,
initial MaaS deployment.
Change-Id: Ibe8e27217025290c1263f8dca9496b2cde24368c
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Ubuntu kernel meta packages are all broken on at least one platform
architecture, so pin the kernel version to 5.0.0-37, which is known to
be stable.
Make the kernel version configurable via a new enviroment variable,
MCP_KERNEL_VER in globals.sh. If not defined, the ga-18.04 kernel is
left unchanged (based on upstream kernel 4.15), except for baremetal
nodes providioned by MaaS which currently use the HWE kernel (based on
5.3 in Bionic).
Change-Id: I648d09b22f6080efd2bce26b6a06fecc3f6b4599
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
We currently do not configure linux:network:resolv:dns via reclass
pillar data, so we don't actually enforce the public DNS set in
the IDF file, but instead leave it to the OS to figure it out, which
most of the time works fine, but it's not completely reliable.
Change that behavior to instead enforce it via linux.network.resolv
state across all cluster nodes.
Change-Id: I4f82315a473fcbdc8573380cfcac1e30b44c3dd4
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
On some aarch64 platforms (e.g. ThunderX 1), lvcreate manifests some
spurious timing issues resulting in incomplete/corrupted LVM thin
creation and eventually to transaction ID mismatch between userspace
and kernel space.
This eventually leads to cinder-volume issues, either when creating
the thin storage pool (vgroot-pool) and/or when creating the LVs
inside said pool.
The issue manifests spuriously on Ubuntu Bionic + UCA, so until a
working combination of userspace/kernel is found, work around this
by bumping the kernel package to hwe-18.04 (kernel 5.0),
effectively bypassing the timing issues during volume creation.
This affects all cluster machines (both HA and NOHA scenarios,
baremetal and virtual, x86_64 and aarch64, baremetal and virtualized
nodes).
Note: Ubuntu Bionic cloud image partition handling requires e2fsprogs
1.43, not currently available on Ubuntu Xenial / CentOS 7.
Change-Id: I839e03080104c391fe18185b9544c9df43c114e6
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
On some aarch64 platforms (e.g. ThunderX), the DMI tables parsed by
lshw lead to wrong CPU capabilities detection, breaking our MaaS tag
filtering (which used to rely solely on CPU having asimd caps).
Extend the tag filtering condition to also include nodes that report
`cp15_barrier` platform capability. Note that not all aarch64 systems
include this cap explicitly (especially since it's been deprecated in
ARM v8), but it is currently reported by the platforms where asimd is
not properly detected.
This is merely a workaround for the broken lshw version in Ubuntu Bionic
(B.02.18).
Change-Id: I4a5c0d6af4d863d2ca094d6926a65ee90dee0e07
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
- refresh formula patches with new package names where necessary;
- switch to packagecloud.io repositories;
Change-Id: I1178a387891d34117c162380d8247eb7a4212359
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: If3f8cb6bfeedeb766a050d5a271b21c90bb3ba1c
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: Ib2b1525957929c39e4b602ad1b7f4fbfd16a375c
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: I06577fa93e895a7c5940dac41b4f9c24b455f455
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: I9c1e97144ffd46040d32a0edf8253fc393b73c89
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Optimized for LF-POD2 as nic assigned to private/dpdk interface
and pinned cores resides on numa #0. Core #11 is for DPDK,
the rest four cores for PMDs.
Change-Id: Icca701bc1a66f3672b8511e0245c82ca29788a8b
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
* update system reclass
* rectify telemetry redis options
Change-Id: I6dca1ae52e7f7d73a90e53fceddca8e86872651b
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: I791436f512dea6c6bc61133c4122ac872950af8e
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
- bump Pharos git submodule to allow PODs with fewer nodes;
- add `k8-calico-iec-noha` scenario definition for Akraino
IEC basic configuration;
- add `k8-calico-iec-vcp-noha` scenario definition for Akraino
IEC nested (virtualized control plane) configuration;
- add `akraino_iec` state, which will leverage the Akraino IEC
bootstrap scripts from [1];
- replace system.reboot salt call with cmd.run 'reboot' as it's more
reliable;
- use kernel 4.15 for AArch64 K8 IEC scenarios;
NOTE: These scenarios will not be released in OPNFV since don't rely
on Salt formulas but instead of Akraino IEC scripts to install K8s.
[1] https://gerrit.akraino.org/r/#/q/project:iec
Change-Id: I4e538e0563d724cd3fd5c4d462ddc22d0c739402
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
* add opendaylight password (removed from system level)
* get updated ovn system class w/o mysql settings
* enable ceilometer user back (removed along with outdated service/endpoints)
* adjsut check interval of haproxy for noha scenarios since there is
only one backend for services, i.e. failover ain't expected
Change-Id: Iedee290e1cfcf838998bd44dc09a729d143974ac
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: I745a838b1f2f294b6c455700509ddf4b0264446f
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
|
|
Previously, Salt Master CA mine was only sent once, during
salt.minion.ca state execution at cfg01 bringup / bootstrap.
This causes possible issues with:
- Salt Master container restart (mine data is lost);
- UNH Lab deployment (uknown rootcause, might be related to XFS and
overlay2 being used with Docker on CentOS);
To bypass this issue, make x509.get_pem_entries module send mine data
at the default mine interval (60 minutes).
Change-Id: I5f6334ae18f5af6cbe0a164791603b67f0a3668f
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
- replace mas01 VM with a Docker container;
- drop `mcpcontrol` virsh-managed network, including special handling
previously required for it across all scripts;
- drop infrastructure VMs handling from scripts, the only VMs we still
handle are cluster VMs for virtual and/or hybrid deployments;
- drop SSH server from mas01;
- stop running linux state on mas01, as all prerequisites are properly
handled durin Docker build or via entrypoint.sh - for completeness,
we still keep pillar data in sync with the actual contents of mas01
configuration, so running the state manually would still work;
- make port 5240 available on the jumpserver for MaaS dashboard access;
- docs: update diagrams and text to reflect the new changes;
Change-Id: I6d9424995e9a90c530fd7577edf401d552bab929
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Previously, Ubuntu ignored the VPP pinning with:
N: Ignoring file 'fdio.ubuntu' in directory '/etc/apt/preferences.d/'
as it has an invalid filename extension
Change-Id: I5ee60c1715bea3b4180b55125dc72962a70c2754
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
VPP 18.10 has a weird bug triggered by certain packets, e.g. from
inside a guest VM on a compute node, these behave differently:
$ udhcpc -x hostname:1234567890123456789012 # works
$ udhcpc -x hostname:12345678901234567890123 # confuses VPP on gtw01
To avoid this bug, pin VPP to the previous release, which does not
exhibit the issue.
Change-Id: I8c1e085731909d4b9296e8b09608887a4b5bfdd6
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: I0e56261fc2fc2a0a3f164531c72d88f7c46f5ca1
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
- cmp, gtw: bump RAM allocation to accomodate hugepages/VPP;
for now we overcommit, gtw01 resources can probably be lowered;
- submodule: add salt-formula-neutron so we can locally patch it;
- repo:
* FD.IO repos for VPP packages;
* networking-vpp PPA for python-networking-vpp Neutron driver;
- use vpp-router for L3, disable neutron-l3-agent;
- baremetal_init: apply repo config before network (otherwise UCA
repo is missing when trying to install DPDK on baremetal nodes);
- arm64: iommu.passthrough=1 is required on ThunderX for VPP on
newer kernels;
Design quirks:
- vpp service runs as 'neutron' user, which does not exist at the
time VPP is installed and initially started, hence the need to
restart it before starting the vpp-agent service;
- gtw01 node has DPDK, yet to configure it via IDF we use the
compute-specific OVS-targeted parameters like
`compute_ovs_dpdk_socket_mem`, which is a bit misleading;
- vpp-agent requires ml2_conf.ini on ALL compute AND network nodes
to parse per-node physnet-to-real interface names;
- vpp process is bound to core '1' (not parameterized via IDF);
Change-Id: I659f7dbebcab7b154e7b1fb829cd7159b4372ec8
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
On AArch64, 1G hugepages need to be enabled via kernel cmdline
before mounting hugetlbfs [1].
Leverage MaaS tags to apply custom kernel args to AArch64 nodes.
[1] https://wiki.debian.org/Hugepages
Change-Id: Ie68ddf805836ee62f725019b0b873082b1d40948
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Factor out armband repository component name based on
openstack_version parameter. However, since 'rocky-armband' repo
is not available yet, reuse the 'queens-armband' on.
Change-Id: Ibd17808059542ace14724776f8686fc2afd9de6a
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: I88f28370180278c4b32599b83eebbb0ee005c936
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Sync our reclass pillar data for mas01's iptables with latest formula
changes [1].
[1] https://github.com/salt-formulas/salt-formula-iptables/commit/e353ce3c
Change-Id: I66b2a75066ed512ab5ab4cc213d13d15c5c8cc7f
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
JIRA: FUEL-364
Change-Id: Ia470fc8103713e7a06cd9647675b0edfb4342bf8
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
JIRA: FUEL-336
Change-Id: I1c8d22b8322f700eb727d9077035ba4c9f9f9753
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
intel-pod18 has different network interfaces on its compute nodes,
requiring support for per-node PXE/admin NIC name override, instead
of assumming all computes use the same NIC naming.
Change-Id: I2b2e5ec6745601576ead898370241b743c963e3d
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
IPv6 has been enabled back by commenting out the
cis-3-3-3 yaml/class source in linux service reclass.
Change-Id: Ia8f4e2ddbb98f9316e6ce5136badbb14ecb277c5
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
|
|
Some nodes did not rely on the _param:pxe_admin_address internal
reclass param, although all of them do have an IP address in the
PXE/admin network segment.
Ensure all nodes define this param, so we can query all nodes with:
$ salt '*' pillar.item _param:pxe_admin_address
JIRA: FUEL-394
Change-Id: I7575934752c8b459c52af8a8c98c2b0327756428
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
|
|
JIRA: FUEL-378
Change-Id: I00832d697d83c374628fa9d759c125e0b6ca64cf
Signed-off-by: Guillermo Herrero <guillermo.herrero@enea.com>
|
|
Workaround issues like [1]. Requires bumping formulas for
salt-formula-salt support of tcp_keepalive_* params.
[1] https://github.com/saltstack/salt/issues/38157
Change-Id: I7093437fb696809f73a24b10144c6321d0f1be32
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
JIRA: FUEL-392
Change-Id: Ia21840c7561a14a5eeed3d08bf89eb2dbf9acc3a
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
|
|
Upstream reclass.system introduced a regression for us in [1].
[1] https://github.com/Mirantis/reclass-system-salt-model/commit/99490e7d
Change-Id: I5cedcbb5c528a8bf59b4f917b422ed433d2ceea3
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
`virtual_init` state file tries to ping all FN VMs, but that won't
work on hybrid PODs since all FN VMs but mas01 require MaaS DHCP to
be already configured (i.e. FN VMs in question will be reset after
mas01 is fully configured).
Limit virtual node queries in `virtual_init` to mas01 VM, as the rest
of FN VMs will be handled via `baremetal_init` state.
While at it, move _param:apt_mk_version def to common reclass to
avoid an undef reference in NOHA hybrid deployments; set MCP_VCP to
0 for non-HA scenarios.
JIRA: FUEL-385
Change-Id: I582bca6864e9bfed23baf26f9b66e6e95e986c58
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Include class disabling IPv6 first, so our override is last.
Change-Id: I91f8cb48ab2eaef54eb98705fc97ab9910c3666f
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
IPv6 has been disabled recently by default to reduce the attack
surface of the system, however MaaS rackd service relies on other
libraries that require an INET6 socket by design.
Change-Id: I6c633e9790e75d53437f400790d0e528f0a792b3
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: I55a3c10f275079b11b7456b28a2c846cb33c204a
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Drop duplicate maas:machines definitions which could cause conflicts
in rare corner cases.
Slightly refactor j2 template expansion to make `conf.virtual.nodes`
available during first stage.
Change-Id: I04d56e346b12c6eb97da5c0c0ab1e3446e5fc1b8
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
* Refactor OPNFV salt-formulas mechanism to resemble upstream git
structure:
- git submodules: add new submodule for each formula we patch;
- create salt-formula-x directories for OPNFV formulas;
- move mcp/metadata/service contents to their each formula subdir;
- use `make patches-import` for patches previously handled by
patch.sh;
- retire patch.sh
* states: add virtual_init:
- mostly based on old salt.sh, which is now obsolete;
- exclude salt-master service restart (it would kill the container);
* scenarios: cleanup (rm cfg01 virtual node def), adopt virtual_init;
* reclass: align our model with prebuilt container's Salt config:
- drop linux:network pillar data (handled by Docker);
- stop applying linux.system state on cfg01;
- align salt user homedir;
- drop salt-formula packages (preprovisioned);
* minor plumbing in deploy.sh and lib.sh;
JIRA: FUEL-383
Change-Id: I28708a9b399d3f19012212c71966ebda9d6fc0ac
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: I493fd49cb2b4bcd976873cd9297de3f90a74acf1
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
While at it, move openstack_version param to the common include dir.
JIRA: FUEL-382
Change-Id: I5e7ebb18a95672f066126d3afd28f13395a3149f
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
Alexandru Avadanii
Michael Polenchuk
Guillermo Herrero