aboutsummaryrefslogtreecommitdiffstats
path: root/mcp/reclass/classes/cluster/baremetal-mcp-pike-common-ha/openstack_compute.yml
AgeCommit message (Collapse)AuthorFilesLines
2018-01-31Turn off Retpoline and KPTI protectionMichael Polenchuk1-0/+3
Based on Canonical research (https://goo.gl/QJykMa) there is low-risk of attack for private clouds environments, therefore turn off the related kernel patches & regain performance back. Change-Id: I661fa127241e327b07d21a29d58d584997607123 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-01-01[baremetal] MaaS: Enable HTTP proxyAlexandru Avadanii1-0/+1
Instead of using NAT on the mas01 node for all cluster node outgoing traffic, use the MaaS built-in proxy for APT traffic to leverage its caching capabilities too. Also enable the proxy for salt minions, so they can access public keyservers et al. Cleanup public DNS from kvm nodes, interferes with MaaS proxy. Add example config for global env proxy, but don't enable it: - default environment settings - /etc/environment (via reclass); The MaaS proxy will not be used (at least for now) on nodes: - cfg01; - mas01; NOTE: We can't yet drop the maas.pxe_nat state completely, as certain Openstack services are still accessed via public addresses from ctl nodes. JIRA: FUEL-317 JIRA: FUEL-318 Change-Id: I6c5f6872bb94afb838580571080e808bc262fc68 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-14[baremetal] Move VCP iface config to own ymlAlexandru Avadanii1-3/+0
- move linux.network.interface definitions to their own classes, which also removes the previous requirement of defining {dhcp,single}_nic parameters in classes that don't actually use them; - drop now useless {dhcp,single}_nic parameters; - expand linux_{dhcp,single}_interface macros, since they cause issues with reclass dict-merge while attempting to override sub-vars (i.e. it's not possible to set 'enabled: false' via reclass interpolation); JIRA: FUEL-310 Change-Id: I29d921f545e761de335a60e242a4523d13b06c78 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-14Return back repo with glusterfsMichael Polenchuk1-0/+2
Glusterfs 3.11 package from UCA repo has the bug#875651, which causes package instalation error due to timeout of glustereventsd service startup. Therefore get the latest version from PPA repo. Change-Id: Ia47d969e758c8689508dfd6b7fd2725514ea88c5 Co-Authored-By: Alexandru Avadanii <Alexandru.Avadanii@enea.com> Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-12-11Merge "[baremetal] cleanup: Parameterize VCP hostnames"Alexandru Avadanii1-3/+3
2017-12-11[baremetal] cleanup: Parameterize VCP hostnamesAlexandru Avadanii1-3/+3
We already define the hostnames in a central location (openstack_init), so use the reclass params instead of hardcodes. Also handle hardcoded hostnames in system.haproxy.proxy.listen and system.mongodb.server.cluster. This will also simplify later changes for novcp scenarios. JIRA: FUEL-310 Change-Id: I2a8b4cd1fcb61a7c63f9047123d985bb688dca0a Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2017-12-11Revert "Bring in newer glusterfs for mtime unsplit brain"Michael Polenchuk1-2/+0
Since the uca/pike repo has version of 3.11 This reverts commit 8a867449217151f59766a74c6165ffc26c7f50b4. Change-Id: I5cc0d94b4a1b53b987fab03bc20466ee3c3eb8b2 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2017-12-11[baremetal] Update openstack version to pikeMichael Polenchuk1-0/+60
Change-Id: If4208e937734df72b10aad259c65a2617ff5e19c Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>