aboutsummaryrefslogtreecommitdiffstats
path: root/mcp/reclass/classes/cluster/mcp-common-ha
AgeCommit message (Collapse)AuthorFilesLines
2018-11-09Conform configs to updated Redis v5.0 packageMichael Polenchuk1-1/+6
Also disable transparent hugepages on telemetry hosted nodes to avoid latency and memory usage issues with Redis. Change-Id: I3c7a0be6edbc51141f5d79d7368583afacef9025 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-10-29Specify barbican endpoint for glance serviceMichael Polenchuk1-0/+2
By default castellan key manager gets public endpoint of barbican service which isn't preferable in terms of cluster ops, so specify internal endpoint explicitly. Change-Id: Ie686ceb936132143743af18fcb4960ea15a8b93c Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-10-23Enable IPv6 on entire cluster by defaultMichael Polenchuk2-7/+1
IPv6 has been enabled back by commenting out the cis-3-3-3 yaml/class source in linux service reclass. Change-Id: Ia8f4e2ddbb98f9316e6ce5136badbb14ecb277c5 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-10-22Merge "[ha] Run OpenDaylight in cluster mode"Michael Polenchuk1-10/+0
2018-10-22[ha] Run OpenDaylight in cluster modeMichael Polenchuk1-10/+0
Change-Id: Id75fbee34a6cfc6e7fc60df053cccaaff21cb15a Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-10-19[ha] Add barbican to nginx on proxy nodesDelia Popescu1-0/+1
JIRA: FUEL-395 Change-Id: I8bd3a8e914828548e2ded0915770550ce3673897 Signed-off-by: Delia Popescu <delia.popescu@enea.com>
2018-10-16Enable IPv6 on compute nodes for noha and haDelia Popescu1-1/+3
Enable IPv6 on compute nodes for both ha and noha deployment types Change-Id: I46c89e3005aefea8ccbeb4779efe513bf2be84e8 Signed-off-by: Delia Popescu <delia.popescu@enea.com>
2018-10-11Set volume device name to sdcDelia Popescu1-1/+1
Functest is now using scsi volume type for fuel Set correct volume device name for functest volume tests JIRA: ARMBAND-402 Change-Id: I2265901eeb624a395388f6ce8afae226b129c5be Signed-off-by: Delia Popescu <delia.popescu@enea.com>
2018-09-26[ha] Fix missing aodh_version paramAlexandru Avadanii1-0/+1
_param:aodh_version was lost during a recent refactor, bring it back. While at it, also make chown in entrypoint.sh recursive to prepare for non-sudo deployments. Fixes: c0de0902 Change-Id: I41b225c4a3f15269aa156a1c33412206beff6ee9 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-09-25[reclass] Consolidate all passwordsGuillermo Herrero2-45/+0
JIRA: FUEL-378 Change-Id: I00832d697d83c374628fa9d759c125e0b6ca64cf Signed-off-by: Guillermo Herrero <guillermo.herrero@enea.com>
2018-09-23[repos] Replace keyserver accesses with pillar GPGAlexandru Avadanii2-8/+6
JIRA: FUEL-392 Change-Id: Ia21840c7561a14a5eeed3d08bf89eb2dbf9acc3a Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-09-21Merge "[state] virtual_init: Limit to mas01 on baremetal"Alexandru Avadanii1-2/+0
2018-09-21Merge "Rotate keystone fernet keys on shared filesystem"Alexandru Avadanii1-0/+2
2018-09-21Enable IPv6 back for proxy/nginx nodeMichael Polenchuk1-0/+4
Change-Id: I2af8a06f5637238c4512b5a117d899fec7cb2e50 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-09-21Rotate keystone fernet keys on shared filesystemMichael Polenchuk1-0/+2
Change-Id: I38def56c2f276eca61f12558a03aa2693cc032f3 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-09-20[state] virtual_init: Limit to mas01 on baremetalAlexandru Avadanii1-2/+0
`virtual_init` state file tries to ping all FN VMs, but that won't work on hybrid PODs since all FN VMs but mas01 require MaaS DHCP to be already configured (i.e. FN VMs in question will be reset after mas01 is fully configured). Limit virtual node queries in `virtual_init` to mas01 VM, as the rest of FN VMs will be handled via `baremetal_init` state. While at it, move _param:apt_mk_version def to common reclass to avoid an undef reference in NOHA hybrid deployments; set MCP_VCP to 0 for non-HA scenarios. JIRA: FUEL-385 Change-Id: I582bca6864e9bfed23baf26f9b66e6e95e986c58 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-09-19Update system reclass modelMichael Polenchuk4-6/+26
In order to get tacker definitions and latest changes. Change-Id: Ib5bf5034f140e708fb596dd4b622f0b2bdee8a59 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-09-13[ha] Get OVS 2.9 & DPDK 17.11 from UCA repoMichael Polenchuk2-4/+1
* to be compatible with HWE kernel * make neutron balancing to RR back * turn off glance v1 api support (doesn't relevant for now) Change-Id: I916aae10f523be339c20de32218ce03c245afe72 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-09-01[docker] Cleanup, minor fixes, formula bumpAlexandru Avadanii1-0/+3
* ship prebuilt salt master conf for better readability: - enable x509.sign_remote_certificate (for prx VCP nodes); * refactor Salt master CA handling: - preinstall `salt_minion_dependency_packages` and `salt_minion_reclass_dependencies` inside docker image; - persistent /etc/pki; - run salt.minion on cfg01 to generate master keys; * bump container formulas to 1 Sep 2018 versions or newer: - inject date into Docker makefile, forcing a fresh fetch of all salt formulas from upstream git repos; * workaround broken salt-formula-designate's meta/sphinx.yml: - the DEB package version of salt-formula-designate uses `cmd.shell` to query dpkg on the minion, while the git repo version still uses `cmd.run`, running into parsing issues; - temporarily disable sphinx metadata generation for designate until upstream git repo syncs with the DEB version; * upstream: salt-formula-salt AArch64 salt.control.virt support: - retire salt-formula-salt git submodule and related patches; * skip installing reclass distro package (already installed via pip inside the container); * limit initial pillar_refresh call to nodes on jumphost; * remove unused salt-formula-nova git submodule; JIRA: FUEL-383 Change-Id: I883b825e556f887a5e31f8a43676dcd8ece6dfde Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-08-30[AArch64] salt.control.virt supportAlexandru Avadanii1-14/+23
Salt relies on a limiting libvirt_domain j2 template to generate the XML it passes to libvirt for salt.control managed virtual machines. For AArch64, we need to set up 3 XML nodes in a non-default way: 1. UEFI firmware (AAVMF) should be enabled by passing a pflash loader; 2. CPU mode should be 'host-passthrough'; 3. QEMU machine type should be 'virt'; To allow configuring the above using pillar data: - virtng module: implement functionality similar to upstream changes: * 219b84a512 virt module: Allow NVRAM unlinking on DOM undefine in develop, not in 2018.2; * 9cace9adb9 Add support to virt for libvirt loader in develop, not in 2018.2; - virtng module: extend it with: * pass virt machine type to vm; * pass cpu_mode to vm; JIRA: ARMBAND-404 Change-Id: Ib2123e7170991b3dfbdb42bd1a2baa5a4360b200 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-08-29Add noifupdown for all br-floatingAlexandru Avadanii1-0/+1
Since we reboot all nodes, applying the network configuration via Salt before reboot is pointless and creates a race condition with OVS. While at it, add `--ignore-errors` to ifup call for OVS bridge to prevent a race condition during linux.network state apply. Change-Id: I22fe0afaffecd7b850a6b77d7b810ed296bfc9ca Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-08-29[docker] Switch to containerized Salt MasterAlexandru Avadanii1-31/+0
* Refactor OPNFV salt-formulas mechanism to resemble upstream git structure: - git submodules: add new submodule for each formula we patch; - create salt-formula-x directories for OPNFV formulas; - move mcp/metadata/service contents to their each formula subdir; - use `make patches-import` for patches previously handled by patch.sh; - retire patch.sh * states: add virtual_init: - mostly based on old salt.sh, which is now obsolete; - exclude salt-master service restart (it would kill the container); * scenarios: cleanup (rm cfg01 virtual node def), adopt virtual_init; * reclass: align our model with prebuilt container's Salt config: - drop linux:network pillar data (handled by Docker); - stop applying linux.system state on cfg01; - align salt user homedir; - drop salt-formula packages (preprovisioned); * minor plumbing in deploy.sh and lib.sh; JIRA: FUEL-383 Change-Id: I28708a9b399d3f19012212c71966ebda9d6fc0ac Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-08-21.gitignore refresh, fold common expressionsAlexandru Avadanii1-0/+0
Change-Id: I5346ee523b40f1a249394d59dbbe4d3d85c692cb Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-08-21Turn off glance signatures verificationMichael Polenchuk1-0/+2
Change-Id: I61ee8e19e783437dce7a9ddd666cd60e9d22a2e1 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-08-16Merge "Fix barbican integration on compute nodes"Alexandru Avadanii2-1/+2
2018-08-16Fix barbican integration on compute nodesDelia Popescu2-1/+2
Locally overwriting barbican_integration_enable on compute nodes does not work. Set barbican_integration_enable to true by default. Disable barbican_integration at openstack_control side. While at it, enable barbican on ha scenarios too. JIRA: FUNCTEST-981 Change-Id: I3c8df5d4078f73f32f3605dec5a7a365fa386019 Signed-off-by: Delia Popescu <delia.popescu@enea.com>
2018-08-15Turn off default apache portsMichael Polenchuk3-1/+9
Change-Id: I0377615ff19e39aca74b90d2ff7e7b2cd5cd6ccb Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-08-13[reclass] noifupdown for cluster nodes PXE/adminAlexandru Avadanii2-0/+2
Instead of applying PXE/admin static IPs via Salt right away, delay the transition from DHCP until after node reboot to avoid duplicate IPs and networking issues during deployment. Change-Id: I8a12d78a6b42edc9bcf9eb9ebc9590e2af5ec52c Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-08-10[noha] Add mas01 reclass inheritanceAlexandru Avadanii1-3/+0
While at it, move openstack_version param to the common include dir. JIRA: FUEL-382 Change-Id: I5e7ebb18a95672f066126d3afd28f13395a3149f Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-08-09[IDF] infra VMs: Allow trunking mgmt networkAlexandru Avadanii1-1/+10
Due to design limitations in idf.net_config, for a hybrid POD we need to trunk certain network segments for the VMs running on the jumpserver, including mgmt network going to cfg01, mas01. Add mgmt VLAN support for cfg01, mas01 gated by a flag in IDF: idf.fuel.jumphost.trunks.mgmt: True JIRA: FUEL-338 Change-Id: I6903f9b70e5f8a88618bce28e21c7c0631a05065 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-08-09Update Salt version to 2017.7Michael Polenchuk1-1/+1
Salt 2016.x has a bug with states ordering coming from 'include' statement. Glance/Heat DB sync is applied before package setup although clearly specified 'require' in state. Change-Id: Ic5f7ce4a7623fb208c0a5ba366802b7e02fa8b9f Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-08-07Merge changes from topics 'baremetal-noha', 'move-maas-classes'Alexandru Avadanii10-241/+11
* changes: [noha] cinder: Align VG name with HA scenarios [reclass] Move system.single class to common [maas] Add reclass storage definitions for all [reclass] Move MaaS classes to common dir for NOHA
2018-08-06[ha] Bind cinder volume I/O on mgmt networkAlexandru Avadanii1-0/+1
JIRA: FUEL-367 Change-Id: I9a4171d2616af5ae1bafbf1740fd7c7f97c1768e Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-08-06[reclass] Move system.single class to commonAlexandru Avadanii1-1/+0
Include system.linux.system.single class globally in the common section, preparing for MaaS NOHA node definition. JIRA: FUEL-382 Change-Id: Icdfb2a90f356cd537631abe653950c0c30020551 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-08-06[maas] Add reclass storage definitions for allAlexandru Avadanii1-1/+0
Reclass storage definitions for mas01 node should be added to all ha/noha scenarios, only when/if baremetal cluster nodes are involved. JIRA: FUEL-382 Change-Id: I455b07894b68eb89903df94352159ea6519275b0 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-08-06[reclass] Move MaaS classes to common dir for NOHAAlexandru Avadanii9-239/+11
Prepare for reusing MaaS-related reclass classes for NOHA scenarios. JIRA: FUEL-338 Change-Id: Ic8ddd5915563f58643ef8c7ac4055a1000db7d45 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-08-02[ha] AArch64: Add missing GPG key for armband repoAlexandru Avadanii1-0/+2
In a regular baremetal HA scenario, all cluster nodes are provisioned via MaaS, which also adds the Enea GPG key to the APT keyring. However, for a hybrid deployment, virtual nodes are not provisioned by MaaS, so the GPG key should be added to reclass pillar data explicitly for Salt to be able to import it. JIRA: FUEL-338 Change-Id: I333b7c373bdbc631c0f54ac549f97ab889dec77c Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-08-01[maas] Allow more than two compute nodesAlexandru Avadanii1-4/+6
Change-Id: Ie023bfe7b322a49a8b525e7926518c94899c67ce Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-07-24Bring in Barbican service onboardMichael Polenchuk5-0/+31
Change-Id: I68759360c9dd8f8cf422161e21ed15df6c694e84 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-07-23[MaaS] Arch-qualify Saltstack repo for XenialAlexandru Avadanii1-1/+1
Previous changes altering Saltstack repo URL did not add an arch qulification, leading to APT trying to fetch the repo metadata for the current system architecture, failing on arm64 systems. Change-Id: Ibe32d90a8da2e04563ac9170939de92a4db233fd Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-07-23Rectify control address on compute nodesMichael Polenchuk1-2/+1
Change-Id: I5734431d54c0d0ad9fb337fc37ce3b31a3c58e0a Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-07-19[maas] Change saltstack repo source formatMichael Polenchuk1-1/+1
Change-Id: I2a25734258f34ed02da584456a3a3dac70e24af3 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-07-09[patch] MaaS: Switch to upstream fabric/vlan mgmtAlexandru Avadanii1-9/+17
Obsolete our out of tree patch in favor of upstream mechanisms for creating fabrics/VLANs/subnets. Change-Id: I57d6d59764a825b428f423d48c5d90af7f2e676f Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-07-02[apt] Allow downgrades during APT operationsAlexandru Avadanii1-0/+2
Pinning certain packages (e.g. OVS) interfers with `dist-upgrade` if downgrades are not explicitly allowed. Change-Id: I0b001936e86228037c30f30812e32d6221ef458d Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-07-02[AArch64] Pin armband repo with highest prioAlexandru Avadanii1-0/+8
Mirantis repositories shadow certain packages from Armband repos (e.g. qemu-efi) if pinning is not set. Since MaaS does not allow configuring repo priorities via its API, use Salt pillar data to re-define the Armband repo and set its prio. Change-Id: Ic743f4b684b3f13552792f5f04097fac73171b37 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-06-29Revert "[salt-formulas] Switch to 'testing' dist"Alexandru Avadanii1-1/+1
This reverts commit a8f434118013a69295bdc0f9fc8294c539742c01. This reverts commit b52ef6ea62f43de4b91e2becd92a3282e569925c. Change-Id: I604df3f50febb049f1545a8141c5abb013cf6c69 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-06-29[patch] MaaS: fabric ID from CIDRAlexandru Avadanii1-3/+0
Change-Id: I1e1490f4d0a0bee2783450c6369d7ab6c45b193f Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-06-29[salt-formulas] Also switch reclass to 'testing'Alexandru Avadanii1-1/+1
Previous commit only changed the dist during Salt master bootstrap, but failed to update the DEB repo configration in reclass. Fixes: a8f43411 Change-Id: Ie011719cdc1c75cba363f53e51f22ce7cf138a5e Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-06-26Merge "[ha] Add fabric to maas admin subnet"Alexandru Avadanii1-5/+8
2018-06-26[ha] Add fabric to maas admin subnetMichael Polenchuk1-5/+8
Change-Id: Ida4cf736dfe60886384e7e180d3e43faf811bd58 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>