summaryrefslogtreecommitdiffstats
path: root/mcp/reclass
AgeCommit message (Collapse)AuthorFilesLines
2019-01-14[odl] Set conntrack as netvirt nat modeMichael Polenchuk2-0/+2
The conntrack-based SNAT uses the Linux netfilter framework to do the NAPT and track the connection. The first packet in a traffic is passed to the netfilter to be translated with the external IP. The following packets will use the netfilter for further inbound and outbound translation. Change-Id: I1090b4fe041f8d9533aa4ce1964284a4a5c073ce Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2019-01-14Merge "[patch] Drop reclass.system patch for repo arch"Michael Polenchuk2-2/+2
2019-01-12[patch] Drop reclass.system patch for repo archAlexandru Avadanii2-2/+2
MCP repos no longer publish arm64 metadata, so drop our patch that selected arm64 metadata on arm64 systems. Instead, let it default to 'deb [arch=amd64]', which will allow arm64 systems to fetch amd64 metadata and inherintely fetch all arch-independent packages from the same repos. While at it, switch to 'rocky-armband' repos on arm64 systems. Change-Id: I07fda895f5162bfa576c62336cbb4d74e985f37a Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2019-01-11[noha] Fix gtw private NIC name in j2 templatesAlexandru Avadanii2-3/+3
Change-Id: Ic266864913dcac021b3e12f426e1c8a60c23fe87 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2019-01-09Bring in FDIO (VPP+DPDK) scenarioAlexandru Avadanii13-70/+327
- cmp, gtw: bump RAM allocation to accomodate hugepages/VPP; for now we overcommit, gtw01 resources can probably be lowered; - submodule: add salt-formula-neutron so we can locally patch it; - repo: * FD.IO repos for VPP packages; * networking-vpp PPA for python-networking-vpp Neutron driver; - use vpp-router for L3, disable neutron-l3-agent; - baremetal_init: apply repo config before network (otherwise UCA repo is missing when trying to install DPDK on baremetal nodes); - arm64: iommu.passthrough=1 is required on ThunderX for VPP on newer kernels; Design quirks: - vpp service runs as 'neutron' user, which does not exist at the time VPP is installed and initially started, hence the need to restart it before starting the vpp-agent service; - gtw01 node has DPDK, yet to configure it via IDF we use the compute-specific OVS-targeted parameters like `compute_ovs_dpdk_socket_mem`, which is a bit misleading; - vpp-agent requires ml2_conf.ini on ALL compute AND network nodes to parse per-node physnet-to-real interface names; - vpp process is bound to core '1' (not parameterized via IDF); Change-Id: I659f7dbebcab7b154e7b1fb829cd7159b4372ec8 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2019-01-03[MaaS] Implement aarch64 tags for kernel_optsAlexandru Avadanii1-0/+7
On AArch64, 1G hugepages need to be enabled via kernel cmdline before mounting hugetlbfs [1]. Leverage MaaS tags to apply custom kernel args to AArch64 nodes. [1] https://wiki.debian.org/Hugepages Change-Id: Ie68ddf805836ee62f725019b0b873082b1d40948 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-12-23[armband] Parameterize aarch64 specific repo compAlexandru Avadanii3-6/+8
Factor out armband repository component name based on openstack_version parameter. However, since 'rocky-armband' repo is not available yet, reuse the 'queens-armband' on. Change-Id: Ibd17808059542ace14724776f8686fc2afd9de6a Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-12-21Pull out rocky patchesMichael Polenchuk1-2/+1
This commit should be reverted once original formulas get required support of rocky version. Change-Id: Ia3458381bced0cae8dbfacc9781c90933ad5c822 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-12-19Update OpenStack version to RockyMichael Polenchuk9-23/+10
Change-Id: I88f28370180278c4b32599b83eebbb0ee005c936 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-12-17[mas01] Fix iptables pillar compatibility formatAlexandru Avadanii1-17/+25
Sync our reclass pillar data for mas01's iptables with latest formula changes [1]. [1] https://github.com/salt-formulas/salt-formula-iptables/commit/e353ce3c Change-Id: I66b2a75066ed512ab5ab4cc213d13d15c5c8cc7f Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-12-14[maas] Adopt maas, maasng proposed functionsAlexandru Avadanii1-0/+28
JIRA: FUEL-364 Change-Id: Ia470fc8103713e7a06cd9647675b0edfb4342bf8 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-12-13[docs] Updates for Gambia 7.1.0 releaseAlexandru Avadanii24-27/+27
While at it, rename FDIO (VPP) scenarios to align with OPNFV FDS and OPNFV Apex projects. Change-Id: I9aab5dc4a0dc41a2cc996687a8a2726d03288678 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-12-12Make MTU cluster-level configurable via IDFAlexandru Avadanii13-13/+17
JIRA: FUEL-336 Change-Id: I1c8d22b8322f700eb727d9077035ba4c9f9f9753 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-12-10Merge "[bgpvpn] Use Linux bridge for odl01 public network"Alexandru Avadanii1-3/+8
2018-12-10[odl/dpdk] Disable up/down for public interfaceMichael Polenchuk1-0/+2
There is a race with interfaces up/down action during configuration, so activate them after node reboot. Change-Id: Id40ce746cc6635fcedd0f9c809cf4a9fe4d1f034 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-12-09[bgpvpn] Use Linux bridge for odl01 public networkAlexandru Avadanii1-3/+8
Previously, we used a single interface definition for public network on odl01 node, which does not work well for baremetal setups that use a tagged VLAN public network, like ericsson-pod1. Change-Id: I10ff7c105406691011e94e06b2f099dc2cdf8a06 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-11-16[baremetal] cmp: Support per-node PXE/admin ifaceAlexandru Avadanii3-2/+3
intel-pod18 has different network interfaces on its compute nodes, requiring support for per-node PXE/admin NIC name override, instead of assumming all computes use the same NIC naming. Change-Id: I2b2e5ec6745601576ead898370241b743c963e3d Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-11-14[ha] kvm: Disable ip_forwardAlexandru Avadanii1-0/+2
kvm nodes should not try to route traffic. This also silences some bogus 'martian packet' warnings about prx public VIP reaching br-ex. Change-Id: I608a561d292be3042d20fcbe48b2f5c816c4e8bf Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-11-13Revert "Conform configs to updated Redis v5.0 package"Michael Polenchuk2-2/+2
This reverts commit 7c5c2a8353177a393f72d244470e34f23c46c3e8. The package of Redis v5.0 has been removed from repository. Change-Id: Ic9449314e9e177435878542eecbe5f4a8b848549 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-11-09Conform configs to updated Redis v5.0 packageMichael Polenchuk2-2/+10
Also disable transparent hugepages on telemetry hosted nodes to avoid latency and memory usage issues with Redis. Change-Id: I3c7a0be6edbc51141f5d79d7368583afacef9025 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-11-05[docs] Refresh for Gambia releaseAlexandru Avadanii1-8/+8
- s/Fuel@OPNFV/OPNFV Fuel/g; - added README files for ci/scenarios/patches directories; - refresh & simplify cluster overview diagrams; - unify labels across docs; - fix TOC numbering; - remove local labs PDF/IDF files, as they are merely duplicates of Pharos files included as a git submodule; JIRA: FUEL-397 Change-Id: I87f61938eeb67f13fd9205d5226a30f02e55d267 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-10-29Specify barbican endpoint for glance serviceMichael Polenchuk2-0/+4
By default castellan key manager gets public endpoint of barbican service which isn't preferable in terms of cluster ops, so specify internal endpoint explicitly. Change-Id: Ie686ceb936132143743af18fcb4960ea15a8b93c Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-10-23Enable IPv6 on entire cluster by defaultMichael Polenchuk6-28/+1
IPv6 has been enabled back by commenting out the cis-3-3-3 yaml/class source in linux service reclass. Change-Id: Ia8f4e2ddbb98f9316e6ce5136badbb14ecb277c5 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-10-22Merge "[ha] Run OpenDaylight in cluster mode"Michael Polenchuk7-30/+44
2018-10-22Merge "[ha] Add barbican to nginx on proxy nodes"Michael Polenchuk1-0/+1
2018-10-22[ha] Run OpenDaylight in cluster modeMichael Polenchuk7-30/+44
Change-Id: Id75fbee34a6cfc6e7fc60df053cccaaff21cb15a Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-10-19[ha] Add barbican to nginx on proxy nodesDelia Popescu1-0/+1
JIRA: FUEL-395 Change-Id: I8bd3a8e914828548e2ded0915770550ce3673897 Signed-off-by: Delia Popescu <delia.popescu@enea.com>
2018-10-17Merge "Add odl bgpvpn noha scenario to fuel"Alexandru Avadanii3-0/+17
2018-10-16Add odl bgpvpn noha scenario to fuelStamatis Katsaounis3-0/+17
JIRA: FUEL-393 This patch adds support of os-odl-bgvpn-noha scenario to fuel installer. Change-Id: I4e053e38aac70023b0a81f9a41b415c7a1aae3af Depends-On: I57288bbb42f4c75af19f3807f8f15b44482c066c Signed-off-by: Stamatis Katsaounis <mokats@intracom-telecom.com>
2018-10-16Enable IPv6 on compute nodes for noha and haDelia Popescu2-1/+6
Enable IPv6 on compute nodes for both ha and noha deployment types Change-Id: I46c89e3005aefea8ccbeb4779efe513bf2be84e8 Signed-off-by: Delia Popescu <delia.popescu@enea.com>
2018-10-11Set volume device name to sdcDelia Popescu2-2/+2
Functest is now using scsi volume type for fuel Set correct volume device name for functest volume tests JIRA: ARMBAND-402 Change-Id: I2265901eeb624a395388f6ce8afae226b129c5be Signed-off-by: Delia Popescu <delia.popescu@enea.com>
2018-09-26[ha] Fix missing aodh_version paramAlexandru Avadanii1-0/+1
_param:aodh_version was lost during a recent refactor, bring it back. While at it, also make chown in entrypoint.sh recursive to prepare for non-sudo deployments. Fixes: c0de0902 Change-Id: I41b225c4a3f15269aa156a1c33412206beff6ee9 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-09-26Merge "[ovn] Enable metadata agent"Alexandru Avadanii4-0/+12
2018-09-26Merge "[reclass] Ensure pxe_admin_address is set for all"Alexandru Avadanii2-1/+3
2018-09-26[reclass] Ensure pxe_admin_address is set for allAlexandru Avadanii2-1/+3
Some nodes did not rely on the _param:pxe_admin_address internal reclass param, although all of them do have an IP address in the PXE/admin network segment. Ensure all nodes define this param, so we can query all nodes with: $ salt '*' pillar.item _param:pxe_admin_address JIRA: FUEL-394 Change-Id: I7575934752c8b459c52af8a8c98c2b0327756428 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-09-26Merge "[AArch64] noha: Add armband repo prio"Alexandru Avadanii1-0/+9
2018-09-26[ovn] Enable metadata agentMichael Polenchuk4-0/+12
Change-Id: I9ef3a1dd570abf90b222609af350565d385326c8 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-09-26Merge "[minion] Set tcp_keepalive for flaky networks"Michael Polenchuk1-0/+4
2018-09-25[AArch64] noha: Add armband repo prioAlexandru Avadanii1-0/+9
Previously, only HA scenarios required the Armband repository configuration (including its higher repo prio pinning), since NOHA scenarios were not supported on baremetal. With multiarch hybrid POD support landing, the same repo prio should be set for NOHA scenarios. Change-Id: I676ee262e270ce4689c44c245967badebc2efe2c Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-09-25[reclass] Consolidate all passwordsGuillermo Herrero9-87/+66
JIRA: FUEL-378 Change-Id: I00832d697d83c374628fa9d759c125e0b6ca64cf Signed-off-by: Guillermo Herrero <guillermo.herrero@enea.com>
2018-09-24[minion] Set tcp_keepalive for flaky networksAlexandru Avadanii1-0/+4
Workaround issues like [1]. Requires bumping formulas for salt-formula-salt support of tcp_keepalive_* params. [1] https://github.com/saltstack/salt/issues/38157 Change-Id: I7093437fb696809f73a24b10144c6321d0f1be32 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-09-23[repos] Replace keyserver accesses with pillar GPGAlexandru Avadanii6-31/+98
JIRA: FUEL-392 Change-Id: Ia21840c7561a14a5eeed3d08bf89eb2dbf9acc3a Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-09-21Merge "[state] virtual_init: Limit to mas01 on baremetal"Alexandru Avadanii3-4/+2
2018-09-21Merge "[infra] Bind mas01 mcpcontrol DHCP to MAAS_IP"Alexandru Avadanii1-2/+2
2018-09-21Merge "Rotate keystone fernet keys on shared filesystem"Alexandru Avadanii1-0/+2
2018-09-21Enable IPv6 back for proxy/nginx nodeMichael Polenchuk1-0/+4
Change-Id: I2af8a06f5637238c4512b5a117d899fec7cb2e50 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-09-21Rotate keystone fernet keys on shared filesystemMichael Polenchuk1-0/+2
Change-Id: I38def56c2f276eca61f12558a03aa2693cc032f3 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-09-21[maas] Override broken default main_archive URLAlexandru Avadanii1-1/+5
Upstream reclass.system introduced a regression for us in [1]. [1] https://github.com/Mirantis/reclass-system-salt-model/commit/99490e7d Change-Id: I5cedcbb5c528a8bf59b4f917b422ed433d2ceea3 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-09-20[state] virtual_init: Limit to mas01 on baremetalAlexandru Avadanii3-4/+2
`virtual_init` state file tries to ping all FN VMs, but that won't work on hybrid PODs since all FN VMs but mas01 require MaaS DHCP to be already configured (i.e. FN VMs in question will be reset after mas01 is fully configured). Limit virtual node queries in `virtual_init` to mas01 VM, as the rest of FN VMs will be handled via `baremetal_init` state. While at it, move _param:apt_mk_version def to common reclass to avoid an undef reference in NOHA hybrid deployments; set MCP_VCP to 0 for non-HA scenarios. JIRA: FUEL-385 Change-Id: I582bca6864e9bfed23baf26f9b66e6e95e986c58 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-09-20[infra] Bind mas01 mcpcontrol DHCP to MAAS_IPAlexandru Avadanii1-2/+2
Bring back MAAS_IP global env var and use it for mas01 VM IP addr in mcpcontrol network to prevent salt minion signature change. Partially-reverts: b666bc50 Change-Id: I5c7668393fe66287bd3ecdc75dd3195d5a89a8f3 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>