aboutsummaryrefslogtreecommitdiffstats
path: root/mcp/reclass
AgeCommit message (Collapse)AuthorFilesLines
2018-10-29Specify barbican endpoint for glance serviceMichael Polenchuk2-0/+4
By default castellan key manager gets public endpoint of barbican service which isn't preferable in terms of cluster ops, so specify internal endpoint explicitly. Change-Id: Ie686ceb936132143743af18fcb4960ea15a8b93c Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-10-23Enable IPv6 on entire cluster by defaultMichael Polenchuk6-28/+1
IPv6 has been enabled back by commenting out the cis-3-3-3 yaml/class source in linux service reclass. Change-Id: Ia8f4e2ddbb98f9316e6ce5136badbb14ecb277c5 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-10-22Merge "[ha] Run OpenDaylight in cluster mode"Michael Polenchuk7-30/+44
2018-10-22Merge "[ha] Add barbican to nginx on proxy nodes"Michael Polenchuk1-0/+1
2018-10-22[ha] Run OpenDaylight in cluster modeMichael Polenchuk7-30/+44
Change-Id: Id75fbee34a6cfc6e7fc60df053cccaaff21cb15a Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-10-19[ha] Add barbican to nginx on proxy nodesDelia Popescu1-0/+1
JIRA: FUEL-395 Change-Id: I8bd3a8e914828548e2ded0915770550ce3673897 Signed-off-by: Delia Popescu <delia.popescu@enea.com>
2018-10-17Merge "Add odl bgpvpn noha scenario to fuel"Alexandru Avadanii3-0/+17
2018-10-16Add odl bgpvpn noha scenario to fuelStamatis Katsaounis3-0/+17
JIRA: FUEL-393 This patch adds support of os-odl-bgvpn-noha scenario to fuel installer. Change-Id: I4e053e38aac70023b0a81f9a41b415c7a1aae3af Depends-On: I57288bbb42f4c75af19f3807f8f15b44482c066c Signed-off-by: Stamatis Katsaounis <mokats@intracom-telecom.com>
2018-10-16Enable IPv6 on compute nodes for noha and haDelia Popescu2-1/+6
Enable IPv6 on compute nodes for both ha and noha deployment types Change-Id: I46c89e3005aefea8ccbeb4779efe513bf2be84e8 Signed-off-by: Delia Popescu <delia.popescu@enea.com>
2018-10-11Set volume device name to sdcDelia Popescu2-2/+2
Functest is now using scsi volume type for fuel Set correct volume device name for functest volume tests JIRA: ARMBAND-402 Change-Id: I2265901eeb624a395388f6ce8afae226b129c5be Signed-off-by: Delia Popescu <delia.popescu@enea.com>
2018-09-26[ha] Fix missing aodh_version paramAlexandru Avadanii1-0/+1
_param:aodh_version was lost during a recent refactor, bring it back. While at it, also make chown in entrypoint.sh recursive to prepare for non-sudo deployments. Fixes: c0de0902 Change-Id: I41b225c4a3f15269aa156a1c33412206beff6ee9 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-09-26Merge "[ovn] Enable metadata agent"Alexandru Avadanii4-0/+12
2018-09-26Merge "[reclass] Ensure pxe_admin_address is set for all"Alexandru Avadanii2-1/+3
2018-09-26[reclass] Ensure pxe_admin_address is set for allAlexandru Avadanii2-1/+3
Some nodes did not rely on the _param:pxe_admin_address internal reclass param, although all of them do have an IP address in the PXE/admin network segment. Ensure all nodes define this param, so we can query all nodes with: $ salt '*' pillar.item _param:pxe_admin_address JIRA: FUEL-394 Change-Id: I7575934752c8b459c52af8a8c98c2b0327756428 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-09-26Merge "[AArch64] noha: Add armband repo prio"Alexandru Avadanii1-0/+9
2018-09-26[ovn] Enable metadata agentMichael Polenchuk4-0/+12
Change-Id: I9ef3a1dd570abf90b222609af350565d385326c8 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-09-26Merge "[minion] Set tcp_keepalive for flaky networks"Michael Polenchuk1-0/+4
2018-09-25[AArch64] noha: Add armband repo prioAlexandru Avadanii1-0/+9
Previously, only HA scenarios required the Armband repository configuration (including its higher repo prio pinning), since NOHA scenarios were not supported on baremetal. With multiarch hybrid POD support landing, the same repo prio should be set for NOHA scenarios. Change-Id: I676ee262e270ce4689c44c245967badebc2efe2c Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-09-25[reclass] Consolidate all passwordsGuillermo Herrero9-87/+66
JIRA: FUEL-378 Change-Id: I00832d697d83c374628fa9d759c125e0b6ca64cf Signed-off-by: Guillermo Herrero <guillermo.herrero@enea.com>
2018-09-24[minion] Set tcp_keepalive for flaky networksAlexandru Avadanii1-0/+4
Workaround issues like [1]. Requires bumping formulas for salt-formula-salt support of tcp_keepalive_* params. [1] https://github.com/saltstack/salt/issues/38157 Change-Id: I7093437fb696809f73a24b10144c6321d0f1be32 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-09-23[repos] Replace keyserver accesses with pillar GPGAlexandru Avadanii6-31/+98
JIRA: FUEL-392 Change-Id: Ia21840c7561a14a5eeed3d08bf89eb2dbf9acc3a Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-09-21Merge "[state] virtual_init: Limit to mas01 on baremetal"Alexandru Avadanii3-4/+2
2018-09-21Merge "[infra] Bind mas01 mcpcontrol DHCP to MAAS_IP"Alexandru Avadanii1-2/+2
2018-09-21Merge "Rotate keystone fernet keys on shared filesystem"Alexandru Avadanii1-0/+2
2018-09-21Enable IPv6 back for proxy/nginx nodeMichael Polenchuk1-0/+4
Change-Id: I2af8a06f5637238c4512b5a117d899fec7cb2e50 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-09-21Rotate keystone fernet keys on shared filesystemMichael Polenchuk1-0/+2
Change-Id: I38def56c2f276eca61f12558a03aa2693cc032f3 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-09-21[maas] Override broken default main_archive URLAlexandru Avadanii1-1/+5
Upstream reclass.system introduced a regression for us in [1]. [1] https://github.com/Mirantis/reclass-system-salt-model/commit/99490e7d Change-Id: I5cedcbb5c528a8bf59b4f917b422ed433d2ceea3 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-09-20[state] virtual_init: Limit to mas01 on baremetalAlexandru Avadanii3-4/+2
`virtual_init` state file tries to ping all FN VMs, but that won't work on hybrid PODs since all FN VMs but mas01 require MaaS DHCP to be already configured (i.e. FN VMs in question will be reset after mas01 is fully configured). Limit virtual node queries in `virtual_init` to mas01 VM, as the rest of FN VMs will be handled via `baremetal_init` state. While at it, move _param:apt_mk_version def to common reclass to avoid an undef reference in NOHA hybrid deployments; set MCP_VCP to 0 for non-HA scenarios. JIRA: FUEL-385 Change-Id: I582bca6864e9bfed23baf26f9b66e6e95e986c58 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-09-20[infra] Bind mas01 mcpcontrol DHCP to MAAS_IPAlexandru Avadanii1-2/+2
Bring back MAAS_IP global env var and use it for mas01 VM IP addr in mcpcontrol network to prevent salt minion signature change. Partially-reverts: b666bc50 Change-Id: I5c7668393fe66287bd3ecdc75dd3195d5a89a8f3 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-09-20[maas] Fix class ordering for ipv6.disable dupAlexandru Avadanii1-0/+1
Include class disabling IPv6 first, so our override is last. Change-Id: I91f8cb48ab2eaef54eb98705fc97ab9910c3666f Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-09-20Merge "[maas] Enable back IPv6 for MaaS node"Alexandru Avadanii1-0/+4
2018-09-20[maas] Enable back IPv6 for MaaS nodeAlexandru Avadanii1-0/+4
IPv6 has been disabled recently by default to reduce the attack surface of the system, however MaaS rackd service relies on other libraries that require an INET6 socket by design. Change-Id: I6c633e9790e75d53437f400790d0e528f0a792b3 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com> Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-09-20Enable back IPv6 for OVN based scenarioMichael Polenchuk2-0/+13
IPv6 has been disabled recently by default to reduce the attack surface of the system, however OVN/Geneve kernel-based tunnels require it to function properly. [https://www.mail-archive.com/ovs-discuss@openvswitch.org/msg03639.html] Change-Id: Ife86dfad77e7899bd28f83a49c361cd8a623597c Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-09-19[noha] Bring in OpenDaylight SFC scenarioMichael Polenchuk3-0/+14
- bump formulas baseline during docker build; - refresh patches; Change-Id: I0a54863f57344c5f8897dc981f704c4d265c5522 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-09-19Merge "Update system reclass model"Alexandru Avadanii5-6/+26
2018-09-19Update system reclass modelMichael Polenchuk5-6/+26
In order to get tacker definitions and latest changes. Change-Id: Ib5bf5034f140e708fb596dd4b622f0b2bdee8a59 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-09-19Use common way to detect dpdk featureMichael Polenchuk5-6/+6
Change-Id: I55a3c10f275079b11b7456b28a2c846cb33c204a Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-09-18[nosdn-noha] Meet EPA testcases requirements - pt2Stamatis Katsaounis2-0/+11
JIRA: FUEL-385 After successfully merging patch https://gerrit.opnfv.org/gerrit/#/c/61417/ a user can deploy os-nosdn-nofeature-noha scenario with numa topologies on compute nodes. In order to be able to run the EPA testcases, there are still some requirements (see [1]): - Testcases expect compute nodes to have hugepages enabled - Testcases expect compute nodes to have cgroup-tools package installed - Testcases expect to have NUMATopologyFilter added to enabled_filters in /etc/nova/nova.conf of the controller node This patch tries to meet the above requirements. First, it installs the cgroup-tools package on compute nodes. Secondly, it overrides the default enabled_filters of openstack nova salt package by appending NUMATopologyFilter in the end (see [2], [3]). Reference links: [1] https://docs.google.com/document/d/1sT63M6fnurn4rgYTiUd8ILuXORtx0oHA8Qe-nPeCr2Y/edit [2] https://github.com/salt-formulas/salt-formula-nova/blob/master/README.rst#custom-scheduler-filters [3] https://github.com/salt-formulas/salt-formula-nova/blob/master/metadata/service/control/single.yml#L20 Change-Id: I24eb86c53574c80ceb33ecd1bfcb9ef2727d4263 Signed-off-by: Stamatis Katsaounis <mokats@intracom-telecom.com>
2018-09-13[ha] Get OVS 2.9 & DPDK 17.11 from UCA repoMichael Polenchuk2-4/+1
* to be compatible with HWE kernel * make neutron balancing to RR back * turn off glance v1 api support (doesn't relevant for now) Change-Id: I916aae10f523be339c20de32218ce03c245afe72 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-09-10Merge "[submodule] Bump Pharos for maas:machines sync"Alexandru Avadanii1-31/+0
2018-09-09[ovn-ha] ctl: neutron: Add msg cluster pillarAlexandru Avadanii1-0/+9
`system.neutron.control.cluster`, unlike `system.neutron.control.openvswitch.cluster` does not provide neutron:server:message_queue:members pillar data, letting it default to the wrong values (single rabbit instance on the same node). This led to neutron.conf on ctl nodes using: `transport_url=rabbit://openstack:***@172.16.10.35:5672//openstack` instead of `transport_url=rabbit://openstack:***@172.16.10.28:5672,...//openstack` Change-Id: Iad4b709d555b2bafafeb75fdecb831f7d4f5a504 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-09-06[submodule] Bump Pharos for maas:machines syncAlexandru Avadanii1-31/+0
Drop duplicate maas:machines definitions which could cause conflicts in rare corner cases. Slightly refactor j2 template expansion to make `conf.virtual.nodes` available during first stage. Change-Id: I04d56e346b12c6eb97da5c0c0ab1e3446e5fc1b8 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-09-05Merge "[ha] Fix ovn-ha scenario"Guillermo Herrero1-0/+2
2018-09-05[ha] Fix ovn-ha scenarioGuillermo Herrero1-0/+2
openstack/control.yml -redefine database host ip inherited from system.neutron.control.cluster Change-Id: Ic8e61c61c7ebb17f31e0c53f8d9e3a013f8a3e9e Signed-off-by: Guillermo Herrero <guillermo.herrero@enea.com>
2018-09-04[noha] Set MTU on tenant/private dpdk interfaceMichael Polenchuk3-0/+3
Enable jumbo frames on tenant/private interface as well so that an instance can get the DHCP response from gateway node. Change-Id: I9407fa67e9e0cdbe50335e4430748b0e45ba841a Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-09-03[odl/dpdk] Make dedicated public network schemeMichael Polenchuk1-4/+25
In order to avoid TCP connection checksum issue (i.e. TX offloading on ovs bridges) add linux bridge connected with ovs public bridge. Change-Id: I4d266dd92756d5326dfa3d74fe2f376b26415812 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-09-01[docker] Cleanup, minor fixes, formula bumpAlexandru Avadanii1-0/+3
* ship prebuilt salt master conf for better readability: - enable x509.sign_remote_certificate (for prx VCP nodes); * refactor Salt master CA handling: - preinstall `salt_minion_dependency_packages` and `salt_minion_reclass_dependencies` inside docker image; - persistent /etc/pki; - run salt.minion on cfg01 to generate master keys; * bump container formulas to 1 Sep 2018 versions or newer: - inject date into Docker makefile, forcing a fresh fetch of all salt formulas from upstream git repos; * workaround broken salt-formula-designate's meta/sphinx.yml: - the DEB package version of salt-formula-designate uses `cmd.shell` to query dpkg on the minion, while the git repo version still uses `cmd.run`, running into parsing issues; - temporarily disable sphinx metadata generation for designate until upstream git repo syncs with the DEB version; * upstream: salt-formula-salt AArch64 salt.control.virt support: - retire salt-formula-salt git submodule and related patches; * skip installing reclass distro package (already installed via pip inside the container); * limit initial pillar_refresh call to nodes on jumphost; * remove unused salt-formula-nova git submodule; JIRA: FUEL-383 Change-Id: I883b825e556f887a5e31f8a43676dcd8ece6dfde Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-08-31[noha] Align MTU settingsMichael Polenchuk5-3/+19
* shift MTU from public bridge to physical interface * add neutron related settings Change-Id: Ia57d1ca7976968d6e7ee23f58a0abae1a1a256c0 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-08-30[AArch64] salt.control.virt supportAlexandru Avadanii2-14/+32
Salt relies on a limiting libvirt_domain j2 template to generate the XML it passes to libvirt for salt.control managed virtual machines. For AArch64, we need to set up 3 XML nodes in a non-default way: 1. UEFI firmware (AAVMF) should be enabled by passing a pflash loader; 2. CPU mode should be 'host-passthrough'; 3. QEMU machine type should be 'virt'; To allow configuring the above using pillar data: - virtng module: implement functionality similar to upstream changes: * 219b84a512 virt module: Allow NVRAM unlinking on DOM undefine in develop, not in 2018.2; * 9cace9adb9 Add support to virt for libvirt loader in develop, not in 2018.2; - virtng module: extend it with: * pass virt machine type to vm; * pass cpu_mode to vm; JIRA: ARMBAND-404 Change-Id: Ib2123e7170991b3dfbdb42bd1a2baa5a4360b200 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-08-29Add noifupdown for all br-floatingAlexandru Avadanii4-0/+4
Since we reboot all nodes, applying the network configuration via Salt before reboot is pointless and creates a race condition with OVS. While at it, add `--ignore-errors` to ifup call for OVS bridge to prevent a race condition during linux.network state apply. Change-Id: I22fe0afaffecd7b850a6b77d7b810ed296bfc9ca Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>