Age | Commit message (Collapse) | Author | Files | Lines |
|
IPv6 has been disabled recently by default to reduce the attack
surface of the system, however MaaS rackd service relies on other
libraries that require an INET6 socket by design.
Change-Id: I6c633e9790e75d53437f400790d0e528f0a792b3
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
IPv6 has been disabled recently by default to reduce the attack
surface of the system, however OVN/Geneve kernel-based tunnels
require it to function properly.
[https://www.mail-archive.com/ovs-discuss@openvswitch.org/msg03639.html]
Change-Id: Ife86dfad77e7899bd28f83a49c361cd8a623597c
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
- bump formulas baseline during docker build;
- refresh patches;
Change-Id: I0a54863f57344c5f8897dc981f704c4d265c5522
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
|
|
In order to get tacker definitions and latest changes.
Change-Id: Ib5bf5034f140e708fb596dd4b622f0b2bdee8a59
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: I55a3c10f275079b11b7456b28a2c846cb33c204a
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
JIRA: FUEL-385
After successfully merging patch
https://gerrit.opnfv.org/gerrit/#/c/61417/ a user can deploy
os-nosdn-nofeature-noha scenario with numa topologies on compute nodes.
In order to be able to run the EPA testcases, there are still some
requirements (see [1]):
- Testcases expect compute nodes to have hugepages enabled
- Testcases expect compute nodes to have cgroup-tools package
installed
- Testcases expect to have NUMATopologyFilter added to
enabled_filters in /etc/nova/nova.conf of the controller node
This patch tries to meet the above requirements. First, it installs
the cgroup-tools package on compute nodes. Secondly, it overrides the
default enabled_filters of openstack nova salt package by appending
NUMATopologyFilter in the end (see [2], [3]).
Reference links:
[1] https://docs.google.com/document/d/1sT63M6fnurn4rgYTiUd8ILuXORtx0oHA8Qe-nPeCr2Y/edit
[2] https://github.com/salt-formulas/salt-formula-nova/blob/master/README.rst#custom-scheduler-filters
[3] https://github.com/salt-formulas/salt-formula-nova/blob/master/metadata/service/control/single.yml#L20
Change-Id: I24eb86c53574c80ceb33ecd1bfcb9ef2727d4263
Signed-off-by: Stamatis Katsaounis <mokats@intracom-telecom.com>
|
|
* to be compatible with HWE kernel
* make neutron balancing to RR back
* turn off glance v1 api support (doesn't relevant for now)
Change-Id: I916aae10f523be339c20de32218ce03c245afe72
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
|
|
`system.neutron.control.cluster`, unlike
`system.neutron.control.openvswitch.cluster` does not provide
neutron:server:message_queue:members pillar data, letting it
default to the wrong values (single rabbit instance on the same node).
This led to neutron.conf on ctl nodes using:
`transport_url=rabbit://openstack:***@172.16.10.35:5672//openstack`
instead of
`transport_url=rabbit://openstack:***@172.16.10.28:5672,...//openstack`
Change-Id: Iad4b709d555b2bafafeb75fdecb831f7d4f5a504
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Drop duplicate maas:machines definitions which could cause conflicts
in rare corner cases.
Slightly refactor j2 template expansion to make `conf.virtual.nodes`
available during first stage.
Change-Id: I04d56e346b12c6eb97da5c0c0ab1e3446e5fc1b8
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
|
|
openstack/control.yml
-redefine database host ip inherited from
system.neutron.control.cluster
Change-Id: Ic8e61c61c7ebb17f31e0c53f8d9e3a013f8a3e9e
Signed-off-by: Guillermo Herrero <guillermo.herrero@enea.com>
|
|
Enable jumbo frames on tenant/private interface as well so that
an instance can get the DHCP response from gateway node.
Change-Id: I9407fa67e9e0cdbe50335e4430748b0e45ba841a
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
In order to avoid TCP connection checksum issue (i.e. TX offloading
on ovs bridges) add linux bridge connected with ovs public bridge.
Change-Id: I4d266dd92756d5326dfa3d74fe2f376b26415812
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
* ship prebuilt salt master conf for better readability:
- enable x509.sign_remote_certificate (for prx VCP nodes);
* refactor Salt master CA handling:
- preinstall `salt_minion_dependency_packages` and
`salt_minion_reclass_dependencies` inside docker image;
- persistent /etc/pki;
- run salt.minion on cfg01 to generate master keys;
* bump container formulas to 1 Sep 2018 versions or newer:
- inject date into Docker makefile, forcing a fresh fetch of all
salt formulas from upstream git repos;
* workaround broken salt-formula-designate's meta/sphinx.yml:
- the DEB package version of salt-formula-designate uses `cmd.shell`
to query dpkg on the minion, while the git repo version still
uses `cmd.run`, running into parsing issues;
- temporarily disable sphinx metadata generation for designate until
upstream git repo syncs with the DEB version;
* upstream: salt-formula-salt AArch64 salt.control.virt support:
- retire salt-formula-salt git submodule and related patches;
* skip installing reclass distro package (already installed via pip
inside the container);
* limit initial pillar_refresh call to nodes on jumphost;
* remove unused salt-formula-nova git submodule;
JIRA: FUEL-383
Change-Id: I883b825e556f887a5e31f8a43676dcd8ece6dfde
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
* shift MTU from public bridge to physical interface
* add neutron related settings
Change-Id: Ia57d1ca7976968d6e7ee23f58a0abae1a1a256c0
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Salt relies on a limiting libvirt_domain j2 template to generate the
XML it passes to libvirt for salt.control managed virtual machines.
For AArch64, we need to set up 3 XML nodes in a non-default way:
1. UEFI firmware (AAVMF) should be enabled by passing a pflash loader;
2. CPU mode should be 'host-passthrough';
3. QEMU machine type should be 'virt';
To allow configuring the above using pillar data:
- virtng module: implement functionality similar to upstream changes:
* 219b84a512 virt module: Allow NVRAM unlinking on DOM undefine
in develop, not in 2018.2;
* 9cace9adb9 Add support to virt for libvirt loader
in develop, not in 2018.2;
- virtng module: extend it with:
* pass virt machine type to vm;
* pass cpu_mode to vm;
JIRA: ARMBAND-404
Change-Id: Ib2123e7170991b3dfbdb42bd1a2baa5a4360b200
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Since we reboot all nodes, applying the network configuration via
Salt before reboot is pointless and creates a race condition with
OVS.
While at it, add `--ignore-errors` to ifup call for OVS bridge to
prevent a race condition during linux.network state apply.
Change-Id: I22fe0afaffecd7b850a6b77d7b810ed296bfc9ca
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
* Refactor OPNFV salt-formulas mechanism to resemble upstream git
structure:
- git submodules: add new submodule for each formula we patch;
- create salt-formula-x directories for OPNFV formulas;
- move mcp/metadata/service contents to their each formula subdir;
- use `make patches-import` for patches previously handled by
patch.sh;
- retire patch.sh
* states: add virtual_init:
- mostly based on old salt.sh, which is now obsolete;
- exclude salt-master service restart (it would kill the container);
* scenarios: cleanup (rm cfg01 virtual node def), adopt virtual_init;
* reclass: align our model with prebuilt container's Salt config:
- drop linux:network pillar data (handled by Docker);
- stop applying linux.system state on cfg01;
- align salt user homedir;
- drop salt-formula packages (preprovisioned);
* minor plumbing in deploy.sh and lib.sh;
JIRA: FUEL-383
Change-Id: I28708a9b399d3f19012212c71966ebda9d6fc0ac
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Align all noha scenarios to install OVS 2.9 which doesn't drop
packets on bridge with netdev datapath type at initial stage.
Change-Id: Iab204828ac7acefcb26647cdbc27805871904f2c
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
In order to handle floating IPs related flows properly
the public bridge requires netdev datapath type to be set
explicitly in DPDK mode since OpenDaylight only manages
patches between integration bridge and the public one.
Change-Id: I868747dc501e9124cbecd4eb1234f74e8edd4edf
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
|
|
Change-Id: Id35d4cbee9b4ce0a7b78e2935b03c2def68bc123
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: I5346ee523b40f1a249394d59dbbe4d3d85c692cb
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
|
|
- dummy copy of os-nosdn-nofeature-ha masquerading as
os-nosdn-vpp-ha scenario placeholder
- dummy copy of os-nosdn-nofeature-noha masquerading as
os-nosdn-vpp-noha scenario placeholder
Change-Id: I63a302c98e6e176a480fbc110012ac66749ee88f
Signed-off-by: Cristina Pauna <cristina.pauna@enea.com>
|
|
Change-Id: I61ee8e19e783437dce7a9ddd666cd60e9d22a2e1
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
For DPDK scenarios, the private VLAN Linux interface should not
be created, as it interferes with OVS configuration.
Change-Id: I7eff6031a7cd5e50296e5d36084d7d50d6f3beae
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: Ib442f98b2601800360bc9b4ec01da892b50e7f1a
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Now that host vnet MTU has been bumped to 9000, we can safely enable
jumbo frames in ctl01 VM without breaking nova compute discovery.
JIRA: FUEL-336
Change-Id: I30bf333c18f3f0de2ce37fc7ae99df9b99f3a5e9
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
|
|
|
|
|
|
- odl01: Use a bridge for br-ctl to allow tagged mgmt;
- ctl01: Use bridges for br-ctl, br-ext;
- ctl01: Use mtu 1500 since jumbo frames seems to break nova cell
discovery;
JIRA: FUEL-382
Change-Id: I9bf48711930cac77a089e4d7b7ba98924dd161ee
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Locally overwriting barbican_integration_enable
on compute nodes does not work.
Set barbican_integration_enable to true by default.
Disable barbican_integration at openstack_control side.
While at it, enable barbican on ha scenarios too.
JIRA: FUNCTEST-981
Change-Id: I3c8df5d4078f73f32f3605dec5a7a365fa386019
Signed-off-by: Delia Popescu <delia.popescu@enea.com>
|
|
Change-Id: I0377615ff19e39aca74b90d2ff7e7b2cd5cd6ccb
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: I493fd49cb2b4bcd976873cd9297de3f90a74acf1
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Instead of applying PXE/admin static IPs via Salt right away,
delay the transition from DHCP until after node reboot to avoid
duplicate IPs and networking issues during deployment.
Change-Id: I8a12d78a6b42edc9bcf9eb9ebc9590e2af5ec52c
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
While at it, move openstack_version param to the common include dir.
JIRA: FUEL-382
Change-Id: I5e7ebb18a95672f066126d3afd28f13395a3149f
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Due to design limitations in idf.net_config, for a hybrid POD we need
to trunk certain network segments for the VMs running on the
jumpserver, including mgmt network going to cfg01, mas01.
Add mgmt VLAN support for cfg01, mas01 gated by a flag in IDF:
idf.fuel.jumphost.trunks.mgmt: True
JIRA: FUEL-338
Change-Id: I6903f9b70e5f8a88618bce28e21c7c0631a05065
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Salt 2016.x has a bug with states ordering coming from 'include'
statement. Glance/Heat DB sync is applied before package setup
although clearly specified 'require' in state.
Change-Id: Ic5f7ce4a7623fb208c0a5ba366802b7e02fa8b9f
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
|
|
|
|
* changes:
[noha] cinder: Align VG name with HA scenarios
[reclass] Move system.single class to common
[maas] Add reclass storage definitions for all
[reclass] Move MaaS classes to common dir for NOHA
|
|
Configure barbican for cinder-volumes and nova-compute
to use encrypted volumes
Disable default glance image signature verification with
barbican enabled
JIRA: FUNCTEST-981
Change-Id: I35660234526780a2277e459f3fa21a67d96ce7d7
Signed-off-by: Delia Popescu <delia.popescu@enea.com>
|
|
Instead of hardcoding kvm hostnames in maas machine definitions,
read node roles/hostnames from current scenario and map them
accodingly.
JIRA: FUEL-382
Change-Id: I15d52e299e0353971f8d0c7da853c571ad5410da
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
JIRA: FUEL-367
Change-Id: I9a4171d2616af5ae1bafbf1740fd7c7f97c1768e
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Prepare for MaaS integration in NOHA scenarios by aligning cinder
VG naming across all scenarios.
JIRA: FUEL-382
Change-Id: I0cd7accf573ae0904efddd7aa67d880f2a6deb71
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Include system.linux.system.single class globally in the common
section, preparing for MaaS NOHA node definition.
JIRA: FUEL-382
Change-Id: Icdfb2a90f356cd537631abe653950c0c30020551
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|