Age | Commit message (Collapse) | Author | Files | Lines |
|
To bypass Docker 'bridge'-backed network isolation, we previously
added an extra routing hop, which broke access from inside the
'mcpcontrol' Docker network (typically 10.20.0.0/24) to its
bridge address (10.20.0.1), leading to DNS issues on Salt Master.
This change leverages policy based routing to only add the extra
routing hop for connections originating from the default Docker
bridge network ('docker0'). Note that other Docker networks
using the 'bridge' driver are still isolated from 'mcpcontrol'.
Fixes: d9b44acb
Change-Id: Ib92901c3278ae9b815f28f26d4c26f82bcadacd6
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
(cherry picked from commit c7a28fcf419f78aa44af8800e1f35e47471c4bb0)
|
|
Recent virsh/Docker network rework changed mcpcontrol (previously
a virsh-managed network) into a Docker-controlled network using
the 'bridge' driver.
As a consequence, Docker now isolates traffic from 'mcpcontrol'
network from the default Docker bridge network ('docker0') using
iptables rules that check input/output interfaces.
Yardstick (and any other Docker container hooked via 'docker0')
will not be able to ssh into Salt master due to this isolation.
One possible workaround would be to explicitly ACCEPT traffic
from 'docker0' going to Salt master. However, this is only
properly supported starting with Docker 17.06, while most CI hosts
and end users are still using 17.05 or older.
In older Docker releases, DOCKER-USER iptables table was not
avaiable, so injecting custom iptables and making them persistent
is not only complicated, it's also prone to subtle errors.
Another way to bypass the iptables rules is to route the packets
coming from our new Docker network via another bridge before
letting them find their way into 'docker0'.
This change adds a new route for the Salt master host (note that
MaaS container will not benefit from this) via the PXE bridge on
the jumphost (which can be either a real Linux bridge for baremetal
deployments or a virsh-managed network); adding one extra network
hop for each packet going between our 'mcpcontrol' Docker network
and 'docker0', effectively bypassing the Docker-enforced iptables
DROP.
Change-Id: Id8ac7a638c778887b361c9b64c320664c88f59fd
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
(cherry picked from commit d9b44acb6871837caf6f6d962af824cf9eebe667)
|
|
The per port memory model provides a more transparent memory usage model
and avoids pool exhaustion due to competing memory requirements for
interfaces. (http://docs.openvswitch.org/en/latest/topics/dpdk/memory/)
Change-Id: I5add0f49cdcdf2fc3d24affee10a275abe3ca46a
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
- bump Pharos git submodule to allow PODs with fewer nodes;
- add `k8-calico-iec-noha` scenario definition for Akraino
IEC basic configuration;
- add `k8-calico-iec-vcp-noha` scenario definition for Akraino
IEC nested (virtualized control plane) configuration;
- add `akraino_iec` state, which will leverage the Akraino IEC
bootstrap scripts from [1];
- replace system.reboot salt call with cmd.run 'reboot' as it's more
reliable;
- use kernel 4.15 for AArch64 K8 IEC scenarios;
NOTE: These scenarios will not be released in OPNFV since don't rely
on Salt formulas but instead of Akraino IEC scripts to install K8s.
[1] https://gerrit.akraino.org/r/#/q/project:iec
Change-Id: I4e538e0563d724cd3fd5c4d462ddc22d0c739402
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Certain kernels (e.g. 4.4.0-101+ in Ubuntu) no longer automatically
ack the partition table update after `kpartx -a /dev/nbdX`, see [1].
To avoid another dependency on `parted` packages, use `partx` from
`util-linux`, which is already installed as a dependency of e2fsprogs.
[1] https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1743026
Change-Id: Ibd993fe210c1a11814e89a66759568d4d117d613
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Create 2 systemd services on the jumphost that will handle veth
pairs creation, respectively adding them to virsh/real bridges.
This allows us to set docker containers restart policy to 'always',
enabling persistent Salt Master/MaaS containers across jumphost
reboots.
NOTE: libvirt creates virtual networks async, hence the need for
retrying hooking veths to them.
JIRA: FUEL-406
Change-Id: I1ca033cb5eb854b577b57bb2387a58bd9605a5bb
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
|
|
As reported in [1], kernel 4.4 seems to break nested virtualization,
add a fatal check against it.
[1] https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1797332
Change-Id: I0aef8a7340dd82bfeb2e58c9642623b9ec13dca5
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Some PODs are fast enough to get past installing, syncing and using
MaaS to provision the OS on the baremetal nodes before the 1h mine
refresh.
Since mine.update operation is fast enough to go unnoticed and we
only collect IP addresses, grains and pem entries, schedule it every
15 minutes.
Due to reclass class inheritance, we can't easily override this via
pillar data, so handle it via entrypoint.sh.
Change-Id: I0d8ed2da838ad09c94e9327d0131d3e239de4f08
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
|
|
- replace mas01 VM with a Docker container;
- drop `mcpcontrol` virsh-managed network, including special handling
previously required for it across all scripts;
- drop infrastructure VMs handling from scripts, the only VMs we still
handle are cluster VMs for virtual and/or hybrid deployments;
- drop SSH server from mas01;
- stop running linux state on mas01, as all prerequisites are properly
handled durin Docker build or via entrypoint.sh - for completeness,
we still keep pillar data in sync with the actual contents of mas01
configuration, so running the state manually would still work;
- make port 5240 available on the jumpserver for MaaS dashboard access;
- docs: update diagrams and text to reflect the new changes;
Change-Id: I6d9424995e9a90c530fd7577edf401d552bab929
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
While the minions are working their jobs the CLI is waiting for the
first initial timeout period (timeout) to start. When that hits,
the CLI sends sends the first "find_job" query. This kicks off the
gather_job_timeout timer. Sometimes a minion doesn't respond to the request
within the gather_job_timeout time period (default is 10s), so rise up
this value to give a chance for a minion to report actual status.
Change-Id: Ic3756b82fdeb17718870ab30e9578263d25309f7
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
|
|
Change-Id: I7486569568207f7652f8bdfcf1060ce51a9dbb0e
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: Ia7f8845017333e54db110bca5b3715702948b76b
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Extend one of the existing deployment arguments to allow the
installation of only the operating system and infrastructure networks,
skipping cloud setup.
Change-Id: Ibc5d0f324ed15b66f809839cfce49a0324b6fe4d
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Alternating HA and no-HA scenario deployments on baremetal requires
non-hostname targeting for UEFI cleanup (e.g. ctl01/gtw01/kvm01).
Change-Id: I9f0e967b500856b65a69ea0ab6ea13e15b327d8b
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: I177598d4d20539e50aab5f283e8d10022a4f1a14
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: I79d3167432d48500346d5c8294d447c54e0cb6be
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: If167e7a6bdcdccd6b6df43bd5cac54250abec61a
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
|
|
|
|
When noha scenarios are scheduled on the same CI POD currently
running a previously deployed HA scenario, one baremetal node
might remain unused (kvm03), connect to the new Salt master and
interfere with the deployment.
To prevent that, shutdown all baremetal nodes at the begining of the
deployment.
Change-Id: Ia9bad8b5d8348433cefac9aa76eca0de664f187d
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
CentOS recently moved its kernel source RPM from the altarch subdir
to the same directory x86_64 kernel sources used to reside, so update
our script accordinly.
Change-Id: I88010eabdfc15d6a79350dface29258cc37c4b95
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
On AArch64, 1G hugepages need to be enabled via kernel cmdline
before mounting hugetlbfs [1].
Leverage MaaS tags to apply custom kernel args to AArch64 nodes.
[1] https://wiki.debian.org/Hugepages
Change-Id: Ie68ddf805836ee62f725019b0b873082b1d40948
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
|
|
This commit should be reverted once original formulas
get required support of rocky version.
Change-Id: Ia3458381bced0cae8dbfacc9781c90933ad5c822
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Sync predefined Salt Master configuration with reclass class
system.salt.master.single (but limit worker_threads to 20).
Change-Id: I760cdcb9ebbdab517011eccab0616abb36014cc1
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
JIRA: FUEL-364
Change-Id: Ia470fc8103713e7a06cd9647675b0edfb4342bf8
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
JIRA: FUEL-336
Change-Id: I1c8d22b8322f700eb727d9077035ba4c9f9f9753
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
reclass settings.py should be patched before the salt-master service
is started (since we can't restart it inside the container without
killing the tini init).
Fixes: 2de5348a
Change-Id: Id62d8f9f12fd72ef60322dd9907f26907231c4a7
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: I1bf4452e0f6e9aa5d2b9a002a1ec45c70fb8c2ab
Signed-off-by: Paul Vaduva <Paul.Vaduva@enea.com>
|
|
Explicitly set the ipv4_address for each network instead of relying
on ip_range allocation, which seems to fail / not be picked up.
While at it, use docker-compose 1.22 or newer to bypass slow Docker
network creation with 'macvlan' driver [1].
[1] https://github.com/docker/compose/issues/5248
Change-Id: Ic31851522576ebb2407d869b7c3ed7bd06951922
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
|
|
Previously, cfg01 mgmt address did not consider the `ip-range` param,
leading to a mismatching `cfg01` entry in /etc/hosts on cluster nodes.
Change-Id: If6f605f4b2817c3751074bef60ebde298bc74b7d
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
* bump salt-formula-maas git submodule;
* sync AArch64 initial salt config with the x86_64 default config;
* bump Pharos git submodule to sync `power_pass` MaaS configuration
paramater naming;
Change-Id: Ic59dd8becb6d83a9e67004c38d51681c88c4be7c
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
|
|
Change-Id: I8fdc24130b3887defc2d7b53f94530f71b28aa02
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
- s/Fuel@OPNFV/OPNFV Fuel/g;
- added README files for ci/scenarios/patches directories;
- refresh & simplify cluster overview diagrams;
- unify labels across docs;
- fix TOC numbering;
- remove local labs PDF/IDF files, as they are merely duplicates of
Pharos files included as a git submodule;
JIRA: FUEL-397
Change-Id: I87f61938eeb67f13fd9205d5226a30f02e55d267
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: I698d97f3dbf8cdbe7002c5e4b02ac1a51dacdbfb
Signed-off-by: Guillermo Herrero <guillermo.herrero@enea.com>
|
|
JIRA: FUEL-393
This patch adds support of os-odl-bgvpn-noha scenario to fuel
installer.
Change-Id: I4e053e38aac70023b0a81f9a41b415c7a1aae3af
Depends-On: I57288bbb42f4c75af19f3807f8f15b44482c066c
Signed-off-by: Stamatis Katsaounis <mokats@intracom-telecom.com>
|
|
Make sure `virsh` and `virt-install` use the same connection URI.
Fixes: e49ffac1
Change-Id: I437f063ce9936804248b7cf09f6ecfef6417f387
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
_param:aodh_version was lost during a recent refactor, bring it back.
While at it, also make chown in entrypoint.sh recursive to prepare
for non-sudo deployments.
Fixes: c0de0902
Change-Id: I41b225c4a3f15269aa156a1c33412206beff6ee9
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
lib.sh got pretty big over time, making it hard to maintain.
Since most of the functions defined now in lib.sh are only required
during build/deploy and not in state files, move them to a new file.
While at it, prepare for running build/deploy as non-root and
set a default connection string for virsh instead of using
user specific config in ~/.config/libvirt/libvirt.conf, which
caused end user experience issues in the past.
Change-Id: Id8c2a8139e4bfdb99af2b0fad73b911ffa18ebea
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
|
|
`virtual_init` state file tries to ping all FN VMs, but that won't
work on hybrid PODs since all FN VMs but mas01 require MaaS DHCP to
be already configured (i.e. FN VMs in question will be reset after
mas01 is fully configured).
Limit virtual node queries in `virtual_init` to mas01 VM, as the rest
of FN VMs will be handled via `baremetal_init` state.
While at it, move _param:apt_mk_version def to common reclass to
avoid an undef reference in NOHA hybrid deployments; set MCP_VCP to
0 for non-HA scenarios.
JIRA: FUEL-385
Change-Id: I582bca6864e9bfed23baf26f9b66e6e95e986c58
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Bring back MAAS_IP global env var and use it for mas01 VM IP addr
in mcpcontrol network to prevent salt minion signature change.
Partially-reverts: b666bc50
Change-Id: I5c7668393fe66287bd3ecdc75dd3195d5a89a8f3
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
JIRA: FUEL-383
Change-Id: I9203aa8d20def5b78d261f8c6847ddc576f0feb7
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
While at it, retire obsolete MAAS_IP global variable and let mas01
VM get a DHCP address from virsh-managed mcpcontrol network.
Change-Id: Ifd85dbcab10894a5d0d675d37f0c35f09776d9b4
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
|