summaryrefslogtreecommitdiffstats
path: root/mcp
AgeCommit message (Collapse)AuthorFilesLines
2018-02-05[baremetal] Retire example pod_config.yamlAlexandru Avadanii1-111/+0
It is easier to just generate the `pod_config.yaml` file than to maintain it, so let's remove it. While at it, link sample PDF/IDF inside pharos git submodule, so we don't have to pass a different lab-config URI to use the sample. To generate pod_config.yml for the sample PDF/IDF: $ ./ci/deploy.sh -l local -p pod1 -s os-odl-nofeature-ha -d $ cat mcp/deploy/images/pod_config.yml JIRA: FUEL-322 Change-Id: If5898f92ef54bebc31d57f9632959e9093a89250 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-02-05[PDF] pod1: Refresh PDF, IDF examplesAlexandru Avadanii2-65/+66
Sync latest changes from pharos git repo for our sample PDF/IDF: - move net_config from PDF to IDF; - minor cleanup; JIRA: FUEL-322 Change-Id: If6865ac61a4942a1dd5daf7081fd8faa67e0e7bf Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-02-03Merge "[baremetal] Fix: wrong nic name idf index"Alexandru Avadanii2-2/+2
2018-02-02[baremetal] Fix: wrong nic name idf indexGuillermo Herrero2-2/+2
This was only affecting pod deployments with different board models, under the current limited support: - 3 KVMs will be same model and have the same NIC names - 2 Compute nodes will be the same model and have same NIC names For the computes nodes, br-mesh NIC name was wrong due to incorrect idf mapping Change-Id: I9685b35cb23b03be9fc0e6fe16c0712a9ad70e19 Signed-off-by: Guillermo Herrero <guillermo.herrero@enea.com>
2018-02-02Merge "deploy.sh: Disable net.bridge.bridge-nf-call"Michael Polenchuk1-0/+9
2018-02-02Revert "[FN VMs] remove graphics"Alexandru Avadanii13-35/+55
RHEL family virtualization tools reserve 02:00 PCI slot for VGA, even if 'nographics' is specified when creating the VM (in case the user wants to later hook a video card, which usually *requires* PCI slot2). Debian systems do not follow this rule (tested with libvirt 1.x, 2.x, 3.x), hence 1st NIC lands on PCI slot 2 (and get eth name 'ens2'). To align the behavior across all possible jumpserver distros, bring back the virtio video. This reverts commit 738f6c3b68d1179de1ff790f9e72c25f10874da4. Change-Id: Ifd855c12e04aec1ff0ab047b13f8081365741889 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-02-01deploy.sh: Disable net.bridge.bridge-nf-callAlexandru Avadanii1-0/+9
JIRA: FUEL-334 Change-Id: I6d2499053dcfb7f99593fcd5c948b569bdcb9c9b Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-02-01[baremetal] Allow MaaS timeouts to be set via IDFAlexandru Avadanii3-10/+2
Bump Pharos git submodule to pick up support for MaaS timeout parameterization, as well as new IDF for lf-pod2. Drop arch-specific MaaS timeouts, as they are now configurable on a per-POD basis. Sample usage (via IDF): idf: fuel: maas: # MaaS timeouts (in minutes) timeout_comissioning: 10 timeout_deploying: 15 Change-Id: I8fafa336b0bc64d705f6c2e40fc3dfb85672fb15 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-31Turn off Retpoline and KPTI protectionMichael Polenchuk6-28/+79
Based on Canonical research (https://goo.gl/QJykMa) there is low-risk of attack for private clouds environments, therefore turn off the related kernel patches & regain performance back. Change-Id: I661fa127241e327b07d21a29d58d584997607123 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-01-31Merge "[patch] Group APT calls for salt formula install"Michael Polenchuk2-2/+71
2018-01-31Merge "[VCP] Catch 'no response' when adding ssh auth key"Michael Polenchuk1-1/+1
2018-01-31[VCP] Catch 'no response' when adding ssh auth keyAlexandru Avadanii1-1/+1
On rare occassions, one or more minions might fail to respond in due time, so catch 'no reponse' using `wait_for`. Change-Id: I8e6b0dc44a39e79c2874ff9a657e152620ba3f13 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-30[patch] Group APT calls for salt formula installAlexandru Avadanii2-2/+71
When installing salt-formula-* on cfg01, we used to call APT for each package. Instead, handle them all at once. While at it, stop using colored output on terminals that don't support it (e.g. 'vt220' used by OPNFV Jenkins). Change-Id: Ib8f2cee9638c43cdf648487bf05b07cd49802d3e Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-30Update reclass system modelMichael Polenchuk2-4/+5
Get the latest reclass system model to be in sync with salt formulas code. Adjust keystone v3 admin endpoint patch. Change-Id: Ia7ce6187b875cc9e18af2784ef1eb5df1c145c7d Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-01-29[patch] Point neutron opendaylight configs to pikeMichael Polenchuk1-12/+12
Change-Id: I3fae38da88b170b84ea926abf93da8b178e9ca8a Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-01-29Merge "[FN VMs] remove graphics"Alexandru Avadanii13-55/+35
2018-01-29Merge "[cfg01] apt.conf.d: Dpkg::Use-Pty: 0"Michael Polenchuk2-0/+9
2018-01-29[FN VMs] remove graphicsAlexandru Avadanii13-55/+35
Since VCP VMs (created via salt formula) do not have a video controller defined in their domain XMLs, network devices end on different PCI slots and hence have different names assigned (ens2+ vs foundation node VMs, which start with ens3). To align network interface names for VMs on jumpserver vs kvm nodes, and reduce confusion, remove the video controller from FN VMs. This allows some cleanup: - drop extra AArch64 args from virt-install; - unify 'opnfv_vcp_vm_*' and 'opnfv_fn_vm_*' variables; Change-Id: I0d108b00914b3eaaa03b67c652174f8ed4573118 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-28[cfg01] apt.conf.d: Dpkg::Use-Pty: 0Alexandru Avadanii2-0/+9
This will silence all 'Reading database ...' noise during Salt formula installation. Change-Id: I734d727194e276443db1e1581f40ec494562196e Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-26Merge "lib.sh: Reduce useless wget dot reporting"Alexandru Avadanii1-1/+1
2018-01-26[ovs/dpdk] Configure vxlan for baremetal scenarioMichael Polenchuk7-11/+55
* switch ovs/dpdk scenario from vlan to vxlan mode * force br-ex interface to mitigate race with incorrect state * remove dpdk packages list (already in upstream) Change-Id: Ib827cef2d67879fd2a86d286ca2118b22493274d Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-01-25lib.sh: Reduce useless wget dot reportingAlexandru Avadanii1-1/+1
Downloading the base image (usually a few hundred MB) outputs a lot of useless dots to show progress. Switch to 1M per dot (from 1K). Change-Id: I8c525cad0b46e8ba3a7f6da4dd7f8277a49df91f Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-25[baremetal] Fix openstack_compute_pdf yaml errAlexandru Avadanii1-2/+2
Fixes: 7c79115 Change-Id: I62f52382b297b1aa9cfc37f74f04a00872ead1ef Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-25Merge "Add support for different public network netmask"Alexandru Avadanii7-16/+34
2018-01-25Merge "[lab-config] Use Pharos submodule by default"Alexandru Avadanii8-121/+45
2018-01-25Merge "Horizon: Fix and reload missing css in Pike"Alexandru Avadanii2-0/+20
2018-01-24[lab-config] Use Pharos submodule by defaultAlexandru Avadanii8-121/+45
- switch from securedlab to pharos as lab-config structure; - accomodate the move net_config from PDF to IDF in j2 templates; Change-Id: Ib04e4fb384568a6efd9e78a080857b663521ae88 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-23Rectify ODL repository apt keyMichael Polenchuk2-16/+24
Change-Id: Iaa917be9f8f86c328ce4d503923a0d7cca680434 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-01-23Horizon: Fix and reload missing css in Piketing wu2-0/+20
The horizon in Pike release is broken due to missing the static content. This workaround is to: - create a missing symbolic link. The link is defined as an alias in the apache configuraion - collecting and compressing static assets - add single "Default" theme as AVAILABLE_THEMES - restart apache2 service - apply the workaround to Salt states 'openstack_ha' and 'openstack_noha' JIRA: FUEL-324 Change-Id: Idd70165f1be8d31967a3ab518323e6f3e8406624 Signed-off-by: ting wu <ting.wu@enea.com>
2018-01-22[baremetal] Fix ocata referenceAlexandru Avadanii3-2/+2
Previous cherry-pick failed to rename 'ocata' to 'pike'. JIRA: FUEL-317 Change-Id: Ic1a1145e0652f2a7d15980399232631cf3fc5080 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-22[baremetal] Add upstream (lab) proxy supportAlexandru Avadanii3-0/+26
If upstream proxy is defined in IDF, propagate it to pillar data: - linux:system:proxy:keyserver:http(s) for cfg01, mas01; - maas:region:upstream_proxy for mas01; Sample IDF config: idf: fuel: network: upstream_proxy: address: 10.0.2.2 port: 3128 JIRA: FUEL-317 Change-Id: I12be815e1b4564227fb09c20ce06cd71e7d433b6 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-22Add support for different public network netmaskGuillermo Herrero7-16/+34
- Remove hardcoded /24 mask - Use PDF as source for public network, with reclass params: opnfv_net_public, _mask, _gw, _pool_start, _pool_end JIRA: FUEL-315 Change-Id: Idf3a4ed8f63f58fa90d9c1dcb7751ef3b1c9bd36 Signed-off-by: Guillermo Herrero <guillermo.herrero@enea.com>
2018-01-22Merge "reclass: apt_mk_version: stable"Michael Polenchuk3-3/+3
2018-01-22Merge "[baremetal] Fix cmp proto dhcp on PXE/admin"Michael Polenchuk2-0/+8
2018-01-22[patch] system.repo: Add keyserver proxy supportAlexandru Avadanii6-8/+122
Instead of defining a http proxy for all salt-minion traffic, which also includes some Openstack API accesses we can't filter (no_proxy is not yet supported), add & leverage support for proxy configuration during APT keyserver access / key download. JIRA: FUEL-331 Change-Id: I9470807633596c610cfafb141b139ddda2ff096b Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-21[baremetal] Fix cmp proto dhcp on PXE/adminAlexandru Avadanii2-0/+8
Although we properly filter the PXE/admin interface in the common openstack_compute_pdf.yml.j2 template and use DHCP instead of manual setup, we failed to do the same in scenario-specific overrides (ODL, OVS), so we end up with 'proto: manual' on PXE/admin on cmp nodes. The fix is trivial and reuses the mechanism in the common class in scenario-specific templates (if interface is PXE/admin, use 'DHCP' instead of 'manual'). This solves the issue of broken connectivity to Salt master after cmp reboot. Change-Id: I1953d03343190acb2efcab4412a3d37e130b0ea9 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-21reclass: apt_mk_version: stableAlexandru Avadanii3-3/+3
Although previous commit d1b6119 changed the first reference of apt-mk repos to 'stable' from 'nightly', it missed the cluster model. This fixes redeploys with `-f`, which fail due to conflicts between already installed 'stable' packages and 'nightly' ones. Fixes: d1b6119 Change-Id: I854bac86feaaa61da0b68d158e270eec1ee0ccb7 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-19Get back to the GA kernelMichael Polenchuk2-3/+1
- openvswitch 2.8 officially supports kernel versions from 3.10 to 4.12 - ODL baremetal scenario is acting up with floating/public SNAT flow under hwe edge kernel 4.13 Change-Id: I099d528b3b1c2ea34f8f856cd60f809f90defea6 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-01-15Setup mongodb master primarilyMichael Polenchuk2-4/+4
Initiate mongodb master at first to avoid race conditaion with unwanted master election which causes cluster setup failure. Change-Id: I6d2f75f3f002849cac3a5f52a7dcfb4646b7822a Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-01-12Retry cinder volume stateMichael Polenchuk2-2/+5
The service of cinder-volume restarts too quickly after package installation with default/incorrect configuration and goes over restart threshold, so systemd stops attempt to restart any further causing state faulure. To fix it properly the RestartSec (i.e. restart delay) param should be added into cinder-volume.service unit. Change-Id: Ic8591e8ef52a3d439122f276d275e56bd2442ce6 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-01-11[baremetal] Disable dhcp offered routesMichael Polenchuk2-0/+5
Prevent dhcp client from setting an unwanted default routes on compute nodes. Change-Id: I2529491bbc977647e5f457d5f1ba88b0cc4372ee Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
2018-01-08Merge "[centos jump] Add missing dependency for nbd build"Alexandru Avadanii1-0/+1
2018-01-08[centos jump] Add missing dependency for nbd buildAlexandru Avadanii1-0/+1
Change-Id: Icb23d2e6d3bb6e49b54e2d51cc8a35cb03702fcd Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-08lib.sh: base image: Prevent using incomplete imgAlexandru Avadanii1-4/+4
In case the previous deploy attempt already copied the base image as the VCP image in order to perform offline operations and failed, leaving an incomplete image in place, current code might try to use it instead of building it from scratch. Use the hash-agnostic link names as checkpoints for successful image handling. Change-Id: I1e99e515e18ba1dec534c520811c127b2b528afe Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-08lib.sh: Fix `modprobe -f` on UbuntuAlexandru Avadanii1-3/+4
For some reason, `modprobe -f` for a clean nbd module (from vanilla Ubuntu) fails with exec format error randomly, while a simple `modprobe` works. Change-Id: I79785e510cab757e2482baf442054be984c24019 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-07MaaS: Set commission/deploy timeouts via reclassAlexandru Avadanii3-2/+10
Allow end-users to easily change the MaaS commissioning/deploying timeouts by simply editing the reclass model. While at it, use arch-specific values and bump deploy timeout on AArch64 to 20 minutes instead of 15. Change-Id: I37ae434ecebdd64effb007baa06c722b1db15c66 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-07lib.sh: Fix stop condition in wait_forAlexandru Avadanii1-5/+5
Change-Id: Ida693b6dd328db283d6992ac33500f4dd1a73eb8 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-07salt.sh: Fix linux state apply on cfg01Alexandru Avadanii1-4/+4
cfg01 does not repond or is not connected while trying to apply linux state via salt.sh, use wait_for macro to account for this. JIRA: ARMBAND-315 Change-Id: I2d4c63d43f806b65f9ce327f4a00a6334be88750 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-07lib.sh: Extend wait_for function to catch no respAlexandru Avadanii5-16/+19
wait_for function should be able to also check for minions that did not return or not respond, in addition to the return code. To keep it backwards compatible, condition the new check on the max attempt number being specified in decimal format (e.g. '10.0' unlike old '10'). Change-Id: If2512cf9121cdd795638efe7362ef0485d4e8d91 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
2018-01-07user-data.template: Remove salt-minion installAlexandru Avadanii2-12/+1
salt-minion is now pre-provisioned inside the image using qemu-nbd. Revert "lib.sh: Limit envsubst to certain variables" This reverts commit 3a76d07dbd409b781abdb8520f55a1b20edf07db. Change-Id: Icceb8bcf439e28ab01c7731c3602c1113290454d Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>