Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
- switch from securedlab to pharos as lab-config structure;
- accomodate the move net_config from PDF to IDF in j2 templates;
Change-Id: Ib04e4fb384568a6efd9e78a080857b663521ae88
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: Iaa917be9f8f86c328ce4d503923a0d7cca680434
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
The horizon in Pike release is broken due to missing
the static content. This workaround is to:
- create a missing symbolic link.
The link is defined as an alias in the apache configuraion
- collecting and compressing static assets
- add single "Default" theme as AVAILABLE_THEMES
- restart apache2 service
- apply the workaround to Salt states
'openstack_ha' and 'openstack_noha'
JIRA: FUEL-324
Change-Id: Idd70165f1be8d31967a3ab518323e6f3e8406624
Signed-off-by: ting wu <ting.wu@enea.com>
|
|
Previous cherry-pick failed to rename 'ocata' to 'pike'.
JIRA: FUEL-317
Change-Id: Ic1a1145e0652f2a7d15980399232631cf3fc5080
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
If upstream proxy is defined in IDF, propagate it to pillar data:
- linux:system:proxy:keyserver:http(s) for cfg01, mas01;
- maas:region:upstream_proxy for mas01;
Sample IDF config:
idf:
fuel:
network:
upstream_proxy:
address: 10.0.2.2
port: 3128
JIRA: FUEL-317
Change-Id: I12be815e1b4564227fb09c20ce06cd71e7d433b6
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
|
|
|
|
Instead of defining a http proxy for all salt-minion traffic, which
also includes some Openstack API accesses we can't filter (no_proxy
is not yet supported), add & leverage support for proxy configuration
during APT keyserver access / key download.
JIRA: FUEL-331
Change-Id: I9470807633596c610cfafb141b139ddda2ff096b
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Although we properly filter the PXE/admin interface in the common
openstack_compute_pdf.yml.j2 template and use DHCP instead of manual
setup, we failed to do the same in scenario-specific overrides
(ODL, OVS), so we end up with 'proto: manual' on PXE/admin on cmp
nodes.
The fix is trivial and reuses the mechanism in the common class in
scenario-specific templates (if interface is PXE/admin, use 'DHCP'
instead of 'manual').
This solves the issue of broken connectivity to Salt master after
cmp reboot.
Change-Id: I1953d03343190acb2efcab4412a3d37e130b0ea9
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Although previous commit d1b6119 changed the first reference of
apt-mk repos to 'stable' from 'nightly', it missed the cluster model.
This fixes redeploys with `-f`, which fail due to conflicts between
already installed 'stable' packages and 'nightly' ones.
Fixes: d1b6119
Change-Id: I854bac86feaaa61da0b68d158e270eec1ee0ccb7
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
- openvswitch 2.8 officially supports kernel versions from 3.10 to 4.12
- ODL baremetal scenario is acting up with floating/public SNAT
flow under hwe edge kernel 4.13
Change-Id: I099d528b3b1c2ea34f8f856cd60f809f90defea6
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Initiate mongodb master at first to avoid race conditaion with
unwanted master election which causes cluster setup failure.
Change-Id: I6d2f75f3f002849cac3a5f52a7dcfb4646b7822a
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
The service of cinder-volume restarts too quickly after package
installation with default/incorrect configuration and goes over restart
threshold, so systemd stops attempt to restart any further causing
state faulure. To fix it properly the RestartSec (i.e. restart delay)
param should be added into cinder-volume.service unit.
Change-Id: Ic8591e8ef52a3d439122f276d275e56bd2442ce6
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Prevent dhcp client from setting an unwanted
default routes on compute nodes.
Change-Id: I2529491bbc977647e5f457d5f1ba88b0cc4372ee
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
|
|
Change-Id: Icb23d2e6d3bb6e49b54e2d51cc8a35cb03702fcd
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
In case the previous deploy attempt already copied the base image
as the VCP image in order to perform offline operations and failed,
leaving an incomplete image in place, current code might try to use
it instead of building it from scratch.
Use the hash-agnostic link names as checkpoints for successful image
handling.
Change-Id: I1e99e515e18ba1dec534c520811c127b2b528afe
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
For some reason, `modprobe -f` for a clean nbd module (from vanilla
Ubuntu) fails with exec format error randomly, while a simple
`modprobe` works.
Change-Id: I79785e510cab757e2482baf442054be984c24019
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Allow end-users to easily change the MaaS commissioning/deploying
timeouts by simply editing the reclass model.
While at it, use arch-specific values and bump deploy timeout on
AArch64 to 20 minutes instead of 15.
Change-Id: I37ae434ecebdd64effb007baa06c722b1db15c66
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: Ida693b6dd328db283d6992ac33500f4dd1a73eb8
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
cfg01 does not repond or is not connected while trying to apply
linux state via salt.sh, use wait_for macro to account for this.
JIRA: ARMBAND-315
Change-Id: I2d4c63d43f806b65f9ce327f4a00a6334be88750
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
wait_for function should be able to also check for minions that did
not return or not respond, in addition to the return code.
To keep it backwards compatible, condition the new check on the max
attempt number being specified in decimal format (e.g. '10.0' unlike
old '10').
Change-Id: If2512cf9121cdd795638efe7362ef0485d4e8d91
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
salt-minion is now pre-provisioned inside the image using qemu-nbd.
Revert "lib.sh: Limit envsubst to certain variables"
This reverts commit 3a76d07dbd409b781abdb8520f55a1b20edf07db.
Change-Id: Icceb8bcf439e28ab01c7731c3602c1113290454d
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Fingerprint and re-use base image artifacts.
Change-Id: Ic7a73c04e27d25addd50e4e9880619a0028956d3
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
JIRA: FUEL-323
Change-Id: I0dcbcfbedc7e9ef013ca50dcc08f804323f91701
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Balance VM distribution on the 3 kvm nodes, as kvm02 has 4 VCP VMs
while kvm{01,03} have 5 VCP VMs each (without ODL).
Instead of spawning the ODL VCP VM on kvm03, move it to kvm02.
Change-Id: Id03b9453ee7c15cd6785c0bc073a38b87034aede
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: Ia514418d2aae1b4f7e752d4610fa6c9829c67e51
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
RHEL distros do not maintain nbd, so add a best-effort function
to build it on the fly.
Change-Id: Ie0419f0fed8a0b12f6b878b3093d6ca34f72d140
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
qemu-nbd requires the 'nbd' kernel module, which is not available
by default on CentOS 7, but is available from EPEL repo.
Change-Id: I3e8f722d31a97293b077115499a97c93a4751917
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Since Mirantis prebuilt image comes with salt-minion 2016.3 instead
of 2016.11 and upgrading it leads to a hard to break catch-22, use
the Ubuntu cloud archive image we already download for FN VMs and
pre-install:
- a newer kernel (hwe-edge);
- salt-minion (2016.11);
This also implicitly aligns the image handling on AArch64 and x86_64.
Change-Id: I86d1c777449d37bdd0348936a598e3ffe9d265af
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Unlike nightly dist, stable/2017.12 distributions of salt formulas
repo do not yet include this change, so bring it back.
This reverts commit 8fbafdf8a665fb8fff4d6f9f14c343e109c122ec.
Change-Id: I7f7011750d385a28f4653faeeb74edb1cac1bcf2
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
By default, MaaS formula will install Salt minion 2016.3 via curtin
on physical nodes. 2016.3 does not properly support proxy_host
config option, causing timeouts during `linux.system.repo` SLS apply.
Change-Id: I3d6245f0d4b425170c43b3b62a21ad9acc6cb97e
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Isolate networks by retiring NAT on mas01; also cutting direct
internet access from cluster nodes that are not facing the public
network (prx, cmp).
NOTE: Since we are removing mas01 NAT, VCP VMs (except prx which have
public IPs) and kvm nodes (cmp also have public IPs) will no longer
have direct internet connectivity.
Cluster deployment and operations will work without it, but if it is
required for different reasons, the MaaS proxy could be enabled by
uncommenting the /etc/enviroment section in:
- cluster.baremetal-mcp-pike-common-ha.include.proxy.yml
JIRA: FUEL-317
Change-Id: I5ed8b420296b27df34a54ec1ebd7b7cf58041425
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Another prerequisite for decoupling public network from Openstack
internal management network (upstream won't fix it for Pike):
- port fix from [1] for using the internal network when connecting
to keystone during project ID validation in nova, instead of
going through public endpoint (and using SSL).
[1] https://bugs.launchpad.net/nova/+bug/1716344
Change-Id: Ic9a307df9af78fcd58cbcc07b5e62a7e07cc8d7d
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Now that v2 API is obsolete, also switch 'admin' endpoint to v3
(previously it was kept back for OCL compatibility).
Change-Id: I9775d59d5e6b93d7351157f7550a0dd7114bee2f
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
|
|
|
|
Do not assume routes are on the same OVS port as the one currently
being configured. Instead, apply the `unless` ifup condition for
any OVS port.
Change-Id: Iea8084f9e50401d300feb7ed16f90b430680cac5
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Prepare for decoupling management from public (drop mas01 NAT):
- ctl: change heat URLs to use new management VIP instead of public;
Change-Id: I8e220ee37bd4177c3afd58a9ee401f815d046706
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Include `openstack_web_public_vip` class for setting up the
old VIP in the public network, use old class for mgmt VIP.
Also change the generic hostname 'prx' to point inside mgmt net.
Change-Id: Iff69394f16ede290d149a26b054a85371f00f8e0
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Instead of using NAT on the mas01 node for all cluster node outgoing
traffic, use the MaaS built-in proxy for APT traffic to leverage its
caching capabilities too.
Also enable the proxy for salt minions, so they can access public
keyservers et al.
Cleanup public DNS from kvm nodes, interferes with MaaS proxy.
Add example config for global env proxy, but don't enable it:
- default environment settings - /etc/environment (via reclass);
The MaaS proxy will not be used (at least for now) on nodes:
- cfg01;
- mas01;
NOTE: We can't yet drop the maas.pxe_nat state completely, as certain
Openstack services are still accessed via public addresses from ctl
nodes.
JIRA: FUEL-317
JIRA: FUEL-318
Change-Id: I6c5f6872bb94afb838580571080e808bc262fc68
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
When we dropped the default gw via mas01 NAT, we uncovered a bug,
compute nodes do not have the proper public gw set up and used
to reach public network via mas01, slowing everything down.
Add gw similar to prx nodes.
Fixes: d4ab072
Change-Id: I4343c31c376a7a223670cdd623366454396d8d92
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
'nightly' repo dist from apt-mk is broken, so switch to 'stable'.
Change-Id: Ie12dfc2a499910b8b98a63886ba16044e66435f5
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
|
|
Ubuntu prefers ipv6 connections therefore in some networks, this
breaks software updates (it does a AAAA DNS lookup before A record
lookups). Let's prefer old style ipv4 connections over the new ipv6 in
order to save some processing and resource utilization.
Based on previous work from [1] (but without /etc/gai.conf, only APT).
[1] https://review.openstack.org/#/c/462502/
JIRA: FUEL-321
Change-Id: Ic3dff3baa1c0be9ac95972557d6a2d26641bfe1b
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Simplify wait condition for MaaS service up, since it's fragile
and often adds extra time when not really needed.
Instead, retry starting boot image import right away.
Change-Id: I131d6c82127449cecf6685d4cc7484a366e658c6
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
|
|
PR [1] was merged upstream.
[1] https://github.com/Mirantis/reclass-system-salt-model/pull/298
Change-Id: I335ac265b0b0b625c2f488755c5d11710ab354c2
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|