Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
Previously, Salt Master CA mine was only sent once, during
salt.minion.ca state execution at cfg01 bringup / bootstrap.
This causes possible issues with:
- Salt Master container restart (mine data is lost);
- UNH Lab deployment (uknown rootcause, might be related to XFS and
overlay2 being used with Docker on CentOS);
To bypass this issue, make x509.get_pem_entries module send mine data
at the default mine interval (60 minutes).
Change-Id: I5f6334ae18f5af6cbe0a164791603b67f0a3668f
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
- replace mas01 VM with a Docker container;
- drop `mcpcontrol` virsh-managed network, including special handling
previously required for it across all scripts;
- drop infrastructure VMs handling from scripts, the only VMs we still
handle are cluster VMs for virtual and/or hybrid deployments;
- drop SSH server from mas01;
- stop running linux state on mas01, as all prerequisites are properly
handled durin Docker build or via entrypoint.sh - for completeness,
we still keep pillar data in sync with the actual contents of mas01
configuration, so running the state manually would still work;
- make port 5240 available on the jumpserver for MaaS dashboard access;
- docs: update diagrams and text to reflect the new changes;
Change-Id: I6d9424995e9a90c530fd7577edf401d552bab929
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
While the minions are working their jobs the CLI is waiting for the
first initial timeout period (timeout) to start. When that hits,
the CLI sends sends the first "find_job" query. This kicks off the
gather_job_timeout timer. Sometimes a minion doesn't respond to the request
within the gather_job_timeout time period (default is 10s), so rise up
this value to give a chance for a minion to report actual status.
Change-Id: Ic3756b82fdeb17718870ab30e9578263d25309f7
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
|
|
|
|
Change-Id: I3bbe3e4be520ccac198654bb4a7d493aa8450023
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: I7709c9ca9e701b656447154919eb084a710f49af
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
The PaxOsgi logging has a performance impact
(i.e. makes pressure to the Java GC).
Change-Id: Ic0bc2c0d1cfac195a04d1cfa90fa7fa47fc37612
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
|
|
|
|
|
|
Previously, Ubuntu ignored the VPP pinning with:
N: Ignoring file 'fdio.ubuntu' in directory '/etc/apt/preferences.d/'
as it has an invalid filename extension
Change-Id: I5ee60c1715bea3b4180b55125dc72962a70c2754
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: I7486569568207f7652f8bdfcf1060ce51a9dbb0e
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: Ia7f8845017333e54db110bca5b3715702948b76b
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
In order to mitigate live migration procedure make VIF plugging
event non-fatal for nova-compute. Also align max value of memory
for instance of ODL controller.
Change-Id: I0d00cc97c652eef3bd3404fac4715e2e7f2f02c7
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
|
|
|
|
Extend one of the existing deployment arguments to allow the
installation of only the operating system and infrastructure networks,
skipping cloud setup.
Change-Id: Ibc5d0f324ed15b66f809839cfce49a0324b6fe4d
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
|
|
VPP 18.10 has a weird bug triggered by certain packets, e.g. from
inside a guest VM on a compute node, these behave differently:
$ udhcpc -x hostname:1234567890123456789012 # works
$ udhcpc -x hostname:12345678901234567890123 # confuses VPP on gtw01
To avoid this bug, pin VPP to the previous release, which does not
exhibit the issue.
Change-Id: I8c1e085731909d4b9296e8b09608887a4b5bfdd6
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Baremetal clusters might benefit from having a little more time
to plug in the VIFs.
Change-Id: I9406a0ef24de2177827b3acd27b7c60b293a4572
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Fix broken systemd service unit dependecies:
- OVS should start before networking service;
- OVS ports & bridges should not be automatically ifup-ed by
networking service to avoid races, so drop 'auto' for both
(OVS ports are automatically handled when part of an OVS bridge);
- explicitly ifup OVS bridges as part of networking service, but
after all Linux interfaces have been handled;
- use 'allow-ovs br-prv' to let OVS handle br-prv and avoid another
race condition;
While at it, fix some other related issues:
- make OVS service start after DPDK service (if present);
- bump OVS-DPDK compute VMs RAM since since switching from MTU 1500
to jumbo frames for virtual PODs a while ago failed to do so [1];
- avoid creating conflicting reclass linux.network.interfaces entries
for OVS ports by using their name (drop 'ovs_port_' prefix):
* for untagged networks they will override existing common defs;
* for tagged networks, they will create separate entries;
- DPDK scenarios: make gtw01 br-prv members OVS ports to avoid race
conditions after node reboot by letting OVS handle them;
[1] https://developers.redhat.com/blog/2018/03/16/\
ovs-dpdk-hugepage-memory/
Change-Id: I0266ba67f3849b6f7e331a758146b331730bae55
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
|
|
The ovs port remains in down state after reboot if "auto" is off.
Also turn off no_wait option for odl-noha scenarios.
Change-Id: I0121b3190869528e5f2e9985f9e9299ac6c6724e
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
The first VMs spawned still exhibit the race condition described in
the ticket, so apply the same workaround proposed during the Fraser
release cycle in FDS.
JIRA: FDS-156
Change-Id: I3b2b1ed7b5711daf81b5f4a263e4dbee9f502259
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: I74c1c85310e2012e664764b6129fc4a52faaf106
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
|
|
|
|
Alternating HA and no-HA scenario deployments on baremetal requires
non-hostname targeting for UEFI cleanup (e.g. ctl01/gtw01/kvm01).
Change-Id: I9f0e967b500856b65a69ea0ab6ea13e15b327d8b
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
|
|
Change-Id: I177598d4d20539e50aab5f283e8d10022a4f1a14
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: Ibf88f179af2570a707ade78f772342b7da23b74f
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: I0e56261fc2fc2a0a3f164531c72d88f7c46f5ca1
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: I79d3167432d48500346d5c8294d447c54e0cb6be
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
|
|
* patch is merged into oslo-templates
* rocky repo key name is made as for others
* jinja package is updated to fix incorrect quoted value
[https://github.com/saltstack/salt/issues/46594]
Change-Id: Ia6359cf89579b4d892ae40c4d087168edcd86ebb
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: If167e7a6bdcdccd6b6df43bd5cac54250abec61a
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
|
|
The conntrack-based SNAT uses the Linux netfilter framework to
do the NAPT and track the connection. The first packet in a traffic is
passed to the netfilter to be translated with the external IP. The
following packets will use the netfilter for further inbound and
outbound translation.
Change-Id: I1090b4fe041f8d9533aa4ce1964284a4a5c073ce
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
|
|
|
|
|
|
When noha scenarios are scheduled on the same CI POD currently
running a previously deployed HA scenario, one baremetal node
might remain unused (kvm03), connect to the new Salt master and
interfere with the deployment.
To prevent that, shutdown all baremetal nodes at the begining of the
deployment.
Change-Id: Ia9bad8b5d8348433cefac9aa76eca0de664f187d
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
CentOS recently moved its kernel source RPM from the altarch subdir
to the same directory x86_64 kernel sources used to reside, so update
our script accordinly.
Change-Id: I88010eabdfc15d6a79350dface29258cc37c4b95
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
MCP repos no longer publish arm64 metadata, so drop our patch that
selected arm64 metadata on arm64 systems.
Instead, let it default to 'deb [arch=amd64]', which will allow
arm64 systems to fetch amd64 metadata and inherintely fetch all
arch-independent packages from the same repos.
While at it, switch to 'rocky-armband' repos on arm64 systems.
Change-Id: I07fda895f5162bfa576c62336cbb4d74e985f37a
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: Ic266864913dcac021b3e12f426e1c8a60c23fe87
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Handle noifupdown option for all cmd.run states
with explicit ifup call as well.
Change-Id: Ie855a0810bcfe4a856cf9d29bd0755643d71ff4d
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
|