Age | Commit message (Collapse) | Author | Files | Lines |
|
Nova (by means of os-vif lib) uses 6640 port by default
to connect to remote ovsdb over tcp/ssl.
Change-Id: I1372d8a3170b00243a5756b15a140aafe03dc268
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: I5c7a1e827446189b98b924ffd4272acf1a794697
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
With DPDK 18.11 the vhost owner/perm options have to be removed
since libvirt creates the server side of the socket and OVS
connects to it using DPDK as a client.
Change-Id: Ic33de66dcc0830cd31fc54880c524f850e2c4ea1
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
|
|
With newer Ubuntu distros using netplan and systemd-resolve, we
can't rely on /etc/resolv.conf found on the Jumphost being usable
inside the guest VMs, so explicitly use the public network DNS
servers configured in PDF/IDF.
This will enable support for Jumpserver operating systems like Ubuntu
18.04.
Change-Id: I0c7e02d5c1b822f809ce818e739c19d0344f39f5
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
|
|
|
|
While at it, fix CentOS selinux preconfiguration on x86_64, which
was previously limited (incorrectly) to AArch64.
Change-Id: I2d6604d3eea2bfc11fdd5dd3aeb4e2c0c3ede4a2
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: I6cbbceb9b4a88f527d8dd800b0650f31a3dc1364
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: Ib2b1525957929c39e4b602ad1b7f4fbfd16a375c
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
|
|
Certain validation testing suites require the SSH RSA private key to
to be available on the K8s master node.
Change-Id: Ib496ac6b33642d86bfd0e0f72ee847a2f31ea952
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Change-Id: I06577fa93e895a7c5940dac41b4f9c24b455f455
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: I9c1e97144ffd46040d32a0edf8253fc393b73c89
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
The `apt` key has been renamed to `repo` in a previous change, but
we missed renaming some occurences in defaults.yml.j2 for AArch64.
Change-Id: Icf930371e9bc5253ea27e053933e1c012361f66e
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
All cloud images except Ubuntu Xenial (CentOS 7, Ubuntu 18.04) already
have enough free space on the predefined partitions, so skip the resize
to avoid dealing with the newer e2fsprogs required by Ubuntu 18.04.
Change-Id: I184590e631c76910e7c3169dc7bee3c5902ebaf1
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Support Ubuntu 18.04 for virtual deployments (and implicitly for VCP
VMs). Note that MaaS-provisioned systems will require the same
changes being applied via curtin templates.
Change-Id: I7cbd7e7c4421f6b970ce6ef97c10d269fec5fca3
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
- reclass: iec: CentOS compatibility changes:
* drop `proto: static` in favor of letting the linux formula set
the appropiate default based on target OS;
* replace `proto: manual` with `proto: none` on RHEL systems;
* system.file: Avoid using non-existing `shadow` group for system
files;
* load br_netfilter kernel module to avoid `linux.network` state
failures;
* disable `at`, `cron` due to incomplete defaults in
salt-formula-linux (since we don't use them on iec nodes anyway);
- jumpserver/VCP VMs: centos: enable predictable interface names:
* CentOS cloud image defaults to old 'eth' naming scheme;
* add necessary kernel boot options via linux state;
* cleanup auto-generated udev rules for old eth interface names;
- salt-formula-linux: network: RHEL: Set bridge for member interfaces
* Find the bridge containing the interface being currently
configured (if any) and pass it to the `network.managed` Salt call;
- deploy.sh: Add new deploy argument `-o` for specifying the operating
system to preinstall on jumpserver and/or VCP VMs;
* defaults to 'ubuntu1604';
* only iec scenarios will also support 'centos' for now;
- user-data: minor tweaks for CentOS compatability:
* use `systemctl` instead of `service` utility;
* explicitly enable `salt-minion` service, since it defaults to
disabled on RHEL systems;
* explicitly call `ldconfig` to work around stale cache on RHEL,
preventing `salt-minion` from using OpenSSL library;
- states: virtual_init: Skip non-existing sysctl options on CentOS:
* CentOS currently uses a 3.x kernel which lacks certain sysctl
options that were only introduced in 4.x kernels, so skip them;
- state: akraino_iec: Add centos support:
* move iec repo to `/var/lib/akraino/iec` on both Salt Master and
cluster nodes;
- scenario defaults: Add CentOS configuration:
* OS-dependent configuration split;
* CentOS base image, default packages etc.;
- AArch64 deploy requirements: Add `xz` dependency
* CentOS AArch64 cloud image is archived using xz, install xz tools
for decompression;
- xdf_data: Make yaml parsing OS agnostic:
* rename `apt` to `repo` where appropiate;
* OS-dependent configuration parsing;
- lib_jump_deploy: CentOS handling changes:
* skip filesystem resize of cloud image for CentOS;
* add repo handling, package intallation/removal handling for CentOS;
* unxz base image if necessary (CentOS AArch64 cloud image);
Change-Id: Ic3538bacd53198701ff4ef77db62218eabc662e7
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
To avoid ports conflict of nginx/apache disable unused apache's
status module, which is binded on 80 port by default.
Also remove patch with double locations content
(formula already has such configuration).
JIRA: FUEL-408
Change-Id: Ib06dac8abe36299cf77747bdb3fc0fe7216b6096
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
|
|
|
|
Starting with MCP 2019.2, Horizon was moved under haproxy in
Active/Active mode by default via upstream changes:
- Adding haproxy class for horizon [1];
- Cleanup nginx horizon sites by default [2];
This change re-enables the old behavior where Horizon is served by
nginx instead of haproxy.
While at it, fix missing support in salt-formula-apache for wsgi
`locations`, so Horizon dashboard can access '/static' resources
(e.g. CSS/images).
JIRA: FUEL-408
[1] https://github.com/Mirantis/reclass-system-salt-model/commit/81c4c21a
[2] https://github.com/Mirantis/reclass-system-salt-model/commit/a3b38f46
Change-Id: I9b35d5d0ce4e0b53dae808c2620a31ca80290b55
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
|
|
This reverts commit 430a0aee9e8c7400d698f460406152aa70349b6c.
Superseded by the patch into releng https://gerrit.opnfv.org/gerrit/67975
Change-Id: Ibeb8419fa0ebc8eebe255e7535d775458f560ad0
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
|
|
This reverts commit 7522bdb0e898144da2b6dc361dbdd549b39bc025.
The original patch has been merged (https://review.opendev.org/661011)
Change-Id: I9a1c04590145800523d546e36e9462fa7074922c
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Functest enabled block migration by default recently
but it can't be used with shared storage.
Change-Id: I15fd5459df91cece02e87cda9d1ed6e575194667
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
When multiple installers are used on the same jumpserver, it is
useful to have the ability of automatic cleanup after a previous
deploy.
Change-Id: Ib3249f53ee9d6b1ba2409dd71bd13480536faedc
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
When redeploying a cluster only (keeping the infrastructure containers
from a previous deploy), some things need to be adjusted:
- /entrypoint.sh exec permission;
- /etc/maas uid/gid re-align on new (fresh) deploy;
- account for different location of /usr/sbin/tcpdump apparmor profile
for CentOS jumpservers;
Change-Id: If51db0bc95eff1a497e1df5d457e26a7b902aa5a
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Hugepage count has been recently bumped for virtual PODs via IDF
changes in Pharos, so align our FDio scenarios with the new RAM
requirements.
While at it, fix wrong pod_config template evaluation by moving it
after the templated scenario files are expanded, since pod_config
relies on scenario node definition.
Also, configure VPP to use decimal interface names by default to
align with Pharos macro for the VPP interface name string.
Change-Id: Ib3a89c294a3a2755567fdbe07e3be2b8ca1a5714
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
|
|
|
|
The per port model potentially requires an increase in memory
resource requirements (which is limited by labs) to support the
same number of ports and configuration as the shared port model.
Set linux:network:openvswitch:per_port_memory explicitly to true
to enable per port mempools support for DPDK devices.
Change-Id: I130885afc50e7a047f8835113d370840827ad718
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Change-Id: Id49f26a2615e2fc06e94eeaf2e9200e83625e6c9
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Deploy the OpenStack API services based on roles to
prevent issues with absent database tables since db_sync
runs only on the nodes with primary role.
Change-Id: I04cf3ce0dd59afd93b8a0dfcf060fbd7e7411c82
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Previously we only synced the scripts subdir, but going forward
we will need the full contents of the IEC repo on all cluster nodes.
Change-Id: I88edd4885875048d50d28c1eac9fd413dc2b6ffb
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
Executing deploy.sh multiple times led to duplicating the ip rules.
Change-Id: Iad5886a851970f166996226fa3d115a93113c6db
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
To bypass Docker 'bridge'-backed network isolation, we previously
added an extra routing hop, which broke access from inside the
'mcpcontrol' Docker network (typically 10.20.0.0/24) to its
bridge address (10.20.0.1), leading to DNS issues on Salt Master.
This change leverages policy based routing to only add the extra
routing hop for connections originating from the default Docker
bridge network ('docker0'). Note that other Docker networks
using the 'bridge' driver are still isolated from 'mcpcontrol'.
Fixes: d9b44acb
Change-Id: Ib92901c3278ae9b815f28f26d4c26f82bcadacd6
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
|
|
Optimized for LF-POD2 as nic assigned to private/dpdk interface
and pinned cores resides on numa #0. Core #11 is for DPDK,
the rest four cores for PMDs.
Change-Id: Icca701bc1a66f3672b8511e0245c82ca29788a8b
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Set timeout value for snat punts to zero to turn
off the rate limiting and installation of learnt flows.
Change-Id: I79dad8fd0f925bfc11d7dc1678c3a414dc35fa56
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
|
|
Recent virsh/Docker network rework changed mcpcontrol (previously
a virsh-managed network) into a Docker-controlled network using
the 'bridge' driver.
As a consequence, Docker now isolates traffic from 'mcpcontrol'
network from the default Docker bridge network ('docker0') using
iptables rules that check input/output interfaces.
Yardstick (and any other Docker container hooked via 'docker0')
will not be able to ssh into Salt master due to this isolation.
One possible workaround would be to explicitly ACCEPT traffic
from 'docker0' going to Salt master. However, this is only
properly supported starting with Docker 17.06, while most CI hosts
and end users are still using 17.05 or older.
In older Docker releases, DOCKER-USER iptables table was not
avaiable, so injecting custom iptables and making them persistent
is not only complicated, it's also prone to subtle errors.
Another way to bypass the iptables rules is to route the packets
coming from our new Docker network via another bridge before
letting them find their way into 'docker0'.
This change adds a new route for the Salt master host (note that
MaaS container will not benefit from this) via the PXE bridge on
the jumphost (which can be either a real Linux bridge for baremetal
deployments or a virsh-managed network); adding one extra network
hop for each packet going between our 'mcpcontrol' Docker network
and 'docker0', effectively bypassing the Docker-enforced iptables
DROP.
Change-Id: Id8ac7a638c778887b361c9b64c320664c88f59fd
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
* update system reclass
* rectify telemetry redis options
Change-Id: I6dca1ae52e7f7d73a90e53fceddca8e86872651b
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
|
|
|
|
Change-Id: I791436f512dea6c6bc61133c4122ac872950af8e
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|
|
Upstream change [1] switched from old qemu-nbd preseeding of VCP VMs
to using a cloud-init + configuration drive. This breaks on AArch64
with "IDE controllers are unsupported for this QEMU binary or machine
type", so switch back to using qemu-nbd.
[1] https://github.com/Mirantis/reclass-system-salt-model/commit/c0e4807
Change-Id: I0dfeb638d408343c76a73fafa503048a79ce1f6e
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
NOTE: only os-nosdn-nofeature-noha is parameterized for now.
- move config drive & disk creation from prepare_vms to create_vms;
- make default disk size(s) configurable based on scenario defaults
and vPDF;
* compute nodes require 2 disks to be defined in vPDF, since the
pillar reclass model assumes /dev/vdb is reserved for cinder;
* if multiple disks are defined in vPDF, they are created and
attached accordinly (only ctl01 and cmp nodes are parameterized
in this change; only for the os-nosdn-nofeature-noha scenario);
- vCPU specifications are deduced based on vPDF (sockets, cores);
* threads/core is hard set to 2 since vPDF does not have a key
for it;
* NUMA resources are distributed evenly based on the number of
sockets configured in PDF;
* no less than the mininum requirement for a scenario is allocated
(e.g. if PDF specifies 2 cores, but the scenario requires at
least 4 cores, the larger value will be used);
- RAM is deduced based on PDF (but no less than the mininum req is
allocated, e.g. if PDF specifies 2GB RAM for computes, but the
scenario requires at least 8GB, the larger value will be used);
Change-Id: I97188aa2a1006865b8429eb6483e10c76795f7d2
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
|
|
There is no enough memory (default 4k pages) for services
like libvirt, which cannot fork child processes.
Change-Id: I44d8efd7cafb52a7c823c02738c1d321017aa7a3
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
|