From 9c3ecbb5238fa815e3f6b46c1933d69d588a5430 Mon Sep 17 00:00:00 2001
From: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Date: Mon, 29 Jan 2018 06:02:10 +0100
Subject: [virtual] Split 'pxebr' from 'mcpcontrol' net

- add new virsh managed network 'pxebr' (to mimic baremetal behavior
  on virtual PODs, this will be the equivalent of PXE/admin network);
- connect 'pxebr' to 3rd interface for cfg01, mas01 for all deploys
  (used to be baremetal-specific), replacing 'internal';
- keep 'mcpcontrol' connected only to 'cfg01' (+ 'mas01' if present)
  for initial infrastructure bring-up (1st interface);
- switch all virtual cluster nodes to 'pxebr' (1st interface);
- use 'pxebr' for all Salt cluster nodes traffic, 'mcpcontrol' only
  for mas01<=>cfg01 Salt traffic;
- convert <user-data.template> to jinja2 and expand it based on PDF
  instead of using `envsubst`;
- split <user-data.sh.j2> into two versions, one for each network
  used for Salt traffic;
- ci/deploy.sh: Read scenario data before template parsing for
  cluster domain variable, needed in virsh network def;
- leave docs diagram refresh to later after all possible deploy types
  have settled;
- limit keyserver proxy usage to nodes where the configured http proxy
  matches the first nameserver (true for all MaaS-provisioned nodes),
  so we can re-use the same pillar for FN VMs and baremetal nodes;
- add PXE/admin IP on cfg01's 3rd interface and switch other vnodes
  `salt_master_host` to point to it;

JIRA: FUEL-322

Change-Id: Ie4f7aedddf2ef81046f1127b377d88dce79f0fda
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
---
 ci/deploy.sh                                       | 11 ++++-----
 ...m.repo-Debian-Add-keyserver-proxy-support.patch | 12 ++++++----
 .../virtual-mcp-pike-common-noha/infra/config.yml  |  2 +-
 mcp/salt-formulas/opendaylight/server.sls          |  4 ++--
 mcp/scripts/.gitignore                             |  1 +
 mcp/scripts/lib.sh                                 | 19 ++++++++++------
 mcp/scripts/user-data.admin.sh.j2                  | 14 ++++++++++++
 mcp/scripts/user-data.mcp.sh.j2                    | 13 +++++++++++
 mcp/scripts/user-data.template                     | 13 -----------
 mcp/scripts/virsh_net/net_pxebr.xml.j2             | 26 ++++++++++++++++++++++
 10 files changed, 83 insertions(+), 32 deletions(-)
 create mode 100644 mcp/scripts/.gitignore
 create mode 100644 mcp/scripts/user-data.admin.sh.j2
 create mode 100644 mcp/scripts/user-data.mcp.sh.j2
 delete mode 100644 mcp/scripts/user-data.template
 create mode 100644 mcp/scripts/virsh_net/net_pxebr.xml.j2

diff --git a/ci/deploy.sh b/ci/deploy.sh
index ef941b005..fb22cc45a 100755
--- a/ci/deploy.sh
+++ b/ci/deploy.sh
@@ -277,19 +277,20 @@ if [ ! -f  "${SCENARIO_DIR}/defaults-$(uname -i).yaml" ]; then
     notify_e "[ERROR] Scenario defaults file is missing!"
 fi
 
+# Get scenario data and (jumpserver) arch defaults
+eval "$(parse_yaml "${SCENARIO_DIR}/defaults-$(uname -i).yaml")"
+eval "$(parse_yaml "${SCENARIO_DIR}/${DEPLOY_TYPE}/${DEPLOY_SCENARIO}.yaml")"
+export CLUSTER_DOMAIN=${cluster_domain}
+
 # Expand jinja2 templates based on PDF data and env vars
 do_templates "${REPO_ROOT_PATH}" "${STORAGE_DIR}" "${TARGET_LAB}" \
              "${TARGET_POD}" "${BASE_CONFIG_URI}"
 
-# Get required infra deployment data
+# Get required infra deployment data based on PDF/IDF (after template parsing)
 set +x
-eval "$(parse_yaml "${SCENARIO_DIR}/defaults-$(uname -i).yaml")"
-eval "$(parse_yaml "${SCENARIO_DIR}/${DEPLOY_TYPE}/${DEPLOY_SCENARIO}.yaml")"
 eval "$(parse_yaml "${LOCAL_PDF_RECLASS}")"
 [[ "${CI_DEBUG}" =~ (false|0) ]] || set -x
 
-export CLUSTER_DOMAIN=${cluster_domain}
-
 # Serialize vnode data as '<name0>,<ram0>,<vcpu0>|<name1>,<ram1>,<vcpu1>[...]'
 for node in "${virtual_nodes[@]}"; do
     virtual_custom_ram="virtual_${node}_ram"
diff --git a/mcp/patches/0011-system.repo-Debian-Add-keyserver-proxy-support.patch b/mcp/patches/0011-system.repo-Debian-Add-keyserver-proxy-support.patch
index fdf84dcd1..cf6009107 100644
--- a/mcp/patches/0011-system.repo-Debian-Add-keyserver-proxy-support.patch
+++ b/mcp/patches/0011-system.repo-Debian-Add-keyserver-proxy-support.patch
@@ -31,6 +31,11 @@ When the new http(s) proxy param is set:
 If linux:system:proxy:keyserver is not defined, the behavior is
 unchanged for backwards compatibility.
 
+To allow runtime decisions whether the keyserver proxy should be used
+add an additional condition for it to match the first nameserver.
+This allows us to mix virtual nodes with MaaS-provisioned nodes in
+Fuel@OPNFV, while keeping the ext_pillar common.
+
 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
 ---
  README.rst            | 16 ++++++++++++++++
@@ -38,14 +43,13 @@ Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
  2 files changed, 56 insertions(+)
 
 diff --git a/linux/system/repo.sls b/linux/system/repo.sls
-index 5d4d059..724db5a 100644
 --- a/linux/system/repo.sls
 +++ b/linux/system/repo.sls
 @@ -96,13 +96,50 @@ linux_repo_{{ name }}_key:
      - name: "curl -s {{ repo.key_url }} | apt-key add -"
      - watch:
        - file: default_repo_list
-+{%- if system.proxy.keyserver is defined %}
++{%- if system.proxy.keyserver is defined and grains['dns']['nameservers'][0] in system.proxy.keyserver.http %}
 +    - env:
 +      - http_proxy: {{ system.proxy.get('keyserver', {}).get('http', '') }}
 +      - https_proxy: {{ system.proxy.get('keyserver', {}).get('https', '') }}
@@ -58,7 +62,7 @@ index 5d4d059..724db5a 100644
 
  {%- if repo.get('enabled', True) %}
 
-+{%- if system.proxy.keyserver is defined %}
++{%- if system.proxy.keyserver is defined and grains['dns']['nameservers'][0] in system.proxy.keyserver.http %}
 +
 +{%- if repo.get('key') %}
 +
@@ -96,7 +100,7 @@ index 5d4d059..724db5a 100644
    {%- endif %}
    - file: /etc/apt/sources.list.d/{{ name }}.list
    - clean_file: {{ repo.clean|default(True) }}
-+  {%- if system.proxy.keyserver is not defined %}
++  {%- if system.proxy.keyserver is not defined or grains['dns']['nameservers'][0] not in system.proxy.keyserver.http %}
    {%- if repo.key_id is defined %}
    - keyid: {{ repo.key_id }}
    {%- endif %}
diff --git a/mcp/reclass/classes/cluster/virtual-mcp-pike-common-noha/infra/config.yml b/mcp/reclass/classes/cluster/virtual-mcp-pike-common-noha/infra/config.yml
index 908ba7719..555af31c7 100644
--- a/mcp/reclass/classes/cluster/virtual-mcp-pike-common-noha/infra/config.yml
+++ b/mcp/reclass/classes/cluster/virtual-mcp-pike-common-noha/infra/config.yml
@@ -21,7 +21,7 @@ parameters:
   _param:
     openstack_control_node01_hostname: ctl01
     reclass_data_repository: local
-    reclass_config_master: ${_param:opnfv_salt_master_ip}
+    reclass_config_master: ${_param:opnfv_infra_config_pxe_address}
     salt_master_environment_repository: "https://github.com/tcpcloud"
     salt_master_environment_revision: master
     single_address: 172.16.10.100
diff --git a/mcp/salt-formulas/opendaylight/server.sls b/mcp/salt-formulas/opendaylight/server.sls
index f953cddc0..e70931301 100644
--- a/mcp/salt-formulas/opendaylight/server.sls
+++ b/mcp/salt-formulas/opendaylight/server.sls
@@ -15,10 +15,10 @@ opendaylight_repo_key:
     - name: "apt-key adv --keyserver keyserver.ubuntu.com --recv 44C05248"
 {%- if system.proxy is defined and system.proxy.keyserver is defined %}
     - env:
-{%- if system.proxy.keyserver.http is defined %}
+{%- if system.proxy.keyserver.http is defined and grains['dns']['nameservers'][0] in system.proxy.keyserver.http %}
       - http_proxy: {{ system.proxy.keyserver.http }}
 {%- endif %}
-{%- if system.proxy.keyserver.https is defined %}
+{%- if system.proxy.keyserver.https is defined and grains['dns']['nameservers'][0] in system.proxy.keyserver.https %}
       - https_proxy: {{ system.proxy.keyserver.https }}
 {%- endif %}
 {%- endif %}
diff --git a/mcp/scripts/.gitignore b/mcp/scripts/.gitignore
new file mode 100644
index 000000000..b235933e2
--- /dev/null
+++ b/mcp/scripts/.gitignore
@@ -0,0 +1 @@
+user-data.*.sh
diff --git a/mcp/scripts/lib.sh b/mcp/scripts/lib.sh
index 7920a4e0d..6f3c4383c 100644
--- a/mcp/scripts/lib.sh
+++ b/mcp/scripts/lib.sh
@@ -282,12 +282,15 @@ function prepare_vms {
     ln -sf "${image_dir}/${_tmp}" "${image_dir}/${image}"
   fi
 
-  envsubst < user-data.template > user-data.sh # CWD should be <mcp/scripts>
-
   # Create config ISO and resize OS disk image for each foundation node VM
   for node in "${vnodes[@]}"; do
-    ./create-config-drive.sh -k "$(basename "${SSH_KEY}").pub" -u user-data.sh \
-       -h "${node}" "${image_dir}/mcp_${node}.iso"
+    if [[ "${node}" =~ ^(cfg01|mas01) ]]; then
+      user_data='user-data.mcp.sh'
+    else
+      user_data='user-data.admin.sh'
+    fi
+    ./create-config-drive.sh -k "$(basename "${SSH_KEY}").pub" \
+       -u "${user_data}" -h "${node}" "${image_dir}/mcp_${node}.iso"
     cp "${image_dir}/${image}" "${image_dir}/mcp_${node}.qcow2"
     qemu-img resize "${image_dir}/mcp_${node}.qcow2" 100G
   done
@@ -335,7 +338,6 @@ function create_vms {
   # vnode data should be serialized with the following format:
   # '<name0>,<ram0>,<vcpu0>|<name1>,<ram1>,<vcpu1>[...]'
   IFS='|' read -r -a vnodes <<< "$1"; shift
-  local vnode_networks=("$@")
 
   # AArch64: prepare arch specific arguments
   local virt_extra_args=""
@@ -349,10 +351,13 @@ function create_vms {
     IFS=',' read -r -a vnode_data <<< "${serialized_vnode_data}"
 
     # prepare network args
-    net_args=" --network network=mcpcontrol,model=virtio"
-    if [ "${DEPLOY_TYPE:-}" = 'baremetal' ]; then
+    local vnode_networks=("$@")
+    if [[ "${vnode_data[0]}" =~ ^(cfg01|mas01) ]]; then
+      net_args=" --network network=mcpcontrol,model=virtio"
       # 3rd interface gets connected to PXE/Admin Bridge (cfg01, mas01)
       vnode_networks[2]="${vnode_networks[0]}"
+    else
+      net_args=" --network bridge=${vnode_networks[0]},model=virtio"
     fi
     for net in "${vnode_networks[@]:1}"; do
       net_args="${net_args} --network bridge=${net},model=virtio"
diff --git a/mcp/scripts/user-data.admin.sh.j2 b/mcp/scripts/user-data.admin.sh.j2
new file mode 100644
index 000000000..b4c89b29c
--- /dev/null
+++ b/mcp/scripts/user-data.admin.sh.j2
@@ -0,0 +1,14 @@
+#!/bin/bash
+##############################################################################
+# Copyright (c) 2018 Mirantis Inc., Enea AB and others.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+rm /etc/salt/minion_id
+rm -f /etc/salt/pki/minion/minion_master.pub
+echo "id: $(hostname).{{ conf.CLUSTER_DOMAIN }}" > /etc/salt/minion
+{#- should be in sync with 'opnfv_infra_config_pxe_address' in 'pharos/config/installers/fuel/pod_config.yml.j2 #}
+echo "master: {{ conf.idf.net_config.admin.network | ipaddr_index(2) }}" >> /etc/salt/minion
+service salt-minion restart
diff --git a/mcp/scripts/user-data.mcp.sh.j2 b/mcp/scripts/user-data.mcp.sh.j2
new file mode 100644
index 000000000..4bd0d1d09
--- /dev/null
+++ b/mcp/scripts/user-data.mcp.sh.j2
@@ -0,0 +1,13 @@
+#!/bin/bash
+##############################################################################
+# Copyright (c) 2017 Mirantis Inc., Enea AB and others.
+# All rights reserved. This program and the accompanying materials
+# are made available under the terms of the Apache License, Version 2.0
+# which accompanies this distribution, and is available at
+# http://www.apache.org/licenses/LICENSE-2.0
+##############################################################################
+rm /etc/salt/minion_id
+rm -f /etc/salt/pki/minion/minion_master.pub
+echo "id: $(hostname).{{ conf.CLUSTER_DOMAIN }}" > /etc/salt/minion
+echo "master: {{ conf.SALT_MASTER }}" >> /etc/salt/minion
+service salt-minion restart
diff --git a/mcp/scripts/user-data.template b/mcp/scripts/user-data.template
deleted file mode 100644
index 189310be4..000000000
--- a/mcp/scripts/user-data.template
+++ /dev/null
@@ -1,13 +0,0 @@
-#!/bin/bash
-##############################################################################
-# Copyright (c) 2017 Mirantis Inc., Enea AB and others.
-# All rights reserved. This program and the accompanying materials
-# are made available under the terms of the Apache License, Version 2.0
-# which accompanies this distribution, and is available at
-# http://www.apache.org/licenses/LICENSE-2.0
-##############################################################################
-rm /etc/salt/minion_id
-rm -f /etc/salt/pki/minion/minion_master.pub
-echo "id: $(hostname).${CLUSTER_DOMAIN}" > /etc/salt/minion
-echo "master: ${SALT_MASTER}" >> /etc/salt/minion
-service salt-minion restart
diff --git a/mcp/scripts/virsh_net/net_pxebr.xml.j2 b/mcp/scripts/virsh_net/net_pxebr.xml.j2
new file mode 100644
index 000000000..f82780cf7
--- /dev/null
+++ b/mcp/scripts/virsh_net/net_pxebr.xml.j2
@@ -0,0 +1,26 @@
+<!--
+ Copyright (c) 2018 Mirantis Inc., Enea AB and others.
+
+ All rights reserved. This program and the accompanying materials
+ are made available under the terms of the Apache License, Version 2.0
+ which accompanies this distribution, and is available at
+ http://www.apache.org/licenses/LICENSE-2.0
+-->
+{%- if conf.idf.net_config.admin is defined %}
+  {%- set pxebr_network = conf.idf.net_config.admin.network %}
+  {%- set pxebr_prefix = conf.idf.net_config.admin.mask %}
+{%- else %}
+  {%- set pxebr_network = '192.168.11.0' %}
+  {%- set pxebr_prefix = '24' %}
+{%- endif %}
+<network>
+  <name>pxebr</name>
+  <forward mode="nat"/>
+  <bridge name="pxebr"/>
+  <ip address="{{ pxebr_network | ipaddr_index(1) }}" netmask="{{ pxebr_prefix | netmask }}">
+    <!-- NOTE: .254 is harcoded for now (for /24 prefix), should be computed instead. -->
+    <dhcp>
+      <range start="{{ pxebr_network | ipaddr_index(4) }}" end="{{ pxebr_network | ipaddr_index(254) }}"/>
+    </dhcp>
+  </ip>
+</network>
-- 
cgit 1.2.3-korg