summaryrefslogtreecommitdiffstats
path: root/docs/development/opnfvsecguide/network.rst
diff options
context:
space:
mode:
authorAlexandru Avadanii <Alexandru.Avadanii@enea.com>2018-01-02 05:36:07 +0100
committerGerrit Code Review <gerrit@opnfv.org>2018-01-03 04:24:22 +0000
commitb20df1b1eed9e9aa4b81f93819049e732cdd1d41 (patch)
tree99ce9c916582fab65d61c6a00ad7faba16df4fd5 /docs/development/opnfvsecguide/network.rst
parent00222643279cb0e4c73184a4fb37ddc54282b191 (diff)
Update git submodules
* Update docs/submodules/fuel from branch 'stable/euphrates' - [baremetal] Retire mas01 NAT Isolate networks by retiring NAT on mas01; also cutting direct internet access from cluster nodes that are not facing the public network (prx, cmp). NOTE: Since we are removing mas01 NAT, VCP VMs (except prx which have public IPs) and kvm nodes (cmp also have public IPs) will no longer have direct internet connectivity. Cluster deployment and operations will work without it, but if it is required for different reasons, the MaaS proxy could be enabled by uncommenting the /etc/enviroment section in: - cluster.baremetal-mcp-pike-common-ha.include.proxy.yml JIRA: FUEL-317 Change-Id: I5ed8b420296b27df34a54ec1ebd7b7cf58041425 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> (cherry picked from commit 9a6e655e0b851ff6e449027c01ac1a66188b0064) - [patch] Fix OVS ifup workaround Do not assume routes are on the same OVS port as the one currently being configured. Instead, apply the `unless` ifup condition for any OVS port. Change-Id: Iea8084f9e50401d300feb7ed16f90b430680cac5 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> (cherry picked from commit b1849f630a8de3dfce2e91fc375d9e901b90843b) - [baremetal] heat: Switch metadata API URL to mgmt Prepare for decoupling management from public (drop mas01 NAT): - ctl: change heat URLs to use new management VIP instead of public; Change-Id: I8e220ee37bd4177c3afd58a9ee401f815d046706 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> (cherry picked from commit d39aaa2b7312c91e6a1851f357cf1d087619cbda) - [baremetal] prx: Add management network VIP Include `openstack_web_public_vip` class for setting up the old VIP in the public network, use old class for mgmt VIP. Also change the generic hostname 'prx' to point inside mgmt net. Change-Id: Iff69394f16ede290d149a26b054a85371f00f8e0 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> (cherry picked from commit 29c64b73f749364867be78a474410fe062eba99e) - docs: diagrams: Add PXE/admin on cfg01 Refresh diagrams to reflect that the internal network is not used anymore on jumpserver after PXE/admin was hooked to cfg01. Change-Id: I4c162d59824e182bc76c0a395742050544e95291 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> (cherry picked from commit bb3a642e783b59ae2decb3b73d91f5bfca3afaef) - [baremetal] MaaS: Enable HTTP proxy Instead of using NAT on the mas01 node for all cluster node outgoing traffic, use the MaaS built-in proxy for APT traffic to leverage its caching capabilities too. Also enable the proxy for salt minions, so they can access public keyservers et al. Cleanup public DNS from kvm nodes, interferes with MaaS proxy. Add example config for global env proxy, but don't enable it: - default environment settings - /etc/environment (via reclass); The MaaS proxy will not be used (at least for now) on nodes: - cfg01; - mas01; NOTE: We can't yet drop the maas.pxe_nat state completely, as certain Openstack services are still accessed via public addresses from ctl nodes. JIRA: FUEL-317 JIRA: FUEL-318 Change-Id: I6c5f6872bb94afb838580571080e808bc262fc68 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> (cherry picked from commit 90c0b369c01a2185fe86651f8ad9e0a172d6941d) - [baremetal] cmp: Add missing public gw (default) When we dropped the default gw via mas01 NAT, we uncovered a bug, compute nodes do not have the proper public gw set up and used to reach public network via mas01, slowing everything down. Add gw similar to prx nodes. Fixes: d4ab072 Change-Id: I4343c31c376a7a223670cdd623366454396d8d92 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> (cherry picked from commit e9d597db3a9e8a38577908f36f5f700e875d4d78) - [maas] artifact sync: improve barrier condition Simplify wait condition for MaaS service up, since it's fragile and often adds extra time when not really needed. Instead, retry starting boot image import right away. Change-Id: I131d6c82127449cecf6685d4cc7484a366e658c6 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> (cherry picked from commit fedeebd6ee0e3a342777812b7ea90bd4988787ad) - [vcp] Catch 'no response' of salt minion as well Salt minion could return 'no response' and cause an unconfigured state of the vcp node(s), so catch this output after linux state as well. Also clean up excess route on proxy nodes. Change-Id: I3183fa09ff41a8f027ee789869bdae0c3962ab8f Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com> (cherry picked from commmit a183db4b3404bd12073b5691eb5d4fbd8135b44b) - [maas] Set edge hwe kernel as a default minimum Change-Id: I360dcb675c90b6f20687979ebc493afe6682c821 Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com> (cherry picked from commit 8494ec245aa24f00f2412d0f9d1e1e32591708d7) - [baremetal] Move salt master IP to PXE/admin Use PXE/admin network for salt traffic from/to all minions except cfg01, mas01. This allows us to drop the route to admin net from cfg01. Change-Id: Ic2526f1ff77afe5d92ced900971f4c8f78d2d8a2 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> (cherry picked from commit d4ab072aeab143ce72e4b81122d4580915a4ad1a) - Move VCP iface config to own yml - move linux.network.interface definitions to their own classes, which also removes the previous requirement of defining {dhcp,single}_nic parameters in classes that don't actually use them; - drop now useless {dhcp,single}_nic parameters; - expand linux_{dhcp,single}_interface macros, since they cause issues with reclass dict-merge while attempting to override sub-vars (i.e. it's not possible to set 'enabled: false' via reclass interpolation); JIRA: FUEL-310 Change-Id: I29d921f545e761de335a60e242a4523d13b06c78 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> (cherry picked from commit 2fc4b8890ef1ad456ac1ff421f33e005ae0484be) - PDF: reclass: Rename template file suffix to _pdf Init is a generic suffix which also collides with pre-existing files. A distinct suffix (e.g. _pdf) should be used. JIRA: FUEL-310 Change-Id: I919a5394e7ff432ee86d10bafe889aeadb181649 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> (cherry picked from commmit fda7372a1bffe11fc7a199ad3d4344c1b9e57e57) - states: Rename openstack, add baremetal_init To align with new cluster naming convention, rename 'openstack' state file to 'openstack_noha'. While at it, factor out baremetal setup from 'virtual_control_plane' into a new state that will be reused in upcoming scenarios, remove useless sync_all (automatically done after node reboot). FUEL-310 Change-Id: I6d7e5db8f09305f2fd8eeca0199a2e85b08d2202 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> (cherry picked from commmit 52e37b795bb975b1cb3bf1f684b009848c50a2d6) - baremetal: openstack_proxy: Rename iface dicts Later we will want to merge multiple openstack_* classes, which would try to merge the 'single', 'dhcp' interface definitions and fail due to mismstached types (proxy has 'dict' types while the rest do not). Let's rename the proxy iface definitions to prevent that. JIRA: FUEL-310 Change-Id: I1be18ddbbeae1bb3ee6de9bd783ee57b185cd477 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> (cherry picked from commmit 93b36a416f9e5f4e8828ec9544ded29f1bb82098) - baremetal: Use common database_init, control_init While at it, delete unused haproxy_openstack_api. JIRA: FUEL-310 Change-Id: I01953b01624fe3e9da8074239d20056f3762efc7 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> (cherry picked from commit 6641403cbe2aaaaf61c2aecef4ec251f327ebee0) - Rename reclass models to add "-ha" or "-noha" Parse all reclass j2 templates, not only common + current scenario (useful when adding new scenarios later). JIRA: FUEL-310 Change-Id: I8e87af702f83c42cb8f766bf6f121449aa5f2c26 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> (cherry picked from commit 09dce2a2643223d66aa1ac3a0ad8feebc082f521) - [baremetal] MaaS: Fix DHCP dynamic range (2) - reduce range to silence bogus MaaS warning about address exhaustion; - regenerate pod_config.yml.example to reflect the changes; - drop `opnfv_infra_maas_pxe_address` (duplicate of `opnfv_infra_maas_node01_deploy_address`); - add `opnfv_infra_config_pxe_address` for future usage; JIRA: FUEL-316 Change-Id: I981fc8c7c550c2917b07dd5f2c83896def013fa7 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> (cherry picked from commit 215a37d55356333f9fd0a96118c9a00d588eca62) - [maas] Adjust deployment order/timeouts Change-Id: I9dbb51ce2387450e4ae19f8b3444f5e52cfdc71d Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com> (cherry-picked from commit 52bd5a8f6c5b27ec3070625a51aea8ff85f5a8db) - [baremetal] MaaS: Reduce timeout values `maas_fixup` is already re-entrant, so we can execute it more than once during a commissioning/deploy cycle. Reduce the timeout waiting for all nodes to reach a stable state, so nodes stuck in 'Ready' state instead of reaching 'Deploying' get dealt with sooner (~5 min vs old 30 min). While at it, let `maas_fixup` handle machine deploy as well, so we can catch nodes stuck in 'Ready' state and re-trigger the deploy. Change-Id: Id24cc97b17489835c5846288639a9a6032bd320a Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> (cherry picked from commit 8da73521d3b9347a982ea6e77114bba0d0f0adeb) - salt.sh: Use salt-call to apply linux sls on cfg01 Also, retry applying linux high state up to twice, due to rare spurious failures with 'No reponse' status. Change-Id: Ic7839a5c9501673cb127412136afb91e05f87a7e Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> (cherry picked from commmit 4509936347b429fb36a27844a63d808f057fd61e) - [baremetal] Move all MaaS PXE net config to PDF - s/opnfv_maas_pxe_/opnfv_infra_maas_pxe_/g to align with other vars; - patches: pharos: Add MaaS PXE network to installer adapter; - runtime.yml{,.template}: move to installer adapter, update pod_config.yml example; - drop MAAS_PXE_NETWORK global env var, now read strictly from PDF; JIRA: FUEL-313 Change-Id: I46d7510bd53fba7890c411d36bc28fd6ff6f3648 Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> (cherry picked from commit 15e982f0d00dbcc72be2f5b25dab34b3f3efd912) - patches: Squash maas region changes When re-deploying with `-f` flag, `patch -R` cannot cleanly revert maas region changes with overlapping context lines, so squash them into a single file. Change-Id: I87dae72a12fea833e9e6729de21d4ce5f262695e Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> (cherry picked from commit d68bdf31c1c7d2d29f3524915f6a347f8d0567f5) - [netconfig] APT: Prefer ipv4 connections over ipv6 Ubuntu prefers ipv6 connections therefore in some networks, this breaks software updates (it does a AAAA DNS lookup before A record lookups). Let's prefer old style ipv4 connections over the new ipv6 in order to save some processing and resource utilization. Based on previous work from [1] (but without /etc/gai.conf, only APT). [1] https://review.openstack.org/#/c/462502/ JIRA: FUEL-321 Change-Id: Ic3dff3baa1c0be9ac95972557d6a2d26641bfe1b Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> (cherry picked from commit 4d604967adde375eb24ae165aff83c11be89ca30) - ci/deploy.sh: maas: cleanup_uefi on env erase Running `ci/deploy.sh -EE` should also perform an UEFI boot option cleanup, otherwise we risk booting the previously installed OS. While at it, reduce delay between nodes removal and fix a rare failure for `-EE` when no nodes are defined in MaaS. Change-Id: I789ffd3e22545921216f7d5ee3509c76354542eb Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com> (cherry picked from commit 15173a83dba08729e62da277b9165677323675d8)
Diffstat (limited to 'docs/development/opnfvsecguide/network.rst')
0 files changed, 0 insertions, 0 deletions