mcp/reclass/classes/cluster/all-mcp-arch-common/infra/maas.yml.j2

   1 ##############################################################################
   2 # Copyright (c) 2018 Mirantis Inc., Enea AB and others.
   3 # All rights reserved. This program and the accompanying materials
   4 # are made available under the terms of the Apache License, Version 2.0
   5 # which accompanies this distribution, and is available at
   6 # http://www.apache.org/licenses/LICENSE-2.0
   7 ##############################################################################
   8 {%- import 'net_map.j2' as nm with context %}
   9 ---
  10 # NOTE: pod_config is generated and transferred into its final location on
  11 # cfg01 only during deployment to prevent leaking sensitive data
  12 classes:
  13   - system.maas.region.single
  14   - service.maas.cluster.single
  15   - cluster.all-mcp-arch-common.opnfv.lab_proxy_pdf
  16   - cluster.all-mcp-arch-common.opnfv.pod_config
  17 parameters:
  18   _param:
  19     mcpcontrol_interface: ${_param:opnfv_fn_vm_primary_interface}
  20     primary_interface: ${_param:opnfv_fn_vm_secondary_interface}
  21     pxe_admin_interface: ${_param:opnfv_fn_vm_tertiary_interface}
  22     linux_system_codename: xenial
  23     maas_admin_username: opnfv
  24     dns_server01: '{{ nm.dns_public[0] }}'
  25     pxe_admin_address: ${_param:infra_maas_node01_deploy_address}
  26     single_address: ${_param:pxe_admin_address}
  27     hwe_kernel: 'hwe-16.04'
  28     opnfv_maas_timeout_comissioning: {{ nm.maas_timeout_comissioning }}
  29     opnfv_maas_timeout_deploying: {{ nm.maas_timeout_deploying }}
  30   maas:
  31     region:
  32       timeout:
  33         # Set maas.wait_for_<state> timeouts to ~2.5x of MaaS <state> timeout
  34         ready: {{ nm.maas_timeout_comissioning * 150 }}
  35         deployed: {{ nm.maas_timeout_deploying * 150 }}
  36         attempts: 3
  37       boot_sources_delete_all_others: true
  38       boot_sources:
  39         resources_mirror:
  40           url: http://images.maas.io/ephemeral-v3/daily
  41           keyring_file: /usr/share/keyrings/ubuntu-cloudimage-keyring.gpg
  42       boot_sources_selections:
  43         xenial:
  44           url: "http://images.maas.io/ephemeral-v3/daily"
  45           os: "ubuntu"
  46           release: "${_param:linux_system_codename}"
  47           arches:
  48 {%- for arch in nm.cluster.arch %}
  49             - "{{ arch | dpkg_arch }}"
  50 {%- endfor %}
  51           subarches:
  52             - "generic"
  53             - "ga-16.04"
  54             - "hwe-16.04"
  55           labels: '"*"'
  56       fabrics:
  57         pxe_admin:
  58           name: 'pxe_admin'
  59           description: Fabric for PXE/admin
  60           vlans:
  61             0:
  62               name: 'vlan 0'
  63               description: PXE/admin VLAN
  64               dhcp: true
  65               primary_rack: "${linux:network:hostname}"
  66       subnets:
  67         {{ nm.net_admin }}:
  68           name: {{ nm.net_admin }}
  69           cidr: {{ nm.net_admin }}
  70           gateway_ip: ${_param:single_address}
  71           fabric: ${maas:region:fabrics:pxe_admin:name}
  72           vlan: 0
  73           ipranges:
  74             1:
  75               start: {{ nm.net_admin_pool_start }}
  76               end: {{ nm.net_admin_pool_end }}
  77               type: dynamic
  78       sshprefs:
  79         - '{{ conf.MAAS_SSH_KEY }}'
  80 {%- if 'aarch64' in nm.cluster.arch %}
  81       package_repositories:
  82         armband:
  83           name: armband
  84           enabled: '1'
  85           url: 'http://linux.enea.com/mcp-repos/${_param:armband_repo_version}/${_param:linux_system_codename}'
  86           distributions: '${_param:armband_repo_version}-armband'
  87           components: 'main'
  88           arches: 'arm64'
  89           key: ${_param:armband_key}
  90 {%- endif %}
  91       salt_master_ip: ${_param:reclass_config_master}
  92       domain: ${_param:cluster_domain}
  93       ~maas_config:
  94         maas_name: mas01
  95         active_discovery_interval: 600
  96         ntp_external_only: true
  97         upstream_dns: ${_param:dns_server01}
  98         commissioning_distro_series: 'xenial'
  99         default_distro_series: 'xenial'
 100         default_osystem: 'ubuntu'
 101         default_storage_layout: 'lvm'
 102         enable_http_proxy: true
 103         disk_erase_with_secure_erase: false
 104         dnssec_validation: 'no'
 105         enable_third_party_drivers: true
 106         network_discovery: 'enabled'
 107         default_min_hwe_kernel: ${_param:hwe_kernel}
 108     cluster:
 109       saltstack_repo_xenial: "deb [arch=amd64] http://repo.saltstack.com/apt/ubuntu/16.04/amd64/2017.7/ xenial main"
 110   linux:
 111     system:
 112       kernel:
 113         sysctl:
 114           net.ipv4.ip_forward: 1
 115     network:
 116       interface:
 117         mcpcontrol_interface:
 118           enabled: true
 119           name: ${_param:mcpcontrol_interface}
 120           type: eth
 121           proto: dhcp
 122           mtu: ${_param:interface_mtu}
 123         primary_interface:
 124           enabled: true
 125           name: ${_param:primary_interface}
 126           type: eth
 127 {%- if conf.idf.fuel.jumphost.get('trunks', {}).get('mgmt', False) and (nm.vlan_mgmt | int > 0) %}
 128           proto: manual
 129           mtu: ${_param:interface_mtu}
 130         primary_interface_vlan:
 131           enabled: true
 132           type: vlan
 133           name: ${_param:primary_interface}.{{ nm.vlan_mgmt }}
 134           use_interfaces:
 135             - ${_param:primary_interface}
 136 {%- endif %}
 137           proto: static
 138           mtu: ${_param:interface_mtu}
 139           address: ${_param:infra_maas_node01_address}
 140           netmask: ${_param:opnfv_net_mgmt_mask}
 141         pxe_admin_interface:
 142           enabled: true
 143           name: ${_param:pxe_admin_interface}
 144           # MaaS has issues using MTU > 1500 for PXE interface
 145           mtu: 1500
 146           proto: static
 147           address: ${_param:single_address}
 148           netmask: ${_param:opnfv_net_admin_mask}
 149           type: eth
 150   iptables:
 151     schema:
 152       epoch: 1
 153     service:
 154       v4:
 155         enabled: true
 156         persistent_config: /etc/iptables/rules.v4
 157       v6:
 158         enabled: false
 159     tables:
 160       v4:
 161         filter:
 162           chains:
 163             INPUT:
 164               ruleset:
 165                 10:
 166                   rule: -s ${_param:single_address}/${_param:opnfv_net_admin_mask}
 167                 11:
 168                   rule: -d ${_param:single_address}/${_param:opnfv_net_admin_mask}
 169         nat:
 170           chains:
 171             POSTROUTING:
 172               policy: ACCEPT
 173               ruleset:
 174                 10:
 175                   rule: -s ${_param:single_address}/${_param:opnfv_net_admin_mask}
 176                   action: MASQUERADE