mcp/reclass/classes/cluster/all-mcp-arch-common/infra/maas.yml.j2

   1 ##############################################################################
   2 # Copyright (c) 2018 Mirantis Inc., Enea AB and others.
   3 # All rights reserved. This program and the accompanying materials
   4 # are made available under the terms of the Apache License, Version 2.0
   5 # which accompanies this distribution, and is available at
   6 # http://www.apache.org/licenses/LICENSE-2.0
   7 ##############################################################################
   8 {%- import 'net_map.j2' as nm with context %}
   9 ---
  10 # NOTE: pod_config is generated and transferred into its final location on
  11 # cfg01 only during deployment to prevent leaking sensitive data
  12 classes:
  13   - system.maas.region.single
  14   - service.maas.cluster.single
  15   - cluster.all-mcp-arch-common.opnfv.lab_proxy_pdf
  16   - cluster.all-mcp-arch-common.opnfv.pod_config
  17 parameters:
  18   _param:
  19     linux_system_codename: bionic
  20     maas_admin_username: opnfv
  21     dns_server01: '{{ nm.dns_public[0] }}'
  22     single_address: ${_param:infra_maas_node01_deploy_address}
  23     hwe_kernel: 'hwe-18.04'
  24     opnfv_maas_timeout_comissioning: {{ nm.maas_timeout_comissioning }}
  25     opnfv_maas_timeout_deploying: {{ nm.maas_timeout_deploying }}
  26   maas:
  27     region:
  28 {%- if '-ovs-' in conf.MCP_DEPLOY_SCENARIO or '-fdio-' in conf.MCP_DEPLOY_SCENARIO %}
  29       tags:
  30         aarch64_hugepages_1g:
  31           comment: 'Enable 1G pagesizes on aarch64'
  32           definition: '//capability[@id="asimd"]|//capability[@id="cp15_barrier"]'
  33           kernel_opts: 'default_hugepagesz=1G hugepagesz=1G'
  34 {%- endif %}
  35       timeout:
  36         # Set maas.wait_for_<state> timeouts to ~2.5x of MaaS <state> timeout
  37         ready: {{ nm.maas_timeout_comissioning * 150 }}
  38         deployed: {{ nm.maas_timeout_deploying * 150 }}
  39         attempts: 3
  40       boot_sources_delete_all_others: true
  41       boot_sources:
  42         resources_mirror:
  43           url: http://images.maas.io/ephemeral-v3/daily
  44           keyring_file: /usr/share/keyrings/ubuntu-cloudimage-keyring.gpg
  45       boot_sources_selections:
  46         bionic:
  47           url: "http://images.maas.io/ephemeral-v3/daily"
  48           os: "ubuntu"
  49           release: "${_param:linux_system_codename}"
  50           arches:
  51 {%- for arch in nm.cluster.arch %}
  52             - "{{ arch | dpkg_arch }}"
  53 {%- endfor %}
  54           subarches:
  55             - "generic"
  56             - "ga-18.04"
  57             - "hwe-18.04"
  58           labels: '"*"'
  59       fabrics:
  60         pxe_admin:
  61           name: 'pxe_admin'
  62           description: Fabric for PXE/admin
  63           vlans:
  64             0:
  65               name: 'vlan 0'
  66               description: PXE/admin VLAN
  67               dhcp: true
  68               primary_rack: "${linux:network:hostname}"
  69       subnets:
  70         {{ nm.net_admin }}:
  71           name: {{ nm.net_admin }}
  72           cidr: {{ nm.net_admin }}
  73           gateway_ip: ${_param:single_address}
  74           fabric: ${maas:region:fabrics:pxe_admin:name}
  75           vlan: 0
  76           ipranges:
  77             1:
  78               start: {{ nm.net_admin_pool_start }}
  79               end: {{ nm.net_admin_pool_end }}
  80               type: dynamic
  81       sshprefs:
  82         - '{{ conf.MAAS_SSH_KEY }}'
  83 {%- if 'aarch64' in nm.cluster.arch %}
  84       package_repositories:
  85         armband:
  86           name: armband
  87           enabled: '1'
  88           url: 'http://linux.enea.com/mcp-repos/${_param:armband_repo_version}/xenial'
  89           distributions: '${_param:armband_repo_version}-armband'
  90           components: 'main'
  91           arches: 'arm64'
  92           key: ${_param:armband_key}
  93 {%- endif %}
  94       salt_master_ip: ${_param:reclass_config_master}
  95       domain: ${_param:cluster_domain}
  96       ~maas_config:
  97         maas_name: mas01
  98         active_discovery_interval: 600
  99         ntp_external_only: true
 100         upstream_dns: ${_param:dns_server01}
 101         commissioning_distro_series: 'bionic'
 102         default_distro_series: 'bionic'
 103         default_osystem: 'ubuntu'
 104         default_storage_layout: 'lvm'
 105         enable_http_proxy: true
 106         disk_erase_with_secure_erase: false
 107         dnssec_validation: 'no'
 108         enable_third_party_drivers: true
 109         network_discovery: 'enabled'
 110         default_min_hwe_kernel: ${_param:hwe_kernel}
 111     cluster:
 112       saltstack_repo_bionic: "deb [arch=amd64] http://repo.saltstack.com/apt/ubuntu/18.04/amd64/2017.7/ bionic main"
 113       region:
 114         host: ${_param:single_address}
 115         port: 5240
 116   linux:
 117     system:
 118       repo:
 119         armband_3:
 120           enabled: false
 121       ~locale: ''
 122       ~kernel:
 123         sysctl:
 124           net.ipv4.ip_forward: 1
 125   iptables:
 126     schema:
 127       epoch: 1
 128     service:
 129       v4:
 130         enabled: true
 131         persistent_config: /etc/iptables/rules.v4
 132       v6:
 133         enabled: false
 134     tables:
 135       v4:
 136         filter:
 137           chains:
 138             INPUT:
 139               ruleset:
 140                 10:
 141                   rule: -s ${_param:single_address}/${_param:opnfv_net_admin_mask}
 142                 11:
 143                   rule: -d ${_param:single_address}/${_param:opnfv_net_admin_mask}
 144         nat:
 145           chains:
 146             POSTROUTING:
 147               policy: ACCEPT
 148               ruleset:
 149                 10:
 150                   rule: -s ${_param:single_address}/${_param:opnfv_net_admin_mask}
 151                   action: MASQUERADE