mcp/reclass/classes/cluster/all-mcp-arch-common/infra/maas.yml.j2

   1 ##############################################################################
   2 # Copyright (c) 2018 Mirantis Inc., Enea AB and others.
   3 # All rights reserved. This program and the accompanying materials
   4 # are made available under the terms of the Apache License, Version 2.0
   5 # which accompanies this distribution, and is available at
   6 # http://www.apache.org/licenses/LICENSE-2.0
   7 ##############################################################################
   8 {%- import 'net_map.j2' as nm with context %}
   9 ---
  10 # NOTE: pod_config is generated and transferred into its final location on
  11 # cfg01 only during deployment to prevent leaking sensitive data
  12 classes:
  13   - system.maas.region.single
  14   - service.maas.cluster.single
  15   - cluster.all-mcp-arch-common.opnfv.lab_proxy_pdf
  16   - cluster.all-mcp-arch-common.opnfv.pod_config
  17 parameters:
  18   _param:
  19     mcpcontrol_interface: ${_param:opnfv_fn_vm_primary_interface}
  20     primary_interface: ${_param:opnfv_fn_vm_secondary_interface}
  21     pxe_admin_interface: ${_param:opnfv_fn_vm_tertiary_interface}
  22     linux_system_codename: xenial
  23     maas_admin_username: opnfv
  24     dns_server01: '{{ nm.dns_public[0] }}'
  25     pxe_admin_address: ${_param:infra_maas_node01_deploy_address}
  26     single_address: ${_param:pxe_admin_address}
  27     hwe_kernel: 'hwe-16.04'
  28     opnfv_maas_timeout_comissioning: {{ nm.maas_timeout_comissioning }}
  29     opnfv_maas_timeout_deploying: {{ nm.maas_timeout_deploying }}
  30   maas:
  31     region:
  32 {%- if '-ovs-' in conf.MCP_DEPLOY_SCENARIO or '-fdio-' in conf.MCP_DEPLOY_SCENARIO %}
  33       tags:
  34         aarch64_hugepages_1g:
  35           comment: 'Enable 1G pagesizes on aarch64'
  36           definition: '//capability[@id="asimd"]'
  37           kernel_opts: 'default_hugepagesz=1G hugepagesz=1G'
  38 {%- endif %}
  39       timeout:
  40         # Set maas.wait_for_<state> timeouts to ~2.5x of MaaS <state> timeout
  41         ready: {{ nm.maas_timeout_comissioning * 150 }}
  42         deployed: {{ nm.maas_timeout_deploying * 150 }}
  43         attempts: 3
  44       boot_sources_delete_all_others: true
  45       boot_sources:
  46         resources_mirror:
  47           url: http://images.maas.io/ephemeral-v3/daily
  48           keyring_file: /usr/share/keyrings/ubuntu-cloudimage-keyring.gpg
  49       boot_sources_selections:
  50         xenial:
  51           url: "http://images.maas.io/ephemeral-v3/daily"
  52           os: "ubuntu"
  53           release: "${_param:linux_system_codename}"
  54           arches:
  55 {%- for arch in nm.cluster.arch %}
  56             - "{{ arch | dpkg_arch }}"
  57 {%- endfor %}
  58           subarches:
  59             - "generic"
  60             - "ga-16.04"
  61             - "hwe-16.04"
  62           labels: '"*"'
  63       fabrics:
  64         pxe_admin:
  65           name: 'pxe_admin'
  66           description: Fabric for PXE/admin
  67           vlans:
  68             0:
  69               name: 'vlan 0'
  70               description: PXE/admin VLAN
  71               dhcp: true
  72               primary_rack: "${linux:network:hostname}"
  73       subnets:
  74         {{ nm.net_admin }}:
  75           name: {{ nm.net_admin }}
  76           cidr: {{ nm.net_admin }}
  77           gateway_ip: ${_param:single_address}
  78           fabric: ${maas:region:fabrics:pxe_admin:name}
  79           vlan: 0
  80           ipranges:
  81             1:
  82               start: {{ nm.net_admin_pool_start }}
  83               end: {{ nm.net_admin_pool_end }}
  84               type: dynamic
  85       sshprefs:
  86         - '{{ conf.MAAS_SSH_KEY }}'
  87 {%- if 'aarch64' in nm.cluster.arch %}
  88       package_repositories:
  89         armband:
  90           name: armband
  91           enabled: '1'
  92           url: 'http://linux.enea.com/mcp-repos/${_param:armband_repo_version}/${_param:linux_system_codename}'
  93           distributions: '${_param:armband_repo_version}-armband'
  94           components: 'main'
  95           arches: 'arm64'
  96           key: ${_param:armband_key}
  97 {%- endif %}
  98       salt_master_ip: ${_param:reclass_config_master}
  99       domain: ${_param:cluster_domain}
 100       ~maas_config:
 101         maas_name: mas01
 102         active_discovery_interval: 600
 103         ntp_external_only: true
 104         upstream_dns: ${_param:dns_server01}
 105         commissioning_distro_series: 'xenial'
 106         default_distro_series: 'xenial'
 107         default_osystem: 'ubuntu'
 108         default_storage_layout: 'lvm'
 109         enable_http_proxy: true
 110         disk_erase_with_secure_erase: false
 111         dnssec_validation: 'no'
 112         enable_third_party_drivers: true
 113         network_discovery: 'enabled'
 114         default_min_hwe_kernel: ${_param:hwe_kernel}
 115     cluster:
 116       saltstack_repo_xenial: "deb [arch=amd64] http://repo.saltstack.com/apt/ubuntu/16.04/amd64/2017.7/ xenial main"
 117   linux:
 118     system:
 119       kernel:
 120         sysctl:
 121           net.ipv4.ip_forward: 1
 122     network:
 123       interface:
 124         mcpcontrol_interface:
 125           enabled: true
 126           name: ${_param:mcpcontrol_interface}
 127           type: eth
 128           proto: dhcp
 129           mtu: ${_param:interface_mtu}
 130         primary_interface:
 131           enabled: true
 132           name: ${_param:primary_interface}
 133           type: eth
 134 {%- if conf.idf.fuel.jumphost.get('trunks', {}).get('mgmt', False) and (nm.vlan_mgmt | int > 0) %}
 135           proto: manual
 136           mtu: ${_param:interface_mtu}
 137         primary_interface_vlan:
 138           enabled: true
 139           type: vlan
 140           name: ${_param:primary_interface}.{{ nm.vlan_mgmt }}
 141           use_interfaces:
 142             - ${_param:primary_interface}
 143 {%- endif %}
 144           proto: static
 145           mtu: ${_param:interface_mtu}
 146           address: ${_param:infra_maas_node01_address}
 147           netmask: ${_param:opnfv_net_mgmt_mask}
 148         pxe_admin_interface:
 149           enabled: true
 150           name: ${_param:pxe_admin_interface}
 151           # MaaS has issues using MTU > 1500 for PXE interface
 152           mtu: 1500
 153           proto: static
 154           address: ${_param:single_address}
 155           netmask: ${_param:opnfv_net_admin_mask}
 156           type: eth
 157   iptables:
 158     schema:
 159       epoch: 1
 160     service:
 161       v4:
 162         enabled: true
 163         persistent_config: /etc/iptables/rules.v4
 164       v6:
 165         enabled: false
 166     tables:
 167       v4:
 168         filter:
 169           chains:
 170             INPUT:
 171               ruleset:
 172                 10:
 173                   rule: -s ${_param:single_address}/${_param:opnfv_net_admin_mask}
 174                 11:
 175                   rule: -d ${_param:single_address}/${_param:opnfv_net_admin_mask}
 176         nat:
 177           chains:
 178             POSTROUTING:
 179               policy: ACCEPT
 180               ruleset:
 181                 10:
 182                   rule: -s ${_param:single_address}/${_param:opnfv_net_admin_mask}
 183                   action: MASQUERADE