f98040b9305371dfe8950dd2cd60c46f2c4a15a9
[fuel.git] / mcp / reclass / classes / cluster / all-mcp-arch-common / infra / maas.yml.j2
1 ##############################################################################
2 # Copyright (c) 2018 Mirantis Inc., Enea AB and others.
3 # All rights reserved. This program and the accompanying materials
4 # are made available under the terms of the Apache License, Version 2.0
5 # which accompanies this distribution, and is available at
6 # http://www.apache.org/licenses/LICENSE-2.0
7 ##############################################################################
8 {%- import 'net_map.j2' as nm with context %}
9 ---
10 # NOTE: pod_config is generated and transferred into its final location on
11 # cfg01 only during deployment to prevent leaking sensitive data
12 classes:
13   - system.maas.region.single
14   - service.maas.cluster.single
15   - cluster.all-mcp-arch-common.opnfv.lab_proxy_pdf
16   - cluster.all-mcp-arch-common.opnfv.pod_config
17 parameters:
18   _param:
19     linux_system_codename: bionic
20     maas_admin_username: opnfv
21     dns_server01: '{{ nm.dns_public[0] }}'
22     single_address: ${_param:infra_maas_node01_deploy_address}
23     hwe_kernel: 'ga-18.04'
24     opnfv_maas_timeout_comissioning: {{ nm.maas_timeout_comissioning }}
25     opnfv_maas_timeout_deploying: {{ nm.maas_timeout_deploying }}
26   maas:
27     region:
28       services:
29         - maas-regiond
30         - bind9
31 {%- if '-ovs-' in conf.MCP_DEPLOY_SCENARIO or '-fdio-' in conf.MCP_DEPLOY_SCENARIO %}
32       tags:
33         aarch64_hugepages_1g:
34           comment: 'Enable 1G pagesizes on aarch64'
35           definition: '//capability[@id="asimd"]|//capability[@id="cp15_barrier"]'
36           kernel_opts: 'default_hugepagesz=1G hugepagesz=1G'
37 {%- endif %}
38       enable_iframe: False
39       timeout:
40         # Set maas.wait_for_<state> timeouts to ~2.5x of MaaS <state> timeout
41         ready: {{ nm.maas_timeout_comissioning * 150 }}
42         deployed: {{ nm.maas_timeout_deploying * 150 }}
43         attempts: 3
44       boot_sources_delete_all_others: true
45       boot_sources:
46         resources_mirror:
47           url: http://images.maas.io/ephemeral-v3/daily
48           keyring_file: /usr/share/keyrings/ubuntu-cloudimage-keyring.gpg
49       boot_sources_selections:
50         bionic:
51           url: "http://images.maas.io/ephemeral-v3/daily"
52           os: "ubuntu"
53           release: "${_param:linux_system_codename}"
54           arches:
55 {%- for arch in nm.cluster.arch %}
56             - "{{ arch | dpkg_arch }}"
57 {%- endfor %}
58           subarches:
59             - "generic"
60             - "ga-18.04"
61           labels: '"*"'
62       fabrics:
63         pxe_admin:
64           name: 'pxe_admin'
65           description: Fabric for PXE/admin
66           vlans:
67             0:
68               name: 'vlan 0'
69               description: PXE/admin VLAN
70               dhcp: true
71               primary_rack: "${linux:network:hostname}"
72       subnets:
73         {{ nm.net_admin }}:
74           name: {{ nm.net_admin }}
75           cidr: {{ nm.net_admin }}
76           gateway_ip: ${_param:single_address}
77           fabric: ${maas:region:fabrics:pxe_admin:name}
78           vlan: 0
79           ipranges:
80             1:
81               start: {{ nm.net_admin_pool_start }}
82               end: {{ nm.net_admin_pool_end }}
83               type: dynamic
84       sshprefs:
85         - '{{ conf.MAAS_SSH_KEY }}'
86 {%- if 'aarch64' in nm.cluster.arch %}
87       package_repositories:
88         armband:
89           name: armband
90           enabled: '1'
91           url: 'http://linux.enea.com/mcp-repos/${_param:armband_repo_version}/xenial'
92           distributions: '${_param:armband_repo_version}-armband'
93           components: 'main'
94           arches: 'arm64'
95           key: ${_param:armband_key}
96 {%- endif %}
97       salt_master_ip: ${_param:reclass_config_master}
98       domain: ${_param:cluster_domain}
99       ~maas_config:
100         maas_name: mas01
101         active_discovery_interval: 600
102         ntp_external_only: true
103         upstream_dns: ${_param:dns_server01}
104         commissioning_distro_series: 'bionic'
105         default_distro_series: 'bionic'
106         default_osystem: 'ubuntu'
107         default_storage_layout: 'lvm'
108         enable_http_proxy: true
109         disk_erase_with_secure_erase: false
110         dnssec_validation: 'no'
111         enable_third_party_drivers: true
112         network_discovery: 'enabled'
113         default_min_hwe_kernel: ${_param:hwe_kernel}
114     cluster:
115       saltstack_repo_bionic: "deb [arch=amd64] http://repo.saltstack.com/apt/ubuntu/18.04/amd64/2017.7/ bionic main"
116       region:
117         host: ${_param:single_address}
118         port: 5240
119 {%- if '-iec-' not in conf.MCP_DEPLOY_SCENARIO and conf.MCP_KERNEL_VER %}
120       curtin_vars:
121         amd64:
122           bionic: &curtin_vars_bionic
123             kernel_package:
124               enabled: True
125               value: 'linux-image-{{ conf.MCP_KERNEL_VER }}-generic'
126             extra_pkgs:
127               enabled: True
128               pkgs:
129                 - linux-image-{{ conf.MCP_KERNEL_VER }}-generic
130                 - linux-headers-{{ conf.MCP_KERNEL_VER }}-generic
131                 - linux-modules-extra-{{ conf.MCP_KERNEL_VER }}-generic
132         arm64:
133           bionic:
134             <<: *curtin_vars_bionic
135 {%- endif %}
136   linux:
137     system:
138       repo:
139         armband_3:
140           enabled: false
141       ~locale: ''
142       ~kernel:
143         sysctl:
144           net.ipv4.ip_forward: 1
145   iptables:
146     schema:
147       epoch: 1
148     service:
149       v4:
150         enabled: true
151         persistent_config: /etc/iptables/rules.v4
152       v6:
153         enabled: false
154     tables:
155       v4:
156         filter:
157           chains:
158             INPUT:
159               ruleset:
160                 10:
161                   rule: -s ${_param:single_address}/${_param:opnfv_net_admin_mask}
162                 11:
163                   rule: -d ${_param:single_address}/${_param:opnfv_net_admin_mask}
164         nat:
165           chains:
166             POSTROUTING:
167               policy: ACCEPT
168               ruleset:
169                 10:
170                   rule: -s ${_param:single_address}/${_param:opnfv_net_admin_mask}
171                   action: MASQUERADE