# NOTE: pod_config is generated and transferred into its final location on
# cfg01 only during deployment to prevent leaking sensitive data
classes:
- - system.linux.system.single.simple
- system.maas.region.single
- service.maas.cluster.single
- cluster.all-mcp-arch-common.opnfv.lab_proxy_pdf
mcpcontrol_interface: ${_param:opnfv_fn_vm_primary_interface}
primary_interface: ${_param:opnfv_fn_vm_secondary_interface}
pxe_admin_interface: ${_param:opnfv_fn_vm_tertiary_interface}
- interface_mtu: 1500
- # MaaS has issues using MTU > 1500 for PXE interface
- pxe_admin_interface_mtu: 1500
linux_system_codename: xenial
maas_admin_username: opnfv
- maas_admin_password: opnfv_secret
- maas_db_password: opnfv_secret
dns_server01: '{{ nm.dns_public[0] }}'
- single_address: ${_param:infra_maas_node01_deploy_address}
+ pxe_admin_address: ${_param:infra_maas_node01_deploy_address}
+ single_address: ${_param:pxe_admin_address}
hwe_kernel: 'hwe-16.04'
opnfv_maas_timeout_comissioning: {{ nm.maas_timeout_comissioning }}
opnfv_maas_timeout_deploying: {{ nm.maas_timeout_deploying }}
maas:
region:
+ timeout:
+ # Set maas.wait_for_<state> timeouts to ~2.5x of MaaS <state> timeout
+ ready: {{ nm.maas_timeout_comissioning * 150 }}
+ deployed: {{ nm.maas_timeout_deploying * 150 }}
+ attempts: 3
boot_sources_delete_all_others: true
boot_sources:
resources_mirror:
distributions: '${_param:openstack_version}-armband'
components: 'main'
arches: 'arm64'
- key: &armband_key |
- -----BEGIN PGP PUBLIC KEY BLOCK-----
- Version: GnuPG v2.0.14 (GNU/Linux)
-
- mQENBFagAroBCADWboNIjuF6lB1mWv2+EbvqY3lKl5mLKhr2DnSUkKeHUPBv8gNM
- qK8Q00AMIyPiyEhgjA+dWizZ+5aBgxoiY7oMeLJ2Xym36U/8SYq2BWd3SGCbMNoz
- SJDxDUSM/HFVs6atF1M3DY9oN65hSVnu4uy5Tu6asf6k4rhAyk0z4+pRcPBCu2vq
- mnGi3COM/+9PShrEKeVOx5W2vRJywUFuq8EDvQnRoJ0GvM28JiJIanw17YwIPxhg
- BKZVpZjan5X+ihVMXwA2h/G/FS5Omhd50RqV6LWSYs94VJJgYqHx8UMm7izcxI+P
- ct3IcbD195bPbJ+SbuiFe45ZLsdY1MyGiU2BABEBAAG0K0VuZWEgQXJtYmFuZCBE
- ZXZvcHMgVGVhbSA8YXJtYmFuZEBlbmVhLmNvbT6JATgEEwECACICGwMGCwkIBwMC
- BhUIAgkKCwQWAgMBAh4BAheABQJaY3bYAAoJEN6rkLp5irHRoQMH/0PYl0A/6eWw
- nQ/szhEFrr76Ln6wA4vEO+PiuWj9kTkZM2NaCnkisrIuHSPIVvOLfFmztbE6sKGe
- t+a2b7Jqw48DZ/gq508aZE4Q307ookxdCOrzIu/796hFO34yXg3sqZoJh3VmKIjY
- 4DL8yG1iAiQ5vOw3IFWQnATwIZUgaCcjmE7HGap+9ePuJfFuQ8mIG5cy28t8qocx
- AB/B2tucfBMwomYxKqgbLI5AG7iSt58ajvrrNa9f8IX7Ihj/jiuXhUwX+geEp98K
- IWVI1ftEthZvfBpZW4BS98J4z//dEPi31L4jb9RQXq3afF2RpXchDeUN85bW45nu
- W/9PMAlgE/U=
- =m+zE
- -----END PGP PUBLIC KEY BLOCK-----
+ key: ${_param:armband_key}
{%- endif %}
salt_master_ip: ${_param:reclass_config_master}
domain: ${_param:cluster_domain}
linux:
system:
kernel:
- ~boot_options:
- - ipv6.disable=0
+ sysctl:
+ net.ipv4.ip_forward: 1
network:
interface:
mcpcontrol_interface:
name: ${_param:mcpcontrol_interface}
type: eth
proto: dhcp
+ mtu: ${_param:interface_mtu}
primary_interface:
enabled: true
name: ${_param:primary_interface}
pxe_admin_interface:
enabled: true
name: ${_param:pxe_admin_interface}
- mtu: ${_param:pxe_admin_interface_mtu}
+ # MaaS has issues using MTU > 1500 for PXE interface
+ mtu: 1500
proto: static
address: ${_param:single_address}
netmask: ${_param:opnfv_net_admin_mask}
type: eth
+ iptables:
+ schema:
+ epoch: 1
+ service:
+ v4:
+ enabled: true
+ persistent_config: /etc/iptables/rules.v4
+ v6:
+ enabled: false
+ tables:
+ v4:
+ filter:
+ chains:
+ INPUT:
+ ruleset:
+ 10:
+ rule: -s ${_param:single_address}/${_param:opnfv_net_admin_mask}
+ 11:
+ rule: -d ${_param:single_address}/${_param:opnfv_net_admin_mask}
+ nat:
+ chains:
+ POSTROUTING:
+ policy: ACCEPT
+ ruleset:
+ 10:
+ rule: -s ${_param:single_address}/${_param:opnfv_net_admin_mask}
+ action: MASQUERADE