X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=blobdiff_plain;f=mcp%2Freclass%2Fclasses%2Fcluster%2Fall-mcp-arch-common%2Finfra%2Fmaas.yml.j2;h=18d2081342659ab556b24633603007ff8c041a57;hb=refs%2Fchanges%2F39%2F66039%2F1;hp=d980c29d43af1220e428924a78bfabc11e85e927;hpb=3c08037cf9527ced474bc847cf7d463fb0439954;p=fuel.git

diff --git a/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/maas.yml.j2 b/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/maas.yml.j2
index d980c29d4..18d208134 100644
--- a/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/maas.yml.j2
+++ b/mcp/reclass/classes/cluster/all-mcp-arch-common/infra/maas.yml.j2
@@ -19,20 +19,21 @@ parameters:
     mcpcontrol_interface: ${_param:opnfv_fn_vm_primary_interface}
     primary_interface: ${_param:opnfv_fn_vm_secondary_interface}
     pxe_admin_interface: ${_param:opnfv_fn_vm_tertiary_interface}
-    interface_mtu: 1500
-    # MaaS has issues using MTU > 1500 for PXE interface
-    pxe_admin_interface_mtu: 1500
     linux_system_codename: xenial
     maas_admin_username: opnfv
-    maas_admin_password: opnfv_secret
-    maas_db_password: opnfv_secret
     dns_server01: '{{ nm.dns_public[0] }}'
-    single_address: ${_param:infra_maas_node01_deploy_address}
+    pxe_admin_address: ${_param:infra_maas_node01_deploy_address}
+    single_address: ${_param:pxe_admin_address}
     hwe_kernel: 'hwe-16.04'
     opnfv_maas_timeout_comissioning: {{ nm.maas_timeout_comissioning }}
     opnfv_maas_timeout_deploying: {{ nm.maas_timeout_deploying }}
   maas:
     region:
+      timeout:
+        # Set maas.wait_for_<state> timeouts to ~2.5x of MaaS <state> timeout
+        ready: {{ nm.maas_timeout_comissioning * 150 }}
+        deployed: {{ nm.maas_timeout_deploying * 150 }}
+        attempts: 3
       boot_sources_delete_all_others: true
       boot_sources:
         resources_mirror:
@@ -81,63 +82,19 @@ parameters:
         armband:
           name: armband
           enabled: '1'
-          url: 'http://linux.enea.com/mcp-repos/${_param:openstack_version}/${_param:linux_system_codename}'
-          distributions: '${_param:openstack_version}-armband'
+          url: 'http://linux.enea.com/mcp-repos/${_param:armband_repo_version}/${_param:linux_system_codename}'
+          distributions: '${_param:armband_repo_version}-armband'
           components: 'main'
           arches: 'arm64'
-          key: &armband_key |
-            -----BEGIN PGP PUBLIC KEY BLOCK-----
-            Version: GnuPG v2.0.14 (GNU/Linux)
-
-            mQENBFagAroBCADWboNIjuF6lB1mWv2+EbvqY3lKl5mLKhr2DnSUkKeHUPBv8gNM
-            qK8Q00AMIyPiyEhgjA+dWizZ+5aBgxoiY7oMeLJ2Xym36U/8SYq2BWd3SGCbMNoz
-            SJDxDUSM/HFVs6atF1M3DY9oN65hSVnu4uy5Tu6asf6k4rhAyk0z4+pRcPBCu2vq
-            mnGi3COM/+9PShrEKeVOx5W2vRJywUFuq8EDvQnRoJ0GvM28JiJIanw17YwIPxhg
-            BKZVpZjan5X+ihVMXwA2h/G/FS5Omhd50RqV6LWSYs94VJJgYqHx8UMm7izcxI+P
-            ct3IcbD195bPbJ+SbuiFe45ZLsdY1MyGiU2BABEBAAG0K0VuZWEgQXJtYmFuZCBE
-            ZXZvcHMgVGVhbSA8YXJtYmFuZEBlbmVhLmNvbT6JATgEEwECACICGwMGCwkIBwMC
-            BhUIAgkKCwQWAgMBAh4BAheABQJaY3bYAAoJEN6rkLp5irHRoQMH/0PYl0A/6eWw
-            nQ/szhEFrr76Ln6wA4vEO+PiuWj9kTkZM2NaCnkisrIuHSPIVvOLfFmztbE6sKGe
-            t+a2b7Jqw48DZ/gq508aZE4Q307ookxdCOrzIu/796hFO34yXg3sqZoJh3VmKIjY
-            4DL8yG1iAiQ5vOw3IFWQnATwIZUgaCcjmE7HGap+9ePuJfFuQ8mIG5cy28t8qocx
-            AB/B2tucfBMwomYxKqgbLI5AG7iSt58ajvrrNa9f8IX7Ihj/jiuXhUwX+geEp98K
-            IWVI1ftEthZvfBpZW4BS98J4z//dEPi31L4jb9RQXq3afF2RpXchDeUN85bW45nu
-            W/9PMAlgE/U=
-            =m+zE
-            -----END PGP PUBLIC KEY BLOCK-----
+          key: ${_param:armband_key}
 {%- endif %}
-      machines:
-      {%- set pxe_interface = conf.idf.net_config.admin.interface %}
-      {%- for node in conf.nodes %}
-      {%- if node.node.type == 'baremetal' %}
-        {%- if loop.index > nm.cmp001.idx %}
-        cmp{{ '%03d' | format(loop.index - nm.cmp001.idx) }}:
-        {%- else %}
-        kvm{{ '%02d' | format(loop.index) }}:
-        {%- endif %}
-          interface:
-            mac: {{ node.interfaces[pxe_interface].mac_address }}
-          power_parameters:
-            power_address: {{ node.remote_management.address.rsplit('/')[0] }}
-            power_password: {{ node.remote_management.pass }}
-            power_type: {{ node.remote_management.type }}
-            power_user: {{ node.remote_management.user }}
-          architecture: {{ node.node.arch | dpkg_arch }}/generic
-          distro_series: xenial
-          hwe_kernel: ${_param:hwe_kernel}
-          {%- if loop.index > nm.cmp001.idx %}
-          disk_layout:
-            type: lvm
-            root_device: sda
-            volume_group: vgroot
-            volume_name: lvroot
-            volume_size: 100
-          {%- endif %}
-      {%- endif %}
-      {%- endfor %}
       salt_master_ip: ${_param:reclass_config_master}
       domain: ${_param:cluster_domain}
-      maas_config:
+      ~maas_config:
+        maas_name: mas01
+        active_discovery_interval: 600
+        ntp_external_only: true
+        upstream_dns: ${_param:dns_server01}
         commissioning_distro_series: 'xenial'
         default_distro_series: 'xenial'
         default_osystem: 'ubuntu'
@@ -149,8 +106,12 @@ parameters:
         network_discovery: 'enabled'
         default_min_hwe_kernel: ${_param:hwe_kernel}
     cluster:
-      saltstack_repo_xenial: "deb [arch=amd64] http://repo.saltstack.com/apt/ubuntu/16.04/amd64/2016.11/ xenial main"
+      saltstack_repo_xenial: "deb [arch=amd64] http://repo.saltstack.com/apt/ubuntu/16.04/amd64/2017.7/ xenial main"
   linux:
+    system:
+      kernel:
+        sysctl:
+          net.ipv4.ip_forward: 1
     network:
       interface:
         mcpcontrol_interface:
@@ -158,19 +119,58 @@ parameters:
           name: ${_param:mcpcontrol_interface}
           type: eth
           proto: dhcp
+          mtu: ${_param:interface_mtu}
         primary_interface:
           enabled: true
           name: ${_param:primary_interface}
+          type: eth
+{%- if conf.idf.fuel.jumphost.get('trunks', {}).get('mgmt', False) and (nm.vlan_mgmt | int > 0) %}
+          proto: manual
           mtu: ${_param:interface_mtu}
+        primary_interface_vlan:
+          enabled: true
+          type: vlan
+          name: ${_param:primary_interface}.{{ nm.vlan_mgmt }}
+          use_interfaces:
+            - ${_param:primary_interface}
+{%- endif %}
           proto: static
+          mtu: ${_param:interface_mtu}
           address: ${_param:infra_maas_node01_address}
           netmask: ${_param:opnfv_net_mgmt_mask}
-          type: eth
         pxe_admin_interface:
           enabled: true
           name: ${_param:pxe_admin_interface}
-          mtu: ${_param:pxe_admin_interface_mtu}
+          # MaaS has issues using MTU > 1500 for PXE interface
+          mtu: 1500
           proto: static
           address: ${_param:single_address}
           netmask: ${_param:opnfv_net_admin_mask}
           type: eth
+  iptables:
+    schema:
+      epoch: 1
+    service:
+      v4:
+        enabled: true
+        persistent_config: /etc/iptables/rules.v4
+      v6:
+        enabled: false
+    tables:
+      v4:
+        filter:
+          chains:
+            INPUT:
+              ruleset:
+                10:
+                  rule: -s ${_param:single_address}/${_param:opnfv_net_admin_mask}
+                11:
+                  rule: -d ${_param:single_address}/${_param:opnfv_net_admin_mask}
+        nat:
+          chains:
+            POSTROUTING:
+              policy: ACCEPT
+              ruleset:
+                10:
+                  rule: -s ${_param:single_address}/${_param:opnfv_net_admin_mask}
+                  action: MASQUERADE