From: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Date: Thu, 16 Aug 2018 15:37:06 +0000 (+0000)
Subject: Merge "Fix barbican integration on compute nodes"
X-Git-Tag: opnfv-7.0.0~104
X-Git-Url: https://gerrit.opnfv.org/gerrit/gitweb?a=commitdiff_plain;h=c2902b924da9b2246ec80e7b541950b26ebc8cde;hp=968072a6575f81d1798dfcaa3c1e3d053a742725;p=fuel.git

Merge "Fix barbican integration on compute nodes"
---

diff --git a/ci/deploy.sh b/ci/deploy.sh
index 40176073d..07cde2613 100755
--- a/ci/deploy.sh
+++ b/ci/deploy.sh
@@ -293,6 +293,7 @@ else
       "${virtual_nodes[@]}"
     create_networks "${OPNFV_BRIDGES[@]}"
     do_sysctl_cfg
+    do_udev_cfg
     create_vms "${STORAGE_DIR}" "${virtual_nodes_data}" "${OPNFV_BRIDGES[@]}"
     update_mcpcontrol_network
     start_vms "${virtual_nodes[@]}"
diff --git a/mcp/config/states/openstack_ha b/mcp/config/states/openstack_ha
index 12d6ae656..d7d8cbd45 100755
--- a/mcp/config/states/openstack_ha
+++ b/mcp/config/states/openstack_ha
@@ -68,7 +68,7 @@ salt -I 'aodh:server' state.sls aodh -b 1
 salt -I 'ceilometer:server' state.sls ceilometer
 salt -I 'ceilometer:agent' state.sls ceilometer
 
-salt -I 'horizon:server' state.sls horizon
+salt -I 'horizon:server' state.sls apache,horizon
 salt -I 'nginx:server' state.sls nginx
 
 cluster_public_host=$(salt -C 'I@nginx:server and *01*' --out=yaml \
diff --git a/mcp/config/states/openstack_noha b/mcp/config/states/openstack_noha
index 02530236a..9a42d4813 100755
--- a/mcp/config/states/openstack_noha
+++ b/mcp/config/states/openstack_noha
@@ -56,4 +56,4 @@ salt -I 'aodh:server' state.sls aodh
 salt -I 'ceilometer:server' state.sls ceilometer
 salt -I 'ceilometer:agent' state.sls ceilometer
 
-salt -I 'horizon:server' state.sls horizon
+salt -I 'horizon:server' state.sls apache,horizon
diff --git a/mcp/config/states/virtual_control_plane b/mcp/config/states/virtual_control_plane
index 8105b2666..8ea5047ae 100755
--- a/mcp/config/states/virtual_control_plane
+++ b/mcp/config/states/virtual_control_plane
@@ -57,4 +57,4 @@ wait_for 10.0 "salt -C 'E@^(?!cfg01|mas01|kvm|cmp00).*' ssh.set_auth_key ${SUDO_
 salt -C 'prx*' system.reboot
 wait_for 30.0 "salt -C 'prx*' test.ping"
 
-salt -C 'E@^(?!cfg01|mas01|kvm|cmp00).*' pkg.upgrade refresh=False
+salt -C 'E@^(?!cfg01|mas01|kvm|cmp00).*' pkg.upgrade refresh=False dist_upgrade=True
diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_control.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_control.yml.j2
index 49c299bdf..a7e8fcde3 100644
--- a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_control.yml.j2
+++ b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_control.yml.j2
@@ -23,6 +23,7 @@ classes:
   - system.barbican.server.cluster
   - system.apache.server.site.barbican
   - service.barbican.server.plugin.simple_crypto
+  - system.apache.server.single
   - system.bind.server.single
   - system.haproxy.proxy.listen.openstack.placement
   - system.glusterfs.client.cluster
@@ -126,7 +127,7 @@ parameters:
   apache:
     server:
       bind:
-        ~ports: ~
+        listen_default_ports: false
   # sync from common-ha kvm role
   glusterfs:
     server:
diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_interface_vcp_biport.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_interface_vcp_biport.yml.j2
index 4fa959797..cb4c233cd 100644
--- a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_interface_vcp_biport.yml.j2
+++ b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_interface_vcp_biport.yml.j2
@@ -28,6 +28,7 @@ parameters:
           gateway: {{ nm.net_admin_gw }}
           name_servers:
             - {{ nm.net_admin_gw }}
+          noifupdown: true
         single:
           enabled: true
           type: eth
diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_interface_vcp_triport.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_interface_vcp_triport.yml.j2
index 05550a299..38a436138 100644
--- a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_interface_vcp_triport.yml.j2
+++ b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_interface_vcp_triport.yml.j2
@@ -27,6 +27,7 @@ parameters:
           name: ${_param:pxe_admin_interface}
           address: ${_param:pxe_admin_address}
           netmask: ${_param:opnfv_net_admin_mask}
+          noifupdown: true
         single_int:
           enabled: true
           type: eth
diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_proxy.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_proxy.yml.j2
index d7ccff532..c23b50993 100644
--- a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_proxy.yml.j2
+++ b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_proxy.yml.j2
@@ -14,6 +14,7 @@ classes:
   - system.nginx.server.proxy.openstack_web
   - system.nginx.server.proxy.openstack.aodh
   - system.nginx.server.proxy.openstack.ceilometer
+  - system.apache.server.single
   - system.horizon.server.single
   - system.salt.minion.cert.proxy
   - system.sphinx.server.doc.reclass
@@ -93,3 +94,7 @@ parameters:
       vrrp_scripts:
         check_pidof:
           args: 'nginx'
+  apache:
+    server:
+      bind:
+        listen_default_ports: false
diff --git a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_telemetry.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_telemetry.yml.j2
index c55ea0049..9a9144ca7 100644
--- a/mcp/reclass/classes/cluster/mcp-common-ha/openstack_telemetry.yml.j2
+++ b/mcp/reclass/classes/cluster/mcp-common-ha/openstack_telemetry.yml.j2
@@ -69,6 +69,8 @@ parameters:
         - python-memcache
   apache:
     server:
+      bind:
+        listen_default_ports: false
       ~modules:
         - rewrite
 {%- if conf.MCP_VCP %} {#- wsgi module will be enabled by a different class inherited later #}
diff --git a/mcp/reclass/classes/cluster/mcp-common-noha/openstack_compute_pdf.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-noha/openstack_compute_pdf.yml.j2
index aebd88828..b6cba0ca9 100644
--- a/mcp/reclass/classes/cluster/mcp-common-noha/openstack_compute_pdf.yml.j2
+++ b/mcp/reclass/classes/cluster/mcp-common-noha/openstack_compute_pdf.yml.j2
@@ -34,6 +34,7 @@ parameters:
           address: ${_param:pxe_admin_address}
           netmask: ${_param:opnfv_net_admin_mask}
           mtu: ${_param:interface_mtu}
+          noifupdown: true
         primary_interface:
           enabled: true
           name: ${_param:primary_interface}
diff --git a/mcp/reclass/classes/cluster/mcp-common-noha/openstack_control.yml b/mcp/reclass/classes/cluster/mcp-common-noha/openstack_control.yml
index 2ca17ef73..ed1d0649c 100644
--- a/mcp/reclass/classes/cluster/mcp-common-noha/openstack_control.yml
+++ b/mcp/reclass/classes/cluster/mcp-common-noha/openstack_control.yml
@@ -60,6 +60,7 @@ classes:
   - system.apache.server.site.gnocchi
   - system.apache.server.site.panko
   - system.apache.server.site.barbican
+  - system.apache.server.single
   - system.horizon.server.single
   - service.haproxy.proxy.single
   - cluster.mcp-common-noha.haproxy_openstack_api
@@ -175,6 +176,8 @@ parameters:
       root_helper_daemon: false
   apache:
     server:
+      bind:
+        listen_default_ports: false
       site:
         gnocchi: &wsgi_threads
           wsgi:
diff --git a/mcp/reclass/classes/cluster/mcp-common-noha/openstack_control_pdf.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-noha/openstack_control_pdf.yml.j2
index b0b55afb9..503bbecb2 100644
--- a/mcp/reclass/classes/cluster/mcp-common-noha/openstack_control_pdf.yml.j2
+++ b/mcp/reclass/classes/cluster/mcp-common-noha/openstack_control_pdf.yml.j2
@@ -18,6 +18,7 @@ parameters:
           type: eth
           address: ${_param:pxe_admin_address}
           netmask: ${_param:opnfv_net_admin_mask}
+          noifupdown: true
         single_int:
           enabled: true
           name: {{ nm.ctl01.nic_mgmt }}
diff --git a/mcp/reclass/classes/cluster/mcp-common-noha/openstack_gateway_pdf.yml.j2 b/mcp/reclass/classes/cluster/mcp-common-noha/openstack_gateway_pdf.yml.j2
index 4f22d4fa2..5b104429d 100644
--- a/mcp/reclass/classes/cluster/mcp-common-noha/openstack_gateway_pdf.yml.j2
+++ b/mcp/reclass/classes/cluster/mcp-common-noha/openstack_gateway_pdf.yml.j2
@@ -24,6 +24,7 @@ parameters:
           address: ${_param:pxe_admin_address}
           netmask: ${_param:opnfv_net_admin_mask}
           mtu: ${_param:interface_mtu}
+          noifupdown: true
         primary_interface:
           enabled: true
           name: ${_param:primary_interface}
diff --git a/mcp/reclass/classes/cluster/mcp-odl-noha/opendaylight/control_pdf.yml.j2 b/mcp/reclass/classes/cluster/mcp-odl-noha/opendaylight/control_pdf.yml.j2
index 5bb591765..bd7c91079 100644
--- a/mcp/reclass/classes/cluster/mcp-odl-noha/opendaylight/control_pdf.yml.j2
+++ b/mcp/reclass/classes/cluster/mcp-odl-noha/opendaylight/control_pdf.yml.j2
@@ -21,6 +21,7 @@ parameters:
           gateway: {{ nm.net_admin_gw }}
           name_servers:
             - {{ nm.net_admin_gw }}
+          noifupdown: true
         single_int:
           enabled: true
           name: {{ nm.ctl01.nic_mgmt }}
diff --git a/mcp/scripts/lib.sh b/mcp/scripts/lib.sh
index 4e4f36908..c566cc993 100644
--- a/mcp/scripts/lib.sh
+++ b/mcp/scripts/lib.sh
@@ -546,6 +546,13 @@ function wait_for {
   )
 }
 
+function do_udev_cfg {
+  local _conf='/etc/udev/rules.d/99-opnfv-fuel-vnet-mtu.rules'
+  # http://linuxaleph.blogspot.com/2013/01/how-to-network-jumbo-frames-to-kvm-guest.html
+  echo 'SUBSYSTEM=="net", ACTION=="add", KERNEL=="vnet*", RUN+="/sbin/ip link set mtu 9000 dev '"'"%k"'"'"' |& sudo tee "${_conf}"
+  sudo udevadm control --reload || true
+}
+
 function do_sysctl_cfg {
   local _conf='/etc/sysctl.d/99-opnfv-fuel-bridge.conf'
   # https://wiki.libvirt.org/page/Net.bridge.bridge-nf-call_and_sysctl.conf