fuel.git
5 years agoaarch64: Add kpti=off similar to x86_64 nopti 04/69604/4
Alexandru Avadanii [Wed, 29 Jan 2020 14:40:12 +0000 (15:40 +0100)]
aarch64: Add kpti=off similar to x86_64 nopti

arm64 kernels use a different kernel option (kpti=off vs nopti) to
disable PTI, so sync the two platform configurations.

Conveniently, this also bypasses kernel 4.15 issues described in [1],
so apply the kernel option customisation via MaaS too, to allow aarch64
deployments to bootstrap using 4.15 kernel (with the downside of these
args being duplicated by Salt later in HA scenarios).

PTI is now disabled for baremetal nodes (via MaaS, no matter the
scenario) and/or for kvm/cmp hosts (in HA scenarios only).

While at it, install missing thin provisioning tools in aarch64
bootstrap image for MaaS deploy stage to succeed.

[1] https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1857074

Change-Id: Ibd1f57f24abc690b0f13b6298f25d7e8a1af1567
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
5 years agoaarch64: docker: Add missing setuptools dep 98/69598/1
Alexandru Avadanii [Wed, 29 Jan 2020 08:02:43 +0000 (09:02 +0100)]
aarch64: docker: Add missing setuptools dep

Change-Id: I4fd461c0ea861d541ab001431c9e2f21cfaea1b4
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
5 years agoMerge "cfg01, mas01: Switch to Ubuntu Bionic"
Alexandru Avadanii [Tue, 28 Jan 2020 16:07:00 +0000 (16:07 +0000)]
Merge "cfg01, mas01: Switch to Ubuntu Bionic"

5 years agomaas: curtin: Fix generic kernel dep purge 92/69592/2
Alexandru Avadanii [Tue, 28 Jan 2020 15:25:50 +0000 (16:25 +0100)]
maas: curtin: Fix generic kernel dep purge

When installing a custom kernel, purge the generic linux-image/headers
packages too to avoid dependency conflicts.

Change-Id: I4108350643fb97845decf48b9a281c471dad2a82
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
5 years agocfg01, mas01: Switch to Ubuntu Bionic 82/69582/6
Alexandru Avadanii [Sun, 26 Jan 2020 15:58:13 +0000 (16:58 +0100)]
cfg01, mas01: Switch to Ubuntu Bionic

Pin salt-formula-nfs to a commit before 'mount.opts' was introduced.
Adapt salt-formula-maas bits for MaaS 2.4 (shipped by default in
Bionic) compatibility.

Change-Id: I42f436203d3fbdb777d6b3eff9ac185240088742
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
5 years agomaas: Switch back to ga-18.04 kernel during deploy 81/69581/3
Alexandru Avadanii [Sun, 26 Jan 2020 15:40:50 +0000 (16:40 +0100)]
maas: Switch back to ga-18.04 kernel during deploy

hwe-18.04, currently based on 5.3 kernel in Bionic, has issues on both
x86_64 and aarch64 nodes, so use ga-18.04, currently based on 4.15.

If MCP_KERNEL_VER is set (currently pinned to 5.0), the ga-18.04 kernel
is replaced by the specified version after the MaaS commissioning,
initial MaaS deployment.

Change-Id: Ibe8e27217025290c1263f8dca9496b2cde24368c
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
5 years agodocker build, deploy: Switch tooling to python3 80/69580/3
Alexandru Avadanii [Sun, 26 Jan 2020 13:25:05 +0000 (14:25 +0100)]
docker build, deploy: Switch tooling to python3

Python2.7 is deprecated and packages are starting to enforce py3
usage (e.g. dockermake recently started supporting only 3.6).

Switch pipenv to python3, but allow pyhton3.5 by pinning dockermake
to v0.8 since Ubuntu Xenial does not have python3.6 easily available.

While at it, switch deploy tooling (PDF/IDF configuration parsing)
from python2 to pyhton3 too and fix some jumphost package requirements.

Change-Id: Id66d08d0f51a1bc35c1d78c1956df832a5536bde
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
5 years agoall: Pin Ubuntu kernel to 5.0.0-37 for Bionic 67/69567/7
Alexandru Avadanii [Mon, 20 Jan 2020 11:12:50 +0000 (12:12 +0100)]
all: Pin Ubuntu kernel to 5.0.0-37 for Bionic

Ubuntu kernel meta packages are all broken on at least one platform
architecture, so pin the kernel version to 5.0.0-37, which is known to
be stable.

Make the kernel version configurable via a new enviroment variable,
MCP_KERNEL_VER in globals.sh. If not defined, the ga-18.04 kernel is
left unchanged (based on upstream kernel 4.15), except for baremetal
nodes providioned by MaaS which currently use the HWE kernel (based on
5.3 in Bionic).

Change-Id: I648d09b22f6080efd2bce26b6a06fecc3f6b4599
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
5 years agoMerge "odl-ovs noha: Support VLAN tagged public"
Alexandru Avadanii [Fri, 17 Jan 2020 21:18:09 +0000 (21:18 +0000)]
Merge "odl-ovs noha: Support VLAN tagged public"

5 years agoall: Actually honor public DNS set in IDF 61/69561/1
Alexandru Avadanii [Wed, 15 Jan 2020 17:05:55 +0000 (18:05 +0100)]
all: Actually honor public DNS set in IDF

We currently do not configure linux:network:resolv:dns via reclass
pillar data, so we don't actually enforce the public DNS set in
the IDF file, but instead leave it to the OS to figure it out, which
most of the time works fine, but it's not completely reliable.

Change that behavior to instead enforce it via linux.network.resolv
state across all cluster nodes.

Change-Id: I4f82315a473fcbdc8573380cfcac1e30b44c3dd4
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
5 years agoodl-ovs noha: Support VLAN tagged public 59/69559/1
Alexandru Avadanii [Thu, 16 Jan 2020 10:15:07 +0000 (11:15 +0100)]
odl-ovs noha: Support VLAN tagged public

Some baremetal servers might have VLAN tagged public interfaces
configured via PDF/IDF, adjust our compute networking j2 handling to
accomodate that.

Change-Id: I97c07f9742a09cd01e7aecf118ada270a682280e
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
5 years agoodl: Make odl_hostconfig patching idempotent 57/69557/1
Alexandru Avadanii [Wed, 15 Jan 2020 17:05:55 +0000 (18:05 +0100)]
odl: Make odl_hostconfig patching idempotent

Although rarely, ODL hostconfig patching for py3 compatibility
silently fails, leading to fatal errors in later deploy stages.
Skip said patch if already applied, respectively fail if the patch
can't be applied.

Change-Id: I1addf17f61fa01055c0db83056870a7e7b8d3a42
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
5 years agoMerge "fdio noha: Workaround tap MAC generation issues"
Alexandru Avadanii [Wed, 15 Jan 2020 10:24:44 +0000 (10:24 +0000)]
Merge "fdio noha: Workaround tap MAC generation issues"

5 years agoiec: Use 4.x kernel for K8s compatibility 53/69553/1
Alexandru Avadanii [Tue, 14 Jan 2020 20:20:18 +0000 (21:20 +0100)]
iec: Use 4.x kernel for K8s compatibility

Change-Id: Ic720a1d35d7396aad94dbe0e63aa089fa5c23508
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
5 years agofdio noha: Workaround tap MAC generation issues 47/69547/1
Alexandru Avadanii [Tue, 14 Jan 2020 13:11:17 +0000 (14:11 +0100)]
fdio noha: Workaround tap MAC generation issues

systemd 230..241 has issues generating persistent MAC addresses
for bridge/tap/etc network devices, causing trouble for VPP agent
hooking tap devices to the bridges it creates on the fly.

Work around this by disabling the faulty policy, as suggested in [1].

[1] https://github.com/systemd/systemd/issues/3374

Change-Id: I8d568bc0a859256d1493bf9f8261d60943fa60e0
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
5 years agofdio virtual: Bump cmp/gtw RAM to avoid OOM 42/69542/1
Alexandru Avadanii [Tue, 14 Jan 2020 09:39:51 +0000 (10:39 +0100)]
fdio virtual: Bump cmp/gtw RAM to avoid OOM

Some PODs (e.g. ericsson-virtual*) use more than 5000 x 2M hugepages,
together with 3G+ per-socket dpdk memory. Adjust our FDIO scenario
definitions to accomodate such configurations without triggering the
OOM.

Change-Id: Ibce2316f158bde98ad8e54f3eec75a827982d417
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
5 years agobaremetal, virtual: Bump kernel to hwe-18.04 (5.0) 25/69525/4
Alexandru Avadanii [Wed, 8 Jan 2020 16:33:13 +0000 (17:33 +0100)]
baremetal, virtual: Bump kernel to hwe-18.04 (5.0)

On some aarch64 platforms (e.g. ThunderX 1), lvcreate manifests some
spurious timing issues resulting in incomplete/corrupted LVM thin

creation and eventually to transaction ID mismatch between userspace
and kernel space.

This eventually leads to cinder-volume issues, either when creating
the thin storage pool (vgroot-pool) and/or when creating the LVs
inside said pool.

The issue manifests spuriously on Ubuntu Bionic + UCA, so until a
working combination of userspace/kernel is found, work around this
by bumping the kernel package to hwe-18.04 (kernel 5.0),
effectively bypassing the timing issues during volume creation.

This affects all cluster machines (both HA and NOHA scenarios,
baremetal and virtual, x86_64 and aarch64, baremetal and virtualized
nodes).

Note: Ubuntu Bionic cloud image partition handling requires e2fsprogs
1.43, not currently available on Ubuntu Xenial / CentOS 7.

Change-Id: I839e03080104c391fe18185b9544c9df43c114e6
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
5 years agoha, noha: Fix Horizon stale cache after install 21/69521/1
Alexandru Avadanii [Mon, 6 Jan 2020 15:39:35 +0000 (16:39 +0100)]
ha, noha: Fix Horizon stale cache after install

Partially revert more from commit 63b712d, it turns out static files
were not always up to date after the package install, so force a
refresh.

While at it, fold some common libvirt pillar configuration.

Fixes: af1a4adf

Change-Id: I1b4c20cfa9ae08d1cd7b0b774b544b76fc73a715
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
5 years agoaarch64: Workaround broken lshw CPU detection 90/69490/1
Alexandru Avadanii [Fri, 3 Jan 2020 13:50:33 +0000 (14:50 +0100)]
aarch64: Workaround broken lshw CPU detection

On some aarch64 platforms (e.g. ThunderX), the DMI tables parsed by
lshw lead to wrong CPU capabilities detection, breaking our MaaS tag
filtering (which used to rely solely on CPU having asimd caps).
Extend the tag filtering condition to also include nodes that report
`cp15_barrier` platform capability. Note that not all aarch64 systems
include this cap explicitly (especially since it's been deprecated in
ARM v8), but it is currently reported by the platforms where asimd is
not properly detected.

This is merely a workaround for the broken lshw version in Ubuntu Bionic
(B.02.18).

Change-Id: I4a5c0d6af4d863d2ca094d6926a65ee90dee0e07
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
5 years agonoha: Re-enable Horizon dashboard, fix CSS 74/69474/1
Alexandru Avadanii [Mon, 30 Dec 2019 15:12:14 +0000 (16:12 +0100)]
noha: Re-enable Horizon dashboard, fix CSS

- ha, noha: Fix misaligned python 3 requirement for Horizon:
  * python3-pylibmc
- ha, noha: Partially revert commit 63b712d:
  "[Horizon] Drop the obsolete Horizon workaround"
  Since we switched back from MCP Horizon package to UCA,
  fix misaligned expected static resources location.
- noha: Enable nginx proxy on ctl01 node for serving the Horizon
  dashboard at http://<cluster public VIP>:80 (http only, no SSL).

Change-Id: I5f930a5826a818791183d3910aa0e5607924e8f3
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
5 years agoaarch64: Pin qemu-efi from Armband repos 72/69472/1
Alexandru Avadanii [Mon, 30 Dec 2019 10:27:42 +0000 (11:27 +0100)]
aarch64: Pin qemu-efi from Armband repos

Upstream (UCA) qemu-efi (AAVMF) package is incompatible
with most cloud images, e.g. Cirros used by Functest,
resulting in kernel boot issues and/or missing serial console
output.

Work around this by pinning the qemu-efi Debian package from
the old Armband repositories. This should fix singlevm1 functest
testcase.

Change-Id: Ibbe2218d99881f6fec89846497c2cc248aab5031
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
5 years ago[fdio] Bump VPP to 19.08.1-release 51/69251/6
Alexandru Avadanii [Tue, 3 Dec 2019 15:01:42 +0000 (16:01 +0100)]
[fdio] Bump VPP to 19.08.1-release

- refresh formula patches with new package names where necessary;
- switch to packagecloud.io repositories;

Change-Id: I1178a387891d34117c162380d8247eb7a4212359
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
5 years ago[ha] [odl] Patch hostconfig for py3 compat 12/68712/2
Alexandru Avadanii [Tue, 29 Oct 2019 22:14:30 +0000 (23:14 +0100)]
[ha] [odl] Patch hostconfig for py3 compat

Change-Id: Id6754dec226e75b9ee1e8c19ac04531b9f277e0f
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
6 years ago[baremetal] Stein, Bionic, py3 support 82/68682/2
Alexandru Avadanii [Mon, 7 Oct 2019 15:07:31 +0000 (17:07 +0200)]
[baremetal] Stein, Bionic, py3 support

Change-Id: If3f8cb6bfeedeb766a050d5a271b21c90bb3ba1c
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
6 years agodocker-compose: Align hosts with hostname 86/68486/3
Alexandru Avadanii [Mon, 16 Sep 2019 15:18:17 +0000 (17:18 +0200)]
docker-compose: Align hosts with hostname

When using Docker CE 19.x, `hostname -d` fails to properly resolve
the domainname due to changes in the way Docker sets it inside the
container.

Work around this issue by aligning the contents of `/etc/hostname`
with `/etc/hosts`, so `hostname -d` can properly determine the
domain name. This also requires calling `hostname -b` via cfg01
entrypoint.sh.

Change-Id: I697b5d9882e3d6641712a00bca10012800ee1898
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
6 years agoConform ovsdb listen port to os-vif defaults 28/68328/1
Michael Polenchuk [Thu, 8 Aug 2019 06:37:17 +0000 (10:37 +0400)]
Conform ovsdb listen port to os-vif defaults

Nova (by means of os-vif lib) uses 6640 port by default
to connect to remote ovsdb over tcp/ssl.

Change-Id: I1372d8a3170b00243a5756b15a140aafe03dc268
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
6 years ago[k8s] Adjust scenario for bionic 93/68293/4
Michael Polenchuk [Wed, 31 Jul 2019 09:32:01 +0000 (13:32 +0400)]
[k8s] Adjust scenario for bionic

Change-Id: I5c7a1e827446189b98b924ffd4272acf1a794697
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
6 years ago[dpdk] Remove invalid vhost options 87/68287/1
Michael Polenchuk [Tue, 30 Jul 2019 09:33:58 +0000 (13:33 +0400)]
[dpdk] Remove invalid vhost options

With DPDK 18.11 the vhost owner/perm options have to be removed
since libvirt creates the server side of the socket and OVS
connects to it using DPDK as a client.

Change-Id: Ic33de66dcc0830cd31fc54880c524f850e2c4ea1
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
6 years agoMerge "[deploy] Explicitly set NS for resolvconf in VMs"
Michael Polenchuk [Tue, 30 Jul 2019 06:04:05 +0000 (06:04 +0000)]
Merge "[deploy] Explicitly set NS for resolvconf in VMs"

6 years ago[deploy] Explicitly set NS for resolvconf in VMs 85/68285/2
Alexandru Avadanii [Mon, 29 Jul 2019 15:27:13 +0000 (17:27 +0200)]
[deploy] Explicitly set NS for resolvconf in VMs

With newer Ubuntu distros using netplan and systemd-resolve, we
can't rely on /etc/resolv.conf found on the Jumphost being usable
inside the guest VMs, so explicitly use the public network DNS
servers configured in PDF/IDF.

This will enable support for Jumpserver operating systems like Ubuntu
18.04.

Change-Id: I0c7e02d5c1b822f809ce818e739c19d0344f39f5
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
6 years agoMerge "Update OpenDaylight version to Neon"
Michael Polenchuk [Mon, 29 Jul 2019 06:14:19 +0000 (06:14 +0000)]
Merge "Update OpenDaylight version to Neon"

6 years agoMerge "[iec] centos: Preinstall git into cloud image"
Alexandru Avadanii [Wed, 24 Jul 2019 13:47:10 +0000 (13:47 +0000)]
Merge "[iec] centos: Preinstall git into cloud image"

6 years ago[iec] centos: Preinstall git into cloud image 52/68252/1
Alexandru Avadanii [Mon, 22 Jul 2019 13:10:24 +0000 (15:10 +0200)]
[iec] centos: Preinstall git into cloud image

While at it, fix CentOS selinux preconfiguration on x86_64, which
was previously limited (incorrectly) to AArch64.

Change-Id: I2d6604d3eea2bfc11fdd5dd3aeb4e2c0c3ede4a2
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
6 years agoUpdate OpenDaylight version to Neon 23/68223/2
Michael Polenchuk [Wed, 10 Jul 2019 11:30:04 +0000 (15:30 +0400)]
Update OpenDaylight version to Neon

Change-Id: I6cbbceb9b4a88f527d8dd800b0650f31a3dc1364
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
6 years agoAlign python3 packages with stein requirements 33/68233/1
Michael Polenchuk [Thu, 11 Jul 2019 12:02:25 +0000 (16:02 +0400)]
Align python3 packages with stein requirements

Change-Id: Ib2b1525957929c39e4b602ad1b7f4fbfd16a375c
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
6 years agoMerge "Add extra bionic repo"
Michael Polenchuk [Fri, 12 Jul 2019 06:08:53 +0000 (06:08 +0000)]
Merge "Add extra bionic repo"

6 years ago[iec] Copy private RSA key to K8s master 32/68232/2
Alexandru Avadanii [Thu, 11 Jul 2019 19:20:15 +0000 (21:20 +0200)]
[iec] Copy private RSA key to K8s master

Certain validation testing suites require the SSH RSA private key to
to be available on the K8s master node.

Change-Id: Ib496ac6b33642d86bfd0e0f72ee847a2f31ea952
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
6 years agoAdd extra bionic repo 27/68227/1
Michael Polenchuk [Thu, 11 Jul 2019 11:53:01 +0000 (15:53 +0400)]
Add extra bionic repo

Change-Id: I06577fa93e895a7c5940dac41b4f9c24b455f455
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
6 years ago[virtual] Update OpenStack version to Stein 95/68195/4
Michael Polenchuk [Fri, 5 Jul 2019 08:00:12 +0000 (12:00 +0400)]
[virtual] Update OpenStack version to Stein

Change-Id: I9c1e97144ffd46040d32a0edf8253fc393b73c89
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
6 years ago[AArch64] Fix renamed repo key in defaults section 86/68186/1
Alexandru Avadanii [Wed, 3 Jul 2019 12:53:18 +0000 (14:53 +0200)]
[AArch64] Fix renamed repo key in defaults section

The `apt` key has been renamed to `repo` in a previous change, but
we missed renaming some occurences in defaults.yml.j2 for AArch64.

Change-Id: Icf930371e9bc5253ea27e053933e1c012361f66e
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
6 years ago[lib] Limit cloud img partition resize to Xenial 68/68168/1
Alexandru Avadanii [Mon, 1 Jul 2019 14:20:19 +0000 (16:20 +0200)]
[lib] Limit cloud img partition resize to Xenial

All cloud images except Ubuntu Xenial (CentOS 7, Ubuntu 18.04) already
have enough free space on the predefined partitions, so skip the resize
to avoid dealing with the newer e2fsprogs required by Ubuntu 18.04.

Change-Id: I184590e631c76910e7c3169dc7bee3c5902ebaf1
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
6 years ago[virtual] Add Ubuntu 18.04 (Bionic) basic support 62/68162/2
Alexandru Avadanii [Fri, 28 Jun 2019 13:52:22 +0000 (15:52 +0200)]
[virtual] Add Ubuntu 18.04 (Bionic) basic support

Support Ubuntu 18.04 for virtual deployments (and implicitly for VCP
VMs). Note that MaaS-provisioned systems will require the same
changes being applied via curtin templates.

Change-Id: I7cbd7e7c4421f6b970ce6ef97c10d269fec5fca3
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
6 years ago[iec] Add basic CentOS support (virtual only) 95/68095/5
Alexandru Avadanii [Mon, 10 Jun 2019 13:19:27 +0000 (15:19 +0200)]
[iec] Add basic CentOS support (virtual only)

- reclass: iec: CentOS compatibility changes:
  * drop `proto: static` in favor of letting the linux formula set
    the appropiate default based on target OS;
  * replace `proto: manual` with `proto: none` on RHEL systems;
  * system.file: Avoid using non-existing `shadow` group for system
    files;
  * load br_netfilter kernel module to avoid `linux.network` state
    failures;
  * disable `at`, `cron` due to incomplete defaults in
    salt-formula-linux (since we don't use them on iec nodes anyway);
- jumpserver/VCP VMs: centos: enable predictable interface names:
  * CentOS cloud image defaults to old 'eth' naming scheme;
  * add necessary kernel boot options via linux state;
  * cleanup auto-generated udev rules for old eth interface names;
- salt-formula-linux: network: RHEL: Set bridge for member interfaces
  * Find the bridge containing the interface being currently
    configured (if any) and pass it to the `network.managed` Salt call;
- deploy.sh: Add new deploy argument `-o` for specifying the operating
  system to preinstall on jumpserver and/or VCP VMs;
  * defaults to 'ubuntu1604';
  * only iec scenarios will also support 'centos' for now;
- user-data: minor tweaks for CentOS compatability:
  * use `systemctl` instead of `service` utility;
  * explicitly enable `salt-minion` service, since it defaults to
    disabled on RHEL systems;
  * explicitly call `ldconfig` to work around stale cache on RHEL,
    preventing `salt-minion` from using OpenSSL library;
- states: virtual_init: Skip non-existing sysctl options on CentOS:
  * CentOS currently uses a 3.x kernel which lacks certain sysctl
    options that were only introduced in 4.x kernels, so skip them;
- state: akraino_iec: Add centos support:
  * move iec repo to `/var/lib/akraino/iec` on both Salt Master and
    cluster nodes;
- scenario defaults: Add CentOS configuration:
  * OS-dependent configuration split;
  * CentOS base image, default packages etc.;
- AArch64 deploy requirements: Add `xz` dependency
  * CentOS AArch64 cloud image is archived using xz, install xz tools
    for decompression;
- xdf_data: Make yaml parsing OS agnostic:
  * rename `apt` to `repo` where appropiate;
  * OS-dependent configuration parsing;
- lib_jump_deploy: CentOS handling changes:
  * skip filesystem resize of cloud image for CentOS;
  * add repo handling, package intallation/removal handling for CentOS;
  * unxz base image if necessary (CentOS AArch64 cloud image);

Change-Id: Ic3538bacd53198701ff4ef77db62218eabc662e7
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
6 years ago[docs] Update release notes for Hunter 8.1 41/68141/1
Cristina Pauna [Thu, 27 Jun 2019 14:15:36 +0000 (17:15 +0300)]
[docs] Update release notes for Hunter 8.1

Change-Id: Ie600211d25b9aa2d28145073d1481b7a413e7ccf
Signed-off-by: Cristina Pauna <cristina.pauna@enea.com>
6 years ago[ha] Disable apache's status module 32/68032/1
Michael Polenchuk [Mon, 10 Jun 2019 10:16:10 +0000 (14:16 +0400)]
[ha] Disable apache's status module

To avoid ports conflict of nginx/apache disable unused apache's
status module, which is binded on 80 port by default.
Also remove patch with double locations content
(formula already has such configuration).

JIRA: FUEL-408
Change-Id: Ib06dac8abe36299cf77747bdb3fc0fe7216b6096
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
6 years agoMerge "[ha] Re-enable nginx proxy for Horizon"
Alexandru Avadanii [Thu, 6 Jun 2019 13:46:29 +0000 (13:46 +0000)]
Merge "[ha] Re-enable nginx proxy for Horizon"

6 years agoMerge "[lib] Add uninstall/cleanup option"
Alexandru Avadanii [Wed, 5 Jun 2019 13:27:28 +0000 (13:27 +0000)]
Merge "[lib] Add uninstall/cleanup option"

6 years ago[ha] Re-enable nginx proxy for Horizon 93/67993/2
Alexandru Avadanii [Mon, 3 Jun 2019 14:42:01 +0000 (16:42 +0200)]
[ha] Re-enable nginx proxy for Horizon

Starting with MCP 2019.2, Horizon was moved under haproxy in
Active/Active mode by default via upstream changes:
- Adding haproxy class for horizon [1];
- Cleanup nginx horizon sites by default [2];

This change re-enables the old behavior where Horizon is served by
nginx instead of haproxy.

While at it, fix missing support in salt-formula-apache for wsgi
`locations`, so Horizon dashboard can access '/static' resources
(e.g. CSS/images).

JIRA: FUEL-408

[1] https://github.com/Mirantis/reclass-system-salt-model/commit/81c4c21a
[2] https://github.com/Mirantis/reclass-system-salt-model/commit/a3b38f46

Change-Id: I9b35d5d0ce4e0b53dae808c2620a31ca80290b55
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
6 years agoMerge "Revert "Disable block migration explicitly""
Michael Polenchuk [Tue, 4 Jun 2019 04:39:45 +0000 (04:39 +0000)]
Merge "Revert "Disable block migration explicitly""

6 years agoRevert "Disable block migration explicitly" 90/67990/1
Michael Polenchuk [Mon, 3 Jun 2019 06:16:30 +0000 (06:16 +0000)]
Revert "Disable block migration explicitly"

This reverts commit 430a0aee9e8c7400d698f460406152aa70349b6c.
Superseded by the patch into releng https://gerrit.opnfv.org/gerrit/67975

Change-Id: Ibeb8419fa0ebc8eebe255e7535d775458f560ad0
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
6 years agoMerge "Revert "Patch dhcp agent to avoid unwanted resync""
Michael Polenchuk [Fri, 31 May 2019 07:13:26 +0000 (07:13 +0000)]
Merge "Revert "Patch dhcp agent to avoid unwanted resync""

6 years agoRevert "Patch dhcp agent to avoid unwanted resync" 71/67971/1
Michael Polenchuk [Wed, 29 May 2019 12:29:26 +0000 (16:29 +0400)]
Revert "Patch dhcp agent to avoid unwanted resync"

This reverts commit 7522bdb0e898144da2b6dc361dbdd549b39bc025.
The original patch has been merged (https://review.opendev.org/661011)

Change-Id: I9a1c04590145800523d546e36e9462fa7074922c
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
6 years agoDisable block migration explicitly 70/67970/1
Michael Polenchuk [Wed, 29 May 2019 10:59:19 +0000 (14:59 +0400)]
Disable block migration explicitly

Functest enabled block migration by default recently
but it can't be used with shared storage.

Change-Id: I15fd5459df91cece02e87cda9d1ed6e575194667
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
6 years ago[lib] Add uninstall/cleanup option 92/67892/1
Alexandru Avadanii [Thu, 16 May 2019 15:49:04 +0000 (17:49 +0200)]
[lib] Add uninstall/cleanup option

When multiple installers are used on the same jumpserver, it is
useful to have the ability of automatic cleanup after a previous
deploy.

Change-Id: Ib3249f53ee9d6b1ba2409dd71bd13480536faedc
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
6 years ago[maas] Fix permissions on (partial) redeploy 81/67081/6
Alexandru Avadanii [Thu, 21 Feb 2019 17:06:42 +0000 (18:06 +0100)]
[maas] Fix permissions on (partial) redeploy

When redeploying a cluster only (keeping the infrastructure containers
from a previous deploy), some things need to be adjusted:
- /entrypoint.sh exec permission;
- /etc/maas uid/gid re-align on new (fresh) deploy;
- account for different location of /usr/sbin/tcpdump apparmor profile
  for CentOS jumpservers;

Change-Id: If51db0bc95eff1a497e1df5d457e26a7b902aa5a
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
6 years ago[fdio] Bump compute RAM defaults for virtual PODs 04/67804/4
Alexandru Avadanii [Wed, 8 May 2019 20:17:23 +0000 (22:17 +0200)]
[fdio] Bump compute RAM defaults for virtual PODs

Hugepage count has been recently bumped for virtual PODs via IDF
changes in Pharos, so align our FDio scenarios with the new RAM
requirements.

While at it, fix wrong pod_config template evaluation by moving it
after the templated scenario files are expanded, since pod_config
relies on scenario node definition.

Also, configure VPP to use decimal interface names by default to
align with Pharos macro for the VPP interface name string.

Change-Id: Ib3a89c294a3a2755567fdbe07e3be2b8ca1a5714
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
6 years agoMerge "[docs] Update documentation for Hunter"
Alexandru Avadanii [Tue, 7 May 2019 18:04:41 +0000 (18:04 +0000)]
Merge "[docs] Update documentation for Hunter"

6 years ago[docs] Update documentation for Hunter 73/67773/4
Cristina Pauna [Mon, 6 May 2019 11:00:30 +0000 (14:00 +0300)]
[docs] Update documentation for Hunter

Updated the documentation for the Hunter release plus one minor
change of wording in the deploy script as we no longer install
just Openstack

Change-Id: I853f5536b0f4a89a8c20af0a9650372690ef7c99
Signed-off-by: Cristina Pauna <cristina.pauna@enea.com>
6 years agoMerge "[dpdk] Get back to shared memory model"
Michael Polenchuk [Tue, 7 May 2019 07:53:55 +0000 (07:53 +0000)]
Merge "[dpdk] Get back to shared memory model"

6 years agoMerge "[virtual] Parameterize scenarios based on PDF/IDF"
Alexandru Avadanii [Mon, 6 May 2019 13:32:24 +0000 (13:32 +0000)]
Merge "[virtual] Parameterize scenarios based on PDF/IDF"

6 years ago[dpdk] Get back to shared memory model 24/67724/2
Michael Polenchuk [Tue, 30 Apr 2019 09:03:11 +0000 (13:03 +0400)]
[dpdk] Get back to shared memory model

The per port model potentially requires an increase in memory
resource requirements (which is limited by labs) to support the
same number of ports and configuration as the shared port model.

Set linux:network:openvswitch:per_port_memory explicitly to true
to enable per port mempools support for DPDK devices.

Change-Id: I130885afc50e7a047f8835113d370840827ad718
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
6 years agoPatch dhcp agent to avoid unwanted rescheduling 74/67674/4
Michael Polenchuk [Tue, 23 Apr 2019 10:42:07 +0000 (14:42 +0400)]
Patch dhcp agent to avoid unwanted rescheduling

Change-Id: Id49f26a2615e2fc06e94eeaf2e9200e83625e6c9
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
6 years ago[ha] Decouple openstack services by roles 81/67681/2
Michael Polenchuk [Wed, 24 Apr 2019 10:53:59 +0000 (14:53 +0400)]
[ha] Decouple openstack services by roles

Deploy the OpenStack API services based on roles to
prevent issues with absent database tables since db_sync
runs only on the nodes with primary role.

Change-Id: I04cf3ce0dd59afd93b8a0dfcf060fbd7e7411c82
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
6 years ago[iec] Copy full contents of IEC git repo 77/67677/1
Alexandru Avadanii [Tue, 23 Apr 2019 15:18:49 +0000 (17:18 +0200)]
[iec] Copy full contents of IEC git repo

Previously we only synced the scripts subdir, but going forward
we will need the full contents of the IEC repo on all cluster nodes.

Change-Id: I88edd4885875048d50d28c1eac9fd413dc2b6ffb
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
6 years agomcpcontrol: Avoid duplicate ip rules 13/67613/1
Alexandru Avadanii [Thu, 18 Apr 2019 15:16:32 +0000 (17:16 +0200)]
mcpcontrol: Avoid duplicate ip rules

Executing deploy.sh multiple times led to duplicating the ip rules.

Change-Id: Iad5886a851970f166996226fa3d115a93113c6db
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
6 years agomcpcontrol: policy based routing for INSTALLER_IP 86/67586/1
Alexandru Avadanii [Sun, 14 Apr 2019 23:58:03 +0000 (01:58 +0200)]
mcpcontrol: policy based routing for INSTALLER_IP

To bypass Docker 'bridge'-backed network isolation, we previously
added an extra routing hop, which broke access from inside the
'mcpcontrol' Docker network (typically 10.20.0.0/24) to its
bridge address (10.20.0.1), leading to DNS issues on Salt Master.

This change leverages policy based routing to only add the extra
routing hop for connections originating from the default Docker
bridge network ('docker0'). Note that other Docker networks
using the 'bridge' driver are still isolated from 'mcpcontrol'.

Fixes: d9b44acb

Change-Id: Ib92901c3278ae9b815f28f26d4c26f82bcadacd6
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
6 years agoMerge "[odl] Disable timeout for learnt flows of snat"
Michael Polenchuk [Fri, 12 Apr 2019 14:32:36 +0000 (14:32 +0000)]
Merge "[odl] Disable timeout for learnt flows of snat"

6 years ago[baremetal] Tune up dpdk options 40/67540/2
Michael Polenchuk [Thu, 11 Apr 2019 13:42:49 +0000 (17:42 +0400)]
[baremetal] Tune up dpdk options

Optimized for LF-POD2 as nic assigned to private/dpdk interface
and pinned cores resides on numa #0. Core #11 is for DPDK,
the rest four cores for PMDs.

Change-Id: Icca701bc1a66f3672b8511e0245c82ca29788a8b
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
6 years ago[odl] Disable timeout for learnt flows of snat 88/67488/2
Michael Polenchuk [Fri, 5 Apr 2019 08:46:16 +0000 (12:46 +0400)]
[odl] Disable timeout for learnt flows of snat

Set timeout value for snat punts to zero to turn
off the rate limiting and installation of learnt flows.

Change-Id: I79dad8fd0f925bfc11d7dc1678c3a414dc35fa56
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
6 years agoMerge "route mcpcontrol via PXE br to bypass isolation"
Michael Polenchuk [Fri, 12 Apr 2019 08:39:30 +0000 (08:39 +0000)]
Merge "route mcpcontrol via PXE br to bypass isolation"

6 years agoroute mcpcontrol via PXE br to bypass isolation 41/67541/1
Alexandru Avadanii [Thu, 11 Apr 2019 14:04:03 +0000 (16:04 +0200)]
route mcpcontrol via PXE br to bypass isolation

Recent virsh/Docker network rework changed mcpcontrol (previously
a virsh-managed network) into a Docker-controlled network using
the 'bridge' driver.
As a consequence, Docker now isolates traffic from 'mcpcontrol'
network from the default Docker bridge network ('docker0') using
iptables rules that check input/output interfaces.
Yardstick (and any other Docker container hooked via 'docker0')
will not be able to ssh into Salt master due to this isolation.

One possible workaround would be to explicitly ACCEPT traffic
from 'docker0' going to Salt master. However, this is only
properly supported starting with Docker 17.06, while most CI hosts
and end users are still using 17.05 or older.
In older Docker releases, DOCKER-USER iptables table was not
avaiable, so injecting custom iptables and making them persistent
is not only complicated, it's also prone to subtle errors.

Another way to bypass the iptables rules is to route the packets
coming from our new Docker network via another bridge before
letting them find their way into 'docker0'.
This change adds a new route for the Salt master host (note that
MaaS container will not benefit from this) via the PXE bridge on
the jumphost (which can be either a real Linux bridge for baremetal
deployments or a virsh-managed network); adding one extra network
hop for each packet going between our 'mcpcontrol' Docker network
and 'docker0', effectively bypassing the Docker-enforced iptables
DROP.

Change-Id: Id8ac7a638c778887b361c9b64c320664c88f59fd
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
6 years ago[ha] Take out class with backports repo 25/67525/3
Michael Polenchuk [Wed, 10 Apr 2019 13:41:52 +0000 (17:41 +0400)]
[ha] Take out class with backports repo

* update system reclass
* rectify telemetry redis options

Change-Id: I6dca1ae52e7f7d73a90e53fceddca8e86872651b
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
6 years agoMerge "Setup repository with backports"
Michael Polenchuk [Wed, 10 Apr 2019 08:38:52 +0000 (08:38 +0000)]
Merge "Setup repository with backports"

6 years agoMerge "[VCP VMs] AArch64: Switch seeding back to qemu-nbd"
Alexandru Avadanii [Tue, 9 Apr 2019 11:55:15 +0000 (11:55 +0000)]
Merge "[VCP VMs] AArch64: Switch seeding back to qemu-nbd"

6 years agoSetup repository with backports 91/67491/3
Michael Polenchuk [Fri, 5 Apr 2019 13:24:39 +0000 (17:24 +0400)]
Setup repository with backports

Change-Id: I791436f512dea6c6bc61133c4122ac872950af8e
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
6 years ago[VCP VMs] AArch64: Switch seeding back to qemu-nbd 99/67499/1
Alexandru Avadanii [Mon, 1 Apr 2019 14:25:49 +0000 (16:25 +0200)]
[VCP VMs] AArch64: Switch seeding back to qemu-nbd

Upstream change [1] switched from old qemu-nbd preseeding of VCP VMs
to using a cloud-init + configuration drive. This breaks on AArch64
with "IDE controllers are unsupported for this QEMU binary or machine
type", so switch back to using qemu-nbd.

[1] https://github.com/Mirantis/reclass-system-salt-model/commit/c0e4807

Change-Id: I0dfeb638d408343c76a73fafa503048a79ce1f6e
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
6 years ago[virtual] Parameterize scenarios based on PDF/IDF 62/67162/3
Alexandru Avadanii [Thu, 28 Feb 2019 14:46:19 +0000 (15:46 +0100)]
[virtual] Parameterize scenarios based on PDF/IDF

NOTE: only os-nosdn-nofeature-noha is parameterized for now.

- move config drive & disk creation from prepare_vms to create_vms;
- make default disk size(s) configurable based on scenario defaults
  and vPDF;
  * compute nodes require 2 disks to be defined in vPDF, since the
    pillar reclass model assumes /dev/vdb is reserved for cinder;
  * if multiple disks are defined in vPDF, they are created and
    attached accordinly (only ctl01 and cmp nodes are parameterized
    in this change; only for the os-nosdn-nofeature-noha scenario);
- vCPU specifications are deduced based on vPDF (sockets, cores);
  * threads/core is hard set to 2 since vPDF does not have a key
    for it;
  * NUMA resources are distributed evenly based on the number of
    sockets configured in PDF;
  * no less than the mininum requirement for a scenario is allocated
    (e.g. if PDF specifies 2 cores, but the scenario requires at
    least 4 cores, the larger value will be used);
- RAM is deduced based on PDF (but no less than the mininum req is
  allocated, e.g. if PDF specifies 2GB RAM for computes, but the
  scenario requires at least 8GB, the larger value will be used);

Change-Id: I97188aa2a1006865b8429eb6483e10c76795f7d2
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
6 years ago[dpdk] Rise up available memory on computes 90/67490/1
Michael Polenchuk [Fri, 5 Apr 2019 12:55:01 +0000 (16:55 +0400)]
[dpdk] Rise up available memory on computes

There is no enough memory (default 4k pages) for services
like libvirt, which cannot fork child processes.

Change-Id: I44d8efd7cafb52a7c823c02738c1d321017aa7a3
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
6 years agoDefine stub for cinder service in keystone 81/67481/1
Michael Polenchuk [Thu, 4 Apr 2019 13:24:54 +0000 (17:24 +0400)]
Define stub for cinder service in keystone

Required only for Rally validation in cinder scenarios,
there is no useful functionaly in terms of cluster.

Change-Id: Idc4d62cbbc9974972e9d492b5a419342077e3d9a
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
6 years ago[noha] Deploy dhcp/metadata agents on computes 72/67472/1
Michael Polenchuk [Wed, 3 Apr 2019 11:33:26 +0000 (15:33 +0400)]
[noha] Deploy dhcp/metadata agents on computes

Sometimes instance doesn't get ip address from dhcp server, which
resides only on gateway node, so run additional dhcp/metadata agents
on compute nodes to handle tenant networks in place.

Change-Id: If1d74af665cf8db64b09f846fac7192f76abdb25
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
6 years ago[dpdk] Enable per port memory model 57/67457/4
Michael Polenchuk [Mon, 1 Apr 2019 15:04:00 +0000 (19:04 +0400)]
[dpdk] Enable per port memory model

The per port memory model provides a more transparent memory usage model
and avoids pool exhaustion due to competing memory requirements for
interfaces. (http://docs.openvswitch.org/en/latest/topics/dpdk/memory/)

Change-Id: I5add0f49cdcdf2fc3d24affee10a275abe3ca46a
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
6 years ago[akraino] Add IEC K8-calico scenarios 11/67011/7
Alexandru Avadanii [Mon, 11 Feb 2019 11:04:59 +0000 (11:04 +0000)]
[akraino] Add IEC K8-calico scenarios

- bump Pharos git submodule to allow PODs with fewer nodes;
- add `k8-calico-iec-noha` scenario definition for Akraino
  IEC basic configuration;
- add `k8-calico-iec-vcp-noha` scenario definition for Akraino
  IEC nested (virtualized control plane) configuration;
- add `akraino_iec` state, which will leverage the Akraino IEC
  bootstrap scripts from [1];
- replace system.reboot salt call with cmd.run 'reboot' as it's more
  reliable;
- use kernel 4.15 for AArch64 K8 IEC scenarios;

NOTE: These scenarios will not be released in OPNFV since don't rely
on Salt formulas but instead of Akraino IEC scripts to install K8s.

[1] https://gerrit.akraino.org/r/#/q/project:iec

Change-Id: I4e538e0563d724cd3fd5c4d462ddc22d0c739402
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
6 years agoBring in kubernetes scenario 95/67195/10
Michael Polenchuk [Thu, 7 Mar 2019 14:57:49 +0000 (18:57 +0400)]
Bring in kubernetes scenario

Change-Id: I2b41ce2e275bb053fa2590654ea7fa432b0c857f
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
6 years agoRectify system reclass after update 96/67396/3
Michael Polenchuk [Tue, 26 Mar 2019 09:08:39 +0000 (13:08 +0400)]
Rectify system reclass after update

* add opendaylight password (removed from system level)
* get updated ovn system class w/o mysql settings
* enable ceilometer user back (removed along with outdated service/endpoints)
* adjsut check interval of haproxy for noha scenarios since there is
  only one backend for services, i.e. failover ain't expected

Change-Id: Iedee290e1cfcf838998bd44dc09a729d143974ac
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
6 years agoMerge "[fdio] salt-formula-neutron: Fix VPP support patch"
Michael Polenchuk [Wed, 27 Mar 2019 08:38:54 +0000 (08:38 +0000)]
Merge "[fdio] salt-formula-neutron: Fix VPP support patch"

6 years ago[fdio] salt-formula-neutron: Fix VPP support patch 76/67376/1
Alexandru Avadanii [Mon, 25 Mar 2019 15:00:18 +0000 (16:00 +0100)]
[fdio] salt-formula-neutron: Fix VPP support patch

After Rocky support was added upstream to salt-formula-neutron, our
FDIO patch continued to be applied only for Queens, so refresh the
patch by switching to Rocky.

Change-Id: If0bbb9c4ec674d386ceade00ef8fe936482fb49c
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
6 years agoUpdate system reclass 39/67339/4
Michael Polenchuk [Fri, 22 Mar 2019 13:46:02 +0000 (17:46 +0400)]
Update system reclass

Change-Id: I745a838b1f2f294b6c455700509ddf4b0264446f
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
6 years agoRevert "Fix race condition with nova privsep utime" 06/67306/2
Michael Polenchuk [Tue, 19 Mar 2019 18:04:55 +0000 (18:04 +0000)]
Revert "Fix race condition with nova privsep utime"

This reverts commit ac56d7b14f46b05f497b3dca4b6a4b0bfedd83e2.
The original patch has been merged (https://review.openstack.org/643011)

Change-Id: I3a7cd825f371e375d36256143b4b8c91f90ee26e
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
6 years ago[lib] nbd: Explicitly map partitions 83/67283/2
Alexandru Avadanii [Mon, 18 Mar 2019 15:11:50 +0000 (16:11 +0100)]
[lib] nbd: Explicitly map partitions

Certain kernels (e.g. 4.4.0-101+ in Ubuntu) no longer automatically
ack the partition table update after `kpartx -a /dev/nbdX`, see [1].

To avoid another dependency on `parted` packages, use `partx` from
`util-linux`, which is already installed as a dependency of e2fsprogs.

[1] https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1743026

Change-Id: Ibd993fe210c1a11814e89a66759568d4d117d613
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
6 years agoSmooth down telemetry services 56/67256/1
Michael Polenchuk [Thu, 14 Mar 2019 15:08:39 +0000 (19:08 +0400)]
Smooth down telemetry services

* update gnocchi to 4.3
* remove outdated ceilometer api

Change-Id: I7adaf3ddc76d93531b6b0997b684672b80f2992f
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
6 years ago[lib] Create veths using systemd opnfv-fuel units 80/67180/1
Alexandru Avadanii [Tue, 5 Mar 2019 15:49:23 +0000 (16:49 +0100)]
[lib] Create veths using systemd opnfv-fuel units

Create 2 systemd services on the jumphost that will handle veth
pairs creation, respectively adding them to virsh/real bridges.
This allows us to set docker containers restart policy to 'always',
enabling persistent Salt Master/MaaS containers across jumphost
reboots.

NOTE: libvirt creates virtual networks async, hence the need for
retrying hooking veths to them.

JIRA: FUEL-406

Change-Id: I1ca033cb5eb854b577b57bb2387a58bd9605a5bb
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
6 years agoTurn off meltdown/spectre patches 69/67169/2
Michael Polenchuk [Mon, 4 Mar 2019 08:49:58 +0000 (12:49 +0400)]
Turn off meltdown/spectre patches

Change-Id: Id75ffe4db808a4ec250ba8b86c5d49f1206c3784
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
6 years agoTune up nova/neutron intervals 18/67118/3
Michael Polenchuk [Tue, 26 Feb 2019 14:09:14 +0000 (18:09 +0400)]
Tune up nova/neutron intervals

Also re-align resources for virtual scenarios.

Change-Id: Id0d55407fd5b1720a24e30c364219f8b08e89d06
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
6 years agoFix race condition with nova privsep utime 15/67115/1
Michael Polenchuk [Tue, 26 Feb 2019 10:52:06 +0000 (14:52 +0400)]
Fix race condition with nova privsep utime

Bug: https://bugs.launchpad.net/nova/+bug/1809123
Change-Id: I14622c21826aeeddac6ea7bf7f9d116cd3e68cfb
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
6 years agoMerge "[cfg01] Reduce mine_interval to 15 min"
Michael Polenchuk [Tue, 26 Feb 2019 07:03:04 +0000 (07:03 +0000)]
Merge "[cfg01] Reduce mine_interval to 15 min"

6 years ago[lib] Add fatal validation of old kernel on Ubuntu 86/67086/1
Alexandru Avadanii [Fri, 22 Feb 2019 15:31:24 +0000 (16:31 +0100)]
[lib] Add fatal validation of old kernel on Ubuntu

As reported in [1], kernel 4.4 seems to break nested virtualization,
add a fatal check against it.

[1] https://bugs.launchpad.net/ubuntu/+source/qemu/+bug/1797332

Change-Id: I0aef8a7340dd82bfeb2e58c9642623b9ec13dca5
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
6 years ago[cfg01] Reduce mine_interval to 15 min 66/67066/2
Alexandru Avadanii [Mon, 18 Feb 2019 22:08:30 +0000 (23:08 +0100)]
[cfg01] Reduce mine_interval to 15 min

Some PODs are fast enough to get past installing, syncing and using
MaaS to provision the OS on the baremetal nodes before the 1h mine
refresh.

Since mine.update operation is fast enough to go unnoticed and we
only collect IP addresses, grains and pem entries, schedule it every
15 minutes.

Due to reclass class inheritance, we can't easily override this via
pillar data, so handle it via entrypoint.sh.

Change-Id: I0d8ed2da838ad09c94e9327d0131d3e239de4f08
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
6 years agoInstall missing gnocchi dependencies 82/67082/1
Michael Polenchuk [Fri, 22 Feb 2019 08:45:52 +0000 (12:45 +0400)]
Install missing gnocchi dependencies

Change-Id: Ifc4fff90551344c69295990b220f0778967887a4
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
6 years agoMerge "[baremetal] Containerize MaaS"
Alexandru Avadanii [Tue, 19 Feb 2019 15:17:25 +0000 (15:17 +0000)]
Merge "[baremetal] Containerize MaaS"

6 years agoMerge "[cfg01] Schedule x509.get_pem_entries mine update"
Alexandru Avadanii [Fri, 15 Feb 2019 13:06:46 +0000 (13:06 +0000)]
Merge "[cfg01] Schedule x509.get_pem_entries mine update"