Alexandru Avadanii [Sat, 17 Feb 2018 23:30:20 +0000 (00:30 +0100)]
[HA] [cinder] Switch loop to free space on sda
On cmp nodes, we assing 30G (fixed) to rootfs, use the rest for
cinder.
Note: AArch64 gets one extra partition (the EFI System Partition or
ESP) on /dev/sda1 via MaaS.
JIRA: FUEL-330
Change-Id: I2a36107d074532b627bd2349cafc0c8ee61f500f
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Mon, 19 Feb 2018 01:44:12 +0000 (02:44 +0100)]
[salt.sh] Armband extra repo for forked reclass
- add Armband nightly/extra DEB repository;
- install forked and updated reclass 1.5.2 which includes:
* better error reporting;
* support for deleting existing keys during list interpolation;
* various other improvements and optimizations;
While at it, update copyright year for patches.
JIRA: FUEL-345
Change-Id: I00d8b625fe191648e7ea34b3dd4c8375691384e6
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Michael Polenchuk [Tue, 20 Feb 2018 14:00:55 +0000 (18:00 +0400)]
Reset kernel version to xenial image default one
Virtual compute nodes goes to kernel panic during nova instances ops
under hwe kernel, so use the default one from xenial image.
Change-Id: Iae100b68208cc1fb9e43e45f385e762cdbd6573a
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
Alexandru Avadanii [Mon, 19 Feb 2018 19:19:03 +0000 (20:19 +0100)]
[reclass] dbs, msg: Inherit only infra classes
All other VCP nodes (mdb, prx, ctl etc.) inherit only the infra
subdir of each scenario, so apply the same to dbs, msg.
This should cut down some operations during reclass interpolation
for affected nodes, without any changes in output pillar data.
Change-Id: I77ae6e1d5658cba87fcd8c45a5f8f5e177e0eda9
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Mon, 19 Feb 2018 23:03:55 +0000 (00:03 +0100)]
[reclass] Update copyright year
Change-Id: Id1ca66938531e1d24ec0d44194f8b09643062944
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Mon, 19 Feb 2018 12:23:11 +0000 (12:23 +0000)]
Merge "[Horizon] Fix 'mcp' version check pattern"
Alexandru Avadanii [Mon, 19 Feb 2018 12:22:58 +0000 (12:22 +0000)]
Merge "[MaaS] Add maas.machines.set_storage_layout sls"
Alexandru Avadanii [Mon, 19 Feb 2018 12:22:35 +0000 (12:22 +0000)]
Merge changes from topics 'lab-proxy-keyserver', 'maas-override-failed-testing'
* changes:
[baremetal] Use upstream lab proxy for keyservers
[MaaS] Override failed testing by default
Alexandru Avadanii [Mon, 19 Feb 2018 12:22:19 +0000 (12:22 +0000)]
Merge "[patch] MaaS: mcp.rsa.pub to auth keys via pillar"
Alexandru Avadanii [Sun, 18 Feb 2018 19:59:56 +0000 (20:59 +0100)]
[Horizon] Fix 'mcp' version check pattern
Previous commit used a pattern that is too generic and always matches
the substring 'mcp' vs the node hostname, not only pkg version.
Fixes:
4658acf
Change-Id: Ia4dcbbf7cdfa68574c86459217101d83d61add01
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Wed, 31 Jan 2018 01:12:51 +0000 (02:12 +0100)]
[baremetal] Use upstream lab proxy for keyservers
Proxy chainloading does not always work for keyserver requests, so:
- mv common.infra.lab_proxy_pdf common.include.lab_proxy_pdf;
- mv common.include.proxy common.include.maas_proxy;
- include lab_proxy_pdf after each maas_proxy, so if upstream_proxy
is defined, it will override the MaaS proxy;
JIRA: FUEL-317
Change-Id: I63749be0d350ea73ea2cf6e629710766b14ecb73
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Thu, 8 Feb 2018 00:54:55 +0000 (01:54 +0100)]
[MaaS] Add maas.machines.set_storage_layout sls
On cmp nodes, allocate only 30GB (fixed for now) for / partition.
The rest of the disk(s) can later be allocated via salt-formula-linux.
JIRA: FUEL-330
Change-Id: Ie11c78791e60801719cd33475ff91fc003df5ffa
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Sat, 17 Feb 2018 17:01:57 +0000 (18:01 +0100)]
[MaaS] Override failed testing by default
Some nodes fail automatic testing done by MaaS during commissioning,
although running the testing suites one more time manually works.
For now, just override all 'failed testing' nodes unconditionally.
JIRA: FUEL-333
Change-Id: I13d3ee3d82550524480aa53aa8752ab90aa940cd
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Sat, 17 Feb 2018 19:18:56 +0000 (19:18 +0000)]
Merge "reclass: maas: Dynamic machine definitions"
Michael Polenchuk [Fri, 16 Feb 2018 09:20:41 +0000 (13:20 +0400)]
Set nova disk cachemodes to file directsync
Set nova/libvirt disk cache modes to file directsync to bypass the
host page cache & prevent instance's kernel panic due to absent
/dev partition. Caching mode directsync effectively turns all guest
I/O operations into direct I/O operations on the host, which is the
NFS client (virtuals) or GlusterFS (baremetals).
Also return back to hwe kernel as a golden mean between GA & Edge ones.
Change-Id: I51ab7d0ee71c214ff16b756cfee16e918738b6fd
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
Delia Popescu [Thu, 15 Feb 2018 16:06:08 +0000 (18:06 +0200)]
Fix check if node type is baremetal for novcp
Fixes:
86c8109
Change-Id: I0a947bd7db5dd7cb830cc932f5a0d16831551923
Signed-off-by: Delia Popescu <delia.popescu@enea.com>
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Michael Polenchuk [Thu, 15 Feb 2018 09:19:33 +0000 (13:19 +0400)]
Mask opendaylight service
In order to avoid using cache data with initial/outdated
configuration, mask opendaylight service before package
installation.
JIRA: FUEL-344
Change-Id: I71eb0b0a5af93d6d21698e76587b32098aba96b4
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
Alexandru Avadanii [Wed, 14 Feb 2018 12:46:56 +0000 (12:46 +0000)]
Merge "[docs] Temp dir permission requirements"
Alexandru Avadanii [Tue, 13 Feb 2018 02:34:10 +0000 (03:34 +0100)]
[patch] MaaS: mcp.rsa.pub to auth keys via pillar
Drop one questionable patch responsible for MaaS node authorized
keys to include mcp.rsa.pub by reading the contents of authorized
keys on mas01, assuming mcp.rsa.pub will be on the first line.
Instead, export the contents of the public key using a shell env
var during deploy, which gets expanded via maas_pdf j2 template
into a reclass param, leveraging existing salt-formula-maas sshprefs
mechanism for delivering the key to MaaS.
Since we require the public key to exist before expanding templates,
move `generate_ssh_key` call outside the current infrastructure
handling block, allowing it to execute during all `deploy.sh` calls,
even for dry-runs.
Change-Id: I0f53b0f764a2fafd292e0ffd399c284acf61bd30
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Sun, 4 Feb 2018 03:42:58 +0000 (04:42 +0100)]
reclass: maas: Dynamic machine definitions
Refactor maas machine definition flow from going through variables
in pod_config.yaml to directly handling it in Fuel using a new j2
template.
This prepares for future improvements allowing a dynamic compute
node count, as well as parameterizing new values via j2.
For now, node roles and count are still statically mapped to PDF
nodes.
JIRA: FUEL-319
Change-Id: I770d82987fcb99792f9d5bc0857ab513f5cd3731
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Cristina Pauna [Fri, 9 Feb 2018 12:50:25 +0000 (14:50 +0200)]
[docs] Temp dir permission requirements
JIRA: FUEL-342
Change-Id: I35efc993647c63779107d5f5604e58b124cdcf69
Signed-off-by: Cristina Pauna <cristina.pauna@enea.com>
Alexandru Avadanii [Tue, 13 Feb 2018 15:32:36 +0000 (15:32 +0000)]
Merge "[centos jump] Add more missing required packages"
Alexandru Avadanii [Thu, 8 Feb 2018 18:03:29 +0000 (19:03 +0100)]
[centos jump] Add more missing required packages
- gcc is required for NBD kernel module build;
- gdisk is required for resizing rootfs in nbd-mounted chroot;
Change-Id: I8863c126b75ce3a15998c03d2d159f53f5006f5d
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Fri, 9 Feb 2018 15:40:52 +0000 (15:40 +0000)]
Merge "[jump] Add simple check for required Linux bridges"
Alexandru Avadanii [Fri, 9 Feb 2018 02:18:58 +0000 (03:18 +0100)]
salt.sh: Fix one more broken online check
Fixes:
5f95f52
Change-Id: I53e08a89b2e873829a78ff75c0f3532329ef87a3
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Wed, 7 Feb 2018 21:40:30 +0000 (22:40 +0100)]
[virsh net] Fix virtual node check for public net
Jinja variables set inside loops do not live outside current
iteration, so use a dictionary.update to work around that.
Fixes:
3d2c66e
Change-Id: I2bef64dddab080486a71952465edc4e528ae9e17
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Wed, 7 Feb 2018 19:03:09 +0000 (20:03 +0100)]
[states] Fix broken online check for bm, vcp nodes
Previous commit replacing explicit loops with `wait_for` failed to
properly escape a nested variable, leading to deploy failure.
Also, the logic was flawed, not breaking for offline nodes, rendering
the whole barrier check useless.
Fixes:
1a0e8e7e
Change-Id: I038dbf90fb53c6b61da2e5c9b6867e31d78867af
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Wed, 7 Feb 2018 01:31:52 +0000 (02:31 +0100)]
[jump] Add simple check for required Linux bridges
- MaaS requires PXE/admin to be a Linux bridge;
- if virtual nodes are present, they should be hooked to a proper
Linux bridge for the Public network, but only throw a warning if
not (and create a mock public virsh network instead);
- if both virtual and baremetal nodes are present, Public bridge is
indirectly mandatory (we can't mock it);
JIRA: FUEL-339
Change-Id: Idfe99d66c49eadc56cb3d94ca4db3467fb76d388
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Wed, 7 Feb 2018 14:53:12 +0000 (14:53 +0000)]
Merge "[virtual] Rename all to drop virtual prefix"
Alexandru Avadanii [Wed, 7 Feb 2018 14:53:05 +0000 (14:53 +0000)]
Merge "[hybrid] Merge config/scenario/{baremetal,virtual}"
Alexandru Avadanii [Wed, 7 Feb 2018 14:52:57 +0000 (14:52 +0000)]
Merge "[states] maas, vcp: Use `wait_for` in online check"
Alexandru Avadanii [Wed, 7 Feb 2018 14:52:46 +0000 (14:52 +0000)]
Merge "Add NOVCP HA OVS scenario (baremetal, virtual)"
Michael Polenchuk [Wed, 7 Feb 2018 12:49:04 +0000 (16:49 +0400)]
Switch off broken sphinx state
Deactivate documentation related optional state
until it get fixed in upstream.
Change-Id: I5242ed307548c4f37f81d271a1f4f6bee9903f4e
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
Michael Polenchuk [Wed, 7 Feb 2018 07:51:47 +0000 (07:51 +0000)]
Merge changes from topic 'fix-public-bridge'
* changes:
[virtual] Add missing ODL dhcp_int
[virsh net] public: rm addr cfg for pure baremetal
Michael Polenchuk [Wed, 7 Feb 2018 07:51:24 +0000 (07:51 +0000)]
Merge "[baremetal] cleanup: rm cloud-init iface config"
Alexandru Avadanii [Fri, 29 Dec 2017 13:22:00 +0000 (14:22 +0100)]
[baremetal] cleanup: rm cloud-init iface config
Upstream commit [1] now handles cloud init interface configuration
cleanup, so drop our explicit config from reclass.
[1] https://github.com/salt-formulas/salt-formula-linux/commit/
b333d284
Change-Id: Ifd624f1e884d0d884513a3a7c3e18ffe3f00949a
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Mon, 5 Feb 2018 17:31:18 +0000 (18:31 +0100)]
[virtual] Rename all to drop virtual prefix
JIRA: FUEL-322
Change-Id: I99c4b1774a7c3afbc834a6f6e8468f7baf1bc329
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Sun, 4 Feb 2018 20:16:07 +0000 (21:16 +0100)]
[hybrid] Merge config/scenario/{baremetal,virtual}
Instead of classifying scenarios by underlying machine type, switch
to HA/NOHA differentiantion only.
This allows us to add support for hybrid scenarios (with some virtual
and some baremetal nodes in the same cluster).
To facilitate this, we will template the scenario files, which is a
small step towards SDF (Scenario Descriptor File) definition and
adoption later.
JIRA: FUEL-338
Change-Id: If5787991869a3105d82c27ffa0a86ac79b4b08ba
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Sun, 4 Feb 2018 05:47:26 +0000 (06:47 +0100)]
[states] maas, vcp: Use `wait_for` in online check
Change-Id: I7b583c354843f0116a65b3a31f3be4589087b8a5
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Tue, 28 Nov 2017 23:06:44 +0000 (00:06 +0100)]
Add NOVCP HA OVS scenario (baremetal, virtual)
Add a new class of scenarios, based on existing baremetal HA
scenarios, but instead of having a virtualized control plane (VCP),
all Openstack controller services will run directly on the cluster
nodes.
This change adds the common scaffolding, as well as the OVS scenario.
The new scenario(s) can be used on full-baremetal clusters, soon on
full-virtual clusters and later on hybrid (virt + bare) clusters.
This change defines old (current) style scenario definitions for
both baremetal and virtual, both named:
- os-nosdn-nofeature-novcp-ha;
Prerequisites:
1. Merge-able by name reclass.storage.node definitions
Each cluster (e.g. database, telemetry) adds its own set of
reclass storage node defitions, which for novcp scenarios should
be merged into a single node (kvm) based on the 'name' property.
This is not currently supported by upstream reclass 'node.sls'
high state, so add support for it via an early patch (required
before salt-master-init.sh tries to handle reclass.storage).
2. common reclass classes for novcp
Some of the classes in `baremetal-...-common-ha` are not fit for
novcp as they define VCP-specific config/inheritance, so add new
versions of said classes with novcp in mind or adapt old classes:
- parameterize ctl hostname in `openstack_compute.yml`;
- new `openstack_control_novcp.yml`;
- new `openstack_init_novcp.yml`;
3. Handle hard set names in state files for baremetal nodes
Some of our state files (e.g. maas) hardcodes baremetal node names
to 'kvm', 'cmp', so we need to align the names in novcp scenario
with these values to re-use the maas state. As a future improvement
we should parameterize these names in all state files.
As a consequence, our baremetal controller nodes will also use
'kvm*' hostnames (instead of 'ctl*').
4. Add 'noifupdown' to all interfaces on kvm nodes to prevent duplicate
IPs/routes created at *any* ifup due to /etc/network/route-br-ex.
Patch salt-formula-linux to skip network restart on 'noifupdown',
also when routes are present on that interface.
JIRA: FUEL-310
Change-Id: Ic67778f63e5ee0334dbfe9547c7109ec1a938d61
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Tue, 6 Feb 2018 16:55:04 +0000 (17:55 +0100)]
[virtual] Add missing ODL dhcp_int
- add missing network definitions for ODL node's 1st interface;
- add missing comments for `notify` global functions;
- fix or silence shellcheck issues;
JIRA: FUEL-322
Change-Id: Ie3341d29ab12ddf432db603ad865259afb54714e
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Tue, 6 Feb 2018 19:17:36 +0000 (20:17 +0100)]
[virsh net] public: rm addr cfg for pure baremetal
To prevent adding a gratuitous requirement on public being a real
Linux bridge on the jumpserver when baremetal nodes are present,
stop configuring any IP address information for the public virsh
network, allowing us to keep mocking it like we did before L3
information was read from IDF.
JIRA: FUEL-339
Change-Id: Id09ecac14825a80a0770c5969afad79b0235e08e
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Tue, 6 Feb 2018 03:51:37 +0000 (04:51 +0100)]
[HA] Use cluster_public_host for SSL cert fetch
For VCP-enabled scenarios, `cluster_public_host` and
`cluster_vip_address` both point to the public VIP of the cluster.
However, for upcoming NOVCP scenarios, `cluster_vip_address` resides
inside the management segment, so use `cluster_public_host` instead.
JIRA: FUEL-310
Change-Id: I13ef482e2c3116c991dfe91be81d0964f140f8e9
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Tue, 6 Feb 2018 15:45:45 +0000 (15:45 +0000)]
Merge "[apt-mk] Switch back to nightly"
Alexandru Avadanii [Tue, 6 Feb 2018 15:21:14 +0000 (16:21 +0100)]
[apt-mk] Switch back to nightly
Revert "salt: Use apt-mk 'stable' distribution"
Revert "reclass: apt_mk_version: stable"
This reverts commit
d1b6119e288a31e015573363ce77790fec8684df.
This reverts commit
4563ea7d62238e8273d840a8d9c6c1e179ca584e.
Change-Id: I383db1f78a087045086096cbc674260b985fd913
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Mon, 5 Feb 2018 21:35:21 +0000 (22:35 +0100)]
[Horizon] Limit css fixup to Ubuntu package
Horizon package from Mirantis mcp-repos does not require the fixup,
so limit its application to non-mcp packages.
Required for upcoming NOVCP scenarios, where we also have mcp-repos
APT source on the proxy nodes.
JIRA: FUEL-324
JIRA: FUEL-310
Change-Id: I4399af803c0a17e0aa8f3d7a7330e501a5eedf55
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Mon, 5 Feb 2018 23:02:24 +0000 (00:02 +0100)]
lib.sh: modprobe br_netfilter, don't bail on err
Some sysadmins or distro defaults might blacklist br_netfilter, or
it might not be loaded at deploy start, account for these corner
cases too.
JIRA: FUEL-334
Change-Id: I3ca6cb3848df8d2af1625ff4e3816efe8b320886
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Wed, 31 Jan 2018 23:28:17 +0000 (00:28 +0100)]
[baremetal] Rename all to drop baremetal prefix
A few things differ between baremetal and virtual nodes:
- provisioning method;
- network setup;
Since now we support completely dynamic network config based on PDF +
IDF, as well as dynamic provisioning of VMs on jumpserver (as virtual
cluster nodes), respectively MaaS-driven baremetal provisioning, let's
drop the 'baremetal-' prefix from cluster model names and prepare for
unified scenarios.
Note that some limitations still apply, e.g. virtual nodes are spawned
only on jumpserver (localhost) for now.
JIRA: FUEL-310
Change-Id: If20077ac37c6f15961468abc58db7e16f2c29260
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Sat, 27 Jan 2018 22:59:50 +0000 (23:59 +0100)]
[virtual] PDF-based network defs for cluster nodes
Decouple virtual cluster nodes (ctl, gtw etc.) from opnfv_fn_* vars
in favor of parsing PDF/IDF.
This is the first step towards unifying baremetal and virtual network
definition templates, as well as allowing virtual nodes to run on a
remote hypervisor (and eventually with a different arch).
opnfv_fn_* vars will still be used for infra VMs spawned on FN (cfg01
and optionally mas01).
Adopt new 'net_map.j2' from Pharos submodule for new templates (virt),
as well as old ones (baremetal).
JIRA: FUEL-322
Change-Id: I150c2416566bbe42ea11cd00f12a8a7bf96776c2
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Sat, 27 Jan 2018 06:13:08 +0000 (07:13 +0100)]
[virtual] Parameterize cluster model based on PDF
- 10.1.0.0/24 (internal):
* 10.1.0.101 -> opnfv_openstack_compute_node01_tenant_address
* 10.1.0.124 -> opnfv_openstack_gateway_node01_tenant_address
- 172.16.10.0/24 (mgmt):
* 172.16.10.11 -> opnfv_openstack_control_node01_address
* 172.16.10.100 -> opnfv_infra_config_address
* 172.16.10.101 -> opnfv_openstack_compute_node01_control_address
* 172.16.10.111 -> opnfv_opendaylight_server_node01_single_address
* 172.16.10.124 -> opnfv_openstack_gateway_node01_address
- 10.16.0.0/24 (public):
* 10.16.0.11 -> opnfv_openstack_control_node01_external_address
* 10.16.0.101 -> opnfv_openstack_compute_node01_external_address
* 10.16.0.124 -> opnfv_openstack_gateway_node01_external_address
To re-use DPDK config baremetal template, move:
- cluster.baremetal-mcp-pike-ovs-dpdk-ha.infra.config_pdf
+ cluster.all-mcp-arch-common.infra.config_dpdk_pdf
Drop unused 'ceilometer_graphite_publisher_host' (172.16.10.107).
JIRA: FUEL-322
Change-Id: I3aef3415bd696a7ae5b566af12af4733a50c2135
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Sat, 27 Jan 2018 05:49:12 +0000 (06:49 +0100)]
[virtual] Change IP addrs to align with baremetal
To be able to re-use pod_config.yaml parameters generated based on
PDF for both baremetal and virtual scenarios without forking it,
we first need to align the IP addresses used in virtual deployments.
Currently hard set values will be parameterized in an ulterior
change.
- 10.1.0.0/24 (internal):
* 105 -> 101 (cmp01); 106 -> 102 (cmp02);
* 110 -> 124 (gtw01);
- 172.16.10.0/24 (mgmt):
* 101 -> 11 (ctl01);
* 105 -> 101 (cmp01); 106 -> 102 (cmp02);
* 110 -> 124 (gtw01);
- 10.16.0.0/24 (public):
* 101 -> 11 (ctl01);
* 105 -> 101 (cmp01); 106 -> 102 (cmp02);
* 110 -> 124 (gtw01);
JIRA: FUEL-322
Change-Id: I5d5def4e92c3462f1a34f73dde65ef7a262a5d62
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Mon, 29 Jan 2018 05:02:10 +0000 (06:02 +0100)]
[virtual] Split 'pxebr' from 'mcpcontrol' net
- add new virsh managed network 'pxebr' (to mimic baremetal behavior
on virtual PODs, this will be the equivalent of PXE/admin network);
- connect 'pxebr' to 3rd interface for cfg01, mas01 for all deploys
(used to be baremetal-specific), replacing 'internal';
- keep 'mcpcontrol' connected only to 'cfg01' (+ 'mas01' if present)
for initial infrastructure bring-up (1st interface);
- switch all virtual cluster nodes to 'pxebr' (1st interface);
- use 'pxebr' for all Salt cluster nodes traffic, 'mcpcontrol' only
for mas01<=>cfg01 Salt traffic;
- convert <user-data.template> to jinja2 and expand it based on PDF
instead of using `envsubst`;
- split <user-data.sh.j2> into two versions, one for each network
used for Salt traffic;
- ci/deploy.sh: Read scenario data before template parsing for
cluster domain variable, needed in virsh network def;
- leave docs diagram refresh to later after all possible deploy types
have settled;
- limit keyserver proxy usage to nodes where the configured http proxy
matches the first nameserver (true for all MaaS-provisioned nodes),
so we can re-use the same pillar for FN VMs and baremetal nodes;
- add PXE/admin IP on cfg01's 3rd interface and switch other vnodes
`salt_master_host` to point to it;
JIRA: FUEL-322
Change-Id: Ie4f7aedddf2ef81046f1127b377d88dce79f0fda
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Mon, 5 Feb 2018 02:28:45 +0000 (03:28 +0100)]
[FN VM] Reboot VMs on jump, wait for all online
- apply `linux` state on cfg01 first, so PXE/admin IP is added and
FN VM minions are available;
- add barrier and wait for all FN VMs to register with cfg01;
- use batch-mode execution while applying `linux.network` on FN VMs;
- retry all states executed via <salt.sh> on FN VMs;
JIRA: FUEL-310
Change-Id: I72e1c565370072500df1d486fe76e6315f583c75
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Fri, 26 Jan 2018 20:59:28 +0000 (21:59 +0100)]
[PDF] Switch to generate_config, unify templates
- move bash template handling (previously expanded via `envsubst`)
to lib.sh;
- move j2 template handling to lib.sh;
- move virsh network templates to 'mcp/scripts/virsh_net' subdir;
- switch virsh network templates from `envsubst` expansion to j2 and
leverage generate_config.py, similar to PDF Fuel installer adapter;
- add relevant runtime env vars (e.g. SALT_MASTER, MAAS_IP) on the fly
to PDF, to consume them in templates like params coming from PDF;
- parameterize virsh network definitions based on PDF (mgmt, public);
JIRA: FUEL-322
Change-Id: Ib94e78fc4f25797b9354a0552e884104da5d0003
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Fri, 26 Jan 2018 02:50:10 +0000 (03:50 +0100)]
deploy.sh: Move notify() to globals.sh
Extend `notify` to 4 variants:
- notify_i = inline (no newline) colored output;
- notify = `notify_i` + trailing '\n';
- notify_n = `notify` + extra '\n' before and after;
- notify_e = `notify` + stderr output + exit;
This allows us to remove '\n' and cleanup the code a bit.
While at it, fix some 'NOTE' messages going to stderr instead of
stdout.
Change-Id: I682e3344ae9e307c4a68ab31c7766bc91b12ee58
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Fri, 26 Jan 2018 02:32:16 +0000 (03:32 +0100)]
deploy.sh: Make PDF, IDF mandatory for all deploys
- hard requiremenet of PDF/IDF configuration for all deployments;
- expand j2 templates for virtual deploys too;
Since until now we used the same model for *all* virtual PODs, one
of the PDF/IDF sets for existing vPODs (e.g. ericsson-virtual3) can
be re-used practically on any host, without defining new vPODs.
JIRA: FUEL-322
Change-Id: Iac6aab91b6958d0e5e175ed142da6aafadc6fac6
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Fri, 26 Jan 2018 02:04:32 +0000 (03:04 +0100)]
[vPDF] Use local-virtual1, unify pkg requirements
Until PDF/IDF land in Pharos for all our virtual PODs, use a common
vPDF we already provide as an example to mimic the old hardcoded
behavior while leveraging PDF/IDF parameterization.
As a consequence, python requirements previously only needed for
baremetal should now also be installed for virtual deploys too.
JIRA: FUEL-322
Change-Id: Ied1c907275285a9086450a15491ae516a0db1be2
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Sat, 3 Feb 2018 20:32:35 +0000 (21:32 +0100)]
[vPDF] Add experimental vPOD lab config
JIRA: FUEL-322
Change-Id: I1482badbbbf66b4855faf6daf486520fc71e09b0
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Sat, 3 Feb 2018 17:12:54 +0000 (18:12 +0100)]
[baremetal] Retire example pod_config.yaml
It is easier to just generate the `pod_config.yaml` file than to
maintain it, so let's remove it.
While at it, link sample PDF/IDF inside pharos git submodule, so we
don't have to pass a different lab-config URI to use the sample.
To generate pod_config.yml for the sample PDF/IDF:
$ ./ci/deploy.sh -l local -p pod1 -s os-odl-nofeature-ha -d
$ cat mcp/deploy/images/pod_config.yml
JIRA: FUEL-322
Change-Id: If5898f92ef54bebc31d57f9632959e9093a89250
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Sat, 3 Feb 2018 17:09:28 +0000 (18:09 +0100)]
[PDF] pod1: Refresh PDF, IDF examples
Sync latest changes from pharos git repo for our sample PDF/IDF:
- move net_config from PDF to IDF;
- minor cleanup;
JIRA: FUEL-322
Change-Id: If6865ac61a4942a1dd5daf7081fd8faa67e0e7bf
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Sat, 3 Feb 2018 16:43:08 +0000 (16:43 +0000)]
Merge "[baremetal] Fix: wrong nic name idf index"
Guillermo Herrero [Fri, 2 Feb 2018 14:43:56 +0000 (15:43 +0100)]
[baremetal] Fix: wrong nic name idf index
This was only affecting pod deployments with
different board models, under the current limited
support:
- 3 KVMs will be same model and have the same NIC names
- 2 Compute nodes will be the same model and have same NIC names
For the computes nodes, br-mesh NIC name was wrong due
to incorrect idf mapping
Change-Id: I9685b35cb23b03be9fc0e6fe16c0712a9ad70e19
Signed-off-by: Guillermo Herrero <guillermo.herrero@enea.com>
Michael Polenchuk [Fri, 2 Feb 2018 07:57:23 +0000 (07:57 +0000)]
Merge "deploy.sh: Disable net.bridge.bridge-nf-call"
Alexandru Avadanii [Thu, 1 Feb 2018 23:10:03 +0000 (00:10 +0100)]
Revert "[FN VMs] remove graphics"
RHEL family virtualization tools reserve 02:00 PCI slot for VGA, even
if 'nographics' is specified when creating the VM (in case the user
wants to later hook a video card, which usually *requires* PCI slot2).
Debian systems do not follow this rule (tested with libvirt 1.x, 2.x,
3.x), hence 1st NIC lands on PCI slot 2 (and get eth name 'ens2').
To align the behavior across all possible jumpserver distros, bring
back the virtio video.
This reverts commit
738f6c3b68d1179de1ff790f9e72c25f10874da4.
Change-Id: Ifd855c12e04aec1ff0ab047b13f8081365741889
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Thu, 1 Feb 2018 19:34:53 +0000 (20:34 +0100)]
deploy.sh: Disable net.bridge.bridge-nf-call
JIRA: FUEL-334
Change-Id: I6d2499053dcfb7f99593fcd5c948b569bdcb9c9b
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Thu, 1 Feb 2018 17:10:23 +0000 (18:10 +0100)]
[baremetal] Allow MaaS timeouts to be set via IDF
Bump Pharos git submodule to pick up support for MaaS timeout
parameterization, as well as new IDF for lf-pod2.
Drop arch-specific MaaS timeouts, as they are now configurable
on a per-POD basis.
Sample usage (via IDF):
idf:
fuel:
maas:
# MaaS timeouts (in minutes)
timeout_comissioning: 10
timeout_deploying: 15
Change-Id: I8fafa336b0bc64d705f6c2e40fc3dfb85672fb15
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Michael Polenchuk [Wed, 31 Jan 2018 10:38:16 +0000 (14:38 +0400)]
Turn off Retpoline and KPTI protection
Based on Canonical research (https://goo.gl/QJykMa) there is
low-risk of attack for private clouds environments, therefore
turn off the related kernel patches & regain performance back.
Change-Id: I661fa127241e327b07d21a29d58d584997607123
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
Michael Polenchuk [Wed, 31 Jan 2018 08:21:04 +0000 (08:21 +0000)]
Merge "[patch] Group APT calls for salt formula install"
Michael Polenchuk [Wed, 31 Jan 2018 08:20:16 +0000 (08:20 +0000)]
Merge "[VCP] Catch 'no response' when adding ssh auth key"
Alexandru Avadanii [Tue, 30 Jan 2018 23:56:35 +0000 (00:56 +0100)]
[VCP] Catch 'no response' when adding ssh auth key
On rare occassions, one or more minions might fail to respond in due
time, so catch 'no reponse' using `wait_for`.
Change-Id: I8e6b0dc44a39e79c2874ff9a657e152620ba3f13
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Tue, 30 Jan 2018 00:25:06 +0000 (01:25 +0100)]
[patch] Group APT calls for salt formula install
When installing salt-formula-* on cfg01, we used to call APT for
each package. Instead, handle them all at once.
While at it, stop using colored output on terminals that don't
support it (e.g. 'vt220' used by OPNFV Jenkins).
Change-Id: Ib8f2cee9638c43cdf648487bf05b07cd49802d3e
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Michael Polenchuk [Tue, 30 Jan 2018 09:36:09 +0000 (13:36 +0400)]
Update reclass system model
Get the latest reclass system model to be in sync with salt
formulas code. Adjust keystone v3 admin endpoint patch.
Change-Id: Ia7ce6187b875cc9e18af2784ef1eb5df1c145c7d
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
Michael Polenchuk [Mon, 29 Jan 2018 16:12:17 +0000 (20:12 +0400)]
[patch] Point neutron opendaylight configs to pike
Change-Id: I3fae38da88b170b84ea926abf93da8b178e9ca8a
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
Alexandru Avadanii [Mon, 29 Jan 2018 16:11:07 +0000 (16:11 +0000)]
Merge "deploy.sh: Retire `-B` argument"
Alexandru Avadanii [Mon, 29 Jan 2018 16:10:11 +0000 (16:10 +0000)]
Merge "[FN VMs] remove graphics"
Michael Polenchuk [Mon, 29 Jan 2018 09:29:02 +0000 (09:29 +0000)]
Merge "[cfg01] apt.conf.d: Dpkg::Use-Pty: 0"
Alexandru Avadanii [Mon, 29 Jan 2018 01:46:13 +0000 (02:46 +0100)]
[FN VMs] remove graphics
Since VCP VMs (created via salt formula) do not have a video
controller defined in their domain XMLs, network devices end on
different PCI slots and hence have different names assigned
(ens2+ vs foundation node VMs, which start with ens3).
To align network interface names for VMs on jumpserver vs kvm nodes,
and reduce confusion, remove the video controller from FN VMs.
This allows some cleanup:
- drop extra AArch64 args from virt-install;
- unify 'opnfv_vcp_vm_*' and 'opnfv_fn_vm_*' variables;
Change-Id: I0d108b00914b3eaaa03b67c652174f8ed4573118
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Thu, 25 Jan 2018 23:31:17 +0000 (00:31 +0100)]
[cfg01] apt.conf.d: Dpkg::Use-Pty: 0
This will silence all 'Reading database ...' noise during Salt formula
installation.
Change-Id: I734d727194e276443db1e1581f40ec494562196e
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Fri, 26 Jan 2018 01:03:31 +0000 (02:03 +0100)]
deploy.sh: Retire `-B` argument
All bridge information should be defined via IDF.
Keeping `-B` support in deploy.sh only creates confusion.
While at it, remove automatic bridge detection based on network addr.
Change-Id: Id8b54e4887a97092daed5beb31fde4edd13057f1
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Fri, 26 Jan 2018 17:04:40 +0000 (17:04 +0000)]
Merge "lib.sh: Reduce useless wget dot reporting"
Michael Polenchuk [Fri, 26 Jan 2018 13:52:31 +0000 (17:52 +0400)]
[ovs/dpdk] Configure vxlan for baremetal scenario
* switch ovs/dpdk scenario from vlan to vxlan mode
* force br-ex interface to mitigate race with incorrect state
* remove dpdk packages list (already in upstream)
Change-Id: Ib827cef2d67879fd2a86d286ca2118b22493274d
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
Alexandru Avadanii [Thu, 25 Jan 2018 22:30:30 +0000 (23:30 +0100)]
lib.sh: Reduce useless wget dot reporting
Downloading the base image (usually a few hundred MB) outputs a lot
of useless dots to show progress. Switch to 1M per dot (from 1K).
Change-Id: I8c525cad0b46e8ba3a7f6da4dd7f8277a49df91f
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Thu, 25 Jan 2018 20:59:57 +0000 (21:59 +0100)]
[baremetal] Fix openstack_compute_pdf yaml err
Fixes:
7c79115
Change-Id: I62f52382b297b1aa9cfc37f74f04a00872ead1ef
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Thu, 25 Jan 2018 18:33:54 +0000 (18:33 +0000)]
Merge "Add support for different public network netmask"
Alexandru Avadanii [Thu, 25 Jan 2018 18:33:21 +0000 (18:33 +0000)]
Merge "[lab-config] Use Pharos submodule by default"
Alexandru Avadanii [Thu, 25 Jan 2018 16:41:53 +0000 (16:41 +0000)]
Merge "Horizon: Fix and reload missing css in Pike"
Alexandru Avadanii [Sat, 20 Jan 2018 20:41:05 +0000 (21:41 +0100)]
[lab-config] Use Pharos submodule by default
- switch from securedlab to pharos as lab-config structure;
- accomodate the move net_config from PDF to IDF in j2 templates;
Change-Id: Ib04e4fb384568a6efd9e78a080857b663521ae88
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Wed, 24 Jan 2018 15:49:32 +0000 (15:49 +0000)]
Merge "deploy.sh: Retire simplest scenario fallback"
Michael Polenchuk [Tue, 23 Jan 2018 09:47:20 +0000 (13:47 +0400)]
Rectify ODL repository apt key
Change-Id: Iaa917be9f8f86c328ce4d503923a0d7cca680434
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>
Alexandru Avadanii [Tue, 23 Jan 2018 17:25:11 +0000 (18:25 +0100)]
deploy.sh: Retire simplest scenario fallback
Previously, when a requested scenario was missing, we used to default
to the simplest scenario.
Now that we have a critical mass of scenario definitions, retire
this fallback mechanism.
Change-Id: I3ba6b04290806ff78b3ec22b90fa054d45602869
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
ting wu [Mon, 22 Jan 2018 09:09:52 +0000 (10:09 +0100)]
Horizon: Fix and reload missing css in Pike
The horizon in Pike release is broken due to missing
the static content. This workaround is to:
- create a missing symbolic link.
The link is defined as an alias in the apache configuraion
- collecting and compressing static assets
- add single "Default" theme as AVAILABLE_THEMES
- restart apache2 service
- apply the workaround to Salt states
'openstack_ha' and 'openstack_noha'
JIRA: FUEL-324
Change-Id: Idd70165f1be8d31967a3ab518323e6f3e8406624
Signed-off-by: ting wu <ting.wu@enea.com>
Alexandru Avadanii [Mon, 22 Jan 2018 18:39:42 +0000 (19:39 +0100)]
[baremetal] Fix ocata reference
Previous cherry-pick failed to rename 'ocata' to 'pike'.
JIRA: FUEL-317
Change-Id: Ic1a1145e0652f2a7d15980399232631cf3fc5080
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Sat, 20 Jan 2018 18:56:47 +0000 (19:56 +0100)]
[baremetal] Add upstream (lab) proxy support
If upstream proxy is defined in IDF, propagate it to pillar data:
- linux:system:proxy:keyserver:http(s) for cfg01, mas01;
- maas:region:upstream_proxy for mas01;
Sample IDF config:
idf:
fuel:
network:
upstream_proxy:
address: 10.0.2.2
port: 3128
JIRA: FUEL-317
Change-Id: I12be815e1b4564227fb09c20ce06cd71e7d433b6
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Guillermo Herrero [Thu, 11 Jan 2018 12:23:28 +0000 (13:23 +0100)]
Add support for different public network netmask
- Remove hardcoded /24 mask
- Use PDF as source for public network, with reclass params:
opnfv_net_public, _mask, _gw, _pool_start, _pool_end
JIRA: FUEL-315
Change-Id: Idf3a4ed8f63f58fa90d9c1dcb7751ef3b1c9bd36
Signed-off-by: Guillermo Herrero <guillermo.herrero@enea.com>
Michael Polenchuk [Mon, 22 Jan 2018 09:22:02 +0000 (09:22 +0000)]
Merge "reclass: apt_mk_version: stable"
Michael Polenchuk [Mon, 22 Jan 2018 09:19:01 +0000 (09:19 +0000)]
Merge "[baremetal] Fix cmp proto dhcp on PXE/admin"
Alexandru Avadanii [Mon, 22 Jan 2018 01:10:03 +0000 (02:10 +0100)]
[patch] system.repo: Add keyserver proxy support
Instead of defining a http proxy for all salt-minion traffic, which
also includes some Openstack API accesses we can't filter (no_proxy
is not yet supported), add & leverage support for proxy configuration
during APT keyserver access / key download.
JIRA: FUEL-331
Change-Id: I9470807633596c610cfafb141b139ddda2ff096b
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Sun, 21 Jan 2018 17:28:03 +0000 (18:28 +0100)]
[baremetal] Fix cmp proto dhcp on PXE/admin
Although we properly filter the PXE/admin interface in the common
openstack_compute_pdf.yml.j2 template and use DHCP instead of manual
setup, we failed to do the same in scenario-specific overrides
(ODL, OVS), so we end up with 'proto: manual' on PXE/admin on cmp
nodes.
The fix is trivial and reuses the mechanism in the common class in
scenario-specific templates (if interface is PXE/admin, use 'DHCP'
instead of 'manual').
This solves the issue of broken connectivity to Salt master after
cmp reboot.
Change-Id: I1953d03343190acb2efcab4412a3d37e130b0ea9
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Sun, 21 Jan 2018 02:35:46 +0000 (03:35 +0100)]
reclass: apt_mk_version: stable
Although previous commit
d1b6119 changed the first reference of
apt-mk repos to 'stable' from 'nightly', it missed the cluster model.
This fixes redeploys with `-f`, which fail due to conflicts between
already installed 'stable' packages and 'nightly' ones.
Fixes:
d1b6119
Change-Id: I854bac86feaaa61da0b68d158e270eec1ee0ccb7
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Michael Polenchuk [Fri, 19 Jan 2018 12:27:06 +0000 (16:27 +0400)]
Get back to the GA kernel
- openvswitch 2.8 officially supports kernel versions from 3.10 to 4.12
- ODL baremetal scenario is acting up with floating/public SNAT
flow under hwe edge kernel 4.13
Change-Id: I099d528b3b1c2ea34f8f856cd60f809f90defea6
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>