summary |
shortlog | log |
commit |
commitdiff |
review |
tree
first ⋅ prev ⋅ next
dave kormann [Sun, 6 Sep 2020 17:36:08 +0000 (13:36 -0400)]
Remove XFS nobarrier option
The XFS 'nobarrier' mount option is deprecated. This change
removes it from the fstab entries we generate.
Related patches:
https://gerrit.akraino.org/r/c/ta/storage/+/3699
https://gerrit.akraino.org/r/c/ta/openstack-ansible/+/3701
signed-off-by: dave kormann <davek@research.att.com>
Change-Id: I3563a886fed1f909917d7eb8681a4070e0731d27
Alexandru Avadanii [Thu, 13 Feb 2020 12:00:37 +0000 (13:00 +0100)]
sriovdp_config: Improvements and fixes
- do not fail sriovdp_config role if no PCI devices are matched by
grep (e.g. for the old pattern, no PCI devices in PCI domain 0);
- allow network interface names that don't start with 'en', e.g. em1,
p1p127;
- allow PCI devices on other domains than hardcoded '0000';
- Use full PCI address in /etc/pcidp/config.json for the newly allowed
PCI domains (this is also supported, see [1], but for covenience they
were left on default '0000');
[1] https://bugzilla.redhat.com/show_bug.cgi?id=
1770642
Change-Id: I117966a5530d4b1003154bf7cf8182986db112e8
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Alexandru Avadanii [Mon, 13 Jan 2020 16:47:02 +0000 (17:47 +0100)]
Fix ansible disk wipeoff skip
Previous commit
b2e1386 switched from using a shell `-b` test to
using the ansible `stat` module for block device checks.
However, Ansible `stat` does not follow symlinks by default,
leading to some block devices being skipped, which left old
metadata in place, triggering an OSD activation failure as reported
in [1].
[1]
https://github.com/ceph/ceph-ansible/issues/2945#issuecomment-
411720133
Fixes:
b2e13865c2b899ce48148879da20323bd9bc988c
Reported-by: Krisztian Lengyel <krisztian.lengyel@nokia.com>
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Change-Id: Ie0f00cea2f9ff70a123b007a54e18122846456f3
Alexandru Antone [Tue, 17 Dec 2019 09:55:52 +0000 (11:55 +0200)]
Ensure authconfig is properly configured
Signed-off-by: Alexandru Antone <Alexandru.Antone@enea.com>
Change-Id: I65d1bb54e7e7c96365da98cf5ebf4ca993bb6116
Alexandru Avadanii [Mon, 16 Dec 2019 06:20:11 +0000 (07:20 +0100)]
audit: Filter-out unavailable AArch64 syscalls
AArch64 does not support all syscalls referenced by our audit rules,
so apply some filtering where appropiate.
See [1] for more information.
While at it, remove trailing white spaces where appropiate.
NOTE: AArch32 (or any other 32-bit ARM platform) syscalls were not
tested since we only target 64-bit ARM platforms.
[1] https://github.com/linux-audit/audit-userspace/issues/91
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Signed-off-by: Alexandru Antone <Alexandru.Antone@enea.com>
Change-Id: I5c6b7e5ebe94c7bd1aadcb2106931f21d9acf847
Alexandru Avadanii [Wed, 11 Dec 2019 17:06:34 +0000 (18:06 +0100)]
disk wipeoff: Fix shell syntax for missing disk
When one of the disks defined in the vendors/product configuration
files is not present on the system, the wipeoff commands fail due to
likely broken shell syntax and duplicate commands.
Signed-off-by: Alexandru Antone <Alexandru.Antone@enea.com>
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Change-Id: I667d85bb0b3e47ae5297d8eb3b16df84bdc7317a
Alexandru Avadanii [Mon, 9 Dec 2019 14:24:47 +0000 (15:24 +0100)]
Add EFI support for grub.cfg generation
On UEFI-enabled systems, the location of grub.cfg is different.
While at it, add ttyAMA0 (aarch64 PL011 serial device) console
to default kernel cmdline.
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Change-Id: I98b709587bfaef21134da45dfa227673c2b10678
Alexandru Antone [Fri, 6 Dec 2019 11:42:12 +0000 (13:42 +0200)]
EFI: Take into consideration the new GPT layout.
When EFI is used there are 3 partitions instead of the single one used
previously.
So we number and setup the LVM and instance partitions accordingly.
Signed-off-by: Alexandru Antone <Alexandru.Antone@enea.com>
Change-Id: Ie3c05e7ba849dda91a970011a81851a6ec831f93
Alexandru Avadanii [Thu, 21 Nov 2019 08:48:48 +0000 (09:48 +0100)]
postinstall: Copy ceph ansible modules if present
ceph-ansible 3.1 (and newer) refactored the handling of ceph keys
by leveraging a new `ceph-key` ansible module.
To support the new ceph-ansible 3.1, we copy any ceph ansible modules
similar to the way we currently handle ceph roles.
This change is backwards compatible with the current ceph-ansible 3.0.
Signed-off-by: Alexandru Antone <Alexandru.Antone@enea.com>
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Change-Id: I41364261dd8f445ddedf9d07eaa2cadc9da90b5e
gabor.illes [Tue, 12 Nov 2019 18:18:33 +0000 (13:18 -0500)]
REC-443 OpenScap Security Scan fix 2
file location fix in audit rules
Change-Id: Ifcaeab61a74c30643b06a39c42d2e36384f94a58
Signed-off-by: gabor.illes <gabor.illes@nokia.com>
gabor.illes [Wed, 6 Nov 2019 15:29:53 +0000 (10:29 -0500)]
REC-443 OpenScap Security Scan fixes
Deny failed password attempts in linux
Audit rules update
SSH key rename in ansible
Change-Id: Ifce65c8303d602bb1441bfccedf537ca0f8bede4
Signed-off-by: gabor.illes <gabor.illes@nokia.com>
Krisztian Lengyel [Mon, 7 Oct 2019 15:56:49 +0000 (17:56 +0200)]
Add policy based routing to `caas_oam` network
For`caas_oam` network traffic routed only to the gateway (if specified).
This will enable cluster external IP connection for pods using this
network, and also closes a loophole, which allowed external connectivity
for these pods on master nodes.
If no gateway specified for `caas_oam` network, then the subnet's first
IP address is assumed.
Change-Id: I85fe01fce55b2da18fc80909d189a778e8c8b7c8
Signed-off-by: Krisztian Lengyel <krisztian.lengyel@nokia.com>
ferenc.argay [Wed, 2 Oct 2019 12:49:22 +0000 (14:49 +0200)]
REC-418 Disable NFS services
and remove nfs-utils post-install
Change-Id: I577378ec783546f2570d6f73cb6e27acca0264d8
Levente Kálé [Fri, 27 Sep 2019 13:12:43 +0000 (13:12 +0000)]
Merge "REC-417 Disable root login by changing root shell"
ferenc.argay [Fri, 27 Sep 2019 12:53:54 +0000 (14:53 +0200)]
REC-417 Disable root login by changing root shell
Change-Id: I6ebfa359694b2ec5c3162fd85a7d7a960a79c248
Ferenc Tóth [Fri, 27 Sep 2019 09:26:48 +0000 (11:26 +0200)]
Prepare config.json for SRIOV DP v3.0.0+
New SRIOV Device Plugin requires `selectors` to populate
SRIOV pools properly.
Signed-off-by: Ferenc Tóth <ferenc.2.toth@nokia.com>
Change-Id: If46f55f33c21cfefa765c56fba65b5610319e850
Krisztian Lengyel [Wed, 25 Sep 2019 14:23:12 +0000 (16:23 +0200)]
Remove extra bracket from kcmdline_default_list
Change-Id: I75a2e2b9f4a86ce076cada6b864b0588520a6206
Signed-off-by: Krisztian Lengyel <krisztian.lengyel@nokia.com>
Baha Mesleh [Mon, 23 Sep 2019 15:41:25 +0000 (18:41 +0300)]
ntp fix.
Fixed the review comments.
Signed-off-by: Baha Mesleh <baha.mesleh@nokia.com>
Change-Id: I2212a5ef7cc41922500164cea8f3d99e01f731a0
Baha Mesleh [Mon, 23 Sep 2019 14:26:32 +0000 (17:26 +0300)]
ntp issue fix.
Added a playbook to make sure that time gets configured properly in all nodes.
Signed-off-by: Baha Mesleh <baha.mesleh@nokia.com>
Change-Id: I525c686553b2e4a103f4cc69f1b98a0778d9c5ed
Levente Kálé [Thu, 19 Sep 2019 10:17:52 +0000 (10:17 +0000)]
Merge "Setup for low_latency performance tuning"
Krisztian Lengyel [Tue, 17 Sep 2019 14:19:58 +0000 (10:19 -0400)]
Harden the resilience of main system services
Change-Id: I0072986e8c697c1ebffaea67a06ba14b68d920b0
Signed-off-by: Krisztian Lengyel <krisztian.lengyel@nokia.com>
Krisztian Lengyel [Wed, 4 Sep 2019 20:56:44 +0000 (16:56 -0400)]
Setup for low_latency performance tuning
Apply low_latency performance tuning setup. The actual values comes from
the performance profile's `low_latency_options` key.
Depends-On: I0db61be89ce2c3cbf19061898714de383068e120
Change-Id: I6ac3e7bc5f290ead4630fccccc405863e89d773e
Signed-off-by: Krisztian Lengyel <krisztian.lengyel@nokia.com>
Baha Mesleh [Mon, 9 Sep 2019 15:32:25 +0000 (18:32 +0300)]
Fixed the missing template file issue.
Signed-off-by: Baha Mesleh <baha.mesleh@nokia.com>
Change-Id: Ia2661d9bbdad95d7f0f0c8f0db83961d1c853851
Baha Mesleh [Fri, 6 Sep 2019 07:32:53 +0000 (07:32 +0000)]
Merge "Support for authorized keys"
Jyrki Aaltonen [Wed, 28 Aug 2019 08:31:30 +0000 (11:31 +0300)]
Support for authorized keys
Added authorized keys from user config to admin user.
Change-Id: Ib4e4a5c4510f775e2a98287232c77b6c243adcf6
Signed-off-by: Jyrki Aaltonen <jyrki.aaltonen@nokia.com>
Baha Mesleh [Tue, 3 Sep 2019 13:14:51 +0000 (16:14 +0300)]
Enabled recovery for ntpd when it fails.
Signed-off-by: Baha Mesleh <baha.mesleh@nokia.com>
Change-Id: I93f4e6938c6d75cf624ca502f961e497af3b1cd6
Ferenc Tóth [Wed, 7 Aug 2019 14:20:06 +0000 (16:20 +0200)]
Add permissions and roles needed for CaaS Logging
Signed-off-by: Ferenc Tóth <ferenc.2.toth@nokia.com>
Change-Id: I414fd206a96420f7d0655505503fea080d16827a
dave kormann [Wed, 10 Jul 2019 15:26:16 +0000 (11:26 -0400)]
FIX: Allow configuration of IPMI privilege level
This change updates the ansible tasks to supply a privilege level (configured as
hwmgmt.priv_level) when calling ipmitool. Without this change, ipmitool defaults
to using the 'ADMINISTRATOR' privilege. This will fail on systems where
hwmgmt.user is assigned a lower privilege level.
This change depends on changes 1076, 1077, and 1078.
signed-off-by: dave kormann <davek@research.att.com>
Change-Id: If97a52fa2f2dbf903f2c8e2311e163b2ffd1b944
Ferenc Tóth [Fri, 14 Jun 2019 12:59:07 +0000 (14:59 +0200)]
Remove sriov service restart during deployment
SR-IOV Device Plugin no longer requires VFs to be created during
deployment.
Signed-off-by: Ferenc Tóth <ferenc.2.toth@nokia.com>
Change-Id: I24778dade40adb0c76daae12c5c49178be934ccd
Depends-On: I3a7f5dd63893b389422db1f3e60071425caaa109
Levente Kálé [Fri, 14 Jun 2019 08:59:26 +0000 (08:59 +0000)]
Merge "Configure CaaS SR-IOV and provider networks"
Krisztian Lengyel [Fri, 17 May 2019 20:57:15 +0000 (16:57 -0400)]
Configure CaaS SR-IOV and provider networks
- In case of CaaS provider network configure bond interfaces as Linux bond
interfaces instead of OvS bond interfaces. In case of SR-IOV networks
calculate physical interface MTU correctly according largest MTU of the
networks on top of that interface instead of hard coded 9000.
- Modified deployment Architecture, so that nodes and their Datastructures are not created in playbook. They are now coming from Inventory, generated using CM Inventory handler. This way we don't have to iterate through nodes list. One thread per node is forked, but all are executed on installation controller using delegate_to ansible keyword. This saves baremetal provisioning time, and improves code readability. On full rack env it save about 10mins.
Change-Id: I6164a0c3d7ade844872bcfd1b83889c43117a2eb
Signed-off-by: Krisztian Lengyel <krisztian.lengyel@nokia.com>
Krisztian Lengyel [Fri, 7 Jun 2019 08:40:36 +0000 (10:40 +0200)]
Use 1 shared CPU on storage for virtual deploy
Change-Id: I257cfb214b3a03bfb7ab6e9a6eae2d07115f09d6
Signed-off-by: Krisztian Lengyel <krisztian.lengyel@nokia.com>
Baha Mesleh [Sat, 25 May 2019 02:07:26 +0000 (05:07 +0300)]
Fixed ironic provisioning problem
Renamed the ironic node creation module to avoid conflicts with another module having the same name.
Signed-off-by: Baha Mesleh <baha.mesleh@nokia.com>
Change-Id: I53b3849ab17f481941fcaaf53ca6eeedd5a139eb
Baha Mesleh [Fri, 24 May 2019 19:26:31 +0000 (22:26 +0300)]
kdump service restart fix
added a check for the existence of crashkernel parameter before restarting kdump service.
Signed-off-by: Baha Mesleh <baha.mesleh@nokia.com>
Change-Id: Ie35c9db68d1259b63971661bbe1f3e7756207112
Baha Mesleh [Fri, 24 May 2019 17:07:01 +0000 (20:07 +0300)]
Fix ironic problem
included root_device to the properties of the node in ironic
Signed-off-by: Baha Mesleh <baha.mesleh@nokia.com>
Change-Id: Ic93c8f40ac47ef61c3e5e634a3f6e41d1f998e0e
Jyrki Aaltonen [Mon, 13 May 2019 10:34:31 +0000 (13:34 +0300)]
Added progress reporter playbook
Change-Id: Ie2d313c1bd4145f7d48e23d07dc91e3a2b1caa85
Signed-off-by: Jyrki Aaltonen <jyrki.aaltonen@nokia.com>
Krisztian Lengyel [Tue, 14 May 2019 19:22:52 +0000 (15:22 -0400)]
Make own CPU allocation for CaaS default CPU pool
This change separates CaaS default allocation from platform allocation by making an own CPU allocation for it.
Change-Id: I443e8df96b27d9734ae01f5638ec2360987c9803
Signed-off-by: Krisztian Lengyel <krisztian.lengyel@nokia.com>
Janne Suominen [Fri, 10 May 2019 07:32:37 +0000 (10:32 +0300)]
Remove references to any product
Remove references to any particular product.
Change-Id: Ic74a87d1fd29a18fe7cde61c76d61b07c8a8705f
Signed-off-by: Janne Suominen <janne.suominen@nokia.com>
Ralf Mueller [Fri, 22 Mar 2019 09:17:29 +0000 (11:17 +0200)]
Initial commit
Change-Id: I9e0537fff4c113b39c1d4180a4ec5c15068a775c
Signed-off-by: Ralf Mueller <ralf.1.mueller@nokia.com>
Eric Ball [Wed, 1 May 2019 00:25:30 +0000 (00:25 +0000)]
Initial empty repository
Code Review / ta / infra-ansible.git / log