Missing package dependancies added.
A missing "config" parameter for qemu-nbd based seeding
method added.
A new seeding method utilising Cloud-init added.
The qemu-nbd based method is still a default method
for backward compatibility.
To enable cloud-init, set the "seed" parameter on
a cluster or node level to "cloud-init".
To disable seeding, set this parameter to "false".
Setting this parameter to "true" will default to
the "qemu-nbd" method.
Salt Minion config file will be created automatically
and may be overrided via cluster or node level
metadata:
salt:
control:
cluster:
mycluster:
seed: cloud-init
cloud_init:
user_data:
salt_minion:
conf:
master: 10.1.1.1
or for qemu-nbd case:
salt:
control:
cluster:
mycluster:
seed: true
config:
host: 10.1.1.1
That may be useful when Salt Master has two IPs in
different networks and one of the networks isn't accessible
from a VM at the moment it's created. Setting a reachable
Salt master IP from metadata helps avoid potential problems.
Also, a liitle optimization has been done to parse/dump
an libvirt XML only once while modifying it.
Change-Id: I091cf409cb43ba2d0a18eaf2a08c11e88d0334e2
Closes-Bug: PROD-22191
Spawning AArch64 VMs using salt.control.virt requires a few extra
domain configuration items to be configurable:
- libvirt xml: pass loader param to vm
Based on upstream commit [1].
- libvirt xml: pass virt machine type
- libvirt xml: pass cpu mode to vm
- virt module: Allow NVRAM unlinking on DOM undefine
UEFI-enabled VMs usually have pflash (NVRAM) devices attached,
which require one additional libvirt flag to be passed at 'undefine'.
This is usually the case for AArch64 (arm64) VMs, where AAVMF (AA64
UEFI) is the only supported guest bootloader.
[1] https://github.com/saltstack/salt/commit/9cace9adb
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
* Salt minion is unable unencrypt the messages from master during boot
because of lack of entropy, throwing the exception:
File "/usr/lib/python2.7/dist-packages/salt/utils/rsax931.py", line 146, in sign
raise SSLError('Unable to encrypt message')
SSLError: Unable to encrypt message:
error:80064191:lib(128):osrandom_init:getrandom() initialization failed with EAGAIN. Most likely Kernel CPRNG is not se
error:80065190:lib(128):osrandom_rand_bytes:getrandom() initialization failed.
error:04088003:rsa routines:RSA_setup_blinding:BN lib
error:04066044:rsa routines:RSA_EAY_PRIVATE_ENCRYPT:internal error
After node has been booted up, and /dev/random device collected some
extra entropy, salt-minion could start.
This patch configures libvirt vms to use /dev/urandom for faster
entropy regeneration
Change-Id: I470166b4424752d24ac4bb2cb87d9f99cd14752e
Co-Authored-By: Oleksandr Savatieiev <osavatieiev@mirantis.com>
Prod-Related: PROD-19711
[Fix] Doc
Issue: - It is not possible to pass [R]andom [N]umber [G]enerator
device to libvirt guest xml in order to control entropy.
- Doc has no information on how to provision vms using salt
Solution: - Pass rng parameters via kwargs from node: pillar
Attach rng xml object to generated xml.
- Provide with an example
Prod-Related: PROD-19214
Customer-Found
Change-Id: Iea111f2d927edf46f06bb7ccfad06d37b752fba9
The patch deletes deprecated cmd.run function which actually
was defined in salt 2016 as alias for cmd.shell therefore this
change supports backward compatibility.
Change-Id: I47eae0b8ee45ca1a1a9b3e8e544c893614573fda
Related-PROD: 17056
salt custom py module seedng.py should use the same Salt version
when preinstalling minion for salt-controlled VMs via bootstrap
script.
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Do not change VCP disk profile globally, it causes to re-use
the properties from one node in another.
Change-Id: Iff98010c32c1060b50bc0ae040edb72108c57da1
Nate Bohman
Andrei Danin
Martin Horak
Pavel Cizinsky
Alexandru Avadanii
Dzmitry Stremkouski
azvyagintsev
Ales Komarek
Oleh Hryhorov
Mateusz Los
Ales Komarek
Dennis Dmitriev
Adam Tengler
Ondrej Smola
Ales Komarek