Spawning AArch64 VMs using salt.control.virt requires a few extra
domain configuration items to be configurable:
- libvirt xml: pass loader param to vm
Based on upstream commit [1].
- libvirt xml: pass virt machine type
- libvirt xml: pass cpu mode to vm
- virt module: Allow NVRAM unlinking on DOM undefine
UEFI-enabled VMs usually have pflash (NVRAM) devices attached,
which require one additional libvirt flag to be passed at 'undefine'.
This is usually the case for AArch64 (arm64) VMs, where AAVMF (AA64
UEFI) is the only supported guest bootloader.
[1] https://github.com/saltstack/salt/commit/9cace9adb
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
The metadata will be used to get list of enabled applications
that implement formula based upgrades.
Change-Id: Ibc368d993aa1c3c8715598513467da78792c752b
By default salt minion meta files are created with wide
permissions.
This makes OS tokens, keystone credentials unprotected.
Patch fixes this.
Prod-Related: CEEMCP-13 unprotected keystone credentials
Customer-Found
Change-Id: I18283cff4aec795e0656b7b3519381792e8a6e54
Salt (ca.sls) supports generation a few CA.cert but it works incorrectly.
When we generate a few ca.cert, salt must upload it to mine. But it overwrites previous ones.
Related-Prod: PROD-21740
Change-Id: I60f1089cc58758d3be65371deaaa69348fde86a4
The patch adds _orchestrate.conf file to salt minion
configuration. Its template searches for "/meta/salt.yml"
file across all installed formulas and parses them if found.
As of now config will contain following data, e.g.:
orchestration:
deploy:
applications:
cinder:
priority: 150
keystone:
priority: 100
Application priorities will be used later for salt deploy
orchestration
Change-Id: I56b0d15e5a13ca4975d98b9675991f84885120e6
Related-PROD: PROD-19973
The conflicting ID is 'libvirt_service' and is found in SLS:
- libvirt.server.service
- salt.control.virt
Change-Id: Ibb0b6f0a574a53f1cb8517a9fe0d7f0febb07bb3
The patch adds ability to configure REDIS as cache
backed for salt-master to be used as distibuted cache
further.
Change-Id: I62a29713c23ad3f591f6e937bfc5b13eba92f402
Related-PROD: PROD-20581
The patch adds ability to enable/disable salt-syndic
by changing the value with soft params.
Depends-on: Id97088e0a8c449c38943b8ceaa2111647fea19fc
Change-Id: I019fc1a08ae4781a1bfd39f39acf1d695691b997
Related-PROD: PROD-20579
* Salt minion is unable unencrypt the messages from master during boot
because of lack of entropy, throwing the exception:
File "/usr/lib/python2.7/dist-packages/salt/utils/rsax931.py", line 146, in sign
raise SSLError('Unable to encrypt message')
SSLError: Unable to encrypt message:
error:80064191:lib(128):osrandom_init:getrandom() initialization failed with EAGAIN. Most likely Kernel CPRNG is not se
error:80065190:lib(128):osrandom_rand_bytes:getrandom() initialization failed.
error:04088003:rsa routines:RSA_setup_blinding:BN lib
error:04066044:rsa routines:RSA_EAY_PRIVATE_ENCRYPT:internal error
After node has been booted up, and /dev/random device collected some
extra entropy, salt-minion could start.
This patch configures libvirt vms to use /dev/urandom for faster
entropy regeneration
Change-Id: I470166b4424752d24ac4bb2cb87d9f99cd14752e
Co-Authored-By: Oleksandr Savatieiev <osavatieiev@mirantis.com>
Prod-Related: PROD-19711