Missing package dependancies added.
A missing "config" parameter for qemu-nbd based seeding
method added.
A new seeding method utilising Cloud-init added.
The qemu-nbd based method is still a default method
for backward compatibility.
To enable cloud-init, set the "seed" parameter on
a cluster or node level to "cloud-init".
To disable seeding, set this parameter to "false".
Setting this parameter to "true" will default to
the "qemu-nbd" method.
Salt Minion config file will be created automatically
and may be overrided via cluster or node level
metadata:
salt:
control:
cluster:
mycluster:
seed: cloud-init
cloud_init:
user_data:
salt_minion:
conf:
master: 10.1.1.1
or for qemu-nbd case:
salt:
control:
cluster:
mycluster:
seed: true
config:
host: 10.1.1.1
That may be useful when Salt Master has two IPs in
different networks and one of the networks isn't accessible
from a VM at the moment it's created. Setting a reachable
Salt master IP from metadata helps avoid potential problems.
Also, a liitle optimization has been done to parse/dump
an libvirt XML only once while modifying it.
Change-Id: I091cf409cb43ba2d0a18eaf2a08c11e88d0334e2
Closes-Bug: PROD-22191
Add TCP keepalive configuration options [1] to the list of accepted
minion config keys.
[1] https://docs.saltstack.com/en/latest/ref/configuration/minion.html
Change-Id: If80083fc793b86147b3691216dea571ea2cf0858
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
Spawning AArch64 VMs using salt.control.virt requires a few extra
domain configuration items to be configurable:
- libvirt xml: pass loader param to vm
Based on upstream commit [1].
- libvirt xml: pass virt machine type
- libvirt xml: pass cpu mode to vm
- virt module: Allow NVRAM unlinking on DOM undefine
UEFI-enabled VMs usually have pflash (NVRAM) devices attached,
which require one additional libvirt flag to be passed at 'undefine'.
This is usually the case for AArch64 (arm64) VMs, where AAVMF (AA64
UEFI) is the only supported guest bootloader.
[1] https://github.com/saltstack/salt/commit/9cace9adb
Signed-off-by: Alexandru Avadanii <Alexandru.Avadanii@enea.com>
The metadata will be used to get list of enabled applications
that implement formula based upgrades.
Change-Id: Ibc368d993aa1c3c8715598513467da78792c752b
By default salt minion meta files are created with wide
permissions.
This makes OS tokens, keystone credentials unprotected.
Patch fixes this.
Prod-Related: CEEMCP-13 unprotected keystone credentials
Customer-Found
Change-Id: I18283cff4aec795e0656b7b3519381792e8a6e54
Salt (ca.sls) supports generation a few CA.cert but it works incorrectly.
When we generate a few ca.cert, salt must upload it to mine. But it overwrites previous ones.
Related-Prod: PROD-21740
Change-Id: I60f1089cc58758d3be65371deaaa69348fde86a4
The patch adds _orchestrate.conf file to salt minion
configuration. Its template searches for "/meta/salt.yml"
file across all installed formulas and parses them if found.
As of now config will contain following data, e.g.:
orchestration:
deploy:
applications:
cinder:
priority: 150
keystone:
priority: 100
Application priorities will be used later for salt deploy
orchestration
Change-Id: I56b0d15e5a13ca4975d98b9675991f84885120e6
Related-PROD: PROD-19973
The conflicting ID is 'libvirt_service' and is found in SLS:
- libvirt.server.service
- salt.control.virt
Change-Id: Ibb0b6f0a574a53f1cb8517a9fe0d7f0febb07bb3
The patch adds ability to configure REDIS as cache
backed for salt-master to be used as distibuted cache
further.
Change-Id: I62a29713c23ad3f591f6e937bfc5b13eba92f402
Related-PROD: PROD-20581
The patch adds ability to enable/disable salt-syndic
by changing the value with soft params.
Depends-on: Id97088e0a8c449c38943b8ceaa2111647fea19fc
Change-Id: I019fc1a08ae4781a1bfd39f39acf1d695691b997
Related-PROD: PROD-20579