blob: 8f96c5a0981a936551029dfd27f221bc360fd5fd [file] [log] [blame]
---
driver:
name: docker
hostname: barbican.ci.local
use_sudo: false
provisioner:
name: salt_solo
salt_install: bootstrap
salt_bootstrap_url: https://bootstrap.saltstack.com
salt_version: latest
require_chef: false
log_level: error
formula: barbican
grains:
noservices: True
dependencies:
- name: apache
repo: git
source: https://gerrit.mcp.mirantis.com/salt-formulas/apache
branch: <%=ENV['GERRIT_BRANCH'] || 'master' %>
- name: keystone
repo: git
source: https://gerrit.mcp.mirantis.com/salt-formulas/keystone
branch: <%=ENV['GERRIT_BRANCH'] || 'master' %>
- name: oslo_templates
repo: git
source: https://gerrit.mcp.mirantis.com/salt-formulas/oslo-templates
branch: <%=ENV['GERRIT_BRANCH'] || 'master' %>
state_top:
base:
"*":
- apache
- barbican
pillars:
barbican_plugins.sls:
barbican:
server:
plugin:
vault:
schema: https
host: localhost
port: 8200
root_token_id: s.hpamtsbW5vcHFyc3R1dnd4eXo
approle_role_id: role_id
approle_secret_id: secret_id
kv_mountpoint: secret
ssl_ca_crt_file: '/etc/barbican/ssl/vault/CA.crt'
cacert: |
-----BEGIN CERTIFICATE-----
MIIF0TCCA7mgAwIBAgIJAOkTQnjLz6rEMA0GCSqGSIb3DQEBCwUAMEoxCzAJBgNV
-----END CERTIFICATE-----
ssl.sls:
barbican:
server:
identity:
engine: keystone
host: 10.0.106.20
port: 35357
domain: default
tenant: service
user: barbican
password: password
database:
engine: "mysql+pymysql"
host: 10.0.106.20
port: 3306
name: barbican
user: barbican
password: password
x509:
enabled: True
ca_file: /etc/barbican/ssl/mysql/ca-cert.pem
key_file: /etc/barbican/ssl/mysql/client-key.pem
cert_file: /etc/barbican/ssl/mysql/client-cert.pem
cacert: |
-----BEGIN CERTIFICATE-----
MIIFzzCCA7egAwIBAgIIe7zZ8hCvkgowDQYJKoZIhvcNAQELBQAwSjELMAkGA1UE
-----END CERTIFICATE-----
cert: |
-----BEGIN CERTIFICATE-----
MIIGSjCCBDKgAwIBAgIJAIHRPs2rZbLvMA0GCSqGSIb3DQEBCwUAMEoxCzAJBgNV
-----END CERTIFICATE-----
key: |
-----BEGIN RSA PRIVATE KEY-----
MIIJKQIBAAKCAgEAq0m4kOIITliYea07yJnlSRNY0o6NaykiteSfHGauiub4lNQJ
-----END RSA PRIVATE KEY-----
ssl:
enabled: True
cacert_file: /etc/barbican/ssl/mysql/ca-cert.pem
cacert: |
-----BEGIN CERTIFICATE-----
MIIFzzCCA7egAwIBAgIIe7zZ8hCvkgowDQYJKoZIhvcNAQELBQAwSjELMAkGA1UE
-----END CERTIFICATE-----
message_queue:
engine: rabbitmq
user: openstack
password: password
virtual_host: '/openstack'
members:
- host: 10.10.10.10
port: 5672
- host: 10.10.10.11
port: 5672
- host: 10.10.10.12
port: 5672
port: 5671
ssl:
# Case #1: specify cacert file and ca cert body explicitly
enabled: True
cacert_file: /etc/barbican/ssl/rabbitmq_cacert.pem
cacert: |
-----BEGIN CERTIFICATE-----
MIIF0TCCA7mgAwIBAgIJAMHIQpWZYGDTMA0GCSqGSIb3DQEBCwUAMEoxCzAJBgNV
BAYTAmN6MRcwFQYDVQQDDA5TYWx0IE1hc3RlciBDQTEPMA0GA1UEBwwGUHJhZ3Vl
MREwDwYDVQQKDAhNaXJhbnRpczAeFw0xNzA4MTQxMTI2MDdaFw0yNzA4MTIxMTI2
MDdaMEoxCzAJBgNVBAYTAmN6MRcwFQYDVQQDDA5TYWx0IE1hc3RlciBDQTEPMA0G
A1UEBwwGUHJhZ3VlMREwDwYDVQQKDAhNaXJhbnRpczCCAiIwDQYJKoZIhvcNAQEB
BQADggIPADCCAgoCggIBAL596jeUmim5bo0J52vPylX8xZOCaCvW9wlSYbk143dU
x7sqlAbPePvN6jj44BrYV01F4rCn9uxuaFLrbjF4rUDp81F0yMqghwyLmlTgJBOq
AMNiEtrBUwmenJPuM55IYeO9OFbPeBvZyqKy2IG18GbK35QE85rOgaEfgDIkVeV9
yNB8b+yftn3ebRZCceU5lx/o+w2eQkuyloy1F5QC7U2MhGF2ekLX79s8x+LNlbiO
EF1D/FWFor3HY9DwNlg7U99mVID2Bj8lPPt4dW8JDMKkghh+S797l3H6RYKHhIvs
wi+50ljhk5nHl+qCooGKuGZ2WokrGXWkoDfrrpl//7FFRPwauoU/akDVfoWYffqx
jnvlQFkAlI3S5F/vwJGI1JGvPv5p5uRxPJEeMI0Sp9bVrznHGCgaJyY+vIBoZCwS
i0t16gsgeezcu44Y65crv4XNOBKOS+KqvMwdzzukOj9YsYwNnlLly0VvTEdxTwwI
7NopRglUQrLusjZ5wwe23kf07xVxC98e1LRQzR5oEAUKkDrQzjmXBfcV92GrE3s7
1L4dvfXUE1mVxabhBCoS6kO3JQGPK+1LJDIs/F0uVVtOy/oz6mIdV2scCteFRAbm
BhfEoVbaYNlUxlNGno2I/HEep4P0DrFPQi0ZmGfvNO6t3EvTSnWcsUL9h55wZ3Pl
AgMBAAGjgbkwgbYwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwHQYDVR0OBBYE
FN2inIsMteL9vxR8Lo0yHI+4KaDGMHoGA1UdIwRzMHGAFN2inIsMteL9vxR8Lo0y
HI+4KaDGoU6kTDBKMQswCQYDVQQGEwJjejEXMBUGA1UEAwwOU2FsdCBNYXN0ZXIg
Q0ExDzANBgNVBAcMBlByYWd1ZTERMA8GA1UECgwITWlyYW50aXOCCQDByEKVmWBg
0zANBgkqhkiG9w0BAQsFAAOCAgEAq8yv5IZWHyZuySpe85GCfdn4VFfSw6O1tdOZ
7PnCNGqkLie3D0X5VIymDkEwSGrvRtAKvtRajej/1/T2lNJNzQaqQObMK9UpXMmu
g0qjAjYjbYMRS+4V1FJiyxxqyvE//XO+Jznj3jnF6IDnTYJp3tCUswvUYRSpAErP
CwtvBLzPhF9t3W+ElcrgM7UNDPRoVlun0q6FH4WAAKuuqXfJaEbe9XrkR+cBlP4O
7utdveEREw0cONoFtHM/yVwb9ovaitMEA/b6qH286cJ59zXJbhMe7+n9dFlMnAAh
WfayyLzlaOjxicGMPcmUMRh9n8fml7bR3mekL1BGZt451kH3+FSfjPpF3hqVqb3c
8LZsCrD10UYUOOQ1zyE8YaeQ6UgNW7LFJlngvNLAZKxRupc0FNGgDTMr8sgdBBeR
gH0cp+h4mDusEzYpaPIqci5+UOMelK/SMIYzMtD1ogZp/c9qIGh5nXwRkspHGrtk
ay6yizlPyY4QS1dOD/8nhGRbp5OQF1o5ZUtXlnaFHeLK7zl9iddqSvBVUNFdpDz+
uVYHAw4O2T7J7ge+gGgmjRPQjW1+O+jFWlSkO+7iFjdIOTZ6tpqYEglh0khgM8b5
V0MAVuww51/1DqirRG6Ge/3Sw44eDZID22jjCwLrDH0GSX76cDTe6Bx/WS0Wg7y/
/86PB1o=
-----END CERTIFICATE-----
top.sls:
base:
"*":
- barbican
- linux_repo_openstack
- release
verifier:
name: inspec
sudo: true
docker_images:
- &xenial-20177 <%=ENV['IMAGE_XENIAL_20177'] || 'docker-dev-local.docker.mirantis.net/mirantis/drivetrain/salt-formulas-ci/salt-formulas-ci-xenial-2017.7:latest'%>
platforms:
- name: xenial-2017.7
driver_config:
image: *xenial-20177
platform: ubuntu
suites:
<% for os_version in ['pike', 'queens', 'rocky'] %>
- name: control_single_<%=os_version%>
provisioner:
pillars-from-files:
barbican.sls: tests/pillar/control_single.sls
linux_repo_openstack.sls: tests/pillar/repo_mcp_openstack_<%=os_version%>.sls
pillars:
release.sls:
barbican:
server:
version: <%=os_version%>
top.sls:
base:
"*":
- barbican
- linux_repo_openstack
- release
<% unless os_version == 'ocata' || os_version == 'pike' %>
- barbican_plugins
<% end %>
- name: control_cluster_<%=os_version%>
provisioner:
pillars-from-files:
barbican.sls: tests/pillar/control_cluster.sls
linux_repo_openstack.sls: tests/pillar/repo_mcp_openstack_<%=os_version%>.sls
pillars:
release.sls:
barbican:
server:
version: <%=os_version%>
top.sls:
base:
"*":
- barbican
- linux_repo_openstack
- release
<% unless os_version == 'ocata' || os_version == 'pike' %>
- barbican_plugins
<% end %>
- name: control_single_ssl_<%=os_version%>
provisioner:
pillars-from-files:
barbican.sls: tests/pillar/control_single.sls
linux_repo_openstack.sls: tests/pillar/repo_mcp_openstack_<%=os_version%>.sls
pillars:
release.sls:
barbican:
server:
version: <%=os_version%>
top.sls:
base:
"*":
- barbican
- linux_repo_openstack
- release
- ssl
- name: control_cluster_ssl_<%=os_version%>
provisioner:
pillars-from-files:
barbican.sls: tests/pillar/control_cluster.sls
linux_repo_openstack.sls: tests/pillar/repo_mcp_openstack_<%=os_version%>.sls
pillars:
release.sls:
barbican:
server:
version: <%=os_version%>
top.sls:
base:
"*":
- barbican
- linux_repo_openstack
- release
- ssl
<% end %>
# vim: ft=yaml sw=2 ts=2 sts=2 tw=125