Merge "Add RBAC logic to salt module for ACL per UUID/name"
diff --git a/.kitchen.yml b/.kitchen.yml
index cc0e724..dbb2fea 100644
--- a/.kitchen.yml
+++ b/.kitchen.yml
@@ -49,9 +49,9 @@
sudo: true
platforms:
- - name: <%= ENV['PLATFORM'] || 'ubuntu-xenial' %>
+ - name: <%=ENV['PLATFORM'] || 'saltstack-ubuntu-xenial-salt-stable' %>
driver_config:
- image: <%= ENV['PLATFORM'] || 'trevorj/salty-whales:xenial' %>
+ image: <%=ENV['PLATFORM'] || 'epcim/salt-formulas:saltstack-ubuntu-xenial-salt-stable'%>
platform: ubuntu
suites:
@@ -62,61 +62,57 @@
opencontrail.sls: tests/pillar/single3.sls
- name: single40
provisioner:
+ grains:
+ init: 'systemd'
pillars-from-files:
opencontrail.sls: tests/pillar/single40.sls
- excludes:
- - ubuntu-trusty
- name: analytics3
provisioner:
pillars-from-files:
opencontrail.sls: tests/pillar/analytics3.sls
- name: analytics40
provisioner:
+ grains:
+ init: 'systemd'
pillars-from-files:
opencontrail.sls: tests/pillar/analytics40.sls
- excludes:
- - ubuntu-trusty
- name: control3
provisioner:
pillars-from-files:
opencontrail.sls: tests/pillar/control3.sls
- name: control40
provisioner:
+ grains:
+ init: 'systemd'
pillars-from-files:
opencontrail.sls: tests/pillar/control40.sls
- excludes:
- - ubuntu-trusty
- name: cluster3
provisioner:
pillars-from-files:
opencontrail.sls: tests/pillar/cluster3.sls
- name: cluster40
provisioner:
+ grains:
+ init: 'systemd'
pillars-from-files:
opencontrail.sls: tests/pillar/cluster40.sls
- excludes:
- - ubuntu-trusty
- - name: tor3
- provisioner:
- pillars-from-files:
- opencontrail.sls: tests/pillar/tor3.sls
- - name: tor40
- provisioner:
- pillars-from-files:
- opencontrail.sls: tests/pillar/tor40.sls
- excludes:
- - ubuntu-trusty
+ # - name: tor3
+ # provisioner:
+ # pillars-from-files:
+ # opencontrail.sls: tests/pillar/tor3.sls
+ # - name: tor40
+ # provisioner:
+ # pillars-from-files:
+ # opencontrail.sls: tests/pillar/tor40.sls
- name: vrouter3
provisioner:
pillars-from-files:
opencontrail.sls: tests/pillar/vrouter3.sls
- excludes:
- - ubuntu-trusty
- name: vrouter40
provisioner:
+ grains:
+ init: 'systemd'
pillars-from-files:
opencontrail.sls: tests/pillar/vrouter40.sls
- excludes:
- - ubuntu-trusty
# vim: ft=yaml sw=2 ts=2 sts=2 tw=125
diff --git a/.travis.yml b/.travis.yml
index 22fbe08..a9c4dd4 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -18,36 +18,36 @@
- bundle install
env:
- # - PLATFORM=trevorj/salty-whales:trusty OC_REPO=oc311 SUITE=single3
- - PLATFORM=trevorj/salty-whales:trusty OC_REPO=oc311 SUITE=analytics3
- - PLATFORM=trevorj/salty-whales:trusty OC_REPO=oc311 SUITE=control3
- # - PLATFORM=trevorj/salty-whales:trusty OC_REPO=oc311 SUITE=cluster3
- # - PLATFORM=trevorj/salty-whales:trusty OC_REPO=oc311 SUITE=tor3
- # - PLATFORM=trevorj/salty-whales:trusty OC_REPO=oc311 SUITE=vrouter3
- # - PLATFORM=trevorj/salty-whales:trusty OC_REPO=oc323 SUITE=single3
- - PLATFORM=trevorj/salty-whales:trusty OC_REPO=oc323 SUITE=analytics3
- - PLATFORM=trevorj/salty-whales:trusty OC_REPO=oc323 SUITE=control3
- # - PLATFORM=trevorj/salty-whales:trusty OC_REPO=oc323 SUITE=cluster3
- # - PLATFORM=trevorj/salty-whales:trusty OC_REPO=oc323 SUITE=tor3
- # - PLATFORM=trevorj/salty-whales:trusty OC_REPO=oc323 SUITE=vrouter3
- # - PLATFORM=trevorj/salty-whales:xenial OC_REPO=oc323 SUITE=single3
- #- PLATFORM=trevorj/salty-whales:xenial OC_REPO=oc323 SUITE=analytics3
- #- PLATFORM=trevorj/salty-whales:xenial OC_REPO=oc323 SUITE=control3
- # - PLATFORM=trevorj/salty-whales:xenial OC_REPO=oc323 SUITE=cluster3
- # - PLATFORM=trevorj/salty-whales:xenial OC_REPO=oc323 SUITE=tor3
- - PLATFORM=trevorj/salty-whales:xenial OC_REPO=oc323 SUITE=vrouter3
- # - PLATFORM=trevorj/salty-whales:trusty OC_REPO=oc40 SUITE=single40
- #- PLATFORM=trevorj/salty-whales:trusty OC_REPO=oc40 SUITE=analytics40
- #- PLATFORM=trevorj/salty-whales:trusty OC_REPO=oc40 SUITE=control40
- # - PLATFORM=trevorj/salty-whales:trusty OC_REPO=oc40 SUITE=cluster40
- # - PLATFORM=trevorj/salty-whales:trusty OC_REPO=oc40 SUITE=tor40
- # - PLATFORM=trevorj/salty-whales:trusty OC_REPO=oc40 SUITE=vrouter40
- # - PLATFORM=trevorj/salty-whales:xenial OC_REPO=oc40 SUITE=single40
- - PLATFORM=trevorj/salty-whales:xenial OC_REPO=oc40 SUITE=analytics40
- - PLATFORM=trevorj/salty-whales:xenial OC_REPO=oc40 SUITE=control40
- # - PLATFORM=trevorj/salty-whales:xenial OC_REPO=oc40 SUITE=cluster40
- # - PLATFORM=trevorj/salty-whales:xenial OC_REPO=oc40 SUITE=tor40
- - PLATFORM=trevorj/salty-whales:xenial OC_REPO=oc40 SUITE=vrouter40
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 OC_REPO=oc311 SUITE=single3
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 OC_REPO=oc311 SUITE=analytics3
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 OC_REPO=oc311 SUITE=control3
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 OC_REPO=oc311 SUITE=cluster3
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 OC_REPO=oc311 SUITE=vrouter3
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 OC_REPO=oc323 SUITE=single3
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 OC_REPO=oc323 SUITE=analytics3
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 OC_REPO=oc323 SUITE=control3
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 OC_REPO=oc323 SUITE=cluster3
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 OC_REPO=oc323 SUITE=vrouter3
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 OC_REPO=oc40 SUITE=single40
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 OC_REPO=oc40 SUITE=analytics40
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 OC_REPO=oc40 SUITE=control40
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 OC_REPO=oc40 SUITE=cluster40
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2016.3 OC_REPO=oc40 SUITE=vrouter40
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 OC_REPO=oc311 SUITE=single3
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 OC_REPO=oc311 SUITE=analytics3
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 OC_REPO=oc311 SUITE=control3
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 OC_REPO=oc311 SUITE=cluster3
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 OC_REPO=oc311 SUITE=vrouter3
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 OC_REPO=oc323 SUITE=single3
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 OC_REPO=oc323 SUITE=analytics3
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 OC_REPO=oc323 SUITE=control3
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 OC_REPO=oc323 SUITE=cluster3
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 OC_REPO=oc323 SUITE=vrouter3
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 OC_REPO=oc40 SUITE=single40
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 OC_REPO=oc40 SUITE=analytics40
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 OC_REPO=oc40 SUITE=control40
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 OC_REPO=oc40 SUITE=cluster40
+ - PLATFORM=epcim/salt-formulas:saltstack-ubuntu-xenial-salt-2017.7 OC_REPO=oc40 SUITE=vrouter40
before_script:
- set -o pipefail
diff --git a/Makefile b/Makefile
index 1043fbe..d166862 100644
--- a/Makefile
+++ b/Makefile
@@ -27,6 +27,7 @@
all:
@echo "make install - Install into DESTDIR"
+ @echo "make lint - Run lint tests"
@echo "make test - Run tests"
@echo "make kitchen - Run Kitchen CI tests (create, converge, verify)"
@echo "make clean - Cleanup after tests run"
@@ -45,6 +46,9 @@
[ -d $(DESTDIR)/$(RECLASSDIR)/service/$(FORMULANAME) ] || mkdir -p $(DESTDIR)/$(RECLASSDIR)/service/$(FORMULANAME)
cp -a metadata/service/* $(DESTDIR)/$(RECLASSDIR)/service/$(FORMULANAME)
+lint:
+ [ ! -d tests ] || (cd tests; ./run_tests.sh lint)
+
test:
[ ! -d tests ] || (cd tests; ./run_tests.sh)
@@ -65,7 +69,7 @@
[ ! -f debian/changelog ] || dch -v $(VERSION_MAJOR).$(NEW_MINOR_VERSION) -m --force-distribution -D `dpkg-parsechangelog -S Distribution` "New version"
make genchangelog-$(VERSION_MAJOR).$(NEW_MINOR_VERSION)
(git add -u; git commit -m "Version $(VERSION_MAJOR).$(NEW_MINOR_VERSION)")
- git tag -s -m $(NEW_MAJOR_VERSION) $(VERSION_MAJOR).$(NEW_MINOR_VERSION)
+ git tag -s -m $(VERSION_MAJOR).$(NEW_MINOR_VERSION) $(VERSION_MAJOR).$(NEW_MINOR_VERSION)
check-changes:
@git log --pretty=oneline --decorate $(VERSION)..HEAD | grep -Eqc '.*' || (echo "No new changes since version $(VERSION)"; exit 1)
diff --git a/opencontrail/files/3.0/database/cassandra-env.sh b/opencontrail/files/3.0/database/cassandra-env.sh
index 2eb5fbd..b48e4cc 100644
--- a/opencontrail/files/3.0/database/cassandra-env.sh
+++ b/opencontrail/files/3.0/database/cassandra-env.sh
@@ -314,3 +314,8 @@
JVM_OPTS="$JVM_OPTS $MX4J_ADDRESS"
JVM_OPTS="$JVM_OPTS $MX4J_PORT"
JVM_OPTS="$JVM_OPTS $JVM_EXTRA_OPTS"
+
+# Add cassandra pid file, even if not used. It will stay in params and
+# contrail-nodemgr can detect cassandra PID from process list.
+
+JVM_OPTS="$JVM_OPTS -Dcassandra-pidfile=/var/run/cassandra/cassandra.pid"
diff --git a/opencontrail/files/4.0/database/cassandra-env.sh b/opencontrail/files/4.0/database/cassandra-env.sh
index 6b70455..7f2145c 100644
--- a/opencontrail/files/4.0/database/cassandra-env.sh
+++ b/opencontrail/files/4.0/database/cassandra-env.sh
@@ -314,3 +314,8 @@
JVM_OPTS="$JVM_OPTS $MX4J_ADDRESS"
JVM_OPTS="$JVM_OPTS $MX4J_PORT"
JVM_OPTS="$JVM_OPTS $JVM_EXTRA_OPTS"
+
+# Add cassandra pid file, even if not used. It will stay in params and
+# contrail-nodemgr can detect cassandra PID from process list.
+
+JVM_OPTS="$JVM_OPTS -Dcassandra-pidfile=/var/run/cassandra/cassandra.pid"
diff --git a/opencontrail/files/4.0/doctrail b/opencontrail/files/4.0/doctrail
index 6b508d8..e40f76c 100644
--- a/opencontrail/files/4.0/doctrail
+++ b/opencontrail/files/4.0/doctrail
@@ -1,7 +1,7 @@
#!/bin/bash
if [ "$1" == "-h" ] || [ "$1" == "--help" ]; then
- echo -e "\nUsage: $0 {analytics|analyticsdb|controller|all} {<command_to_send>|console}\n"
+ echo -e "\nUsage: $0 {analytics|analyticsdb|controller|kube-manager|all} {<command_to_send>|console}\n"
echo "Examples: "
echo "$0 controller contrail-status"
echo "$0 controller service contrail-database restart"
@@ -11,7 +11,7 @@
exit 0
fi
-NODES=("analytics" "analyticsdb" "controller")
+NODES=("analytics" "analyticsdb" "controller" "kube-manager")
if [ "$1" == "all" ] ; then
for el in ${NODES[*]}; do
diff --git a/opencontrail/files/grafana_dashboards/cassandra_prometheus.json b/opencontrail/files/grafana_dashboards/cassandra_prometheus.json
index b9354ea..9bad464 100644
--- a/opencontrail/files/grafana_dashboards/cassandra_prometheus.json
+++ b/opencontrail/files/grafana_dashboards/cassandra_prometheus.json
@@ -803,7 +803,7 @@
"steppedLine": false,
"targets": [
{
- "expr": "cassandra_db_StorageService_Load{host=~\"$host\"}",
+ "expr": "cassandra_metrics_Storage_Count{name=\"Load\",host=~\"$host\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{ host }}",
@@ -880,7 +880,7 @@
"steppedLine": false,
"targets": [
{
- "expr": "cassandra_db_StorageService_ExceptionCount{host=~\"$host\"}",
+ "expr": "cassandra_metrics_Storage_Count{name=\"Exceptions\",host=~\"$host\"}",
"format": "time_series",
"intervalFactor": 2,
"legendFormat": "{{ host }}",
diff --git a/opencontrail/meta/heka.yml b/opencontrail/meta/heka.yml
index af1a1a8..43bf89b 100644
--- a/opencontrail/meta/heka.yml
+++ b/opencontrail/meta/heka.yml
@@ -124,7 +124,7 @@
contrail_api_stdout_log:
engine: logstreamer
log_directory: "/var/log"
- file_match: 'contrail/contrail-(?P<Service>discovery-0-stdout)\.log\.?(?P<Seq>\d*)$'
+ file_match: 'contrail/contrail-(?P<Service>(api|discovery)-\d-stdout)\.log\.?(?P<Seq>\d*)$'
differentiator: ['contrail', '.', 'Service']
priority: ["^Seq"]
decoder: "contrail_api_stdout_decoder"
diff --git a/opencontrail/meta/prometheus.yml b/opencontrail/meta/prometheus.yml
index 384caf0..46782c0 100644
--- a/opencontrail/meta/prometheus.yml
+++ b/opencontrail/meta/prometheus.yml
@@ -254,14 +254,14 @@
description: 'There are no BGP sessions on node {{ $labels.host }}'
ContrailXMPPSessionsNoneUp:
if: >-
- max(contrail_xmpp_session_up_count) by (host) == 0
+ sum(contrail_xmpp_session_up_count) < count(contrail_vrouter_xmpp) * 2
for: 2m
labels:
severity: warning
service: contrail-control
annotations:
- summary: 'no active XMPP sessions'
- description: 'There are no active XMPP sessions on node {{ $labels.host }}'
+ summary: 'Unavailable established XMPP sessions'
+ description: 'There is compute instance without established XMPP session'
ContrailXMPPSessionsSomeDown:
if: >-
min(contrail_xmpp_session_down_count) by (host) > 0
@@ -274,14 +274,14 @@
description: 'There are inactive XMPP sessions on node {{ $labels.host }}'
ContrailXMPPSessionsNone:
if: >-
- max(contrail_xmpp_session_count) by (host) == 0
+ sum(contrail_xmpp_session_count) < count(contrail_vrouter_xmpp) * 2
for: 2m
labels:
severity: warning
service: contrail-control
annotations:
- summary: 'No XMPP sessions'
- description: 'There are no XMPP sessions on node {{ $labels.host }}'
+ summary: 'Unavailable XMPP sessions'
+ description: 'There is compute instance with missing XMPP session'
ContrailXMPPSessionsTooMany:
if: >-
{%- endraw %}
@@ -427,6 +427,7 @@
summary: 'Too many vRouter discarded flows'
description: 'There are too many discarded vRouter flows on node {{ $labels.host }} (current value={{ $value }}, threshold={%- endraw %}{{ vrouter_flows_discard_toohigh_threshold }})'
ContrailFlowsDropTooMany:
+ enabled: false
if: >-
{%- set vrouter_flows_flow_action_drop_toohigh_threshold = monitoring.vrouter_flows_flow_action_drop_too_high_threshold %}
rate(contrail_vrouter_flows_flow_action_drop[5m]) >= {{ vrouter_flows_flow_action_drop_toohigh_threshold }}
diff --git a/tests/pillar/single40.sls b/tests/pillar/single40.sls
index 008a004..2e8c430 100644
--- a/tests/pillar/single40.sls
+++ b/tests/pillar/single40.sls
@@ -56,6 +56,7 @@
name: ntw-01
version: 4.0
enabled: true
+ config_only: True
bind:
address: 127.0.0.1
analytics:
@@ -115,6 +116,7 @@
data_dirs:
- /var/lib/cassandra
id: 1
+ config_only: True
analytics:
members:
- host: 127.0.0.1