Merge "Add coordination support for Ceilometer central agent"
diff --git a/aodh/server/coordination/redis.yml b/aodh/server/coordination/redis.yml
new file mode 100644
index 0000000..e013e0f
--- /dev/null
+++ b/aodh/server/coordination/redis.yml
@@ -0,0 +1,7 @@
+classes:
+- service.redis.server.single
+parameters:
+  aodh:
+    server:
+      coordination_backend:
+        url:  redis://${_param:single_address}:6379/${_param:cluster_node01_address}
diff --git a/devops_portal/service/security_monkey.yml b/devops_portal/service/security_monkey.yml
new file mode 100644
index 0000000..3638e56
--- /dev/null
+++ b/devops_portal/service/security_monkey.yml
@@ -0,0 +1,10 @@
+parameters:
+  devops_portal:
+    config:
+      service:
+        securitymonkey:
+          configure_proxy: true
+          endpoint:
+            address: ${_param:haproxy_security_monkey_bind_host}
+            port: ${_param:haproxy_security_monkey_bind_port}
+            https: ${_param:haproxy_security_monkey_ssl:enabled}
diff --git a/docker/swarm/stack/elasticsearch.yml b/docker/swarm/stack/elasticsearch.yml
new file mode 100644
index 0000000..083388c
--- /dev/null
+++ b/docker/swarm/stack/elasticsearch.yml
@@ -0,0 +1,19 @@
+parameters:
+  _param:
+    elasticsearch_replicas: 1
+    docker_image_oss_elasticsearch: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/elasticsearch:latest
+  docker:
+    client:
+      stack:
+        elasticsearch:
+          service:
+            cluster:
+              image: ${_param:docker_image_oss_elasticsearch}
+              deploy:
+                replicas: ${_param:elasticsearch_replicas}
+                restart_policy:
+                  condition: any
+              ports:
+                - ${_param:haproxy_elasticsearch_exposed_port}:${_param:haproxy_elasticsearch_bind_port}
+              volumes:
+                - /srv/volumes/elasticsearch:/usr/share/elasticsearch/data
diff --git a/docker/swarm/stack/postgresql.yml b/docker/swarm/stack/postgresql.yml
new file mode 100644
index 0000000..bdad6fb
--- /dev/null
+++ b/docker/swarm/stack/postgresql.yml
@@ -0,0 +1,24 @@
+parameters:
+  _param:
+    docker_postgresql_replicas: 1
+    docker_image_postgresql: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/postgresql:latest
+    postgresql_admin_user: postgres
+    postgresql_admin_user_password: postgrespassword
+  docker:
+    client:
+      stack:
+        postgresql:
+          environment:
+            POSTGRES_USER: ${_param:postgresql_admin_user}
+            POSTGRES_PASSWORD: ${_param:postgresql_admin_user_password}
+          service:
+            db:
+              image: ${_param:docker_image_postgresql}
+              deploy:
+                replicas: ${_param:docker_postgresql_replicas}
+                restart_policy:
+                  condition: any
+              ports:
+                - ${_param:haproxy_postgresql_exposed_port}:${_param:haproxy_postgresql_bind_port}
+              volumes:
+                - /srv/volumes/postgresql/data:/var/lib/postgresql/data
diff --git a/docker/swarm/stack/pushkin.yml b/docker/swarm/stack/pushkin.yml
index b28b1e9..3232301 100644
--- a/docker/swarm/stack/pushkin.yml
+++ b/docker/swarm/stack/pushkin.yml
@@ -1,36 +1,20 @@
 parameters:
   _param:
-    docker_pushkin_db_replicas: 1
-    docker_image_pushkin_db: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/pushkindb:latest
-    pushkin_db_password: pushkin
-    pushkin_db_user: pushkin
-    pushkin_db: pushkin
     docker_pushkin_replicas: 1
     docker_image_pushkin: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/pushkin:latest
-    elasticsearch_replicas: 1
-    docker_image_oss_elasticsearch: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/elasticsearch:latest
+    pushkin_db: pushkin
   docker:
     client:
       stack:
         pushkin:
           environment:
             POSTGRES_USER: ${_param:pushkin_db_user}
-            POSTGRES_PASSWORD: ${_param:pushkin_db_password}
+            POSTGRES_PASSWORD: ${_param:pushkin_db_user_password}
             POSTGRES_DB: ${_param:pushkin_db}
-            PUSHKINDBHOST: ${_param:haproxy_pushkin_db_bind_host}
+            PUSHKINDBHOST: ${_param:pushkin_db_host}
             PUSHKINELASTICHOST: ${_param:haproxy_elasticsearch_bind_host}
           service:
-            db:
-              image: ${_param:docker_image_pushkin_db}
-              deploy:
-                replicas: ${_param:docker_pushkin_db_replicas}
-                restart_policy:
-                  condition: any
-              ports:
-                - ${_param:haproxy_pushkin_db_exposed_port}:${_param:haproxy_pushkin_db_bind_port}
-              volumes:
-                - /srv/volumes/pushkin/data:/var/lib/postgresql/data
-            backend:
+            api:
               image: ${_param:docker_image_pushkin}
               deploy:
                 replicas: ${_param:docker_pushkin_replicas}
@@ -39,14 +23,4 @@
               ports:
                 - ${_param:haproxy_pushkin_exposed_port}:${_param:haproxy_pushkin_bind_port}
               volumes:
-                - /srv/volumes/pushkin/logs:/var/log/pushkin
-            elasticsearch:
-              image: ${_param:docker_image_oss_elasticsearch}
-              deploy:
-                replicas: ${_param:elasticsearch_replicas}
-                restart_policy:
-                  condition: any
-              ports:
-                - ${_param:haproxy_elasticsearch_exposed_port}:${_param:haproxy_elasticsearch_bind_port}
-              volumes:
-                - /srv/volumes/elasticsearch:/usr/share/elasticsearch/data
+                - /srv/volumes/pushkin/api:/var/log/pushkin
\ No newline at end of file
diff --git a/docker/swarm/stack/security_monkey.yml b/docker/swarm/stack/security_monkey.yml
new file mode 100644
index 0000000..479b028
--- /dev/null
+++ b/docker/swarm/stack/security_monkey.yml
@@ -0,0 +1,35 @@
+parameters:
+  _param:
+    docker_security_monkey_api_replicas: 1
+    docker_security_monkey_scheduler_replicas: 1
+    docker_image_security_monkey_api: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/security-monkey-api:3842.6
+    docker_image_security_monkey_scheduler: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/security-monkey-scheduler:3842.6
+    security_monkey_db: secmonkey
+  docker:
+    client:
+      stack:
+        security_monkey:
+          environment:
+            SECURITY_MONKEY_POSTGRES_USER: ${_param:secmonkey_db_user}
+            SECURITY_MONKEY_POSTGRES_PASSWORD: ${_param:secmonkey_db_user_password}
+            SECURITY_MONKEY_POSTGRES_HOST: ${_param:secmonkey_db_host}
+            SECURITY_MONKEY_POSTGRES_PORT: ${_param:haproxy_postgresql_bind_port}
+          service:
+            api:
+              image: ${_param:docker_image_security_monkey_api}
+              deploy:
+                replicas: ${_param:docker_security_monkey_api_replicas}
+                restart_policy:
+                  condition: any
+              ports:
+                - ${_param:haproxy_security_monkey_exposed_port}:${_param:haproxy_security_monkey_bind_port}
+              volumes:
+                - /srv/volumes/security_monkey:/var/log/security_monkey
+            scheduler:
+              image: ${_param:docker_image_security_monkey_scheduler}
+              deploy:
+                replicas: ${_param:docker_security_monkey_scheduler_replicas}
+                restart_policy:
+                  condition: any
+              volumes:
+                - /srv/volumes/security_monkey:/var/log/security_monkey
\ No newline at end of file
diff --git a/glusterfs/client/volume/security_monkey.yml b/glusterfs/client/volume/security_monkey.yml
new file mode 100644
index 0000000..b008669
--- /dev/null
+++ b/glusterfs/client/volume/security_monkey.yml
@@ -0,0 +1,13 @@
+parameters:
+  _param:
+    security_monkey_glusterfs_service_host: ${_param:glusterfs_service_host}
+    glusterfs_node01_address: ${_param:cluster_node01_address}
+    glusterfs_node02_address: ${_param:cluster_node02_address}
+    glusterfs_node03_address: ${_param:cluster_node03_address}
+  glusterfs:
+    client:
+      volumes:
+        security_monkey:
+          path: /srv/volumes/security_monkey
+          server: ${_param:security_monkey_glusterfs_service_host}
+          opts: "defaults,backup-volfile-servers=${_param:glusterfs_node01_address}:${_param:glusterfs_node02_address}:${_param:glusterfs_node03_address}"
diff --git a/glusterfs/server/volume/security_monkey.yml b/glusterfs/server/volume/security_monkey.yml
new file mode 100644
index 0000000..478aec3
--- /dev/null
+++ b/glusterfs/server/volume/security_monkey.yml
@@ -0,0 +1,17 @@
+parameters:
+  glusterfs:
+    server:
+      volumes:
+        security_monkey:
+          storage: /srv/glusterfs/security_monkey
+          replica: 3
+          bricks:
+            - ${_param:cluster_node01_address}:/srv/glusterfs/security_monkey
+            - ${_param:cluster_node02_address}:/srv/glusterfs/security_monkey
+            - ${_param:cluster_node03_address}:/srv/glusterfs/security_monkey
+          options:
+            cluster.readdir-optimize: On
+            nfs.disable: On
+            network.remote-dio: On
+            diagnostics.client-log-level: WARNING
+            diagnostics.brick-log-level: WARNING
diff --git a/haproxy/proxy/listen/oss/postgresql.yml b/haproxy/proxy/listen/oss/postgresql.yml
new file mode 100644
index 0000000..1bc1f44
--- /dev/null
+++ b/haproxy/proxy/listen/oss/postgresql.yml
@@ -0,0 +1,32 @@
+parameters:
+  _param:
+    haproxy_postgresql_bind_host: ${_param:haproxy_bind_address}
+    haproxy_postgresql_bind_port: 5432
+    haproxy_postgresql_exposed_port: 15432
+    haproxy_postgresql_ssl:
+      enabled: false
+  haproxy:
+    proxy:
+      listen:
+        postgresql:
+          mode: tcp
+          balance: source
+          options:
+          - tcp-check
+          binds:
+            - address: ${_param:haproxy_postgresql_bind_host}
+              port: ${_param:haproxy_postgresql_bind_port}
+              ssl: ${_param:haproxy_postgresql_ssl}
+          servers:
+            - name: ${_param:cluster_node01_name}
+              host: ${_param:cluster_node01_address}
+              port: ${_param:haproxy_postgresql_exposed_port}
+              params: check port ${_param:haproxy_postgresql_exposed_port}
+            - name: ${_param:cluster_node02_name}
+              host: ${_param:cluster_node02_address}
+              port: ${_param:haproxy_postgresql_exposed_port}
+              params: backup check port ${_param:haproxy_postgresql_exposed_port}
+            - name: ${_param:cluster_node03_name}
+              host: ${_param:cluster_node03_address}
+              port: ${_param:haproxy_postgresql_exposed_port}
+              params: backup check port ${_param:haproxy_postgresql_exposed_port}
diff --git a/haproxy/proxy/listen/oss/pushkin_db.yml b/haproxy/proxy/listen/oss/pushkin_db.yml
deleted file mode 100644
index c67c591..0000000
--- a/haproxy/proxy/listen/oss/pushkin_db.yml
+++ /dev/null
@@ -1,32 +0,0 @@
-parameters:
-  _param:
-    haproxy_pushkin_db_bind_host: ${_param:haproxy_bind_address}
-    haproxy_pushkin_db_bind_port: 5432
-    haproxy_pushkin_db_exposed_port: 15432
-    haproxy_pushkin_db_ssl:
-      enabled: false
-  haproxy:
-    proxy:
-      listen:
-        pushkin_db:
-          mode: tcp
-          balance: source
-          options:
-          - tcp-check
-          binds:
-            - address: ${_param:haproxy_pushkin_db_bind_host}
-              port: ${_param:haproxy_pushkin_db_bind_port}
-              ssl: ${_param:haproxy_pushkin_db_ssl}
-          servers:
-            - name: ${_param:cluster_node01_name}
-              host: ${_param:cluster_node01_address}
-              port: ${_param:haproxy_pushkin_db_exposed_port}
-              params: check port ${_param:haproxy_pushkin_db_exposed_port}
-            - name: ${_param:cluster_node02_name}
-              host: ${_param:cluster_node02_address}
-              port: ${_param:haproxy_pushkin_db_exposed_port}
-              params: backup check port ${_param:haproxy_pushkin_db_exposed_port}
-            - name: ${_param:cluster_node03_name}
-              host: ${_param:cluster_node03_address}
-              port: ${_param:haproxy_pushkin_db_exposed_port}
-              params: backup check port ${_param:haproxy_pushkin_db_exposed_port}
diff --git a/haproxy/proxy/listen/oss/security_monkey.yml b/haproxy/proxy/listen/oss/security_monkey.yml
new file mode 100644
index 0000000..5498699
--- /dev/null
+++ b/haproxy/proxy/listen/oss/security_monkey.yml
@@ -0,0 +1,37 @@
+parameters:
+  _param:
+    haproxy_security_monkey_bind_host: ${_param:haproxy_bind_address}
+    haproxy_security_monkey_bind_port: 5001
+    haproxy_security_monkey_exposed_port: 15001
+    haproxy_security_monkey_ssl:
+      enabled: false
+  haproxy:
+    proxy:
+      listen:
+        security_monkey:
+          mode: http
+          options:
+          - httpchk GET /
+          balance: source
+          http_request:
+            - action: "add-header X-Forwarded-Proto https"
+              condition: "if { ssl_fc }"
+          sticks:
+          - http-check expect status 404
+          binds:
+            - address: ${_param:haproxy_security_monkey_bind_host}
+              port: ${_param:haproxy_security_monkey_bind_port}
+              ssl: ${_param:haproxy_security_monkey_ssl}
+          servers:
+            - name: ${_param:cluster_node01_name}
+              host: ${_param:cluster_node01_address}
+              port: ${_param:haproxy_security_monkey_exposed_port}
+              params: check
+            - name: ${_param:cluster_node02_name}
+              host: ${_param:cluster_node02_address}
+              port: ${_param:haproxy_security_monkey_exposed_port}
+              params: backup check
+            - name: ${_param:cluster_node03_name}
+              host: ${_param:cluster_node03_address}
+              port: ${_param:haproxy_security_monkey_exposed_port}
+              params: backup check
diff --git a/jenkins/client/job/docker/devops-portal.yml b/jenkins/client/job/docker/devops-portal.yml
new file mode 100644
index 0000000..50f72a4
--- /dev/null
+++ b/jenkins/client/job/docker/devops-portal.yml
@@ -0,0 +1,51 @@
+parameters:
+  jenkins:
+    client:
+      job:
+        docker-build-images-devops-portal:
+          name: docker-build-images-devops-portal
+          discard:
+            build:
+              keep_num: 25
+            artifact:
+              keep_num: 25
+          type: workflow-scm
+          concurrent: false
+          scm:
+            type: git
+            url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+            credentials: "gerrit"
+            script: docker-build-to-jfrog.groovy
+          trigger:
+            gerrit:
+              project:
+                "oss/devops-portal":
+                  branches:
+                    - master
+              event:
+                patchset:
+                  - created:
+                      excludeDrafts: false
+                      excludeNoCodeChange: false
+                comment:
+                  - addedContains:
+                      commentAddedCommentContains: 'rebuild'
+          param:
+            IMAGE_NAME:
+              type: string
+              default: "devops-portal"
+            IMAGE_TAGS:
+              type: string
+              default: "latest"
+            CREDENTIALS_ID:
+              type: string
+              default: "gerrit"
+            DOCKERFILE_PATH:
+              type: string
+              default: "docker/devops-portal"
+            DOCKER_REGISTRY:
+              type: string
+              default: "docker-dev-virtual.docker.mirantis.net"
+            PROJECT_NAMESPACE:
+              type: string
+              default: "oss"
diff --git a/postgresql/client/pushkin.yml b/postgresql/client/pushkin.yml
new file mode 100644
index 0000000..12b5906
--- /dev/null
+++ b/postgresql/client/pushkin.yml
@@ -0,0 +1,27 @@
+parameters:
+  _param:
+    pushkin_db_host: ${_param:haproxy_postgresql_bind_host}
+    pushkin_db_port: ${_param:haproxy_postgresql_bind_port}
+    pushkin_db_user: pushkin
+    pushkin_db_user_password: pushkin
+  postgresql:
+    client:
+      server:
+        server01:
+          admin:
+            host: ${_param:pushkin_db_host}
+            port: ${_param:pushkin_db_port}
+            user: ${_param:postgresql_admin_user}
+            password: ${_param:postgresql_admin_user_password}
+          database:
+            pushkin:
+              enabled: true
+              encoding: 'UTF8'
+              locale: 'en_US'
+              template: 'hstore_enabled'
+              users:
+              - name: ${_param:pushkin_db_user}
+                password: ${_param:pushkin_db_user_password}
+                host: ${_param:pushkin_db_host}
+                createdb: true
+                rights: all privileges
diff --git a/postgresql/client/security_monkey.yml b/postgresql/client/security_monkey.yml
new file mode 100644
index 0000000..65f1de2
--- /dev/null
+++ b/postgresql/client/security_monkey.yml
@@ -0,0 +1,26 @@
+parameters:
+  _param:
+    secmonkey_db_host: ${_param:haproxy_postgresql_bind_host}
+    secmonkey_db_port: ${_param:haproxy_postgresql_bind_port}
+    secmonkey_db_user: secmonkey
+    secmonkey_db_user_password: secmonkey
+  postgresql:
+    client:
+      server:
+        server01:
+          admin:
+            host: ${_param:secmonkey_db_host}
+            port: ${_param:secmonkey_db_port}
+            user: ${_param:postgresql_admin_user}
+            password: ${_param:postgresql_admin_user_password}
+          database:
+            secmonkey:
+              enabled: true
+              encoding: 'UTF8'
+              locale: 'en_US'
+              users:
+              - name: ${_param:secmonkey_db_user}
+                password: ${_param:secmonkey_db_user_password}
+                host: ${_param:secmonkey_db_host}
+                createdb: true
+                rights: all privileges