Merge "Add Prometheus datasource for Grafana"
diff --git a/aodh/server/coordination/redis.yml b/aodh/server/coordination/redis.yml
new file mode 100644
index 0000000..e013e0f
--- /dev/null
+++ b/aodh/server/coordination/redis.yml
@@ -0,0 +1,7 @@
+classes:
+- service.redis.server.single
+parameters:
+ aodh:
+ server:
+ coordination_backend:
+ url: redis://${_param:single_address}:6379/${_param:cluster_node01_address}
diff --git a/ceilometer/server/coordination/redis.yml b/ceilometer/server/coordination/redis.yml
new file mode 100644
index 0000000..e013e0f
--- /dev/null
+++ b/ceilometer/server/coordination/redis.yml
@@ -0,0 +1,7 @@
+classes:
+- service.redis.server.single
+parameters:
+ aodh:
+ server:
+ coordination_backend:
+ url: redis://${_param:single_address}:6379/${_param:cluster_node01_address}
diff --git a/devops_portal/service/security_monkey.yml b/devops_portal/service/security_monkey.yml
new file mode 100644
index 0000000..3638e56
--- /dev/null
+++ b/devops_portal/service/security_monkey.yml
@@ -0,0 +1,10 @@
+parameters:
+ devops_portal:
+ config:
+ service:
+ securitymonkey:
+ configure_proxy: true
+ endpoint:
+ address: ${_param:haproxy_security_monkey_bind_host}
+ port: ${_param:haproxy_security_monkey_bind_port}
+ https: ${_param:haproxy_security_monkey_ssl:enabled}
diff --git a/docker/swarm/stack/security_monkey.yml b/docker/swarm/stack/security_monkey.yml
new file mode 100644
index 0000000..479b028
--- /dev/null
+++ b/docker/swarm/stack/security_monkey.yml
@@ -0,0 +1,35 @@
+parameters:
+ _param:
+ docker_security_monkey_api_replicas: 1
+ docker_security_monkey_scheduler_replicas: 1
+ docker_image_security_monkey_api: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/security-monkey-api:3842.6
+ docker_image_security_monkey_scheduler: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/security-monkey-scheduler:3842.6
+ security_monkey_db: secmonkey
+ docker:
+ client:
+ stack:
+ security_monkey:
+ environment:
+ SECURITY_MONKEY_POSTGRES_USER: ${_param:secmonkey_db_user}
+ SECURITY_MONKEY_POSTGRES_PASSWORD: ${_param:secmonkey_db_user_password}
+ SECURITY_MONKEY_POSTGRES_HOST: ${_param:secmonkey_db_host}
+ SECURITY_MONKEY_POSTGRES_PORT: ${_param:haproxy_postgresql_bind_port}
+ service:
+ api:
+ image: ${_param:docker_image_security_monkey_api}
+ deploy:
+ replicas: ${_param:docker_security_monkey_api_replicas}
+ restart_policy:
+ condition: any
+ ports:
+ - ${_param:haproxy_security_monkey_exposed_port}:${_param:haproxy_security_monkey_bind_port}
+ volumes:
+ - /srv/volumes/security_monkey:/var/log/security_monkey
+ scheduler:
+ image: ${_param:docker_image_security_monkey_scheduler}
+ deploy:
+ replicas: ${_param:docker_security_monkey_scheduler_replicas}
+ restart_policy:
+ condition: any
+ volumes:
+ - /srv/volumes/security_monkey:/var/log/security_monkey
\ No newline at end of file
diff --git a/glusterfs/client/volume/security_monkey.yml b/glusterfs/client/volume/security_monkey.yml
new file mode 100644
index 0000000..b008669
--- /dev/null
+++ b/glusterfs/client/volume/security_monkey.yml
@@ -0,0 +1,13 @@
+parameters:
+ _param:
+ security_monkey_glusterfs_service_host: ${_param:glusterfs_service_host}
+ glusterfs_node01_address: ${_param:cluster_node01_address}
+ glusterfs_node02_address: ${_param:cluster_node02_address}
+ glusterfs_node03_address: ${_param:cluster_node03_address}
+ glusterfs:
+ client:
+ volumes:
+ security_monkey:
+ path: /srv/volumes/security_monkey
+ server: ${_param:security_monkey_glusterfs_service_host}
+ opts: "defaults,backup-volfile-servers=${_param:glusterfs_node01_address}:${_param:glusterfs_node02_address}:${_param:glusterfs_node03_address}"
diff --git a/glusterfs/server/volume/security_monkey.yml b/glusterfs/server/volume/security_monkey.yml
new file mode 100644
index 0000000..478aec3
--- /dev/null
+++ b/glusterfs/server/volume/security_monkey.yml
@@ -0,0 +1,17 @@
+parameters:
+ glusterfs:
+ server:
+ volumes:
+ security_monkey:
+ storage: /srv/glusterfs/security_monkey
+ replica: 3
+ bricks:
+ - ${_param:cluster_node01_address}:/srv/glusterfs/security_monkey
+ - ${_param:cluster_node02_address}:/srv/glusterfs/security_monkey
+ - ${_param:cluster_node03_address}:/srv/glusterfs/security_monkey
+ options:
+ cluster.readdir-optimize: On
+ nfs.disable: On
+ network.remote-dio: On
+ diagnostics.client-log-level: WARNING
+ diagnostics.brick-log-level: WARNING
diff --git a/haproxy/proxy/listen/oss/security_monkey.yml b/haproxy/proxy/listen/oss/security_monkey.yml
new file mode 100644
index 0000000..5498699
--- /dev/null
+++ b/haproxy/proxy/listen/oss/security_monkey.yml
@@ -0,0 +1,37 @@
+parameters:
+ _param:
+ haproxy_security_monkey_bind_host: ${_param:haproxy_bind_address}
+ haproxy_security_monkey_bind_port: 5001
+ haproxy_security_monkey_exposed_port: 15001
+ haproxy_security_monkey_ssl:
+ enabled: false
+ haproxy:
+ proxy:
+ listen:
+ security_monkey:
+ mode: http
+ options:
+ - httpchk GET /
+ balance: source
+ http_request:
+ - action: "add-header X-Forwarded-Proto https"
+ condition: "if { ssl_fc }"
+ sticks:
+ - http-check expect status 404
+ binds:
+ - address: ${_param:haproxy_security_monkey_bind_host}
+ port: ${_param:haproxy_security_monkey_bind_port}
+ ssl: ${_param:haproxy_security_monkey_ssl}
+ servers:
+ - name: ${_param:cluster_node01_name}
+ host: ${_param:cluster_node01_address}
+ port: ${_param:haproxy_security_monkey_exposed_port}
+ params: check
+ - name: ${_param:cluster_node02_name}
+ host: ${_param:cluster_node02_address}
+ port: ${_param:haproxy_security_monkey_exposed_port}
+ params: backup check
+ - name: ${_param:cluster_node03_name}
+ host: ${_param:cluster_node03_address}
+ port: ${_param:haproxy_security_monkey_exposed_port}
+ params: backup check
diff --git a/jenkins/client/job/debian/packages/heat/resources.yml b/jenkins/client/job/debian/packages/heat/resources.yml
new file mode 100644
index 0000000..c7fb4d0
--- /dev/null
+++ b/jenkins/client/job/debian/packages/heat/resources.yml
@@ -0,0 +1,83 @@
+parameters:
+ jenkins:
+ client:
+ job_template:
+ build-debian-heat-resources:
+ name: build-debian-{{name}}-{{os}}-{{dist}}
+ jobs:
+ # Trusty
+ - name: heat-resource-salt
+ os: ubuntu
+ dist: trusty
+ branch: master
+ # Xenial
+ - name: heat-resource-salt
+ os: ubuntu
+ dist: xenial
+ branch: master
+ template:
+ discard:
+ build:
+ keep_num: 10
+ artifact:
+ keep_num: 10
+ type: workflow-scm
+ concurrent: false
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+ credentials: "gerrit"
+ script: build-debian-packages-pipeline.groovy
+ trigger:
+ gerrit:
+ project:
+ salt-formulas/{{name}}:
+ branches:
+ - "{{branch}}"
+ message:
+ build_successful: "Build successful"
+ build_unstable: "Build unstable"
+ build_failure: "Build failed"
+ event:
+ ref:
+ - updated
+ param:
+ SOURCE_URL:
+ type: string
+ default: "git@github.com:salt-formulas/heat-resource-salt.git"
+ SOURCE_BRANCH:
+ type: string
+ default: "{{branch}}"
+ SOURCE_CREDENTIALS:
+ type: string
+ default: ""
+ DEBIAN_SNAPSHOT:
+ type: boolean
+ default: 'true'
+ REVISION_POSTFIX:
+ type: string
+ default: '~{{dist}}1'
+ EXTRA_REPO_URL:
+ type: string
+ default: "deb ${_param:jenkins_aptly_url}/{{dist}}/ testing extra"
+ EXTRA_REPO_KEY_URL:
+ type: string
+ default: "${_param:jenkins_aptly_url}/public.gpg"
+ APTLY_URL:
+ type: string
+ default: "${_param:jenkins_aptly_api_url}"
+ APTLY_REPO:
+ type: string
+ default: "{{os}}-{{dist}}"
+ OS:
+ type: string
+ default: "{{os}}"
+ DIST:
+ type: string
+ default: "{{dist}}"
+ ARCH:
+ type: string
+ default: "amd64"
+ UPLOAD_APTLY:
+ type: boolean
+ default: 'true'
\ No newline at end of file
diff --git a/jenkins/client/job/debian/packages/init.yml b/jenkins/client/job/debian/packages/init.yml
index cb4c245..2fff22c 100644
--- a/jenkins/client/job/debian/packages/init.yml
+++ b/jenkins/client/job/debian/packages/init.yml
@@ -3,6 +3,7 @@
- system.jenkins.client.job.debian.packages.salt
- system.jenkins.client.job.debian.packages.salt-multi
- system.jenkins.client.job.debian.packages.horizon
+ - system.jenkins.client.job.debian.packages.heat.resources
parameters:
jenkins:
client:
diff --git a/kubernetes/master/cluster.yml b/kubernetes/master/cluster.yml
index 0539331..ab283d0 100644
--- a/kubernetes/master/cluster.yml
+++ b/kubernetes/master/cluster.yml
@@ -9,4 +9,6 @@
container: false
network:
engine: calico
- private_ip_range: ${_param:calico_private_network}/${_param:calico_private_netmask}
\ No newline at end of file
+ private_ip_range: ${_param:calico_private_network}/${_param:calico_private_netmask}
+ prometheus:
+ enabled: true
diff --git a/kubernetes/pool/cluster.yml b/kubernetes/pool/cluster.yml
index b38cf07..8295d97 100644
--- a/kubernetes/pool/cluster.yml
+++ b/kubernetes/pool/cluster.yml
@@ -6,4 +6,6 @@
pool:
container: false
network:
- engine: calico
\ No newline at end of file
+ engine: calico
+ prometheus:
+ enabled: true
diff --git a/nova/control/cluster.yml b/nova/control/cluster.yml
index 1bcc8b9..d47c5e1 100644
--- a/nova/control/cluster.yml
+++ b/nova/control/cluster.yml
@@ -10,6 +10,7 @@
nova_cpu_allocation_ratio: 16.0
nova_ram_allocation_ratio: 1.5
nova_disk_allocation_ratio: 1.0
+ metadata_password: metadataPass
nova:
controller:
enabled: true
diff --git a/postgresql/client/security_monkey.yml b/postgresql/client/security_monkey.yml
new file mode 100644
index 0000000..65f1de2
--- /dev/null
+++ b/postgresql/client/security_monkey.yml
@@ -0,0 +1,26 @@
+parameters:
+ _param:
+ secmonkey_db_host: ${_param:haproxy_postgresql_bind_host}
+ secmonkey_db_port: ${_param:haproxy_postgresql_bind_port}
+ secmonkey_db_user: secmonkey
+ secmonkey_db_user_password: secmonkey
+ postgresql:
+ client:
+ server:
+ server01:
+ admin:
+ host: ${_param:secmonkey_db_host}
+ port: ${_param:secmonkey_db_port}
+ user: ${_param:postgresql_admin_user}
+ password: ${_param:postgresql_admin_user_password}
+ database:
+ secmonkey:
+ enabled: true
+ encoding: 'UTF8'
+ locale: 'en_US'
+ users:
+ - name: ${_param:secmonkey_db_user}
+ password: ${_param:secmonkey_db_user_password}
+ host: ${_param:secmonkey_db_host}
+ createdb: true
+ rights: all privileges
diff --git a/salt/minion/cert/ceph/pki.yml b/salt/minion/cert/ceph/pki.yml
index 259fc38..37e4fc5 100644
--- a/salt/minion/cert/ceph/pki.yml
+++ b/salt/minion/cert/ceph/pki.yml
@@ -3,6 +3,6 @@
minion:
cert:
ceph:
- key_file: /srv/salt/pki/${_param:cluster_name}/ceph.${_param:cluster_public_host}.key
- cert_file: /srv/salt/pki/${_param:cluster_name}/ceph.${_param:cluster_public_host}.crt
- all_file: /srv/salt/pki/${_param:cluster_name}/ceph-with-key.${_param:cluster_public_host}.pem
+ key_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:ceph:common_name}.key
+ cert_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:ceph:common_name}.crt
+ all_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:ceph:common_name}-chain-with-key.pem
diff --git a/salt/minion/cert/proxy/pki.yml b/salt/minion/cert/proxy/pki.yml
index 9a93bbf..731aea6 100644
--- a/salt/minion/cert/proxy/pki.yml
+++ b/salt/minion/cert/proxy/pki.yml
@@ -3,6 +3,6 @@
minion:
cert:
proxy:
- key_file: /srv/salt/pki/${_param:cluster_name}/proxy.${_param:cluster_public_host}.key
- cert_file: /srv/salt/pki/${_param:cluster_name}/proxy.${_param:cluster_public_host}.crt
- all_file: /srv/salt/pki/${_param:cluster_name}/proxy-with-key.${_param:cluster_public_host}.pem
+ key_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:proxy:common_name}.key
+ cert_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:proxy:common_name}.crt
+ all_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:proxy:common_name}-chain-with-key.pem
diff --git a/salt/minion/cert/swift/pki.yml b/salt/minion/cert/swift/pki.yml
index dd24060..3195e48 100644
--- a/salt/minion/cert/swift/pki.yml
+++ b/salt/minion/cert/swift/pki.yml
@@ -3,6 +3,6 @@
minion:
cert:
swift:
- key_file: /srv/salt/pki/${_param:cluster_name}/swift.${_param:cluster_public_host}.key
- cert_file: /srv/salt/pki/${_param:cluster_name}/swift.${_param:cluster_public_host}.crt
- all_file: /srv/salt/pki/${_param:cluster_name}/swift-with-key.${_param:cluster_public_host}.pem
+ key_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:swift:common_name}.key
+ cert_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:swift:common_name}.crt
+ all_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:swift:common_name}-chain-with-key.pem
diff --git a/salt/minion/cert/wildcard/init.yml b/salt/minion/cert/wildcard/init.yml
index 3bc2d52..2974895 100644
--- a/salt/minion/cert/wildcard/init.yml
+++ b/salt/minion/cert/wildcard/init.yml
@@ -11,6 +11,6 @@
authority: ${_param:salt_minion_ca_authority}
common_name: wildcard
alternative_names: IP:127.0.0.1,${_param:salt_pki_wildcard_alt_names}
- key_file: /srv/salt/pki/${_param:cluster_name}/wildcard.${_param:cluster_public_host}.key
- cert_file: /srv/salt/pki/${_param:cluster_name}/wildcard.${_param:cluster_public_host}.crt
- all_file: /srv/salt/pki/${_param:cluster_name}/wildcard-with-key.${_param:cluster_public_host}.pem
+ key_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:wildcard:common_name}.key
+ cert_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:wildcard:common_name}.crt
+ all_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:wildcard:common_name}-chain-with-key.pem