Merge "Add Redis dependency for aodh"
diff --git a/devops_portal/service/security_monkey.yml b/devops_portal/service/security_monkey.yml
new file mode 100644
index 0000000..3638e56
--- /dev/null
+++ b/devops_portal/service/security_monkey.yml
@@ -0,0 +1,10 @@
+parameters:
+ devops_portal:
+ config:
+ service:
+ securitymonkey:
+ configure_proxy: true
+ endpoint:
+ address: ${_param:haproxy_security_monkey_bind_host}
+ port: ${_param:haproxy_security_monkey_bind_port}
+ https: ${_param:haproxy_security_monkey_ssl:enabled}
diff --git a/docker/swarm/stack/elasticsearch.yml b/docker/swarm/stack/elasticsearch.yml
new file mode 100644
index 0000000..083388c
--- /dev/null
+++ b/docker/swarm/stack/elasticsearch.yml
@@ -0,0 +1,19 @@
+parameters:
+ _param:
+ elasticsearch_replicas: 1
+ docker_image_oss_elasticsearch: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/elasticsearch:latest
+ docker:
+ client:
+ stack:
+ elasticsearch:
+ service:
+ cluster:
+ image: ${_param:docker_image_oss_elasticsearch}
+ deploy:
+ replicas: ${_param:elasticsearch_replicas}
+ restart_policy:
+ condition: any
+ ports:
+ - ${_param:haproxy_elasticsearch_exposed_port}:${_param:haproxy_elasticsearch_bind_port}
+ volumes:
+ - /srv/volumes/elasticsearch:/usr/share/elasticsearch/data
diff --git a/docker/swarm/stack/postgresql.yml b/docker/swarm/stack/postgresql.yml
new file mode 100644
index 0000000..bdad6fb
--- /dev/null
+++ b/docker/swarm/stack/postgresql.yml
@@ -0,0 +1,24 @@
+parameters:
+ _param:
+ docker_postgresql_replicas: 1
+ docker_image_postgresql: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/postgresql:latest
+ postgresql_admin_user: postgres
+ postgresql_admin_user_password: postgrespassword
+ docker:
+ client:
+ stack:
+ postgresql:
+ environment:
+ POSTGRES_USER: ${_param:postgresql_admin_user}
+ POSTGRES_PASSWORD: ${_param:postgresql_admin_user_password}
+ service:
+ db:
+ image: ${_param:docker_image_postgresql}
+ deploy:
+ replicas: ${_param:docker_postgresql_replicas}
+ restart_policy:
+ condition: any
+ ports:
+ - ${_param:haproxy_postgresql_exposed_port}:${_param:haproxy_postgresql_bind_port}
+ volumes:
+ - /srv/volumes/postgresql/data:/var/lib/postgresql/data
diff --git a/docker/swarm/stack/pushkin.yml b/docker/swarm/stack/pushkin.yml
index b28b1e9..3232301 100644
--- a/docker/swarm/stack/pushkin.yml
+++ b/docker/swarm/stack/pushkin.yml
@@ -1,36 +1,20 @@
parameters:
_param:
- docker_pushkin_db_replicas: 1
- docker_image_pushkin_db: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/pushkindb:latest
- pushkin_db_password: pushkin
- pushkin_db_user: pushkin
- pushkin_db: pushkin
docker_pushkin_replicas: 1
docker_image_pushkin: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/pushkin:latest
- elasticsearch_replicas: 1
- docker_image_oss_elasticsearch: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/elasticsearch:latest
+ pushkin_db: pushkin
docker:
client:
stack:
pushkin:
environment:
POSTGRES_USER: ${_param:pushkin_db_user}
- POSTGRES_PASSWORD: ${_param:pushkin_db_password}
+ POSTGRES_PASSWORD: ${_param:pushkin_db_user_password}
POSTGRES_DB: ${_param:pushkin_db}
- PUSHKINDBHOST: ${_param:haproxy_pushkin_db_bind_host}
+ PUSHKINDBHOST: ${_param:pushkin_db_host}
PUSHKINELASTICHOST: ${_param:haproxy_elasticsearch_bind_host}
service:
- db:
- image: ${_param:docker_image_pushkin_db}
- deploy:
- replicas: ${_param:docker_pushkin_db_replicas}
- restart_policy:
- condition: any
- ports:
- - ${_param:haproxy_pushkin_db_exposed_port}:${_param:haproxy_pushkin_db_bind_port}
- volumes:
- - /srv/volumes/pushkin/data:/var/lib/postgresql/data
- backend:
+ api:
image: ${_param:docker_image_pushkin}
deploy:
replicas: ${_param:docker_pushkin_replicas}
@@ -39,14 +23,4 @@
ports:
- ${_param:haproxy_pushkin_exposed_port}:${_param:haproxy_pushkin_bind_port}
volumes:
- - /srv/volumes/pushkin/logs:/var/log/pushkin
- elasticsearch:
- image: ${_param:docker_image_oss_elasticsearch}
- deploy:
- replicas: ${_param:elasticsearch_replicas}
- restart_policy:
- condition: any
- ports:
- - ${_param:haproxy_elasticsearch_exposed_port}:${_param:haproxy_elasticsearch_bind_port}
- volumes:
- - /srv/volumes/elasticsearch:/usr/share/elasticsearch/data
+ - /srv/volumes/pushkin/api:/var/log/pushkin
\ No newline at end of file
diff --git a/docker/swarm/stack/security_monkey.yml b/docker/swarm/stack/security_monkey.yml
new file mode 100644
index 0000000..479b028
--- /dev/null
+++ b/docker/swarm/stack/security_monkey.yml
@@ -0,0 +1,35 @@
+parameters:
+ _param:
+ docker_security_monkey_api_replicas: 1
+ docker_security_monkey_scheduler_replicas: 1
+ docker_image_security_monkey_api: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/security-monkey-api:3842.6
+ docker_image_security_monkey_scheduler: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/security-monkey-scheduler:3842.6
+ security_monkey_db: secmonkey
+ docker:
+ client:
+ stack:
+ security_monkey:
+ environment:
+ SECURITY_MONKEY_POSTGRES_USER: ${_param:secmonkey_db_user}
+ SECURITY_MONKEY_POSTGRES_PASSWORD: ${_param:secmonkey_db_user_password}
+ SECURITY_MONKEY_POSTGRES_HOST: ${_param:secmonkey_db_host}
+ SECURITY_MONKEY_POSTGRES_PORT: ${_param:haproxy_postgresql_bind_port}
+ service:
+ api:
+ image: ${_param:docker_image_security_monkey_api}
+ deploy:
+ replicas: ${_param:docker_security_monkey_api_replicas}
+ restart_policy:
+ condition: any
+ ports:
+ - ${_param:haproxy_security_monkey_exposed_port}:${_param:haproxy_security_monkey_bind_port}
+ volumes:
+ - /srv/volumes/security_monkey:/var/log/security_monkey
+ scheduler:
+ image: ${_param:docker_image_security_monkey_scheduler}
+ deploy:
+ replicas: ${_param:docker_security_monkey_scheduler_replicas}
+ restart_policy:
+ condition: any
+ volumes:
+ - /srv/volumes/security_monkey:/var/log/security_monkey
\ No newline at end of file
diff --git a/glusterfs/client/volume/security_monkey.yml b/glusterfs/client/volume/security_monkey.yml
new file mode 100644
index 0000000..b008669
--- /dev/null
+++ b/glusterfs/client/volume/security_monkey.yml
@@ -0,0 +1,13 @@
+parameters:
+ _param:
+ security_monkey_glusterfs_service_host: ${_param:glusterfs_service_host}
+ glusterfs_node01_address: ${_param:cluster_node01_address}
+ glusterfs_node02_address: ${_param:cluster_node02_address}
+ glusterfs_node03_address: ${_param:cluster_node03_address}
+ glusterfs:
+ client:
+ volumes:
+ security_monkey:
+ path: /srv/volumes/security_monkey
+ server: ${_param:security_monkey_glusterfs_service_host}
+ opts: "defaults,backup-volfile-servers=${_param:glusterfs_node01_address}:${_param:glusterfs_node02_address}:${_param:glusterfs_node03_address}"
diff --git a/glusterfs/server/volume/security_monkey.yml b/glusterfs/server/volume/security_monkey.yml
new file mode 100644
index 0000000..478aec3
--- /dev/null
+++ b/glusterfs/server/volume/security_monkey.yml
@@ -0,0 +1,17 @@
+parameters:
+ glusterfs:
+ server:
+ volumes:
+ security_monkey:
+ storage: /srv/glusterfs/security_monkey
+ replica: 3
+ bricks:
+ - ${_param:cluster_node01_address}:/srv/glusterfs/security_monkey
+ - ${_param:cluster_node02_address}:/srv/glusterfs/security_monkey
+ - ${_param:cluster_node03_address}:/srv/glusterfs/security_monkey
+ options:
+ cluster.readdir-optimize: On
+ nfs.disable: On
+ network.remote-dio: On
+ diagnostics.client-log-level: WARNING
+ diagnostics.brick-log-level: WARNING
diff --git a/haproxy/proxy/listen/oss/postgresql.yml b/haproxy/proxy/listen/oss/postgresql.yml
new file mode 100644
index 0000000..1bc1f44
--- /dev/null
+++ b/haproxy/proxy/listen/oss/postgresql.yml
@@ -0,0 +1,32 @@
+parameters:
+ _param:
+ haproxy_postgresql_bind_host: ${_param:haproxy_bind_address}
+ haproxy_postgresql_bind_port: 5432
+ haproxy_postgresql_exposed_port: 15432
+ haproxy_postgresql_ssl:
+ enabled: false
+ haproxy:
+ proxy:
+ listen:
+ postgresql:
+ mode: tcp
+ balance: source
+ options:
+ - tcp-check
+ binds:
+ - address: ${_param:haproxy_postgresql_bind_host}
+ port: ${_param:haproxy_postgresql_bind_port}
+ ssl: ${_param:haproxy_postgresql_ssl}
+ servers:
+ - name: ${_param:cluster_node01_name}
+ host: ${_param:cluster_node01_address}
+ port: ${_param:haproxy_postgresql_exposed_port}
+ params: check port ${_param:haproxy_postgresql_exposed_port}
+ - name: ${_param:cluster_node02_name}
+ host: ${_param:cluster_node02_address}
+ port: ${_param:haproxy_postgresql_exposed_port}
+ params: backup check port ${_param:haproxy_postgresql_exposed_port}
+ - name: ${_param:cluster_node03_name}
+ host: ${_param:cluster_node03_address}
+ port: ${_param:haproxy_postgresql_exposed_port}
+ params: backup check port ${_param:haproxy_postgresql_exposed_port}
diff --git a/haproxy/proxy/listen/oss/pushkin_db.yml b/haproxy/proxy/listen/oss/pushkin_db.yml
deleted file mode 100644
index c67c591..0000000
--- a/haproxy/proxy/listen/oss/pushkin_db.yml
+++ /dev/null
@@ -1,32 +0,0 @@
-parameters:
- _param:
- haproxy_pushkin_db_bind_host: ${_param:haproxy_bind_address}
- haproxy_pushkin_db_bind_port: 5432
- haproxy_pushkin_db_exposed_port: 15432
- haproxy_pushkin_db_ssl:
- enabled: false
- haproxy:
- proxy:
- listen:
- pushkin_db:
- mode: tcp
- balance: source
- options:
- - tcp-check
- binds:
- - address: ${_param:haproxy_pushkin_db_bind_host}
- port: ${_param:haproxy_pushkin_db_bind_port}
- ssl: ${_param:haproxy_pushkin_db_ssl}
- servers:
- - name: ${_param:cluster_node01_name}
- host: ${_param:cluster_node01_address}
- port: ${_param:haproxy_pushkin_db_exposed_port}
- params: check port ${_param:haproxy_pushkin_db_exposed_port}
- - name: ${_param:cluster_node02_name}
- host: ${_param:cluster_node02_address}
- port: ${_param:haproxy_pushkin_db_exposed_port}
- params: backup check port ${_param:haproxy_pushkin_db_exposed_port}
- - name: ${_param:cluster_node03_name}
- host: ${_param:cluster_node03_address}
- port: ${_param:haproxy_pushkin_db_exposed_port}
- params: backup check port ${_param:haproxy_pushkin_db_exposed_port}
diff --git a/haproxy/proxy/listen/oss/security_monkey.yml b/haproxy/proxy/listen/oss/security_monkey.yml
new file mode 100644
index 0000000..5498699
--- /dev/null
+++ b/haproxy/proxy/listen/oss/security_monkey.yml
@@ -0,0 +1,37 @@
+parameters:
+ _param:
+ haproxy_security_monkey_bind_host: ${_param:haproxy_bind_address}
+ haproxy_security_monkey_bind_port: 5001
+ haproxy_security_monkey_exposed_port: 15001
+ haproxy_security_monkey_ssl:
+ enabled: false
+ haproxy:
+ proxy:
+ listen:
+ security_monkey:
+ mode: http
+ options:
+ - httpchk GET /
+ balance: source
+ http_request:
+ - action: "add-header X-Forwarded-Proto https"
+ condition: "if { ssl_fc }"
+ sticks:
+ - http-check expect status 404
+ binds:
+ - address: ${_param:haproxy_security_monkey_bind_host}
+ port: ${_param:haproxy_security_monkey_bind_port}
+ ssl: ${_param:haproxy_security_monkey_ssl}
+ servers:
+ - name: ${_param:cluster_node01_name}
+ host: ${_param:cluster_node01_address}
+ port: ${_param:haproxy_security_monkey_exposed_port}
+ params: check
+ - name: ${_param:cluster_node02_name}
+ host: ${_param:cluster_node02_address}
+ port: ${_param:haproxy_security_monkey_exposed_port}
+ params: backup check
+ - name: ${_param:cluster_node03_name}
+ host: ${_param:cluster_node03_address}
+ port: ${_param:haproxy_security_monkey_exposed_port}
+ params: backup check
diff --git a/jenkins/client/job/docker/devops-portal.yml b/jenkins/client/job/docker/devops-portal.yml
new file mode 100644
index 0000000..50f72a4
--- /dev/null
+++ b/jenkins/client/job/docker/devops-portal.yml
@@ -0,0 +1,51 @@
+parameters:
+ jenkins:
+ client:
+ job:
+ docker-build-images-devops-portal:
+ name: docker-build-images-devops-portal
+ discard:
+ build:
+ keep_num: 25
+ artifact:
+ keep_num: 25
+ type: workflow-scm
+ concurrent: false
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+ credentials: "gerrit"
+ script: docker-build-to-jfrog.groovy
+ trigger:
+ gerrit:
+ project:
+ "oss/devops-portal":
+ branches:
+ - master
+ event:
+ patchset:
+ - created:
+ excludeDrafts: false
+ excludeNoCodeChange: false
+ comment:
+ - addedContains:
+ commentAddedCommentContains: 'rebuild'
+ param:
+ IMAGE_NAME:
+ type: string
+ default: "devops-portal"
+ IMAGE_TAGS:
+ type: string
+ default: "latest"
+ CREDENTIALS_ID:
+ type: string
+ default: "gerrit"
+ DOCKERFILE_PATH:
+ type: string
+ default: "docker/devops-portal"
+ DOCKER_REGISTRY:
+ type: string
+ default: "docker-dev-virtual.docker.mirantis.net"
+ PROJECT_NAMESPACE:
+ type: string
+ default: "oss"
diff --git a/postgresql/client/pushkin.yml b/postgresql/client/pushkin.yml
new file mode 100644
index 0000000..12b5906
--- /dev/null
+++ b/postgresql/client/pushkin.yml
@@ -0,0 +1,27 @@
+parameters:
+ _param:
+ pushkin_db_host: ${_param:haproxy_postgresql_bind_host}
+ pushkin_db_port: ${_param:haproxy_postgresql_bind_port}
+ pushkin_db_user: pushkin
+ pushkin_db_user_password: pushkin
+ postgresql:
+ client:
+ server:
+ server01:
+ admin:
+ host: ${_param:pushkin_db_host}
+ port: ${_param:pushkin_db_port}
+ user: ${_param:postgresql_admin_user}
+ password: ${_param:postgresql_admin_user_password}
+ database:
+ pushkin:
+ enabled: true
+ encoding: 'UTF8'
+ locale: 'en_US'
+ template: 'hstore_enabled'
+ users:
+ - name: ${_param:pushkin_db_user}
+ password: ${_param:pushkin_db_user_password}
+ host: ${_param:pushkin_db_host}
+ createdb: true
+ rights: all privileges
diff --git a/postgresql/client/security_monkey.yml b/postgresql/client/security_monkey.yml
new file mode 100644
index 0000000..65f1de2
--- /dev/null
+++ b/postgresql/client/security_monkey.yml
@@ -0,0 +1,26 @@
+parameters:
+ _param:
+ secmonkey_db_host: ${_param:haproxy_postgresql_bind_host}
+ secmonkey_db_port: ${_param:haproxy_postgresql_bind_port}
+ secmonkey_db_user: secmonkey
+ secmonkey_db_user_password: secmonkey
+ postgresql:
+ client:
+ server:
+ server01:
+ admin:
+ host: ${_param:secmonkey_db_host}
+ port: ${_param:secmonkey_db_port}
+ user: ${_param:postgresql_admin_user}
+ password: ${_param:postgresql_admin_user_password}
+ database:
+ secmonkey:
+ enabled: true
+ encoding: 'UTF8'
+ locale: 'en_US'
+ users:
+ - name: ${_param:secmonkey_db_user}
+ password: ${_param:secmonkey_db_user_password}
+ host: ${_param:secmonkey_db_host}
+ createdb: true
+ rights: all privileges