Merge remote-tracking branch 'target/master'
diff --git a/haproxy/proxy/listen/cicd/aptly.yml b/haproxy/proxy/listen/cicd/aptly.yml
index 64115ff..fb24c1f 100644
--- a/haproxy/proxy/listen/cicd/aptly.yml
+++ b/haproxy/proxy/listen/cicd/aptly.yml
@@ -1,6 +1,8 @@
parameters:
_param:
+ haproxy_aptly_api_bind_host: ${_param:haproxy_bind_address}
haproxy_aptly_api_bind_port: 8084
+ haproxy_aptly_public_bind_host: ${_param:haproxy_bind_address}
haproxy_aptly_public_bind_port: 8085
haproxy:
proxy:
@@ -13,7 +15,7 @@
- httplog
balance: source
binds:
- - address: ${_param:haproxy_bind_address}
+ - address: ${_param:haproxy_aptly_api_bind_host}
port: ${_param:haproxy_aptly_api_bind_port}
servers:
- name: ${_param:cluster_node01_name}
@@ -36,7 +38,7 @@
- httplog
balance: source
binds:
- - address: ${_param:haproxy_bind_address}
+ - address: ${_param:haproxy_aptly_public_bind_host}
port: ${_param:haproxy_aptly_public_bind_port}
servers:
- name: ${_param:cluster_node01_name}
diff --git a/haproxy/proxy/listen/cicd/gerrit.yml b/haproxy/proxy/listen/cicd/gerrit.yml
index a9f0a3c..51d494b 100644
--- a/haproxy/proxy/listen/cicd/gerrit.yml
+++ b/haproxy/proxy/listen/cicd/gerrit.yml
@@ -1,7 +1,11 @@
parameters:
_param:
+ haproxy_gerrit_bind_host: ${_param:haproxy_bind_address}
haproxy_gerrit_bind_port: 8080
+ haproxy_gerrit_ssh_bind_host: ${_param:haproxy_gerrit_bind_host}
haproxy_gerrit_ssh_bind_port: 29418
+ haproxy_gerrit_ssl:
+ enabled: false
haproxy:
proxy:
listen:
@@ -13,9 +17,13 @@
- httpclose
- httplog
balance: source
+ http_request:
+ - action: "add-header X-Forwarded-Proto https"
+ condition: "if { ssl_fc }"
binds:
- - address: ${_param:haproxy_bind_address}
+ - address: ${_param:haproxy_gerrit_bind_host}
port: ${_param:haproxy_gerrit_bind_port}
+ ssl: ${_param:haproxy_gerrit_ssl}
servers:
- name: ${_param:cluster_node01_name}
host: ${_param:cluster_node01_address}
@@ -33,7 +41,7 @@
mode: tcp
balance: source
binds:
- - address: ${_param:haproxy_bind_address}
+ - address: ${_param:haproxy_gerrit_ssh_bind_host}
port: ${_param:haproxy_gerrit_ssh_bind_port}
servers:
- name: ${_param:cluster_node01_name}
diff --git a/haproxy/proxy/listen/cicd/jenkins.yml b/haproxy/proxy/listen/cicd/jenkins.yml
index e91d9f2..eda12f8 100644
--- a/haproxy/proxy/listen/cicd/jenkins.yml
+++ b/haproxy/proxy/listen/cicd/jenkins.yml
@@ -1,7 +1,11 @@
parameters:
_param:
+ haproxy_jenkins_bind_host: ${_param:haproxy_bind_address}
haproxy_jenkins_bind_port: 8081
+ haproxy_jenkins_jnlp_bind_host: ${_param:haproxy_jenkins_bind_host}
haproxy_jenkins_jnlp_bind_port: 50000
+ haproxy_jenkins_ssl:
+ enabled: false
haproxy:
proxy:
listen:
@@ -13,11 +17,15 @@
- httpclose
- httplog
balance: source
+ http_request:
+ - action: "add-header X-Forwarded-Proto https"
+ condition: "if { ssl_fc }"
http_response:
- action: "del-header X-Frame-Options"
binds:
- - address: ${_param:haproxy_bind_address}
+ - address: ${_param:haproxy_jenkins_bind_host}
port: ${_param:haproxy_jenkins_bind_port}
+ ssl: ${_param:haproxy_jenkins_ssl}
servers:
- name: ${_param:cluster_node01_name}
host: ${_param:cluster_node01_address}
@@ -35,7 +43,7 @@
mode: tcp
balance: source
binds:
- - address: ${_param:haproxy_bind_address}
+ - address: ${_param:haproxy_jenkins_jnlp_bind_host}
port: ${_param:haproxy_jenkins_jnlp_bind_port}
servers:
- name: ${_param:cluster_node01_name}
diff --git a/haproxy/proxy/listen/docker/registry.yml b/haproxy/proxy/listen/docker/registry.yml
index 2a86aa4..8d45e97 100644
--- a/haproxy/proxy/listen/docker/registry.yml
+++ b/haproxy/proxy/listen/docker/registry.yml
@@ -1,6 +1,9 @@
parameters:
_param:
+ haproxy_docker_registry_listen_host: ${_param:haproxy_bind_address}
haproxy_docker_registry_listen_port: 5000
+ haproxy_docker_registry_ssl:
+ enabled: false
haproxy:
proxy:
listen:
@@ -15,9 +18,9 @@
- action: "add-header X-Forwarded-Proto https"
condition: "if { ssl_fc }"
binds:
- - address: ${_param:haproxy_bind_address}
+ - address: ${_param:haproxy_docker_registry_listen_host}
port: ${_param:haproxy_docker_registry_listen_port}
- ssl: ${_param:cluster_ssl_certificate}
+ ssl: ${_param:haproxy_docker_registry_ssl}
servers:
- name: ${_param:cluster_node01_name}
host: ${_param:cluster_node01_address}
diff --git a/jenkins/client/credential/gerrit.yml b/jenkins/client/credential/gerrit.yml
index 3b7eb0c..b42f5af 100644
--- a/jenkins/client/credential/gerrit.yml
+++ b/jenkins/client/credential/gerrit.yml
@@ -1,7 +1,9 @@
parameters:
+ _param:
+ gerrit_admin_user: admin
jenkins:
client:
credential:
gerrit:
- username: admin
+ username: ${_param:gerrit_admin_user}
key: ${_param:gerrit_admin_private_key}
diff --git a/jenkins/client/init.yml b/jenkins/client/init.yml
index 36da8b6..02589e0 100644
--- a/jenkins/client/init.yml
+++ b/jenkins/client/init.yml
@@ -2,11 +2,15 @@
- service.jenkins.support
- service.jenkins.client
parameters:
+ _param:
+ jenkins_client_user: none
+ jenkins_client_password: none
+ jenkins_master_host: ${_param:control_vip_address}
+ jenkins_master_port: 8081
jenkins:
client:
master:
- host: ${_param:cluster_vip_address}
- port: 8081
- # When Jenkins auth is enabled
- #user: admin
- #password: dummy
+ host: ${_param:jenkins_master_host}
+ port: ${_param:jenkins_master_port}
+ user: ${_param:jenkins_client_user}
+ password: ${_param:jenkins_client_password}
diff --git a/jenkins/master/config.yml b/jenkins/master/config.yml
index eb7e112..3c9268b 100644
--- a/jenkins/master/config.yml
+++ b/jenkins/master/config.yml
@@ -40,6 +40,9 @@
- method java.net.URLConnection setRequestProperty java.lang.String java.lang.String
- method java.util.LinkedHashMap$LinkedHashIterator hasNext
- method java.util.Map size
+ - method java.util.regex.MatchResult group int
+ - method java.util.regex.Matcher matches
+ - method java.util.regex.Pattern matcher java.lang.CharSequence
- method org.jenkinsci.plugins.workflow.job.WorkflowRun doStop
- method org.jenkinsci.plugins.workflow.support.steps.build.RunWrapper build
- new groovy.json.JsonBuilder java.lang.Object
@@ -69,3 +72,18 @@
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods plus java.util.List java.util.Collection
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods putAt java.lang.Object java.lang.String java.lang.Object
- staticMethod org.codehaus.groovy.runtime.EncodingGroovyMethods encodeBase64 byte[]
+ - staticMethod org.codehaus.groovy.runtime.ScriptBytecodeAdapter bitwiseNegate java.lang.Object
+ - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods println java.lang.Object java.lang.Object
+ - method hudson.PluginWrapper getShortName
+ - method hudson.PluginManager getPlugins
+ - method jenkins.model.Jenkins getPluginManager
+ - method hudson.model.ItemGroup getItem java.lang.String
+ - method hudson.model.Job getLastBuild
+ - method hudson.model.Run getResult
+ - method hudson.model.Job getBuilds
+ - staticMethod java.lang.String format java.lang.String java.lang.Object[]
+ - staticMethod java.util.regex.Pattern quote java.lang.String
+ - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods findAll java.util.List groovy.lang.Closure
+ - method java.util.Collection remove java.lang.Object
+ - staticMethod java.lang.System exit int
+
diff --git a/jenkins/slave.yml b/jenkins/slave.yml
deleted file mode 100644
index 42f3ca0..0000000
--- a/jenkins/slave.yml
+++ /dev/null
@@ -1,35 +0,0 @@
-applications:
- - jenkins
-classes:
- - service.java.environment
- - system.docker.host
-parameters:
- _param:
- java_environment_version: "8"
- java_environment_platform: openjdk
- java:
- environment:
- headless: true
- jenkins:
- slave:
- enabled: true
- pkgs: false
- sudo: false
- scripts: []
- master:
- host: ${_param:control_vip_address}
- port: 8081
- protocol: http
-# user:
-# name: admin
-# password: ${_param:jenkins_admin_password}
- linux:
- system:
- user:
- jenkins:
- enabled: true
- name: jenkins
- home: /var/lib/jenkins
- sudo: false
- groups:
- - docker
diff --git a/jenkins/slave/docker.yml b/jenkins/slave/docker.yml
new file mode 100644
index 0000000..b134225
--- /dev/null
+++ b/jenkins/slave/docker.yml
@@ -0,0 +1,9 @@
+classes:
+ - system.jenkins.slave
+parameters:
+ linux:
+ system:
+ user:
+ jenkins:
+ groups:
+ - docker
diff --git a/jenkins/slave/init.yml b/jenkins/slave/init.yml
new file mode 100644
index 0000000..c445c14
--- /dev/null
+++ b/jenkins/slave/init.yml
@@ -0,0 +1,37 @@
+applications:
+ - jenkins
+classes:
+ - service.java.environment
+parameters:
+ _param:
+ java_environment_version: "8"
+ java_environment_platform: openjdk
+ jenkins_slave_user: none
+ jenkins_slave_password: none
+ jenkins_master_host: ${_param:control_vip_address}
+ jenkins_master_port: 8081
+ jenkins_master_protocol: http
+ java:
+ environment:
+ headless: true
+ jenkins:
+ slave:
+ enabled: true
+ pkgs: false
+ sudo: false
+ scripts: []
+ master:
+ host: ${_param:jenkins_master_host}
+ port: ${_param:jenkins_master_port}
+ protocol: ${_param:jenkins_master_protocol}
+ user:
+ name: ${_param:jenkins_slave_user}
+ password: ${_param:jenkins_slave_password}
+ linux:
+ system:
+ user:
+ jenkins:
+ enabled: true
+ name: jenkins
+ home: /var/lib/jenkins
+ sudo: false
diff --git a/jenkins/slave/libvirt.yml b/jenkins/slave/libvirt.yml
new file mode 100644
index 0000000..e40b841
--- /dev/null
+++ b/jenkins/slave/libvirt.yml
@@ -0,0 +1,25 @@
+classes:
+ - system.jenkins.slave
+ - service.iptables.server
+parameters:
+ linux:
+ system:
+ user:
+ jenkins:
+ groups:
+ - kvm
+ - libvirtd
+ package:
+ qemu:
+ version: latest
+ libvirt-bin:
+ version: latest
+ # Ensure FORWARD chain to be ACCEPT to avoid issue when running with docker
+ # 1.13 and newer that sets chain to DROP, see:
+ # https://github.com/docker/docker/pull/28257
+ iptables:
+ service:
+ enabled: true
+ chain:
+ FORWARD:
+ policy: ACCEPT
diff --git a/linux/system/haveged.yml b/linux/system/haveged.yml
new file mode 100644
index 0000000..5c0be15
--- /dev/null
+++ b/linux/system/haveged.yml
@@ -0,0 +1,5 @@
+parameters:
+ linux:
+ system:
+ haveged:
+ enabled: true
diff --git a/linux/system/motd/dynamic.yml b/linux/system/motd/dynamic.yml
new file mode 100644
index 0000000..9589e8e
--- /dev/null
+++ b/linux/system/motd/dynamic.yml
@@ -0,0 +1,19 @@
+parameters:
+ linux:
+ system:
+ motd:
+ - warning: |
+ #!/bin/sh
+ printf "WARNING: This is private network.\n"
+ printf " Unauthorized access is strictly prohibited.\n"
+ printf "\n"
+ - info: |
+ #!/bin/sh
+ printf -- "------------------------------------------------------\n"
+ printf " Hostname | $(hostname)\n"
+ printf " Domain | $(hostname -d)\n"
+ printf " System | %s\n" "$(lsb_release -s -d)"
+ printf " Kernel | %s\n" "$(uname -r)"
+ printf " Uptime | %s\n" "$(uptime -p)"
+ printf " Load Average | %s\n" "$(cat /proc/loadavg | awk '{print $1", "$2", "$3}')"
+ printf -- "------------------------------------------------------\n"
diff --git a/linux/system/motd/static.yml b/linux/system/motd/static.yml
new file mode 100644
index 0000000..774abc6
--- /dev/null
+++ b/linux/system/motd/static.yml
@@ -0,0 +1,12 @@
+parameters:
+ linux:
+ system:
+ motd: |
+ WARNING: This is private network
+ Unauthorized access is strictly prohibited
+
+ ------------------------------------------------------
+ Hostname | ${linux:system:name}
+ Domain | ${linux:system:domain}
+ ------------------------------------------------------
+
diff --git a/linux/system/prompt/init.yml b/linux/system/prompt/init.yml
new file mode 100644
index 0000000..2f0120d
--- /dev/null
+++ b/linux/system/prompt/init.yml
@@ -0,0 +1,7 @@
+parameters:
+ linux:
+ system:
+ prompt:
+ default: \\n\\[\\033[0;37m\\]\\D{%y/%m/%d %H:%M:%S} ${linux:system:name}.${linux:system:domain}\\[\\e[0m\\]\\n\\[\\e[1;39m\\][\\u@\\h:\\w]\\[\\e[0m\\]
+ bash:
+ preserve_history: true
diff --git a/linux/system/prompt/production.yml b/linux/system/prompt/production.yml
new file mode 100644
index 0000000..f878460
--- /dev/null
+++ b/linux/system/prompt/production.yml
@@ -0,0 +1,7 @@
+classes:
+ - system.linux.system.prompt
+parameters:
+ linux:
+ system:
+ prompt:
+ default: \\n\\[\\033[0;37m\\]\\D{%y/%m/%d %H:%M:%S} ${linux:system:name}.${linux:system:domain}\\[\\e[0m\\]\\n\\[\\e[1;31m\\][\\u@\\h:\\w]\\[\\e[0m\\]