| |
| classes: |
| - system.linux.system.haveged |
| - system.glusterfs.client.cluster |
| - system.glusterfs.client.volume.aptly |
| - system.glusterfs.client.volume.gerrit |
| - system.glusterfs.client.volume.jenkins |
| - system.glusterfs.client.volume.registry |
| - system.glusterfs.client.volume.salt_pki |
| - system.glusterfs.client.volume.openldap |
| #- system.glusterfs.client.volume.salt |
| # Docker |
| - system.docker.host |
| |
| # Generate aptly-publisher config to use for jenkins slaves |
| - system.aptly.client.publisher |
| |
| # Docker services |
| - system.docker.swarm.stack.aptly |
| - system.docker.swarm.stack.docker |
| - system.docker.swarm.stack.gerrit |
| - system.docker.swarm.stack.jenkins |
| - system.docker.swarm.stack.ldap |
| |
| # Keepalived |
| - system.keepalived.cluster.instance.cicd_control_vip |
| |
| # HAProxy |
| - system.salt.minion.cert.proxy.cicd |
| - system.haproxy.proxy.single |
| - system.haproxy.proxy.listen.cicd.aptly |
| - system.haproxy.proxy.listen.cicd.gerrit |
| - system.haproxy.proxy.listen.cicd.jenkins |
| - system.haproxy.proxy.listen.docker.registry |
| - system.haproxy.proxy.listen.docker.visualizer |
| - system.haproxy.proxy.listen.openldap |
| - system.haproxy.proxy.listen.phpldapadmin |
| - system.haproxy.proxy.listen.mysql |
| - system.haproxy.proxy.listen.stats |
| |
| - cluster.virtual-mcp-ocata-cicd |
| |
| parameters: |
| _param: |
| cluster_node01_name: ${_param:cicd_control_node01_hostname} |
| cluster_node01_address: ${_param:cicd_control_node01_address} |
| cluster_node02_name: ${_param:cicd_control_node02_hostname} |
| cluster_node02_address: ${_param:cicd_control_node02_address} |
| cluster_node03_name: ${_param:cicd_control_node03_hostname} |
| cluster_node03_address: ${_param:cicd_control_node03_address} |
| keepalived_vip_virtual_router_id: 180 |
| keepalived_vip_password: TLrAYaAbAEZwXsp1 |
| keepalived_vip_interface: ens3 |
| cluster_vip_address: ${_param:control_vip_address} |
| control_vip_address: ${_param:cicd_control_address} |
| cluster_public_host: ${_param:control_vip_address} |
| salt_api_password: Dnx3fapzHIcGuURdDck3DPv78V3ehwue |
| # Docker images and versions |
| docker_registry_http_secret: jvJRsYDEPts2HdNk |
| # CI/CD service databases |
| mysql_admin_password: TSi6AgDGv2nZjblQ |
| mysql_gerrit_password: f6XRcwSNHTh8zCuS |
| |
| # Proxy |
| cluster_ssl_certificate: |
| enabled: true |
| pem_file: /etc/haproxy/ssl/${_param:cluster_public_host}-all.pem |
| haproxy_bind_address: ${_param:cluster_vip_address} |
| haproxy_mysql_source_port: 13306 |
| salt_minion_ca_host: cfg01.${_param:cluster_domain} |
| |
| # Aptly |
| aptly_gpg_keypair_id: none |
| aptly_gpg_passphrase: none |
| aptly_server_secure: false |
| aptly_gpg_public_key: none |
| aptly_gpg_private_key: none |
| # OpenLDAP |
| openldap_organisation: "${_param:cluster_name}" |
| openldap_dn: "virtual-mcp-ocata-cicd,dc=local" |
| openldap_domain: "virtual-mcp-ocata-cicd.local" |
| openldap_admin_password: UdTuP7GPPTaCoPSV |
| openldap_config_password: RQK8h0F3aNdvv26U |
| openldap_readonly_password: myMSnD6mn8ziUP2S |
| |
| # Jenkins |
| jenkins_slave_user: admin |
| jenkins_client_user: admin |
| jenkins_admin_password: ${_param:openldap_admin_password} |
| jenkins_security_ldap_server: ${_param:cluster_vip_address} |
| jenkins_security_ldap_root_dn: ${_param:openldap_dn} |
| jenkins_security_ldap_manager_dn: "cn=admin,${_param:openldap_dn}" |
| jenkins_security_ldap_manager_password: ${_param:openldap_admin_password} |
| jenkins_slave_password: ${_param:jenkins_admin_password} |
| jenkins_client_password: ${_param:jenkins_admin_password} |
| jenkins_admin_email: ${_param:admin_email} |
| jenkins_admin_public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3PNQbFye7OC13h7esNT+LXtIKOZbmSmQdj2wrVW1nwFQBodgG2XFJUyKwVZ3gCqS68sN0kOzqix/R4oOL2lm1vZX69Mx3mON6fkvMdgpaEE78VH/SAiuUhCLP83Ic1QRp55uriZ0a1Pa91kqqXnqWLQX7NK4oTtps1sukxg+WVyT55jnwJ8F4a2HIgf+heZNunfw1NlQI6tGXwdiTON7agVybodtRQZctB3/6rQrxKFT9No5BYrEtt2sEg4xBl/XvhbBIyKmi2URgSOplpezGGJcVHTCddRRP0st4etsh39I8H0qzwWnufgYr1dGCr7AOt0grQOUaAKivjK/PV7IL |
| jenkins_admin_private_key: | |
| -----BEGIN RSA PRIVATE KEY----- |
| MIIEpQIBAAKCAQEAtzzUGxcnuzgtd4e3rDU/i17SCjmW5kpkHY9sK1VtZ8BUAaHY |
| BtlxSVMisFWd4AqkuvLDdJDs6osf0eKDi9pZtb2V+vTMd5jjen5LzHYKWhBO/FR/ |
| 0gIrlIQiz/NyHNUEaeebq4mdGtT2vdZKql56li0F+zSuKE7abNbLpMYPllck+eY5 |
| 8CfBeGthyIH/oXmTbp38NTZUCOrRl8HYkzje2oFcm6HbUUGXLQd/+q0K8ShU/TaO |
| QWKxLbdrBIOMQZf174WwSMipotlEYEjqZaXsxhiXFR0wnXUUT9LLeHrbId/SPB9K |
| s8Fp7n4GK9XRgq+wDrdIK0DlGgCor4yvz1eyCwIDAQABAoIBAB3a5Vw8m5afgpj1 |
| HfILAv18R5Cu7W08Na+zTJaK5rZ+2bEiY4ZKK3EdAIvmh0CXu1tSbpIxgsh8PoT9 |
| +RzySKeZ6jPnauEZoga1SThZCzq9aYEna2QWQm+CUAG90pvsAToYKH78fwJ+LG2l |
| 2qiDmEmbsFvLq4yZvHD7VlbUhnmiFm1kzPPa2SdeimYl0TlOKOMS/l0UkG0isMEQ |
| 3dGR3GOCA9az7UAuBvB0rAhOjWUfDEFGeKYlZ9kHgK6r7eYMA0Ij7eIbZYvE0tAE |
| slhhevDbrnEpzD3XClSmco62RhRIhvS639Q09IksA+yLBFLnjVOtEsWroD4iFDPI |
| 4kLTewECgYEA6x6i5YlY5Mxsq7S22d4XcSafd7FJm7FNZeM+8/aPeQjSunXby5rD |
| pYQBYGZG9pNuJ6R6hxunlWiTmzkogZLoWqDfTrjjJ7qnYpA/6NS97jdDBq8o5lIb |
| LWFLn86QyuLUFLUzPbeBsAfiRAoKm6qdmwCMNHEuleLOGVUdTx84PksCgYEAx4Kr |
| 8jvyRazRQtbYWTvMViHs7w5tYRUI7NZ35DfI2nJA/VRWfCvK7F/QpgFfeEB3vBVM |
| +s9HBiJ23cqS44Iw/WhGMdoXSXFqiz6Ry8oQ0LXl1ed1eq8Bq/Y6qbGpgUv6QdYX |
| DDE2vezsq4jcmFVRCKexCTVKgf/bSN8VhSLfA0ECgYEAsP1w9oU7y5AvRdpVww+y |
| adT/OiTVGkSP1OEJ5LB4NE52AzLxcAVivdfvCVg0ly1IQMNKESa6Mnh0lOakHVYv |
| Xvm24BXBuYiCtGmOEoEDMK2c4Q0+JpMsLi8NtJDU4kV6DNSSbCUVlSN6Kmm8ro3y |
| 8lmpMVj6Do6bQuqVk5gWyJ0CgYEApTU6p1smkrW5jyyTeMkAuu5a4dZDktm1S1GJ |
| dA0RoHpuAJjfCPHGlpf9EgofAVf5DmFhHmuX96eAYMbHfeeoI58+STe8gs+NF4MX |
| ffZ0mC+YA9onuRDERJ6gEzcQEwZUVEIxUaJLH1ja3mx1pxs3AADEo8hiS2YQMraw |
| fk/S9kECgYEAmB1tL0F796xtfaeNwQ35FZW2gpWvJLrBfO5vkXrA8JFhldW5LHr0 |
| 7xy+goivnFtD2rvCMNOVWdGT4yEftajz6vXsXLr2XQ8X3HH8O0BIqWyobguQs3t0 |
| d4sWoM2Qt45r+B/UoLMPmkjtebmQe+gKbdv8rv+FWPAckc7L7MCkveA= |
| -----END RSA PRIVATE KEY----- |
| # Jobs params |
| jenkins_gerrit_url: ssh://admin@${_param:haproxy_gerrit_bind_host}:${_param:haproxy_gerrit_ssh_bind_port} |
| jenkins_aptly_api_url: http://${_param:haproxy_aptly_api_bind_host}:${_param:haproxy_aptly_api_bind_port} |
| jenkins_aptly_url: http://${_param:haproxy_aptly_public_bind_host}:${_param:haproxy_aptly_public_bind_port} |
| # Gerrit |
| gerrit_admin_password: ${_param:openldap_admin_password} |
| gerrit_admin_email: ${_param:admin_email} |
| gerrit_public_host: http://${_param:haproxy_gerrit_bind_host}:${_param:haproxy_gerrit_bind_port} |
| gerrit_admin_public_key: ${_param:jenkins_admin_public_key} |
| gerrit_admin_private_key: ${_param:jenkins_admin_private_key} |
| gerrit_auth_type: LDAP |
| gerrit_ldap_server: "ldap://${_param:cluster_vip_address}" |
| gerrit_ldap_bind_user: "cn=admin,${_param:openldap_dn}" |
| gerrit_ldap_bind_password: ${_param:openldap_admin_password} |
| gerrit_ldap_account_base: ou=people,${_param:openldap_dn} |
| gerrit_ldap_group_base: ou=groups,${_param:openldap_dn} |
| |
| linux: |
| system: |
| package: |
| ca-certificates-java: |
| version: latest |
| network: |
| interface: |
| ens3: |
| enabled: true |
| type: eth |
| proto: static |
| address: ${_param:single_address} |
| netmask: 255.255.255.0 |