Merge "Fix K8s version, remove K8s-pause"
diff --git a/classes/cluster/k8s-aio-calico/kubernetes/control.yml b/classes/cluster/k8s-aio-calico/kubernetes/control.yml
index cd49cca..98bc75b 100644
--- a/classes/cluster/k8s-aio-calico/kubernetes/control.yml
+++ b/classes/cluster/k8s-aio-calico/kubernetes/control.yml
@@ -5,6 +5,7 @@
- system.salt.minion.cert.etcd_server_single
- system.salt.minion.cert.k8s_server_single
- system.kubernetes.master.single
+- system.kubernetes.master.auth.rbac
- system.kubernetes.control.roles.cluster-admin
- cluster.k8s-aio-calico.kubernetes.compute
- cluster.k8s-aio-calico
diff --git a/classes/cluster/k8s-aio-contrail/kubernetes/control.yml b/classes/cluster/k8s-aio-contrail/kubernetes/control.yml
index c108c6e..acf2d8c 100644
--- a/classes/cluster/k8s-aio-contrail/kubernetes/control.yml
+++ b/classes/cluster/k8s-aio-contrail/kubernetes/control.yml
@@ -5,6 +5,7 @@
- system.linux.system.repo.docker_legacy
- system.salt.minion.cert.etcd_server
- system.kubernetes.master.cluster
+- system.kubernetes.master.auth.rbac
- system.kubernetes.control.roles.cluster-admin
- cluster.k8s-aio-contrail.kubernetes
- cluster.k8s-aio-contrail.kubernetes.compute
diff --git a/classes/cluster/k8s-compact/kubernetes/control.yml b/classes/cluster/k8s-compact/kubernetes/control.yml
index c0cc065..53dcbf8 100644
--- a/classes/cluster/k8s-compact/kubernetes/control.yml
+++ b/classes/cluster/k8s-compact/kubernetes/control.yml
@@ -4,6 +4,7 @@
- service.etcd.server.single
- service.kubernetes.control.cluster
- system.kubernetes.master.single
+- system.kubernetes.master.auth.rbac
- system.kubernetes.control.roles.cluster-admin
- cluster.k8s-compact.kubernetes.compute
parameters:
diff --git a/classes/cluster/k8s-ha-calico-cloudprovider/kubernetes/control.yml b/classes/cluster/k8s-ha-calico-cloudprovider/kubernetes/control.yml
index b2cdbaf..958cdd8 100644
--- a/classes/cluster/k8s-ha-calico-cloudprovider/kubernetes/control.yml
+++ b/classes/cluster/k8s-ha-calico-cloudprovider/kubernetes/control.yml
@@ -6,6 +6,7 @@
- system.linux.system.repo.docker_legacy
- system.salt.minion.cert.etcd_server
- system.kubernetes.master.cluster
+- system.kubernetes.master.auth.rbac
- system.kubernetes.control.roles.cluster-admin
- cluster.k8s-ha-calico-cloudprovider.kubernetes.compute
- cluster.k8s-ha-calico-cloudprovider
diff --git a/classes/cluster/k8s-ha-calico-flannel-virtlet/kubernetes/control.yml b/classes/cluster/k8s-ha-calico-flannel-virtlet/kubernetes/control.yml
index 34cace7..d6e794e 100644
--- a/classes/cluster/k8s-ha-calico-flannel-virtlet/kubernetes/control.yml
+++ b/classes/cluster/k8s-ha-calico-flannel-virtlet/kubernetes/control.yml
@@ -6,6 +6,7 @@
- system.linux.system.repo.docker_legacy
- system.salt.minion.cert.etcd_server
- system.kubernetes.master.cluster
+- system.kubernetes.master.auth.rbac
- system.kubernetes.control.roles.cluster-admin
- cluster.k8s-ha-calico-flannel-virtlet.kubernetes.compute
- cluster.k8s-ha-calico-flannel-virtlet
@@ -78,5 +79,3 @@
namespace:
netchecker:
enabled: true
- auth:
- mode: Node,RBAC
diff --git a/classes/cluster/k8s-ha-calico-syndic/kubernetes/control.yml b/classes/cluster/k8s-ha-calico-syndic/kubernetes/control.yml
index 03a945e..bd70fbe 100644
--- a/classes/cluster/k8s-ha-calico-syndic/kubernetes/control.yml
+++ b/classes/cluster/k8s-ha-calico-syndic/kubernetes/control.yml
@@ -6,6 +6,7 @@
- system.linux.system.repo.docker_legacy
- system.salt.minion.cert.etcd_server
- system.kubernetes.master.cluster
+- system.kubernetes.master.auth.rbac
- system.kubernetes.control.roles.cluster-admin
- cluster.k8s-ha-calico-syndic.kubernetes.compute
- cluster.k8s-ha-calico-syndic
diff --git a/classes/cluster/k8s-ha-calico/kubernetes/control.yml b/classes/cluster/k8s-ha-calico/kubernetes/control.yml
index afde0e5..9c854ff 100644
--- a/classes/cluster/k8s-ha-calico/kubernetes/control.yml
+++ b/classes/cluster/k8s-ha-calico/kubernetes/control.yml
@@ -6,6 +6,7 @@
- system.linux.system.repo.docker_legacy
- system.salt.minion.cert.etcd_server
- system.kubernetes.master.cluster
+- system.kubernetes.master.auth.rbac
- system.kubernetes.control.roles.cluster-admin
- cluster.k8s-ha-calico.kubernetes.compute
- cluster.k8s-ha-calico
@@ -71,5 +72,3 @@
namespace:
netchecker:
enabled: true
- auth:
- mode: Node,RBAC
diff --git a/classes/cluster/k8s-ha-contrail-40/kubernetes/control.yml b/classes/cluster/k8s-ha-contrail-40/kubernetes/control.yml
index e97eede..f83f9a4 100644
--- a/classes/cluster/k8s-ha-contrail-40/kubernetes/control.yml
+++ b/classes/cluster/k8s-ha-contrail-40/kubernetes/control.yml
@@ -8,6 +8,7 @@
- system.salt.minion.cert.etcd_client
- system.salt.minion.cert.etcd_server
- system.kubernetes.master.cluster
+- system.kubernetes.master.auth.rbac
- system.kubernetes.control.roles.cluster-admin
- cluster.k8s-ha-contrail-40.infra
- cluster.overrides
diff --git a/classes/cluster/k8s-ha-contrail/kubernetes/control.yml b/classes/cluster/k8s-ha-contrail/kubernetes/control.yml
index b2807ee..7c2d531 100644
--- a/classes/cluster/k8s-ha-contrail/kubernetes/control.yml
+++ b/classes/cluster/k8s-ha-contrail/kubernetes/control.yml
@@ -6,6 +6,7 @@
- system.linux.system.repo.docker_legacy
- system.salt.minion.cert.etcd_server
- system.kubernetes.master.cluster
+- system.kubernetes.master.auth.rbac
- system.kubernetes.control.roles.cluster-admin
- cluster.k8s-ha-contrail.kubernetes.compute
- cluster.k8s-ha-contrail
diff --git a/classes/cluster/sl-k8s-calico/kubernetes/control.yml b/classes/cluster/sl-k8s-calico/kubernetes/control.yml
index 270555a..b3e2038 100644
--- a/classes/cluster/sl-k8s-calico/kubernetes/control.yml
+++ b/classes/cluster/sl-k8s-calico/kubernetes/control.yml
@@ -5,6 +5,7 @@
- system.linux.system.repo.mcp.apt_mirantis.docker_legacy
- system.salt.minion.cert.etcd_server
- system.kubernetes.master.cluster
+- system.kubernetes.master.auth.rbac
- system.kubernetes.control.roles.cluster-admin
- system.kubernetes.control.roles.fluentd-view
- cluster.sl-k8s-calico.kubernetes.compute
@@ -58,5 +59,3 @@
namespace:
netchecker:
enabled: ${_param:kubernetes_netchecker_enabled}
- auth:
- mode: Node,RBAC
diff --git a/classes/cluster/sl-k8s-contrail/kubernetes/control.yml b/classes/cluster/sl-k8s-contrail/kubernetes/control.yml
index 5176dc6..6c1b492 100644
--- a/classes/cluster/sl-k8s-contrail/kubernetes/control.yml
+++ b/classes/cluster/sl-k8s-contrail/kubernetes/control.yml
@@ -5,6 +5,7 @@
- system.linux.system.repo.docker_legacy
- system.salt.minion.cert.etcd_server
- system.kubernetes.master.cluster
+- system.kubernetes.master.auth.rbac
- system.kubernetes.control.roles.cluster-admin
- system.kubernetes.control.roles.fluentd-view
- cluster.sl-k8s-contrail.kubernetes.compute
diff --git a/classes/cluster/virtual-mcp-pike-dvr-ssl-barbican/.env b/classes/cluster/virtual-mcp-pike-dvr-ssl-barbican/.env
index b054cf5..cf4c91c 100644
--- a/classes/cluster/virtual-mcp-pike-dvr-ssl-barbican/.env
+++ b/classes/cluster/virtual-mcp-pike-dvr-ssl-barbican/.env
@@ -1 +1 @@
-FORMULAS_SALT_MASTER+=(java openssh ntp nginx collectd sensu heka sphinx mysql galera grafana libvirt rsyslog glusterfs postfix xtrabackup freeipa prometheus telegraf elasticsearch kibana rundeck devops-portal libvirt rsyslog memcached rabbitmq apache keystone glance nova neutron cinder heat horizon ironic tftpd-hpa bind powerdns designate barbican iptables fluentd dogtag barbican logrotate)
+FORMULAS_SALT_MASTER+=(java openssh ntp nginx collectd sensu heka sphinx mysql galera grafana libvirt rsyslog glusterfs postfix xtrabackup freeipa prometheus telegraf elasticsearch kibana rundeck devops-portal libvirt rsyslog memcached rabbitmq apache keystone glance nova neutron cinder heat horizon ironic tftpd-hpa bind powerdns designate barbican iptables fluentd dogtag barbican logrotate auditd)
diff --git a/classes/cluster/virtual-mcp-pike-dvr-ssl-barbican/init.yml b/classes/cluster/virtual-mcp-pike-dvr-ssl-barbican/init.yml
index 8a7241f..1db0cfa 100644
--- a/classes/cluster/virtual-mcp-pike-dvr-ssl-barbican/init.yml
+++ b/classes/cluster/virtual-mcp-pike-dvr-ssl-barbican/init.yml
@@ -8,6 +8,7 @@
- system.openssh.server.team.mcp_qa
- cluster.virtual-mcp-pike-dvr-ssl-barbican.infra
- cluster.virtual-mcp-pike-dvr-ssl-barbican.openstack
+- system.auditd.server.ciscat
- cluster.overrides
parameters:
_param:
diff --git a/classes/cluster/virtual-mcp-pike-dvr-ssl/.env b/classes/cluster/virtual-mcp-pike-dvr-ssl/.env
index 3681e6f..ebce5d7 100644
--- a/classes/cluster/virtual-mcp-pike-dvr-ssl/.env
+++ b/classes/cluster/virtual-mcp-pike-dvr-ssl/.env
@@ -1 +1 @@
-FORMULAS_SALT_MASTER+=(java openssh ntp nginx collectd sensu heka sphinx mysql galera grafana libvirt rsyslog glusterfs postfix xtrabackup freeipa prometheus telegraf elasticsearch kibana rundeck devops-portal libvirt rsyslog memcached rabbitmq apache keystone glance nova neutron cinder heat horizon ironic tftpd-hpa bind powerdns designate barbican iptables fluentd logrotate)
+FORMULAS_SALT_MASTER+=(java openssh ntp nginx collectd sensu heka sphinx mysql galera grafana libvirt rsyslog glusterfs postfix xtrabackup freeipa prometheus telegraf elasticsearch kibana rundeck devops-portal libvirt rsyslog memcached rabbitmq apache keystone glance nova neutron cinder heat horizon ironic tftpd-hpa bind powerdns designate barbican iptables fluentd logrotate auditd)
diff --git a/classes/cluster/virtual-mcp-pike-dvr-ssl/infra/init.yml b/classes/cluster/virtual-mcp-pike-dvr-ssl/infra/init.yml
index b01723d..e800917 100644
--- a/classes/cluster/virtual-mcp-pike-dvr-ssl/infra/init.yml
+++ b/classes/cluster/virtual-mcp-pike-dvr-ssl/infra/init.yml
@@ -1,4 +1,9 @@
parameters:
+ _param:
+ cluster_domain: virtual-mcp-pike-dvr-ssl.local
+ cluster_name: virtual-mcp-pike-dvr-ssl
+ infra_config_address: 172.16.10.100
+ infra_config_hostname: cfg01
linux:
network:
host:
diff --git a/classes/cluster/virtual-mcp-pike-dvr-ssl/init.yml b/classes/cluster/virtual-mcp-pike-dvr-ssl/init.yml
index 5b47776..5fcfe30 100644
--- a/classes/cluster/virtual-mcp-pike-dvr-ssl/init.yml
+++ b/classes/cluster/virtual-mcp-pike-dvr-ssl/init.yml
@@ -9,15 +9,11 @@
- system.openssh.server.team.mcp_qa
- cluster.virtual-mcp-pike-dvr-ssl.infra
- cluster.virtual-mcp-pike-dvr-ssl.openstack
+- system.auditd.server.ciscat
- cluster.overrides
parameters:
_param:
- cluster_domain: virtual-mcp-pike-dvr-ssl.local
- cluster_name: virtual-mcp-pike-dvr-ssl
salt_minion_ca_host: cfg01.${linux:system:domain}
- # infra service addresses
- infra_config_hostname: cfg01
- infra_config_address: 172.16.10.100
salt:
minion:
trusted_ca_minions:
diff --git a/classes/cluster/virtual-mcp-pike-dvr/.env b/classes/cluster/virtual-mcp-pike-dvr/.env
index 147f964..006f9e8 100644
--- a/classes/cluster/virtual-mcp-pike-dvr/.env
+++ b/classes/cluster/virtual-mcp-pike-dvr/.env
@@ -1 +1 @@
-FORMULAS_SALT_MASTER+=(fluentd git grafana linux nginx ntp openssh prometheus reclass rsyslog salt sphinx telegraf backupninja logrotate)
+FORMULAS_SALT_MASTER+=(fluentd git grafana linux nginx ntp openssh prometheus reclass rsyslog salt sphinx telegraf backupninja logrotate auditd)
diff --git a/classes/cluster/virtual-mcp-pike-dvr/init.yml b/classes/cluster/virtual-mcp-pike-dvr/init.yml
index cbf24f0..b3e79c6 100644
--- a/classes/cluster/virtual-mcp-pike-dvr/init.yml
+++ b/classes/cluster/virtual-mcp-pike-dvr/init.yml
@@ -8,6 +8,7 @@
- system.openssh.server.team.mcp_qa
- cluster.virtual-mcp-pike-dvr.infra
- cluster.virtual-mcp-pike-dvr.openstack
+- system.auditd.server.ciscat
- cluster.overrides
parameters:
salt:
diff --git a/classes/cluster/virtual-mcp-pike-ovs/.env b/classes/cluster/virtual-mcp-pike-ovs/.env
index 147f964..006f9e8 100644
--- a/classes/cluster/virtual-mcp-pike-ovs/.env
+++ b/classes/cluster/virtual-mcp-pike-ovs/.env
@@ -1 +1 @@
-FORMULAS_SALT_MASTER+=(fluentd git grafana linux nginx ntp openssh prometheus reclass rsyslog salt sphinx telegraf backupninja logrotate)
+FORMULAS_SALT_MASTER+=(fluentd git grafana linux nginx ntp openssh prometheus reclass rsyslog salt sphinx telegraf backupninja logrotate auditd)
diff --git a/classes/cluster/virtual-mcp-pike-ovs/init.yml b/classes/cluster/virtual-mcp-pike-ovs/init.yml
index 6d75499..6cc8a27 100644
--- a/classes/cluster/virtual-mcp-pike-ovs/init.yml
+++ b/classes/cluster/virtual-mcp-pike-ovs/init.yml
@@ -8,6 +8,7 @@
- system.openssh.server.team.mcp_qa
- cluster.virtual-mcp-pike-ovs.infra
- cluster.virtual-mcp-pike-ovs.openstack
+- system.auditd.server.ciscat
- cluster.overrides
parameters:
salt:
diff --git a/classes/cluster/virtual-mcp11-k8s-calico-dyn/kubernetes/control.yml b/classes/cluster/virtual-mcp11-k8s-calico-dyn/kubernetes/control.yml
index 94958ec..08bac4e 100644
--- a/classes/cluster/virtual-mcp11-k8s-calico-dyn/kubernetes/control.yml
+++ b/classes/cluster/virtual-mcp11-k8s-calico-dyn/kubernetes/control.yml
@@ -6,6 +6,7 @@
- system.linux.system.repo.docker_legacy
- system.salt.minion.cert.etcd_server
- system.kubernetes.master.cluster
+- system.kubernetes.master.auth.rbac
- system.kubernetes.control.roles.cluster-admin
- system.kubernetes.control.roles.fluentd-view
- cluster.virtual-mcp11-k8s-calico-dyn.kubernetes.compute
diff --git a/classes/cluster/virtual-mcp11-k8s-calico-minimal/kubernetes/control.yml b/classes/cluster/virtual-mcp11-k8s-calico-minimal/kubernetes/control.yml
index 9c21917..077036e 100644
--- a/classes/cluster/virtual-mcp11-k8s-calico-minimal/kubernetes/control.yml
+++ b/classes/cluster/virtual-mcp11-k8s-calico-minimal/kubernetes/control.yml
@@ -6,6 +6,7 @@
- system.linux.system.repo.docker_legacy
- system.salt.minion.cert.etcd_server
- system.kubernetes.master.cluster
+- system.kubernetes.master.auth.rbac
- system.kubernetes.control.roles.cluster-admin
- cluster.virtual-mcp11-k8s-calico-minimal.kubernetes.compute
- cluster.virtual-mcp11-k8s-calico-minimal
diff --git a/classes/cluster/virtual-mcp11-k8s-calico/kubernetes/control.yml b/classes/cluster/virtual-mcp11-k8s-calico/kubernetes/control.yml
index 21a2573..ddfae1e 100644
--- a/classes/cluster/virtual-mcp11-k8s-calico/kubernetes/control.yml
+++ b/classes/cluster/virtual-mcp11-k8s-calico/kubernetes/control.yml
@@ -6,6 +6,7 @@
- system.linux.system.repo.mcp.apt_mirantis.docker_legacy
- system.salt.minion.cert.etcd_server
- system.kubernetes.master.cluster
+- system.kubernetes.master.auth.rbac
- system.kubernetes.control.roles.cluster-admin
- system.kubernetes.control.roles.fluentd-view
- cluster.virtual-mcp11-k8s-calico.kubernetes.compute
@@ -74,5 +75,3 @@
namespace:
netchecker:
enabled: ${_param:kubernetes_netchecker_enabled}
- auth:
- mode: Node,RBAC
diff --git a/classes/cluster/virtual-mcp11-k8s-contrail/kubernetes/control.yml b/classes/cluster/virtual-mcp11-k8s-contrail/kubernetes/control.yml
index 1027e55..6cf8c91 100644
--- a/classes/cluster/virtual-mcp11-k8s-contrail/kubernetes/control.yml
+++ b/classes/cluster/virtual-mcp11-k8s-contrail/kubernetes/control.yml
@@ -6,6 +6,7 @@
- system.linux.system.repo.docker_legacy
- system.salt.minion.cert.etcd_server
- system.kubernetes.master.cluster
+- system.kubernetes.master.auth.rbac
- system.kubernetes.control.roles.cluster-admin
- system.kubernetes.control.roles.fluentd-view
- cluster.virtual-mcp11-k8s-contrail.kubernetes.compute
diff --git a/classes/system b/classes/system
index 7f8c2f3..0185ec6 160000
--- a/classes/system
+++ b/classes/system
@@ -1 +1 @@
-Subproject commit 7f8c2f32dfa4fee69d3b1dbe2ad2a1e7f32bdb1e
+Subproject commit 0185ec6c09e0563af761afc88977dda3461ea6f0