| asledzinskiy | 159d7bf | 2017-06-12 15:25:21 +0300 | [diff] [blame] | 1 | |
| 2 | classes: |
| 3 | - system.linux.system.haveged |
| 4 | - system.glusterfs.client.cluster |
| 5 | - system.glusterfs.client.volume.aptly |
| 6 | - system.glusterfs.client.volume.gerrit |
| 7 | - system.glusterfs.client.volume.jenkins |
| 8 | - system.glusterfs.client.volume.registry |
| 9 | - system.glusterfs.client.volume.salt_pki |
| 10 | - system.glusterfs.client.volume.openldap |
| 11 | #- system.glusterfs.client.volume.salt |
| 12 | # Docker |
| 13 | - system.docker.host |
| 14 | |
| 15 | # Generate aptly-publisher config to use for jenkins slaves |
| 16 | - system.aptly.client.publisher |
| 17 | |
| 18 | # Docker services |
| 19 | - system.docker.swarm.stack.aptly |
| 20 | - system.docker.swarm.stack.docker |
| 21 | - system.docker.swarm.stack.gerrit |
| 22 | - system.docker.swarm.stack.jenkins |
| 23 | - system.docker.swarm.stack.ldap |
| 24 | |
| 25 | # Keepalived |
| 26 | - system.keepalived.cluster.instance.cicd_control_vip |
| 27 | |
| 28 | # HAProxy |
| 29 | - system.salt.minion.cert.proxy.cicd |
| 30 | - system.haproxy.proxy.single |
| 31 | - system.haproxy.proxy.listen.cicd.aptly |
| 32 | - system.haproxy.proxy.listen.cicd.gerrit |
| 33 | - system.haproxy.proxy.listen.cicd.jenkins |
| 34 | - system.haproxy.proxy.listen.docker.registry |
| 35 | - system.haproxy.proxy.listen.docker.visualizer |
| 36 | - system.haproxy.proxy.listen.openldap |
| 37 | - system.haproxy.proxy.listen.phpldapadmin |
| 38 | - system.haproxy.proxy.listen.mysql |
| 39 | - system.haproxy.proxy.listen.stats |
| 40 | |
| 41 | - cluster.virtual-mcp-ocata-cicd |
| 42 | |
| 43 | parameters: |
| 44 | _param: |
| 45 | cluster_node01_name: ${_param:cicd_control_node01_hostname} |
| 46 | cluster_node01_address: ${_param:cicd_control_node01_address} |
| 47 | cluster_node02_name: ${_param:cicd_control_node02_hostname} |
| 48 | cluster_node02_address: ${_param:cicd_control_node02_address} |
| 49 | cluster_node03_name: ${_param:cicd_control_node03_hostname} |
| 50 | cluster_node03_address: ${_param:cicd_control_node03_address} |
| 51 | keepalived_vip_virtual_router_id: 180 |
| 52 | keepalived_vip_password: TLrAYaAbAEZwXsp1 |
| 53 | keepalived_vip_interface: ens3 |
| 54 | cluster_vip_address: ${_param:control_vip_address} |
| 55 | control_vip_address: ${_param:cicd_control_address} |
| 56 | cluster_public_host: ${_param:control_vip_address} |
| 57 | salt_api_password: Dnx3fapzHIcGuURdDck3DPv78V3ehwue |
| 58 | # Docker images and versions |
| 59 | docker_registry_http_secret: jvJRsYDEPts2HdNk |
| 60 | # CI/CD service databases |
| 61 | mysql_admin_password: TSi6AgDGv2nZjblQ |
| 62 | mysql_gerrit_password: f6XRcwSNHTh8zCuS |
| 63 | |
| 64 | # Proxy |
| 65 | cluster_ssl_certificate: |
| 66 | enabled: true |
| 67 | pem_file: /etc/haproxy/ssl/${_param:cluster_public_host}-all.pem |
| 68 | haproxy_bind_address: ${_param:cluster_vip_address} |
| 69 | haproxy_mysql_source_port: 13306 |
| 70 | salt_minion_ca_host: cfg01.${_param:cluster_domain} |
| 71 | |
| 72 | # Aptly |
| 73 | aptly_gpg_keypair_id: none |
| 74 | aptly_gpg_passphrase: none |
| 75 | aptly_server_secure: false |
| 76 | aptly_gpg_public_key: none |
| 77 | aptly_gpg_private_key: none |
| 78 | # OpenLDAP |
| 79 | openldap_organisation: "${_param:cluster_name}" |
| 80 | openldap_dn: "virtual-mcp-ocata-cicd,dc=local" |
| 81 | openldap_domain: "virtual-mcp-ocata-cicd.local" |
| 82 | openldap_admin_password: UdTuP7GPPTaCoPSV |
| 83 | openldap_config_password: RQK8h0F3aNdvv26U |
| 84 | openldap_readonly_password: myMSnD6mn8ziUP2S |
| 85 | |
| 86 | # Jenkins |
| 87 | jenkins_slave_user: admin |
| 88 | jenkins_client_user: admin |
| 89 | jenkins_admin_password: ${_param:openldap_admin_password} |
| 90 | jenkins_security_ldap_server: ${_param:cluster_vip_address} |
| 91 | jenkins_security_ldap_root_dn: ${_param:openldap_dn} |
| 92 | jenkins_security_ldap_manager_dn: "cn=admin,${_param:openldap_dn}" |
| 93 | jenkins_security_ldap_manager_password: ${_param:openldap_admin_password} |
| 94 | jenkins_slave_password: ${_param:jenkins_admin_password} |
| 95 | jenkins_client_password: ${_param:jenkins_admin_password} |
| 96 | jenkins_admin_email: ${_param:admin_email} |
| 97 | jenkins_admin_public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3PNQbFye7OC13h7esNT+LXtIKOZbmSmQdj2wrVW1nwFQBodgG2XFJUyKwVZ3gCqS68sN0kOzqix/R4oOL2lm1vZX69Mx3mON6fkvMdgpaEE78VH/SAiuUhCLP83Ic1QRp55uriZ0a1Pa91kqqXnqWLQX7NK4oTtps1sukxg+WVyT55jnwJ8F4a2HIgf+heZNunfw1NlQI6tGXwdiTON7agVybodtRQZctB3/6rQrxKFT9No5BYrEtt2sEg4xBl/XvhbBIyKmi2URgSOplpezGGJcVHTCddRRP0st4etsh39I8H0qzwWnufgYr1dGCr7AOt0grQOUaAKivjK/PV7IL |
| 98 | jenkins_admin_private_key: | |
| 99 | -----BEGIN RSA PRIVATE KEY----- |
| 100 | MIIEpQIBAAKCAQEAtzzUGxcnuzgtd4e3rDU/i17SCjmW5kpkHY9sK1VtZ8BUAaHY |
| 101 | BtlxSVMisFWd4AqkuvLDdJDs6osf0eKDi9pZtb2V+vTMd5jjen5LzHYKWhBO/FR/ |
| 102 | 0gIrlIQiz/NyHNUEaeebq4mdGtT2vdZKql56li0F+zSuKE7abNbLpMYPllck+eY5 |
| 103 | 8CfBeGthyIH/oXmTbp38NTZUCOrRl8HYkzje2oFcm6HbUUGXLQd/+q0K8ShU/TaO |
| 104 | QWKxLbdrBIOMQZf174WwSMipotlEYEjqZaXsxhiXFR0wnXUUT9LLeHrbId/SPB9K |
| 105 | s8Fp7n4GK9XRgq+wDrdIK0DlGgCor4yvz1eyCwIDAQABAoIBAB3a5Vw8m5afgpj1 |
| 106 | HfILAv18R5Cu7W08Na+zTJaK5rZ+2bEiY4ZKK3EdAIvmh0CXu1tSbpIxgsh8PoT9 |
| 107 | +RzySKeZ6jPnauEZoga1SThZCzq9aYEna2QWQm+CUAG90pvsAToYKH78fwJ+LG2l |
| 108 | 2qiDmEmbsFvLq4yZvHD7VlbUhnmiFm1kzPPa2SdeimYl0TlOKOMS/l0UkG0isMEQ |
| 109 | 3dGR3GOCA9az7UAuBvB0rAhOjWUfDEFGeKYlZ9kHgK6r7eYMA0Ij7eIbZYvE0tAE |
| 110 | slhhevDbrnEpzD3XClSmco62RhRIhvS639Q09IksA+yLBFLnjVOtEsWroD4iFDPI |
| 111 | 4kLTewECgYEA6x6i5YlY5Mxsq7S22d4XcSafd7FJm7FNZeM+8/aPeQjSunXby5rD |
| 112 | pYQBYGZG9pNuJ6R6hxunlWiTmzkogZLoWqDfTrjjJ7qnYpA/6NS97jdDBq8o5lIb |
| 113 | LWFLn86QyuLUFLUzPbeBsAfiRAoKm6qdmwCMNHEuleLOGVUdTx84PksCgYEAx4Kr |
| 114 | 8jvyRazRQtbYWTvMViHs7w5tYRUI7NZ35DfI2nJA/VRWfCvK7F/QpgFfeEB3vBVM |
| 115 | +s9HBiJ23cqS44Iw/WhGMdoXSXFqiz6Ry8oQ0LXl1ed1eq8Bq/Y6qbGpgUv6QdYX |
| 116 | DDE2vezsq4jcmFVRCKexCTVKgf/bSN8VhSLfA0ECgYEAsP1w9oU7y5AvRdpVww+y |
| 117 | adT/OiTVGkSP1OEJ5LB4NE52AzLxcAVivdfvCVg0ly1IQMNKESa6Mnh0lOakHVYv |
| 118 | Xvm24BXBuYiCtGmOEoEDMK2c4Q0+JpMsLi8NtJDU4kV6DNSSbCUVlSN6Kmm8ro3y |
| 119 | 8lmpMVj6Do6bQuqVk5gWyJ0CgYEApTU6p1smkrW5jyyTeMkAuu5a4dZDktm1S1GJ |
| 120 | dA0RoHpuAJjfCPHGlpf9EgofAVf5DmFhHmuX96eAYMbHfeeoI58+STe8gs+NF4MX |
| 121 | ffZ0mC+YA9onuRDERJ6gEzcQEwZUVEIxUaJLH1ja3mx1pxs3AADEo8hiS2YQMraw |
| 122 | fk/S9kECgYEAmB1tL0F796xtfaeNwQ35FZW2gpWvJLrBfO5vkXrA8JFhldW5LHr0 |
| 123 | 7xy+goivnFtD2rvCMNOVWdGT4yEftajz6vXsXLr2XQ8X3HH8O0BIqWyobguQs3t0 |
| 124 | d4sWoM2Qt45r+B/UoLMPmkjtebmQe+gKbdv8rv+FWPAckc7L7MCkveA= |
| 125 | -----END RSA PRIVATE KEY----- |
| 126 | # Jobs params |
| 127 | jenkins_gerrit_url: ssh://admin@${_param:haproxy_gerrit_bind_host}:${_param:haproxy_gerrit_ssh_bind_port} |
| 128 | jenkins_aptly_api_url: http://${_param:haproxy_aptly_api_bind_host}:${_param:haproxy_aptly_api_bind_port} |
| 129 | jenkins_aptly_url: http://${_param:haproxy_aptly_public_bind_host}:${_param:haproxy_aptly_public_bind_port} |
| 130 | # Gerrit |
| 131 | gerrit_admin_password: ${_param:openldap_admin_password} |
| 132 | gerrit_admin_email: ${_param:admin_email} |
| 133 | gerrit_public_host: http://${_param:haproxy_gerrit_bind_host}:${_param:haproxy_gerrit_bind_port} |
| 134 | gerrit_admin_public_key: ${_param:jenkins_admin_public_key} |
| 135 | gerrit_admin_private_key: ${_param:jenkins_admin_private_key} |
| 136 | gerrit_auth_type: LDAP |
| 137 | gerrit_ldap_server: "ldap://${_param:cluster_vip_address}" |
| 138 | gerrit_ldap_bind_user: "cn=admin,${_param:openldap_dn}" |
| 139 | gerrit_ldap_bind_password: ${_param:openldap_admin_password} |
| 140 | gerrit_ldap_account_base: ou=people,${_param:openldap_dn} |
| 141 | gerrit_ldap_group_base: ou=groups,${_param:openldap_dn} |
| 142 | |
| 143 | linux: |
| 144 | system: |
| 145 | package: |
| 146 | ca-certificates-java: |
| 147 | version: latest |
| 148 | network: |
| 149 | interface: |
| 150 | ens3: |
| 151 | enabled: true |
| 152 | type: eth |
| 153 | proto: static |
| 154 | address: ${_param:single_address} |
| 155 | netmask: 255.255.255.0 |