classes/cluster/virtual-mcp-ocata-cicd/cicd/control/init.yml

classes:
  - system.linux.system.haveged
  - system.glusterfs.client.cluster
  - system.glusterfs.client.volume.aptly
  - system.glusterfs.client.volume.devops_portal
  - system.glusterfs.client.volume.elasticsearch
  - system.glusterfs.client.volume.gerrit
  - system.glusterfs.client.volume.jenkins
  - system.glusterfs.client.volume.mysql
  - system.glusterfs.client.volume.openldap
  - system.glusterfs.client.volume.postgresql
  - system.glusterfs.client.volume.pushkin
  - system.glusterfs.client.volume.registry
  - system.glusterfs.client.volume.rundeck
  - system.glusterfs.client.volume.salt_pki
  - system.glusterfs.client.volume.security_monkey
  - cluster.virtual-mcp-ocata-cicd.cicd.gluster
 #- system.glusterfs.client.volume.salt
  # Docker
  - system.docker.host

  # Generate aptly-publisher config to use for jenkins slaves
  - system.aptly.client.publisher

  # Docker services
  - system.docker.swarm.stack.aptly
  - system.docker.swarm.stack.devops_portal
  - system.docker.swarm.stack.docker
  - system.docker.swarm.stack.elasticsearch
  - system.docker.swarm.stack.gerrit
  - system.docker.swarm.stack.jenkins
  - system.docker.swarm.stack.ldap
  - system.docker.swarm.stack.postgresql
  - system.docker.swarm.stack.pushkin
  - system.docker.swarm.stack.rundeck
  - system.docker.swarm.stack.security_monkey
  # Docker networks
  - system.docker.swarm.network.runbook

  # Keepalived
  - system.keepalived.cluster.instance.cicd_control_vip

  # HAProxy
  - system.salt.minion.cert.proxy.cicd
  - system.haproxy.proxy.single
  - system.haproxy.proxy.listen.cicd.aptly
  - system.haproxy.proxy.listen.cicd.gerrit
  - system.haproxy.proxy.listen.cicd.jenkins
  - system.haproxy.proxy.listen.docker.registry
  - system.haproxy.proxy.listen.docker.visualizer
  - system.haproxy.proxy.listen.openldap
  - system.haproxy.proxy.listen.oss.devops_portal
  - system.haproxy.proxy.listen.oss.elasticsearch
  - system.haproxy.proxy.listen.oss.postgresql
  - system.haproxy.proxy.listen.oss.pushkin
  - system.haproxy.proxy.listen.oss.rundeck
  - system.haproxy.proxy.listen.oss.security_monkey
  - system.haproxy.proxy.listen.phpldapadmin
  - system.haproxy.proxy.listen.mysql
  - system.haproxy.proxy.listen.stats

  # PostgreSQL
  - system.postgresql.client.pushkin
  - system.postgresql.client.rundeck
  - system.postgresql.client.security_monkey

  # DevOps Portal
  - system.devops_portal.service.elasticsearch
  - system.devops_portal.service.gerrit
  - system.devops_portal.service.jenkins
  - system.devops_portal.service.pushkin
  - system.devops_portal.service.rundeck
  - system.devops_portal.service.security_monkey

  # Rundeck
  - system.rundeck.client.runbook

  - cluster.virtual-mcp-ocata-cicd.infra

parameters:
  _param:
    cluster_node01_name: ${_param:cicd_control_node01_hostname}
    cluster_node01_address: ${_param:cicd_control_node01_address}
    cluster_node02_name: ${_param:cicd_control_node02_hostname}
    cluster_node02_address: ${_param:cicd_control_node02_address}
    cluster_node03_name: ${_param:cicd_control_node03_hostname}
    cluster_node03_address: ${_param:cicd_control_node03_address}
    keepalived_vip_virtual_router_id: 180
    keepalived_vip_password: TLrAYaAbAEZwXsp1
    keepalived_vip_interface: ens3
    control_vip_address: ${_param:cicd_control_address}
    cluster_vip_address: ${_param:control_vip_address}
    glusterfs_service_host: ${_param:control_vip_address}
    cluster_public_host: ${_param:control_vip_address}
    salt_api_password: Dnx3fapzHIcGuURdDck3DPv78V3ehwue
    # Docker images and versions
    docker_registry_http_secret: jvJRsYDEPts2HdNk
    # CI/CD service databases
    mysql_admin_password: TSi6AgDGv2nZjblQ
    mysql_gerrit_password: f6XRcwSNHTh8zCuS

    # Proxy
    cluster_ssl_certificate:
      enabled: true
      pem_file: /etc/haproxy/ssl/${_param:cluster_public_host}-all.pem
    haproxy_bind_address: ${_param:cluster_vip_address}
    haproxy_mysql_source_port: 13306
    salt_minion_ca_host: cfg01.${_param:cluster_domain}

    # Aptly
    aptly_gpg_keypair_id: none
    aptly_gpg_passphrase: none
    aptly_server_secure: false
    aptly_gpg_public_key: none
    aptly_gpg_private_key: none

    # OpenLDAP
    openldap_organisation: "${_param:cluster_name}"
    openldap_dn: "dc=virtual-mcp-ocata-cicd,dc=local"
    openldap_domain: "virtual-mcp-ocata-cicd.local"
    openldap_admin_password: UdTuP7GPPTaCoPSV
    openldap_config_password: RQK8h0F3aNdvv26U
    openldap_readonly_password: myMSnD6mn8ziUP2S

    # PostgreSQL
    docker_image_postgresql: "library/postgres:9.6"
    postgresql_admin_user_password: faeRpEA4uye2Sj2s
    postgresql_client_user: ${_param:postgresql_admin_user}
    postgresql_client_password: ${_param:postgresql_admin_user_password}
    postgresql_client_host: ${_param:haproxy_postgresql_bind_host}
    postgresql_client_port: ${_param:haproxy_postgresql_bind_port}

    # Jenkins
    jenkins_slave_user: admin
    jenkins_client_user: admin
    jenkins_admin_password: ${_param:openldap_admin_password}
    jenkins_security_ldap_server: ${_param:cluster_vip_address}
    jenkins_security_ldap_root_dn: ${_param:openldap_dn}
    jenkins_security_ldap_manager_dn: "cn=admin,${_param:openldap_dn}"
    jenkins_security_ldap_manager_password: ${_param:openldap_admin_password}
    jenkins_slave_password: ${_param:jenkins_admin_password}
    jenkins_client_password: ${_param:jenkins_admin_password}
    jenkins_admin_email: ${_param:admin_email}
    jenkins_admin_public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3PNQbFye7OC13h7esNT+LXtIKOZbmSmQdj2wrVW1nwFQBodgG2XFJUyKwVZ3gCqS68sN0kOzqix/R4oOL2lm1vZX69Mx3mON6fkvMdgpaEE78VH/SAiuUhCLP83Ic1QRp55uriZ0a1Pa91kqqXnqWLQX7NK4oTtps1sukxg+WVyT55jnwJ8F4a2HIgf+heZNunfw1NlQI6tGXwdiTON7agVybodtRQZctB3/6rQrxKFT9No5BYrEtt2sEg4xBl/XvhbBIyKmi2URgSOplpezGGJcVHTCddRRP0st4etsh39I8H0qzwWnufgYr1dGCr7AOt0grQOUaAKivjK/PV7IL
    jenkins_admin_private_key: |
      -----BEGIN RSA PRIVATE KEY-----
      MIIEpQIBAAKCAQEAtzzUGxcnuzgtd4e3rDU/i17SCjmW5kpkHY9sK1VtZ8BUAaHY
      BtlxSVMisFWd4AqkuvLDdJDs6osf0eKDi9pZtb2V+vTMd5jjen5LzHYKWhBO/FR/
      0gIrlIQiz/NyHNUEaeebq4mdGtT2vdZKql56li0F+zSuKE7abNbLpMYPllck+eY5
      8CfBeGthyIH/oXmTbp38NTZUCOrRl8HYkzje2oFcm6HbUUGXLQd/+q0K8ShU/TaO
      QWKxLbdrBIOMQZf174WwSMipotlEYEjqZaXsxhiXFR0wnXUUT9LLeHrbId/SPB9K
      s8Fp7n4GK9XRgq+wDrdIK0DlGgCor4yvz1eyCwIDAQABAoIBAB3a5Vw8m5afgpj1
      HfILAv18R5Cu7W08Na+zTJaK5rZ+2bEiY4ZKK3EdAIvmh0CXu1tSbpIxgsh8PoT9
      +RzySKeZ6jPnauEZoga1SThZCzq9aYEna2QWQm+CUAG90pvsAToYKH78fwJ+LG2l
      2qiDmEmbsFvLq4yZvHD7VlbUhnmiFm1kzPPa2SdeimYl0TlOKOMS/l0UkG0isMEQ
      3dGR3GOCA9az7UAuBvB0rAhOjWUfDEFGeKYlZ9kHgK6r7eYMA0Ij7eIbZYvE0tAE
      slhhevDbrnEpzD3XClSmco62RhRIhvS639Q09IksA+yLBFLnjVOtEsWroD4iFDPI
      4kLTewECgYEA6x6i5YlY5Mxsq7S22d4XcSafd7FJm7FNZeM+8/aPeQjSunXby5rD
      pYQBYGZG9pNuJ6R6hxunlWiTmzkogZLoWqDfTrjjJ7qnYpA/6NS97jdDBq8o5lIb
      LWFLn86QyuLUFLUzPbeBsAfiRAoKm6qdmwCMNHEuleLOGVUdTx84PksCgYEAx4Kr
      8jvyRazRQtbYWTvMViHs7w5tYRUI7NZ35DfI2nJA/VRWfCvK7F/QpgFfeEB3vBVM
      +s9HBiJ23cqS44Iw/WhGMdoXSXFqiz6Ry8oQ0LXl1ed1eq8Bq/Y6qbGpgUv6QdYX
      DDE2vezsq4jcmFVRCKexCTVKgf/bSN8VhSLfA0ECgYEAsP1w9oU7y5AvRdpVww+y
      adT/OiTVGkSP1OEJ5LB4NE52AzLxcAVivdfvCVg0ly1IQMNKESa6Mnh0lOakHVYv
      Xvm24BXBuYiCtGmOEoEDMK2c4Q0+JpMsLi8NtJDU4kV6DNSSbCUVlSN6Kmm8ro3y
      8lmpMVj6Do6bQuqVk5gWyJ0CgYEApTU6p1smkrW5jyyTeMkAuu5a4dZDktm1S1GJ
      dA0RoHpuAJjfCPHGlpf9EgofAVf5DmFhHmuX96eAYMbHfeeoI58+STe8gs+NF4MX
      ffZ0mC+YA9onuRDERJ6gEzcQEwZUVEIxUaJLH1ja3mx1pxs3AADEo8hiS2YQMraw
      fk/S9kECgYEAmB1tL0F796xtfaeNwQ35FZW2gpWvJLrBfO5vkXrA8JFhldW5LHr0
      7xy+goivnFtD2rvCMNOVWdGT4yEftajz6vXsXLr2XQ8X3HH8O0BIqWyobguQs3t0
      d4sWoM2Qt45r+B/UoLMPmkjtebmQe+gKbdv8rv+FWPAckc7L7MCkveA=
      -----END RSA PRIVATE KEY-----
    # Jobs params
    jenkins_gerrit_url: ssh://admin@${_param:haproxy_gerrit_bind_host}:${_param:haproxy_gerrit_ssh_bind_port}
    jenkins_aptly_api_url: http://${_param:haproxy_aptly_api_bind_host}:${_param:haproxy_aptly_api_bind_port}
    jenkins_aptly_url: http://${_param:haproxy_aptly_public_bind_host}:${_param:haproxy_aptly_public_bind_port}
    # Gerrit
    gerrit_admin_password: ${_param:openldap_admin_password}
    gerrit_admin_email: ${_param:admin_email}
    gerrit_public_host: http://${_param:haproxy_gerrit_bind_host}:${_param:haproxy_gerrit_bind_port}
    gerrit_admin_public_key: ${_param:jenkins_admin_public_key}
    gerrit_admin_private_key: ${_param:jenkins_admin_private_key}
    gerrit_auth_type: LDAP
    gerrit_ldap_server: "ldap://${_param:cluster_vip_address}"
    gerrit_ldap_bind_user: "cn=admin,${_param:openldap_dn}"
    gerrit_ldap_bind_password: ${_param:openldap_admin_password}
    gerrit_ldap_account_base: ou=people,${_param:openldap_dn}
    gerrit_ldap_group_base: ou=groups,${_param:openldap_dn}

    # Rundeck
    docker_image_rundeck: "docker-prod-local.artifactory.mirantis.com/mirantis/oss/rundeck:latest"
    rundeck_db_user: rundeck
    rundeck_db_user_password: password
    rundeck_db_host: ${_param:haproxy_postgresql_bind_host}
    rundeck_postgresql_username: ${_param:rundeck_db_user}
    rundeck_postgresql_password: ${_param:rundeck_db_user_password}
    rundeck_postgresql_database: rundeck
    rundeck_postgresql_host: ${_param:rundeck_db_host}

    rundeck_cis_enabled: True
    rundeck_cis_os_auth_url: http://172.16.10.254:5000/v3/auth/tokens
    rundeck_cis_os_username: "${_param:oss_openstack_username}"
    rundeck_cis_os_password: "${_param:oss_openstack_password}"
    rundeck_cis_os_project_name: "${_param:oss_openstack_project}"
    rundeck_cis_os_domain_id: "${_param:oss_openstack_domain_id}"
    rundeck_cis_jobs_repository: "https://gerrit.mcp.mirantis.net/oss/rundeck-cis-jobs"
    rundeck_cis_jobs_revision: "master"
    rundeck_cis_os_docker_image: "docker-prod-local.artifactory.mirantis.com/mirantis/oss/cis-openstack:latest"
    rundeck_cis_elasticsearch_url: http://${_param:haproxy_elasticsearch_bind_host}:${_param:haproxy_elasticsearch_http_bind_port}

    rundeck_runbook_public_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBPHRctBuN16hVe05HxKeN1AqPqbjvWvqQ1zcr/sbJJXHgVBTACRD6G+DAi7SSJr7dLzyeNo042szJclsH/qf9h0tcytINATzye//x6MtzXZ4YIDkcd1Yhz1LRgCXk1PvIensJAdClYOymx+SRaJxEEzbLxgqhSnYOUY3xVGbUrgfXI9+ZG9hs9zfq5JEMRjQay5p+xuYv/wCoU+pbFPDmsW0hQ99O+XBHcwrpU3crkImetTM2WfnRlBkoJypLv/HicTJtnL91/BWcebvW50oxrEq1QQ82T1Wl3pQsJw24M48fXyl/HbF2QVP6O1Ptqr3O7cIByxJWHih3paZncVEj
    rundeck_runbook_private_key: |
      -----BEGIN RSA PRIVATE KEY-----
      MIIEpAIBAAKCAQEAwTx0XLQbjdeoVXtOR8SnjdQKj6m471r6kNc3K/7GySVx4FQU
      wAkQ+hvgwIu0kia+3S88njaNONrMyXJbB/6n/YdLXMrSDQE88nv/8ejLc12eGCA5
      HHdWIc9S0YAl5NT7yHp7CQHQpWDspsfkkWicRBM2y8YKoUp2DlGN8VRm1K4H1yPf
      mRvYbPc36uSRDEY0GsuafsbmL/8AqFPqWxTw5rFtIUPfTvlwR3MK6VN3K5CJnrUz
      Nln50ZQZKCcqS7/x4nEybZy/dfwVnHm71udKMaxKtUEPNk9Vpd6ULCcNuDOPH18p
      fx2xdkFT+jtT7aq9zu3CAcsSVh4od6WmZ3FRIwIDAQABAoIBAQCsnUNY2G7Quzec
      /KQFyi7eq+6vPK596ihwIEAhpdqPLkrWWGWc0bx/n02a0nGAKOpQjPS6ZAKtKg7L
      WMLmll4cRLJWdrtCcLuv5ILS5uBu8s7ZwFckDZo8Y4YYrT+sdXFhOcAUYLGwOa/M
      oD2WgvsseHl3eDZgtDJXQhTo4jtleW4/ZETmduUBx2djSfwx2vv8N6V7+5bH2kvL
      3PgR3PYp1uD+dPDy00SwuiWDDwljubQzpres8K4ikIWWaU4/t9TUBv+PJt3Kbavi
      0ca+jdpRdPCW4QmEhNT+D10B3DCN9uVt9leCrYzvcrT1ElqiL4ODBefG0clKq64d
      Zc59IVypAoGBAO2PX2qApylv+uuVe2dscH10qUjgYIuXeszJYtSCiPbu7yMcuFWo
      c6sqU2/l/4vdd8qeHvS75VPzmX2QfF9p1EsL+LE5tzc3m54WfJ884LLI+nx8ynKU
      HrbaLCGCK09bLNXM7XkFTe9s+XrJzgqdff/rF2nZHHyoqPObSgaG//HnAoGBANA8
      TusN74PUX4ABLwGCLEd4/qRa0kgFtwngrcUY9XMWhrJUqi9tKJLN2URhqTbOzFA0
      qv3n6TgZQSVH4ojmgL8EElSU2qKjDQ/jk/kEr5A+sBLdzXWZWdGv/BdB2yn95JH4
      qoD4E9PWkNwz+e6I5PivXrVVIA0PEZ2cthutR/dlAoGBAORHzvfoEzpliijSZ1h2
      Qw67iWUngH8DnJSnvRnbKkSoTBJgqd5eVnCX5r/zs4Ky2kdRdQvWd0QaJVgc/Pcv
      GjrXkS60+JPOEvNyRmU6ue3z5Yi03lIGdhFeS+QTUw0Z31bAaz7NUxwNixtsS1u2
      Bftj7QbhBFfiNyCJDDSDi/XnAoGAbsd2sIO0ZSypNZ7rk+Ddj5Rl26fZcKlhq+aU
      a2OQyI42UE7MTvjCef760+8kp1yywwSR5wvmPYrp5lxsvqnp2jTfT5H1Ekqt20MV
      6Ic+ov1GjHLlJ+fSKcR21ySY5KkGXUWt53iSi8L9Q7h/ARBgx4/8UXmc2HWoyHGj
      S+wOeiUCgYA2EMH3QOP+LewScNkdgDr9e20+NxmZs+b0ZOk6JAUE+/YLSNDlRQZV
      fL0f0cjIyCdKfv+nR4gdMnm8RDHBiAqrKK3X9tiZ0fGmPHB+OLwYV8wE1u9jkJDA
      IJA5GNU+Uj6+WbPO+hGn3NBWfb7/tR3ojSv7cBf2eEUh/vLSE9joKA==
      -----END RSA PRIVATE KEY-----

    # Pushkin
    docker_image_pushkin: "docker-sandbox.sandbox.mirantis.net/vstoiko/oss/pushkin:latest"
    pushkin_db_user: pushkin
    pushkin_db_user_password: kRQaFJWiqhQfy6sN
    pushkin_db_host: ${_param:haproxy_postgresql_bind_host}
    #..WebHook notification senders
    webhook_from: pushkin@example.com
    webhook_recipients: alerts@example.com
    webhook_application_id: "23"
    webhook_login_id: "11"
    webhook_sfdc_username: pushkin

    # SecurityMonkey
    docker_image_security_monkey_api: "docker-sandbox.sandbox.mirantis.net/vstoiko/oss/security-monkey-api:6700"
    docker_image_security_monkey_scheduler: "docker-sandbox.sandbox.mirantis.net/vstoiko/oss/security-monkey-scheduler:6700"
    secmonkey_db_user: secmonkey
    secmonkey_db_user_password: rt7HoJbb36eR9wWe
    secmonkey_db_host: ${_param:haproxy_postgresql_bind_host}
    security_monkey_openstack:
      username: admin
      password: workshop
      auth_url: http://172.16.10.254:5000/v3/
      project_name: admin
      user_domain_name: "${_param:oss_openstack_domain_id}"
      project_domain_name: "${_param:oss_openstack_domain_id}"

    # OSS OpenStack
    oss_openstack_username: "admin"
    oss_openstack_password: "password"
    oss_openstack_project: "admin"
    oss_openstack_domain_id: "default"

    # DevOps Portal
    docker_image_devops_portal: "docker-prod-local.artifactory.mirantis.com/mirantis/oss/devops-portal:latest"

    # ElasticSearch
    docker_image_elasticsearch: "docker.elastic.co/elasticsearch/elasticsearch:5.4.1"


  linux:
    system:
      package:
        ca-certificates-java:
          version: latest
    network:
      interface:
        ens3:
          enabled: true
          type: eth
          proto: static
          address: ${_param:single_address}
          netmask: 255.255.255.0