Merge "Update ceph job: remove of unused param Related-Prod: #PROD-30065 (PROD:30065) Related-Prod: #PROD-29949 (PROD:29949)"
diff --git a/defaults/docker_images.yml b/defaults/docker_images.yml
index eee109e..41f161e 100644
--- a/defaults/docker_images.yml
+++ b/defaults/docker_images.yml
@@ -34,7 +34,7 @@
docker_image_prometheus: "${_param:mcp_docker_registry}/openstack-docker/prometheus:${_param:mcp_version}"
docker_image_prometheus_gainsight: "${_param:mcp_docker_registry}/openstack-docker/gainsight:${_param:mcp_version}"
docker_image_prometheus_gainsight_elasticsearch: "${_param:mcp_docker_registry}/openstack-docker/gainsight_elasticsearch:${_param:mcp_version}"
- docker_image_prometheus_relay: "${_param:mcp_docker_registry}/openstack-docker/prometheus_relay:${_param:mcp_version}"
+ docker_image_prometheus_relay: "${_param:mcp_docker_registry}/openstack-docker/prometheus-relay:${_param:mcp_version}"
docker_image_pushgateway: "${_param:mcp_docker_registry}/openstack-docker/pushgateway:${_param:mcp_version}"
docker_image_remote_agent: "${_param:mcp_docker_registry}/openstack-docker/telegraf:${_param:mcp_version}"
docker_image_remote_collector: "${_param:mcp_docker_registry}/openstack-docker/heka:${_param:mcp_version}"
@@ -49,6 +49,7 @@
# CVP
docker_image_cvp_sanity_checks: ${_param:mcp_docker_registry}/mirantis/cvp/cvp-sanity-checks:${_param:mcp_version}
docker_image_cvp_shaker_checks: ${_param:mcp_docker_registry}/mirantis/cvp/cvp-shaker:${_param:mcp_version}
+ docker_image_cvp_tempest: "${_param:mcp_docker_registry}/mirantis/cicd/ci-tempest:${_param:openstack_version}"
# aptly
docker_image_aptly:
base: "${_param:mcp_docker_registry}/mirantis/cicd/aptly:${_param:mcp_version}"
diff --git a/defaults/haproxy/init.yml b/defaults/haproxy/init.yml
index 499e085..83147ea 100644
--- a/defaults/haproxy/init.yml
+++ b/defaults/haproxy/init.yml
@@ -1,2 +1,3 @@
classes:
- system.defaults.haproxy.elasticsearch
+- system.defaults.haproxy.opencontrail
diff --git a/defaults/haproxy/opencontrail.yml b/defaults/haproxy/opencontrail.yml
new file mode 100644
index 0000000..ee0756e
--- /dev/null
+++ b/defaults/haproxy/opencontrail.yml
@@ -0,0 +1,3 @@
+parameters:
+ _param:
+ haproxy_opencontrail_api_check_params: check inter 2000 rise 2 fall 3
diff --git a/defaults/opencontrail/init.yml b/defaults/opencontrail/init.yml
index 24cd68e..1b0bf54 100644
--- a/defaults/opencontrail/init.yml
+++ b/defaults/opencontrail/init.yml
@@ -4,3 +4,9 @@
opencontrail_identity_port: 35357
opencontrail_identity_version: '2.0'
opencontrail_admin_user: 'contrail'
+ opencontrail_api_protocol: http
+ opencontrail_api_ssl_enabled: False
+ opencontrail_api_certfile: /etc/contrail/ssl/opencontrail_api.crt
+ opencontrail_api_keyfile: /etc/contrail/ssl/opencontrail_api.key
+ opencontrail_api_cafile: /etc/contrail/ssl/ca-opencontrail_api.pem
+ opencontrail_api_all_pemfile: /etc/ssl/certs/opencontrail_api_with_chain.pem
diff --git a/docker/swarm/stack/jenkins/jnlp_slave_multi.yml b/docker/swarm/stack/jenkins/jnlp_slave_multi.yml
index 5246cb7..3606bad 100644
--- a/docker/swarm/stack/jenkins/jnlp_slave_multi.yml
+++ b/docker/swarm/stack/jenkins/jnlp_slave_multi.yml
@@ -20,6 +20,7 @@
https_proxy: ${_param:docker_https_proxy}
http_proxy: ${_param:docker_http_proxy}
no_proxy: "jenkins_master,${_param:docker_no_proxy}"
+ GIT_SSL_CAINFO: /etc/ssl/certs/ca-${_param:salt_minion_ca_authority}.pem
deploy:
restart_policy:
condition: any
@@ -29,6 +30,7 @@
image: ${_param:docker_image_jenkins_jnlp_slave}
volumes:
- /etc/ssl/certs/:/etc/ssl/certs/:ro
+ - /etc/ssl/certs/ca-${_param:salt_minion_ca_authority}.pem:/etc/ssl/certs/ca-${_param:salt_minion_ca_authority}.pem:ro
- /dev/urandom:/dev/random:ro
- /var/run/docker.sock:/var/run/docker.sock
- /usr/bin/docker:/usr/bin/docker:ro
@@ -44,6 +46,7 @@
https_proxy: ${_param:docker_https_proxy}
http_proxy: ${_param:docker_http_proxy}
no_proxy: "jenkins_master,${_param:docker_no_proxy}"
+ GIT_SSL_CAINFO: /etc/ssl/certs/ca-${_param:salt_minion_ca_authority}.pem
deploy:
restart_policy:
condition: any
@@ -53,6 +56,7 @@
image: ${_param:docker_image_jenkins_jnlp_slave}
volumes:
- /etc/ssl/certs/:/etc/ssl/certs/:ro
+ - /etc/ssl/certs/ca-${_param:salt_minion_ca_authority}.pem:/etc/ssl/certs/ca-${_param:salt_minion_ca_authority}.pem:ro
- /dev/urandom:/dev/random:ro
- /var/run/docker.sock:/var/run/docker.sock
- /usr/bin/docker:/usr/bin/docker:ro
diff --git a/docker/swarm/stack/jenkins/jnlp_slave_single.yml b/docker/swarm/stack/jenkins/jnlp_slave_single.yml
index 8b05c47..956f918 100644
--- a/docker/swarm/stack/jenkins/jnlp_slave_single.yml
+++ b/docker/swarm/stack/jenkins/jnlp_slave_single.yml
@@ -24,6 +24,7 @@
https_proxy: ${_param:docker_https_proxy}
http_proxy: ${_param:docker_http_proxy}
no_proxy: "jenkins_master,${_param:docker_no_proxy}"
+ GIT_SSL_CAINFO: /etc/ssl/certs/ca-${_param:salt_minion_ca_authority}.pem
deploy:
restart_policy:
condition: any
@@ -33,6 +34,7 @@
image: ${_param:docker_image_jenkins_jnlp_slave}
volumes:
- /etc/ssl/certs/:/etc/ssl/certs/:ro
+ - /etc/ssl/certs/ca-${_param:salt_minion_ca_authority}.pem:/etc/ssl/certs/ca-${_param:salt_minion_ca_authority}.pem:ro
- /dev/urandom:/dev/random:ro
- /var/run/docker.sock:/var/run/docker.sock
- /usr/bin/docker:/usr/bin/docker:ro
diff --git a/docker/swarm/stack/jenkins/master.yml b/docker/swarm/stack/jenkins/master.yml
index 6ec6afb..9f3f0c2 100644
--- a/docker/swarm/stack/jenkins/master.yml
+++ b/docker/swarm/stack/jenkins/master.yml
@@ -23,6 +23,7 @@
https_proxy: ${_param:docker_https_proxy}
http_proxy: ${_param:docker_http_proxy}
no_proxy: ${_param:docker_no_proxy}
+ GIT_SSL_CAINFO: /etc/ssl/certs/ca-${_param:salt_minion_ca_authority}.pem
deploy:
restart_policy:
condition: any
@@ -33,3 +34,4 @@
volumes:
- /srv/volumes/jenkins:/var/jenkins_home
- /etc/ssl/certs/java/cacerts:/etc/ssl/certs/java/cacerts:ro
+ - /etc/ssl/certs/ca-${_param:salt_minion_ca_authority}.pem:/etc/ssl/certs/ca-${_param:salt_minion_ca_authority}.pem:ro
diff --git a/docker/swarm/stack/jenkins/ssh_slave_multi.yml b/docker/swarm/stack/jenkins/ssh_slave_multi.yml
index 2959e4d..5eafe44 100644
--- a/docker/swarm/stack/jenkins/ssh_slave_multi.yml
+++ b/docker/swarm/stack/jenkins/ssh_slave_multi.yml
@@ -15,6 +15,7 @@
https_proxy: ${_param:docker_https_proxy}
http_proxy: ${_param:docker_http_proxy}
no_proxy: "jenkins_master,${_param:docker_no_proxy}"
+ GIT_SSL_CAINFO: /etc/ssl/certs/ca-${_param:salt_minion_ca_authority}.pem
deploy:
restart_policy:
condition: any
@@ -24,6 +25,7 @@
image: ${_param:docker_image_jenkins_ssh_slave}
volumes:
- /etc/ssl/certs/:/etc/ssl/certs/:ro
+ - /etc/ssl/certs/ca-${_param:salt_minion_ca_authority}.pem:/etc/ssl/certs/ca-${_param:salt_minion_ca_authority}.pem:ro
- /dev/urandom:/dev/random:ro
- /var/run/docker.sock:/var/run/docker.sock
- /usr/bin/docker:/usr/bin/docker:ro
@@ -34,6 +36,7 @@
https_proxy: ${_param:docker_https_proxy}
http_proxy: ${_param:docker_http_proxy}
no_proxy: "jenkins_master,${_param:docker_no_proxy}"
+ GIT_SSL_CAINFO: /etc/ssl/certs/ca-${_param:salt_minion_ca_authority}.pem
deploy:
restart_policy:
condition: any
@@ -43,6 +46,7 @@
image: ${_param:docker_image_jenkins_ssh_slave}
volumes:
- /etc/ssl/certs/:/etc/ssl/certs/:ro
+ - /etc/ssl/certs/ca-${_param:salt_minion_ca_authority}.pem:/etc/ssl/certs/ca-${_param:salt_minion_ca_authority}.pem:ro
- /dev/urandom:/dev/random:ro
- /var/run/docker.sock:/var/run/docker.sock
- /usr/bin/docker:/usr/bin/docker:ro
diff --git a/docker/swarm/stack/jenkins/ssh_slave_single.yml b/docker/swarm/stack/jenkins/ssh_slave_single.yml
index dbdaf1d..f4e16a2 100644
--- a/docker/swarm/stack/jenkins/ssh_slave_single.yml
+++ b/docker/swarm/stack/jenkins/ssh_slave_single.yml
@@ -17,6 +17,7 @@
https_proxy: ${_param:docker_https_proxy}
http_proxy: ${_param:docker_http_proxy}
no_proxy: "jenkins_master,${_param:docker_no_proxy}"
+ GIT_SSL_CAINFO: /etc/ssl/certs/ca-${_param:salt_minion_ca_authority}.pem
deploy:
restart_policy:
condition: any
@@ -26,6 +27,7 @@
image: ${_param:docker_image_jenkins_ssh_slave}
volumes:
- /etc/ssl/certs/:/etc/ssl/certs/:ro
+ - /etc/ssl/certs/ca-${_param:salt_minion_ca_authority}.pem:/etc/ssl/certs/ca-${_param:salt_minion_ca_authority}.pem:ro
- /dev/urandom:/dev/random:ro
- /var/run/docker.sock:/var/run/docker.sock
- /usr/bin/docker:/usr/bin/docker:ro
diff --git a/haproxy/proxy/listen/opencontrail/control4_0.yml b/haproxy/proxy/listen/opencontrail/control4_0.yml
index 22623fd..c9f37c3 100644
--- a/haproxy/proxy/listen/opencontrail/control4_0.yml
+++ b/haproxy/proxy/listen/opencontrail/control4_0.yml
@@ -11,23 +11,26 @@
binds:
- address: ${_param:cluster_vip_address}
port: 8082
+ ssl:
+ enabled: ${_param:opencontrail_api_ssl_enabled}
+ pem_file: ${_param:opencontrail_api_all_pemfile}
servers:
- name: ntw01
host: ${_param:cluster_node01_address}
port: 9100
- params: check inter 2000 rise 2 fall 3
+ params: ${_param:haproxy_opencontrail_api_check_params}
port_range_length: ${_param:opencontrail_api_workers_count}
port_range_start_offset: ${_param:opencontrail_api_start_offset}
- name: ntw02
host: ${_param:cluster_node02_address}
port: 9100
- params: check inter 2000 rise 2 fall 3
+ params: ${_param:haproxy_opencontrail_api_check_params}
port_range_length: ${_param:opencontrail_api_workers_count}
port_range_start_offset: ${_param:opencontrail_api_start_offset}
- name: ntw03
host: ${_param:cluster_node03_address}
port: 9100
- params: check inter 2000 rise 2 fall 3
+ params: ${_param:haproxy_opencontrail_api_check_params}
port_range_length: ${_param:opencontrail_api_workers_count}
port_range_start_offset: ${_param:opencontrail_api_start_offset}
contrail_config_stats:
diff --git a/jenkins/client/job/ceph/upgrade.yml b/jenkins/client/job/ceph/upgrade.yml
index c1c1a2c..edfb67b 100644
--- a/jenkins/client/job/ceph/upgrade.yml
+++ b/jenkins/client/job/ceph/upgrade.yml
@@ -6,6 +6,7 @@
type: workflow-scm
concurrent: true
display_name: "Ceph - upgrade"
+ description: "Jewel-Luminous upgrade job"
discard:
build:
keep_num: 50
diff --git a/jenkins/client/job/deploy/update/upgrade_galera.yml b/jenkins/client/job/deploy/update/upgrade_galera.yml
index 83593ec..8864529 100644
--- a/jenkins/client/job/deploy/update/upgrade_galera.yml
+++ b/jenkins/client/job/deploy/update/upgrade_galera.yml
@@ -27,10 +27,6 @@
SALT_MASTER_CREDENTIALS:
type: string
default: "salt"
- BACKUP_GALERA:
- type: boolean
- default: 'true'
- description: "Backup galera cluster"
SHUTDOWN_CLUSTER:
type: boolean
default: 'false'
diff --git a/jenkins/client/job/validate.yml b/jenkins/client/job/validate.yml
index a99c583..aef3af1 100644
--- a/jenkins/client/job/validate.yml
+++ b/jenkins/client/job/validate.yml
@@ -259,7 +259,7 @@
cvp-tempest:
type: workflow-scm
name: cvp-tempest
- display_name: "CVP - Functional tests (new)"
+ display_name: "CVP - Tempest (new)"
discard:
build:
keep_num: 20
@@ -298,9 +298,7 @@
---
DEBUG_MODE: false
GENERATE_CONFIG: true
- TARGET_NODE: "I@gerrit:client"
- SKIP_LIST_PATH: ""
- TEST_IMAGE: "docker-prod-virtual.docker.mirantis.net/mirantis/cicd/ci-tempest:${_param:openstack_version}"
+ TEST_IMAGE: "${_param:docker_image_cvp_tempest}"
report_prefix: "cvp_"
description: YAML context with additional parameters
cvp-perf:
diff --git a/keystone/client/service/contrail.yml b/keystone/client/service/contrail.yml
index 6792156..8f2534e 100644
--- a/keystone/client/service/contrail.yml
+++ b/keystone/client/service/contrail.yml
@@ -1,8 +1,6 @@
classes:
- system.keystone.client.v3.service.contrail
parameters:
- _param:
- contrail_service_protocol: http
keystone:
client:
server:
@@ -25,11 +23,11 @@
public_address: ${_param:cluster_public_host}
public_port: 8082
public_path: ''
- internal_protocol: ${_param:contrail_service_protocol}
+ internal_protocol: ${_param:opencontrail_api_protocol}
internal_address: ${_param:opencontrail_control_address}
internal_port: 8082
internal_path: ''
- admin_protocol: ${_param:contrail_service_protocol}
+ admin_protocol: ${_param:opencontrail_api_protocol}
admin_address: ${_param:opencontrail_control_address}
admin_port: 8082
admin_path: ''
\ No newline at end of file
diff --git a/keystone/client/v3/service/contrail.yml b/keystone/client/v3/service/contrail.yml
index 930804a..f9bbd69 100644
--- a/keystone/client/v3/service/contrail.yml
+++ b/keystone/client/v3/service/contrail.yml
@@ -1,6 +1,4 @@
parameters:
- _param:
- contrail_service_protocol: http
keystone:
client:
server:
@@ -37,9 +35,9 @@
region: ${_param:openstack_region}
contrail_internal:
interface: 'internal'
- url: ${_param:contrail_service_protocol}://${_param:opencontrail_control_address}:8082
+ url: ${_param:opencontrail_api_protocol}://${_param:opencontrail_control_address}:8082
region: ${_param:openstack_region}
contrail_admin:
interface: 'admin'
- url: ${_param:contrail_service_protocol}://${_param:opencontrail_control_address}:8082
+ url: ${_param:opencontrail_api_protocol}://${_param:opencontrail_control_address}:8082
region: ${_param:openstack_region}
diff --git a/neutron/control/opencontrail/cluster.yml b/neutron/control/opencontrail/cluster.yml
index a33c273..8b09377 100644
--- a/neutron/control/opencontrail/cluster.yml
+++ b/neutron/control/opencontrail/cluster.yml
@@ -16,6 +16,7 @@
engine: contrail
host: ${_param:opencontrail_control_address}
port: 8082
+ use_ssl: ${_param:opencontrail_api_ssl_enabled}
user: ${_param:opencontrail_admin_user}
password: ${_param:opencontrail_admin_password}
tenant: admin
diff --git a/salt/minion/cert/opencontrail/api.yml b/salt/minion/cert/opencontrail/api.yml
new file mode 100644
index 0000000..717fb33
--- /dev/null
+++ b/salt/minion/cert/opencontrail/api.yml
@@ -0,0 +1,17 @@
+parameters:
+ salt:
+ minion:
+ cert:
+ opencontrail_api:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: opencontrail_api
+ signing_policy: cert_server
+ alternative_names: IP:127.0.0.1,IP:${_param:cluster_local_address},IP:${_param:cluster_vip_address},DNS:${linux:system:name},DNS:${linux:network:fqdn},DNS:${_param:cluster_vip_address}
+ key_file: ${_param:opencontrail_api_keyfile}
+ cert_file: ${_param:opencontrail_api_certfile}
+ ca_file: ${_param:opencontrail_api_cafile}
+ all_file: ${_param:opencontrail_api_all_pemfile}
+ user: contrail
+ enabled: true
+ engine: salt