Merge "Add options for Kubernetes Ingress controller"
diff --git a/apache/server/proxy/openstack/oadh.yml b/apache/server/proxy/openstack/aodh.yml
similarity index 100%
rename from apache/server/proxy/openstack/oadh.yml
rename to apache/server/proxy/openstack/aodh.yml
diff --git a/apache/server/site/aodh.yml b/apache/server/site/aodh.yml
new file mode 100644
index 0000000..6ce5ede
--- /dev/null
+++ b/apache/server/site/aodh.yml
@@ -0,0 +1,36 @@
+parameters:
+ _param:
+ apache_ssl:
+ enabled: false
+ apache_aodh_ssl: ${_param:apache_ssl}
+ aodh_api_workers: 2
+ apache_aodh_api_host: ${linux:network:fqdn}
+ apache_aodh_api_address: ${_param:single_address}
+ apache_aodh_api_port: 8042
+ apache:
+ server:
+ site:
+ aodh:
+ enabled: false
+ available: true
+ type: wsgi
+ name: aodh
+ ssl: ${_param:apache_aodh_ssl}
+ host:
+ name: ${_param:apache_aodh_api_host}
+ address: ${_param:apache_aodh_api_address}
+ port: ${_param:apache_aodh_api_port}
+ log:
+ custom:
+ format: >-
+ %v:%p %{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %D %O \"%{Referer}i\" \"%{User-Agent}i\"
+ wsgi:
+ daemon_process: aodh-api
+ processes: ${_param:aodh_api_workers}
+ threads: 1
+ user: aodh
+ group: aodh
+ display_name: '%{GROUP}'
+ script_alias: '/ /usr/share/aodh/app.wsgi'
+ application_group: '%{GLOBAL}'
+ authorization: 'On'
diff --git a/debmirror/mirror_mirantis_com/elasticsearch-5.x/xenial.yml b/debmirror/mirror_mirantis_com/elasticsearch-5.x/xenial.yml
new file mode 100644
index 0000000..fd80c19
--- /dev/null
+++ b/debmirror/mirror_mirantis_com/elasticsearch-5.x/xenial.yml
@@ -0,0 +1,24 @@
+parameters:
+ _param:
+ apt_mk_version: 'stable'
+ mirror_mirantis_com_elasticsearch_5_x_xenial_force: False
+ debmirror_mirrors_base_target_dir: "/srv/volumes/aptly/public/${_param:apt_mk_version}/"
+ debmirror:
+ client:
+ enabled: true
+ mirrors:
+ mirror_mirantis_com_elasticsearch_5_x_xenial:
+ enabled: true
+ force: ${_param:mirror_mirantis_com_elasticsearch_5_x_xenial_force}
+ lock_target: True
+ extra_flags: [ '--verbose', '--progress', '--nosource', '--no-check-gpg', '--rsync-extra=none' ]
+ method: "rsync"
+ arch: [ 'amd64' ]
+ mirror_host: "mirror.mirantis.com"
+ mirror_root: ":mirror/${_param:apt_mk_version}/elasticsearch-5.x/xenial/"
+ target_dir: "${_param:debmirror_mirrors_base_target_dir}/elasticsearch-5.x/xenial/"
+ log_file: "/var/log/debmirror/mirror_mirantis_com_elasticsearch_5_x_xenial.log"
+ dist: [ stable ]
+ section: [ main ]
+ filter:
+ 001: "--exclude='-dbg_'"
diff --git a/debmirror/mirror_mirantis_com/elasticsearch-curator-5/xenial.yml b/debmirror/mirror_mirantis_com/elasticsearch-curator-5/xenial.yml
new file mode 100644
index 0000000..f939c79
--- /dev/null
+++ b/debmirror/mirror_mirantis_com/elasticsearch-curator-5/xenial.yml
@@ -0,0 +1,22 @@
+parameters:
+ _param:
+ apt_mk_version: 'stable'
+ mirror_mirantis_com_elasticsearch_curator_5_xenial_force: False
+ debmirror_mirrors_base_target_dir: "/srv/volumes/aptly/public/${_param:apt_mk_version}/"
+ debmirror:
+ client:
+ enabled: true
+ mirrors:
+ mirror_mirantis_com_elasticsearch_curator_5_xenial:
+ enabled: true
+ force: ${_param:mirror_mirantis_com_elasticsearch_curator_5_xenial_force}
+ lock_target: True
+ extra_flags: [ '--verbose', '--progress', '--nosource', '--no-check-gpg', '--rsync-extra=none' ]
+ method: "rsync"
+ arch: [ 'amd64' ]
+ mirror_host: "mirror.mirantis.com"
+ mirror_root: ":mirror/${_param:apt_mk_version}/elasticsearch-curator-5/xenial/"
+ target_dir: "${_param:debmirror_mirrors_base_target_dir}/elasticsearch-curator-5/xenial/"
+ log_file: "/var/log/debmirror/mirror_mirantis_com_elasticsearch_curator_5_xenial.log"
+ dist: [ stable ]
+ section: [ main ]
diff --git a/docker/swarm/stack/artifactory.yml b/docker/swarm/stack/artifactory.yml
index caab0ee..2dd9f15 100644
--- a/docker/swarm/stack/artifactory.yml
+++ b/docker/swarm/stack/artifactory.yml
@@ -21,4 +21,4 @@
- /srv/volumes/artifactory/backup:/var/opt/jfrog/artifactory/backup
- /srv/volumes/artifactory/etc:/var/opt/jfrog/artifactory/etc
- /srv/volumes/artifactory/logs:/var/opt/jfrog/artifactory/logs
- - /srv/volumes/artifactory/keys:/var/opt/jfrog/artifactory/access/etc/keys
+ - /srv/volumes/artifactory/access:/var/opt/jfrog/artifactory/access
diff --git a/horizon/server/plugin/octavia.yml b/horizon/server/plugin/octavia.yml
new file mode 100644
index 0000000..2dd5c69
--- /dev/null
+++ b/horizon/server/plugin/octavia.yml
@@ -0,0 +1,9 @@
+parameters:
+ horizon:
+ server:
+ plugin:
+ octavia-dashboard:
+ source:
+ engine: pkg
+ name: python-octavia-dashboard
+
diff --git a/jenkins/client/job/deploy/update/kubernetes_update.yml b/jenkins/client/job/deploy/update/kubernetes_update.yml
index acdb8e0..11279ed 100644
--- a/jenkins/client/job/deploy/update/kubernetes_update.yml
+++ b/jenkins/client/job/deploy/update/kubernetes_update.yml
@@ -38,6 +38,14 @@
SALT_MASTER_CREDENTIALS:
type: string
default: "salt-qa-credentials"
+ SIMPLE_UPGRADE:
+ type: boolean
+ default: 'false'
+ description: "Choose between simple upgrade or upgrade with draining nodes"
+ UPGRADE_DOCKER:
+ type: boolean
+ default: 'false'
+ description: "Upgrade docker or not"
PER_NODE:
type: boolean
default: 'true'
diff --git a/jenkins/client/job/oscore/cookiecutter.yml b/jenkins/client/job/oscore/cookiecutter.yml
index 84c96d8..ca6e6f6 100644
--- a/jenkins/client/job/oscore/cookiecutter.yml
+++ b/jenkins/client/job/oscore/cookiecutter.yml
@@ -35,7 +35,10 @@
- openstack-ovs-core-manila-pike
- openstack-ovs-core-telemetry-pike
- openstack-ovs-core-queens
+ - openstack-ovs-core-extra-queens
- openstack-ovs-core-ssl-queens
+ - openstack-ovs-core-extra-ssl-queens
+ - openstack-ovs-core-barbican-ssl-queens
STACK_INSTALL:
type: string
default: 'core,openstack,ovs'
diff --git a/jenkins/client/job/security/openscap.yml b/jenkins/client/job/security/openscap.yml
index fae68ab..7bedf61 100644
--- a/jenkins/client/job/security/openscap.yml
+++ b/jenkins/client/job/security/openscap.yml
@@ -30,7 +30,7 @@
default: ""
SALT_MASTER_CREDENTIALS:
type: string
- default: "salt"
+ default: "salt-qa-credentials"
TARGET_SERVERS:
type: string
default: '*'
diff --git a/keystone/client/v3/service/ironic.yml b/keystone/client/v3/service/ironic.yml
index 09c6967..bd101e6 100644
--- a/keystone/client/v3/service/ironic.yml
+++ b/keystone/client/v3/service/ironic.yml
@@ -15,20 +15,20 @@
service_admin:
name: admin
project_id: service
- service:
+ services:
ironic:
type: baremetal
description: OpenStack Baremetal Service
endpoints:
ironic_public:
- internface: 'public'
+ interface: 'public'
url: ${_param:cluster_public_protocol}://${_param:cluster_public_host}:6385
region: ${_param:openstack_region}
ironic_internal:
- internface: 'internal'
+ interface: 'internal'
url: ${_param:ironic_service_protocol}://${_param:ironic_service_host}:6385
region: ${_param:openstack_region}
ironic_admin:
- internface: 'admin'
+ interface: 'admin'
url: ${_param:ironic_service_protocol}://${_param:ironic_service_host}:6385
region: ${_param:openstack_region}
diff --git a/keystone/client/v3/service/radosgw-s3.yml b/keystone/client/v3/service/radosgw-s3.yml
index 25614cb..d069d9e 100644
--- a/keystone/client/v3/service/radosgw-s3.yml
+++ b/keystone/client/v3/service/radosgw-s3.yml
@@ -15,7 +15,7 @@
service_admin:
name: admin
project_id: service
- service:
+ services:
radosgw-s3:
type: s3
description: S3 Service (radosgw)
diff --git a/keystone/client/v3/service/radosgw-swift.yml b/keystone/client/v3/service/radosgw-swift.yml
index 4fa6756..e3b8ac3 100644
--- a/keystone/client/v3/service/radosgw-swift.yml
+++ b/keystone/client/v3/service/radosgw-swift.yml
@@ -15,7 +15,7 @@
service_admin:
name: admin
project_id: service
- service:
+ services:
radosgw-swift:
type: object-store
description: Swift Service (radosgw)
diff --git a/linux/system/repo/keystorage/elasticsearch.yml b/linux/system/repo/keystorage/elasticsearch.yml
new file mode 100644
index 0000000..9bb9dd2
--- /dev/null
+++ b/linux/system/repo/keystorage/elasticsearch.yml
@@ -0,0 +1,47 @@
+parameters:
+ linux:
+ system:
+ repo:
+ mcp_elasticsearch:
+ # pub 2048R/D88E42B4 2013-09-16
+ key: |
+ -----BEGIN PGP PUBLIC KEY BLOCK-----
+ Version: GnuPG v1
+
+ mQENBFI3HsoBCADXDtbNJnxbPqB1vDNtCsqhe49vFYsZN9IOZsZXgp7aHjh6CJBD
+ A+bGFOwyhbd7at35jQjWAw1O3cfYsKAmFy+Ar3LHCMkV3oZspJACTIgCrwnkic/9
+ CUliQe324qvObU2QRtP4Fl0zWcfb/S8UYzWXWIFuJqMvE9MaRY1bwUBvzoqavLGZ
+ j3SF1SPO+TB5QrHkrQHBsmX+Jda6d4Ylt8/t6CvMwgQNlrlzIO9WT+YN6zS+sqHd
+ 1YK/aY5qhoLNhp9G/HxhcSVCkLq8SStj1ZZ1S9juBPoXV1ZWNbxFNGwOh/NYGldD
+ 2kmBf3YgCqeLzHahsAEpvAm8TBa7Q9W21C8vABEBAAG0RUVsYXN0aWNzZWFyY2gg
+ KEVsYXN0aWNzZWFyY2ggU2lnbmluZyBLZXkpIDxkZXZfb3BzQGVsYXN0aWNzZWFy
+ Y2gub3JnPokBOAQTAQIAIgUCUjceygIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgEC
+ F4AACgkQ0n1mbNiOQrRzjAgAlTUQ1mgo3nK6BGXbj4XAJvuZDG0HILiUt+pPnz75
+ nsf0NWhqR4yGFlmpuctgCmTD+HzYtV9fp9qW/bwVuJCNtKXk3sdzYABY+Yl0Cez/
+ 7C2GuGCOlbn0luCNT9BxJnh4mC9h/cKI3y5jvZ7wavwe41teqG14V+EoFSn3NPKm
+ TxcDTFrV7SmVPxCBcQze00cJhprKxkuZMPPVqpBS+JfDQtzUQD/LSFfhHj9eD+Xe
+ 8d7sw+XvxB2aN4gnTlRzjL1nTRp0h2/IOGkqYfIG9rWmSLNlxhB2t+c0RsjdGM4/
+ eRlPWylFbVMc5pmDpItrkWSnzBfkmXL3vO2X3WvwmSFiQbkBDQRSNx7KAQgA5JUl
+ zcMW5/cuyZR8alSacKqhSbvoSqqbzHKcUQZmlzNMKGTABFG1yRx9r+wa/fvqP6OT
+ RzRDvVS/cycws8YX7Ddum7x8uI95b9ye1/Xy5noPEm8cD+hplnpU+PBQZJ5XJ2I+
+ 1l9Nixx47wPGXeClLqcdn0ayd+v+Rwf3/XUJrvccG2YZUiQ4jWZkoxsA07xx7Bj+
+ Lt8/FKG7sHRFvePFU0ZS6JFx9GJqjSBbHRRkam+4emW3uWgVfZxuwcUCn1ayNgRt
+ KiFv9jQrg2TIWEvzYx9tywTCxc+FFMWAlbCzi+m4WD+QUWWfDQ009U/WM0ks0Kww
+ EwSk/UDuToxGnKU2dQARAQABiQEfBBgBAgAJBQJSNx7KAhsMAAoJENJ9ZmzYjkK0
+ c3MIAIE9hAR20mqJWLcsxLtrRs6uNF1VrpB+4n/55QU7oxA1iVBO6IFu4qgsF12J
+ TavnJ5MLaETlggXY+zDef9syTPXoQctpzcaNVDmedwo1SiL03uMoblOvWpMR/Y0j
+ 6rm7IgrMWUDXDPvoPGjMl2q1iTeyHkMZEyUJ8SKsaHh4jV9wp9KmC8C+9CwMukL7
+ vM5w8cgvJoAwsp3Fn59AxWthN3XJYcnMfStkIuWgR7U2r+a210W6vnUxU4oN0PmM
+ cursYPyeV0NX/KQeUeNMwGTFB6QHS/anRaGQewijkrYYoTNtfllxIu9XYmiBERQ/
+ qPDlGRlOgVTd9xUfHFkzB52c70E=
+ =92oX
+ -----END PGP PUBLIC KEY BLOCK-----
+ mcp_elasticsearch_curator:
+ # pub 2048R/D88E42B4 2013-09-16
+ key: ${linux:system:repo:mcp_elasticsearch:key}
+ mcp_kibana_5x:
+ # pub 2048R/D88E42B4 2013-09-16
+ key: ${linux:system:repo:mcp_elasticsearch:key}
+ mcp_kibana_46:
+ # pub 2048R/D88E42B4 2013-09-16
+ key: ${linux:system:repo:mcp_elasticsearch:key}
diff --git a/linux/system/repo/mcp/apt_mirantis/elastic/2x.yml b/linux/system/repo/mcp/apt_mirantis/elastic/2x.yml
index 9fc19c6..13c30e7 100644
--- a/linux/system/repo/mcp/apt_mirantis/elastic/2x.yml
+++ b/linux/system/repo/mcp/apt_mirantis/elastic/2x.yml
@@ -1,3 +1,7 @@
+# DEPRECATED since 2018.7+ release.
+# Please use system/repo/mcp/apt_mirantis
+classes:
+- system.linux.system.repo.keystorage.elasticsearch
parameters:
_param:
apt_mk_version: stable
@@ -8,12 +12,10 @@
mcp_elastic_2x:
source: "deb [arch=amd64] http://mirror.mirantis.com/${_param:linux_system_repo_mcp_elastic_2x_version}/elasticsearch-2.x/${_param:linux_system_codename}/ stable main"
architectures: amd64
- key_id: D88E42B4
- key_server: keyserver.ubuntu.com
clean_file: true
+ key: ${linux:system:repo:mcp_elasticsearch:key}
mcp_elastic_curator_2x:
source: "deb [arch=amd64] http://mirror.mirantis.com/${_param:linux_system_repo_mcp_elastic_2x_version}/elasticsearch-curator/${_param:linux_system_codename}/ stable main"
architectures: amd64
- key_id: D88E42B4
- key_server: keyserver.ubuntu.com
clean_file: true
+ key: ${linux:system:repo:mcp_elasticsearch:key}
diff --git a/linux/system/repo/mcp/apt_mirantis/elastic/5x.yml b/linux/system/repo/mcp/apt_mirantis/elastic/5x.yml
index 01d2ff0..49e9eba 100644
--- a/linux/system/repo/mcp/apt_mirantis/elastic/5x.yml
+++ b/linux/system/repo/mcp/apt_mirantis/elastic/5x.yml
@@ -1,3 +1,7 @@
+# DEPRECATED since 2018.7+ release.
+# Please use system/repo/mcp/apt_mirantis
+classes:
+- system.linux.system.repo.keystorage.elasticsearch
parameters:
_param:
apt_mk_version: stable
@@ -8,13 +12,10 @@
mcp_elastic_5x:
source: "deb [arch=amd64] http://mirror.mirantis.com/${_param:linux_system_repo_mcp_elastic_5x_version}/elasticsearch-5.x/${_param:linux_system_codename}/ stable main"
architectures: amd64
- key_id: D88E42B4
- key_server: keyserver.ubuntu.com
clean_file: true
+ key: ${linux:system:repo:mcp_elasticsearch:key}
mcp_elastic_curator_5x:
source: "deb [arch=amd64] http://mirror.mirantis.com/${_param:linux_system_repo_mcp_elastic_5x_version}/elasticsearch-curator-5/${_param:linux_system_codename}/ stable main"
architectures: amd64
- key_id: D88E42B4
- key_server: keyserver.ubuntu.com
clean_file: true
-
+ key: ${linux:system:repo:mcp_elasticsearch:key}
diff --git a/linux/system/repo/mcp/apt_mirantis/elastic/es.yml b/linux/system/repo/mcp/apt_mirantis/elastic/es.yml
new file mode 100644
index 0000000..1e455c8
--- /dev/null
+++ b/linux/system/repo/mcp/apt_mirantis/elastic/es.yml
@@ -0,0 +1,18 @@
+classes:
+- system.linux.system.repo.keystorage.elasticsearch
+parameters:
+ _param:
+ apt_mk_version: stable
+ linux_system_repo_url: http://mirror.mirantis.com/${_param:apt_mk_version}/
+ linux_system_repo_mcp_elasticsearch_url: ${_param:linux_system_repo_url}/elasticsearch-5.x/
+ linux:
+ system:
+ repo:
+ mcp_elasticsearch:
+ source: "deb [arch=amd64] ${_param:linux_system_repo_mcp_elasticsearch_url}/${_param:linux_system_codename} stable main"
+ architectures: amd64
+ clean_file: true
+ pin:
+ - pin: 'release o=elastic'
+ priority: 1100
+ package: '*'
diff --git a/linux/system/repo/mcp/apt_mirantis/elastic/es_curator.yml b/linux/system/repo/mcp/apt_mirantis/elastic/es_curator.yml
new file mode 100644
index 0000000..c099a03
--- /dev/null
+++ b/linux/system/repo/mcp/apt_mirantis/elastic/es_curator.yml
@@ -0,0 +1,18 @@
+classes:
+- system.linux.system.repo.keystorage.elasticsearch
+parameters:
+ _param:
+ apt_mk_version: stable
+ linux_system_repo_url: http://mirror.mirantis.com/${_param:apt_mk_version}/
+ linux_system_repo_mcp_elasticsearch_curator_url: ${_param:linux_system_repo_url}/elasticsearch-curator-5/
+ linux:
+ system:
+ repo:
+ mcp_elasticsearch_curator:
+ source: "deb [arch=amd64] ${_param:linux_system_repo_mcp_elasticsearch_curator_url}/${_param:linux_system_codename} stable main"
+ architectures: amd64
+ clean_file: true
+ pin:
+ - pin: 'release o=Elastic'
+ priority: 1100
+ package: '*'
diff --git a/linux/system/repo/mcp/apt_mirantis/elastic/init.yml b/linux/system/repo/mcp/apt_mirantis/elastic/init.yml
index a66b757..08f54fd 100644
--- a/linux/system/repo/mcp/apt_mirantis/elastic/init.yml
+++ b/linux/system/repo/mcp/apt_mirantis/elastic/init.yml
@@ -1,3 +1,3 @@
classes:
-- system.linux.system.repo.mcp.apt_mirantis.elastic.2x
-- system.linux.system.repo.mcp.apt_mirantis.elastic.5x
\ No newline at end of file
+- system.linux.system.repo.mcp.apt_mirantis.elastic.es
+- system.linux.system.repo.mcp.apt_mirantis.elastic.es_curator
diff --git a/linux/system/repo/mcp/apt_mirantis/kibana/46.yml b/linux/system/repo/mcp/apt_mirantis/kibana/46.yml
index 21ab878..cf3b2ba 100644
--- a/linux/system/repo/mcp/apt_mirantis/kibana/46.yml
+++ b/linux/system/repo/mcp/apt_mirantis/kibana/46.yml
@@ -1,6 +1,7 @@
+classes:
+- system.linux.system.repo.keystorage.elasticsearch
parameters:
_param:
- apt_mk_version: stable
linux_system_repo_mcp_kibana_46_version: ${_param:apt_mk_version}
linux:
system:
@@ -8,6 +9,4 @@
mcp_kibana_46:
source: "deb [arch=amd64] http://mirror.mirantis.com/${_param:linux_system_repo_mcp_kibana_46_version}/kibana-4.6/${_param:linux_system_codename}/ stable main"
architectures: amd64
- key_id: D88E42B4
- key_server: keyserver.ubuntu.com
clean_file: true
diff --git a/linux/system/repo/mcp/apt_mirantis/kibana/5x.yml b/linux/system/repo/mcp/apt_mirantis/kibana/5x.yml
index 3c3d128..99fa8ac 100644
--- a/linux/system/repo/mcp/apt_mirantis/kibana/5x.yml
+++ b/linux/system/repo/mcp/apt_mirantis/kibana/5x.yml
@@ -1,6 +1,7 @@
+classes:
+- system.linux.system.repo.keystorage.elasticsearch
parameters:
_param:
- apt_mk_version: stable
linux_system_repo_mcp_kibana_5x_version: ${_param:apt_mk_version}
linux:
system:
@@ -8,6 +9,4 @@
mcp_kibana_5x:
source: "deb [arch=amd64] http://mirror.mirantis.com/${_param:linux_system_repo_mcp_kibana_5x_version}/elasticsearch-5.x/${_param:linux_system_codename}/ stable main"
architectures: amd64
- key_id: D88E42B4
- key_server: keyserver.ubuntu.com
clean_file: true
diff --git a/linux/system/repo/mcp/apt_mirantis/kibana/init.yml b/linux/system/repo/mcp/apt_mirantis/kibana/init.yml
index daaf7ab..9a095d9 100644
--- a/linux/system/repo/mcp/apt_mirantis/kibana/init.yml
+++ b/linux/system/repo/mcp/apt_mirantis/kibana/init.yml
@@ -1,3 +1,2 @@
classes:
-- system.linux.system.repo.mcp.apt_mirantis.kibana.46
-- system.linux.system.repo.mcp.apt_mirantis.kibana.5x
\ No newline at end of file
+- system.linux.system.repo.mcp.apt_mirantis.kibana.5x
diff --git a/nova/compute/libvirt/ssl/init.yml b/nova/compute/libvirt/ssl/init.yml
index 9931cbd..87742e0 100644
--- a/nova/compute/libvirt/ssl/init.yml
+++ b/nova/compute/libvirt/ssl/init.yml
@@ -4,6 +4,7 @@
nova:
compute:
libvirt:
+ uri: qemu+tls://${linux:system:name}.${_param:cluster_domain}/system
tls:
enabled: True
key_file: ${_param:libvirtd_server_ssl_key_file}
diff --git a/openssh/server/team/members/dteselkin.yml b/openssh/server/team/members/dteselkin.yml
new file mode 100644
index 0000000..3ddc751
--- /dev/null
+++ b/openssh/server/team/members/dteselkin.yml
@@ -0,0 +1,20 @@
+parameters:
+ linux:
+ system:
+ user:
+ dteselkin:
+ enabled: true
+ name: dteselkin
+ sudo: ${_param:linux_system_user_sudo}
+ full_name: Dmitry Teselkin
+ home: /home/dteselkin
+ email: dteselkin@mirantis.com
+ openssh:
+ server:
+ enabled: true
+ user:
+ dteselkin:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxE+TvswmBZP8xIz4DRlyrQV6CEk1ZDCc8vXT8yYB2VgW7PpYt6ukuV+UjUp18/51JBKbxJIGplF4i1rgEvKX/kfi/FWM3uiqPq9ivLzuykIGiRccsU3kzIntIec7WDDcJeo/P4r5eXWhI+idMvcfLcxCLbN1OKZfBllhagv8oUrWLVCPaPvcWXxUQ8gvylP3Mk+G/OtaTJSk0udG2S4vh1Rg+TU7x8RHV0q8P8LPz19pvWQu5yWbeKd4FbKGUNx9eBqdGR6+nsfpjJZWeeSkUT9C77ihkMtIGJ7EacNYbgYhtIKZeBrfJcw+M1JTXdd8quwVPSA46D4xldQZ7aM7t
+ user: ${linux:system:user:dteselkin}
diff --git a/openssh/server/team/oscore_devops.yml b/openssh/server/team/oscore_devops.yml
index 5ba280a..ce7bddd 100644
--- a/openssh/server/team/oscore_devops.yml
+++ b/openssh/server/team/oscore_devops.yml
@@ -13,6 +13,7 @@
- system.openssh.server.team.members.oshyshko
- system.openssh.server.team.members.pshchelo
- system.openssh.server.team.members.obryndzii
+- system.openssh.server.team.members.dteselkin
parameters:
_param:
linux_system_user_sudo: true
diff --git a/salt/minion/cert/libvirtd/client.yml b/salt/minion/cert/libvirtd/client.yml
index bf0ce83..31c1b32 100644
--- a/salt/minion/cert/libvirtd/client.yml
+++ b/salt/minion/cert/libvirtd/client.yml
@@ -18,4 +18,7 @@
key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
key_file: ${_param:libvirtd_client_ssl_key_file}
cert_file: ${_param:libvirtd_client_ssl_cert_file}
- ca_file: ${_param:libvirtd_ssl_ca_file}
\ No newline at end of file
+ ca_file: ${_param:libvirtd_ssl_ca_file}
+ user: root
+ group: nova
+ mode: 640
diff --git a/salt/minion/cert/libvirtd/server.yml b/salt/minion/cert/libvirtd/server.yml
index 9080672..b091d86 100644
--- a/salt/minion/cert/libvirtd/server.yml
+++ b/salt/minion/cert/libvirtd/server.yml
@@ -18,4 +18,7 @@
key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
key_file: ${_param:libvirtd_server_ssl_key_file}
cert_file: ${_param:libvirtd_server_ssl_cert_file}
- ca_file: ${_param:libvirtd_ssl_ca_file}
\ No newline at end of file
+ ca_file: ${_param:libvirtd_ssl_ca_file}
+ user: root
+ group: nova
+ mode: 640