Merge the tip of origin/release/proposed/2019.2.0 into origin/release/2019.2.0
523609cb Fix URL for openldap image
8fca068e Remove unnecessary parameter from ceph-upgrade pipeline
ece396bc Bump prometheus relay image
9932abc2 add additional parameters in ceph-remove-osd pipeline for cleaning orphan partitions
778f11a2 Add public key of mpolenchuk
eea6c07d Pin cvp-sanity-checks:2019.2.11 docker image
2dded631 Pass secrets to containers as files instead of env variables
28ed47eb Bump Alerta image with Docker Secrets and API token fix.
5cc2060a Openstack API check improvements
24e9fed5 Add default policy for Panko
ee64e0e4 Bump Contrail packages to 2019.2.11
Change-Id: Iaf7c9e1196cd80ef9e2f567aa4c6529f62ca6afe
diff --git a/defaults/docker_images.yml b/defaults/docker_images.yml
index 14f48ab..ad876e2 100644
--- a/defaults/docker_images.yml
+++ b/defaults/docker_images.yml
@@ -5,7 +5,7 @@
# 2.6.2 version, from 12/18/2108, differ from latest 2.6.2 upstream - update next cycle
docker_image_registry: "${_param:mcp_docker_registry}/mirantis/external/registry:2019.2.6"
docker_image_visualizer: "${_param:mcp_docker_registry}/mirantis/external/visualizer:2019.2.6"
- docker_image_openldap: "${_param:mcp_docker_registry}/mirantis/external/osixia/openldap:1.2.2"
+ docker_image_openldap: "${_param:mcp_docker_registry}/mirantis/cicd/openldap:2019.2.11"
docker_image_postgresql: "${_param:mcp_docker_registry}/mirantis/external/library/postgres:9.6.10"
# 3.4.13, from Feb 15, differ from 3.4.13 upstream verison, from March 14 - update next cycle
docker_image_mongodb: "${_param:mcp_docker_registry}/mirantis/external/mongo:2019.2.6"
@@ -13,31 +13,31 @@
# phpldapadmin:0.6.12
docker_image_phpldapadmin: "${_param:mcp_docker_registry}/mirantis/cicd/phpldapadmin:2019.2.9"
# gerrit:2.15.18
- docker_image_gerrit: "${_param:mcp_docker_registry}/mirantis/cicd/gerrit:2019.2.10"
+ docker_image_gerrit: "${_param:mcp_docker_registry}/mirantis/cicd/gerrit:2019.2.11"
# mysql:5.6.48
docker_image_mysql: "${_param:mcp_docker_registry}/mirantis/cicd/mysql:2019.2.10"
# jenkins:2.204.3
docker_image_jenkins: "${_param:mcp_docker_registry}/mirantis/cicd/jenkins:2019.2.9"
- docker_image_jenkins_jnlp_slave: "${_param:mcp_docker_registry}/mirantis/cicd/jnlp-slave:2019.2.9"
+ docker_image_jenkins_jnlp_slave: "${_param:mcp_docker_registry}/mirantis/cicd/jnlp-slave:2019.2.11"
# TODO: fix tag
docker_image_jenkins_ssh_slave: "${_param:mcp_docker_registry}/mirantis/cicd/ssh-slave:2019.2.10"
# model-generator
docker_image_operations_api: "${_param:mcp_docker_registry}/mirantis/model-generator/operations-api:2019.2.6"
docker_image_operations_ui: "${_param:mcp_docker_registry}/mirantis/model-generator/operations-ui:2019.2.6"
# OpenContrail
- opencontrail_docker_image_tag: "2019.2.10"
+ opencontrail_docker_image_tag: "2019.2.11"
# stacklight
- # 6.5.0 version, from 11/29/2018, differ from latest upstream 6.5.0 - update next cycle
- docker_image_alerta: "${_param:mcp_docker_registry}/mirantis/external/alerta-web:2019.2.6"
+ # locally forked v7.4.4, updated 2020-08-06
+ docker_image_alerta: "${_param:mcp_docker_registry}/openstack-docker/alerta:2019.2.11"
docker_image_alertmanager: "${_param:mcp_docker_registry}/openstack-docker/alertmanager:2019.2.4"
docker_image_grafana: "${_param:mcp_docker_registry}/openstack-docker/grafana:2019.2.10"
docker_image_prometheus_es_exporter: "${_param:mcp_docker_registry}/openstack-docker/prometheus-es-exporter:2019.2.6"
docker_image_prometheus: "${_param:mcp_docker_registry}/openstack-docker/prometheus:2019.2.10"
docker_image_prometheus_gainsight: "${_param:mcp_docker_registry}/openstack-docker/sf-reporter:2019.2.9"
docker_image_prometheus_gainsight_elasticsearch: "${_param:mcp_docker_registry}/openstack-docker/gainsight_elasticsearch:2019.2.6"
- docker_image_prometheus_relay: "${_param:mcp_docker_registry}/openstack-docker/prometheus-relay:2019.2.10"
+ docker_image_prometheus_relay: "${_param:mcp_docker_registry}/openstack-docker/prometheus-relay:2019.2.11"
docker_image_pushgateway: "${_param:mcp_docker_registry}/openstack-docker/pushgateway:2019.2.6"
- docker_image_remote_agent: "${_param:mcp_docker_registry}/openstack-docker/telegraf:2019.2.10"
+ docker_image_remote_agent: "${_param:mcp_docker_registry}/openstack-docker/telegraf:2019.2.11"
docker_image_remote_collector: "${_param:mcp_docker_registry}/openstack-docker/heka:2019.2.6"
docker_image_remote_storage_adapter: "${_param:mcp_docker_registry}/openstack-docker/remote_storage_adapter:2019.2.6"
docker_image_sf_notifier: "${_param:mcp_docker_registry}/openstack-docker/sf_notifier:2019.2.4"
@@ -47,7 +47,7 @@
docker_image_keycloak_server: "${_param:mcp_docker_registry}/mirantis/external/jboss/keycloak:4.5.0.Final"
docker_image_keycloak_proxy: "${_param:mcp_docker_registry}/mirantis/external/jboss/keycloak:3.4.2.Final"
# CVP
- docker_image_cvp_sanity_checks: "${_param:mcp_docker_registry}/mirantis/cvp/cvp-sanity-checks:2019.2.10"
+ docker_image_cvp_sanity_checks: "${_param:mcp_docker_registry}/mirantis/cvp/cvp-sanity-checks:2019.2.11"
docker_image_cvp_tempest: "${_param:mcp_docker_registry}/mirantis/cicd/ci-tempest:${_param:openstack_version}"
docker_image_cvp_shaker_checks: "${_param:mcp_docker_registry}/mirantis/cvp/cvp-shaker:2019.2.3"
docker_image_cvp_rally: "${_param:mcp_docker_registry}/mirantis/cvp/cvp-rally:2019.2.5"
@@ -74,9 +74,9 @@
- registry: ${_param:mcp_docker_registry}/mirantis/external/docker
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/mirantis/external/docker
name: compose:1.17.1
- - registry: ${_param:mcp_docker_registry}/mirantis/external/osixia
- target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/mirantis/external/osixia
- name: openldap:1.2.2
+ - registry: ${_param:mcp_docker_registry}/mirantis/cicd
+ target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/mirantis/cicd
+ name: openldap:2019.2.11
- registry: ${_param:mcp_docker_registry}/mirantis/external/library
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/mirantis/external/library
name: postgres:9.6.10
@@ -96,7 +96,7 @@
- registry: ${_param:mcp_docker_registry}/mirantis/cicd
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/mirantis/cicd
- name: jnlp-slave:2019.2.9
+ name: jnlp-slave:2019.2.11
- registry: ${_param:mcp_docker_registry}/mirantis/cicd
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/mirantis/cicd
name: ssh-slave:2019.2.10
@@ -105,7 +105,7 @@
name: jenkins:2019.2.9
- registry: ${_param:mcp_docker_registry}/mirantis/cicd
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/mirantis/cicd
- name: gerrit:2019.2.10
+ name: gerrit:2019.2.11
- registry: ${_param:mcp_docker_registry}/mirantis/external/cockroach
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/mirantis/external/cockroach
name: cockroach:v2.1.1
@@ -119,9 +119,9 @@
- registry: ${_param:mcp_docker_registry}/openstack-docker
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/openstack-docker
name: alertmanager:2019.2.4
- - registry: ${_param:mcp_docker_registry}/mirantis/external
- target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/mirantis/external
- name: alerta-web:2019.2.6
+ - registry: ${_param:mcp_docker_registry}/openstack-docker
+ target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/openstack-docker
+ name: alerta:2019.2.11
- registry: ${_param:mcp_docker_registry}/openstack-docker
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/openstack-docker
name: pushgateway:2019.2.6
@@ -133,13 +133,13 @@
name: sf-reporter:2019.2.9
- registry: ${_param:mcp_docker_registry}/openstack-docker
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/openstack-docker
- name: telegraf:2019.2.10
+ name: telegraf:2019.2.11
- registry: ${_param:mcp_docker_registry}/openstack-docker
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/openstack-docker
name: remote_storage_adapter:2019.2.6
- registry: ${_param:mcp_docker_registry}/openstack-docker
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/openstack-docker
- name: prometheus-relay:2019.2.10
+ name: prometheus-relay:2019.2.11
- registry: ${_param:mcp_docker_registry}/openstack-docker
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/openstack-docker
name: grafana:2019.2.10
@@ -182,7 +182,7 @@
name: cvp-shaker:2019.2.3
- registry: ${_param:mcp_docker_registry}/mirantis/cvp
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/mirantis/cvp
- name: cvp-sanity-checks:2019.2.10
+ name: cvp-sanity-checks:2019.2.11
- registry: ${_param:mcp_docker_registry}/mirantis/external/xrally
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/mirantis/external/xrally
name: xrally-openstack:0.11.2
diff --git a/defaults/openstack/policy/all.yml b/defaults/openstack/policy/all.yml
index 3e0975a..ccb81a4 100644
--- a/defaults/openstack/policy/all.yml
+++ b/defaults/openstack/policy/all.yml
@@ -1448,6 +1448,13 @@
"load-balancer:read-quota-global": "rule:load-balancer:global_observer or role:load-balancer_quota_admin or rule:load-balancer:admin"
"load-balancer:write-quota": "role:load-balancer_quota_admin or rule:load-balancer:admin"
"os_load-balancer_api:loadbalancer:put_failover": "rule:load-balancer:admin"
+ panko_default_policy_ocata: {}
+ panko_default_policy_pike:
+ "context_is_admin": "role:admin"
+ "segregation": "rule:context_is_admin"
+ "telemetry:events:index": ""
+ "telemetry:events:show": ""
+ panko_default_policy_queens: ${_param:panko_default_policy_pike}
telemetry_default_policy_ocata: {}
telemetry_default_policy_pike:
"context_is_admin": "role:admin"
diff --git a/defaults/openstack/policy/panko.yml b/defaults/openstack/policy/panko.yml
new file mode 100644
index 0000000..d2c88ae
--- /dev/null
+++ b/defaults/openstack/policy/panko.yml
@@ -0,0 +1,6 @@
+classes:
+- system.defaults.openstack.policy.all
+parameters:
+ panko:
+ server:
+ policy: ${_param:panko_default_policy_${_param:openstack_version}}
diff --git a/docker/swarm/stack/dashboard.yml b/docker/swarm/stack/dashboard.yml
index 7b0eac5..9dfc85f 100644
--- a/docker/swarm/stack/dashboard.yml
+++ b/docker/swarm/stack/dashboard.yml
@@ -10,6 +10,7 @@
client:
stack:
dashboard:
+ version: '3.7'
service:
grafana:
deploy:
@@ -23,6 +24,18 @@
GF_DATABASE_TYPE: ${_param:grafana_database_type}
GF_DATABASE_NAME: grafana
GF_DATABASE_USER: grafana
- GF_DATABASE_PASSWORD: ${_param:grafana_database_password}
+ GF_DATABASE_PASSWORD__FILE: /run/secrets/grafana-database
GF_DATABASE_HOST: "${_param:grafana_database_host}:${_param:grafana_database_port}"
- GF_SECURITY_ADMIN_PASSWORD: ${_param:grafana_admin_password}
+ GF_SECURITY_ADMIN_PASSWORD__FILE: /run/secrets/grafana-admin
+ secrets:
+ - grafana-database
+ - grafana-admin
+ secrets:
+ grafana-database:
+ external: true
+ value: ${_param:grafana_database_password}
+ grafana-admin:
+ external: true
+ value: ${_param:grafana_admin_password}
+
+
diff --git a/docker/swarm/stack/gerrit.yml b/docker/swarm/stack/gerrit.yml
index d1a5aa7..2ce9444 100644
--- a/docker/swarm/stack/gerrit.yml
+++ b/docker/swarm/stack/gerrit.yml
@@ -16,6 +16,7 @@
client:
stack:
gerrit:
+ version: '3.7'
service:
server:
deploy:
@@ -30,12 +31,15 @@
- /etc/ssl/certs/java/cacerts:/etc/ssl/certs/java/cacerts:ro
depends_on:
- db
+ secrets:
+ - mysql-gerrit
+ - ldap-gerrit
environment:
#GERRIT_INIT_ARGS: ""
DATABASE_TYPE: "mysql"
DB_PORT_3306_TCP_ADDR: ${_param:cluster_vip_address}
DB_ENV_MYSQL_USER: gerrit
- DB_ENV_MYSQL_PASSWORD: ${_param:mysql_gerrit_password}
+ DB_ENV_MYSQL_PASSWORD_FILE: "/run/secrets/mysql-gerrit"
DB_ENV_MYSQL_DB: gerrit
AUTH_TYPE: ${_param:gerrit_auth_type}
LDAP_SERVER: ${_param:gerrit_ldap_server}
@@ -43,13 +47,10 @@
LDAP_ACCOUNTBASE: ${_param:gerrit_ldap_account_base}
LDAP_GROUPBASE: ${_param:gerrit_ldap_group_base}
LDAP_USERNAME: ${_param:gerrit_ldap_bind_user}
- LDAP_PASSWORD: ${_param:gerrit_ldap_bind_password}
+ LDAP_PASSWORD_FILE: "/run/secrets/ldap-gerrit"
WEBURL: ${_param:gerrit_public_host}
HTTPD_LISTENURL: ${_param:gerrit_http_listen_url}
HTTPD_REQUESTLOG: ${_param:gerrit_http_request_log}
- GERRIT_ADMIN_SSH_PUBLIC: ${_param:gerrit_admin_public_key}
- GERRIT_ADMIN_PWD: ${_param:gerrit_admin_password}
- GERRIT_ADMIN_EMAIL: ${_param:gerrit_admin_email}
CANLOADINIFRAME: "true"
IGNORE_VERSIONCHECK: "false"
JAVA_OPTIONS: "-Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts ${_param:gerrit_extra_opts}"
@@ -57,11 +58,14 @@
http_proxy: ${_param:docker_http_proxy}
no_proxy: ${_param:docker_no_proxy}
db:
+ secrets:
+ - mysql-gerrit
+ - mysql-root
environment:
MYSQL_USER: gerrit
- MYSQL_PASSWORD: ${_param:mysql_gerrit_password}
MYSQL_DATABASE: gerrit
- MYSQL_ROOT_PASSWORD: ${_param:mysql_admin_password}
+ MYSQL_ROOT_PASSWORD_FILE: "/run/secrets/mysql-root"
+ MYSQL_PASSWORD_FILE: "/run/secrets/mysql-gerrit"
MYSQL_START_TIMEOUT: 300
deploy:
restart_policy:
@@ -71,3 +75,13 @@
- ${_param:gerrit_db_publish_port}:3306
volumes:
- /srv/volumes/mysql:/var/lib/mysql
+ secrets:
+ mysql-root:
+ external: true
+ value: ${_param:mysql_admin_password}
+ mysql-gerrit:
+ external: true
+ value: ${_param:mysql_gerrit_password}
+ ldap-gerrit:
+ external: true
+ value: ${_param:gerrit_ldap_bind_password}
diff --git a/docker/swarm/stack/jenkins/jnlp_slave_multi.yml b/docker/swarm/stack/jenkins/jnlp_slave_multi.yml
index 3606bad..e7bf056 100644
--- a/docker/swarm/stack/jenkins/jnlp_slave_multi.yml
+++ b/docker/swarm/stack/jenkins/jnlp_slave_multi.yml
@@ -15,7 +15,7 @@
JENKINS_AGENT_NAME: slave02
JENKINS_UPDATE_SLAVE: 'true'
JENKINS_LOGIN: ${_param:jenkins_client_user}
- JENKINS_PASSWORD: ${_param:jenkins_client_password}
+ JENKINS_PASSWORD_FILE: /run/secrets/jenkins-admin
JAVA_OPTS: "-Dhttp.proxyHost=${_param:docker_http_proxy} -Dhttp.nonProxyHosts=|jenkins_master ${_param:jenkins_slave_extra_opts}"
https_proxy: ${_param:docker_https_proxy}
http_proxy: ${_param:docker_http_proxy}
@@ -35,13 +35,15 @@
- /var/run/docker.sock:/var/run/docker.sock
- /usr/bin/docker:/usr/bin/docker:ro
- /var/lib/jenkins:/var/lib/jenkins
+ secrets:
+ - jenkins-admin
slave03:
environment:
JENKINS_URL: ${_param:jenkins_master_url}
JENKINS_AGENT_NAME: slave03
JENKINS_UPDATE_SLAVE: 'true'
JENKINS_LOGIN: ${_param:jenkins_client_user}
- JENKINS_PASSWORD: ${_param:jenkins_client_password}
+ JENKINS_PASSWORD_FILE: /run/secrets/jenkins-admin
JAVA_OPTS: "-Dhttp.proxyHost=${_param:docker_http_proxy} -Dhttp.nonProxyHosts=|jenkins_master ${_param:jenkins_slave_extra_opts}"
https_proxy: ${_param:docker_https_proxy}
http_proxy: ${_param:docker_http_proxy}
@@ -61,3 +63,9 @@
- /var/run/docker.sock:/var/run/docker.sock
- /usr/bin/docker:/usr/bin/docker:ro
- /var/lib/jenkins:/var/lib/jenkins
+ secrets:
+ - jenkins-admin
+ secrets:
+ jenkins-admin:
+ external: true
+ value: ${_param:jenkins_client_password}
diff --git a/docker/swarm/stack/jenkins/jnlp_slave_single.yml b/docker/swarm/stack/jenkins/jnlp_slave_single.yml
index 956f918..6f9bff0 100644
--- a/docker/swarm/stack/jenkins/jnlp_slave_single.yml
+++ b/docker/swarm/stack/jenkins/jnlp_slave_single.yml
@@ -12,6 +12,7 @@
- ${_param:docker_image_jenkins_jnlp_slave}
stack:
jenkins:
+ version: '3.7'
service:
slave01:
environment:
@@ -19,7 +20,7 @@
JENKINS_AGENT_NAME: slave01
JENKINS_UPDATE_SLAVE: 'true'
JENKINS_LOGIN: ${_param:jenkins_client_user}
- JENKINS_PASSWORD: ${_param:jenkins_client_password}
+ JENKINS_PASSWORD_FILE: /run/secrets/jenkins-admin
JAVA_OPTS: "-Dhttp.proxyHost=${_param:docker_http_proxy} -Dhttp.nonProxyHosts=|jenkins_master ${_param:jenkins_slave_extra_opts}"
https_proxy: ${_param:docker_https_proxy}
http_proxy: ${_param:docker_http_proxy}
@@ -39,3 +40,9 @@
- /var/run/docker.sock:/var/run/docker.sock
- /usr/bin/docker:/usr/bin/docker:ro
- /var/lib/jenkins:/var/lib/jenkins
+ secrets:
+ - jenkins-admin
+ secrets:
+ jenkins-admin:
+ external: true
+ value: ${_param:jenkins_client_password}
diff --git a/docker/swarm/stack/ldap.yml b/docker/swarm/stack/ldap.yml
index 3091983..71a646e 100644
--- a/docker/swarm/stack/ldap.yml
+++ b/docker/swarm/stack/ldap.yml
@@ -5,6 +5,7 @@
client:
stack:
ldap:
+ version: '3.7'
service:
server:
networks:
@@ -18,6 +19,9 @@
ports:
- 1389:389
- 1636:636
+ secrets:
+ - openldap-admin
+ - openldap-config
volumes:
- /srv/volumes/openldap/database:/var/lib/ldap
- /srv/volumes/openldap/config:/etc/ldap/slapd.d
@@ -31,8 +35,8 @@
HOSTNAME: ldap01.${_param:openldap_domain}
LDAP_ORGANISATION: "${_param:openldap_organisation}"
LDAP_DOMAIN: "${_param:openldap_domain}"
- LDAP_ADMIN_PASSWORD: ${_param:openldap_admin_password}
- LDAP_CONFIG_PASSWORD: ${_param:openldap_config_password}
+ LDAP_ADMIN_PASSWORD_FILE: /run/secrets/openldap-admin
+ LDAP_CONFIG_PASSWORD_FILE: /run/secrets/openldap-config
LDAP_TLS: "true"
LDAP_TLS_VERIFY_CLIENT: try
LDAP_TLS_CIPHER_SUITE: NORMAL:-VERS-SSL3.0:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0
@@ -55,7 +59,6 @@
- ${_param:openldap_tls:certfile}:/container/service/ldap-client/assets/certs/drivetrain_ldap.crt:ro
- /etc/ssl/certs/ca-${_param:salt_minion_ca_authority}.pem:/container/service/ldap-client/assets/certs/ca.crt:ro
environment:
- PHPLDAPADMIN_LDAP_ADMIN_PASSWORD: ${_param:openldap_admin_password}
PHPLDAPADMIN_LDAP_HOSTS: "#PYTHON2BASH:[{'server': [{'server': [{'host': 'ldaps://${_param:cicd_control_address}', 'tls': False}]},{'login': [{'bind_id': 'cn=admin,${_param:openldap_dn}'},{'bind_pass': '$PHPLDAPADMIN_LDAP_ADMIN_PASSWORD'}]}]}]"
PHPLDAPADMIN_LDAP_CLIENT_TLS: "true"
PHPLDAPADMIN_LDAP_CLIENT_TLS_CA_CRT_FILENAME: ca.crt
@@ -73,3 +76,11 @@
driver: overlay
driver_opts:
encrypted: 1
+ secrets:
+ openldap-admin:
+ external: true
+ value: ${_param:openldap_admin_password}
+ openldap-config:
+ external: true
+ value: ${_param:openldap_config_password}
+
diff --git a/docker/swarm/stack/monitoring/alerta.yml b/docker/swarm/stack/monitoring/alerta.yml
index acd4d70..ac16a2b 100644
--- a/docker/swarm/stack/monitoring/alerta.yml
+++ b/docker/swarm/stack/monitoring/alerta.yml
@@ -8,6 +8,7 @@
client:
stack:
monitoring:
+ version: '3.7'
service:
alerta:
networks:
@@ -27,6 +28,13 @@
- ${prometheus:alerta:config_dir}/alertad.conf:/app/alertad.conf
environment:
ADMIN_USERS: ${_param:alerta_admin_username}
- ADMIN_PASSWORD: ${_param:alerta_admin_password}
+ ADMIN_PASSWORD_FILE: "/run/secrets/alerta"
MONGO_URI: ${_param:alerta_mongodb_uri}
PLUGINS: ""
+ secrets:
+ - alerta
+ secrets:
+ alerta:
+ external: true
+ value: ${_param:alerta_admin_password}
+
diff --git a/jenkins/client/job/ceph/remove-osd.yml b/jenkins/client/job/ceph/remove-osd.yml
index bff0d75..ce2037b 100644
--- a/jenkins/client/job/ceph/remove-osd.yml
+++ b/jenkins/client/job/ceph/remove-osd.yml
@@ -47,4 +47,7 @@
type: boolean
default: 'false'
description: Clean data/block partitions
-
+ CLEAN_ORPHANS:
+ type: boolean
+ default: 'false'
+ description: Clean data/block partitions
diff --git a/jenkins/client/job/ceph/upgrade.yml b/jenkins/client/job/ceph/upgrade.yml
index 013515b..e8b94a2 100644
--- a/jenkins/client/job/ceph/upgrade.yml
+++ b/jenkins/client/job/ceph/upgrade.yml
@@ -78,8 +78,4 @@
type: string
default: '/root'
description: Select the target dir to backup to when BACKUP_ENABLED
- RUNHIGHSTATE:
- type: boolean
- default: 'false'
- description: Run HighStates on target nodes after upgrade
diff --git a/openssh/server/team/members/mpolenchuk.yml b/openssh/server/team/members/mpolenchuk.yml
new file mode 100644
index 0000000..eafbe84
--- /dev/null
+++ b/openssh/server/team/members/mpolenchuk.yml
@@ -0,0 +1,19 @@
+parameters:
+ linux:
+ system:
+ user:
+ mpolenchuk:
+ enabled: true
+ name: mpolenchuk
+ sudo: ${_param:linux_system_user_sudo}
+ full_name: Michael Polenchuk
+ home: /home/mpolenchuk
+ email: mpolenchuk@mirantis.com
+ openssh:
+ server:
+ user:
+ mpolenchuk:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC18NFHig4QQPBgFY7s3MOzGRYHOFY6Fzu1lBSYoH6Ie6u2AY7aS149uSUHJPuzTQ5uEsxXqSlfOOggwrB7sOb1w+sCUhUJN5SyvPl1tnQ5mQ96DvMGtFwuTQwQJ5SY/XXIKCKn59G0AMyOmajDsHdeUFhwj1u8CWnEM7QHxuAxDxbExNyWe0yytsdbIelI1xsyX3qWNsJz/9BSnD6IKKtB0ca0lG+qWmO8eQ/A/pqE28E6kh25mqsEk38gTvBgJsaociU75WTEQYcxhVy4+/ZoZeW/ASDC+Raaq8b7gbrOo8EKdgpWk1MAdomfGfoxJ2HEVI08vLR3xBd0IjbC0NFN root@desktop
+ user: ${linux:system:user:mpolenchuk}
diff --git a/openssh/server/team/oscore_devops.yml b/openssh/server/team/oscore_devops.yml
index b2ef7eb..a46f242 100644
--- a/openssh/server/team/oscore_devops.yml
+++ b/openssh/server/team/oscore_devops.yml
@@ -14,6 +14,7 @@
- system.openssh.server.team.members.pshchelo
- system.openssh.server.team.members.obryndzii
- system.openssh.server.team.members.dteselkin
+- system.openssh.server.team.members.mpolenchuk
parameters:
_param:
linux_system_user_sudo: true
diff --git a/prometheus/gainsight/query/openstack.yml b/prometheus/gainsight/query/openstack.yml
index 1eac4c3..daed58e 100644
--- a/prometheus/gainsight/query/openstack.yml
+++ b/prometheus/gainsight/query/openstack.yml
@@ -11,15 +11,14 @@
instances: "'Instances','avg(sum(avg_over_time(openstack_nova_instances{state=\"active\"}[24h])) by (instance))'"
compute_nodes: "'Compute Nodes','avg(sum(openstack_nova_services{binary=~\"nova.compute\"}) by (instance))'"
tenants: "'Tenants','avg(sum(avg_over_time(openstack_keystone_tenants_total[24h])) by (instance))'"
- cinder_api: "'Cinder API','avg_over_time(name:openstack_api_check_status:avg5m:for5m:ceil:avg5m:floor{name=\"cinderv2\"}[24h]) * 100'"
- nova_api: "'Nova API','avg_over_time(name:openstack_api_check_status:avg5m:for5m:ceil:avg5m:floor{name=\"nova\"}[24h]) * 100'"
- keystone_api: "'Keystone API','avg_over_time(name:openstack_api_check_status:avg5m:for5m:ceil:avg5m:floor{name=\"keystone\"}[24h]) * 100'"
- glance_api: "'Glance API','avg_over_time(name:openstack_api_check_status:avg5m:for5m:ceil:avg5m:floor{name=\"glance\"}[24h]) * 100'"
- neutron_api: "'Neutron API','avg_over_time(name:openstack_api_check_status:avg5m:for5m:ceil:avg5m:floor{name=\"neutron\"}[24h]) * 100'"
+ cinder_api: "'Cinder API','avg_over_time(service_name:openstack_api_check_status:avg5m:for5m:ceil:avg5m:floor{service_name=\"cinderv2\"}[24h]) * 100'"
+ nova_api: "'Nova API','avg_over_time(service_name:openstack_api_check_status:avg5m:for5m:ceil:avg5m:floor{service_name=\"nova\"}[24h]) * 100'"
+ keystone_api: "'Keystone API','avg_over_time(service_name:openstack_api_check_status:avg5m:for5m:ceil:avg5m:floor{service_name=\"keystone\"}[24h]) * 100'"
+ glance_api: "'Glance API','avg_over_time(service_name:openstack_api_check_status:avg5m:for5m:ceil:avg5m:floor{service_name=\"glance\"}[24h]) * 100'"
+ neutron_api: "'Neutron API','avg_over_time(service_name:openstack_api_check_status:avg5m:for5m:ceil:avg5m:floor{service_name=\"neutron\"}[24h]) * 100'"
nova_vm_all: "'Total VM number','avg_over_time(total:openstack_nova_instance_all[1d])'"
nova_vm_failed: "'Failed VM number','avg_over_time(total:openstack_nova_instance_failed[1d])'"
kpi_downtime: "'KPI Downtime','1 - avg_over_time(total:openstack_nova_instance_failed[1d]) / avg_over_time(total:openstack_nova_instance_all[1d])'"
compute_instance_create_start: "'VM creation start','sum(compute_instance_create_start_event_doc_count)'"
compute_instance_create_end: "'VM creation end','sum(compute_instance_create_end_event_doc_count)'"
compute_instance_create_error: "'VM creation error','sum(compute_instance_create_error_event_doc_count)'"
-