Merge "Add options auth.allow and auth.reject to all glusterfs volumes"
diff --git a/cassandra/backup/client/single.yml b/cassandra/backup/client/single.yml
index 892f92f..0753740 100644
--- a/cassandra/backup/client/single.yml
+++ b/cassandra/backup/client/single.yml
@@ -2,8 +2,6 @@
- service.cassandra.backup.client
- system.openssh.client.root
parameters:
- _param:
- cassandra_remote_backup_server: cfg01
cassandra:
backup:
client:
diff --git a/cinder/control/cluster.yml b/cinder/control/cluster.yml
index 286f2ad..a81d257 100644
--- a/cinder/control/cluster.yml
+++ b/cinder/control/cluster.yml
@@ -27,6 +27,8 @@
backend: {}
version: ${_param:cinder_version}
role: ${_param:openstack_node_role}
+ # set 'image_conversion_dir' option in case of ceph deployment volume and controller running on the same node
+ image_conversion_dir: ${_param:cinder_image_conversion_dir_path}
osapi:
host: ${_param:cluster_local_address}
database:
diff --git a/cinder/control/single.yml b/cinder/control/single.yml
index 2d662f9..31b391b 100644
--- a/cinder/control/single.yml
+++ b/cinder/control/single.yml
@@ -19,6 +19,8 @@
backend: {}
default_volume_type: ''
role: ${_param:openstack_node_role}
+ # set 'image_conversion_dir' option in case of ceph deployment volume and controller running on the same node
+ image_conversion_dir: ${_param:cinder_image_conversion_dir_path}
database:
host: ${_param:single_address}
x509:
diff --git a/cinder/volume/local.yml b/cinder/volume/local.yml
index e42eef3..6478d6f 100644
--- a/cinder/volume/local.yml
+++ b/cinder/volume/local.yml
@@ -7,6 +7,7 @@
cinder:
volume:
enabled: True
+ image_conversion_dir: ${_param:cinder_image_conversion_dir_path}
database:
host: ${_param:single_address}
x509:
diff --git a/cinder/volume/single.yml b/cinder/volume/single.yml
index a865722..74f2344 100644
--- a/cinder/volume/single.yml
+++ b/cinder/volume/single.yml
@@ -13,6 +13,7 @@
cinder:
volume:
enabled: True
+ image_conversion_dir: ${_param:cinder_image_conversion_dir_path}
database:
host: ${_param:openstack_database_address}
x509:
diff --git a/defaults/backup.yml b/defaults/backup.yml
index 66e5173..1cff51b 100644
--- a/defaults/backup.yml
+++ b/defaults/backup.yml
@@ -5,3 +5,6 @@
backup_day_of_month: "*"
backup_month: "*"
backup_day_of_week: "*"
+ zookeeper_remote_backup_server: cfg01
+ cassandra_remote_backup_server: cfg01
+ xtrabackup_client_throttle: 0 # disabled
diff --git a/defaults/openstack/init.yml b/defaults/openstack/init.yml
index 290a511..f7572f3 100644
--- a/defaults/openstack/init.yml
+++ b/defaults/openstack/init.yml
@@ -44,6 +44,7 @@
cinder_version: ${_param:openstack_version}
cinder_upgrade_enabled: ${_param:openstack_upgrade_enabled}
cinder_service_user_enabled: ${_param:openstack_service_user_enabled}
+ cinder_image_conversion_dir_path: /var/tmp/cinder/conversion
# Nova
nova_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
nova_memcache_secret_key: ''
diff --git a/defaults/secrets.yml b/defaults/secrets.yml
index f47c1e0..65b7bce 100644
--- a/defaults/secrets.yml
+++ b/defaults/secrets.yml
@@ -57,6 +57,9 @@
# Nova
# metadata_password: <<CHANGEME>>
+# nova_compute_ssh_public: <<CHANGEME>>
+# nova_compute_ssh_private: <<CHANGEME>>
+
# Grafana
# grafana_password: <<CHANGEME>>
@@ -72,3 +75,8 @@
# Galera
# galera_clustercheck_password: <<CHANGEME>>
+
+# Generic
+# root_private_key:
+# root_public_key:
+
diff --git a/docker/client/compose/service/jenkins.yml b/docker/client/compose/service/jenkins.yml
index 55aacdc..7045b66 100644
--- a/docker/client/compose/service/jenkins.yml
+++ b/docker/client/compose/service/jenkins.yml
@@ -3,7 +3,7 @@
parameters:
_param:
jenkins_master_extra_opts: ""
- jenkins_master_executors_num: 4
+ jenkins_master_executors_num: 0
jenkins_master_max_concurent_requests: 40
jenkins_home_dir_path: /var/jenkins_home
docker:
diff --git a/docker/swarm/stack/jenkins/master.yml b/docker/swarm/stack/jenkins/master.yml
index ab850c0..ea4dfe5 100644
--- a/docker/swarm/stack/jenkins/master.yml
+++ b/docker/swarm/stack/jenkins/master.yml
@@ -4,7 +4,7 @@
parameters:
_param:
jenkins_master_extra_opts: ""
- jenkins_master_executors_num: 4
+ jenkins_master_executors_num: 0
jenkins_master_max_concurent_requests: 40
jenkins_home_dir_path: /var/jenkins_home
docker:
diff --git a/glance/client/image/octavia.yml b/glance/client/image/octavia.yml
index 3160cdd..2a00375 100644
--- a/glance/client/image/octavia.yml
+++ b/glance/client/image/octavia.yml
@@ -3,6 +3,7 @@
parameters:
glance:
client:
+ cloud_name: admin_identity
identity:
admin_identity:
endpoint_type: internalURL
diff --git a/haproxy/proxy/listen/openstack/large_setup.yml b/haproxy/proxy/listen/openstack/large_setup.yml
index 947cfce..c517779 100644
--- a/haproxy/proxy/listen/openstack/large_setup.yml
+++ b/haproxy/proxy/listen/openstack/large_setup.yml
@@ -8,4 +8,4 @@
- system.haproxy.proxy.listen.openstack.keystone.large
- system.haproxy.proxy.listen.openstack.neutron_large
- system.haproxy.proxy.listen.openstack.nova_large
-- system.haproxy.proxy.listen.openstack.novanc_large
+- system.haproxy.proxy.listen.openstack.novnc_large
diff --git a/jenkins/client/approved_scripts.yml b/jenkins/client/approved_scripts.yml
index 43bc5e2..90273a2 100644
--- a/jenkins/client/approved_scripts.yml
+++ b/jenkins/client/approved_scripts.yml
@@ -141,6 +141,7 @@
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getAt java.lang.String int
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getAt java.util.Collection java.lang.String
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getAt java.util.List groovy.lang.Range
+ - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getAt java.util.regex.Matcher java.util.Collection
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getBytes java.io.File
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getText java.io.InputStream
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods hasProperty java.lang.Object java.lang.String
diff --git a/jenkins/client/credential/lab.yml b/jenkins/client/credential/lab.yml
index 68375e3..e69de29 100644
--- a/jenkins/client/credential/lab.yml
+++ b/jenkins/client/credential/lab.yml
@@ -1,9 +0,0 @@
-parameters:
- _param:
- lab_ssh_user: root
- jenkins:
- client:
- credential:
- lab:
- username: ${_param:lab_ssh_user}
- key: ${_param:cluster_private_key}
diff --git a/jenkins/client/job/deploy/update/init.yml b/jenkins/client/job/deploy/update/init.yml
index 5b1a57c..8e58753 100644
--- a/jenkins/client/job/deploy/update/init.yml
+++ b/jenkins/client/job/deploy/update/init.yml
@@ -5,6 +5,7 @@
- system.jenkins.client.job.deploy.update.update_mirror_image
- system.jenkins.client.job.deploy.update.update_ceph
- system.jenkins.client.job.deploy.update.upgrade
+ - system.jenkins.client.job.deploy.update.upgrade_rabbitmq
- system.jenkins.client.job.deploy.update.upgrade_compute
- system.jenkins.client.job.deploy.update.upgrade_mcp_release
- system.jenkins.client.job.deploy.update.upgrade_ovs_gateway
diff --git a/jenkins/client/job/deploy/update/upgrade_rabbitmq.yml b/jenkins/client/job/deploy/update/upgrade_rabbitmq.yml
new file mode 100644
index 0000000..73c2f1f
--- /dev/null
+++ b/jenkins/client/job/deploy/update/upgrade_rabbitmq.yml
@@ -0,0 +1,46 @@
+#
+# Jobs to upgrade RabbitMQ packages on given Salt master environment
+#
+parameters:
+ jenkins:
+ client:
+ job:
+ deploy-upgrade-rabbitmq:
+ type: workflow-scm
+ concurrent: true
+ discard:
+ build:
+ keep_num: 10
+ artifact:
+ keep_num: 10
+ display_name: "Deploy - upgrade RabbitMQ server"
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+ branch: "${_param:jenkins_pipelines_branch}"
+ credentials: "gerrit"
+ script: openstack-rabbitmq-upgrade.groovy
+ param:
+ SALT_MASTER_URL:
+ type: string
+ default: "${_param:jenkins_salt_api_url}"
+ SALT_MASTER_CREDENTIALS:
+ type: string
+ default: "salt"
+ OS_DIST_UPGRADE:
+ type: boolean
+ default: 'false'
+ description: "Upgrade system packages including kernel (apt-get dist-upgrade)"
+ OS_UPGRADE:
+ type: boolean
+ default: 'false'
+ description: "Upgrade all installed applications (apt-get upgrade)"
+ INTERACTIVE:
+ type: boolean
+ default: 'true'
+ description: "Ask interactive questions during pipeline run (bool)"
+ TARGET_SERVERS:
+ type: string
+ default: 'msg*'
+ description: "Salt compound expression to get messaging servers to upgrade."
+
diff --git a/jenkins/client/node.yml b/jenkins/client/node.yml
index e5e4d3b..2de0022 100644
--- a/jenkins/client/node.yml
+++ b/jenkins/client/node.yml
@@ -7,8 +7,7 @@
master:
node_mode: Exclusive
remote_home: /var/lib/jenkins
- labels:
- - python
+ num_executors: 0
launcher:
type: master
slave01:
diff --git a/keystone/server/cluster.yml b/keystone/server/cluster.yml
index 7e9ea1b..824c6b5 100644
--- a/keystone/server/cluster.yml
+++ b/keystone/server/cluster.yml
@@ -37,7 +37,7 @@
region: ${_param:openstack_region}
bind:
address: ${_param:cluster_local_address}
- private_address: ${_param:cluster_vip_address}
+ private_address: ${_param:openstack_service_host}
private_port: 35357
public_address: ${_param:cluster_vip_address}
public_port: 5000
diff --git a/kubernetes/control/services/drivetrain/jenkins_master.yml b/kubernetes/control/services/drivetrain/jenkins_master.yml
index 36d8c5a..a564318 100644
--- a/kubernetes/control/services/drivetrain/jenkins_master.yml
+++ b/kubernetes/control/services/drivetrain/jenkins_master.yml
@@ -1,7 +1,7 @@
parameters:
_param:
jenkins_master_extra_opts: ""
- jenkins_master_executors_num: 4
+ jenkins_master_executors_num: 0
jenkins_master_max_concurent_requests: 40
jenkins_home_dir_path: /var/jenkins_home
kubernetes:
diff --git a/nova/compute/cluster.yml b/nova/compute/cluster.yml
index 6df13f5..ba9132c 100644
--- a/nova/compute/cluster.yml
+++ b/nova/compute/cluster.yml
@@ -8,35 +8,6 @@
nova_compute_virtualization: kvm
nova_compute_avail_zone:
nova_aggregates: []
- nova_compute_ssh_public: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCltIn93BcTMzNK/n2eBze6PyTkmIgdDkeXNR9X4DqE48Va80ojv2pq8xuaBxiNITJzyl+4p4UvTTXo+HmuX8qbHvqgMGXvuPUCpndEfb2r67f6vpMqPwMgBrUg2ZKgN4OsSDHU+H0dia0cEaTjz5pvbUy9lIsSyhrqOUVF9reJq+boAvVEedm8fUqiZuiejAw2D27+rRtdEPgsKMnh3626YEsr963q4rjU/JssV/iKMNu7mk2a+koOrJ+aHvcVU8zJjfA0YghoeVT/I3GLU/MB/4tD/RyR8GM+UYbI4sgAC7ZOCdQyHdJgnEzx3SJIwcS65U0T2XYvn2qXHXqJ9iGZ root@mirantis.com
- nova_compute_ssh_private: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEpAIBAAKCAQEApbSJ/dwXEzMzSv59ngc3uj8k5JiIHQ5HlzUfV+A6hOPFWvNK
- I79qavMbmgcYjSEyc8pfuKeFL0016Ph5rl/Kmx76oDBl77j1AqZ3RH29q+u3+r6T
- Kj8DIAa1INmSoDeDrEgx1Ph9HYmtHBGk48+ab21MvZSLEsoa6jlFRfa3iavm6AL1
- RHnZvH1KombonowMNg9u/q0bXRD4LCjJ4d+tumBLK/et6uK41PybLFf4ijDbu5pN
- mvpKDqyfmh73FVPMyY3wNGIIaHlU/yNxi1PzAf+LQ/0ckfBjPlGGyOLIAAu2TgnU
- Mh3SYJxM8d0iSMHEuuVNE9l2L59qlx16ifYhmQIDAQABAoIBAQCYpqbwvE5tm59H
- GQb0C8Ykx4LfLD1INx1wiLmlJKYEQihPTw0fvXj1qZvl21+cs9ZcoTRpUbn6B3EA
- e9bs8sYc/P75j1x46LSdimkZKZUPygkk72d3ZbElUciOyKCxBDNDBQcTIQ9xpKFa
- 2E5Ep72npNMrWqp71r/Qwo20lEIkikIgAFPBgraxn5xIEdo59vzXNZsvyoIRi5p4
- ayH9nWSAXdF1YU3p3ljtHD8o2G/0d2TWGmjrd9vztc6tgXjp0PF60vDNgcJiudBg
- oNLDK/e5a44GJxlVDdJ84ESb7GprRStYmddl22xnI1SXlg87+t0QQwzR0CCtWXrz
- neXkicHhAoGBANkG9tOZfErhSL/jmsElQTNPcMNQkPiJzEmOIpr6jgSzCusPT/QD
- PnVwB42GC5+Zhd4e88BsTzECxPXmKk7r1cBKeJTg/ejgsrSfVAZqMsfhbp3mGOiH
- jymF+zC6Urj5q/Zkof8pEFICtyA5zlHvZmsQL9PDiqXIWALki2JvIDPdAoGBAMN2
- O+LWOM9qqwgSMaFY8VUdDdbmLx/ZMGWQ//Tx42WM8SU+cCpGTLDHHR0qC0gnRsV7
- V63DySEwiHn4I1cQ/AMijRxuw4Dkgk2YMRlgsAbVWO7aIlECWjSg+pRjNeA7If4D
- 5L/gu6wZIv1vu8/fvOwRpPUzhWjGN5Z0RyvYc7btAoGALNnrmL9XmIIGbuGy0cfJ
- OblpLHQyAas4tNrS/ARb5Uy7LOj1NRCWj96fMPhK3qjzqXvsFBBOLWrNGaR/id/j
- ROIfGWWGE+KcDAgBbXH1HKnSGn+7FhMt2v79coyPG/s9NqaFdB4gaVJ2VgqcQQKg
- v++QcssulCRbS/2/cJBWr2ECgYAJFCDL9G9HEwlGorGzcNIkxeiyppZhwFDDJuz8
- j4+kU9uPg0rqa8F8JINxq1ZCz7A10/jKlWFuLTbpk2Dw1lUeQCiVvX9PKU30FLGT
- IC6M4rPyxCb75EQUVbXN1p3WAGkfx0aEsweEgtZhNyNeEGJSBK/Iw8/agfpq/pOf
- sboOMQKBgQClKmrAYKWnwdPPka3msyjl/AXDruR4XFvMlOPKbs3nYstolE7eR94F
- 7xDyBz85icFU0rceYQetwFH2p5tRL0GcUQhJmJFgIL0OXdCQvRNJrT3iS00N1aUo
- SG9MrLHCd5l60aCUQg0UA5ed7Hd6SA314k+HwxJno9/wJ+voBeacMg==
- -----END RSA PRIVATE KEY-----
openssh:
client:
enabled: True
diff --git a/nova/compute/single.yml b/nova/compute/single.yml
index 16a3d06..2e65d06 100644
--- a/nova/compute/single.yml
+++ b/nova/compute/single.yml
@@ -7,36 +7,7 @@
parameters:
_param:
nova_vncproxy_url: https://${_param:cluster_public_host}:6080
- nova_compute_ssh_public: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCltIn93BcTMzNK/n2eBze6PyTkmIgdDkeXNR9X4DqE48Va80ojv2pq8xuaBxiNITJzyl+4p4UvTTXo+HmuX8qbHvqgMGXvuPUCpndEfb2r67f6vpMqPwMgBrUg2ZKgN4OsSDHU+H0dia0cEaTjz5pvbUy9lIsSyhrqOUVF9reJq+boAvVEedm8fUqiZuiejAw2D27+rRtdEPgsKMnh3626YEsr963q4rjU/JssV/iKMNu7mk2a+koOrJ+aHvcVU8zJjfA0YghoeVT/I3GLU/MB/4tD/RyR8GM+UYbI4sgAC7ZOCdQyHdJgnEzx3SJIwcS65U0T2XYvn2qXHXqJ9iGZ root@mirantis.com
nova_compute_avail_zone:
- nova_compute_ssh_private: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEpAIBAAKCAQEApbSJ/dwXEzMzSv59ngc3uj8k5JiIHQ5HlzUfV+A6hOPFWvNK
- I79qavMbmgcYjSEyc8pfuKeFL0016Ph5rl/Kmx76oDBl77j1AqZ3RH29q+u3+r6T
- Kj8DIAa1INmSoDeDrEgx1Ph9HYmtHBGk48+ab21MvZSLEsoa6jlFRfa3iavm6AL1
- RHnZvH1KombonowMNg9u/q0bXRD4LCjJ4d+tumBLK/et6uK41PybLFf4ijDbu5pN
- mvpKDqyfmh73FVPMyY3wNGIIaHlU/yNxi1PzAf+LQ/0ckfBjPlGGyOLIAAu2TgnU
- Mh3SYJxM8d0iSMHEuuVNE9l2L59qlx16ifYhmQIDAQABAoIBAQCYpqbwvE5tm59H
- GQb0C8Ykx4LfLD1INx1wiLmlJKYEQihPTw0fvXj1qZvl21+cs9ZcoTRpUbn6B3EA
- e9bs8sYc/P75j1x46LSdimkZKZUPygkk72d3ZbElUciOyKCxBDNDBQcTIQ9xpKFa
- 2E5Ep72npNMrWqp71r/Qwo20lEIkikIgAFPBgraxn5xIEdo59vzXNZsvyoIRi5p4
- ayH9nWSAXdF1YU3p3ljtHD8o2G/0d2TWGmjrd9vztc6tgXjp0PF60vDNgcJiudBg
- oNLDK/e5a44GJxlVDdJ84ESb7GprRStYmddl22xnI1SXlg87+t0QQwzR0CCtWXrz
- neXkicHhAoGBANkG9tOZfErhSL/jmsElQTNPcMNQkPiJzEmOIpr6jgSzCusPT/QD
- PnVwB42GC5+Zhd4e88BsTzECxPXmKk7r1cBKeJTg/ejgsrSfVAZqMsfhbp3mGOiH
- jymF+zC6Urj5q/Zkof8pEFICtyA5zlHvZmsQL9PDiqXIWALki2JvIDPdAoGBAMN2
- O+LWOM9qqwgSMaFY8VUdDdbmLx/ZMGWQ//Tx42WM8SU+cCpGTLDHHR0qC0gnRsV7
- V63DySEwiHn4I1cQ/AMijRxuw4Dkgk2YMRlgsAbVWO7aIlECWjSg+pRjNeA7If4D
- 5L/gu6wZIv1vu8/fvOwRpPUzhWjGN5Z0RyvYc7btAoGALNnrmL9XmIIGbuGy0cfJ
- OblpLHQyAas4tNrS/ARb5Uy7LOj1NRCWj96fMPhK3qjzqXvsFBBOLWrNGaR/id/j
- ROIfGWWGE+KcDAgBbXH1HKnSGn+7FhMt2v79coyPG/s9NqaFdB4gaVJ2VgqcQQKg
- v++QcssulCRbS/2/cJBWr2ECgYAJFCDL9G9HEwlGorGzcNIkxeiyppZhwFDDJuz8
- j4+kU9uPg0rqa8F8JINxq1ZCz7A10/jKlWFuLTbpk2Dw1lUeQCiVvX9PKU30FLGT
- IC6M4rPyxCb75EQUVbXN1p3WAGkfx0aEsweEgtZhNyNeEGJSBK/Iw8/agfpq/pOf
- sboOMQKBgQClKmrAYKWnwdPPka3msyjl/AXDruR4XFvMlOPKbs3nYstolE7eR94F
- 7xDyBz85icFU0rceYQetwFH2p5tRL0GcUQhJmJFgIL0OXdCQvRNJrT3iS00N1aUo
- SG9MrLHCd5l60aCUQg0UA5ed7Hd6SA314k+HwxJno9/wJ+voBeacMg==
- -----END RSA PRIVATE KEY-----
openssh:
client:
enabled: True
diff --git a/openssh/client/lab.yml b/openssh/client/lab.yml
index 7a65847..e69de29 100644
--- a/openssh/client/lab.yml
+++ b/openssh/client/lab.yml
@@ -1,44 +0,0 @@
-applications:
-- openssh
-parameters:
- _param:
- cluster_private_key: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEowIBAAKCAQEAxL6/rVgCetsETpZaUmXmkj8cZ1WN0eubH1FvMDOi/La9ZJyT
- k0C6AYpJnIyEm93pMj5cLm08qRqMW+2pdOhYjcH69yg5MrX5SkRk8jCmIHIYoIbh
- Qnwbnj3dd3I39ZdfU2FO7u2vlbglVou6ZoQxlJDItuLNtzq6EG+w9eF19e7+OsC6
- 6iUItp618zfw1l3J/8nKvCGe2RYDf7mJW6XwCl/DwryJmwwzvPgYJ3QMuDD8/HFj
- lrJ3xjFTXj4b4Ws1XIoy78fFbtiLr4OwqCYkho03u2E5rOOP1qZxZB63sivHMLMO
- MM5bOAQKbulFNoyALADGYfc7sf0bZ4u9XXDXxQIDAQABAoIBAQCfmc2MJRT97KW1
- yqpCpX9BrAiymuiNHf+cjEcSZxEUyHkjIRFmJt+9WB0W7ba1anM92vCUiPDojSzH
- dig9Oi578JxR20NrK8uqv4jUHzrknynzLveVI3CUEcOSnglfJQijbxDFKfOCFPvV
- FUyE1UATMNBh6+LNfMprgu+exuMWOPnDyUiYQ+WZ0JfuZY8fuaZte4woJJOb9LUu
- 5rsMG/smIzjpgZ0Z9ZVDMurfq565qhpaXRAqKeIuyht8pacTo31iMQdHB78AvY/3
- g0z21Gk8k3z0Kr/YFKr2r4FmXY5m/gAUvZly2ZrVQM5XsbTVCzq/JpI5fssNvSbU
- AKmXzf4RAoGBAOO3d4/cstxERzW6hyOTjZIN1ppR52CsnZTsVPbfd0pCtmzmVZce
- CtHKdcXSbTwZvvkK09QSWAp3MoSpd0gIOiLU8Wx/R/RIZsu9BlhTS3r3EQLnk72d
- H/1TTA+j4T/LIYLSojQ1RxvIrHetAD44j732aTwKAHj/SybEAVqNkOB/AoGBAN0u
- gLcrgqIHGrk4VjWSvlCGymfF40equcx+ud7XhfZDGETUOSahW4dPZ52cjPAkrCBQ
- MMfcDwSVGsOAjd+mNt11BHUKobnhXwFaWWuyqyn9NmWFbjMbICVh7E3Of5aVN38o
- lrmo/7LuKMVG7XRwphCv5NkaJmQG4njDyUQWlaW7AoGADCd8wDb9bPhP/LQqBmIX
- ylXmwHHisaxE9O/wUQT4bwREjGd25gv6c9wkkRx8LBsLsGs9hzI7dMOL9Ly+2x9l
- SvqmsC3S/1zl77X1Ir2/Z57MT6Vgo1xBmtnZU3Rhz2/eKAdqFPNLClaZrgGT475N
- HcyLLWMzR0IJFtabY+Puea0CgYA8Zb5wRkldxWLewSuJZZDinGwY+kieAVjLJq/K
- 0j+ah6fQ48LXcah0wpIgz+cMjHcUO9GWQdk3/x9X03rqX5EL2DBnZYfUIl63F9zj
- M97ZkHOSNWVqPzX//0Vv2butewG0j3jZKfTo/2/SrxOYgEpYtC9huWpSVi7xm0US
- erhSkQKBgFIf9JEsfgE57ANhvITZ3ZI0uZXNxZkXQaVg8jvScDi79IIhy9iPzhKC
- aIIQoDNIlWv1ftCRZ5AlBvVXgvQ/QNrwy48JiQTzWZlb9Ezg8w+olQmSbG6fq7Y+
- 7r3i+QUZ7RBdOb24QcQ618q54ozNTCB7OywY78ptFzeoBeptiNr1
- -----END RSA PRIVATE KEY-----
- openssh:
- client:
- enabled: true
- user:
- root:
- enabled: true
- user: ${linux:system:user:root}
- private_key: ${private_keys:lab}
- private_keys:
- lab:
- type: rsa
- key: ${_param:cluster_private_key}
diff --git a/openssh/client/root.yml b/openssh/client/root.yml
index 66f8f88..8f072a8 100644
--- a/openssh/client/root.yml
+++ b/openssh/client/root.yml
@@ -1,44 +1,13 @@
applications:
- openssh
parameters:
- _param:
- root_private_key: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEpQIBAAKCAQEAsy1IhygI3xV4md37IMd+blxelYr3wuVhWn7uEDGpcZo+lvrN
- u+6An3VgPA7uX9cLUFzO91UOZx5F4TNlCH1DGq7MoVyvgcSla3IBATR3SpQ8rWnn
- FD8rjsUw3RloTfwz7+f7y/DWFsHhGAWzWy4FNE3e0b5udk1Fyk4SA43he1w8V+Eo
- V1oqQUsFOG6DlAbUfCln4GvH7KngTfnmnLgEBUdzK6zn1bwLllugbH9OO3Jnflek
- L9K2qFu9zbuDP2QHU7GkeZOtmtHB7EkaIt4QpjUasPgmWkIvKa0FOrdunljxLc54
- 6eRJDxfiy4fC8VKAn1qlk/i8XvEEME9Z8fywjQIDAQABAoIBAQCdMsuBGNS/tDy8
- 8g5TsfLwrEWneebprQl+tgHzXz7EFol3OM+rZBKg0//8cTUeDLM2bFaAlLUwL1Ur
- wUWQ7yUikd2ibIjmlzpyS/Ept3g5jFi35EQCdXGnrsWyFYp3cR+4CZXWVZPfH3Z2
- 9vlms7eJLhChgCu1yxHB7kDLsXz0Fn5jaWPd2TDY+3Y3t3LCFxNgfIQ+Mljzj/6f
- +MG7bp/5UuEA76oZnPfp2fj1vqWYCI6ftk4Wam1AkHVUNP3jjl48cao7EKeH5v4E
- 0PL+AY3av4SoUQWf1ZlkkJrhIyRRdVDavX86t17NXmrQvaz3brz8yI2Hh08ho413
- AH8C0zyZAoGBANcea55n9vBoA4FQRX2HEA9ljdPWIFdvkKXvxb7R/UxhzublicBm
- 3JwcDCwbiGhEzYhMlDmt0hZ4YPA3fL7WwP2EXkrYyqn1tSGSS2CkfhpuB2xgPTSr
- cxbJj5iuKM0eS9GdPqae2k4ME3sC5pi+eiiWuUuvzhqid8EMAGFvYdcXAoGBANU6
- R4OLghz2FaTSeFFHfHCoAym03qMe9pRCugnM2Np0vEZ650G2xez8OtYim8nttkTE
- xCWppxBtHIjN6mm4pOHsGxr0LqrKtHgMxkawyBx9hZTZSNudAMupPXBRHlPm/+hL
- EXt4xUiBd4GVkWw2esEKINi83dXHnECugknJN7v7AoGBAJHy4bEneDLDXx1tCLiR
- 2iOYExGWRXsNBmaOtuswLVqVQXsGYN9Y6nQ/00JZq8KSa5/91NMNS2xTX/Gas9gG
- fAmEtTSywU1uluWgC+QVtjjYTdEJunzxlbPwLKy5/JSt6WLd/JOvUw2Aw/bBkRIw
- qVDAchcXwA3yDK29JsT0fL0hAoGBAMqu0zufaNbOtFQwHF5mbUtI6XjDjL3RuOHF
- a8HVDmzZef4k5Z35drqGKAdUbnHLm+5Se4CxezSKAw2nbqN/+HsoS7ubUKDYfiN/
- QRoBALbUOh37TN40p4TwIo6ZDRMECU1tzfhoHF+HcWmkGs+aGaVVU1Oyc8u6KjTx
- rLcmpevxAoGAFz4bvKyBt/wq8TPTVzU/iJtwBLq8WdZpKJcuVkF7/DWY3A3maOFs
- P9IMHeDD+tlfIu0Y3qmPmEaLzXsMfRh+3Eb6itrgDRFEuE/HyPIWxHvDt1jjfIFu
- O87TLcnZIoW99nyY0RixwuK6ZeCmmyktX0iO7dNDIOyBReCs6ZwXSSc=
- -----END RSA PRIVATE KEY-----
openssh:
client:
- enabled: true
+ enabled: True
user:
root:
- enabled: true
+ enabled: True
user: ${linux:system:user:root}
- private_key: ${private_keys:root}
- private_keys:
- root:
- type: rsa
- key: ${_param:root_private_key}
+ private_key:
+ key: ${_param:root_private_key}
+ type: rsa
diff --git a/openssh/server/single.yml b/openssh/server/single.yml
index b6055aa..0288a21 100644
--- a/openssh/server/single.yml
+++ b/openssh/server/single.yml
@@ -1,3 +1,37 @@
classes:
- service.openssh.server
- service.openssh.server.cis
+# TODO: Uncomment service.openssh.server.sshd-strong-ciphers
+# when package with https://gerrit.mcp.mirantis.com/#/c/36220/
+# will be published.
+#- service.openssh.server.sshd-strong-ciphers
+# TODO: Remove parameters:openssh:server:ciphers completely
+# when package with https://gerrit.mcp.mirantis.com/#/c/36220/
+# will be published.
+parameters:
+ openssh:
+ server:
+ ciphers:
+ "3des-cbc":
+ enabled: True
+ "aes128-cbc":
+ enabled: True
+ "aes192-cbc":
+ enabled: True
+ "aes256-cbc":
+ enabled: True
+ "aes128-ctr":
+ enabled: True
+ "aes192-ctr":
+ enabled: True
+ "aes256-ctr":
+ enabled: True
+ "aes128-gcm@openssh.com":
+ enabled: True
+ "aes256-gcm@openssh.com":
+ enabled: True
+ "chacha20-poly1305@openssh.com":
+ enabled: True
+ "rijndael-cbc@lysator.liu.se":
+ enabled: True
+
diff --git a/openssh/server/team/all.yml b/openssh/server/team/all.yml
index e8e25c4..3a9b453 100644
--- a/openssh/server/team/all.yml
+++ b/openssh/server/team/all.yml
@@ -1,6 +1,5 @@
classes:
# avoid teams w/sudo group restrictions, or override restrictions
-- system.openssh.server.team.lab
- system.openssh.server.team.cicd
- system.openssh.server.team.mcp_qa
- system.openssh.server.team.mcp_ci
diff --git a/openssh/server/team/drivetrain.yml b/openssh/server/team/drivetrain.yml
index 1a0d574..066d543 100644
--- a/openssh/server/team/drivetrain.yml
+++ b/openssh/server/team/drivetrain.yml
@@ -4,6 +4,7 @@
- system.openssh.server.team.members.iberezovskiy
- system.openssh.server.team.members.mpolreich
- system.openssh.server.team.members.sriazanov
+- system.openssh.server.team.members.efedorova
parameters:
_param:
linux_system_user_sudo: true
diff --git a/openssh/server/team/lab.yml b/openssh/server/team/lab.yml
index b6c90f8..619481c 100644
--- a/openssh/server/team/lab.yml
+++ b/openssh/server/team/lab.yml
@@ -1,10 +1,4 @@
parameters:
- _param:
- linux_system_user_sudo: true
- # This is the public key associated to the default private key setup in
- # openssh.client.lab
- cluster_public_key: >-
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDEvr+tWAJ62wROllpSZeaSPxxnVY3R65sfUW8wM6L8tr1knJOTQLoBikmcjISb3ekyPlwubTypGoxb7al06FiNwfr3KDkytflKRGTyMKYgchighuFCfBuePd13cjf1l19TYU7u7a+VuCVWi7pmhDGUkMi24s23OroQb7D14XX17v46wLrqJQi2nrXzN/DWXcn/ycq8IZ7ZFgN/uYlbpfAKX8PCvImbDDO8+BgndAy4MPz8cWOWsnfGMVNePhvhazVcijLvx8Vu2Iuvg7CoJiSGjTe7YTms44/WpnFkHreyK8cwsw4wzls4BApu6UU2jIAsAMZh9zux/Rtni71dcNfF
linux:
system:
user:
@@ -14,13 +8,9 @@
home: /root
openssh:
server:
- permit_root_login: true
user:
root:
- enabled: true
+ enabled: false
user: ${linux:system:user:root}
public_keys:
- - ${public_keys:root}
- public_keys:
- root:
- key: ${_param:cluster_public_key}
+ - key: ${_param:root_public_key}
diff --git a/openssh/server/team/members/efedorova.yml b/openssh/server/team/members/efedorova.yml
new file mode 100644
index 0000000..8f37847
--- /dev/null
+++ b/openssh/server/team/members/efedorova.yml
@@ -0,0 +1,19 @@
+parameters:
+ linux:
+ system:
+ user:
+ efedorova:
+ email: efedorova@mirantis.com
+ enabled: true
+ full_name: Ekaterina Chernova
+ home: /home/efedorova
+ name: efedorova
+ sudo: ${_param:linux_system_user_sudo}
+ openssh:
+ server:
+ user:
+ efedorova:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC2WZDqD0R/6RNSx4KdR5QD/jmCWnl/4QHHZeu679gP6Sdy/Z2/Qzf9k7hBSwLFExjLCu4dIJGhdvB1HoG3S5qIqdhfKZTkJp2ackDPnegSAhgqem/tXcyQrMOe8jtCCK375kwsMV5dJkxadbv5Qb71TdwHeBsV5B3Kmi5q0WwSlzsq3AI8OvNn4KeSeEGGv2lK6Ddxwl1u5IcSf5G0zBGc8s0mwGPnsBIATfiztX61MkqyDPIuYacRpkaDLX5v/X7eYqxYxDop6OBLxR+mgivluDEyDaQ9DKHO5ypQIiAk359CxMSQ9T+y5WSL0MdgYSKxFsK8jzo6JquZC54ZUQKb efedorova
+ user: ${linux:system:user:efedorova}
\ No newline at end of file
diff --git a/prometheus/gainsight/query/openstack.yml b/prometheus/gainsight/query/openstack.yml
index ad43d36..9ebf282 100644
--- a/prometheus/gainsight/query/openstack.yml
+++ b/prometheus/gainsight/query/openstack.yml
@@ -19,3 +19,6 @@
compute_instance_create_start: "'VM creation start','sum(compute_instance_create_start_host_doc_count)'"
compute_instance_create_end: "'VM creation end','sum(compute_instance_create_end_host_doc_count)'"
compute_instance_create_error: "'VM creation error','sum(compute_instance_create_error_host_doc_count)'"
+ nova_vm_all: "'Total VM number','avg_over_time(total:openstack_nova_instance_all[1d])'"
+ nova_vm_failed: "'Failed VM number','avg_over_time(total:openstack_nova_instance_failed[1d])'"
+ kpi_downtime: "'KPI Downtime','1 - avg_over_time(total:openstack_nova_instance_failed[1d]) / avg_over_time(total:openstack_nova_instance_all[1d])'"
diff --git a/xtrabackup/client/single.yml b/xtrabackup/client/single.yml
index cf88e28..451a299 100644
--- a/xtrabackup/client/single.yml
+++ b/xtrabackup/client/single.yml
@@ -2,9 +2,12 @@
- service.xtrabackup.client.single
- system.openssh.client.root
parameters:
- _param:
- xtrabackup_client_throttle: 0 # disabled
xtrabackup:
client:
cron: false
throttle: ${_param:xtrabackup_client_throttle}
+ linux:
+ system:
+ package:
+ sysstat:
+ version: latest
\ No newline at end of file
diff --git a/xtrabackup/server/single.yml b/xtrabackup/server/single.yml
index 34ba45d..d440e48 100644
--- a/xtrabackup/server/single.yml
+++ b/xtrabackup/server/single.yml
@@ -14,3 +14,6 @@
user:
xtrabackup:
enabled: true
+ package:
+ sysstat:
+ version: latest
\ No newline at end of file
diff --git a/zookeeper/backup/client/single.yml b/zookeeper/backup/client/single.yml
index d8eaaac..e1eac1b 100644
--- a/zookeeper/backup/client/single.yml
+++ b/zookeeper/backup/client/single.yml
@@ -2,8 +2,6 @@
- service.zookeeper.backup.client
- system.openssh.client.root
parameters:
- _param:
- zookeeper_remote_backup_server: cfg01
zookeeper:
backup:
client: