Merge "Add Telegraf SSL support"
diff --git a/aodh/server/coordination/redis.yml b/aodh/server/coordination/redis.yml
index e013e0f..16e2838 100644
--- a/aodh/server/coordination/redis.yml
+++ b/aodh/server/coordination/redis.yml
@@ -1,7 +1,20 @@
classes:
- service.redis.server.single
parameters:
+ _param:
+ aodh_coordination_url: redis://openstack:${_param:openstack_telemetry_redis_password}@${_param:redis_sentinel_node01_address}:26379?db=0&sentinel=master_1&sentinel_fallback=${_param:redis_sentinel_node02_address}:26379&sentinel_fallback=${_param:redis_sentinel_node03_address}:26379
aodh:
server:
coordination_backend:
- url: redis://${_param:single_address}:6379/${_param:cluster_node01_address}
+ url: ${_param:aodh_coordination_url}
+ engine: redis
+ redis:
+ password: ${_param:openstack_telemetry_redis_password}
+ user: openstack
+ db: ${_param:aodh_redis_db}
+ sentinel:
+ host: ${_param:redis_sentinel_node01_address}
+ master_name: ${_param:aodh_redis_sentinel_mastername}
+ fallback:
+ - host: ${_param:redis_sentinel_node02_address}
+ - host: ${_param:redis_sentinel_node03_address}
diff --git a/ceilometer/server/coordination/redis.yml b/ceilometer/server/coordination/redis.yml
index e8610f3..7b0edac 100644
--- a/ceilometer/server/coordination/redis.yml
+++ b/ceilometer/server/coordination/redis.yml
@@ -1,7 +1,20 @@
classes:
- service.redis.server.single
parameters:
+ _param:
+ ceilometer_coordination_url: redis://openstack:${_param:openstack_telemetry_redis_password}@${_param:redis_sentinel_node01_address}:26379?db=0&sentinel=master_1&sentinel_fallback=${_param:redis_sentinel_node02_address}:26379&sentinel_fallback=${_param:redis_sentinel_node03_address}:26379
ceilometer:
server:
coordination_backend:
- url: redis://${_param:single_address}:6379/${_param:cluster_node01_address}
+ url: ${_param:ceilometer_coordination_url}
+ engine: redis
+ redis:
+ password: ${_param:openstack_telemetry_redis_password}
+ user: openstack
+ db: ${_param:ceilometer_redis_db}
+ sentinel:
+ host: ${_param:redis_sentinel_node01_address}
+ master_name: ${_param:ceilometer_redis_sentinel_mastername}
+ fallback:
+ - host: ${_param:redis_sentinel_node02_address}
+ - host: ${_param:redis_sentinel_node03_address}
diff --git a/defaults/docker_images.yml b/defaults/docker_images.yml
index 342c55f..2457920 100644
--- a/defaults/docker_images.yml
+++ b/defaults/docker_images.yml
@@ -46,6 +46,7 @@
docker_image_keycloak_proxy: "${_param:mcp_docker_registry}/mirantis/external/jboss/keycloak:3.4.2.Final"
# CVP
docker_image_cvp_sanity_checks: ${_param:mcp_docker_registry}/mirantis/cvp/cvp-sanity-checks:${_param:mcp_version}
+ docker_image_cvp_shaker_checks: ${_param:mcp_docker_registry}/mirantis/cvp/cvp-shaker:${_param:mcp_version}
# aptly
docker_image_aptly:
base: "${_param:mcp_docker_registry}/mirantis/cicd/aptly:${_param:mcp_version}"
diff --git a/defaults/openstack/init.yml b/defaults/openstack/init.yml
index 3ad9e13..290a511 100644
--- a/defaults/openstack/init.yml
+++ b/defaults/openstack/init.yml
@@ -14,6 +14,8 @@
openstack_kmn_service_host: ${_param:openstack_kmn_service_hostname}.${linux:system:domain}
openstack_telemetry_service_host: ${_param:openstack_telemetry_service_hostname}.${linux:system:domain}
openstack_service_user_enabled: True
+ openstack_telemetry_redis_db: '0'
+ openstack_telemetry_redis_sentinel_mastername: 'master_1'
# SSL
ceilometer_agent_ssl_enabled: False
openstack_mysql_x509_enabled: False
@@ -70,17 +72,23 @@
aodh_old_version: ${_param:openstack_old_version}
aodh_version: ${_param:openstack_version}
aodh_upgrade_enabled: ${_param:openstack_upgrade_enabled}
+ aodh_redis_db: ${_param:openstack_telemetry_redis_db}
+ aodh_redis_sentinel_mastername: ${_param:openstack_telemetry_redis_sentinel_mastername}
# Ceilometer
ceilometer_old_version: ${_param:openstack_old_version}
ceilometer_version: ${_param:openstack_version}
ceilometer_upgrade_enabled: ${_param:openstack_upgrade_enabled}
ceilometer_gnocchi_archive_policy: default
+ ceilometer_redis_db: ${_param:openstack_telemetry_redis_db}
+ ceilometer_redis_sentinel_mastername: ${_param:openstack_telemetry_redis_sentinel_mastername}
# Gnocchi
gnocchi_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
gnocchi_memcache_secret_key: ''
gnocchi_version: 4.0
gnocchi_old_version: ${_param:gnocchi_version}
gnocchi_upgrade_enabled: ${_param:openstack_upgrade_enabled}
+ gnocchi_redis_db: ${_param:openstack_telemetry_redis_db}
+ gnocchi_redis_sentinel_mastername: ${_param:openstack_telemetry_redis_sentinel_mastername}
# Panko
panko_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
panko_memcache_secret_key: ''
diff --git a/gnocchi/common/coordination/redis.yml b/gnocchi/common/coordination/redis.yml
index 673d9bd..f1e94b6 100644
--- a/gnocchi/common/coordination/redis.yml
+++ b/gnocchi/common/coordination/redis.yml
@@ -1,7 +1,18 @@
parameters:
_param:
- gnocchi_coordination_url: redis://${_param:single_address}:6379
+ gnocchi_coordination_url: redis://openstack:${_param:openstack_telemetry_redis_password}@${_param:redis_sentinel_node01_address}:26379?db=0&sentinel=master_1&sentinel_fallback=${_param:redis_sentinel_node02_address}:26379&sentinel_fallback=${_param:redis_sentinel_node03_address}:26379
gnocchi:
common:
coordination_backend:
url: ${_param:gnocchi_coordination_url}
+ engine: redis
+ redis:
+ password: ${_param:openstack_telemetry_redis_password}
+ user: openstack
+ db: ${_param:gnocchi_redis_db}
+ sentinel:
+ host: ${_param:redis_sentinel_node01_address}
+ master_name: ${_param:gnocchi_redis_sentinel_mastername}
+ fallback:
+ - host: ${_param:redis_sentinel_node02_address}
+ - host: ${_param:redis_sentinel_node03_address}
diff --git a/gnocchi/common/storage/incoming/redis.yml b/gnocchi/common/storage/incoming/redis.yml
index d0f04d7..77cd6c6 100644
--- a/gnocchi/common/storage/incoming/redis.yml
+++ b/gnocchi/common/storage/incoming/redis.yml
@@ -1,10 +1,20 @@
parameters:
_param:
- gnocchi_storage_incoming_redis_url: redis://${_param:single_address}:6379
+ gnocchi_storage_incoming_redis_url: redis://openstack:${_param:openstack_telemetry_redis_password}@${_param:redis_sentinel_node01_address}:26379?db=0&sentinel=master_1&sentinel_fallback=${_param:redis_sentinel_node02_address}:26379&sentinel_fallback=${_param:redis_sentinel_node03_address}:26379
gnocchi_storage_incoming_driver: redis
gnocchi:
common:
storage:
incoming:
driver: ${_param:gnocchi_storage_incoming_driver}
- redis_url: ${_param:gnocchi_storage_incoming_redis_url}
\ No newline at end of file
+ redis_url: ${_param:gnocchi_storage_incoming_redis_url}
+ redis:
+ password: ${_param:openstack_telemetry_redis_password}
+ user: openstack
+ db: ${_param:gnocchi_redis_db}
+ sentinel:
+ host: ${_param:redis_sentinel_node01_address}
+ master_name: ${_param:gnocchi_redis_sentinel_mastername}
+ fallback:
+ - host: ${_param:redis_sentinel_node02_address}
+ - host: ${_param:redis_sentinel_node03_address}
diff --git a/gnocchi/common/storage/redis.yml b/gnocchi/common/storage/redis.yml
index d71fcf0..079c887 100644
--- a/gnocchi/common/storage/redis.yml
+++ b/gnocchi/common/storage/redis.yml
@@ -1,9 +1,19 @@
parameters:
_param:
- gnocchi_storage_redis_url: redis://${_param:single_address}:6379
+ gnocchi_storage_redis_url: redis://openstack:${_param:openstack_telemetry_redis_password}@${_param:redis_sentinel_node01_address}:26379?db=0&sentinel=master_1&sentinel_fallback=${_param:redis_sentinel_node02_address}:26379&sentinel_fallback=${_param:redis_sentinel_node03_address}:26379
gnocchi_storage_driver: redis
gnocchi:
common:
storage:
driver: ${_param:gnocchi_storage_driver}
- redis_url: ${_param:gnocchi_storage_redis_url}
\ No newline at end of file
+ redis_url: ${_param:gnocchi_storage_redis_url}
+ redis:
+ password: ${_param:openstack_telemetry_redis_password}
+ user: openstack
+ db: ${_param:gnocchi_redis_db}
+ sentinel:
+ host: ${_param:redis_sentinel_node01_address}
+ master_name: ${_param:gnocchi_redis_sentinel_mastername}
+ fallback:
+ - host: ${_param:redis_sentinel_node02_address}
+ - host: ${_param:redis_sentinel_node03_address}
diff --git a/jenkins/client/approved_scripts.yml b/jenkins/client/approved_scripts.yml
index f15b370..43bc5e2 100644
--- a/jenkins/client/approved_scripts.yml
+++ b/jenkins/client/approved_scripts.yml
@@ -85,6 +85,8 @@
- method java.util.stream.Stream collect java.util.stream.Collector
- method jenkins.model.Jenkins getItemByFullName java.lang.String
- method jenkins.model.Jenkins getPluginManager
+ - method org.apache.commons.net.util.SubnetUtils getInfo
+ - method org.apache.commons.net.util.SubnetUtils$SubnetInfo getNetmask
- method org.jenkinsci.plugins.workflow.job.WorkflowRun doStop
- method org.jenkinsci.plugins.workflow.job.WorkflowRun finish hudson.model.Result java.lang.Throwable
- method org.jenkinsci.plugins.workflow.steps.FlowInterruptedException getCauses
@@ -110,6 +112,7 @@
- new java.util.Date
- new java.util.HashMap
- new java.util.LinkedHashMap java.util.Map
+ - new org.apache.commons.net.util.SubnetUtils java.lang.String
- staticField groovy.io.FileType FILES
- staticMethod com.cloudbees.plugins.credentials.CredentialsProvider lookupCredentials java.lang.Class hudson.model.ItemGroup
- staticMethod hudson.model.Hudson getInstance
diff --git a/jenkins/client/job/deploy/backupninja_restore.yml b/jenkins/client/job/deploy/backupninja_restore.yml
new file mode 100644
index 0000000..664aa26
--- /dev/null
+++ b/jenkins/client/job/deploy/backupninja_restore.yml
@@ -0,0 +1,26 @@
+
+parameters:
+ jenkins:
+ client:
+ job:
+ backupninja_restore:
+ type: workflow-scm
+ name: backupninja-restore
+ display_name: "Backupninja restore salt-master/MaaS backup"
+ discard:
+ build:
+ keep_num: 50
+ concurrent: true
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+ branch: "${_param:jenkins_pipelines_branch}"
+ credentials: "gerrit"
+ script: backupninja-restore-pipeline.groovy
+ param:
+ SALT_MASTER_CREDENTIALS:
+ type: string
+ default: "salt"
+ SALT_MASTER_URL:
+ type: string
+ default: "${_param:jenkins_salt_api_url}"
diff --git a/jenkins/client/job/deploy/update/init.yml b/jenkins/client/job/deploy/update/init.yml
index 3fffe7e..5b1a57c 100644
--- a/jenkins/client/job/deploy/update/init.yml
+++ b/jenkins/client/job/deploy/update/init.yml
@@ -20,3 +20,4 @@
- system.jenkins.client.job.deploy.galera_verify_restore
- system.jenkins.client.job.deploy.galera_database_backup
- system.jenkins.client.job.deploy.backupninja_backup
+ - system.jenkins.client.job.deploy.backupninja_restore
diff --git a/jenkins/client/job/validate.yml b/jenkins/client/job/validate.yml
index d24db10..21313b2 100644
--- a/jenkins/client/job/validate.yml
+++ b/jenkins/client/job/validate.yml
@@ -16,7 +16,7 @@
keep_num: 50
artifact:
keep_num: 50
- concurrent: false
+ concurrent: true
scm:
type: git
url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
@@ -24,40 +24,14 @@
credentials: "gerrit"
script: validate-cloud.groovy
param:
- ACCUMULATE_RESULTS:
- type: boolean
- default: 'true'
- description: If chosen then previous build results will be used in the current build
JOB_TIMEOUT:
type: string
default: "3"
description: Job timeout in hours
- RUN_RALLY_TESTS:
- type: boolean
- default: 'true'
- description: |
- If chosen, Rally tests will be executed. Please set K8S_RALLY='true' if you plan
- to test K8S cluster with Rally framework. Special K8S plugin has to be utilized
- RUN_TEMPEST_TESTS:
- type: boolean
- default: 'false'
- description: If chosen then Tempest tests will be executed
- RUN_SPT_TESTS:
- type: boolean
- default: 'false'
- description: If chosen, SPT tests will be executed
TEST_IMAGE:
type: string
- default: 'xrally/xrally-openstack:latest'
- description: |
- Docker image to use with required test set. Please use
- 'xrally/xrally-openstack:latest' - for Rally tests
- "${_param:mcp_docker_registry}/mirantis/oss/qa-tools" -
- for SPT/Tempest environment setup
- TARGET_NODE:
- type: string
- default: ""
- description: Target node where this job will be executed from
+ default: "xrally/xrally-openstack:1.4.0"
+ description: Rally docker image to use for running tests
SALT_MASTER_URL:
type: string
default: "${_param:jenkins_salt_api_url}"
@@ -68,7 +42,8 @@
description: Credentials to the Salt API
VALIDATE_PARAMS:
type: text
- default: |
+ description: YAML of parameters for Rally test
+ default: |
---
rally:
# Name of availability zone
@@ -80,7 +55,7 @@
# Flavor name for Rally scenarios
RALLY_FLAVOR: 'm1.tiny'
# Git repository with configuration files for Rally
- RALLY_CONFIG_REPO: 'https://github.com/Mirantis/scale-scenarios'
+ RALLY_CONFIG_REPO: 'https://review.gerrithub.io/Mirantis/scale-scenarios'
# Git branch which will be used during the checkout
RALLY_CONFIG_BRANCH: 'master'
# Git repository with Rally plugins
@@ -106,38 +81,10 @@
K8S_RALLY: 'false'
# If chosen then Stacklight Rally test will be executed
STACKLIGHT_RALLY: 'false'
- # Path for reports outside docker image
- REPORT_DIR: '/root/qa_results'
# Scenarios names/dirs to skip
SKIP_LIST: ''
- tempest:
- # Set of Tempest tests to run (smoke,full)
- TEMPEST_TEST_SET: 'smoke'
- # Git repository with configuration files for Tempest
- TEMPEST_CONFIG_REPO: ''
- # Git branch which will be used during the checkout
- TEMPEST_CONFIG_BRANCH: ''
- # description: Git repository with Tempest
- TEMPEST_REPO: ''
- # description: Version of Tempest (tag, branch or commit)
- TEMPEST_VERSION: ''
- # If chosen, run HTML report will be generated
- GENERATE_REPORT: 'false'
- spt:
- # Name of availability zone
- AVAILABILITY_ZONE: 'nova'
- # External(floating) network name
- FLOATING_NETWORK: 'public'
- # Username that is used to ssh between cluster nodes
- SPT_SSH_USER: 'root'
- # Image that is used for network-VM-to-VM-iperf-tests tests
- SPT_IMAGE: ''
- # Username that is used to ssh to SPT_IMAGE
- SPT_IMAGE_USER: ''
- # Flavor name for SPT_IMAGE (make sure you have required flavor created)
- SPT_FLAVOR: ''
- # If chosen, run HTML report will be generated
- GENERATE_REPORT: 'false'
+ # Run in parallel for each directory inside RALLY_SCENARIOS and RALLY_SL_SCENARIOS
+ PARALLEL_PERFORMANCE: 'false'
cvp-sanity:
type: workflow-scm
name: cvp-sanity
@@ -437,7 +384,7 @@
param:
IMAGE:
type: string
- default: "${_param:mcp_docker_registry}/mirantis/cvp/cvp-shaker:${_param:mcp_version}"
+ default: "${_param:docker_image_cvp_shaker_checks}"
description: Docker image to use for running Shaker.
SALT_MASTER_URL:
type: string
diff --git a/kubernetes/common/init.yml b/kubernetes/common/init.yml
index 5ede5c3..00a98eb 100644
--- a/kubernetes/common/init.yml
+++ b/kubernetes/common/init.yml
@@ -71,7 +71,7 @@
kubernetes_hyperkube_image: ${_param:mcp_docker_registry}/mirantis/kubernetes/hyperkube-amd64:v1.13.5-3
kubernetes_calico_cni_image: ${_param:mcp_docker_registry}/mirantis/projectcalico/calico/cni:v3.3.2
kubernetes_calico_calicoctl_image: ${_param:mcp_docker_registry}/mirantis/projectcalico/calico/ctl:v3.3.2
- kubernetes_containerd_package: containerd=1.2.4-2~u16.04+mcp
+ kubernetes_containerd_package: containerd=1.2.5-2~u16.04+mcp
kubernetes_metrics_server_image: ${_param:kubernetes_metrics_server_repo}/metrics-server-amd64:v0.3.1
kubernetes_helm_tiller_image: ${_param:kubernetes_helm_tiller_repo}/tiller:v2.12.2
kubernetes_helm_client_source: ${_param:kubernetes_helm_client_repo}/helm-v2.12.2-linux-amd64.tar.gz
diff --git a/kubernetes/control/services/drivetrain/jenkins_master.yml b/kubernetes/control/services/drivetrain/jenkins_master.yml
index 3437196..60e04e3 100644
--- a/kubernetes/control/services/drivetrain/jenkins_master.yml
+++ b/kubernetes/control/services/drivetrain/jenkins_master.yml
@@ -53,6 +53,8 @@
image: ${_param:docker_image_jenkins}
image_pull_policy: IfNotPresent
variables:
+ - name: JENKINS_URL_PREFIX
+ value: "/jenkins"
- name: JENKINS_HOME
value: ${_param:jenkins_home_dir_path}
- name: JAVA_OPTS
diff --git a/kubernetes/control/services/drivetrain/ldap.yml b/kubernetes/control/services/drivetrain/ldap.yml
index 35a361d..5a7c317 100644
--- a/kubernetes/control/services/drivetrain/ldap.yml
+++ b/kubernetes/control/services/drivetrain/ldap.yml
@@ -15,10 +15,8 @@
value: nginx
- name: nginx.ingress.kubernetes.io/ssl-redirect
value: false
- - name: nginx.ingress.kubernetes.io/add-base-url
- value: false
- name: nginx.ingress.kubernetes.io/rewrite-target
- value: /
+ value: /ldap
apiVersion: extensions/v1beta1
cluster: drivetrain
enabled: true
@@ -91,6 +89,8 @@
value: ${_param:admin_email}
- name: PHPLDAPADMIN_THEME
value: mirantis
+ - name: PHPLDAPADMIN_SERVER_PATH
+ value: "/ldap"
ports:
- port: 80
name: admin
diff --git a/nova/compute/libvirt/ssl/init.yml b/nova/compute/libvirt/ssl/init.yml
index d9be1a5..4523183 100644
--- a/nova/compute/libvirt/ssl/init.yml
+++ b/nova/compute/libvirt/ssl/init.yml
@@ -5,7 +5,7 @@
nova_compute_libvirt_allowed_dn_list:
all:
enabled: true
- value: '*CN=cmp*.${_param:cluster_domain}*'
+ value: '*CN=cmp*'
nova:
compute:
libvirt:
diff --git a/openssh/server/team/maintenance.yml b/openssh/server/team/maintenance.yml
index 110b085..d27d870 100644
--- a/openssh/server/team/maintenance.yml
+++ b/openssh/server/team/maintenance.yml
@@ -6,6 +6,8 @@
- system.openssh.server.team.members.dtsapikov
- system.openssh.server.team.members.rlubianyi
- system.openssh.server.team.members.msamoylov
+- system.openssh.server.team.members.pglazov
+- system.openssh.server.team.members.vsakharov
parameters:
_param:
linux_system_user_sudo: true
diff --git a/openssh/server/team/mcp_ci.yml b/openssh/server/team/mcp_ci.yml
index 829839e..4bdf615 100644
--- a/openssh/server/team/mcp_ci.yml
+++ b/openssh/server/team/mcp_ci.yml
@@ -1,67 +1,9 @@
+classes:
+- system.openssh.server.team.members.dburmistrov
+- system.openssh.server.team.members.sotpuschennikov
+# Deprecated users
+- system.openssh.server.team.members.deprecated.dkaiharodsev
+- system.openssh.server.team.members.deprecated.rkamaldinov
parameters:
_param:
linux_system_user_sudo: true
- linux:
- system:
- user:
- rkamaldinov:
- enabled: true
- name: rkamaldinov
- sudo: true
- full_name: Ruslan Kamaldinov
- home: /home/rkamaldinov
- email: rkamaldinov@mirantis.com
- dburmistrov:
- enabled: true
- name: dburmistrov
- sudo: true
- full_name: Dmitrii Burmistrov
- home: /home/dburmistrov
- email: dburmistrov@mirantis.com
- dkaiharodsev:
- enabled: true
- name: dkaiharodsev
- sudo: true
- full_name: Dmytro Kaiharodtsev
- home: /home/dkaiharodsev
- email: dkaiharodsev@mirantis.com
- sotpuschennikov:
- enabled: true
- name: sotpuschennikov
- sudo: true
- full_name: Sergey Otpuschennikov
- home: /home/sotpuschennikov
- email: sotpuschennikov@mirantis.com
- openssh:
- server:
- enabled: true
- user:
- rkamaldinov:
- enabled: true
- public_keys:
- - ${public_keys:rkamaldinov}
- user: ${linux:system:user:rkamaldinov}
- dburmistrov:
- enabled: true
- public_keys:
- - ${public_keys:dburmistrov}
- user: ${linux:system:user:dburmistrov}
- dkaiharodsev:
- enabled: true
- public_keys:
- - ${public_keys:dkaiharodsev}
- user: ${linux:system:user:dkaiharodsev}
- sotpuschennikov:
- enabled: true
- public_keys:
- - ${public_keys:sotpuschennikov}
- user: ${linux:system:user:sotpuschennikov}
- public_keys:
- rkamaldinov:
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCzeIFxatNuXWuaTomcGDTMlpqiF6KlK47BSO5yIpfWHTL7o0OFsQArB4UeZ9AC7JHQg1bpxzscJxz8Xj3tA1f8yOCrepR8LbWh7L6a1hMhSCJPK9QLUHPCLV4PW0ghq46Um8ekxMbEqGM/rrKP+GeYxNFUxJMHCkKbZAsV+BV8amuJHQkYt29GP/hgYyZEoWKErqoQ/uGQ0qWEMVQsnus6M3p3c/v1J4JtbbrmRBjyrPx/Tjinw6K2sgocgBZT7vVb4PYwbONi1IAclkPJIyrSNEavZ4MbK93ZXNQCV7rkUbKmHT71Qle34/ks9zyERJ3RgB+pWgQqCjtmJeV51V1 rkamaldinov@mirantis.com
- dburmistrov:
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPKldN0BL6C/pmjkKyaSUw9OTUQAumWLCgNPyLVGZIuYPyFs9GqvKgHVm0QChm1OLhnQuA1wxGW5piBtqaDCTyLbKb/ANR3nhO1rqX5LTwZS2W2I0ImP47HUpnxqsBl15/y9hY2JDHZ7qrd7zNqCD+uCkf9l9qA9BmN1aMSKm07fqaaUfhnl3AocxsPX4X4eHfzy7hPJdzrHEcHbGoLLEd8ahJLkHKieWF1lAI++fIhETPF41+ZbH7MBBG4qw/UhhYAgLP3YAEWwvm/J3DtRqGkpSvH2U21hmAlgJHwxtoCD9Q1jKpH5+BDTvqJIXu0K7Gcl00xbeNYyHrwTVsldFX dburmistrov@mirantis.com
- dkaiharodsev:
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSz9eH08GDUOSEDReJAIdjDCoYaoTwg1SSzYNwPRO/evJBeqYwRvZmxzITKq+1qy4jXnpa3ZpuBdaUebqKri2VtvMGmBrWtP8Ojbg3kNPjKOfvrW4cCyJE0yrnW03TULnRgrnf4/WXLK0dnHxL39AmlVjQTVS4pbx73XjyPoVjJbk4PXq37F5cLyyLj4aeWmCcPWn7MLsEC4RUkDwHy3DsDNdgKOlUSHmmOfVy9GBwVbXwVyYbq732Qm0Qqf/2zlJi84LgXOH2irv5HRTMDQ2Wey5Amcl7VpK8OMvtN4R8Sb7c3mgsmM/b/h+gefl0Y/vQfsSSi8GCPhmBoNT4FBgZ dkaiharodsev@dkaiharodsev-pc
- sotpuschennikov:
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDO/nNs4MF5ZOCooLxF+zrxVmuJa9URzAqIQG5eZkhWvSAnrYREN15BN6dlcixA+Ro4YsHY6iSHzsaanr8onNu89yZdCkHIqLZ8+DcBefpoVXcsLZzeXwNNqr9sUjHEJCTesI5dJcEe/222LjwzAdTW1Xv/o3mgVAwt+4XsQ2IPAlxl3LfJOlCQdC/0sL5FMFX6LwMonLBss3B/J45atXgPL1Dx9WKTP0QrJHaX+vh+Xj2PK9yXcB2hJhFP0IULmUqGkYgDw/mh2DiHSiCQUPGZDo49MIw4WqEwqpQKcJGjD0Ihy2pjzwI9ZUzCNWe+bUcqDdl/9SH4YsNbfaK4Te6H pers@sotpuschennikov
diff --git a/openssh/server/team/members/dburmistrov.yml b/openssh/server/team/members/dburmistrov.yml
new file mode 100644
index 0000000..adcdafb
--- /dev/null
+++ b/openssh/server/team/members/dburmistrov.yml
@@ -0,0 +1,19 @@
+parameters:
+ linux:
+ system:
+ user:
+ dburmistrov:
+ email: dburmistrov@mirantis.com
+ enabled: true
+ full_name: Dmitrii Burmistrov
+ home: /home/dburmistrov
+ name: dburmistrov
+ sudo: ${_param:linux_system_user_sudo}
+ openssh:
+ server:
+ user:
+ dburmistrov:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPKldN0BL6C/pmjkKyaSUw9OTUQAumWLCgNPyLVGZIuYPyFs9GqvKgHVm0QChm1OLhnQuA1wxGW5piBtqaDCTyLbKb/ANR3nhO1rqX5LTwZS2W2I0ImP47HUpnxqsBl15/y9hY2JDHZ7qrd7zNqCD+uCkf9l9qA9BmN1aMSKm07fqaaUfhnl3AocxsPX4X4eHfzy7hPJdzrHEcHbGoLLEd8ahJLkHKieWF1lAI++fIhETPF41+ZbH7MBBG4qw/UhhYAgLP3YAEWwvm/J3DtRqGkpSvH2U21hmAlgJHwxtoCD9Q1jKpH5+BDTvqJIXu0K7Gcl00xbeNYyHrwTVsldFX dburmistrov@mirantis.com
+ user: ${linux:system:user:dburmistrov}
diff --git a/openssh/server/team/members/deprecated/dkaiharodsev.yml b/openssh/server/team/members/deprecated/dkaiharodsev.yml
new file mode 100644
index 0000000..9fb83de
--- /dev/null
+++ b/openssh/server/team/members/deprecated/dkaiharodsev.yml
@@ -0,0 +1,16 @@
+parameters:
+ linux:
+ system:
+ user:
+ dkaiharodsev:
+ email: disabled
+ enabled: false
+ full_name: disabled
+ home: /home/dkaiharodsev
+ name: dkaiharodsev
+ openssh:
+ server:
+ user:
+ dkaiharodsev:
+ enabled: false
+ user: ${linux:system:user:dkaiharodsev}
diff --git a/openssh/server/team/members/deprecated/rkamaldinov.yml b/openssh/server/team/members/deprecated/rkamaldinov.yml
new file mode 100644
index 0000000..de65cad
--- /dev/null
+++ b/openssh/server/team/members/deprecated/rkamaldinov.yml
@@ -0,0 +1,16 @@
+parameters:
+ linux:
+ system:
+ user:
+ rkamaldinov:
+ email: disabled
+ enabled: false
+ full_name: disabled
+ home: /home/rkamaldinov
+ name: rkamaldinov
+ openssh:
+ server:
+ user:
+ rkamaldinov:
+ enabled: false
+ user: ${linux:system:user:rkamaldinov}
diff --git a/openssh/server/team/members/kalmog.yml b/openssh/server/team/members/kalmog.yml
new file mode 100644
index 0000000..d4f7ceb
--- /dev/null
+++ b/openssh/server/team/members/kalmog.yml
@@ -0,0 +1,19 @@
+parameters:
+ linux:
+ system:
+ user:
+ kalmog:
+ enabled: true
+ name: kalmog
+ sudo: ${_param:linux_system_user_sudo}
+ full_name: Karen Almog
+ home: /home/kalmog
+ email: kalmog@mirantis.com
+ openssh:
+ server:
+ user:
+ kalmog:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCbyRCfyI5STokPerwEDC1DQobZTxbg60bST87dc4Wnm3PY7qciGUgLR5CLR3olxsG+OyqbloXg/YZPh/rlDPZMuanxdpZOz1CRPUfF7s/+sISDOVkA2HOfGWOa8+f2SIHUM5PDgCim9hJ7SkKN3OGdBZS/DM8byjx7hDh6vd/KnoJR8M2plzr/xWkz1TwgL/S8mvB1HcnfWcGH+JatweMTSBNW0f/qwI5V2pRFyjKlSjZdDJzORMT4mbTveyZfbJP6nJe0cNrZDmKqa9kcjjxUGtLpEi+8HRLavBhet5DHrgBAzlXL5WR3H3ESSeee9I7rqhIW/zhcG3xmE7tJh9+z7ZZghhQq1iqvjgtmEXplC1CnhTkEDdtB39FrWDpJYOZb6/pP3bHTHxhSwxg1kCX1nYN+ugUOKB6UKYK9HP1teagd4bQ4dY5QCEs70av/cDdLWQxagGGDIgcHV9gR8T+MHazmhBFSzxk/eVkxo9ype2EbbIdQjUFclzGiImY1kpPx00k1XgwCIILuePJD84qizwLfAsb73r+UG4I5XWdhgCDa1VD3rOOgihQ7x2bciWgWyXzWG8O1kmBMZ92YjMpVQqlCpJVqhT2DJOR+eqYzuSaaYYnhRL2eb45kYaJVK/XzoJlDj4cVwdJzoNEFrrQkoxLHTkcf2vTYqTYjKZeIJw==
+ user: ${linux:system:user:kalmog}
diff --git a/openssh/server/team/members/michaeltillman.yml b/openssh/server/team/members/michaeltillman.yml
new file mode 100644
index 0000000..45e28e7
--- /dev/null
+++ b/openssh/server/team/members/michaeltillman.yml
@@ -0,0 +1,19 @@
+parameters:
+ linux:
+ system:
+ user:
+ mtillman:
+ enabled: true
+ name: mtillman
+ sudo: ${_param:linux_system_user_sudo}
+ full_name: Michael Tillman
+ home: /home/mtillman
+ email: mtillman@mirantis.com
+ openssh:
+ server:
+ user:
+ mtillman:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCrwIE+mNdIpNET0s4xKIWWvHjLObHR5Uc8HAZpq5U+CZyvsV9BNQUXynZF4oV68K22exkUyUPWXEI4rTrSf9BdBzla4xCTOEDbVUQ6b7RKopqQiitHT9LW4HDxvHtPX+svJ6xho7QwGZjPbQ2k7O5YMB9/ZjAuTzQHsDCWiMoY7OYujWt2SpeK9mHZQG247iPQOHMA9/cnu7CgpBoDN6NRli2kkExNeDArTB418NZTFBDYvv2c/TDk5z8HD87QciOqFwoD5j27hv4UylrtHWKkam2EPGbf3opWUqDxwyVOb++2+BXrVdHzARVnKuyWOB0dyIjXXsP0LfqL6mbtk+jN
+ user: ${linux:system:user:mtillman}
\ No newline at end of file
diff --git a/openssh/server/team/members/mrasskazov.yml b/openssh/server/team/members/mrasskazov.yml
index 825c150..2a5a137 100644
--- a/openssh/server/team/members/mrasskazov.yml
+++ b/openssh/server/team/members/mrasskazov.yml
@@ -15,5 +15,5 @@
mrasskazov:
enabled: true
public_keys:
- - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCysPXCuMbUjqjtO/n0jVZK13/uMA/TI6Qsdyciih6jWJLbd6FCL/GWvkykngLHGH9lVGFYsOPRiAmlh8gXfYohCZFYuHxE88GoiycvJGRGoBDdxd/beDca6nP4Peqlg3TUUum9PefULDiv3eVHKwX4BC9mGIR6bWB41O003OxJMwEN9lLGmWqxAlAdCUwRIm9TlgTu6Fq3ZIkjSwGsZg4E+saBLnUiOjwYWSwmTiB8WTR2b19lZhXFEovdVY3/gF8Td84WT1TDXeWBAvwmAcFLRPEx/AI1Nt4AhM1toMMoq64pYbGCOYSgI7DZR/2vtxGa0IjQclLZ+M8YktyNErc9
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4Bq2NQlTLLXUZapAx1R7glnJHchDV+zo/6GPSLKYjDJduTqcd+K9K5Q4n15Nvst97vI7AJRxVIhuLgByIPhCb4M73AGrj/9kD3NBy+fSEqL4/BSAz2HSnP88Z8gJS5PaePx0ze8aduPKIoBiX/qN90VaIG4yOthfdt7L6odpm+WhbcauOI87Tdp6WIQ29hDVrdj+4XzD5WJ36il5bxTia0mJohy8BZzIkuwpbOX5UV6+E8cuPRwFmFVdezOUsCLF6uvcMHwMVgyZ243oZdH+33E0FQ60pzcMgc/drhlQg7SsYxosqOoX8BXn7uLo3YMftRNJrp6cEK3vo8dgnEx59 mrasskazov@mirantis.com
user: ${linux:system:user:mrasskazov}
diff --git a/openssh/server/team/members/mvollman.yml b/openssh/server/team/members/mvollman.yml
new file mode 100644
index 0000000..a024a59
--- /dev/null
+++ b/openssh/server/team/members/mvollman.yml
@@ -0,0 +1,19 @@
+parameters:
+ linux:
+ system:
+ user:
+ mvollman:
+ enabled: true
+ name: mvollman
+ sudo: ${_param:linux_system_user_sudo}
+ full_name: Michael Vollman
+ home: /home/mvollman
+ email: mvollman@mirantis.com
+ openssh:
+ server:
+ user:
+ mvollman:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHxIRMQtpFHzKPCMe+pXJC3JrW3RiHyqU8XEDFXrhYsKG3TyDzMUktailF03QaVFfUTifQH5fMavnfJENV7syngoo8VL7Qm3wdvKbcCRczNKxiDIhQb1uCnQcKA2VA7ywDyyvtuQHxptx3G2D7B781/zugBNrkjhiyyUuSFzDHkqjWwRYm7wCEzMgzHeKbyXz3qCblp6CsSvOFreG/7tRGJFvjmY7+FENXN8uMeK4NPVeXIUNGI068EzpZPvEeMCzpYNRF9CPdkz5rF9/EsyljSSx5Ymb2RfDZshjaEE9LOF7k1VXM0DzXYBsz7XVP7B5/JxumQRYpyqPMZoDoojN1 mvollman@1308-MBP13
+ user: ${linux:system:user:mvollman}
diff --git a/openssh/server/team/members/pglazov.yml b/openssh/server/team/members/pglazov.yml
new file mode 100644
index 0000000..ebf7b7c
--- /dev/null
+++ b/openssh/server/team/members/pglazov.yml
@@ -0,0 +1,19 @@
+parameters:
+ linux:
+ system:
+ user:
+ pglazov:
+ email: pglazov@mirantis.com
+ enabled: true
+ full_name: Pavel Glazov
+ home: /home/pglazov
+ name: pglazov
+ sudo: ${_param:linux_system_user_sudo}
+ openssh:
+ server:
+ user:
+ pglazov:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDhZxqF+NSuP+Dr2nmGHf4NIpH2xWSmq+UE/HGP6j81rKSBZeRb2SuRXLtLVh3NZ+3GLa4UQGvedcnsqzgvSt05LYujloHnLxIsrsOWbLxOcdUYkorhXenGKBxKopwViRNV2PovMAnwyZ27GkXH8RQ52XISOdTIIV7r8M3kLpxCor2jHnOzJOcr7rhLeSFTK5zw6//T3S+IOQ5/HEs+8NK1sNw2lxBTuk+dAydiaCsQqm4GMl5vZSy0j7cnsy+lq69zN2/Bi4JzKLDKF2ap4zDh/ELhUBoQhh12T0djFV9Qv9fTWI4LUW8cVyqxbfreJrZqSAyMgSRrGSUBclFTmn5Z pavel@pavel-All-Series
+ user: ${linux:system:user:pglazov}
diff --git a/openssh/server/team/members/sotpuschennikov.yml b/openssh/server/team/members/sotpuschennikov.yml
new file mode 100644
index 0000000..50bc471
--- /dev/null
+++ b/openssh/server/team/members/sotpuschennikov.yml
@@ -0,0 +1,19 @@
+parameters:
+ linux:
+ system:
+ user:
+ sotpuschennikov:
+ email: sotpuschennikov@mirantis.com
+ enabled: true
+ full_name: Sergey Otpuschennikov
+ home: /home/sotpuschennikov
+ name: sotpuschennikov
+ sudo: ${_param:linux_system_user_sudo}
+ openssh:
+ server:
+ user:
+ sotpuschennikov:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDO/nNs4MF5ZOCooLxF+zrxVmuJa9URzAqIQG5eZkhWvSAnrYREN15BN6dlcixA+Ro4YsHY6iSHzsaanr8onNu89yZdCkHIqLZ8+DcBefpoVXcsLZzeXwNNqr9sUjHEJCTesI5dJcEe/222LjwzAdTW1Xv/o3mgVAwt+4XsQ2IPAlxl3LfJOlCQdC/0sL5FMFX6LwMonLBss3B/J45atXgPL1Dx9WKTP0QrJHaX+vh+Xj2PK9yXcB2hJhFP0IULmUqGkYgDw/mh2DiHSiCQUPGZDo49MIw4WqEwqpQKcJGjD0Ihy2pjzwI9ZUzCNWe+bUcqDdl/9SH4YsNbfaK4Te6H pers@sotpuschennikov
+ user: ${linux:system:user:sotpuschennikov}
diff --git a/openssh/server/team/members/vkhlyunev.yml b/openssh/server/team/members/vkhlyunev.yml
index dce6e28..e7d8cfb 100644
--- a/openssh/server/team/members/vkhlyunev.yml
+++ b/openssh/server/team/members/vkhlyunev.yml
@@ -15,5 +15,5 @@
vkhlyunev:
enabled: true
public_keys:
- - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1v5pWSan9H2Wl64C8bKWmbULp0QgJUi9FqPyuw1bfS5GfHLxejPxaDzec0uSx0PXWzS9afwIO7aGA1dg+dvdl1iPy9jfpkQbGGsusmSsbLvf6+WLVsPk90Bvoc4anmEsG2DWT1SGR65d/imjlwsnlbHTQIm0YucjDjV/p2MmYlbaFLm+ynfo9mt1mP954GDPKQHvyBpxvAIEHL3xAcnNXcpSXm2jhCNsNGUSpY+R7gin2q8MtrpzQNeZZ8degUMpgba7CTXN1sws2dc3UayJ8KZkyRVJNk6mpt2jey03izJzXzt3ux3hg5lToELvEIMDdHOPHT0b0U7f2H+eBCfH/ vkhlyunev@cz7317
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDeGiSOs0zAwcxuc9y6BzidYFXQXLOLcBKSoW1tPYJ+bVGRwNRVh63/+/X+eOPbBp6xTNNHVyOpYHt1WUbIHsAqAx/XbzBp+j3/4+8+ucvWR3X9TTxK7Q+oB3SSy2iEeimiJmxfjiHu1hfcgN8L9YvXVquGC/EZbk/r27j7Gcxli7zesr9/kBBhigDSQeehJBJZ0ux3luVkjWSDYTeKqZhNNPFoD6eWmOfsAKNMhe/8IRD9e0zY4MsELi1tZl2zoQ69249e4M1aCuGxm+t+tHLzywX0tVZmM1yX7TDuszHbiii8HrjNwB1/K80HRwRrwVIne9P7wFSlC2exLkdfWd2D vkhlyunev@vkhlyunev
user: ${linux:system:user:vkhlyunev}
diff --git a/openssh/server/team/members/vsakharov.yml b/openssh/server/team/members/vsakharov.yml
new file mode 100644
index 0000000..630d65c
--- /dev/null
+++ b/openssh/server/team/members/vsakharov.yml
@@ -0,0 +1,19 @@
+parameters:
+ linux:
+ system:
+ user:
+ vsakharov:
+ email: vsakharov@mirantis.com
+ enabled: true
+ full_name: Valeriy Sakharov
+ home: /home/vsakharov
+ name: vsakharov
+ sudo: ${_param:linux_system_user_sudo}
+ openssh:
+ server:
+ user:
+ vsakharov:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDNTShIUEl6xJY9nM44QyVc+D948G0A8WN+1GoQTldCBpzQiZXnXiyyqgfmLGtNB0bXwkvPaBPZdpq+drDT/WkAbEwnYwZQxTNi2+uqmBb05E0E5fOpw4vTtBLZKq2shpj4Z0jcAszh7LuAczSQSdqLRPPru9A/V4SXoK+aRvehVV3YBIrsyGhao+YPQoXZln1mmK/NYtltFqNr30L2KTSpMRZolAHvE8xTyiTHcXGA1hg/3RBaGdrjWLiQUA7bkP4NTF8wcIJYgg/iw38eZVa/f1z91zad7WfV5FZ/9vZI/tkzvsWjU3mxx1iDxIIimGEXapMpIk07cUTykleWsd0/ vsakharov@vsakharov
+ user: ${linux:system:user:vsakharov}
diff --git a/openssh/server/team/presales.yml b/openssh/server/team/presales.yml
index bb26682..770e549 100644
--- a/openssh/server/team/presales.yml
+++ b/openssh/server/team/presales.yml
@@ -7,6 +7,7 @@
- system.openssh.server.team.members.andreidanin
- system.openssh.server.team.members.danielvirassamy
- system.openssh.server.team.members.srichowdhury
+- system.openssh.server.team.members.michaeltillman
parameters:
_param:
diff --git a/openssh/server/team/services.yml b/openssh/server/team/services.yml
index 65e3cb1..9c74edb 100644
--- a/openssh/server/team/services.yml
+++ b/openssh/server/team/services.yml
@@ -25,6 +25,7 @@
- system.openssh.server.team.members.isviridov
- system.openssh.server.team.members.cdodda
- system.openssh.server.team.members.lmendes
+- system.openssh.server.team.members.kalmog
parameters:
_param:
linux_system_user_sudo: true
diff --git a/openssh/server/team/storage.yml b/openssh/server/team/storage.yml
index 075b9d1..f22cbf9 100644
--- a/openssh/server/team/storage.yml
+++ b/openssh/server/team/storage.yml
@@ -1,3 +1,4 @@
classes:
- system.openssh.server.team.members.akiseleva
- system.openssh.server.team.members.mlos
+- system.openssh.server.team.members.mvollman
diff --git a/prometheus/elasticsearch_exporter/queries/compute.yml b/prometheus/elasticsearch_exporter/queries/compute.yml
index 66904da..a17cb7f 100644
--- a/prometheus/elasticsearch_exporter/queries/compute.yml
+++ b/prometheus/elasticsearch_exporter/queries/compute.yml
@@ -27,7 +27,8 @@
"aggs": {
"host": {
"terms": {
- "field": "Hostname.keyword"
+ "field": "Hostname.keyword",
+ "min_doc_count": 0
}
}
}
@@ -56,7 +57,8 @@
"aggs": {
"host": {
"terms": {
- "field": "Hostname.keyword"
+ "field": "Hostname.keyword",
+ "min_doc_count": 0
}
}
}
@@ -83,7 +85,8 @@
"aggs": {
"host": {
"terms": {
- "field": "Hostname.keyword"
+ "field": "Hostname.keyword",
+ "min_doc_count": 0
}
}
}
@@ -110,7 +113,8 @@
"aggs": {
"host": {
"terms": {
- "field": "Hostname.keyword"
+ "field": "Hostname.keyword",
+ "min_doc_count": 0
}
}
}
diff --git a/salt/minion/cert/libvirtd/client.yml b/salt/minion/cert/libvirtd/client.yml
index 31c1b32..d7af492 100644
--- a/salt/minion/cert/libvirtd/client.yml
+++ b/salt/minion/cert/libvirtd/client.yml
@@ -8,7 +8,10 @@
libvirtd_client:
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
- common_name: ${linux:system:name}.${_param:cluster_domain}
+ # NOTE(vsaienko) according to RFC2380 CN is limited to 63 chars
+ # Set CN without domain name to fit this requirement.
+ # FQDN is included into alternative names field.
+ common_name: ${linux:system:name}
signing_policy: cert_client
alternative_names: >
IP:${_param:cluster_local_address},
diff --git a/salt/minion/cert/libvirtd/server.yml b/salt/minion/cert/libvirtd/server.yml
index b091d86..261ce56 100644
--- a/salt/minion/cert/libvirtd/server.yml
+++ b/salt/minion/cert/libvirtd/server.yml
@@ -8,7 +8,10 @@
libvirtd_server:
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
- common_name: ${linux:system:name}.${_param:cluster_domain}
+ # NOTE(vsaienko) according to RFC2380 CN is limited to 63 chars
+ # Set CN without domain name to fit this requirement.
+ # FQDN is included into alternative names field.
+ common_name: ${linux:system:name}
signing_policy: cert_server
alternative_names: >
IP:${_param:cluster_local_address},
diff --git a/salt/minion/cert/libvirtd/vnc_server.yml b/salt/minion/cert/libvirtd/vnc_server.yml
index ae35ff2..2929869 100644
--- a/salt/minion/cert/libvirtd/vnc_server.yml
+++ b/salt/minion/cert/libvirtd/vnc_server.yml
@@ -10,7 +10,10 @@
qemu_vnc_server:
host: ${_param:salt_minion_ca_host}
authority: ${_param:qemu_vnc_ca_authority}
- common_name: ${linux:system:name}.${_param:cluster_domain}
+ # NOTE(vsaienko) according to RFC2380 CN is limited to 63 chars
+ # Set CN without domain name to fit this requirement.
+ # FQDN is included into alternative names field.
+ common_name: ${linux:system:name}
signing_policy: cert_server
alternative_names: >
IP:${_param:cluster_local_address},