Merge "Add apt_mirantis key's to reclass"
diff --git a/cinder/volume/single.yml b/cinder/volume/single.yml
index 1b9948d..b959d32 100644
--- a/cinder/volume/single.yml
+++ b/cinder/volume/single.yml
@@ -16,6 +16,7 @@
host: ${_param:openstack_database_address}
glance:
host: ${_param:openstack_control_address}
+ protocol: ${_param:cluster_internal_protocol}
message_queue:
members:
- host: ${_param:openstack_message_queue_node01_address}
diff --git a/docker/swarm/stack/monitoring/gainsight.yml b/docker/swarm/stack/monitoring/gainsight.yml
new file mode 100644
index 0000000..5a975a1
--- /dev/null
+++ b/docker/swarm/stack/monitoring/gainsight.yml
@@ -0,0 +1,49 @@
+classes:
+- system.prometheus.gainsight.container
+parameters:
+ _param:
+ gainsight_csv_upload_url: 'http://localhost:9999'
+ gainsight_account_id: 'default'
+ gainsight_environment_id: 'default'
+ gainsight_app_org_id: 'default'
+ gainsight_access_key: 'default'
+ gainsight_job_id: 'default'
+ gainsight_login: 'default'
+ gainsight_prometheus_url: "http://${_param:stacklight_monitor_address}:${prometheus:server:bind:port}"
+ gainsight_config_directory: '/srv/gainsight'
+ gainsight_config_path: "${_param:gainsight_config_directory}/config.ini"
+ docker_image_prometheus_gainsight: 'docker-prod-local.artifactory.mirantis.com/openstack-docker/gainsight:nightly'
+ docker:
+ client:
+ stack:
+ monitoring:
+ network:
+ monitoring:
+ driver: overlay
+ driver_opts:
+ encrypted: 1
+ service:
+ gainsight:
+ networks:
+ - monitoring
+ deploy:
+ replicas: 1
+ labels:
+ com.mirantis.monitoring: "gainsight"
+ restart_policy:
+ condition: any
+ labels:
+ com.mirantis.monitoring: "gainsight"
+ image: ${_param:docker_image_prometheus_gainsight}
+ volumes:
+ - ${prometheus:gainsight:dir:config}:${_param:gainsight_config_directory}
+ environment:
+ CSV_UPLOAD_URL: "${_param:gainsight_csv_upload_url}"
+ ACCOUNT_ID: "${_param:gainsight_account_id}"
+ ENVIRONMENT_ID: "${_param:gainsight_environment_id}"
+ APP_ORG_ID: "${_param:gainsight_app_org_id}"
+ ACCESS_KEY: "${_param:gainsight_access_key}"
+ JOB_ID: "${_param:gainsight_job_id}"
+ LOGIN: "${_param:gainsight_login}"
+ PROMETHEUS_URL: "${_param:gainsight_prometheus_url}"
+ CONFIG_PATH: "${_param:gainsight_config_path}"
diff --git a/jenkins/client/job/debian/packages/salt.yml b/jenkins/client/job/debian/packages/salt.yml
index 3f6b0f0..7a9dd04 100644
--- a/jenkins/client/job/debian/packages/salt.yml
+++ b/jenkins/client/job/debian/packages/salt.yml
@@ -753,6 +753,10 @@
upload_source_package: true
upload_to_aptly: true
dist: xenial
+ - name: openscap
+ upload_source_package: true
+ upload_to_aptly: true
+ dist: xenial
- name: openssh
upload_source_package: true
upload_to_aptly: true
diff --git a/jenkins/client/job/oscore/cookiecutter.yml b/jenkins/client/job/oscore/cookiecutter.yml
index f38609a..bc180b4 100644
--- a/jenkins/client/job/oscore/cookiecutter.yml
+++ b/jenkins/client/job/oscore/cookiecutter.yml
@@ -66,7 +66,6 @@
cookiecutter_template_branch: 'master'
shared_reclass_url: https://gerrit.mcp.mirantis.net/salt-models/reclass-system.git
shared_reclass_branch: 'master'
- openstack_version: pike
STACK_INSTALL:
type: string
default: 'core,openstack,ovs'
diff --git a/jenkins/client/job/salt-formulas/tests.yml b/jenkins/client/job/salt-formulas/tests.yml
index 37f0543..1c9f4fb 100644
--- a/jenkins/client/job/salt-formulas/tests.yml
+++ b/jenkins/client/job/salt-formulas/tests.yml
@@ -92,6 +92,7 @@
- name: octavia
- name: opencontrail
- name: openldap
+ - name: openscap
- name: openssh
- name: openvpn
- name: openvstorage
diff --git a/keepalived/cluster/instance/kube_api_server_vip.yml b/keepalived/cluster/instance/kube_api_server_vip.yml
index 7e03d25..f7fbce8 100644
--- a/keepalived/cluster/instance/kube_api_server_vip.yml
+++ b/keepalived/cluster/instance/kube_api_server_vip.yml
@@ -6,6 +6,9 @@
_param:
keepalived_vip_priority: 101
keepalived_kube_apiserver_vrrp_script_content: "pidof haproxy && systemctl status kube-apiserver.service --quiet --no-pager"
+ keepalived_k8s_apiserver_vip_interface: ens3
+ keepalived_k8s_apiserver_vip_address: ${_param:kubernetes_control_address}
+ keepalived_k8s_apiserver_vip_password: password
keepalived:
cluster:
vrrp_scripts:
diff --git a/keystone/client/v3/init.yml b/keystone/client/v3/init.yml
new file mode 100644
index 0000000..148da41
--- /dev/null
+++ b/keystone/client/v3/init.yml
@@ -0,0 +1,15 @@
+parameters:
+ keystone:
+ client:
+ resources:
+ v3:
+ enabled: true
+ server:
+ identity:
+ admin:
+ api_version: 3
+ admin_identity:
+ admin:
+ api_version: ''
+ user_domain_name: 'Default'
+ project_domain_name: 'Default'
diff --git a/kubernetes/master/auth/rbac.yml b/kubernetes/master/auth/rbac.yml
new file mode 100644
index 0000000..be0577b
--- /dev/null
+++ b/kubernetes/master/auth/rbac.yml
@@ -0,0 +1,5 @@
+parameters:
+ kubernetes:
+ master:
+ auth:
+ mode: Node,RBAC
diff --git a/kubernetes/master/cluster.yml b/kubernetes/master/cluster.yml
index 1295f3a..6d6b404 100644
--- a/kubernetes/master/cluster.yml
+++ b/kubernetes/master/cluster.yml
@@ -1,16 +1,21 @@
classes:
- service.kubernetes.master.cluster
-- service.keepalived.cluster.single
- service.haproxy.proxy.single
- system.haproxy.proxy.listen.kubernetes.apiserver
+- system.keepalived.cluster.instance.kube_api_server_vip
parameters:
_param:
kubernetes_netchecker_agent_repo: mirantis
kubernetes_netchecker_server_repo: mirantis
kubernetes_netchecker_agent_image: ${_param:kubernetes_netchecker_agent_repo}/k8s-netchecker-agent:v1.2.2
kubernetes_netchecker_server_image: ${_param:kubernetes_netchecker_server_repo}/k8s-netchecker-server:v1.2.2
+
+ kubelet_fail_on_swap: true
+
kubernetes:
master:
+ kubelet:
+ fail_on_swap: ${_param:kubelet_fail_on_swap}
container: false
network:
calico:
diff --git a/kubernetes/master/single.yml b/kubernetes/master/single.yml
index 7fada57..b4f20b0 100644
--- a/kubernetes/master/single.yml
+++ b/kubernetes/master/single.yml
@@ -6,6 +6,11 @@
kubernetes_netchecker_server_repo: mirantis
kubernetes_netchecker_agent_image: ${_param:kubernetes_netchecker_agent_repo}/k8s-netchecker-agent:v1.2.2
kubernetes_netchecker_server_image: ${_param:kubernetes_netchecker_server_repo}/k8s-netchecker-server:v1.2.2
+
+ kubelet_fail_on_swap: true
+
kubernetes:
master:
+ kubelet:
+ fail_on_swap: ${_param:kubelet_fail_on_swap}
container: false
diff --git a/kubernetes/pool/cluster.yml b/kubernetes/pool/cluster.yml
index 40cc135..335078f 100644
--- a/kubernetes/pool/cluster.yml
+++ b/kubernetes/pool/cluster.yml
@@ -18,9 +18,20 @@
kubernetes_pause_image: ${_param:kubernetes_hyperkube_repo}/pause-amd64:v1.8.13-11
kubernetes_contrail_cni_image: ${_param:kubernetes_contrail_cni_repo}/contrail-cni:v1.2.0
kubernetes_contrail_network_controller_image: ${_param:kubernetes_contrail_network_controller_repo}/contrail-network-controller:v1.2.0
+ kubernetes_virtlet_image: mirantis/virtlet:v1.0.3
+ kubernetes_criproxy_version: v0.11.0
+ kubernetes_criproxy_checksum: md5=115bbb0c27518db6b0b3bc8cdc5fc897
+
+ kubelet_fail_on_swap: true
kubernetes:
+ common:
+ hyperkube:
+ image: ${_param:kubernetes_hyperkube_image}
+ pause_image: ${_param:kubernetes_pause_image}
pool:
+ kubelet:
+ fail_on_swap: ${_param:kubelet_fail_on_swap}
container: false
network:
calico:
diff --git a/kubernetes/pool/single.yml b/kubernetes/pool/single.yml
index cf334df..3f4af34 100644
--- a/kubernetes/pool/single.yml
+++ b/kubernetes/pool/single.yml
@@ -18,9 +18,20 @@
kubernetes_pause_image: ${_param:kubernetes_hyperkube_repo}/pause-amd64:v1.8.13-11
kubernetes_contrail_cni_image: ${_param:kubernetes_contrail_cni_repo}/contrail-cni:v1.2.0
kubernetes_contrail_network_controller_image: ${_param:kubernetes_contrail_network_controller_repo}/contrail-network-controller:v1.2.0
+ kubernetes_virtlet_image: mirantis/virtlet:v1.0.3
+ kubernetes_criproxy_version: v0.11.0
+ kubernetes_criproxy_checksum: md5=115bbb0c27518db6b0b3bc8cdc5fc897
+
+ kubelet_fail_on_swap: true
kubernetes:
+ common:
+ hyperkube:
+ image: ${_param:kubernetes_hyperkube_image}
+ pause_image: ${_param:kubernetes_pause_image}
pool:
+ kubelet:
+ fail_on_swap: ${_param:kubelet_fail_on_swap}
container: false
docker:
host:
diff --git a/prometheus/gainsight/container.yml b/prometheus/gainsight/container.yml
new file mode 100644
index 0000000..f98e052
--- /dev/null
+++ b/prometheus/gainsight/container.yml
@@ -0,0 +1,3 @@
+classes:
+- service.prometheus.gainsight.container
+
diff --git a/reclass/storage/system/kubernetes_proxy_cluster.yml b/reclass/storage/system/kubernetes_proxy_cluster.yml
new file mode 100644
index 0000000..b00c254
--- /dev/null
+++ b/reclass/storage/system/kubernetes_proxy_cluster.yml
@@ -0,0 +1,28 @@
+parameters:
+ _param:
+ kubernetes_proxy_node01_hostname: prx01
+ kubernetes_proxy_node02_hostname: prx02
+ kubernetes_proxy_system_codename: xenial
+ reclass:
+ storage:
+ node:
+ kubernetes_proxy_node01:
+ name: ${_param:kubernetes_proxy_node01_hostname}
+ domain: ${_param:cluster_domain}
+ classes:
+ - cluster.${_param:cluster_name}.kubernetes.proxy
+ params:
+ salt_master_host: ${_param:reclass_config_master}
+ linux_system_codename: ${_param:kubernetes_proxy_system_codename}
+ single_address: ${_param:kubernetes_proxy_node01_address}
+ keepalived_vip_priority: 102
+ kubernetes_proxy_node02:
+ name: ${_param:kubernetes_proxy_node02_hostname}
+ domain: ${_param:cluster_domain}
+ classes:
+ - cluster.${_param:cluster_name}.kubernetes.proxy
+ params:
+ salt_master_host: ${_param:reclass_config_master}
+ linux_system_codename: ${_param:kubernetes_proxy_system_codename}
+ single_address: ${_param:kubernetes_proxy_node02_address}
+ keepalived_vip_priority: 101
diff --git a/salt/control/cluster/kubernetes_proxy_cluster.yml b/salt/control/cluster/kubernetes_proxy_cluster.yml
new file mode 100644
index 0000000..d4251a2
--- /dev/null
+++ b/salt/control/cluster/kubernetes_proxy_cluster.yml
@@ -0,0 +1,25 @@
+parameters:
+ salt:
+ control:
+ size:
+ kubernetes.proxy:
+ cpu: 32
+ ram: 65536
+ disk_profile: small
+ net_profile: default
+ cluster:
+ internal:
+ domain: ${_param:cluster_domain}
+ engine: virt
+ node:
+ prx01:
+ name: ${_param:kubernetes_proxy_node01_hostname}
+ provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_trusty_image}
+ size: kubernetes.proxy
+ prx02:
+ name: ${_param:kubernetes_proxy_node02_hostname}
+ provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_trusty_image}
+ size: kubernetes.proxy
+