Merge "Remove Decapod pipelines"
diff --git a/cinder/control/cluster.yml b/cinder/control/cluster.yml
index b5d6862..5bc5c75 100644
--- a/cinder/control/cluster.yml
+++ b/cinder/control/cluster.yml
@@ -3,9 +3,12 @@
- service.haproxy.proxy.single
- service.keepalived.cluster.single
- system.haproxy.proxy.listen.openstack.cinder
+- system.salt.minion.cert.mysql.clients.openstack.cinder
parameters:
_param:
cluster_internal_protocol: 'http'
+ openstack_mysql_x509_enabled: False
+ galera_ssl_enabled: False
linux:
system:
package:
@@ -35,6 +38,13 @@
name: cinder
user: cinder
password: ${_param:mysql_cinder_password}
+ x509:
+ enabled: ${_param:openstack_mysql_x509_enabled}
+ ca_file: ${_param:mysql_cinder_ssl_ca_file}
+ key_file: ${_param:mysql_cinder_client_ssl_key_file}
+ cert_file: ${_param:mysql_cinder_client_ssl_cert_file}
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
identity:
engine: keystone
region: ${_param:openstack_region}
diff --git a/cinder/control/single.yml b/cinder/control/single.yml
index 89c5307..f38cfb4 100644
--- a/cinder/control/single.yml
+++ b/cinder/control/single.yml
@@ -1,8 +1,11 @@
classes:
- service.cinder.control.single
+- system.salt.minion.cert.mysql.clients.openstack.cinder
parameters:
_param:
internal_protocol: 'http'
+ openstack_mysql_x509_enabled: False
+ galera_ssl_enabled: False
linux:
system:
package:
@@ -18,6 +21,13 @@
role: ${_param:openstack_node_role}
database:
host: ${_param:single_address}
+ x509:
+ enabled: ${_param:openstack_mysql_x509_enabled}
+ ca_file: ${_param:mysql_cinder_ssl_ca_file}
+ key_file: ${_param:mysql_cinder_client_ssl_key_file}
+ cert_file: ${_param:mysql_cinder_client_ssl_cert_file}
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
identity:
protocol: ${_param:internal_protocol}
region: ${_param:openstack_region}
diff --git a/cinder/volume/local.yml b/cinder/volume/local.yml
index d03d6f7..51c3ba8 100644
--- a/cinder/volume/local.yml
+++ b/cinder/volume/local.yml
@@ -1,11 +1,22 @@
classes:
- service.cinder.volume.local
+- system.salt.minion.cert.mysql.clients.openstack.cinder
parameters:
+ _param:
+ openstack_mysql_x509_enabled: False
+ galera_ssl_enabled: False
cinder:
volume:
enabled: True
database:
host: ${_param:single_address}
+ x509:
+ enabled: ${_param:openstack_mysql_x509_enabled}
+ ca_file: ${_param:mysql_cinder_ssl_ca_file}
+ key_file: ${_param:mysql_cinder_client_ssl_key_file}
+ cert_file: ${_param:mysql_cinder_client_ssl_cert_file}
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
glance:
host: ${_param:single_address}
message_queue:
diff --git a/cinder/volume/single.yml b/cinder/volume/single.yml
index f66a190..f6d4503 100644
--- a/cinder/volume/single.yml
+++ b/cinder/volume/single.yml
@@ -1,8 +1,11 @@
classes:
- service.cinder.volume.single
+- system.salt.minion.cert.mysql.clients.openstack.cinder
parameters:
_param:
cluster_internal_protocol: 'http'
+ openstack_mysql_x509_enabled: False
+ galera_ssl_enabled: False
linux:
system:
package:
@@ -14,6 +17,13 @@
enabled: True
database:
host: ${_param:openstack_database_address}
+ x509:
+ enabled: ${_param:openstack_mysql_x509_enabled}
+ ca_file: ${_param:mysql_cinder_ssl_ca_file}
+ key_file: ${_param:mysql_cinder_client_ssl_key_file}
+ cert_file: ${_param:mysql_cinder_client_ssl_cert_file}
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
glance:
host: ${_param:openstack_control_address}
protocol: ${_param:cluster_internal_protocol}
diff --git a/galera/server/database/ssl/cinder.yml b/galera/server/database/ssl/cinder.yml
new file mode 100644
index 0000000..24554a7
--- /dev/null
+++ b/galera/server/database/ssl/cinder.yml
@@ -0,0 +1,4 @@
+parameters:
+ _param:
+ mysql_cinder_ssl_option:
+ - SSL: True
\ No newline at end of file
diff --git a/galera/server/database/x509/cinder.yml b/galera/server/database/x509/cinder.yml
new file mode 100644
index 0000000..38fd75a
--- /dev/null
+++ b/galera/server/database/x509/cinder.yml
@@ -0,0 +1,7 @@
+parameters:
+ _param:
+ mysql_cinder_clietn_ssl_x509_subject: '/C=cz/CN=mysql-cinder-client/L=Prague/O=Mirantis'
+ mysql_cinder_clietn_ssl_x509_issuer: '/C=cz/CN=Salt Master CA/L=Prague/O=Mirantis'
+ mysql_cinder_ssl_option:
+ - SUBJECT: ${_param:mysql_cinder_clietn_ssl_x509_subject}
+ - ISSUER: ${_param:mysql_cinder_clietn_ssl_x509_issuer}
\ No newline at end of file
diff --git a/jenkins/client/job/git-mirrors/upstream/templates.yml b/jenkins/client/job/git-mirrors/upstream/templates.yml
index a83a6de..a386ba4 100644
--- a/jenkins/client/job/git-mirrors/upstream/templates.yml
+++ b/jenkins/client/job/git-mirrors/upstream/templates.yml
@@ -6,7 +6,7 @@
- name: cookiecutter-templates
downstream: mk/cookiecutter-templates
upstream: "git@github.com:Mirantis/mk2x-cookiecutter-reclass-model"
- branches: master,mcp10
+ branches: master,mcp10,release/2018.8.1
- name: heat-fragments
downstream: mk/heat-fragments
upstream: "git@github.com:Mirantis/heat-fragments"
diff --git a/jenkins/client/job/stacklight/cookiecutter.yml b/jenkins/client/job/stacklight/cookiecutter.yml
new file mode 100644
index 0000000..2cdfd07
--- /dev/null
+++ b/jenkins/client/job/stacklight/cookiecutter.yml
@@ -0,0 +1,61 @@
+parameters:
+ jenkins:
+ client:
+ job:
+ stacklight-test-cookiecutter-model:
+ display_name: stacklight-test-cookiecutter-model
+ name: stacklight-test-cookiecutter-model
+ concurrent: true
+ description: Test specified cookiecutter context
+ discard:
+ build:
+ keep_num: 60
+ artifact:
+ keep_num: 60
+ type: workflow-scm
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/openstack-ci/openstack-pipelines"
+ credentials: "gerrit"
+ branch: 'master'
+ script: test-cookiecutter-model-pipeline.groovy
+ param:
+ CREDENTIALS_ID:
+ type: string
+ description: "ID of jenkins credentials for connecting to gerrit"
+ default: "gerrit"
+ COOKIECUTTER_TEMPLATE_CONTEXT_FILE:
+ type: choice
+ description: "Context for cookiecutter template specified as filename"
+ default: 'stacklight-openstack-ovs-pike'
+ OPENSTACK_API_PROJECT:
+ type: string
+ default: "mcp-stacklight"
+ HEAT_STACK_ZONE:
+ type: string
+ default: "mcp-stacklight"
+ FLAVOR_PREFIX:
+ type: string
+ default: 'dev'
+ RUN_SMOKE:
+ type: boolean
+ description: "Run smoke after deployment or not (bool)"
+ default: 'false'
+ COOKIECUTTER_EXTRA_CONTEXT:
+ type: text
+ description: "Extra context items, will be merged to COOKIECUTTER_TEMPLATE_CONTEXT_FILE"
+ default: |-
+ #Extra context that will be merged with content of COOKIECUTTER_TEMPLATE_CONTEXT_FILE
+ default_context:
+ openssh_groups: "qa_scale,oscore_devops,networking,tcpcloud,stacklight,k8s_team"
+ cookiecutter_template_url: https://gerrit.mcp.mirantis.net/mk/cookiecutter-templates.git
+ cookiecutter_template_branch: 'master'
+ shared_reclass_url: https://gerrit.mcp.mirantis.net/salt-models/reclass-system.git
+ shared_reclass_branch: 'master'
+ STACK_INSTALL:
+ type: string
+ default: 'core,openstack,ovs,stacklight'
+ STACK_DELETE:
+ type: boolean
+ description: "Delete Heat stack when finished (bool)"
+ default: 'false'
diff --git a/jenkins/client/job/stacklight/init.yml b/jenkins/client/job/stacklight/init.yml
new file mode 100644
index 0000000..6d8f563
--- /dev/null
+++ b/jenkins/client/job/stacklight/init.yml
@@ -0,0 +1,2 @@
+classes:
+ - system.jenkins.client.job.stacklight.cookiecutter
diff --git a/kubernetes/common.yml b/kubernetes/common.yml
index 639154e..c178ced 100644
--- a/kubernetes/common.yml
+++ b/kubernetes/common.yml
@@ -4,6 +4,7 @@
kubernetes_calico_calicoctl_repo: ${_param:mcp_docker_registry}/mirantis/projectcalico/calico
kubernetes_calico_repo: ${_param:mcp_docker_registry}/mirantis/projectcalico/calico
kubernetes_calico_cni_repo: ${_param:mcp_docker_registry}/mirantis/projectcalico/calico
+ kubernetes_calico_kube_ctl_repo: ${_param:mcp_docker_registry}/mirantis/projectcalico/calico
kubernetes_hyperkube_repo: ${_param:mcp_docker_registry}/mirantis/kubernetes
kubernetes_contrail_cni_repo: ${_param:mcp_docker_registry}/mirantis/kubernetes
kubernetes_contrail_network_controller_repo: ${_param:mcp_docker_registry}/mirantis/kubernetes/contrail-integration
@@ -21,9 +22,10 @@
# component docker images
kubernetes_docker_package: docker-engine=1.13.1-0~ubuntu-xenial
- kubernetes_calico_calicoctl_image: ${_param:kubernetes_calico_calicoctl_repo}/ctl:v1.6.4
- kubernetes_calico_image: ${_param:kubernetes_calico_repo}/node:v2.6.10
- kubernetes_calico_cni_image: ${_param:kubernetes_calico_cni_repo}/cni:v1.11.6
+ kubernetes_calico_calicoctl_image: ${_param:kubernetes_calico_calicoctl_repo}/ctl:v3.1.3
+ kubernetes_calico_image: ${_param:kubernetes_calico_repo}/node:v3.1.3
+ kubernetes_calico_cni_image: ${_param:kubernetes_calico_cni_repo}/cni:v3.1.3
+ kubernetes_calico_kube_controllers_image: ${_param:kubernetes_calico_kube_ctl_repo}/kube-controllers:v3.1.3
kubernetes_hyperkube_image: ${_param:kubernetes_hyperkube_repo}/hyperkube-amd64:v1.10.4-4
kubernetes_pause_image: ${_param:kubernetes_hyperkube_repo}/pause-amd64:v1.10.4-4
kubernetes_contrail_cni_image: ${_param:kubernetes_contrail_cni_repo}/contrail-cni:v1.2.0
@@ -48,6 +50,9 @@
kubernetes_cniplugins_source: ${_param:kubernetes_cniplugins_repo}/cni-plugins_v0.7.1-48-g696b1f9.tar.gz
kubernetes_cniplugins_source_hash: md5=5ec1cf5e989097c6127ea5365e277b02
kubernetes_dashboard_image: ${_param:kubernetes_dashboard_repo}/kubernetes-dashboard-amd64:v1.8.3
+ kubernetes_fluentd_aggregator_image: fluent/fluentd-kubernetes-daemonset:v1.2-debian-elasticsearch
+ kubernetes_fluentd_logger_image: fluent/fluentd-kubernetes-daemonset:v1.2-debian-stackdriver
+ kubernetes_telegraf_image: docker.io/telegraf:1.5.3
kubelet_fail_on_swap: true
kubernetes_dashboard_enabled: true
@@ -64,12 +69,63 @@
kubernetes_metallb_enabled: false
kubernetes_sriov_enabled: false
kubernetes_fluentd_enabled: false
+ kubernetes_telegraf_enabled: false
# the rest of fluentd related params, the non bools
- kubernetes_fluentd_aggregator_bind_port: 24224
- kubernetes_fluentd_aggregator_es_host: 127.0.0.1
- kubernetes_fluentd_aggregator_es_port: 9200
- kubernetes_fluentd_aggregator_es_scheme: http
+ kubernetes_fluentd_namespace: stacklight
+ kubernetes_fluentd_aggregator_resources_limits_memory: 500Mi
+ kubernetes_fluentd_aggregator_resources_requests_memory: 500Mi
+ kubernetes_fluentd_aggregator_config_forward_input_bind_port: 24224
+ kubernetes_fluentd_aggregator_config_general_time_format: '%Y-%m-%dT%H:%M:%S.%N%z'
+ kubernetes_fluentd_aggregator_config_systemd_filter_docker_parse_format: /^time="(?<time>[^)]*)" level=(?<severity>[^ ]*) msg="(?<message>[^"]*)"( err="(?<error>[^"]*)")?( statusCode=($<status_code>\d+))?/
+ kubernetes_fluentd_aggregator_config_output_log_level: 'info'
+ kubernetes_fluentd_aggregator_config_output_logstash_format: true
+ kubernetes_fluentd_aggregator_config_output_logstash_prefix: 'log'
+ kubernetes_fluentd_aggregator_config_output_logstash_dateformat: '%Y.%m.%d'
+ kubernetes_fluentd_aggregator_config_output_num_threads: 8
+ kubernetes_fluentd_aggregator_config_output_max_retry_wait: 30
+ kubernetes_fluentd_aggregator_config_output_flush_interval: '10s'
+ kubernetes_fluentd_aggregator_config_output_buffer_chunk_limit: '2m'
+ kubernetes_fluentd_aggregator_config_output_buffer_queue_limit: 32
+ kubernetes_fluentd_aggregator_config_output_request_timeout: '10s'
+ kubernetes_fluentd_aggregator_config_output_es_host: 127.0.0.1
+ kubernetes_fluentd_aggregator_config_output_es_port: 9200
+ kubernetes_fluentd_aggregator_config_output_es_scheme: http
+
+ kubernetes_fluentd_logger_resources_limits_memory: 500Mi
+ kubernetes_fluentd_logger_resources_requests_memory: 500Mi
+ kubernetes_fluentd_logger_config_kubernetes_input_time_format: '%Y-%m-%dT%H:%M:%S.%NZ'
+ kubernetes_fluentd_logger_config_forward_output_require_ack_response: true
+ kubernetes_fluentd_logger_config_forward_output_ack_response_timeout: 30
+ kubernetes_fluentd_logger_config_forward_output_recover_wait: '10s'
+ kubernetes_fluentd_logger_config_forward_output_heartbeat_interval: '1s'
+ kubernetes_fluentd_logger_config_forward_output_phi_threshold: 16
+ kubernetes_fluentd_logger_config_forward_output_send_timeout: '10s'
+ kubernetes_fluentd_logger_config_forward_output_hard_timeout: '10s'
+ kubernetes_fluentd_logger_config_forward_output_expire_dns_cache: 15
+ kubernetes_fluentd_logger_config_forward_output_heartbeat_type: 'tcp'
+ kubernetes_fluentd_logger_config_forward_output_buffer_chunk_limit: '2M'
+ kubernetes_fluentd_logger_config_forward_output_buffer_queue_limit: 32
+ kubernetes_fluentd_logger_config_forward_output_flush_interval: '5s'
+ kubernetes_fluentd_logger_config_forward_output_max_retry_wait: 15
+ kubernetes_fluentd_logger_config_forward_output_num_threads: 8
+
+ # telegraf stuff
+ kubernetes_telegraf_namespace: stacklight
+ kubernetes_telegraf_resources_limits_memory: 500Mi
+ kubernetes_telegraf_resources_requests_memory: 500Mi
+ kubernetes_telegraf_agent_interval: 15
+ kubernetes_telegraf_agent_round_interval: false
+ kubernetes_telegraf_agent_metric_batch_size: 1000
+ kubernetes_telegraf_agent_metric_buffer_limit: 10000
+ kubernetes_telegraf_agent_collection_jitter: 2
+ kubernetes_telegraf_agent_flush_interval: 10
+ kubernetes_telegraf_agent_flush_jitter: 2
+ kubernetes_telegraf_agent_precision: ms
+ kubernetes_telegraf_agent_logfile: etc/telegraf/log
+ kubernetes_telegraf_agent_debug: false
+ kubernetes_telegraf_agent_quiet: false
+ kubernetes_telegraf_agent_omit_hostname: false
docker:
host:
@@ -114,13 +170,83 @@
image: ${_param:kubernetes_flannel_image}
fluentd:
enabled: ${_param:kubernetes_fluentd_enabled}
+ namespace: ${_param:kubernetes_fluentd_namespace}
aggregator:
- bind:
- port: ${_param:kubernetes_fluentd_aggregator_bind_port}
- es:
- host: ${_param:kubernetes_fluentd_aggregator_es_host}
- port: ${_param:kubernetes_fluentd_aggregator_es_port}
- scheme: ${_param:kubernetes_fluentd_aggregator_es_scheme}
+ image: ${_param:kubernetes_fluentd_aggregator_image}
+ resources:
+ limits:
+ memory: ${_param:kubernetes_fluentd_aggregator_resources_limits_memory}
+ requests:
+ memory: ${_param:kubernetes_fluentd_aggregator_resources_requests_memory}
+ config:
+ forward_input:
+ bind:
+ port: ${_param:kubernetes_fluentd_aggregator_config_forward_input_bind_port}
+ general:
+ time_format: ${_param:kubernetes_fluentd_aggregator_config_general_time_format}
+ systemd_filter:
+ docker_parse_format: ${_param:kubernetes_fluentd_aggregator_config_systemd_filter_docker_parse_format}
+ output:
+ log_level: ${_param:kubernetes_fluentd_aggregator_config_output_log_level}
+ logstash_format: ${_param:kubernetes_fluentd_aggregator_config_output_logstash_format}
+ logstash_prefix: ${_param:kubernetes_fluentd_aggregator_config_output_logstash_prefix}
+ logstash_dateformat: ${_param:kubernetes_fluentd_aggregator_config_output_logstash_dateformat}
+ request_timeout: ${_param:kubernetes_fluentd_aggregator_config_output_request_timeout}
+ buffer_chunk_limit: ${_param:kubernetes_fluentd_aggregator_config_output_buffer_chunk_limit}
+ buffer_queue_limit: ${_param:kubernetes_fluentd_aggregator_config_output_buffer_queue_limit}
+ flush_interval: ${_param:kubernetes_fluentd_aggregator_config_output_flush_interval}
+ num_threads: ${_param:kubernetes_fluentd_aggregator_config_output_num_threads}
+ max_retry_wait: ${_param:kubernetes_fluentd_aggregator_config_output_max_retry_wait}
+ es:
+ host: ${_param:kubernetes_fluentd_aggregator_config_output_es_host}
+ port: ${_param:kubernetes_fluentd_aggregator_config_output_es_port}
+ scheme: ${_param:kubernetes_fluentd_aggregator_config_output_es_scheme}
+ logger:
+ image: ${_param:kubernetes_fluentd_logger_image}
+ resources:
+ limits:
+ memory: ${_param:kubernetes_fluentd_logger_resources_limits_memory}
+ requests:
+ memory: ${_param:kubernetes_fluentd_logger_resources_requests_memory}
+ config:
+ kubernetes_input:
+ time_format: ${_param:kubernetes_fluentd_logger_config_kubernetes_input_time_format}
+ forward_output:
+ require_ack_response: ${_param:kubernetes_fluentd_logger_config_forward_output_require_ack_response}
+ ack_response_timeout: ${_param:kubernetes_fluentd_logger_config_forward_output_ack_response_timeout}
+ recover_wait: ${_param:kubernetes_fluentd_logger_config_forward_output_recover_wait}
+ heartbeat_interval: ${_param:kubernetes_fluentd_logger_config_forward_output_heartbeat_interval}
+ phi_threshold: ${_param:kubernetes_fluentd_logger_config_forward_output_phi_threshold}
+ send_timeout: ${_param:kubernetes_fluentd_logger_config_forward_output_send_timeout}
+ hard_timeout: ${_param:kubernetes_fluentd_logger_config_forward_output_hard_timeout}
+ expire_dns_cache: ${_param:kubernetes_fluentd_logger_config_forward_output_expire_dns_cache}
+ heartbeat_type: ${_param:kubernetes_fluentd_logger_config_forward_output_heartbeat_type}
+ buffer_chunk_limit: ${_param:kubernetes_fluentd_logger_config_forward_output_buffer_chunk_limit}
+ buffer_queue_limit: ${_param:kubernetes_fluentd_logger_config_forward_output_buffer_queue_limit}
+ flush_interval: ${_param:kubernetes_fluentd_logger_config_forward_output_flush_interval}
+ max_retry_wait: ${_param:kubernetes_fluentd_logger_config_forward_output_max_retry_wait}
+ num_threads: ${_param:kubernetes_fluentd_logger_config_forward_output_num_threads}
+ telegraf:
+ enabled: ${_param:kubernetes_telegraf_enabled}
+ image: ${_param:kubernetes_telegraf_image}
+ resources:
+ limits:
+ memory: ${_param:kubernetes_telegraf_resources_limits_memory}
+ requests:
+ memory: ${_param:kubernetes_telegraf_resources_requests_memory}
+ agent:
+ interval: ${_param:kubernetes_telegraf_agent_interval}
+ round_interval: ${_param:kubernetes_telegraf_agent_round_interval}
+ metric_batch_size: ${_param:kubernetes_telegraf_agent_metric_batch_size}
+ metric_buffer_limit: ${_param:kubernetes_telegraf_agent_metric_buffer_limit}
+ collection_jitter: ${_param:kubernetes_telegraf_agent_collection_jitter}
+ flush_interval: ${_param:kubernetes_telegraf_agent_flush_interval}
+ flush_jitter: ${_param:kubernetes_telegraf_agent_flush_jitter}
+ precision: ${_param:kubernetes_telegraf_agent_precision}
+ logfile: ${_param:kubernetes_telegraf_agent_logfile}
+ debug: ${_param:kubernetes_telegraf_agent_debug}
+ quiet: ${_param:kubernetes_telegraf_agent_quiet}
+ omit_hostname: ${_param:kubernetes_telegraf_agent_omit_hostname}
virtlet:
enabled: ${_param:kubernetes_virtlet_enabled}
namespace: kube-system
@@ -144,6 +270,7 @@
image: ${_param:kubernetes_calico_image}
calicoctl_image: ${_param:kubernetes_calico_calicoctl_image}
cni_image: ${_param:kubernetes_calico_cni_image}
+ kube_controllers_image: ${_param:kubernetes_calico_kube_controllers_image}
opencontrail:
enabled: ${_param:kubernetes_opencontrail_enabled}
cni_image: ${_param:kubernetes_contrail_cni_image}
diff --git a/kubernetes/control/opencontrail.yaml b/kubernetes/control/opencontrail.yaml
new file mode 100644
index 0000000..ba22753
--- /dev/null
+++ b/kubernetes/control/opencontrail.yaml
@@ -0,0 +1,41 @@
+parameters:
+ _param:
+ opencontrail_identity_user: admin
+ opencontrail_identity_password: contrail123
+ opencontrail_identity_tenant: admin
+ kubernetes:
+ pool:
+ network:
+ engine: none
+ opencontrail:
+ enabled: false
+ master:
+ network:
+ engine: none
+ opencontrail:
+ version: {{ cookiecutter.opencontrail_version }}
+ public_ip_range: {{ cookiecutter.opencontrail_public_ip_range }}
+ public_network: {{ cookiecutter.get('opencontrail_public_ip_network', 'default-domain:default-project:Public') }}
+ private_ip_range: {{ cookiecutter.opencontrail_private_ip_range }}
+ config:
+ api:
+ host: ${_param:opencontrail_control_address}
+ identity:
+ auth_user: ${_param:opencontrail_identity_user}
+ auth_password: ${_param:opencontrail_identity_password}
+ auth_tenant: ${_param:kubernetes_opencontrail_identity_tenant}
+ message_queue:
+ host: ${_param:single_address}
+ database:
+ members:
+ - host: ${_param:kubernetes_control_node01_address}
+ port: 9161
+ - host: ${_param:kubernetes_control_node02_address}
+ port: 9161
+ - host: ${_param:kubernetes_control_node03_address}
+ port: 9161
+ collector:
+ members:
+ - host: ${_param:kubernetes_control_node01_address}
+ - host: ${_param:kubernetes_control_node02_address}
+ - host: ${_param:kubernetes_control_node03_address}
diff --git a/kubernetes/master/cluster.yml b/kubernetes/master/cluster.yml
index 7cddd21..a283873 100644
--- a/kubernetes/master/cluster.yml
+++ b/kubernetes/master/cluster.yml
@@ -7,6 +7,9 @@
parameters:
kubernetes:
master:
+ network:
calico:
prometheus:
enabled: true
+ policy:
+ enabled: false
diff --git a/kubernetes/master/common.yml b/kubernetes/master/common.yml
index 9e3748d..1c92e00 100644
--- a/kubernetes/master/common.yml
+++ b/kubernetes/master/common.yml
@@ -17,6 +17,7 @@
image: ${_param:kubernetes_calico_image}
calicoctl_image: ${_param:kubernetes_calico_calicoctl_image}
cni_image: ${_param:kubernetes_calico_cni_image}
+ kube_controllers_image: ${_param:kubernetes_calico_kube_controllers_image}
opencontrail:
enabled: ${_param:kubernetes_opencontrail_enabled}
cni_image: ${_param:kubernetes_contrail_cni_image}
diff --git a/kubernetes/pool/cluster.yml b/kubernetes/pool/cluster.yml
index 61ebc3c..a375748 100644
--- a/kubernetes/pool/cluster.yml
+++ b/kubernetes/pool/cluster.yml
@@ -10,6 +10,8 @@
calico:
prometheus:
enabled: true
+ policy:
+ enabled: false
docker:
host:
options:
diff --git a/maas/region/single.yml b/maas/region/single.yml
index 7c57d9e..3569fff 100644
--- a/maas/region/single.yml
+++ b/maas/region/single.yml
@@ -42,4 +42,5 @@
ntp_external_only: true
upstream_dns: ${_param:dns_server01}
enable_http_proxy: false
- default_min_hwe_kernel: ''
+ # linux-signed-image-generic-hwe-16.04
+ default_min_hwe_kernel: 'hwe-16.04'
diff --git a/salt/minion/cert/mysql/clients/openstack/cinder.yml b/salt/minion/cert/mysql/clients/openstack/cinder.yml
new file mode 100644
index 0000000..ec6a77a
--- /dev/null
+++ b/salt/minion/cert/mysql/clients/openstack/cinder.yml
@@ -0,0 +1,27 @@
+parameters:
+ _param:
+ salt_minion_ca_host: cfg01.${_param:cluster_domain}
+ salt_minion_ca_authority: salt_master_ca
+ mysql_cinder_client_ssl_key_file: /etc/pki/mysql-cinder-client/client-key.pem
+ mysql_cinder_client_ssl_cert_file: /etc/pki/mysql-cinder-client/client-cert.pem
+ mysql_cinder_ssl_ca_file: /etc/pki/mysql-cinder-client/ca-cert.pem
+ salt:
+ minion:
+ cert:
+ mysql-cinder-client:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: mysql-cinder-client
+ signing_policy: cert_client
+ alternative_names: >
+ IP:${_param:cluster_local_address},
+ DNS:${_param:cluster_local_address},
+ DNS:${linux:system:name},
+ DNS:${linux:network:fqdn}
+ key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+ key_file: ${_param:mysql_cinder_client_ssl_key_file}
+ cert_file: ${_param:mysql_cinder_client_ssl_cert_file}
+ ca_file: ${_param:mysql_cinder_ssl_ca_file}
+ user: cinder
+ group: cinder
+ mode: 640
\ No newline at end of file