Switch to common oss overlay network
Change-Id: I60dde93b161d2be6ef0523c41254f0a761261b4c
diff --git a/devops_portal/service/elasticsearch.yml b/devops_portal/service/elasticsearch.yml
index 647c4ef..6fd9afa 100644
--- a/devops_portal/service/elasticsearch.yml
+++ b/devops_portal/service/elasticsearch.yml
@@ -4,7 +4,8 @@
service:
elasticsearch:
configure_proxy: true
+ resolve_hostname: true
endpoint:
- address: ${_param:haproxy_elasticsearch_bind_host}
- port: ${_param:haproxy_elasticsearch_http_bind_port}
- https: ${_param:haproxy_elasticsearch_ssl:enabled}
+ address: ${_param:elasticsearch_bind_host}
+ port: ${_param:elasticsearch_http_bind_port}
+ https: ${_param:elasticsearch_ssl:enabled}
diff --git a/devops_portal/service/janitor_monkey.yml b/devops_portal/service/janitor_monkey.yml
index 73f2e7c..f16ae7c 100644
--- a/devops_portal/service/janitor_monkey.yml
+++ b/devops_portal/service/janitor_monkey.yml
@@ -4,7 +4,8 @@
service:
janitormonkey:
configure_proxy: true
+ resolve_hostname: true
endpoint:
- address: ${_param:haproxy_janitor_monkey_bind_host}
- port: ${_param:haproxy_janitor_monkey_bind_port}
- https: ${_param:haproxy_janitor_monkey_ssl:enabled}
+ address: ${_param:janitor_monkey_bind_host}
+ port: ${_param:janitor_monkey_bind_port}
+ https: ${_param:janitor_monkey_ssl:enabled}
diff --git a/devops_portal/service/pushkin.yml b/devops_portal/service/pushkin.yml
index 82a073c..5cd172a 100644
--- a/devops_portal/service/pushkin.yml
+++ b/devops_portal/service/pushkin.yml
@@ -4,7 +4,8 @@
service:
pushkin:
configure_proxy: true
+ resolve_hostname: true
endpoint:
- address: ${_param:haproxy_pushkin_bind_host}
- port: ${_param:haproxy_pushkin_bind_port}
- https: ${_param:haproxy_pushkin_ssl:enabled}
+ address: ${_param:pushkin_bind_host}
+ port: ${_param:pushkin_bind_port}
+ https: ${_param:pushkin_ssl:enabled}
diff --git a/devops_portal/service/rundeck.yml b/devops_portal/service/rundeck.yml
index 82fd764..ad743cf 100644
--- a/devops_portal/service/rundeck.yml
+++ b/devops_portal/service/rundeck.yml
@@ -4,6 +4,7 @@
service:
rundeck:
configure_proxy: true
+ resolve_hostname: false
credentials:
username: ${_param:rundeck_admin_username}
password: ${_param:rundeck_admin_password}
diff --git a/devops_portal/service/security_monkey.yml b/devops_portal/service/security_monkey.yml
index ba5fe81..da896a8 100644
--- a/devops_portal/service/security_monkey.yml
+++ b/devops_portal/service/security_monkey.yml
@@ -4,10 +4,11 @@
service:
securitymonkey:
configure_proxy: true
+ resolve_hostname: true
endpoint:
- address: ${_param:haproxy_security_monkey_bind_host}
- port: ${_param:haproxy_security_monkey_bind_port}
- https: ${_param:haproxy_security_monkey_ssl:enabled}
+ address: ${_param:security_monkey_bind_host}
+ port: ${_param:security_monkey_bind_port}
+ https: ${_param:security_monkey_ssl:enabled}
credentials:
username: ${_param:security_monkey_user}
password: ${_param:security_monkey_password}
diff --git a/docker/swarm/network/oss_backend.yml b/docker/swarm/network/oss_backend.yml
new file mode 100644
index 0000000..daa628e
--- /dev/null
+++ b/docker/swarm/network/oss_backend.yml
@@ -0,0 +1,10 @@
+parameters:
+ _param:
+ docker_oss_network_subnet: 10.50.0.0/24
+ docker:
+ client:
+ network:
+ oss_backend:
+ subnet: ${_param:docker_oss_network_subnet}
+ driver: overlay
+ attachable: true
\ No newline at end of file
diff --git a/docker/swarm/stack/devops_portal.yml b/docker/swarm/stack/devops_portal.yml
index f553114..f8f89f9 100644
--- a/docker/swarm/stack/devops_portal.yml
+++ b/docker/swarm/stack/devops_portal.yml
@@ -18,3 +18,9 @@
volumes:
- /srv/volumes/devops_portal/nginx:/etc/nginx/config
- /srv/volumes/devops_portal/config:/opt/devops-portal/config
+ network:
+ default:
+ external:
+ name: oss_backend
+ frontend:
+ driver: overlay
\ No newline at end of file
diff --git a/docker/swarm/stack/elasticsearch.yml b/docker/swarm/stack/elasticsearch.yml
index 1c22e8f..fe7c35e 100644
--- a/docker/swarm/stack/elasticsearch.yml
+++ b/docker/swarm/stack/elasticsearch.yml
@@ -2,6 +2,11 @@
_param:
elasticsearch_replicas: 1
docker_image_elasticsearch: docker.elastic.co/elasticsearch/elasticsearch:5.4.1
+ elasticsearch_bind_host: elasticsearch-cluster
+ elasticsearch_http_bind_port: ${_param:haproxy_elasticsearch_http_bind_port}
+ elasticsearch_binary_bind_port: ${_param:haproxy_elasticsearch_binary_bind_port}
+ elasticsearch_ssl:
+ enabled: false
elasticsearch_cluster_name: oss-cluster
elasticsearch_xpack_security_enabled: 'false'
elasticsearch_xpack_monitoring_enabled: 'false'
@@ -18,14 +23,18 @@
discovery.zen.minimum_master_nodes: ${_param:elasticsearch_discovery_zen_minimum_master_nodes}
discovery.type: ${_param:elasticsearch_discovery_type}
service:
- cluster:
+ elasticsearch-cluster:
image: ${_param:docker_image_elasticsearch}
deploy:
replicas: ${_param:elasticsearch_replicas}
restart_policy:
condition: any
+ volumes:
+ - /srv/volumes/elasticsearch:/usr/share/elasticsearch/data
ports:
- ${_param:haproxy_elasticsearch_http_exposed_port}:${_param:haproxy_elasticsearch_http_bind_port}
- ${_param:haproxy_elasticsearch_binary_exposed_port}:${_param:haproxy_elasticsearch_binary_bind_port}
- volumes:
- - /srv/volumes/elasticsearch:/usr/share/elasticsearch/data
+ network:
+ default:
+ external:
+ name: oss_backend
diff --git a/docker/swarm/stack/janitor_monkey.yml b/docker/swarm/stack/janitor_monkey.yml
index de7a218..d1f240c 100644
--- a/docker/swarm/stack/janitor_monkey.yml
+++ b/docker/swarm/stack/janitor_monkey.yml
@@ -5,15 +5,21 @@
docker_mongodb_admin_username: admin
docker_mongodb_admin_password: password
docker_image_janitor_monkey: docker-prod-local.artifactory.mirantis.com/mirantis/oss/janitor-monkey
+ janitor_monkey_bind_host: cleanup-service-api
+ janitor_monkey_bind_port: 8080
+ janitor_monkey_ssl:
+ enabled: false
janitor_monkey_enabled: true
janitor_monkey_dryrun_mode: false
- janitor_monkey_base_url: http://${_param:haproxy_janitor_monkey_bind_host}:${_param:haproxy_janitor_monkey_bind_port}
- janitor_monkey_mongodb_host: ${_param:haproxy_mongodb_bind_host}
+ janitor_monkey_mongodb_host: cleanup-service-mongodb
janitor_monkey_mongodb_port: ${_param:haproxy_mongodb_bind_port}
+ mongodb_ssl:
+ enabled: false
+ janitor_monkey_base_url: http://${_param:janitor_monkey_mongodb_host}:${_param:janitor_monkey_mongodb_port}
janitor_monkey_mongodb_db: mcp_cloud
janitor_monkey_mongodb_username: janitor
janitor_monkey_mongodb_password: password
- janitor_monkey_elasticsearch: ${_param:haproxy_elasticsearch_bind_host}:${_param:haproxy_elasticsearch_binary_bind_port}
+ janitor_monkey_elasticsearch: ${_param:elasticsearch_bind_host}:${_param:elasticsearch_binary_bind_port}
janitor_monkey_cloudfire_region: RegionOne
janitor_monkey_cis_clustername: ${_param:elasticsearch_cluster_name}
janitor_monkey_openstack:
@@ -48,7 +54,7 @@
simianarmy.client.cloudfire.domain: ${_param:janitor_monkey_openstack:project_domain_name}
simianarmy.client.cloudfire.project: ${_param:janitor_monkey_openstack:project_name}
service:
- mongodb:
+ cleanup-service-mongodb:
image: ${_param:docker_image_mongodb}
deploy:
replicas: ${_param:docker_janitor_monkey_replicas}
@@ -58,11 +64,15 @@
- ${_param:haproxy_mongodb_exposed_port}:${_param:haproxy_mongodb_bind_port}
volumes:
- /srv/volumes/mongodb:/data/db
- api:
+ cleanup-service-api:
image: ${_param:docker_image_janitor_monkey}
deploy:
replicas: ${_param:docker_janitor_monkey_replicas}
restart_policy:
condition: any
ports:
- - ${_param:haproxy_janitor_monkey_exposed_port}:8080
+ - ${_param:haproxy_janitor_monkey_exposed_port}:${_param:janitor_monkey_bind_port}
+ network:
+ default:
+ external:
+ name: oss_backend
diff --git a/docker/swarm/stack/postgresql.yml b/docker/swarm/stack/postgresql.yml
index 7ae4052..42ebf8f 100644
--- a/docker/swarm/stack/postgresql.yml
+++ b/docker/swarm/stack/postgresql.yml
@@ -2,6 +2,10 @@
_param:
docker_postgresql_replicas: 1
docker_image_postgresql: library/postgres:9.6
+ postgresql_bind_host: postgresql-db
+ postgresql_bind_port: ${_param:haproxy_postgresql_bind_port}
+ postgresql_ssl:
+ enabled: false
postgresql_admin_user: postgres
postgresql_admin_user_password: postgrespassword
docker:
@@ -12,13 +16,17 @@
POSTGRES_USER: ${_param:postgresql_admin_user}
POSTGRES_PASSWORD: ${_param:postgresql_admin_user_password}
service:
- db:
+ postgresql-db:
image: ${_param:docker_image_postgresql}
deploy:
replicas: ${_param:docker_postgresql_replicas}
restart_policy:
condition: any
- ports:
- - ${_param:haproxy_postgresql_exposed_port}:${_param:haproxy_postgresql_bind_port}
volumes:
- /srv/volumes/postgresql/data:/var/lib/postgresql/data
+ ports:
+ - ${_param:haproxy_postgresql_exposed_port}:${_param:haproxy_postgresql_bind_port}
+ network:
+ default:
+ external:
+ name: oss_backend
\ No newline at end of file
diff --git a/docker/swarm/stack/pushkin.yml b/docker/swarm/stack/pushkin.yml
index 106d544..593f532 100644
--- a/docker/swarm/stack/pushkin.yml
+++ b/docker/swarm/stack/pushkin.yml
@@ -2,6 +2,10 @@
_param:
docker_pushkin_replicas: 1
docker_image_pushkin: docker-prod-local.artifactory.mirantis.com/mirantis/oss/pushkin
+ pushkin_bind_host: pushkin-api
+ pushkin_bind_port: ${_param:haproxy_pushkin_bind_port}
+ pushkin_ssl:
+ enabled: false
pushkin_db: pushkin
docker:
client:
@@ -11,15 +15,15 @@
POSTGRES_USER: ${_param:pushkin_db_user}
POSTGRES_PASSWORD: ${_param:pushkin_db_user_password}
POSTGRES_DB: ${_param:pushkin_db}
- PUSHKINDBHOST: ${_param:pushkin_db_host}
- PUSHKINELASTICHOST: ${_param:haproxy_elasticsearch_bind_host}
+ PUSHKINDBHOST: ${_param:postgresql_bind_host}
+ PUSHKINELASTICHOST: ${_param:elasticsearch_bind_host}
WEBHOOK_FROM: ${_param:webhook_from}
WEBHOOK_RECIPIENTS: ${_param:webhook_recipients}
WEBHOOK_LOGIN_ID: ${_param:webhook_login_id}
WEBHOOK_APPLICATION_ID: ${_param:webhook_application_id}
WEBHOOK_SFDC_USERNAME: ${_param:webhook_sfdc_username}
service:
- api:
+ pushkin-api:
image: ${_param:docker_image_pushkin}
deploy:
replicas: ${_param:docker_pushkin_replicas}
@@ -28,4 +32,8 @@
ports:
- ${_param:haproxy_pushkin_exposed_port}:${_param:haproxy_pushkin_bind_port}
volumes:
- - /srv/volumes/pushkin/api:/var/log/pushkin
\ No newline at end of file
+ - /srv/volumes/pushkin/api:/var/log/pushkin
+ network:
+ default:
+ external:
+ name: oss_backend
diff --git a/docker/swarm/stack/rundeck.yml b/docker/swarm/stack/rundeck.yml
index 216415c..0710819 100644
--- a/docker/swarm/stack/rundeck.yml
+++ b/docker/swarm/stack/rundeck.yml
@@ -2,12 +2,16 @@
_param:
docker_rundeck_replicas: 1
docker_image_rundeck: docker-prod-local.artifactory.mirantis.com/mirantis/oss/rundeck:latest
+ rundeck_bind_host: rundeck-api
+ rundeck_bind_port: ${_param:haproxy_rundeck_bind_port}
+ rundeck_ssl:
+ enabled: false
docker:
client:
stack:
rundeck:
service:
- rundeck:
+ rundeck-api:
image: ${_param:docker_image_rundeck}
deploy:
replicas: ${_param:docker_rundeck_replicas}
@@ -25,3 +29,7 @@
- /srv/volumes/rundeck/logs:/var/lib/rundeck/logs
- /srv/volumes/rundeck/plugins:/opt/rundeck-plugins
- /srv/volumes/rundeck/storage:/var/lib/rundeck/var/storage
+ network:
+ default:
+ external:
+ name: oss_backend
\ No newline at end of file
diff --git a/docker/swarm/stack/security_monkey.yml b/docker/swarm/stack/security_monkey.yml
index 2e1c813..f7b5980 100644
--- a/docker/swarm/stack/security_monkey.yml
+++ b/docker/swarm/stack/security_monkey.yml
@@ -4,15 +4,19 @@
docker_security_monkey_scheduler_replicas: 1
docker_image_security_monkey_api: docker-prod-local.artifactory.mirantis.com/mirantis/oss/security-monkey-api
docker_image_security_monkey_scheduler: docker-prod-local.artifactory.mirantis.com/mirantis/oss/security-monkey-scheduler
+ security_monkey_bind_host: security-audit-api
+ security_monkey_bind_port: ${_param:haproxy_security_monkey_bind_port}
+ security_monkey_ssl:
+ enabled: false
security_monkey_db: secmonkey
- notification_service_url: http://${_param:haproxy_pushkin_bind_host}:${_param:haproxy_pushkin_bind_port}/post_notification_json
+ notification_service_url: http://${_param:pushkin_bind_host}:${_param:haproxy_pushkin_bind_port}/post_notification_json
security_monkey_user: devopsportal@devopsportal.local
security_monkey_password: devopsportal
security_monkey_role: Justify
- security_monkey_fqdn: ${_param:haproxy_security_monkey_bind_host}
- security_monkey_web_port: ${_param:haproxy_security_monkey_bind_port}
- security_monkey_api_port: ${_param:haproxy_security_monkey_bind_port}
- security_monkey_nginx_port: ${_param:haproxy_security_monkey_bind_port}
+ security_monkey_fqdn: ${_param:security_monkey_bind_host}
+ security_monkey_web_port: ${_param:security_monkey_bind_port}
+ security_monkey_api_port: ${_param:security_monkey_bind_port}
+ security_monkey_nginx_port: ${_param:security_monkey_bind_port}
devops_portal_sm_wtf_csrf_enabled: False
security_monkey_sync_interval: 15
security_monkey_openstack:
@@ -32,7 +36,7 @@
SECURITY_MONKEY_POSTGRES_USER: ${_param:secmonkey_db_user}
SECURITY_MONKEY_POSTGRES_PASSWORD: ${_param:secmonkey_db_user_password}
SECURITY_MONKEY_POSTGRES_HOST: ${_param:secmonkey_db_host}
- SECURITY_MONKEY_POSTGRES_PORT: ${_param:haproxy_postgresql_bind_port}
+ SECURITY_MONKEY_POSTGRES_PORT: ${_param:postgresql_bind_port}
SECURITY_MONKEY_FQDN: ${_param:security_monkey_fqdn}
WEB_PORT: ${_param:security_monkey_web_port}
API_PORT: ${_param:security_monkey_api_port}
@@ -54,7 +58,7 @@
SQLALCHEMY_DATABASE_URI: postgresql://${_param:secmonkey_db_user}:${_param:secmonkey_db_user_password}@${_param:secmonkey_db_host}:${_param:haproxy_postgresql_bind_port}/${_param:security_monkey_db}
SQLALCHEMY_POOL_RECYCLE: 14400
service:
- api:
+ security-audit-api:
image: ${_param:docker_image_security_monkey_api}
deploy:
replicas: ${_param:docker_security_monkey_api_replicas}
@@ -64,7 +68,7 @@
- ${_param:haproxy_security_monkey_exposed_port}:${_param:haproxy_security_monkey_bind_port}
volumes:
- /srv/volumes/security_monkey/logs:/var/log/security_monkey/logs
- scheduler:
+ security-audit-scheduler:
image: ${_param:docker_image_security_monkey_scheduler}
deploy:
replicas: ${_param:docker_security_monkey_scheduler_replicas}
@@ -72,3 +76,7 @@
condition: any
volumes:
- /srv/volumes/security_monkey/logs:/var/log/security_monkey/logs
+ network:
+ default:
+ external:
+ name: oss_backend