Merge "Mirror all branches for mk-pipelines and pipeline-library" into release/2019.2.0
diff --git a/cinder/control/backup/ceph.yml b/cinder/control/backup/ceph.yml
new file mode 100644
index 0000000..5b9c5a7
--- /dev/null
+++ b/cinder/control/backup/ceph.yml
@@ -0,0 +1,10 @@
+parameters:
+ cinder:
+ controller:
+ backup:
+ engine: ceph
+ ceph_pool: ${_param:cinder_ceph_backup_pool}
+ ceph_stripe_count: ${_param:cinder_ceph_stripe_count}
+ ceph_stripe_unit: ${_param:cinder_ceph_stripe_unit}
+ ceph_user: ${_param:cinder_ceph_backup_user}
+ ceph_chunk_size: ${_param:cinder_ceph_chunk_size}
diff --git a/cinder/volume/backup/ceph.yml b/cinder/volume/backup/ceph.yml
new file mode 100644
index 0000000..5cc6e02
--- /dev/null
+++ b/cinder/volume/backup/ceph.yml
@@ -0,0 +1,10 @@
+parameters:
+ cinder:
+ volume:
+ backup:
+ engine: ceph
+ ceph_pool: ${_param:cinder_ceph_backup_pool}
+ ceph_stripe_count: ${_param:cinder_ceph_stripe_count}
+ ceph_stripe_unit: ${_param:cinder_ceph_stripe_unit}
+ ceph_user: ${_param:cinder_ceph_backup_user}
+ ceph_chunk_size: ${_param:cinder_ceph_chunk_size}
diff --git a/defaults/backupninja.yml b/defaults/backupninja.yml
index e89ed86..f827173 100644
--- a/defaults/backupninja.yml
+++ b/defaults/backupninja.yml
@@ -1,4 +1,5 @@
parameters:
_param:
backupninja_engine: rsync
+ backupninja_backup_host: 127.0.0.1
backupninja_public_key: no-key-provided
diff --git a/defaults/docker_images.yml b/defaults/docker_images.yml
index 35c44a9..edd2197 100644
--- a/defaults/docker_images.yml
+++ b/defaults/docker_images.yml
@@ -29,7 +29,7 @@
docker_image_grafana: "${_param:mcp_docker_registry}/openstack-docker/grafana:${_param:mcp_version}"
docker_image_prometheus_es_exporter: "${_param:mcp_docker_registry}/mirantis/external/braedon/prometheus-es-exporter:0.5.1"
docker_image_prometheus: "${_param:mcp_docker_registry}/openstack-docker/prometheus:${_param:mcp_version}"
- docker_image_prometheus_gainsight: "${_param:mcp_docker_registry}/openstack-docker/gainsight:${_param:mcp_version}"
+ docker_image_prometheus_gainsight: "${_param:mcp_docker_registry}/openstack-docker/gainsight:2019.2.3"
docker_image_prometheus_gainsight_elasticsearch: "${_param:mcp_docker_registry}/openstack-docker/gainsight_elasticsearch:${_param:mcp_version}"
docker_image_prometheus_relay: "${_param:mcp_docker_registry}/openstack-docker/prometheus_relay:${_param:mcp_version}"
docker_image_pushgateway: "${_param:mcp_docker_registry}/openstack-docker/pushgateway:${_param:mcp_version}"
@@ -43,7 +43,7 @@
docker_image_keycloak_server: "${_param:mcp_docker_registry}/mirantis/external/jboss/keycloak:4.5.0.Final"
docker_image_keycloak_proxy: "${_param:mcp_docker_registry}/mirantis/external/jboss/keycloak:3.4.2.Final"
# CVP
- docker_image_cvp_sanity_checks: ${_param:mcp_docker_registry}/mirantis/cvp/cvp-sanity-checks:2019.2.2
+ docker_image_cvp_sanity_checks: ${_param:mcp_docker_registry}/mirantis/cvp/cvp-sanity-checks:2019.2.3
# aptly
docker_image_aptly:
base: "${_param:mcp_docker_registry}/mirantis/cicd/aptly:${_param:mcp_version}"
diff --git a/defaults/openstack/init.yml b/defaults/openstack/init.yml
index 6623b29..e4f686b 100644
--- a/defaults/openstack/init.yml
+++ b/defaults/openstack/init.yml
@@ -6,7 +6,13 @@
cluster_public_protocol: https
cluster_internal_protocol: http
openstack_service_hostname: os-ctl-vip
+ openstack_share_service_hostname: os-share-vip
+ openstack_kmn_service_hostname: os-kmn-vip
+ openstack_telemetry_service_hostname: os-telemetry-vip
openstack_service_host: ${_param:openstack_service_hostname}.${linux:system:domain}
+ openstack_share_service_host: ${_param:openstack_share_service_hostname}.${linux:system:domain}
+ openstack_kmn_service_host: ${_param:openstack_kmn_service_hostname}.${linux:system:domain}
+ openstack_telemetry_service_host: ${_param:openstack_telemetry_service_hostname}.${linux:system:domain}
# SSL
ceilometer_agent_ssl_enabled: False
openstack_mysql_x509_enabled: False
@@ -22,6 +28,12 @@
openstack_version: queens
openstack_old_version: ${_param:openstack_version}
openstack_upgrade_enabled: False
+ # Security compliance user options
+ openstack_service_user_options:
+ ignore_change_password_upon_first_use: True
+ ignore_password_expiry: True
+ ignore_lockout_failure_attempts: False
+ lock_password: False
# Cinder
cinder_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
cinder_memcache_secret_key: ''
@@ -87,6 +99,24 @@
keystone_old_version: ${_param:openstack_old_version}
keystone_version: ${_param:openstack_version}
keystone_upgrade_enabled: ${_param:openstack_upgrade_enabled}
+ # (obryndzii) Rotating keys too frequently, or with ``[fernet_tokens] max_active_keys``
+ # set too low, will cause tokens to become invalid prior to their expiration.
+ # As tokens may be fetched beyond their initial expiration period (nova live migration,
+ # cider volume backup), keys should not be fully rotated within the period of
+ # ``[token] expiration``+``[token] allow_expired_window`` seconds to prevent the tokens
+ # becoming unavailable.
+ # The max_active_keys default value was adjusted according to the following defaults:
+ # [token]/allow_expired_window = 172800 (48 hours)
+ # [token]/expiration = 3600 (1 hour)
+ # rotation_frequency = 1 hour (keystone_fernet_rotate_rsync_minute/hour 0 *)
+ # max_active_keys = (allow_expired_window + expiration)/rotation_frequency + 2
+ # In case of changing those defaults the keystone_tokens_max_active_keys value should be
+ # calculated according to the definition above.
+ keystone_tokens_expiration: 3600
+ keystone_tokens_max_active_keys: 51
+ keystone_tokens_allow_expired_window: 172800
+ keystone_fernet_rotate_rsync_minute: 0
+ keystone_fernet_rotate_rsync_hour: '*'
# Manila
manila_old_version: ${_param:openstack_old_version}
manila_version: ${_param:openstack_version}
diff --git a/defaults/secrets.yml b/defaults/secrets.yml
new file mode 100644
index 0000000..65b7bce
--- /dev/null
+++ b/defaults/secrets.yml
@@ -0,0 +1,82 @@
+# All commented params just for reference, should be auto-generated
+# Actually all must be genertated but keep some uncommented for backward
+# compatibility.
+parameters:
+ _param:
+# PostgreSQL
+# postgresql_admin_user_password: <<CHANGEME>>
+# postgresql_client_password: <<CHANGEME>>
+# rundeck_db_user_password: <<CHANGEME>>
+# sfdc_db_user_password: <<CHANGEME>>
+# alertmanager_db_user_password: <<CHANGEME>>
+# pushkin_db_user_password: <<CHANGEME>>
+# postgresql_billometer_password: <<CHANGEME>>
+# postgresql_graphite_password: <<CHANGEME>>
+
+# Opencontrail
+ opencontrail_identity_password: contrail123
+# opencontrail_stats_password: <<CHANGEME>>
+ opencontrail_message_queue_password: guest
+
+# RabbitMQ
+# rabbitmq_monitor_password: <<CHANGEME>>
+# rabbitmq_admin_password: <<CHANGEME>>
+ rabbitmq_guest_password: guest
+# rabbitmq_billometer_password: <<CHANGEME>>
+# rabbitmq_graphite_password: <<CHANGEME>>
+# rabbitmq_cold_password: <<CHANGEME>>
+# rabbitmq_secret_key: <<CHANGEME>>
+
+# Keepalived
+# keepalived_k8s_apiserver_vip_password: <<CHANGEME>>
+# keepalived_openstack_web_public_vip_password: <<CHANGEME>>
+# keepalived_openstack_baremetal_password: <<CHANGEME>>
+ keepalived_openstack_telemetry_vip_password: password
+# keepalived_openstack_manila_vip_password: <<CHANGEME>>
+# keepalived_openstack_barbican_vip_password: <<CHANGEME>>
+
+# Jenkins
+# jenkins_admin_password: <<CHANGEME>>
+# jenkins_client_password: <<CHANGEME>>
+# jenkins_security_ldap_manager_password: <<CHANGEME>>
+# oss_jenkins_password: <<CHANGEME>>
+
+# Gerrit/LDAP
+ gerrit_ldap_bind_password: password
+
+# Docker
+# keycloak_admin_password: <<CHANGEME>>
+# kqueen_api_ldap_password: <<CHANGEME>>
+# kqueen_credentials:
+# kqueen_api_admin_password: <<CHANGEME>>
+# pushkin_email_sender_password: <<CHANGEME>>
+# sfdc_password: <<CHANGEME>>
+
+# Billometer
+# keystone_billometer_password: <<CHANGEME>>
+
+# Nova
+# metadata_password: <<CHANGEME>>
+# nova_compute_ssh_public: <<CHANGEME>>
+# nova_compute_ssh_private: <<CHANGEME>>
+
+
+# Grafana
+# grafana_password: <<CHANGEME>>
+# grafana_database_password: <<CHANGEME>>
+
+# Keystone
+# keystone_admin_password: <<CHANGEME>>
+# mysql_admin_password: <<CHANGEME>>
+# mysql_keystone_password: <<CHANGEME>>
+
+# Kubernetes
+ kubernetes_openstack_provider_cloud_password: password
+
+# Galera
+# galera_clustercheck_password: <<CHANGEME>>
+
+# Generic
+# root_private_key:
+# root_public_key:
+
diff --git a/docker/client/images/monitoring.yml b/docker/client/images/monitoring.yml
index 229152d..2189b52 100644
--- a/docker/client/images/monitoring.yml
+++ b/docker/client/images/monitoring.yml
@@ -7,6 +7,7 @@
- ${_param:docker_image_alertmanager}
- ${_param:docker_image_grafana}
- ${_param:docker_image_prometheus}
+ - ${_param:docker_image_prometheus_es_exporter}
- ${_param:docker_image_prometheus_gainsight}
- ${_param:docker_image_prometheus_gainsight_elasticsearch}
- ${_param:docker_image_prometheus_relay}
@@ -14,4 +15,4 @@
- ${_param:docker_image_remote_agent}
- ${_param:docker_image_remote_collector}
- ${_param:docker_image_remote_storage_adapter}
- - ${_param:docker_image_sf_notifier}
\ No newline at end of file
+ - ${_param:docker_image_sf_notifier}
diff --git a/docker/host.yml b/docker/host.yml
index bb3dffa..a88ff2f 100644
--- a/docker/host.yml
+++ b/docker/host.yml
@@ -6,6 +6,7 @@
docker:
host:
pkgs:
+ - containerd.io
- docker-ce
- python-docker
experimental: true
diff --git a/docker/swarm/stack/monitoring/elasticsearch_exporter.yml b/docker/swarm/stack/monitoring/elasticsearch_exporter.yml
new file mode 100644
index 0000000..5cbc05e
--- /dev/null
+++ b/docker/swarm/stack/monitoring/elasticsearch_exporter.yml
@@ -0,0 +1,28 @@
+classes:
+- system.prometheus.elasticsearch_exporter.container
+parameters:
+ docker:
+ client:
+ stack:
+ monitoring:
+ network:
+ monitoring:
+ driver: overlay
+ driver_opts:
+ encrypted: 1
+ service:
+ elasticsearch_exporter:
+ command: --es-cluster ${_param:stacklight_log_address}:9200 --nodes-stats-disable --cluster-health-disable --indices-stats-disable
+ networks:
+ - monitoring
+ deploy:
+ replicas: 1
+ labels:
+ com.mirantis.monitoring: "elasticsearch_exporter"
+ restart_policy:
+ condition: any
+ labels:
+ com.mirantis.monitoring: "elasticsearch_exporter"
+ image: ${_param:docker_image_prometheus_es_exporter}
+ volumes:
+ - "${prometheus:elasticsearch_exporter:dir:config}/elasticsearch_exporter.cfg:/usr/src/app/exporter.cfg"
diff --git a/docker/swarm/stack/monitoring/init.yml b/docker/swarm/stack/monitoring/init.yml
index 134efdc..9fa4281 100644
--- a/docker/swarm/stack/monitoring/init.yml
+++ b/docker/swarm/stack/monitoring/init.yml
@@ -2,6 +2,7 @@
- system.docker.swarm.stack.monitoring.prometheus
- system.docker.swarm.stack.monitoring.prometheus.replicated
- system.docker.swarm.stack.monitoring.alertmanager
+- system.docker.swarm.stack.monitoring.elasticsearch_exporter
- system.docker.swarm.stack.monitoring.prometheus_relay
- system.docker.swarm.stack.monitoring.pushgateway
- system.docker.swarm.stack.monitoring.remote_agent
diff --git a/docker/swarm/stack/monitoring/prometheus_global.yml b/docker/swarm/stack/monitoring/prometheus_global.yml
index 6d8e4ba..925675a 100644
--- a/docker/swarm/stack/monitoring/prometheus_global.yml
+++ b/docker/swarm/stack/monitoring/prometheus_global.yml
@@ -2,6 +2,7 @@
- system.docker.swarm.stack.monitoring.prometheus
- system.docker.swarm.stack.monitoring.prometheus.global
- system.docker.swarm.stack.monitoring.alertmanager
+- system.docker.swarm.stack.monitoring.elasticsearch_exporter
- system.docker.swarm.stack.monitoring.prometheus_relay
- system.docker.swarm.stack.monitoring.pushgateway
- system.docker.swarm.stack.monitoring.remote_agent
diff --git a/heat/server/cluster.yml b/heat/server/cluster.yml
index 1edf790..be2f211 100644
--- a/heat/server/cluster.yml
+++ b/heat/server/cluster.yml
@@ -18,7 +18,6 @@
stack_domain_admin:
name: heat_domain_admin
password: ${_param:heat_domain_admin_password}
- domain: heat
enabled: true
region: ${_param:openstack_region}
version: ${_param:heat_version}
diff --git a/heat/server/single.yml b/heat/server/single.yml
index 24db595..4ce11fa 100644
--- a/heat/server/single.yml
+++ b/heat/server/single.yml
@@ -17,7 +17,6 @@
stack_domain_admin:
name: heat_domain_admin
password: ${_param:heat_domain_admin_password}
- domain: heat
metadata:
protocol: ${_param:cluster_public_protocol}
waitcondition:
diff --git a/jenkins/client/credential/lab.yml b/jenkins/client/credential/lab.yml
index 68375e3..e69de29 100644
--- a/jenkins/client/credential/lab.yml
+++ b/jenkins/client/credential/lab.yml
@@ -1,9 +0,0 @@
-parameters:
- _param:
- lab_ssh_user: root
- jenkins:
- client:
- credential:
- lab:
- username: ${_param:lab_ssh_user}
- key: ${_param:cluster_private_key}
diff --git a/jenkins/client/job/ceph/add-osd-upmap.yml b/jenkins/client/job/ceph/add-osd-upmap.yml
new file mode 100644
index 0000000..f6390a6
--- /dev/null
+++ b/jenkins/client/job/ceph/add-osd-upmap.yml
@@ -0,0 +1,32 @@
+parameters:
+ jenkins:
+ client:
+ job:
+ ceph-add-osd-upmap:
+ type: workflow-scm
+ concurrent: true
+ display_name: "Ceph - add osd"
+ description: "This pipeline requires ceph luminous version, all clients must be upgraded to luminous version to proceed."
+ discard:
+ build:
+ keep_num: 50
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+ branch: "${_param:jenkins_pipelines_branch}"
+ credentials: "gerrit"
+ script: ceph-add-osd-upmap.groovy
+ param:
+ # general parameters
+ SALT_MASTER_URL:
+ type: string
+ description: URL of Salt master
+ default: "${_param:jenkins_salt_api_url}"
+ SALT_MASTER_CREDENTIALS:
+ type: string
+ description: Credentials for login to Salt API
+ default: salt
+ HOST:
+ type: string
+ description: OSD HOST that will be added to Ceph cluster (rgw04*)
+ default: 'osd*'
diff --git a/jenkins/client/job/deploy/openstack.yml b/jenkins/client/job/deploy/openstack.yml
index d5ed556..d18ccae 100644
--- a/jenkins/client/job/deploy/openstack.yml
+++ b/jenkins/client/job/deploy/openstack.yml
@@ -44,6 +44,7 @@
deploy-openstack-compute:
type: workflow-scm
concurrent: true
+ description: "\n This pipeline is provided as technical preview. Do not use the pipeline in production environments as the result of the pipeline is unpredictable."
discard:
build:
keep_num: 50
diff --git a/jenkins/client/job/deploy/update/init.yml b/jenkins/client/job/deploy/update/init.yml
index a05b1ad..5a26020 100644
--- a/jenkins/client/job/deploy/update/init.yml
+++ b/jenkins/client/job/deploy/update/init.yml
@@ -12,9 +12,9 @@
- system.jenkins.client.job.deploy.update.upgrade_opencontrail4_0
- system.jenkins.client.job.deploy.update.update_opencontrail4
- system.jenkins.client.job.deploy.update.upgrade_stacklight
- - system.jenkins.client.job.deploy.update.restore_mysql
- system.jenkins.client.job.deploy.update.restore_cassandra
- system.jenkins.client.job.deploy.update.restore_zookeeper
- system.jenkins.client.job.deploy.update.virt_snapshot
- system.jenkins.client.job.deploy.update.cloud_update
- system.jenkins.client.job.deploy.update.kubernetes_update
+ - system.jenkins.client.job.deploy.galera_verify_restore
diff --git a/jenkins/client/job/deploy/update/restore_mysql.yml b/jenkins/client/job/deploy/update/restore_mysql.yml
deleted file mode 100644
index aaf4552..0000000
--- a/jenkins/client/job/deploy/update/restore_mysql.yml
+++ /dev/null
@@ -1,32 +0,0 @@
-#
-# Jobs to update packages on given Salt master environment
-#
-parameters:
- _param:
- jenkins_salt_api_url: "http://${_param:salt_master_host}:6969"
- jenkins:
- client:
- job:
- deploy-mysql-db-restore:
- type: workflow-scm
- concurrent: true
- discard:
- build:
- keep_num: 10
- artifact:
- keep_num: 10
- display_name: "Xtrabackup - restore mysql db"
- scm:
- type: git
- url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
- branch: "${_param:jenkins_pipelines_branch}"
- credentials: "gerrit"
- script: xtrabackup-restore-mysql-db.groovy
- param:
- SALT_MASTER_URL:
- type: string
- default: "${_param:jenkins_salt_api_url}"
- SALT_MASTER_CREDENTIALS:
- type: string
- default: "salt"
-
diff --git a/jenkins/slave/docker.yml b/jenkins/slave/docker.yml
index 227dd51..169cb08 100644
--- a/jenkins/slave/docker.yml
+++ b/jenkins/slave/docker.yml
@@ -17,5 +17,7 @@
commands:
- /usr/bin/docker
package:
+ containerd.io:
+ version: latest
docker-ce:
version: latest
diff --git a/keystone/client/core.yml b/keystone/client/core.yml
index 8c73b16..c965e6f 100644
--- a/keystone/client/core.yml
+++ b/keystone/client/core.yml
@@ -35,6 +35,7 @@
is_admin: true
password: ${_param:keystone_admin_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
admin_identity:
admin:
user: admin
diff --git a/keystone/client/image_manager.yml b/keystone/client/image_manager.yml
index becd512..3f7c773 100644
--- a/keystone/client/image_manager.yml
+++ b/keystone/client/image_manager.yml
@@ -21,5 +21,6 @@
is_admin: false
password: ${_param:keystone_image_manager_password}
email: ${_param:keystone_image_manager_email}
+ options: ${_param:openstack_service_user_options}
roles:
- image_manager
diff --git a/keystone/client/service/aodh.yml b/keystone/client/service/aodh.yml
index e7c8a0d..3d2dae0 100644
--- a/keystone/client/service/aodh.yml
+++ b/keystone/client/service/aodh.yml
@@ -15,6 +15,7 @@
is_admin: true
password: ${_param:keystone_aodh_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
aodh:
type: alarming
diff --git a/keystone/client/service/barbican.yml b/keystone/client/service/barbican.yml
index 8c975ba..1a65afd 100644
--- a/keystone/client/service/barbican.yml
+++ b/keystone/client/service/barbican.yml
@@ -16,6 +16,7 @@
barbican:
password: ${_param:keystone_barbican_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
- admin
- creator
diff --git a/keystone/client/service/billometer.yml b/keystone/client/service/billometer.yml
index 5aa1f2e..14c570e 100644
--- a/keystone/client/service/billometer.yml
+++ b/keystone/client/service/billometer.yml
@@ -14,6 +14,7 @@
is_admin: true
password: ${_param:keystone_billometer_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
billometer:
type: billing
diff --git a/keystone/client/service/ceilometer.yml b/keystone/client/service/ceilometer.yml
index e3bc485..131f3bb 100644
--- a/keystone/client/service/ceilometer.yml
+++ b/keystone/client/service/ceilometer.yml
@@ -16,6 +16,7 @@
is_admin: true
password: ${_param:keystone_ceilometer_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
ceilometer:
type: metering
diff --git a/keystone/client/service/cinder.yml b/keystone/client/service/cinder.yml
index cf27875..ec0b2ca 100644
--- a/keystone/client/service/cinder.yml
+++ b/keystone/client/service/cinder.yml
@@ -14,3 +14,4 @@
is_admin: true
password: ${_param:keystone_cinder_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
diff --git a/keystone/client/service/cinder2.yml b/keystone/client/service/cinder2.yml
index 997651a..fd8cbfc 100644
--- a/keystone/client/service/cinder2.yml
+++ b/keystone/client/service/cinder2.yml
@@ -14,6 +14,7 @@
is_admin: true
password: ${_param:keystone_cinder_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
cinderv2:
type: volumev2
diff --git a/keystone/client/service/cinder3.yml b/keystone/client/service/cinder3.yml
index 870c781..6280a7b 100644
--- a/keystone/client/service/cinder3.yml
+++ b/keystone/client/service/cinder3.yml
@@ -14,6 +14,7 @@
is_admin: true
password: ${_param:keystone_cinder_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
cinderv3:
type: volumev3
diff --git a/keystone/client/service/congress.yml b/keystone/client/service/congress.yml
index 1e1141b..e0a6754 100644
--- a/keystone/client/service/congress.yml
+++ b/keystone/client/service/congress.yml
@@ -14,6 +14,7 @@
is_admin: true
password: ${_param:keystone_congress_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
congress:
type: policy
diff --git a/keystone/client/service/contrail.yml b/keystone/client/service/contrail.yml
index ad2f6e2..6792156 100644
--- a/keystone/client/service/contrail.yml
+++ b/keystone/client/service/contrail.yml
@@ -14,6 +14,7 @@
is_admin: true
password: ${_param:opencontrail_admin_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
opencontrail:
type: contrail
diff --git a/keystone/client/service/designate.yml b/keystone/client/service/designate.yml
index 83bb7ef..80f3761 100644
--- a/keystone/client/service/designate.yml
+++ b/keystone/client/service/designate.yml
@@ -14,6 +14,7 @@
is_admin: true
password: ${_param:keystone_designate_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
designate:
type: dns
diff --git a/keystone/client/service/glance.yml b/keystone/client/service/glance.yml
index 8c6f39d..69b5d8b 100644
--- a/keystone/client/service/glance.yml
+++ b/keystone/client/service/glance.yml
@@ -14,6 +14,7 @@
is_admin: true
password: ${_param:keystone_glance_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
glance:
type: image
diff --git a/keystone/client/service/glare.yml b/keystone/client/service/glare.yml
index 24d827a..22d619f 100644
--- a/keystone/client/service/glare.yml
+++ b/keystone/client/service/glare.yml
@@ -12,6 +12,7 @@
is_admin: true
password: ${_param:keystone_glance_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
glare:
type: artifact
diff --git a/keystone/client/service/gnocchi.yml b/keystone/client/service/gnocchi.yml
index 0b46f36..2336a8c 100644
--- a/keystone/client/service/gnocchi.yml
+++ b/keystone/client/service/gnocchi.yml
@@ -17,6 +17,7 @@
is_admin: true
password: ${_param:keystone_gnocchi_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
gnocchi:
type: metric
diff --git a/keystone/client/service/heat.yml b/keystone/client/service/heat.yml
index e0bae14..9c17b06 100644
--- a/keystone/client/service/heat.yml
+++ b/keystone/client/service/heat.yml
@@ -17,6 +17,7 @@
is_admin: true
password: ${_param:keystone_heat_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
heat:
type: orchestration
diff --git a/keystone/client/service/ironic.yml b/keystone/client/service/ironic.yml
index 1466039..e350284 100644
--- a/keystone/client/service/ironic.yml
+++ b/keystone/client/service/ironic.yml
@@ -15,6 +15,7 @@
is_admin: true
password: ${_param:keystone_ironic_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
ironic:
type: baremetal
diff --git a/keystone/client/service/manila.yml b/keystone/client/service/manila.yml
index 358ed36..5cc66d2 100644
--- a/keystone/client/service/manila.yml
+++ b/keystone/client/service/manila.yml
@@ -14,6 +14,7 @@
is_admin: true
password: ${_param:keystone_manila_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
manila:
type: share
diff --git a/keystone/client/service/manila2.yml b/keystone/client/service/manila2.yml
index 38f2672..8cccc24 100644
--- a/keystone/client/service/manila2.yml
+++ b/keystone/client/service/manila2.yml
@@ -14,6 +14,7 @@
is_admin: true
password: ${_param:keystone_manila_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
manilav2:
type: sharev2
diff --git a/keystone/client/service/murano.yml b/keystone/client/service/murano.yml
index aa3cee3..1652ac2 100644
--- a/keystone/client/service/murano.yml
+++ b/keystone/client/service/murano.yml
@@ -12,6 +12,7 @@
is_admin: true
password: ${_param:keystone_murano_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
murano:
type: application-catalog
diff --git a/keystone/client/service/neutron.yml b/keystone/client/service/neutron.yml
index 33434c1..59e4b33 100644
--- a/keystone/client/service/neutron.yml
+++ b/keystone/client/service/neutron.yml
@@ -14,6 +14,7 @@
is_admin: true
password: ${_param:keystone_neutron_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
neutron:
type: network
diff --git a/keystone/client/service/nova.yml b/keystone/client/service/nova.yml
index 24a1dd5..22bbfc9 100644
--- a/keystone/client/service/nova.yml
+++ b/keystone/client/service/nova.yml
@@ -14,6 +14,7 @@
is_admin: true
password: ${_param:keystone_nova_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
nova:
type: compute
diff --git a/keystone/client/service/nova21.yml b/keystone/client/service/nova21.yml
index 2335f5a..27a0580 100644
--- a/keystone/client/service/nova21.yml
+++ b/keystone/client/service/nova21.yml
@@ -14,6 +14,7 @@
is_admin: true
password: ${_param:keystone_nova_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
nova20:
type: compute_legacy
diff --git a/keystone/client/service/octavia.yml b/keystone/client/service/octavia.yml
index a38d40e..c5ca83f 100644
--- a/keystone/client/service/octavia.yml
+++ b/keystone/client/service/octavia.yml
@@ -18,6 +18,7 @@
is_admin: true
password: ${_param:keystone_octavia_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
octavia:
type: load-balancer
diff --git a/keystone/client/service/panko.yml b/keystone/client/service/panko.yml
index 7ad4397..43897be 100644
--- a/keystone/client/service/panko.yml
+++ b/keystone/client/service/panko.yml
@@ -15,6 +15,7 @@
is_admin: true
password: ${_param:keystone_panko_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
panko:
type: event
diff --git a/keystone/client/service/radosgw-s3.yml b/keystone/client/service/radosgw-s3.yml
index b44d7eb..bcf596f 100644
--- a/keystone/client/service/radosgw-s3.yml
+++ b/keystone/client/service/radosgw-s3.yml
@@ -15,6 +15,7 @@
is_admin: true
password: ${_param:keystone_swift_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
radosgw-s3:
type: s3
diff --git a/keystone/client/service/radosgw-swift.yml b/keystone/client/service/radosgw-swift.yml
index 5dc4c3b..6a0f0e5 100644
--- a/keystone/client/service/radosgw-swift.yml
+++ b/keystone/client/service/radosgw-swift.yml
@@ -15,6 +15,7 @@
is_admin: true
password: ${_param:keystone_swift_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
radosgw-swift:
type: object-store
diff --git a/keystone/client/service/sahara.yml b/keystone/client/service/sahara.yml
index 526649a..8d88168 100644
--- a/keystone/client/service/sahara.yml
+++ b/keystone/client/service/sahara.yml
@@ -12,6 +12,7 @@
is_admin: true
password: ${_param:keystone_sahara_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
sahara:
type: data-processing
diff --git a/keystone/client/service/swift-s3.yml b/keystone/client/service/swift-s3.yml
index d36d279..36050a4 100644
--- a/keystone/client/service/swift-s3.yml
+++ b/keystone/client/service/swift-s3.yml
@@ -12,6 +12,7 @@
is_admin: true
password: ${_param:keystone_swift_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
swift-s3:
type: object-store
diff --git a/keystone/client/service/swift.yml b/keystone/client/service/swift.yml
index b599d97..ddcaf26 100644
--- a/keystone/client/service/swift.yml
+++ b/keystone/client/service/swift.yml
@@ -12,6 +12,7 @@
is_admin: true
password: ${_param:keystone_swift_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
swift:
type: object-store
diff --git a/keystone/client/service/tacker.yml b/keystone/client/service/tacker.yml
index 28eef93..e1c7019 100644
--- a/keystone/client/service/tacker.yml
+++ b/keystone/client/service/tacker.yml
@@ -13,6 +13,7 @@
is_admin: true
password: ${_param:keystone_tacker_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
tacker:
type: nfv-orchestration
diff --git a/keystone/client/single.yml b/keystone/client/single.yml
index 74d3e5b..20b2b91 100644
--- a/keystone/client/single.yml
+++ b/keystone/client/single.yml
@@ -43,6 +43,7 @@
is_admin: true
password: ${_param:keystone_admin_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
admin_identity:
admin:
user: admin
diff --git a/keystone/client/v3/service/aodh.yml b/keystone/client/v3/service/aodh.yml
index eafd92a..a4f217c 100644
--- a/keystone/client/v3/service/aodh.yml
+++ b/keystone/client/v3/service/aodh.yml
@@ -11,6 +11,7 @@
aodh:
password: ${_param:keystone_aodh_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/barbican.yml b/keystone/client/v3/service/barbican.yml
index 93ce204..f008abc 100644
--- a/keystone/client/v3/service/barbican.yml
+++ b/keystone/client/v3/service/barbican.yml
@@ -16,6 +16,7 @@
barbican:
password: ${_param:keystone_barbican_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/billometer.yml b/keystone/client/v3/service/billometer.yml
index 0992519..9e115eb 100644
--- a/keystone/client/v3/service/billometer.yml
+++ b/keystone/client/v3/service/billometer.yml
@@ -5,10 +5,11 @@
client:
resources:
v3:
- user:
+ users:
billometer:
password: ${_param:keystone_billometer_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/ceilometer.yml b/keystone/client/v3/service/ceilometer.yml
index 727171e..9129773 100644
--- a/keystone/client/v3/service/ceilometer.yml
+++ b/keystone/client/v3/service/ceilometer.yml
@@ -10,6 +10,7 @@
ceilometer:
password: ${_param:keystone_ceilometer_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/cinder.yml b/keystone/client/v3/service/cinder.yml
index 4f6c76c..1dd279a 100644
--- a/keystone/client/v3/service/cinder.yml
+++ b/keystone/client/v3/service/cinder.yml
@@ -9,6 +9,7 @@
cinder:
password: ${_param:keystone_cinder_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/cinder2.yml b/keystone/client/v3/service/cinder2.yml
index 886edee..4d49d2b 100644
--- a/keystone/client/v3/service/cinder2.yml
+++ b/keystone/client/v3/service/cinder2.yml
@@ -9,6 +9,7 @@
cinder:
password: ${_param:keystone_cinder_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/cinder3.yml b/keystone/client/v3/service/cinder3.yml
index 9682186..a4465ac 100644
--- a/keystone/client/v3/service/cinder3.yml
+++ b/keystone/client/v3/service/cinder3.yml
@@ -9,6 +9,7 @@
cinder:
password: ${_param:keystone_cinder_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/congress.yml b/keystone/client/v3/service/congress.yml
index 15cce34..0d34181 100644
--- a/keystone/client/v3/service/congress.yml
+++ b/keystone/client/v3/service/congress.yml
@@ -9,6 +9,7 @@
congress:
password: ${_param:keystone_congress_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/contrail.yml b/keystone/client/v3/service/contrail.yml
index e6277d5..930804a 100644
--- a/keystone/client/v3/service/contrail.yml
+++ b/keystone/client/v3/service/contrail.yml
@@ -20,6 +20,7 @@
contrail:
password: ${_param:opencontrail_admin_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
is_admin: true
roles:
admin:
diff --git a/keystone/client/v3/service/designate.yml b/keystone/client/v3/service/designate.yml
index 821f2cb..271ea22 100644
--- a/keystone/client/v3/service/designate.yml
+++ b/keystone/client/v3/service/designate.yml
@@ -9,6 +9,7 @@
designate:
password: ${_param:keystone_designate_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/glance.yml b/keystone/client/v3/service/glance.yml
index a690a73..0e01709 100644
--- a/keystone/client/v3/service/glance.yml
+++ b/keystone/client/v3/service/glance.yml
@@ -9,6 +9,7 @@
glance:
password: ${_param:keystone_glance_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/gnocchi.yml b/keystone/client/v3/service/gnocchi.yml
index 6a11023..63241db 100644
--- a/keystone/client/v3/service/gnocchi.yml
+++ b/keystone/client/v3/service/gnocchi.yml
@@ -10,6 +10,7 @@
gnocchi:
password: ${_param:keystone_gnocchi_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/heat.yml b/keystone/client/v3/service/heat.yml
index a1b248f..54c8f0b 100644
--- a/keystone/client/v3/service/heat.yml
+++ b/keystone/client/v3/service/heat.yml
@@ -16,6 +16,7 @@
heat:
password: ${_param:keystone_heat_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/ironic.yml b/keystone/client/v3/service/ironic.yml
index 216049c..bd2795b 100644
--- a/keystone/client/v3/service/ironic.yml
+++ b/keystone/client/v3/service/ironic.yml
@@ -10,6 +10,7 @@
ironic:
password: ${_param:keystone_ironic_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/keystone.yml b/keystone/client/v3/service/keystone.yml
index ab3b29c..6c005c7 100644
--- a/keystone/client/v3/service/keystone.yml
+++ b/keystone/client/v3/service/keystone.yml
@@ -24,6 +24,7 @@
admin:
password: ${_param:keystone_admin_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/manila.yml b/keystone/client/v3/service/manila.yml
index 9030c98..bb90159 100644
--- a/keystone/client/v3/service/manila.yml
+++ b/keystone/client/v3/service/manila.yml
@@ -9,6 +9,7 @@
manila:
password: ${_param:keystone_manila_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/manila2.yml b/keystone/client/v3/service/manila2.yml
index 06aa44e..f5771ad 100644
--- a/keystone/client/v3/service/manila2.yml
+++ b/keystone/client/v3/service/manila2.yml
@@ -9,6 +9,7 @@
manila:
password: ${_param:keystone_manila_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/neutron.yml b/keystone/client/v3/service/neutron.yml
index 2c1df47..6af16f9 100644
--- a/keystone/client/v3/service/neutron.yml
+++ b/keystone/client/v3/service/neutron.yml
@@ -9,6 +9,7 @@
neutron:
password: ${_param:keystone_neutron_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/nova.yml b/keystone/client/v3/service/nova.yml
index d2f76f6..d0c7366 100644
--- a/keystone/client/v3/service/nova.yml
+++ b/keystone/client/v3/service/nova.yml
@@ -9,6 +9,7 @@
nova:
password: ${_param:keystone_nova_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/nova21.yml b/keystone/client/v3/service/nova21.yml
index 5bccedf..85bd29f 100644
--- a/keystone/client/v3/service/nova21.yml
+++ b/keystone/client/v3/service/nova21.yml
@@ -9,6 +9,7 @@
nova:
password: ${_param:keystone_nova_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/octavia.yml b/keystone/client/v3/service/octavia.yml
index 26940ff..54c8bc9 100644
--- a/keystone/client/v3/service/octavia.yml
+++ b/keystone/client/v3/service/octavia.yml
@@ -26,6 +26,7 @@
octavia:
password: ${_param:keystone_octavia_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/panko.yml b/keystone/client/v3/service/panko.yml
index 5f4c70b..226f601 100644
--- a/keystone/client/v3/service/panko.yml
+++ b/keystone/client/v3/service/panko.yml
@@ -10,6 +10,7 @@
panko:
password: ${_param:keystone_panko_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/radosgw-s3.yml b/keystone/client/v3/service/radosgw-s3.yml
index 7c03f4a..1a7ae3c 100644
--- a/keystone/client/v3/service/radosgw-s3.yml
+++ b/keystone/client/v3/service/radosgw-s3.yml
@@ -4,12 +4,13 @@
radosgw_service_protocol: http
keystone:
client:
- resource:
+ resources:
v3:
users:
swift:
password: ${_param:keystone_swift_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/radosgw-swift.yml b/keystone/client/v3/service/radosgw-swift.yml
index 4452e0f..692c200 100644
--- a/keystone/client/v3/service/radosgw-swift.yml
+++ b/keystone/client/v3/service/radosgw-swift.yml
@@ -10,6 +10,7 @@
swift:
password: ${_param:keystone_swift_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/tacker.yml b/keystone/client/v3/service/tacker.yml
index 8a01280..bddca05 100644
--- a/keystone/client/v3/service/tacker.yml
+++ b/keystone/client/v3/service/tacker.yml
@@ -10,6 +10,7 @@
tacker:
password: ${_param:keystone_tacker_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/server/cluster.yml b/keystone/server/cluster.yml
index d64a6cb..7e9ea1b 100644
--- a/keystone/server/cluster.yml
+++ b/keystone/server/cluster.yml
@@ -11,7 +11,6 @@
- system.keystone.client.os_client_config.admin_identity
parameters:
_param:
- keystone_tokens_expiration: 3600
openstack_node_role: primary
keystone_service_protocol: ${_param:cluster_internal_protocol}
linux:
@@ -58,7 +57,8 @@
tokens:
engine: fernet
expiration: ${_param:keystone_tokens_expiration}
- max_active_keys: 3
+ max_active_keys: ${_param:keystone_tokens_max_active_keys}
+ allow_expired_window: ${_param:keystone_tokens_allow_expired_window}
location: /var/lib/keystone/fernet-keys
credential:
location: /var/lib/keystone/credential-keys
diff --git a/keystone/server/fernet_rotation/cluster.yml b/keystone/server/fernet_rotation/cluster.yml
index c34c4f8..cf7b328 100644
--- a/keystone/server/fernet_rotation/cluster.yml
+++ b/keystone/server/fernet_rotation/cluster.yml
@@ -36,7 +36,8 @@
command: '/var/lib/keystone/keystone_keys_rotate.sh -r -s -t fernet >> /var/log/keystone/keystone-rotate.log 2>> /var/log/keystone/keystone-rotate.log'
enabled: true
user: keystone
- minute: 0
+ minute: ${_param:keystone_fernet_rotate_rsync_minute}
+ hour: ${_param:keystone_fernet_rotate_rsync_hour}
keystone_credential_rotate_rsync:
command: '/var/lib/keystone/keystone_keys_rotate.sh -r -s -t credential >> /var/log/keystone/keystone-rotate.log 2>> /var/log/keystone/keystone-rotate.log'
enabled: true
diff --git a/keystone/server/fernet_rotation/single.yml b/keystone/server/fernet_rotation/single.yml
index 8a3d6fb..7514086 100644
--- a/keystone/server/fernet_rotation/single.yml
+++ b/keystone/server/fernet_rotation/single.yml
@@ -22,7 +22,8 @@
command: '/var/lib/keystone/keystone_keys_rotate.sh -r -t fernet >> /var/log/keystone/keystone-rotate.log 2>> /var/log/keystone/keystone-rotate.log'
enabled: true
user: keystone
- minute: 0
+ minute: ${_param:keystone_fernet_rotate_rsync_minute}
+ hour: ${_param:keystone_fernet_rotate_rsync_hour}
keystone_credential_rotate_rsync:
command: '/var/lib/keystone/keystone_keys_rotate.sh -r -t credential >> /var/log/keystone/keystone-rotate.log 2>> /var/log/keystone/keystone-rotate.log'
enabled: true
diff --git a/keystone/server/single.yml b/keystone/server/single.yml
index 6996968..9663488 100644
--- a/keystone/server/single.yml
+++ b/keystone/server/single.yml
@@ -13,7 +13,6 @@
mysql_admin_user: root
mysql_admin_password: password
mysql_keystone_password: password
- keystone_tokens_expiration: 3600
openstack_node_role: primary
keystone_service_protocol: ${_param:cluster_internal_protocol}
linux:
@@ -57,7 +56,8 @@
tokens:
engine: fernet
expiration: ${_param:keystone_tokens_expiration}
- max_active_keys: 3
+ max_active_keys: ${_param:keystone_tokens_max_active_keys}
+ allow_expired_window: ${_param:keystone_tokens_allow_expired_window}
location: /var/lib/keystone/fernet-keys
credential:
location: /var/lib/keystone/credential-keys
diff --git a/kubernetes/common/init.yml b/kubernetes/common/init.yml
index 3b24a01..4f2a763 100644
--- a/kubernetes/common/init.yml
+++ b/kubernetes/common/init.yml
@@ -70,7 +70,7 @@
kubernetes_hyperkube_image: ${_param:mcp_docker_registry}/mirantis/kubernetes/hyperkube-amd64:v1.12.6-5
kubernetes_calico_cni_image: ${_param:mcp_docker_registry}/mirantis/projectcalico/calico/cni:v3.3.2
kubernetes_calico_calicoctl_image: ${_param:mcp_docker_registry}/mirantis/projectcalico/calico/ctl:v3.3.2
- kubernetes_containerd_package: containerd.io=1.2.1+1-1~u16.04+mcp
+ kubernetes_containerd_package: containerd=1.2.4-2~u16.04+mcp
kubernetes_metrics_server_image: ${_param:kubernetes_metrics_server_repo}/metrics-server-amd64:v0.3.1
kubernetes_helm_tiller_image: ${_param:kubernetes_helm_tiller_repo}/tiller:v2.12.2
diff --git a/linux/network/hosts/openstack.yml b/linux/network/hosts/openstack/init.yml
similarity index 100%
rename from linux/network/hosts/openstack.yml
rename to linux/network/hosts/openstack/init.yml
diff --git a/linux/network/hosts/openstack/kmn.yml b/linux/network/hosts/openstack/kmn.yml
new file mode 100644
index 0000000..a6c7663
--- /dev/null
+++ b/linux/network/hosts/openstack/kmn.yml
@@ -0,0 +1,9 @@
+parameters:
+ linux:
+ network:
+ host:
+ openstack_kmn_control_vip:
+ address: ${_param:openstack_barbican_address}
+ names:
+ - ${_param:openstack_kmn_service_hostname}
+ - ${_param:openstack_kmn_service_host}
diff --git a/linux/network/hosts/openstack/share.yml b/linux/network/hosts/openstack/share.yml
new file mode 100644
index 0000000..75a6449
--- /dev/null
+++ b/linux/network/hosts/openstack/share.yml
@@ -0,0 +1,9 @@
+parameters:
+ linux:
+ network:
+ host:
+ openstack_share_control_vip:
+ address: ${_param:openstack_share_address}
+ names:
+ - ${_param:openstack_share_service_hostname}
+ - ${_param:openstack_share_service_host}
diff --git a/linux/network/hosts/openstack/telemetry.yml b/linux/network/hosts/openstack/telemetry.yml
new file mode 100644
index 0000000..77f48b0
--- /dev/null
+++ b/linux/network/hosts/openstack/telemetry.yml
@@ -0,0 +1,9 @@
+parameters:
+ linux:
+ network:
+ host:
+ openstack_telemetry_control_vip:
+ address: ${_param:openstack_telemetry_address}
+ names:
+ - ${_param:openstack_telemetry_service_hostname}
+ - ${_param:openstack_telemetry_service_host}
diff --git a/nova/compute/cluster.yml b/nova/compute/cluster.yml
index c3f60f8..39fcd2d 100644
--- a/nova/compute/cluster.yml
+++ b/nova/compute/cluster.yml
@@ -8,35 +8,6 @@
nova_compute_virtualization: kvm
nova_compute_avail_zone:
nova_aggregates: []
- nova_compute_ssh_public: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCltIn93BcTMzNK/n2eBze6PyTkmIgdDkeXNR9X4DqE48Va80ojv2pq8xuaBxiNITJzyl+4p4UvTTXo+HmuX8qbHvqgMGXvuPUCpndEfb2r67f6vpMqPwMgBrUg2ZKgN4OsSDHU+H0dia0cEaTjz5pvbUy9lIsSyhrqOUVF9reJq+boAvVEedm8fUqiZuiejAw2D27+rRtdEPgsKMnh3626YEsr963q4rjU/JssV/iKMNu7mk2a+koOrJ+aHvcVU8zJjfA0YghoeVT/I3GLU/MB/4tD/RyR8GM+UYbI4sgAC7ZOCdQyHdJgnEzx3SJIwcS65U0T2XYvn2qXHXqJ9iGZ root@mirantis.com
- nova_compute_ssh_private: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEpAIBAAKCAQEApbSJ/dwXEzMzSv59ngc3uj8k5JiIHQ5HlzUfV+A6hOPFWvNK
- I79qavMbmgcYjSEyc8pfuKeFL0016Ph5rl/Kmx76oDBl77j1AqZ3RH29q+u3+r6T
- Kj8DIAa1INmSoDeDrEgx1Ph9HYmtHBGk48+ab21MvZSLEsoa6jlFRfa3iavm6AL1
- RHnZvH1KombonowMNg9u/q0bXRD4LCjJ4d+tumBLK/et6uK41PybLFf4ijDbu5pN
- mvpKDqyfmh73FVPMyY3wNGIIaHlU/yNxi1PzAf+LQ/0ckfBjPlGGyOLIAAu2TgnU
- Mh3SYJxM8d0iSMHEuuVNE9l2L59qlx16ifYhmQIDAQABAoIBAQCYpqbwvE5tm59H
- GQb0C8Ykx4LfLD1INx1wiLmlJKYEQihPTw0fvXj1qZvl21+cs9ZcoTRpUbn6B3EA
- e9bs8sYc/P75j1x46LSdimkZKZUPygkk72d3ZbElUciOyKCxBDNDBQcTIQ9xpKFa
- 2E5Ep72npNMrWqp71r/Qwo20lEIkikIgAFPBgraxn5xIEdo59vzXNZsvyoIRi5p4
- ayH9nWSAXdF1YU3p3ljtHD8o2G/0d2TWGmjrd9vztc6tgXjp0PF60vDNgcJiudBg
- oNLDK/e5a44GJxlVDdJ84ESb7GprRStYmddl22xnI1SXlg87+t0QQwzR0CCtWXrz
- neXkicHhAoGBANkG9tOZfErhSL/jmsElQTNPcMNQkPiJzEmOIpr6jgSzCusPT/QD
- PnVwB42GC5+Zhd4e88BsTzECxPXmKk7r1cBKeJTg/ejgsrSfVAZqMsfhbp3mGOiH
- jymF+zC6Urj5q/Zkof8pEFICtyA5zlHvZmsQL9PDiqXIWALki2JvIDPdAoGBAMN2
- O+LWOM9qqwgSMaFY8VUdDdbmLx/ZMGWQ//Tx42WM8SU+cCpGTLDHHR0qC0gnRsV7
- V63DySEwiHn4I1cQ/AMijRxuw4Dkgk2YMRlgsAbVWO7aIlECWjSg+pRjNeA7If4D
- 5L/gu6wZIv1vu8/fvOwRpPUzhWjGN5Z0RyvYc7btAoGALNnrmL9XmIIGbuGy0cfJ
- OblpLHQyAas4tNrS/ARb5Uy7LOj1NRCWj96fMPhK3qjzqXvsFBBOLWrNGaR/id/j
- ROIfGWWGE+KcDAgBbXH1HKnSGn+7FhMt2v79coyPG/s9NqaFdB4gaVJ2VgqcQQKg
- v++QcssulCRbS/2/cJBWr2ECgYAJFCDL9G9HEwlGorGzcNIkxeiyppZhwFDDJuz8
- j4+kU9uPg0rqa8F8JINxq1ZCz7A10/jKlWFuLTbpk2Dw1lUeQCiVvX9PKU30FLGT
- IC6M4rPyxCb75EQUVbXN1p3WAGkfx0aEsweEgtZhNyNeEGJSBK/Iw8/agfpq/pOf
- sboOMQKBgQClKmrAYKWnwdPPka3msyjl/AXDruR4XFvMlOPKbs3nYstolE7eR94F
- 7xDyBz85icFU0rceYQetwFH2p5tRL0GcUQhJmJFgIL0OXdCQvRNJrT3iS00N1aUo
- SG9MrLHCd5l60aCUQg0UA5ed7Hd6SA314k+HwxJno9/wJ+voBeacMg==
- -----END RSA PRIVATE KEY-----
openssh:
client:
enabled: True
diff --git a/nova/compute/single.yml b/nova/compute/single.yml
index 5d161e2..ddcf583 100644
--- a/nova/compute/single.yml
+++ b/nova/compute/single.yml
@@ -7,36 +7,7 @@
parameters:
_param:
nova_vncproxy_url: https://${_param:cluster_public_host}:6080
- nova_compute_ssh_public: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCltIn93BcTMzNK/n2eBze6PyTkmIgdDkeXNR9X4DqE48Va80ojv2pq8xuaBxiNITJzyl+4p4UvTTXo+HmuX8qbHvqgMGXvuPUCpndEfb2r67f6vpMqPwMgBrUg2ZKgN4OsSDHU+H0dia0cEaTjz5pvbUy9lIsSyhrqOUVF9reJq+boAvVEedm8fUqiZuiejAw2D27+rRtdEPgsKMnh3626YEsr963q4rjU/JssV/iKMNu7mk2a+koOrJ+aHvcVU8zJjfA0YghoeVT/I3GLU/MB/4tD/RyR8GM+UYbI4sgAC7ZOCdQyHdJgnEzx3SJIwcS65U0T2XYvn2qXHXqJ9iGZ root@mirantis.com
nova_compute_avail_zone:
- nova_compute_ssh_private: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEpAIBAAKCAQEApbSJ/dwXEzMzSv59ngc3uj8k5JiIHQ5HlzUfV+A6hOPFWvNK
- I79qavMbmgcYjSEyc8pfuKeFL0016Ph5rl/Kmx76oDBl77j1AqZ3RH29q+u3+r6T
- Kj8DIAa1INmSoDeDrEgx1Ph9HYmtHBGk48+ab21MvZSLEsoa6jlFRfa3iavm6AL1
- RHnZvH1KombonowMNg9u/q0bXRD4LCjJ4d+tumBLK/et6uK41PybLFf4ijDbu5pN
- mvpKDqyfmh73FVPMyY3wNGIIaHlU/yNxi1PzAf+LQ/0ckfBjPlGGyOLIAAu2TgnU
- Mh3SYJxM8d0iSMHEuuVNE9l2L59qlx16ifYhmQIDAQABAoIBAQCYpqbwvE5tm59H
- GQb0C8Ykx4LfLD1INx1wiLmlJKYEQihPTw0fvXj1qZvl21+cs9ZcoTRpUbn6B3EA
- e9bs8sYc/P75j1x46LSdimkZKZUPygkk72d3ZbElUciOyKCxBDNDBQcTIQ9xpKFa
- 2E5Ep72npNMrWqp71r/Qwo20lEIkikIgAFPBgraxn5xIEdo59vzXNZsvyoIRi5p4
- ayH9nWSAXdF1YU3p3ljtHD8o2G/0d2TWGmjrd9vztc6tgXjp0PF60vDNgcJiudBg
- oNLDK/e5a44GJxlVDdJ84ESb7GprRStYmddl22xnI1SXlg87+t0QQwzR0CCtWXrz
- neXkicHhAoGBANkG9tOZfErhSL/jmsElQTNPcMNQkPiJzEmOIpr6jgSzCusPT/QD
- PnVwB42GC5+Zhd4e88BsTzECxPXmKk7r1cBKeJTg/ejgsrSfVAZqMsfhbp3mGOiH
- jymF+zC6Urj5q/Zkof8pEFICtyA5zlHvZmsQL9PDiqXIWALki2JvIDPdAoGBAMN2
- O+LWOM9qqwgSMaFY8VUdDdbmLx/ZMGWQ//Tx42WM8SU+cCpGTLDHHR0qC0gnRsV7
- V63DySEwiHn4I1cQ/AMijRxuw4Dkgk2YMRlgsAbVWO7aIlECWjSg+pRjNeA7If4D
- 5L/gu6wZIv1vu8/fvOwRpPUzhWjGN5Z0RyvYc7btAoGALNnrmL9XmIIGbuGy0cfJ
- OblpLHQyAas4tNrS/ARb5Uy7LOj1NRCWj96fMPhK3qjzqXvsFBBOLWrNGaR/id/j
- ROIfGWWGE+KcDAgBbXH1HKnSGn+7FhMt2v79coyPG/s9NqaFdB4gaVJ2VgqcQQKg
- v++QcssulCRbS/2/cJBWr2ECgYAJFCDL9G9HEwlGorGzcNIkxeiyppZhwFDDJuz8
- j4+kU9uPg0rqa8F8JINxq1ZCz7A10/jKlWFuLTbpk2Dw1lUeQCiVvX9PKU30FLGT
- IC6M4rPyxCb75EQUVbXN1p3WAGkfx0aEsweEgtZhNyNeEGJSBK/Iw8/agfpq/pOf
- sboOMQKBgQClKmrAYKWnwdPPka3msyjl/AXDruR4XFvMlOPKbs3nYstolE7eR94F
- 7xDyBz85icFU0rceYQetwFH2p5tRL0GcUQhJmJFgIL0OXdCQvRNJrT3iS00N1aUo
- SG9MrLHCd5l60aCUQg0UA5ed7Hd6SA314k+HwxJno9/wJ+voBeacMg==
- -----END RSA PRIVATE KEY-----
openssh:
client:
enabled: True
diff --git a/openssh/client/lab.yml b/openssh/client/lab.yml
index 7a65847..e69de29 100644
--- a/openssh/client/lab.yml
+++ b/openssh/client/lab.yml
@@ -1,44 +0,0 @@
-applications:
-- openssh
-parameters:
- _param:
- cluster_private_key: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEowIBAAKCAQEAxL6/rVgCetsETpZaUmXmkj8cZ1WN0eubH1FvMDOi/La9ZJyT
- k0C6AYpJnIyEm93pMj5cLm08qRqMW+2pdOhYjcH69yg5MrX5SkRk8jCmIHIYoIbh
- Qnwbnj3dd3I39ZdfU2FO7u2vlbglVou6ZoQxlJDItuLNtzq6EG+w9eF19e7+OsC6
- 6iUItp618zfw1l3J/8nKvCGe2RYDf7mJW6XwCl/DwryJmwwzvPgYJ3QMuDD8/HFj
- lrJ3xjFTXj4b4Ws1XIoy78fFbtiLr4OwqCYkho03u2E5rOOP1qZxZB63sivHMLMO
- MM5bOAQKbulFNoyALADGYfc7sf0bZ4u9XXDXxQIDAQABAoIBAQCfmc2MJRT97KW1
- yqpCpX9BrAiymuiNHf+cjEcSZxEUyHkjIRFmJt+9WB0W7ba1anM92vCUiPDojSzH
- dig9Oi578JxR20NrK8uqv4jUHzrknynzLveVI3CUEcOSnglfJQijbxDFKfOCFPvV
- FUyE1UATMNBh6+LNfMprgu+exuMWOPnDyUiYQ+WZ0JfuZY8fuaZte4woJJOb9LUu
- 5rsMG/smIzjpgZ0Z9ZVDMurfq565qhpaXRAqKeIuyht8pacTo31iMQdHB78AvY/3
- g0z21Gk8k3z0Kr/YFKr2r4FmXY5m/gAUvZly2ZrVQM5XsbTVCzq/JpI5fssNvSbU
- AKmXzf4RAoGBAOO3d4/cstxERzW6hyOTjZIN1ppR52CsnZTsVPbfd0pCtmzmVZce
- CtHKdcXSbTwZvvkK09QSWAp3MoSpd0gIOiLU8Wx/R/RIZsu9BlhTS3r3EQLnk72d
- H/1TTA+j4T/LIYLSojQ1RxvIrHetAD44j732aTwKAHj/SybEAVqNkOB/AoGBAN0u
- gLcrgqIHGrk4VjWSvlCGymfF40equcx+ud7XhfZDGETUOSahW4dPZ52cjPAkrCBQ
- MMfcDwSVGsOAjd+mNt11BHUKobnhXwFaWWuyqyn9NmWFbjMbICVh7E3Of5aVN38o
- lrmo/7LuKMVG7XRwphCv5NkaJmQG4njDyUQWlaW7AoGADCd8wDb9bPhP/LQqBmIX
- ylXmwHHisaxE9O/wUQT4bwREjGd25gv6c9wkkRx8LBsLsGs9hzI7dMOL9Ly+2x9l
- SvqmsC3S/1zl77X1Ir2/Z57MT6Vgo1xBmtnZU3Rhz2/eKAdqFPNLClaZrgGT475N
- HcyLLWMzR0IJFtabY+Puea0CgYA8Zb5wRkldxWLewSuJZZDinGwY+kieAVjLJq/K
- 0j+ah6fQ48LXcah0wpIgz+cMjHcUO9GWQdk3/x9X03rqX5EL2DBnZYfUIl63F9zj
- M97ZkHOSNWVqPzX//0Vv2butewG0j3jZKfTo/2/SrxOYgEpYtC9huWpSVi7xm0US
- erhSkQKBgFIf9JEsfgE57ANhvITZ3ZI0uZXNxZkXQaVg8jvScDi79IIhy9iPzhKC
- aIIQoDNIlWv1ftCRZ5AlBvVXgvQ/QNrwy48JiQTzWZlb9Ezg8w+olQmSbG6fq7Y+
- 7r3i+QUZ7RBdOb24QcQ618q54ozNTCB7OywY78ptFzeoBeptiNr1
- -----END RSA PRIVATE KEY-----
- openssh:
- client:
- enabled: true
- user:
- root:
- enabled: true
- user: ${linux:system:user:root}
- private_key: ${private_keys:lab}
- private_keys:
- lab:
- type: rsa
- key: ${_param:cluster_private_key}
diff --git a/openssh/client/root.yml b/openssh/client/root.yml
index 66f8f88..24dc801 100644
--- a/openssh/client/root.yml
+++ b/openssh/client/root.yml
@@ -1,44 +1,14 @@
applications:
- openssh
parameters:
- _param:
- root_private_key: |
- -----BEGIN RSA PRIVATE KEY-----
- MIIEpQIBAAKCAQEAsy1IhygI3xV4md37IMd+blxelYr3wuVhWn7uEDGpcZo+lvrN
- u+6An3VgPA7uX9cLUFzO91UOZx5F4TNlCH1DGq7MoVyvgcSla3IBATR3SpQ8rWnn
- FD8rjsUw3RloTfwz7+f7y/DWFsHhGAWzWy4FNE3e0b5udk1Fyk4SA43he1w8V+Eo
- V1oqQUsFOG6DlAbUfCln4GvH7KngTfnmnLgEBUdzK6zn1bwLllugbH9OO3Jnflek
- L9K2qFu9zbuDP2QHU7GkeZOtmtHB7EkaIt4QpjUasPgmWkIvKa0FOrdunljxLc54
- 6eRJDxfiy4fC8VKAn1qlk/i8XvEEME9Z8fywjQIDAQABAoIBAQCdMsuBGNS/tDy8
- 8g5TsfLwrEWneebprQl+tgHzXz7EFol3OM+rZBKg0//8cTUeDLM2bFaAlLUwL1Ur
- wUWQ7yUikd2ibIjmlzpyS/Ept3g5jFi35EQCdXGnrsWyFYp3cR+4CZXWVZPfH3Z2
- 9vlms7eJLhChgCu1yxHB7kDLsXz0Fn5jaWPd2TDY+3Y3t3LCFxNgfIQ+Mljzj/6f
- +MG7bp/5UuEA76oZnPfp2fj1vqWYCI6ftk4Wam1AkHVUNP3jjl48cao7EKeH5v4E
- 0PL+AY3av4SoUQWf1ZlkkJrhIyRRdVDavX86t17NXmrQvaz3brz8yI2Hh08ho413
- AH8C0zyZAoGBANcea55n9vBoA4FQRX2HEA9ljdPWIFdvkKXvxb7R/UxhzublicBm
- 3JwcDCwbiGhEzYhMlDmt0hZ4YPA3fL7WwP2EXkrYyqn1tSGSS2CkfhpuB2xgPTSr
- cxbJj5iuKM0eS9GdPqae2k4ME3sC5pi+eiiWuUuvzhqid8EMAGFvYdcXAoGBANU6
- R4OLghz2FaTSeFFHfHCoAym03qMe9pRCugnM2Np0vEZ650G2xez8OtYim8nttkTE
- xCWppxBtHIjN6mm4pOHsGxr0LqrKtHgMxkawyBx9hZTZSNudAMupPXBRHlPm/+hL
- EXt4xUiBd4GVkWw2esEKINi83dXHnECugknJN7v7AoGBAJHy4bEneDLDXx1tCLiR
- 2iOYExGWRXsNBmaOtuswLVqVQXsGYN9Y6nQ/00JZq8KSa5/91NMNS2xTX/Gas9gG
- fAmEtTSywU1uluWgC+QVtjjYTdEJunzxlbPwLKy5/JSt6WLd/JOvUw2Aw/bBkRIw
- qVDAchcXwA3yDK29JsT0fL0hAoGBAMqu0zufaNbOtFQwHF5mbUtI6XjDjL3RuOHF
- a8HVDmzZef4k5Z35drqGKAdUbnHLm+5Se4CxezSKAw2nbqN/+HsoS7ubUKDYfiN/
- QRoBALbUOh37TN40p4TwIo6ZDRMECU1tzfhoHF+HcWmkGs+aGaVVU1Oyc8u6KjTx
- rLcmpevxAoGAFz4bvKyBt/wq8TPTVzU/iJtwBLq8WdZpKJcuVkF7/DWY3A3maOFs
- P9IMHeDD+tlfIu0Y3qmPmEaLzXsMfRh+3Eb6itrgDRFEuE/HyPIWxHvDt1jjfIFu
- O87TLcnZIoW99nyY0RixwuK6ZeCmmyktX0iO7dNDIOyBReCs6ZwXSSc=
- -----END RSA PRIVATE KEY-----
openssh:
client:
enabled: true
user:
root:
- enabled: true
+ # never-ever enable root globally. it must be enabled per-case|node
+ enabled: false
user: ${linux:system:user:root}
- private_key: ${private_keys:root}
- private_keys:
- root:
- type: rsa
- key: ${_param:root_private_key}
+ private_key:
+ key: ${_param:root_private_key}
+ type: rsa
diff --git a/openssh/server/team/all.yml b/openssh/server/team/all.yml
index e8e25c4..3a9b453 100644
--- a/openssh/server/team/all.yml
+++ b/openssh/server/team/all.yml
@@ -1,6 +1,5 @@
classes:
# avoid teams w/sudo group restrictions, or override restrictions
-- system.openssh.server.team.lab
- system.openssh.server.team.cicd
- system.openssh.server.team.mcp_qa
- system.openssh.server.team.mcp_ci
diff --git a/openssh/server/team/lab.yml b/openssh/server/team/lab.yml
index b6c90f8..5dc415e 100644
--- a/openssh/server/team/lab.yml
+++ b/openssh/server/team/lab.yml
@@ -1,10 +1,4 @@
parameters:
- _param:
- linux_system_user_sudo: true
- # This is the public key associated to the default private key setup in
- # openssh.client.lab
- cluster_public_key: >-
- ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDEvr+tWAJ62wROllpSZeaSPxxnVY3R65sfUW8wM6L8tr1knJOTQLoBikmcjISb3ekyPlwubTypGoxb7al06FiNwfr3KDkytflKRGTyMKYgchighuFCfBuePd13cjf1l19TYU7u7a+VuCVWi7pmhDGUkMi24s23OroQb7D14XX17v46wLrqJQi2nrXzN/DWXcn/ycq8IZ7ZFgN/uYlbpfAKX8PCvImbDDO8+BgndAy4MPz8cWOWsnfGMVNePhvhazVcijLvx8Vu2Iuvg7CoJiSGjTe7YTms44/WpnFkHreyK8cwsw4wzls4BApu6UU2jIAsAMZh9zux/Rtni71dcNfF
linux:
system:
user:
@@ -17,10 +11,10 @@
permit_root_login: true
user:
root:
- enabled: true
+ enabled: false
user: ${linux:system:user:root}
public_keys:
- ${public_keys:root}
public_keys:
root:
- key: ${_param:cluster_public_key}
+ key: ${_param:root_public_key}
diff --git a/prometheus/elasticsearch_exporter/container.yml b/prometheus/elasticsearch_exporter/container.yml
new file mode 100644
index 0000000..9f78f4a
--- /dev/null
+++ b/prometheus/elasticsearch_exporter/container.yml
@@ -0,0 +1,2 @@
+classes:
+- service.prometheus.elasticsearch_exporter.container
diff --git a/prometheus/elasticsearch_exporter/init.yml b/prometheus/elasticsearch_exporter/init.yml
new file mode 100644
index 0000000..c0f5bb5
--- /dev/null
+++ b/prometheus/elasticsearch_exporter/init.yml
@@ -0,0 +1,4 @@
+classes:
+- service.prometheus.elasticsearch_exporter.container
+- system.prometheus.elasticsearch_exporter.queries.default
+
diff --git a/prometheus/elasticsearch_exporter/queries/compute.yml b/prometheus/elasticsearch_exporter/queries/compute.yml
new file mode 100644
index 0000000..66904da
--- /dev/null
+++ b/prometheus/elasticsearch_exporter/queries/compute.yml
@@ -0,0 +1,118 @@
+parameters:
+ prometheus:
+ elasticsearch_exporter:
+ queries:
+ compute_instance:
+ # Produces metrics:
+ # - compute_instance_event_doc_count{event="example"}
+ # - compute_instance_event_sum_other_doc_count
+ # - compute_instance_event_doc_count_error_upper_bound
+ # - compute_instance_event_host_doc_count{host="example01",event="example"}
+ # - compute_instance_event_host_sum_other_doc_count{event="example"}
+ # - compute_instance_event_host_doc_count_error_upper_bound{event="example"}
+ #
+ indices: '<notification-{now/d}>'
+ interval: 600
+ json: |
+ {
+ "size": 0,
+ "query": {
+ "match_all": {}
+ },
+ "aggs": {
+ "event": {
+ "terms": {
+ "field": "event_type.keyword"
+ },
+ "aggs": {
+ "host": {
+ "terms": {
+ "field": "Hostname.keyword"
+ }
+ }
+ }
+ }
+ }
+ }
+
+ compute_instance_create_start:
+ # Produces metrics:
+ # - compute_instance_create_start_host_doc_count{host="example01"}
+ # - compute_instance_create_start_host_event_sum_other_doc_count
+ # - compute_instance_create_start_host_doc_count_error_upper_bound
+ # - compute_instance_create_start_hits
+ # - compute_instance_create_start_took_milliseconds
+ #
+ indices: '<notification-{now/d}>'
+ interval: 60
+ json: |
+ {
+ "size": 0,
+ "query": {
+ "term": {
+ "event_type": "compute.instance.create.start"
+ }
+ },
+ "aggs": {
+ "host": {
+ "terms": {
+ "field": "Hostname.keyword"
+ }
+ }
+ }
+ }
+
+ compute_instance_create_end:
+ # Produces metrics:
+ # - compute_instance_create_end_host_doc_count{host="example01"}
+ # - compute_instance_create_end_host_event_sum_other_doc_count
+ # - compute_instance_create_end_host_doc_count_error_upper_bound
+ # - compute_instance_create_end_hits
+ # - compute_instance_create_end_took_milliseconds
+ #
+ indices: '<notification-{now/d}>'
+ interval: 60
+ json: |
+ {
+ "size": 0,
+ "query": {
+ "term": {
+ "event_type": "compute.instance.create.end"
+ }
+ },
+ "aggs": {
+ "host": {
+ "terms": {
+ "field": "Hostname.keyword"
+ }
+ }
+ }
+ }
+
+ compute_instance_create_error:
+ # Produces metrics:
+ # - compute_instance_create_error_host_doc_count{host="example01"}
+ # - compute_instance_create_error_host_event_sum_other_doc_count
+ # - compute_instance_create_error_host_doc_count_error_upper_bound
+ # - compute_instance_create_error_hits
+ # - compute_instance_create_error_took_milliseconds
+ #
+ indices: '<notification-{now/d}>'
+ interval: 60
+ json: |
+ {
+ "size": 0,
+ "query": {
+ "term": {
+ "event_type": "compute.instance.create.error"
+ }
+ },
+ "aggs": {
+ "host": {
+ "terms": {
+ "field": "Hostname.keyword"
+ }
+ }
+ }
+ }
+
diff --git a/prometheus/elasticsearch_exporter/queries/default.yml b/prometheus/elasticsearch_exporter/queries/default.yml
new file mode 100644
index 0000000..eeb013c
--- /dev/null
+++ b/prometheus/elasticsearch_exporter/queries/default.yml
@@ -0,0 +1,40 @@
+parameters:
+ prometheus:
+ elasticsearch_exporter:
+ queries:
+ default:
+ interval: 600
+ json: {}
+
+ logs:
+ # Produces metrics:
+ # - logs_program_doc_count{program="example"}
+ # - logs_program_sum_other_doc_count
+ # - logs_program_doc_count_error_upper_bound
+ # - logs_program_host_doc_count{host="example01",program="example"}
+ # - logs_program_host_sum_other_doc_count{program="example"}
+ # - logs_program_host_doc_count_error_upper_bound{program="example"}
+ #
+ indices: '<log-{now/d}>'
+ interval: 600
+ json: |
+ {
+ "size": 0,
+ "query": {
+ "match_all": {}
+ },
+ "aggs": {
+ "program": {
+ "terms": {
+ "field": "programname.keyword"
+ },
+ "aggs": {
+ "host": {
+ "terms": {
+ "field": "Hostname.keyword"
+ }
+ }
+ }
+ }
+ }
+ }
diff --git a/prometheus/server/target/dns/elasticsearch_exporter.yml b/prometheus/server/target/dns/elasticsearch_exporter.yml
new file mode 100644
index 0000000..3af4960
--- /dev/null
+++ b/prometheus/server/target/dns/elasticsearch_exporter.yml
@@ -0,0 +1,13 @@
+parameters:
+ prometheus:
+ server:
+ target:
+ dns:
+ enabled: true
+ endpoint:
+ - name: 'elasticsearch_exporter'
+ scrape_interval: 60s
+ domain:
+ - 'tasks.monitoring_elasticsearch_exporter'
+ type: A
+ port: 9206
diff --git a/prometheus/server/target/dns/init.yml b/prometheus/server/target/dns/init.yml
index 361d296..7363be1 100644
--- a/prometheus/server/target/dns/init.yml
+++ b/prometheus/server/target/dns/init.yml
@@ -1,5 +1,6 @@
classes:
- system.prometheus.server.target.dns.alertmanager
+- system.prometheus.server.target.dns.elasticsearch_exporter
- system.prometheus.server.target.dns.prometheus
- system.prometheus.server.target.dns.pushgateway
- system.prometheus.server.target.dns.remote_agent
diff --git a/salt/minion/cert/barbican.yml b/salt/minion/cert/barbican.yml
index 8ee4d41..8a44433 100644
--- a/salt/minion/cert/barbican.yml
+++ b/salt/minion/cert/barbican.yml
@@ -1,7 +1,7 @@
parameters:
_param:
salt_minion_ca_authority: salt_master_ca
- barbican_cert_alternative_names: IP:127.0.0.1,IP:${_param:cluster_local_address},IP:${_param:cluster_vip_address},DNS:${linux:system:name},DNS:${linux:network:fqdn},DNS:${_param:cluster_vip_address},DNS:${_param:openstack_service_host}
+ barbican_cert_alternative_names: IP:127.0.0.1,IP:${_param:cluster_local_address},IP:${_param:cluster_vip_address},DNS:${linux:system:name},DNS:${linux:network:fqdn},DNS:${_param:cluster_vip_address},DNS:${_param:openstack_kmn_service_host}
salt:
minion:
cert: