Merge "Add octavia_amphora_image to mine"
diff --git a/debmirror/mirror_mirantis_com/init.yml b/debmirror/mirror_mirantis_com/init.yml
index 753a3a4..d520990 100644
--- a/debmirror/mirror_mirantis_com/init.yml
+++ b/debmirror/mirror_mirantis_com/init.yml
@@ -3,6 +3,7 @@
- system.debmirror.mirror_mirantis_com.update.cassandra.xenial
- system.debmirror.mirror_mirantis_com.ceph-luminous.xenial
- system.debmirror.mirror_mirantis_com.update.ceph-luminous.xenial
+- system.debmirror.mirror_mirantis_com.update.ceph-nautilus.xenial
- system.debmirror.mirror_mirantis_com.docker.xenial
- system.debmirror.mirror_mirantis_com.update.docker.xenial
- system.debmirror.mirror_mirantis_com.elasticsearch-5.x.xenial
@@ -30,6 +31,7 @@
- system.debmirror.mirror_mirantis_com.update.salt-formulas.xenial
- system.debmirror.mirror_mirantis_com.saltstack-2017.7.xenial
- system.debmirror.mirror_mirantis_com.update.saltstack-2017.7.xenial
+- system.debmirror.mirror_mirantis_com.update.salt-2017.7.8.xenial
- system.debmirror.mirror_mirantis_com.td-agent.xenial
- system.debmirror.mirror_mirantis_com.update.td-agent.xenial
- system.debmirror.mirror_mirantis_com.ubuntu.xenial
diff --git a/debmirror/mirror_mirantis_com/ubuntu/xenial.yml b/debmirror/mirror_mirantis_com/ubuntu/xenial.yml
index 5073128..8781811 100644
--- a/debmirror/mirror_mirantis_com/ubuntu/xenial.yml
+++ b/debmirror/mirror_mirantis_com/ubuntu/xenial.yml
@@ -101,8 +101,8 @@
25: "--exclude='/libbluetooth*'"
26: "--exclude='/libandroid*'"
27: "--exclude='/banshee*'"
- 27: "--exclude='/*(.xorg)*joystick'"
- 28: "--exclude='/xserver-xorg-video(.*vivid|.*wily|.*utopic)'"
+ 28: "--exclude='/*(.xorg)*joystick'"
+ 29: "--exclude='/xserver-xorg-video(.*vivid|.*wily|.*utopic)'"
30: --exclude='universe.*bluez.*'
32: --exclude='main/(a/a11y-profile-manager|e/emacs24|i/ispell|br\.ispell)'
33: --exclude='/universe/.*(alsa|ubuntuone|telepathy|debian-multimedia|kodi|mediaplayer|nagios|getfem|gammaray|geotranz|brasero)'
@@ -138,10 +138,12 @@
306: '--exclude="main/l/linux.*/linux-.*4\.10\.0-(([0-3][0-9])|(4[0-1]))"'
# Hwe 4.13: Old - if minor in 0-39, < 44
307: '--exclude="main/l/linux.*/linux-.*4\.13\.0-(([0-3][0-9])|(4[0-4]))"'
- # Hwe 4.15.0: Old - if minor in 0-39, < 43
- 308: --exclude='main/l/linux.*/linux-.*4\.15\.0-(([0-3][0-9])|(4[0-2]))'
+ # Hwe 4.15.0: Old - < 100
+ 308: --exclude='main/l/linux.*/linux-.*4\.15\.0-(\d\d)-'
# Old 4.4.0
309: --exclude='main/l/linux.*/linux-.*4\.4\.0-'
+ # Hwe 4.15.0: include >= 100
+ 310: --include='main/l/linux.*/linux-.*4\.15\.0-(\d\d\d)-'
# List of packages, that should be fetched from fresh ppa or other mirror
# So,removing them from upstream mirror.
500: --exclude='main/m/maas/'
@@ -190,3 +192,6 @@
810: --include='universe/p/plexus-(container-default|interactivity-api)/' # PROD-26807 Req.for DogTag
811: --include='/main/u/update-notifier/' # PROD-30102 Req for ceph
812: --include='/main/k/krb5/' # Req for curl
+ 813: --include='universe/g/glibc/' # PROD-35417 Req for rabbitmq 3.8.2
+ 814: --include='universe/o/opensaml2' # PROD-35464 Req for SAML2/Federation
+ 815: --include='universe/x/xmltooling' # PROD-35464 Req for SAML2/Federation
diff --git a/debmirror/mirror_mirantis_com/update/ceph-nautilus/xenial.yml b/debmirror/mirror_mirantis_com/update/ceph-nautilus/xenial.yml
new file mode 100644
index 0000000..20d73b7
--- /dev/null
+++ b/debmirror/mirror_mirantis_com/update/ceph-nautilus/xenial.yml
@@ -0,0 +1,22 @@
+classes:
+- system.defaults.debmirror
+parameters:
+ debmirror:
+ client:
+ enabled: true
+ mirrors:
+ mirror_mirantis_com_update_ceph_nautilus_xenial:
+ force: ${_param:mirror_mirantis_com_ceph_nautilus_xenial_force}
+ lock_target: True
+ extra_flags: [ '--verbose', '--progress', '--nosource', '--no-check-gpg', '--rsync-extra=none' ]
+ method: "${_param:debmirror_mirrors_sync_method}"
+ arch: [ 'amd64' ]
+ mirror_host: "${_param:debmirror_mirrors_host}"
+ mirror_root: "${_param:debmirror_mirrors_update_root}/ceph-nautilus/xenial/"
+ target_dir: "${_param:debmirror_mirrors_update_target_dir}/ceph-nautilus/xenial/"
+ cache_dir: "${_param:debmirror_mirrors_common_cache_dir}/ceph-nautilus/"
+ log_file: "/var/log/debmirror/mirror_mirantis_com_update_ceph_nautilus_xenial.log"
+ dist: [ xenial ]
+ section: [ main ]
+ filter:
+ 001: "--exclude='(-dbg_|-dbg-)'"
diff --git a/debmirror/mirror_mirantis_com/update/salt-2017.7.8/xenial.yml b/debmirror/mirror_mirantis_com/update/salt-2017.7.8/xenial.yml
new file mode 100644
index 0000000..ef7aec5
--- /dev/null
+++ b/debmirror/mirror_mirantis_com/update/salt-2017.7.8/xenial.yml
@@ -0,0 +1,20 @@
+classes:
+- system.defaults.debmirror
+parameters:
+ debmirror:
+ client:
+ enabled: true
+ mirrors:
+ mirror_mirantis_com_update_salt_2017_7_8_xenial:
+ force: ${_param:mirror_mirantis_com_salt_2017_7_8_xenial_force}
+ lock_target: True
+ extra_flags: [ '--verbose', '--progress', '--nosource', '--no-check-gpg', '--rsync-extra=none' ]
+ method: "${_param:debmirror_mirrors_sync_method}"
+ arch: [ 'amd64' ]
+ mirror_host: "${_param:debmirror_mirrors_host}"
+ mirror_root: "${_param:debmirror_mirrors_update_root}/salt-2017.7.8/xenial/"
+ target_dir: "${_param:debmirror_mirrors_update_target_dir}/salt-2017.7.8/xenial/"
+ log_file: "/var/log/debmirror/mirror_mirantis_com_update_salt_2017_7_8_xenial.log"
+ dist: [ xenial ]
+ section: [ main ]
+
diff --git a/debmirror/mirror_mirantis_com/update/ubuntu/xenial.yml b/debmirror/mirror_mirantis_com/update/ubuntu/xenial.yml
index ef0ec04..5ed6905 100644
--- a/debmirror/mirror_mirantis_com/update/ubuntu/xenial.yml
+++ b/debmirror/mirror_mirantis_com/update/ubuntu/xenial.yml
@@ -138,10 +138,12 @@
306: '--exclude="main/l/linux.*/linux-.*4\.10\.0-(([0-3][0-9])|(4[0-1]))"'
# Hwe 4.13: Old - if minor in 0-39, < 44
307: '--exclude="main/l/linux.*/linux-.*4\.13\.0-(([0-3][0-9])|(4[0-4]))"'
- # Hwe 4.15.0: Old - if minor in 0-39, < 43
- 308: --exclude='main/l/linux.*/linux-.*4\.15\.0-(([0-3][0-9])|(4[0-2]))'
+ # Hwe 4.15.0: Old - < 100
+ 308: --exclude='main/l/linux.*/linux-.*4\.15\.0-(\d\d)-'
# Old 4.4.0
309: --exclude='main/l/linux.*/linux-.*4\.4\.0-'
+ # Hwe 4.15.0: include >= 100
+ 310: --include='main/l/linux.*/linux-.*4\.15\.0-(\d\d\d)-'
# List of packages, that should be fetched from fresh ppa or other mirror
# So,removing them from upstream mirror.
500: --exclude='main/m/maas/'
@@ -190,3 +192,6 @@
810: --include='universe/p/plexus-(container-default|interactivity-api)/' # PROD-26807 Req.for DogTag
811: --include='/main/u/update-notifier/' # PROD-30102 Req for ceph
812: --include='/main/k/krb5/' # Req for curl
+ 813: --include='universe/g/glibc/' # PROD-35417 Req for rabbitmq 3.8.2
+ 814: --include='universe/o/opensaml2' # PROD-35464 Req for SAML2/Federation
+ 815: --include='universe/x/xmltooling' # PROD-35464 Req for SAML2/Federation
diff --git a/defaults/debmirror.yml b/defaults/debmirror.yml
index 8c636ac..c9f7820 100644
--- a/defaults/debmirror.yml
+++ b/defaults/debmirror.yml
@@ -13,6 +13,7 @@
# Per repo modificators
mirror_mirantis_com_cassandra_xenial_force: False
mirror_mirantis_com_ceph_luminous_xenial_force: False
+ mirror_mirantis_com_ceph_nautilus_xenial_force: False
mirror_mirantis_com_docker_xenial_force: False
mirror_mirantis_com_elasticsearch_5_x_xenial_force: False
mirror_mirantis_com_elasticsearch_6_x_xenial_force: False
@@ -29,5 +30,6 @@
mirror_mirantis_com_salt-formulas_xenial_force: True
mirror_mirantis_com_saltstack_2016_3_xenial_force: False
mirror_mirantis_com_saltstack_2017_7_xenial_force: False
+ mirror_mirantis_com_salt_2017_7_8_xenial_force: False
mirror_mirantis_com_td_agent_xenial_force: False
mirror_mirantis_com_ubuntu_xenial_force: False
diff --git a/defaults/docker_images.yml b/defaults/docker_images.yml
index 90fa9d5..63fc3b0 100644
--- a/defaults/docker_images.yml
+++ b/defaults/docker_images.yml
@@ -3,36 +3,37 @@
# CI\CD
docker_image_compose: "${_param:mcp_docker_registry}/mirantis/external/docker/compose:1.17.1"
# 2.6.2 version, from 12/18/2108, differ from latest 2.6.2 upstream - update next cycle
- docker_image_registry: "${_param:mcp_docker_registry}/mirantis/external/registry:${_param:mcp_version}"
+ docker_image_registry: "${_param:mcp_docker_registry}/mirantis/external/registry:2019.2.6"
docker_image_visualizer: "${_param:mcp_docker_registry}/mirantis/external/visualizer:${_param:mcp_version}"
- docker_image_openldap: "${_param:mcp_docker_registry}/mirantis/external/osixia/openldap:1.2.2"
+ docker_image_openldap: "${_param:mcp_docker_registry}/mirantis/cicd/openldap:2019.2.11"
docker_image_postgresql: "${_param:mcp_docker_registry}/mirantis/external/library/postgres:9.6.10"
# 3.4.13, from Feb 15, differ from 3.4.13 upstream verison, from March 14 - update next cycle
docker_image_mongodb: "${_param:mcp_docker_registry}/mirantis/external/mongo:${_param:mcp_version}"
###
# phpldapadmin:0.6.12
docker_image_phpldapadmin: "${_param:mcp_docker_registry}/mirantis/cicd/phpldapadmin:${_param:mcp_version}"
- # gerrit:2.15.17
- docker_image_gerrit: "${_param:mcp_docker_registry}/mirantis/cicd/gerrit:${_param:mcp_version}"
- # mysql:5.6
- docker_image_mysql: "${_param:mcp_docker_registry}/mirantis/cicd/mysql:${_param:mcp_version}"
# jenkins:2.150.3
docker_image_jenkins: "${_param:mcp_docker_registry}/mirantis/cicd/jenkins:${_param:mcp_version}"
- docker_image_jenkins_jnlp_slave: "${_param:mcp_docker_registry}/mirantis/cicd/jnlp-slave:${_param:mcp_version}"
docker_image_jenkins_ssh_slave: "${_param:mcp_docker_registry}/mirantis/cicd/ssh-slave:${_param:mcp_version}"
+ docker_image_gerrit: "${_param:mcp_docker_registry}/mirantis/cicd/gerrit:2019.2.11"
+ # mysql:5.6.48
+ docker_image_mysql: "${_param:mcp_docker_registry}/mirantis/cicd/mysql:2019.2.10"
+ # jenkins:2.204.3
+ docker_image_jenkins_jnlp_slave: "${_param:mcp_docker_registry}/mirantis/cicd/jnlp-slave:2019.2.11"
+ # TODO: fix tag
# model-generator
docker_image_operations_api: "${_param:mcp_docker_registry}/mirantis/model-generator/operations-api:${_param:mcp_version}"
docker_image_operations_ui: "${_param:mcp_docker_registry}/mirantis/model-generator/operations-ui:${_param:mcp_version}"
# OpenContrail
opencontrail_docker_image_tag: "${_param:mcp_version}"
# stacklight
- # 6.5.0 version, from 11/29/2018, differ from latest upstream 6.5.0 - update next cycle
- docker_image_alerta: "${_param:mcp_docker_registry}/mirantis/external/alerta-web:${_param:mcp_version}"
+ # locally forked v7.4.4, updated 2020-08-06
+ docker_image_alerta: "${_param:mcp_docker_registry}/openstack-docker/alerta:${_param:mcp_version}"
docker_image_alertmanager: "${_param:mcp_docker_registry}/openstack-docker/alertmanager:${_param:mcp_version}"
docker_image_grafana: "${_param:mcp_docker_registry}/openstack-docker/grafana:${_param:mcp_version}"
docker_image_prometheus_es_exporter: "${_param:mcp_docker_registry}/openstack-docker/prometheus-es-exporter:${_param:mcp_version}"
docker_image_prometheus: "${_param:mcp_docker_registry}/openstack-docker/prometheus:${_param:mcp_version}"
- docker_image_prometheus_gainsight: "${_param:mcp_docker_registry}/openstack-docker/gainsight:${_param:mcp_version}"
+ docker_image_prometheus_gainsight: "${_param:mcp_docker_registry}/openstack-docker/sf-reporter:2019.2.9"
docker_image_prometheus_gainsight_elasticsearch: "${_param:mcp_docker_registry}/openstack-docker/gainsight_elasticsearch:${_param:mcp_version}"
docker_image_prometheus_relay: "${_param:mcp_docker_registry}/openstack-docker/prometheus-relay:${_param:mcp_version}"
docker_image_pushgateway: "${_param:mcp_docker_registry}/openstack-docker/pushgateway:${_param:mcp_version}"
@@ -54,9 +55,9 @@
docker_image_cvp_xrally: "${_param:mcp_docker_registry}/mirantis/external/xrally/xrally-openstack:0.11.2"
# aptly
docker_image_aptly:
- base: "${_param:mcp_docker_registry}/mirantis/cicd/aptly:${_param:mcp_version}"
- public: "${_param:mcp_docker_registry}/mirantis/cicd/aptly-public:${_param:mcp_version}"
- publisher: "${_param:mcp_docker_registry}/mirantis/cicd/aptly-publisher:${_param:mcp_version}"
+ base: "${_param:mcp_docker_registry}/mirantis/cicd/aptly:2019.2.9"
+ public: "${_param:mcp_docker_registry}/mirantis/cicd/aptly-public:2019.2.9"
+ publisher: "${_param:mcp_docker_registry}/mirantis/cicd/aptly-publisher:2019.2.9"
# List of images, to be placed into offline image, during separate image build process
# WARNING: registry|target_registry and names - must be exactly same as list above!
@@ -67,16 +68,16 @@
# CI/CD
- registry: ${_param:mcp_docker_registry}/mirantis/external
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/mirantis/external
- name: registry:${_param:mcp_version}
+ name: registry:2019.2.6
- registry: ${_param:mcp_docker_registry}/mirantis/external
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/mirantis/external
name: visualizer:${_param:mcp_version}
- registry: ${_param:mcp_docker_registry}/mirantis/external/docker
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/mirantis/external/docker
name: compose:1.17.1
- - registry: ${_param:mcp_docker_registry}/mirantis/external/osixia
- target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/mirantis/external/osixia
- name: openldap:1.2.2
+ - registry: ${_param:mcp_docker_registry}/mirantis/cicd
+ target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/mirantis/cicd
+ name: openldap:2019.2.11
- registry: ${_param:mcp_docker_registry}/mirantis/external/library
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/mirantis/external/library
name: postgres:9.6.10
@@ -86,17 +87,17 @@
- registry: ${_param:mcp_docker_registry}/mirantis/cicd
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/mirantis/cicd
- name: aptly:${_param:mcp_version}
+ name: aptly:2019.2.9
- registry: ${_param:mcp_docker_registry}/mirantis/cicd
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/mirantis/cicd
- name: aptly-public:${_param:mcp_version}
+ name: aptly-public:2019.2.9
- registry: ${_param:mcp_docker_registry}/mirantis/cicd
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/mirantis/cicd
- name: aptly-publisher:${_param:mcp_version}
+ name: aptly-publisher:2019.2.9
- registry: ${_param:mcp_docker_registry}/mirantis/cicd
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/mirantis/cicd
- name: jnlp-slave:${_param:mcp_version}
+ name: jnlp-slave:2019.2.11
- registry: ${_param:mcp_docker_registry}/mirantis/cicd
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/mirantis/cicd
name: ssh-slave:2019.2.5
@@ -105,14 +106,14 @@
name: jenkins:2019.2.5
- registry: ${_param:mcp_docker_registry}/mirantis/cicd
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/mirantis/cicd
- name: gerrit:2019.2.7
+ name: gerrit:2019.2.11
# stacklight
- registry: ${_param:mcp_docker_registry}/openstack-docker
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/openstack-docker
name: alertmanager:2019.2.4
- - registry: ${_param:mcp_docker_registry}/mirantis/external
- target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/mirantis/external
- name: alerta-web:${_param:mcp_version}
+ - registry: ${_param:mcp_docker_registry}/openstack-docker
+ target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/openstack-docker
+ name: alerta:${_param:mcp_version}
- registry: ${_param:mcp_docker_registry}/openstack-docker
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/openstack-docker
name: pushgateway:${_param:mcp_version}
@@ -121,16 +122,16 @@
name: prometheus:${_param:mcp_version}
- registry: ${_param:mcp_docker_registry}/openstack-docker
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/openstack-docker
- name: gainsight:2019.2.4
+ name: sf-reporter:2019.2.9
- registry: ${_param:mcp_docker_registry}/openstack-docker
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/openstack-docker
- name: telegraf:2019.2.5
+ name: telegraf:${_param:mcp_version}
- registry: ${_param:mcp_docker_registry}/openstack-docker
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/openstack-docker
name: remote_storage_adapter:${_param:mcp_version}
- registry: ${_param:mcp_docker_registry}/openstack-docker
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/openstack-docker
- name: prometheus-relay:2019.2.5
+ name: prometheus-relay:${_param:mcp_version}
- registry: ${_param:mcp_docker_registry}/openstack-docker
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/openstack-docker
name: grafana:${_param:mcp_version}
diff --git a/defaults/init.yml b/defaults/init.yml
index e1dc984..87decb3 100644
--- a/defaults/init.yml
+++ b/defaults/init.yml
@@ -8,6 +8,7 @@
classes:
- system.defaults.linux_system_repo
- system.defaults.linux_system_file
+- system.defaults.linux_system_package
- system.defaults.backupninja
- system.defaults.git
- system.defaults.glusterfs
diff --git a/defaults/linux_system_package.yml b/defaults/linux_system_package.yml
new file mode 100644
index 0000000..7138e1e
--- /dev/null
+++ b/defaults/linux_system_package.yml
@@ -0,0 +1,6 @@
+parameters:
+ linux:
+ system:
+ package:
+ popularity-contest:
+ version: purged
diff --git a/defaults/linux_system_repo.yml b/defaults/linux_system_repo.yml
index 07e96d2..9e38acf 100644
--- a/defaults/linux_system_repo.yml
+++ b/defaults/linux_system_repo.yml
@@ -39,7 +39,7 @@
linux_system_repo_hotfix_mcp_percona_url: ${_param:linux_system_repo_hotfix_url}/percona/
#
linux_system_repo_mcp_saltstack_url: ${_param:linux_system_repo_url}/saltstack-${_param:linux_system_repo_mcp_saltstack_version_number}/
- linux_system_repo_update_mcp_saltstack_url: ${_param:linux_system_repo_update_url}/saltstack-${_param:linux_system_repo_mcp_saltstack_version_number}/
+ linux_system_repo_update_mcp_saltstack_url: ${_param:linux_system_repo_update_url}/salt-2017.7.8/
linux_system_repo_hotfix_mcp_saltstack_url: ${_param:linux_system_repo_hotfix_url}/saltstack-${_param:linux_system_repo_mcp_saltstack_version_number}/
#
linux_system_repo_mcp_extra_url: ${_param:linux_system_repo_url}/extra/
diff --git a/defaults/openstack/policy/all.yml b/defaults/openstack/policy/all.yml
index 39d7c40..ccb81a4 100644
--- a/defaults/openstack/policy/all.yml
+++ b/defaults/openstack/policy/all.yml
@@ -440,6 +440,46 @@
"tasks_api_access": "role:admin"
"upload_image": ""
glance_default_policy_queens: ${_param:glance_default_policy_pike}
+ gnocchi_default_policy_ocata: {}
+ gnocchi_default_policy_pike: &gnocchi_default_policy_pike
+ "admin_or_creator": "role:admin or user:%(creator)s or project_id:%(created_by_project_id)s"
+ "create archive policy rule": "role:admin"
+ "create archive policy": "role:admin"
+ "create metric": ""
+ "create resource type": "role:admin"
+ "create resource": ""
+ "delete archive policy rule": "role:admin"
+ "delete archive policy": "role:admin"
+ "delete metric": "rule:admin_or_creator"
+ "delete resource type": "role:admin"
+ "delete resource": "rule:admin_or_creator"
+ "delete resources": "rule:admin_or_creator"
+ "get archive policy rule": ""
+ "get archive policy": ""
+ "get measures": "rule:admin_or_creator or rule:metric_owner"
+ "get metric": "rule:admin_or_creator or rule:metric_owner"
+ "get resource type": ""
+ "get resource": "rule:admin_or_creator or rule:resource_owner"
+ "get status": "role:admin"
+ "list all metric": "role:admin"
+ "list archive policy rule": ""
+ "list archive policy": ""
+ "list metric": ""
+ "list resource type": ""
+ "list resource": "rule:admin_or_creator or rule:resource_owner"
+ "metric_owner": "project_id:%(resource.project_id)s"
+ "post measures": "rule:admin_or_creator"
+ "resource_owner": "project_id:%(project_id)s"
+ "search metric": "rule:admin_or_creator or rule:metric_owner"
+ "search resource": "rule:admin_or_creator or rule:resource_owner"
+ "update archive policy": "role:admin"
+ "update resource type": "role:admin"
+ "update resource": "rule:admin_or_creator"
+ gnocchi_default_policy_queens:
+ << : *gnocchi_default_policy_pike
+ "list all metric":
+ "list metric": "rule:admin_or_creator or rule:metric_owner"
+ "update archive policy rule": "role:admin"
heat_default_policy_ocata: {}
heat_default_policy_pike:
"actions:action": "rule:deny_stack_user"
@@ -537,6 +577,62 @@
"stacks:update_patch": "rule:deny_stack_user"
"stacks:validate_template": "rule:deny_stack_user"
heat_default_policy_queens: ${_param:heat_default_policy_pike}
+ ironic_default_policy_ocata: {}
+ ironic_default_policy_pike: &ironic_default_policy_pike
+ "admin_api": "role:admin or role:administrator"
+ "baremetal:chassis:create": "rule:is_admin"
+ "baremetal:chassis:delete": "rule:is_admin"
+ "baremetal:chassis:get": "rule:is_admin or rule:is_observer"
+ "baremetal:chassis:update": "rule:is_admin"
+ "baremetal:driver:get": "rule:is_admin or rule:is_observer"
+ "baremetal:driver:get_properties": "rule:is_admin or rule:is_observer"
+ "baremetal:driver:get_raid_logical_disk_properties": "rule:is_admin or rule:is_observer"
+ "baremetal:driver:ipa_lookup": "rule:public_api"
+ "baremetal:driver:vendor_passthru": "rule:is_admin"
+ "baremetal:node:clear_maintenance": "rule:is_admin"
+ "baremetal:node:create": "rule:is_admin"
+ "baremetal:node:delete": "rule:is_admin"
+ "baremetal:node:get": "rule:is_admin or rule:is_observer"
+ "baremetal:node:get_boot_device": "rule:is_admin or rule:is_observer"
+ "baremetal:node:get_console": "rule:is_admin"
+ "baremetal:node:get_states": "rule:is_admin or rule:is_observer"
+ "baremetal:node:inject_nmi": "rule:is_admin"
+ "baremetal:node:ipa_heartbeat": "rule:public_api"
+ "baremetal:node:set_boot_device": "rule:is_admin"
+ "baremetal:node:set_console_state": "rule:is_admin"
+ "baremetal:node:set_maintenance": "rule:is_admin"
+ "baremetal:node:set_power_state": "rule:is_admin"
+ "baremetal:node:set_provision_state": "rule:is_admin"
+ "baremetal:node:set_raid_state": "rule:is_admin"
+ "baremetal:node:update": "rule:is_admin"
+ "baremetal:node:validate": "rule:is_admin"
+ "baremetal:node:vendor_passthru": "rule:is_admin"
+ "baremetal:node:vif:attach": "rule:is_admin"
+ "baremetal:node:vif:detach": "rule:is_admin"
+ "baremetal:node:vif:list": "rule:is_admin"
+ "baremetal:port:create": "rule:is_admin"
+ "baremetal:port:delete": "rule:is_admin"
+ "baremetal:port:get": "rule:is_admin or rule:is_observer"
+ "baremetal:port:update": "rule:is_admin"
+ "baremetal:portgroup:create": "rule:is_admin"
+ "baremetal:portgroup:delete": "rule:is_admin"
+ "baremetal:portgroup:get": "rule:is_admin or rule:is_observer"
+ "baremetal:portgroup:update": "rule:is_admin"
+ "baremetal:volume:create": "rule:is_admin"
+ "baremetal:volume:delete": "rule:is_admin"
+ "baremetal:volume:get": "rule:is_admin or rule:is_observer"
+ "baremetal:volume:update": "rule:is_admin"
+ "is_admin": "rule:admin_api or (rule:is_member and role:baremetal_admin)"
+ "is_member": "(project_domain_id:default or project_domain_id:None) and (project_name:demo or project_name:baremetal)"
+ "is_observer": "rule:is_member and (role:observer or role:baremetal_observer)"
+ "public_api": "is_public_api:True"
+ "show_instance_secrets": "!"
+ "show_password": "!"
+ ironic_default_policy_queens:
+ << : *ironic_default_policy_pike
+ "baremetal:node:traits:delete": "rule:is_admin"
+ "baremetal:node:traits:list": "rule:is_admin or rule:is_observer"
+ "baremetal:node:traits:set": "rule:is_admin"
keystone_default_policy_ocata: {}
keystone_default_policy_pike: &keystone_default_policy_pike
"admin_or_owner": "rule:admin_required or rule:owner"
@@ -1352,6 +1448,13 @@
"load-balancer:read-quota-global": "rule:load-balancer:global_observer or role:load-balancer_quota_admin or rule:load-balancer:admin"
"load-balancer:write-quota": "role:load-balancer_quota_admin or rule:load-balancer:admin"
"os_load-balancer_api:loadbalancer:put_failover": "rule:load-balancer:admin"
+ panko_default_policy_ocata: {}
+ panko_default_policy_pike:
+ "context_is_admin": "role:admin"
+ "segregation": "rule:context_is_admin"
+ "telemetry:events:index": ""
+ "telemetry:events:show": ""
+ panko_default_policy_queens: ${_param:panko_default_policy_pike}
telemetry_default_policy_ocata: {}
telemetry_default_policy_pike:
"context_is_admin": "role:admin"
diff --git a/defaults/openstack/policy/gnocchi.yml b/defaults/openstack/policy/gnocchi.yml
new file mode 100644
index 0000000..a56e91b
--- /dev/null
+++ b/defaults/openstack/policy/gnocchi.yml
@@ -0,0 +1,6 @@
+classes:
+- system.defaults.openstack.policy.all
+parameters:
+ gnocchi:
+ server:
+ policy: ${_param:gnocchi_default_policy_${_param:openstack_version}}
diff --git a/defaults/openstack/policy/ironic.yml b/defaults/openstack/policy/ironic.yml
new file mode 100644
index 0000000..f6addcb
--- /dev/null
+++ b/defaults/openstack/policy/ironic.yml
@@ -0,0 +1,6 @@
+classes:
+- system.defaults.openstack.policy.all
+parameters:
+ ironic:
+ api:
+ policy: ${_param:ironic_default_policy_${_param:openstack_version}}
diff --git a/defaults/openstack/policy/panko.yml b/defaults/openstack/policy/panko.yml
new file mode 100644
index 0000000..d2c88ae
--- /dev/null
+++ b/defaults/openstack/policy/panko.yml
@@ -0,0 +1,6 @@
+classes:
+- system.defaults.openstack.policy.all
+parameters:
+ panko:
+ server:
+ policy: ${_param:panko_default_policy_${_param:openstack_version}}
diff --git a/defaults/stacklight.yml b/defaults/stacklight.yml
index 8838246..225120f 100644
--- a/defaults/stacklight.yml
+++ b/defaults/stacklight.yml
@@ -6,3 +6,10 @@
# ELK stack versions
elasticsearch_version: 5
kibana_version: 5
+ # Salesforce
+ sf_notifier_sfdc_auth_url: "default"
+ sf_notifier_sfdc_username: "default"
+ sf_notifier_sfdc_password: "default"
+ sf_notifier_sfdc_organization_id: "default"
+ sf_notifier_sfdc_environment_id: "default"
+ sf_notifier_sfdc_sandbox_enabled: "True"
diff --git a/docker/swarm/stack/dashboard.yml b/docker/swarm/stack/dashboard.yml
index 7b0eac5..9dfc85f 100644
--- a/docker/swarm/stack/dashboard.yml
+++ b/docker/swarm/stack/dashboard.yml
@@ -10,6 +10,7 @@
client:
stack:
dashboard:
+ version: '3.7'
service:
grafana:
deploy:
@@ -23,6 +24,18 @@
GF_DATABASE_TYPE: ${_param:grafana_database_type}
GF_DATABASE_NAME: grafana
GF_DATABASE_USER: grafana
- GF_DATABASE_PASSWORD: ${_param:grafana_database_password}
+ GF_DATABASE_PASSWORD__FILE: /run/secrets/grafana-database
GF_DATABASE_HOST: "${_param:grafana_database_host}:${_param:grafana_database_port}"
- GF_SECURITY_ADMIN_PASSWORD: ${_param:grafana_admin_password}
+ GF_SECURITY_ADMIN_PASSWORD__FILE: /run/secrets/grafana-admin
+ secrets:
+ - grafana-database
+ - grafana-admin
+ secrets:
+ grafana-database:
+ external: true
+ value: ${_param:grafana_database_password}
+ grafana-admin:
+ external: true
+ value: ${_param:grafana_admin_password}
+
+
diff --git a/docker/swarm/stack/gerrit.yml b/docker/swarm/stack/gerrit.yml
index d1a5aa7..2ce9444 100644
--- a/docker/swarm/stack/gerrit.yml
+++ b/docker/swarm/stack/gerrit.yml
@@ -16,6 +16,7 @@
client:
stack:
gerrit:
+ version: '3.7'
service:
server:
deploy:
@@ -30,12 +31,15 @@
- /etc/ssl/certs/java/cacerts:/etc/ssl/certs/java/cacerts:ro
depends_on:
- db
+ secrets:
+ - mysql-gerrit
+ - ldap-gerrit
environment:
#GERRIT_INIT_ARGS: ""
DATABASE_TYPE: "mysql"
DB_PORT_3306_TCP_ADDR: ${_param:cluster_vip_address}
DB_ENV_MYSQL_USER: gerrit
- DB_ENV_MYSQL_PASSWORD: ${_param:mysql_gerrit_password}
+ DB_ENV_MYSQL_PASSWORD_FILE: "/run/secrets/mysql-gerrit"
DB_ENV_MYSQL_DB: gerrit
AUTH_TYPE: ${_param:gerrit_auth_type}
LDAP_SERVER: ${_param:gerrit_ldap_server}
@@ -43,13 +47,10 @@
LDAP_ACCOUNTBASE: ${_param:gerrit_ldap_account_base}
LDAP_GROUPBASE: ${_param:gerrit_ldap_group_base}
LDAP_USERNAME: ${_param:gerrit_ldap_bind_user}
- LDAP_PASSWORD: ${_param:gerrit_ldap_bind_password}
+ LDAP_PASSWORD_FILE: "/run/secrets/ldap-gerrit"
WEBURL: ${_param:gerrit_public_host}
HTTPD_LISTENURL: ${_param:gerrit_http_listen_url}
HTTPD_REQUESTLOG: ${_param:gerrit_http_request_log}
- GERRIT_ADMIN_SSH_PUBLIC: ${_param:gerrit_admin_public_key}
- GERRIT_ADMIN_PWD: ${_param:gerrit_admin_password}
- GERRIT_ADMIN_EMAIL: ${_param:gerrit_admin_email}
CANLOADINIFRAME: "true"
IGNORE_VERSIONCHECK: "false"
JAVA_OPTIONS: "-Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts ${_param:gerrit_extra_opts}"
@@ -57,11 +58,14 @@
http_proxy: ${_param:docker_http_proxy}
no_proxy: ${_param:docker_no_proxy}
db:
+ secrets:
+ - mysql-gerrit
+ - mysql-root
environment:
MYSQL_USER: gerrit
- MYSQL_PASSWORD: ${_param:mysql_gerrit_password}
MYSQL_DATABASE: gerrit
- MYSQL_ROOT_PASSWORD: ${_param:mysql_admin_password}
+ MYSQL_ROOT_PASSWORD_FILE: "/run/secrets/mysql-root"
+ MYSQL_PASSWORD_FILE: "/run/secrets/mysql-gerrit"
MYSQL_START_TIMEOUT: 300
deploy:
restart_policy:
@@ -71,3 +75,13 @@
- ${_param:gerrit_db_publish_port}:3306
volumes:
- /srv/volumes/mysql:/var/lib/mysql
+ secrets:
+ mysql-root:
+ external: true
+ value: ${_param:mysql_admin_password}
+ mysql-gerrit:
+ external: true
+ value: ${_param:mysql_gerrit_password}
+ ldap-gerrit:
+ external: true
+ value: ${_param:gerrit_ldap_bind_password}
diff --git a/docker/swarm/stack/jenkins/jnlp_slave_multi.yml b/docker/swarm/stack/jenkins/jnlp_slave_multi.yml
index 3606bad..e7bf056 100644
--- a/docker/swarm/stack/jenkins/jnlp_slave_multi.yml
+++ b/docker/swarm/stack/jenkins/jnlp_slave_multi.yml
@@ -15,7 +15,7 @@
JENKINS_AGENT_NAME: slave02
JENKINS_UPDATE_SLAVE: 'true'
JENKINS_LOGIN: ${_param:jenkins_client_user}
- JENKINS_PASSWORD: ${_param:jenkins_client_password}
+ JENKINS_PASSWORD_FILE: /run/secrets/jenkins-admin
JAVA_OPTS: "-Dhttp.proxyHost=${_param:docker_http_proxy} -Dhttp.nonProxyHosts=|jenkins_master ${_param:jenkins_slave_extra_opts}"
https_proxy: ${_param:docker_https_proxy}
http_proxy: ${_param:docker_http_proxy}
@@ -35,13 +35,15 @@
- /var/run/docker.sock:/var/run/docker.sock
- /usr/bin/docker:/usr/bin/docker:ro
- /var/lib/jenkins:/var/lib/jenkins
+ secrets:
+ - jenkins-admin
slave03:
environment:
JENKINS_URL: ${_param:jenkins_master_url}
JENKINS_AGENT_NAME: slave03
JENKINS_UPDATE_SLAVE: 'true'
JENKINS_LOGIN: ${_param:jenkins_client_user}
- JENKINS_PASSWORD: ${_param:jenkins_client_password}
+ JENKINS_PASSWORD_FILE: /run/secrets/jenkins-admin
JAVA_OPTS: "-Dhttp.proxyHost=${_param:docker_http_proxy} -Dhttp.nonProxyHosts=|jenkins_master ${_param:jenkins_slave_extra_opts}"
https_proxy: ${_param:docker_https_proxy}
http_proxy: ${_param:docker_http_proxy}
@@ -61,3 +63,9 @@
- /var/run/docker.sock:/var/run/docker.sock
- /usr/bin/docker:/usr/bin/docker:ro
- /var/lib/jenkins:/var/lib/jenkins
+ secrets:
+ - jenkins-admin
+ secrets:
+ jenkins-admin:
+ external: true
+ value: ${_param:jenkins_client_password}
diff --git a/docker/swarm/stack/jenkins/jnlp_slave_single.yml b/docker/swarm/stack/jenkins/jnlp_slave_single.yml
index 956f918..6f9bff0 100644
--- a/docker/swarm/stack/jenkins/jnlp_slave_single.yml
+++ b/docker/swarm/stack/jenkins/jnlp_slave_single.yml
@@ -12,6 +12,7 @@
- ${_param:docker_image_jenkins_jnlp_slave}
stack:
jenkins:
+ version: '3.7'
service:
slave01:
environment:
@@ -19,7 +20,7 @@
JENKINS_AGENT_NAME: slave01
JENKINS_UPDATE_SLAVE: 'true'
JENKINS_LOGIN: ${_param:jenkins_client_user}
- JENKINS_PASSWORD: ${_param:jenkins_client_password}
+ JENKINS_PASSWORD_FILE: /run/secrets/jenkins-admin
JAVA_OPTS: "-Dhttp.proxyHost=${_param:docker_http_proxy} -Dhttp.nonProxyHosts=|jenkins_master ${_param:jenkins_slave_extra_opts}"
https_proxy: ${_param:docker_https_proxy}
http_proxy: ${_param:docker_http_proxy}
@@ -39,3 +40,9 @@
- /var/run/docker.sock:/var/run/docker.sock
- /usr/bin/docker:/usr/bin/docker:ro
- /var/lib/jenkins:/var/lib/jenkins
+ secrets:
+ - jenkins-admin
+ secrets:
+ jenkins-admin:
+ external: true
+ value: ${_param:jenkins_client_password}
diff --git a/docker/swarm/stack/ldap.yml b/docker/swarm/stack/ldap.yml
index 3091983..71a646e 100644
--- a/docker/swarm/stack/ldap.yml
+++ b/docker/swarm/stack/ldap.yml
@@ -5,6 +5,7 @@
client:
stack:
ldap:
+ version: '3.7'
service:
server:
networks:
@@ -18,6 +19,9 @@
ports:
- 1389:389
- 1636:636
+ secrets:
+ - openldap-admin
+ - openldap-config
volumes:
- /srv/volumes/openldap/database:/var/lib/ldap
- /srv/volumes/openldap/config:/etc/ldap/slapd.d
@@ -31,8 +35,8 @@
HOSTNAME: ldap01.${_param:openldap_domain}
LDAP_ORGANISATION: "${_param:openldap_organisation}"
LDAP_DOMAIN: "${_param:openldap_domain}"
- LDAP_ADMIN_PASSWORD: ${_param:openldap_admin_password}
- LDAP_CONFIG_PASSWORD: ${_param:openldap_config_password}
+ LDAP_ADMIN_PASSWORD_FILE: /run/secrets/openldap-admin
+ LDAP_CONFIG_PASSWORD_FILE: /run/secrets/openldap-config
LDAP_TLS: "true"
LDAP_TLS_VERIFY_CLIENT: try
LDAP_TLS_CIPHER_SUITE: NORMAL:-VERS-SSL3.0:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0
@@ -55,7 +59,6 @@
- ${_param:openldap_tls:certfile}:/container/service/ldap-client/assets/certs/drivetrain_ldap.crt:ro
- /etc/ssl/certs/ca-${_param:salt_minion_ca_authority}.pem:/container/service/ldap-client/assets/certs/ca.crt:ro
environment:
- PHPLDAPADMIN_LDAP_ADMIN_PASSWORD: ${_param:openldap_admin_password}
PHPLDAPADMIN_LDAP_HOSTS: "#PYTHON2BASH:[{'server': [{'server': [{'host': 'ldaps://${_param:cicd_control_address}', 'tls': False}]},{'login': [{'bind_id': 'cn=admin,${_param:openldap_dn}'},{'bind_pass': '$PHPLDAPADMIN_LDAP_ADMIN_PASSWORD'}]}]}]"
PHPLDAPADMIN_LDAP_CLIENT_TLS: "true"
PHPLDAPADMIN_LDAP_CLIENT_TLS_CA_CRT_FILENAME: ca.crt
@@ -73,3 +76,11 @@
driver: overlay
driver_opts:
encrypted: 1
+ secrets:
+ openldap-admin:
+ external: true
+ value: ${_param:openldap_admin_password}
+ openldap-config:
+ external: true
+ value: ${_param:openldap_config_password}
+
diff --git a/docker/swarm/stack/monitoring/alerta.yml b/docker/swarm/stack/monitoring/alerta.yml
index 6112b60..0470a09 100644
--- a/docker/swarm/stack/monitoring/alerta.yml
+++ b/docker/swarm/stack/monitoring/alerta.yml
@@ -8,6 +8,7 @@
client:
stack:
monitoring:
+ version: '3.7'
service:
alerta:
networks:
@@ -24,8 +25,17 @@
- 15017:8080
volumes:
- ${prometheus:alerta:config_dir}/alerta.conf:/web/config.js
+ - ${prometheus:alerta:config_dir}/alertad.conf:/app/alertad.conf
environment:
ADMIN_USERS: ${_param:alerta_admin_username}
- ADMIN_PASSWORD: ${_param:alerta_admin_password}
+ ADMIN_PASSWORD_FILE: "/run/secrets/alerta"
+ AUTH_REQUIRED: "True"
MONGO_URI: ${_param:alerta_mongodb_uri}
PLUGINS: ""
+ secrets:
+ - alerta
+ secrets:
+ alerta:
+ external: true
+ value: ${_param:alerta_admin_password}
+
diff --git a/docker/swarm/stack/monitoring/gainsight.yml b/docker/swarm/stack/monitoring/gainsight.yml
index 554c8ec..a2935da 100644
--- a/docker/swarm/stack/monitoring/gainsight.yml
+++ b/docker/swarm/stack/monitoring/gainsight.yml
@@ -2,19 +2,17 @@
- system.prometheus.gainsight.container
parameters:
_param:
- gainsight_enabled: 'true'
- gainsight_csv_upload_url: 'http://localhost:9999'
- gainsight_account_id: 'default'
- gainsight_environment_id: 'default'
- gainsight_app_org_id: 'default'
- gainsight_access_key: 'default'
- gainsight_job_id: 'default'
- gainsight_login: 'default'
+ gainsight_cluster_id: "${_param:cluster_domain}"
gainsight_prometheus_url: "http://${_param:stacklight_monitor_address}:15010"
- gainsight_config_directory: '/srv/gainsight'
- gainsight_crontab_directory: '/etc/cron.d'
+ gainsight_config_directory: "/srv/gainsight"
+ gainsight_crontab_directory: "/etc/cron.d"
gainsight_config_path: "${_param:gainsight_config_directory}/config.ini"
- gainsight_csv_retention: 180
+ gainsight_sfdc_auth_url: "${_param:sf_notifier_sfdc_auth_url}"
+ gainsight_sfdc_username: "${_param:sf_notifier_sfdc_username}"
+ gainsight_sfdc_password: "${_param:sf_notifier_sfdc_password}"
+ gainsight_sfdc_organization_id: "${_param:sf_notifier_sfdc_organization_id}"
+ gainsight_sfdc_environment_id: "${_param:sf_notifier_sfdc_environment_id}"
+ gainsight_sfdc_sandbox_enabled: "${_param:sf_notifier_sfdc_sandbox_enabled}"
docker:
client:
stack:
@@ -40,16 +38,13 @@
volumes:
- ${prometheus:gainsight:dir:config}:${_param:gainsight_config_directory}
- ${prometheus:gainsight:dir:crontab}:${_param:gainsight_crontab_directory}
- - ${prometheus:gainsight:dir:csv}:/opt/gainsight/csv
environment:
- CSV_UPLOAD_URL: "${_param:gainsight_csv_upload_url}"
- ACCOUNT_ID: "${_param:gainsight_account_id}"
- ENVIRONMENT_ID: "${_param:gainsight_environment_id}"
- APP_ORG_ID: "${_param:gainsight_app_org_id}"
- ACCESS_KEY: "${_param:gainsight_access_key}"
- JOB_ID: "${_param:gainsight_job_id}"
- LOGIN: "${_param:gainsight_login}"
- PROMETHEUS_URL: "${_param:gainsight_prometheus_url}"
- CONFIG_PATH: "${_param:gainsight_config_path}"
- ENABLED: "${_param:gainsight_enabled}"
- RETENTION: ${_param:gainsight_csv_retention}
+ CLUSTER_ID: ${_param:gainsight_cluster_id}
+ PROMETHEUS_URL: ${_param:gainsight_prometheus_url}
+ CONFIG_PATH: ${_param:gainsight_config_path}
+ SFDC_AUTH_URL: ${_param:gainsight_sfdc_auth_url}
+ SFDC_USERNAME: ${_param:gainsight_sfdc_username}
+ SFDC_PASSWORD: ${_param:gainsight_sfdc_password}
+ SFDC_ORGANIZATION_ID: ${_param:gainsight_sfdc_organization_id}
+ SFDC_ENVIRONMENT_ID: ${_param:gainsight_sfdc_environment_id}
+ SFDC_SANDBOX_ENABLED: ${_param:gainsight_sfdc_sandbox_enabled}
diff --git a/docker/swarm/stack/monitoring/prometheus/init.yml b/docker/swarm/stack/monitoring/prometheus/init.yml
index d38f5f8..b364259 100644
--- a/docker/swarm/stack/monitoring/prometheus/init.yml
+++ b/docker/swarm/stack/monitoring/prometheus/init.yml
@@ -8,6 +8,8 @@
prometheus_storage_local_engine: "persisted"
prometheus_storage_heap_size: 3221225472
prometheus_storage_num_fingerprint_mutexes: 4096
+ prometheus_cors_origin: '.*'
+ prometheus_alert_resend_delay: "2m"
docker:
client:
stack:
@@ -42,7 +44,9 @@
PROMETHEUS_BIND_ADDRESS: ${prometheus:server:bind:address}
PROMETHEUS_STORAGE_LOCAL_RETENTION: ${prometheus:server:storage:local:retention}
PROMETHEUS_EXTERNAL_URL: "${_param:prometheus_external_proto}://${_param:prometheus_external_url}:15010"
+ PROMETHEUS_ALERT_RESEND_DELAY: "${_param:prometheus_alert_resend_delay}"
# Backward compatibility for Prometheus 1.7
PROMETHEUS_STORAGE_LOCAL_ENGINE: ${_param:prometheus_storage_local_engine}
PROMETHEUS_STORAGE_LOCAL_TARGET_HEAP_SIZE: ${_param:prometheus_storage_heap_size}
PROMETHEUS_STORAGE_LOCAL_NUM_FINGERPRINT_MUTEXES: ${_param:prometheus_storage_num_fingerprint_mutexes}
+ PROMETHEUS_CORS_ORIGIN_REGEX: "${_param:prometheus_cors_origin}"
diff --git a/docker/swarm/stack/monitoring/sf_notifier.yml b/docker/swarm/stack/monitoring/sf_notifier.yml
index b8b2dd6..e2e5435 100644
--- a/docker/swarm/stack/monitoring/sf_notifier.yml
+++ b/docker/swarm/stack/monitoring/sf_notifier.yml
@@ -2,7 +2,7 @@
- system.prometheus.sf_notifier.container
parameters:
_param:
- sf_notifier_workers: 4
+ sf_notifier_workers: 8
sf_notifier_buffer_size: 32768
sf_notifier_alert_id_hash_func: sha256
docker:
@@ -30,13 +30,13 @@
ports:
- 15018:5000
environment:
- SF_NOTIFIER_WORKERS: ${_param:sf_notifier_workers}
- SF_NOTIFIER_BUFFER_SIZE: ${_param:sf_notifier_buffer_size}
- SF_NOTIFIER_APP_PORT: ${prometheus:sf_notifier:uwsgi:bind_port}
- SF_NOTIFIER_ALERT_ID_HASH_FUNC: ${_param:sf_notifier_alert_id_hash_func}
- SFDC_AUTH_URL: "${_param:sf_notifier_sfdc_auth_url}"
- SFDC_USERNAME: "${_param:sf_notifier_sfdc_username}"
- SFDC_PASSWORD: "${_param:sf_notifier_sfdc_password}"
- SFDC_ORGANIZATION_ID: "${_param:sf_notifier_sfdc_organization_id}"
- SFDC_ENVIRONMENT_ID: "${_param:sf_notifier_sfdc_environment_id}"
- SFDC_SANDBOX_ENABLED: "${_param:sf_notifier_sfdc_sandbox_enabled}"
+ - SF_NOTIFIER_WORKERS=${_param:sf_notifier_workers}
+ - SF_NOTIFIER_BUFFER_SIZE=${_param:sf_notifier_buffer_size}
+ - SF_NOTIFIER_APP_PORT=${prometheus:sf_notifier:uwsgi:bind_port}
+ - SF_NOTIFIER_ALERT_ID_HASH_FUNC=${_param:sf_notifier_alert_id_hash_func}
+ - SFDC_AUTH_URL=${_param:sf_notifier_sfdc_auth_url}
+ - SFDC_USERNAME=${_param:sf_notifier_sfdc_username}
+ - SFDC_PASSWORD=${_param:sf_notifier_sfdc_password}
+ - SFDC_ORGANIZATION_ID=${_param:sf_notifier_sfdc_organization_id}
+ - SFDC_ENVIRONMENT_ID=${_param:sf_notifier_sfdc_environment_id}
+ - SFDC_SANDBOX_ENABLED=${_param:sf_notifier_sfdc_sandbox_enabled}
diff --git a/galera/server/cluster.yml b/galera/server/cluster.yml
index a4b3f0a..2dd5962 100644
--- a/galera/server/cluster.yml
+++ b/galera/server/cluster.yml
@@ -3,3 +3,4 @@
- system.haproxy.proxy.listen.openstack.galera
- system.keepalived.cluster.instance.galera_vip
- system.galera.upgrade
+- system.galera.server.clustercheck
diff --git a/haproxy/proxy/listen/openstack/designate.yml b/haproxy/proxy/listen/openstack/designate.yml
index 1310be4..0f19a1f 100644
--- a/haproxy/proxy/listen/openstack/designate.yml
+++ b/haproxy/proxy/listen/openstack/designate.yml
@@ -20,3 +20,7 @@
host: ${_param:cluster_node02_address}
port: ${_param:haproxy_designate_port}
params: ${_param:haproxy_designate_check_params}
+ - name: ${_param:cluster_node03_hostname}
+ host: ${_param:cluster_node03_address}
+ port: ${_param:haproxy_designate_port}
+ params: ${_param:haproxy_designate_check_params}
diff --git a/haproxy/proxy/listen/openstack/designate_large.yml b/haproxy/proxy/listen/openstack/designate_large.yml
new file mode 100644
index 0000000..01d92aa
--- /dev/null
+++ b/haproxy/proxy/listen/openstack/designate_large.yml
@@ -0,0 +1,34 @@
+parameters:
+ _param:
+ haproxy_designate_check_params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ haproxy_designate_port: 9001
+ haproxy:
+ proxy:
+ listen:
+ designate_api:
+ type: openstack-service
+ service_name: designate
+ binds:
+ - address: ${_param:cluster_vip_address}
+ port: ${_param:haproxy_designate_port}
+ servers:
+ - name: ${_param:cluster_node01_hostname}
+ host: ${_param:cluster_node01_address}
+ port: ${_param:haproxy_designate_port}
+ params: ${_param:haproxy_designate_check_params}
+ - name: ${_param:cluster_node02_hostname}
+ host: ${_param:cluster_node02_address}
+ port: ${_param:haproxy_designate_port}
+ params: ${_param:haproxy_designate_check_params}
+ - name: ${_param:cluster_node03_hostname}
+ host: ${_param:cluster_node03_address}
+ port: ${_param:haproxy_designate_port}
+ params: ${_param:haproxy_designate_check_params}
+ - name: ${_param:cluster_node04_hostname}
+ host: ${_param:cluster_node04_address}
+ port: ${_param:haproxy_designate_port}
+ params: ${_param:haproxy_designate_check_params}
+ - name: ${_param:cluster_node05_hostname}
+ host: ${_param:cluster_node05_address}
+ port: ${_param:haproxy_designate_port}
+ params: ${_param:haproxy_designate_check_params}
diff --git a/haproxy/proxy/listen/openstack/galera/init.yml b/haproxy/proxy/listen/openstack/galera/init.yml
index 1dd1a1c..9f210d4 100644
--- a/haproxy/proxy/listen/openstack/galera/init.yml
+++ b/haproxy/proxy/listen/openstack/galera/init.yml
@@ -1,6 +1,6 @@
parameters:
_param:
- haproxy_params_check: 'check'
+ haproxy_params_check: 'check port 9200'
haproxy:
proxy:
listen:
@@ -15,12 +15,16 @@
- name: ${_param:cluster_node01_hostname}
host: ${_param:cluster_node01_address}
port: 3306
- params: ${_param:haproxy_params_check} inter 20s fastinter 2s downinter 2s rise 3 fall 3
+ params: ${_param:haproxy_params_check} inter 20s fastinter 2s downinter 2s rise 3 fall 3 on-marked-down shutdown-sessions
- name: ${_param:cluster_node02_hostname}
host: ${_param:cluster_node02_address}
port: 3306
- params: backup ${_param:haproxy_params_check} inter 20s fastinter 2s downinter 2s rise 3 fall 3
+ params: backup ${_param:haproxy_params_check} inter 20s fastinter 2s downinter 2s rise 3 fall 3 on-marked-down shutdown-sessions
- name: ${_param:cluster_node03_hostname}
host: ${_param:cluster_node03_address}
port: 3306
- params: backup ${_param:haproxy_params_check} inter 20s fastinter 2s downinter 2s rise 3 fall 3
+ params: backup ${_param:haproxy_params_check} inter 20s fastinter 2s downinter 2s rise 3 fall 3 on-marked-down shutdown-sessions
+ health-check:
+ mysql:
+ enabled: False
+
diff --git a/jenkins/client/job/ceph/remove-node.yml b/jenkins/client/job/ceph/remove-node.yml
index 4f69be4..422056c 100644
--- a/jenkins/client/job/ceph/remove-node.yml
+++ b/jenkins/client/job/ceph/remove-node.yml
@@ -45,3 +45,8 @@
type: boolean
default: 'true'
description: Wait for healthy during pipeline
+ CLEANDISK:
+ type: boolean
+ default: 'false'
+ description: Clean data/block partitions
+
diff --git a/jenkins/client/job/ceph/remove-osd.yml b/jenkins/client/job/ceph/remove-osd.yml
index 03e5cf8..d3a00b1 100644
--- a/jenkins/client/job/ceph/remove-osd.yml
+++ b/jenkins/client/job/ceph/remove-osd.yml
@@ -43,3 +43,11 @@
type: boolean
default: 'true'
description: Wait for healthy during pipeline
+ CLEANDISK:
+ type: boolean
+ default: 'false'
+ description: Clean data/block partitions
+ CLEAN_ORPHANS:
+ type: boolean
+ default: 'false'
+ description: Clean data/block partitions
diff --git a/jenkins/client/job/ceph/upgrade.yml b/jenkins/client/job/ceph/upgrade.yml
index a185fef..9d352d7 100644
--- a/jenkins/client/job/ceph/upgrade.yml
+++ b/jenkins/client/job/ceph/upgrade.yml
@@ -78,3 +78,4 @@
type: string
default: '/root'
description: Select the target dir to backup to when BACKUP_ENABLED
+
diff --git a/jenkins/client/job/deploy/backupninja_backup.yml b/jenkins/client/job/deploy/backupninja_backup.yml
index 690ae0a..1089cfa 100644
--- a/jenkins/client/job/deploy/backupninja_backup.yml
+++ b/jenkins/client/job/deploy/backupninja_backup.yml
@@ -34,5 +34,5 @@
default: 'true'
trigger:
timer:
- enabled: true
+ enabled: false
spec: "${_param:backup_min} ${_param:backup_hour} ${_param:backup_day_of_month} ${_param:backup_month} ${_param:backup_day_of_week}"
diff --git a/jenkins/client/job/deploy/cleanup.yml b/jenkins/client/job/deploy/cleanup.yml
new file mode 100644
index 0000000..1d0a2b6
--- /dev/null
+++ b/jenkins/client/job/deploy/cleanup.yml
@@ -0,0 +1,25 @@
+parameters:
+ jenkins:
+ client:
+ job:
+ openstack_database_cleanup:
+ type: workflow-scm
+ name: openstack-database-cleanup
+ display_name: "Deploy - Openstack Database Cleanup"
+ discard:
+ build:
+ keep_num: 50
+ concurrent: true
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+ branch: "${_param:jenkins_pipelines_branch}"
+ credentials: ${_param:jenkins_gerrit_credentials}
+ script: openstack-database-cleanup.groovy
+ param:
+ SALT_MASTER_CREDENTIALS:
+ type: string
+ default: "salt"
+ SALT_MASTER_URL:
+ type: string
+ default: "${_param:jenkins_salt_api_url}"
diff --git a/jenkins/client/job/deploy/openstack.yml b/jenkins/client/job/deploy/openstack.yml
index 6bbbffa..ae63040 100644
--- a/jenkins/client/job/deploy/openstack.yml
+++ b/jenkins/client/job/deploy/openstack.yml
@@ -33,6 +33,10 @@
type: boolean
default: 'false'
description: 'Whether to run "apt-get dist-upgrade" on all nodes in cluster before deployment'
+ UPGRADE_SALTSTACK:
+ type: boolean
+ default: 'false'
+ description: 'Whether to install recent available saltstack packages'
# salt master
SALT_MASTER_CREDENTIALS:
type: string
diff --git a/jenkins/client/job/deploy/update/init.yml b/jenkins/client/job/deploy/update/init.yml
index afa0aa6..710fd5f 100644
--- a/jenkins/client/job/deploy/update/init.yml
+++ b/jenkins/client/job/deploy/update/init.yml
@@ -27,3 +27,4 @@
- system.jenkins.client.job.deploy.update.update_glusterfs_servers
- system.jenkins.client.job.deploy.update.update_glusterfs_clients
- system.jenkins.client.job.deploy.update.update_glusterfs_cluster_op_version
+ - system.jenkins.client.job.deploy.cleanup
diff --git a/jenkins/client/job/deploy/update/update_ceph.yml b/jenkins/client/job/deploy/update/update_ceph.yml
index 090b47f..3eb876b 100644
--- a/jenkins/client/job/deploy/update/update_ceph.yml
+++ b/jenkins/client/job/deploy/update/update_ceph.yml
@@ -33,3 +33,8 @@
type: string
default: ''
description: Flags to be aplied before pipeline and after pipeline (comma-separated list)
+ RUNHIGHSTATE:
+ type: boolean
+ default: 'false'
+ description: Run HighStates on target nodes after upgrade
+
diff --git a/jenkins/client/job/deploy/update/upgrade_mcp_release.yml b/jenkins/client/job/deploy/update/upgrade_mcp_release.yml
index 2019945..8afa45f 100644
--- a/jenkins/client/job/deploy/update/upgrade_mcp_release.yml
+++ b/jenkins/client/job/deploy/update/upgrade_mcp_release.yml
@@ -27,7 +27,7 @@
MK_PIPELINES_REFSPEC:
type: string
default: ""
- description: "Version of mk-pipelines git repo to be used. Should be release/TARGET_MCP_VERSION"
+ description: "Version of mk-pipelines git repo to be used. Should be release/TARGET_MCP_VERSION or 2019.2.x for a specific MU"
TARGET_MCP_VERSION:
type: string
default: ""
@@ -35,7 +35,7 @@
GIT_REFSPEC:
type: string
default: ""
- description: "Version of git repos to be used, should be release/TARGET_MCP_VERSION"
+ description: "Version of git repos to be used, should be release/TARGET_MCP_VERSION or 2019.2.x for a specific MU"
DRIVE_TRAIN_PARAMS:
type: text
description: "Yaml based DriveTrain releated params"
@@ -53,6 +53,12 @@
UPDATE_PIPELINES: true
# Use only when local repositories are present
UPDATE_LOCAL_REPOS: false
+ # Run apt-get upgrade on Drivetrain nodes
+ OS_UPGRADE: false
+ # Run apt-get dist-upgrade on Drivetrain nodes and reboot to apply changes
+ OS_DIST_UPGRADE: false
+ # Whether to apply cluster model workarounds from the pipeline
+ APPLY_MODEL_WORKAROUNDS: true
# Next parameters added only for test purposes and not enabled by default
# RECLASS_SYSTEM_BRANCH: ''
PIPELINE_TIMEOUT:
diff --git a/jenkins/client/job/deploy/update/upgrade_stacklight.yml b/jenkins/client/job/deploy/update/upgrade_stacklight.yml
index 57747e4..f043de8 100644
--- a/jenkins/client/job/deploy/update/upgrade_stacklight.yml
+++ b/jenkins/client/job/deploy/update/upgrade_stacklight.yml
@@ -39,3 +39,11 @@
type: boolean
default: 'true'
description: "Set to True if upgrade for components running in Docker Swarm is desired"
+ OS_UPGRADE:
+ type: boolean
+ default: 'false'
+ description: 'Run apt-get upgrade on Stacklight nodes'
+ OS_DIST_UPGRADE:
+ type: boolean
+ default: 'false'
+ description: 'Run apt-get dist-upgrade on Stacklight nodes and reboot to apply changes'
diff --git a/jenkins/client/job/validate.yml b/jenkins/client/job/validate.yml
index a59fe91..5d1dbdb 100644
--- a/jenkins/client/job/validate.yml
+++ b/jenkins/client/job/validate.yml
@@ -20,7 +20,7 @@
keep_num: 50
artifact:
keep_num: 50
- concurrent: true
+ concurrent: false
scm:
type: git
url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
diff --git a/keystone/client/core.yml b/keystone/client/core.yml
index c965e6f..0e0c46d 100644
--- a/keystone/client/core.yml
+++ b/keystone/client/core.yml
@@ -38,6 +38,7 @@
options: ${_param:openstack_service_user_options}
admin_identity:
admin:
+ api_version: ''
user: admin
password: ${_param:keystone_admin_password}
project: admin
diff --git a/keystone/client/single.yml b/keystone/client/single.yml
index 20b2b91..b69d030 100644
--- a/keystone/client/single.yml
+++ b/keystone/client/single.yml
@@ -46,6 +46,7 @@
options: ${_param:openstack_service_user_options}
admin_identity:
admin:
+ api_version: ''
user: admin
password: ${_param:keystone_admin_password}
project: admin
diff --git a/linux/system/repo/mcp/apt_mirantis/update/ubuntu.yml b/linux/system/repo/mcp/apt_mirantis/update/ubuntu.yml
index 6635d9b..a345feb 100644
--- a/linux/system/repo/mcp/apt_mirantis/update/ubuntu.yml
+++ b/linux/system/repo/mcp/apt_mirantis/update/ubuntu.yml
@@ -7,11 +7,11 @@
# source: "deb [arch=amd64] ${_param:linux_system_repo_update_ubuntu_url} ${_param:linux_system_codename} main restricted universe"
# architectures: ${_param:linux_system_architecture}
# default: true
-# ubuntu_updates_update:
-# refresh_db: ${_param:linux_repo_refresh_db}
-# source: "deb [arch=amd64] ${_param:linux_system_repo_update_ubuntu_url} ${_param:linux_system_codename}-updates main restricted universe"
-# architectures: ${_param:linux_system_architecture}
-# default: true
+ ubuntu_updates_update:
+ refresh_db: ${_param:linux_repo_refresh_db}
+ source: "deb [arch=amd64] ${_param:linux_system_repo_update_ubuntu_url} ${_param:linux_system_codename}-updates main restricted universe"
+ architectures: ${_param:linux_system_architecture}
+ default: true
ubuntu_security_update:
refresh_db: ${_param:linux_repo_refresh_db}
source: "deb [arch=amd64] ${_param:linux_system_repo_update_ubuntu_url} ${_param:linux_system_codename}-security main restricted universe"
diff --git a/maas/region/single.yml b/maas/region/single.yml
index 175fbff..4cdfd11 100644
--- a/maas/region/single.yml
+++ b/maas/region/single.yml
@@ -5,6 +5,13 @@
_param:
maas_admin_username: mirantis
maas_region_main_archive: ${_param:linux_system_repo_update_url}/ubuntu/
+ # Pin distro-info-data package. See PROD-34940 for details
+ linux:
+ system:
+ package:
+ distro-info-data:
+ version: 0.28ubuntu0.9
+ hold: true
maas:
cluster:
enabled: true
diff --git a/nginx/server/proxy/ceph_radosgw.yml b/nginx/server/proxy/ceph_radosgw.yml
index 8207bda..37fc390 100644
--- a/nginx/server/proxy/ceph_radosgw.yml
+++ b/nginx/server/proxy/ceph_radosgw.yml
@@ -20,8 +20,6 @@
enabled: true
value: "$remote_addr"
proxy:
- size: 10240m
- buffer_size: 10240m
host: ${_param:nginx_proxy_radosgw_service_host}
port: ${_param:nginx_proxy_radosgw_service_port}
protocol: http
diff --git a/nginx/server/proxy/salt_api.yml b/nginx/server/proxy/salt_api.yml
index f559ef4..4a1f5b1 100644
--- a/nginx/server/proxy/salt_api.yml
+++ b/nginx/server/proxy/salt_api.yml
@@ -21,6 +21,9 @@
host: ${_param:infra_config_hostname}.${_param:cluster_domain}
port: ${_param:nginx_proxy_salt_api_proxy_port}
protocol: ${_param:nginx_proxy_salt_api_proxy_protocol}
+ # Prevent nginx from caching request body
+ request_buffer: false
+ timeout: 1800
host:
name: ${_param:infra_config_hostname}.${_param:cluster_domain}
port: ${_param:nginx_proxy_salt_api_site_port}
diff --git a/openssh/server/team/members/mpolenchuk.yml b/openssh/server/team/members/mpolenchuk.yml
new file mode 100644
index 0000000..eafbe84
--- /dev/null
+++ b/openssh/server/team/members/mpolenchuk.yml
@@ -0,0 +1,19 @@
+parameters:
+ linux:
+ system:
+ user:
+ mpolenchuk:
+ enabled: true
+ name: mpolenchuk
+ sudo: ${_param:linux_system_user_sudo}
+ full_name: Michael Polenchuk
+ home: /home/mpolenchuk
+ email: mpolenchuk@mirantis.com
+ openssh:
+ server:
+ user:
+ mpolenchuk:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC18NFHig4QQPBgFY7s3MOzGRYHOFY6Fzu1lBSYoH6Ie6u2AY7aS149uSUHJPuzTQ5uEsxXqSlfOOggwrB7sOb1w+sCUhUJN5SyvPl1tnQ5mQ96DvMGtFwuTQwQJ5SY/XXIKCKn59G0AMyOmajDsHdeUFhwj1u8CWnEM7QHxuAxDxbExNyWe0yytsdbIelI1xsyX3qWNsJz/9BSnD6IKKtB0ca0lG+qWmO8eQ/A/pqE28E6kh25mqsEk38gTvBgJsaociU75WTEQYcxhVy4+/ZoZeW/ASDC+Raaq8b7gbrOo8EKdgpWk1MAdomfGfoxJ2HEVI08vLR3xBd0IjbC0NFN root@desktop
+ user: ${linux:system:user:mpolenchuk}
diff --git a/openssh/server/team/members/srudyka.yml b/openssh/server/team/members/srudyka.yml
new file mode 100644
index 0000000..0321ea4
--- /dev/null
+++ b/openssh/server/team/members/srudyka.yml
@@ -0,0 +1,20 @@
+parameters:
+ linux:
+ system:
+ user:
+ srudyka:
+ email: srudyka@mirantis.com
+ enabled: true
+ full_name: Sergii Rudyka
+ home: /home/srudyka
+ name: srudyka
+ email: srudyka@mirantis.com
+ sudo: ${_param:linux_system_user_sudo}
+ openssh:
+ server:
+ user:
+ srudyka:
+ enabled: true
+ public_keys:
+ - key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIGps6KXDEuWoTRAMkCPQI/sDaLcPwnq0fDgKSTjqBd1N
+ user: ${linux:system:user:srudyka}
diff --git a/openssh/server/team/oscore_devops.yml b/openssh/server/team/oscore_devops.yml
index e62953d..e8fc391 100644
--- a/openssh/server/team/oscore_devops.yml
+++ b/openssh/server/team/oscore_devops.yml
@@ -18,6 +18,7 @@
- system.openssh.server.team.members.vdrok
- system.openssh.server.team.members.vmarkov
- system.openssh.server.team.members.vsaienko
+- system.openssh.server.team.members.mpolenchuk
parameters:
_param:
linux_system_user_sudo: true
diff --git a/openssh/server/team/services.yml b/openssh/server/team/services.yml
index 0657f99..4c40b54 100644
--- a/openssh/server/team/services.yml
+++ b/openssh/server/team/services.yml
@@ -18,16 +18,15 @@
- system.openssh.server.team.members.korlowska
- system.openssh.server.team.members.lmercl
- system.openssh.server.team.members.mchernik
-- system.openssh.server.team.members.mlos
- system.openssh.server.team.members.osavatieiev
- system.openssh.server.team.members.oaleksieiev
- system.openssh.server.team.members.pbasov
- system.openssh.server.team.members.pruzicka
- system.openssh.server.team.members.sburns
-- system.openssh.server.team.members.tjaroszyk
- system.openssh.server.team.members.vkuspits
- system.openssh.server.team.members.yisakov
- system.openssh.server.team.members.qwu
+- system.openssh.server.team.members.srudyka
parameters:
_param:
linux_system_user_sudo: true
diff --git a/openssh/server/team/storage.yml b/openssh/server/team/storage.yml
index 5531f97..931692b 100644
--- a/openssh/server/team/storage.yml
+++ b/openssh/server/team/storage.yml
@@ -3,3 +3,4 @@
- system.openssh.server.team.members.deprecated.mvollman
- system.openssh.server.team.members.mlos
- system.openssh.server.team.members.mjedynski
+- system.openssh.server.team.members.tjaroszyk
diff --git a/prometheus/alerta/init.yml b/prometheus/alerta/init.yml
index a82e8d4..6e16b63 100644
--- a/prometheus/alerta/init.yml
+++ b/prometheus/alerta/init.yml
@@ -1,2 +1,7 @@
classes:
- service.prometheus.alerta
+parameters:
+ prometheus:
+ alerta:
+ timeouts:
+ alert: 28800
diff --git a/prometheus/elasticsearch_exporter/queries/default.yml b/prometheus/elasticsearch_exporter/queries/default.yml
index eeb013c..ca1c3e1 100644
--- a/prometheus/elasticsearch_exporter/queries/default.yml
+++ b/prometheus/elasticsearch_exporter/queries/default.yml
@@ -26,12 +26,14 @@
"aggs": {
"program": {
"terms": {
- "field": "programname.keyword"
+ "field": "programname.keyword",
+ "size": 10000
},
"aggs": {
"host": {
"terms": {
- "field": "Hostname.keyword"
+ "field": "Hostname.keyword",
+ "size": 10000
}
}
}
diff --git a/prometheus/gainsight/container.yml b/prometheus/gainsight/container.yml
index f98e052..fda03e8 100644
--- a/prometheus/gainsight/container.yml
+++ b/prometheus/gainsight/container.yml
@@ -1,3 +1,2 @@
classes:
- service.prometheus.gainsight.container
-
diff --git a/prometheus/gainsight/elasticsearch_container.yml b/prometheus/gainsight/elasticsearch_container.yml
index 8a10fbf..a32320f 100644
--- a/prometheus/gainsight/elasticsearch_container.yml
+++ b/prometheus/gainsight/elasticsearch_container.yml
@@ -1,3 +1,2 @@
classes:
- service.prometheus.gainsight.elasticsearch_container
-
diff --git a/prometheus/gainsight/query/openstack.yml b/prometheus/gainsight/query/openstack.yml
index 3ab9ed5..3615ad4 100644
--- a/prometheus/gainsight/query/openstack.yml
+++ b/prometheus/gainsight/query/openstack.yml
@@ -2,20 +2,20 @@
prometheus:
gainsight:
queries:
- vcpu_used: "'vCPU Used','avg(sum(avg_over_time(openstack_nova_used_vcpus[24h])) by (instance))'"
- vcpu_free: "'vCPU Free','avg(sum(avg_over_time(openstack_nova_free_vcpus[24h])) by (instance))'"
- vstorage_used: "'vStorage Used','avg(sum(avg_over_time(openstack_nova_used_disk[24h])) by (instance))'"
- vstorage_free: "'vStorage Free','avg(sum(avg_over_time(openstack_nova_free_disk[24h])) by (instance))'"
- vram_used: "'vRAM Used','avg(sum(avg_over_time(openstack_nova_used_ram[24h])) by (instance))'"
- vram_free: "'vRAM Free','avg(sum(avg_over_time(openstack_nova_free_ram[24h])) by (instance))'"
- instances: "'Instances','avg(sum(avg_over_time(openstack_nova_instances{state=\"active\"}[24h])) by (instance))'"
- compute_nodes: "'Compute Nodes','avg(sum(openstack_nova_services{binary=~\"nova.compute\"}) by (instance))'"
- tenants: "'Tenants','avg(sum(avg_over_time(openstack_keystone_tenants_total[24h])) by (instance))'"
- cinder_api: "'Cinder API','avg_over_time(name:openstack_api_check_status:avg5m:for5m:ceil:avg5m:floor{name=\"cinderv2\"}[24h])'"
- nova_api: "'Nova API','avg_over_time(name:openstack_api_check_status:avg5m:for5m:ceil:avg5m:floor{name=\"nova\"}[24h])'"
- keystone_api: "'Keystone API','avg_over_time(name:openstack_api_check_status:avg5m:for5m:ceil:avg5m:floor{name=\"keystone\"}[24h])'"
- glance_api: "'Glance API','avg_over_time(name:openstack_api_check_status:avg5m:for5m:ceil:avg5m:floor{name=\"glance\"}[24h])'"
- neutron_api: "'Neutron API','avg_over_time(name:openstack_api_check_status:avg5m:for5m:ceil:avg5m:floor{name=\"neutron\"}[24h])'"
+ vcpu_used: "'vCPU Used','max(sum by (instance) (avg_over_time(openstack_nova_used_vcpus[24h]) and on (hostname) (openstack_nova_service_status == 1 and openstack_nova_service_state == 1)))'"
+ vcpu_free: "'vCPU Free','max(sum by (instance) (avg_over_time(openstack_nova_free_vcpus[24h]) and on (hostname) (openstack_nova_service_status == 1 and openstack_nova_service_state == 1)))'"
+ vstorage_used: "'vStorage Used','max(sum by (instance) (avg_over_time(openstack_nova_used_disk[24h]) and on (hostname) (openstack_nova_service_status == 1 and openstack_nova_service_state == 1)))'"
+ vstorage_free: "'vStorage Free','max(sum by (instance) (avg_over_time(openstack_nova_free_disk[24h]) and on (hostname) (openstack_nova_service_status == 1 and openstack_nova_service_state == 1)))'"
+ vram_used: "'vRAM Used','max(sum by (instance) (avg_over_time(openstack_nova_used_ram[24h]) and on (hostname) (openstack_nova_service_status == 1 and openstack_nova_service_state == 1)))'"
+ vram_free: "'vRAM Free','max(sum by (instance) (avg_over_time(openstack_nova_free_ram[24h]) and on (hostname) (openstack_nova_service_status == 1 and openstack_nova_service_state == 1)))'"
+ instances: "'Instances','ceil(max(avg_over_time(openstack_nova_instances{state=\"active\"}[24h])))'"
+ compute_nodes: "'Compute Nodes','max(sum by (instance) (openstack_nova_services{binary=~\"nova.compute\"}))'"
+ tenants: "'Tenants','ceil(max(avg_over_time(openstack_keystone_tenants_total[24h])))'"
+ cinder_api: "'Cinder API','avg_over_time(service_name:openstack_api_check_status:avg5m:for5m:ceil:avg5m:floor{service_name=\"cinderv2\"}[24h]) * 100'"
+ nova_api: "'Nova API','avg_over_time(service_name:openstack_api_check_status:avg5m:for5m:ceil:avg5m:floor{service_name=\"nova\"}[24h]) * 100'"
+ keystone_api: "'Keystone API','avg_over_time(service_name:openstack_api_check_status:avg5m:for5m:ceil:avg5m:floor{service_name=\"keystone\"}[24h]) * 100'"
+ glance_api: "'Glance API','avg_over_time(service_name:openstack_api_check_status:avg5m:for5m:ceil:avg5m:floor{service_name=\"glance\"}[24h]) * 100'"
+ neutron_api: "'Neutron API','avg_over_time(service_name:openstack_api_check_status:avg5m:for5m:ceil:avg5m:floor{service_name=\"neutron\"}[24h]) * 100'"
compute_instance_create_start: "'VM creation start','sum(compute_instance_create_start_event_doc_count)'"
compute_instance_create_end: "'VM creation end','sum(compute_instance_create_end_event_doc_count)'"
compute_instance_create_error: "'VM creation error','sum(compute_instance_create_error_event_doc_count)'"
diff --git a/salt/control/virt.yml b/salt/control/virt.yml
index 8f599bd..3cd93d8 100644
--- a/salt/control/virt.yml
+++ b/salt/control/virt.yml
@@ -5,6 +5,7 @@
control:
enabled: True
virt_enabled: True
+ file_mask: 022
virt:
nic:
default:
diff --git a/salt/master/single.yml b/salt/master/single.yml
index 64ddf88..9392046 100644
--- a/salt/master/single.yml
+++ b/salt/master/single.yml
@@ -17,7 +17,9 @@
max_open_files: 15000
command_timeout: 10
opts:
- gather_job_timeout: 40
+ gather_job_timeout: 100
+ sock_pool_size: 15
+ zmq_backlog: 3000
peer:
'.*':
- x509.sign_remote_certificate
diff --git a/sphinx/server/doc/reclass.yml b/sphinx/server/doc/reclass.yml
index 53fa5dd..651ec48 100644
--- a/sphinx/server/doc/reclass.yml
+++ b/sphinx/server/doc/reclass.yml
@@ -3,6 +3,9 @@
parameters:
_param:
nginx_static_reclass_doc_host: ${_param:cluster_public_host}
+ nginx_proxy_sphinx_user: sphinx
+ nginx_proxy_sphinx_password: ${_param:sphinx_proxy_password_generated}
+ nginx_proxy_sphinx_htpasswd_file: .htpasswd_sphinx
sphinx:
server:
doc:
@@ -13,12 +16,22 @@
engine: reclass
nginx:
server:
+ user:
+ sphinx:
+ enabled: true
+ name: ${_param:nginx_proxy_sphinx_user}
+ password: ${_param:nginx_proxy_sphinx_password}
+ htpasswd: ${_param:nginx_proxy_sphinx_htpasswd_file}
site:
nginx_static_reclass_doc:
enabled: true
type: nginx_static
name: reclass_doc
+ auth:
+ engine: basic
+ htpasswd: ${_param:nginx_proxy_sphinx_htpasswd_file}
host:
name: ${_param:nginx_static_reclass_doc_host}
port: 8090
protocol: http
+