Merge "param for specific repo release version (apt_mk)"
diff --git a/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk.yml b/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/init.yml
similarity index 100%
rename from aptly/server/mirror/ubuntu/xenial/mcp/apt_mk.yml
rename to aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/init.yml
diff --git a/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/stable.yml b/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/stable.yml
new file mode 100644
index 0000000..56f8b08
--- /dev/null
+++ b/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/stable.yml
@@ -0,0 +1,5 @@
+classes:
+- system.aptly.server.mirror.ubuntu.xenial.mcp.apt_mk
+parameters:
+ _param:
+ apt_mk_version: stable
diff --git a/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/testing.yml b/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/testing.yml
new file mode 100644
index 0000000..e5b0bd2
--- /dev/null
+++ b/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/testing.yml
@@ -0,0 +1,5 @@
+classes:
+- system.aptly.server.mirror.ubuntu.xenial.mcp.apt_mk
+parameters:
+ _param:
+ apt_mk_version: testing
diff --git a/cinder/volume/local.yml b/cinder/volume/local.yml
new file mode 100644
index 0000000..794a33e
--- /dev/null
+++ b/cinder/volume/local.yml
@@ -0,0 +1,14 @@
+classes:
+- service.cinder.volume.local
+parameters:
+ cinder:
+ volume:
+ enabled: True
+ database:
+ host: ${_param:single_address}
+ glance:
+ host: ${_param:single_address}
+ message_queue:
+ host: ${_param:single_address}
+ identity:
+ host: ${_param:single_address}
diff --git a/docker/swarm/service/monitoring/prometheus_alertmanager.yml b/docker/swarm/service/monitoring/prometheus_alertmanager.yml
deleted file mode 100644
index 942fa42..0000000
--- a/docker/swarm/service/monitoring/prometheus_alertmanager.yml
+++ /dev/null
@@ -1,24 +0,0 @@
-classes:
-- service.prometheus.alertmanager.container
-parameters:
- docker:
- client:
- service:
- prometheus_alertmanager:
- network: monitoring
- replicas: 2
- environment:
- config_dir: /opt/alertmanager/config
- bind_port: ${prometheus:alertmanager:bind:port}
- bind_address: ${prometheus:alertmanager:bind:address}
- discovery_domain: 'prometheus_alertmanager'
- restart:
- condition: any
- image: ${_param:docker_image_alertmanager}
- ports:
- - 15011:${prometheus:alertmanager:bind:port}
- volume:
- site:
- type: bind
- source: /srv/volumes/prometheus
- destination: /opt/alertmanager/config
diff --git a/docker/swarm/service/monitoring/prometheus_pushgateway.yml b/docker/swarm/service/monitoring/prometheus_pushgateway.yml
deleted file mode 100644
index 850f66e..0000000
--- a/docker/swarm/service/monitoring/prometheus_pushgateway.yml
+++ /dev/null
@@ -1,17 +0,0 @@
-classes:
-- service.prometheus.pushgateway.container
-parameters:
- docker:
- client:
- service:
- prometheus_pushgateway:
- network: monitoring
- replicas: 2
- environment:
- bind_port: ${prometheus:pushgateway:bind:port}
- bind_address: ${prometheus:pushgateway:bind:address}
- restart:
- condition: any
- image: ${_param:docker_image_pushgateway}
- ports:
- - 15012:${prometheus:pushgateway:bind:port}
diff --git a/docker/swarm/service/monitoring/prometheus_server.yml b/docker/swarm/service/monitoring/prometheus_server.yml
deleted file mode 100644
index 5c0a480..0000000
--- a/docker/swarm/service/monitoring/prometheus_server.yml
+++ /dev/null
@@ -1,30 +0,0 @@
-classes:
-- service.prometheus.server.container
-parameters:
- docker:
- client:
- service:
- prometheus_server:
- network: monitoring
- replicas: 1
- environment:
- config_dir: /opt/prometheus/config
- bind_port: ${prometheus:server:bind:port}
- bind_address: ${prometheus:server:bind:address}
- alertmanager_port: ${prometheus:alertmanager:bind:port}
- storage_local_engine: ${prometheus:server:storage:local:engine}
- storage_local_retention: ${prometheus:server:storage:local:retention}
- storage_local_memory_chunks: ${prometheus:server:storage:local:memory_chunks}
- storage_local_max_chunks_to_persist: ${prometheus:server:storage:local:max_chunks_to_persist}
- storage_local_num_fingerprint_mutexes: ${prometheus:server:storage:local:num_fingerprint_mutexes}
- discovery_domain: 'prometheus_alertmanager'
- restart:
- condition: any
- image: ${_param:docker_image_prometheus}
- ports:
- - 15010:${prometheus:server:bind:port}
- volume:
- site:
- type: bind
- source: /srv/volumes/prometheus
- destination: /opt/prometheus/config
diff --git a/docker/swarm/stack/monitoring.yml b/docker/swarm/stack/monitoring.yml
index bbc2d24..091add5 100644
--- a/docker/swarm/stack/monitoring.yml
+++ b/docker/swarm/stack/monitoring.yml
@@ -2,6 +2,8 @@
- service.prometheus.server.container
- service.prometheus.alertmanager.container
- service.prometheus.pushgateway.container
+- system.prometheus.server
+- system.prometheus.alertmanager
parameters:
docker:
client:
@@ -18,15 +20,21 @@
- monitoring
deploy:
replicas: 2
+ labels:
+ com.mirantis.monitoring: "alertmanager"
restart_policy:
condition: any
+ labels:
+ com.mirantis.monitoring: "alertmanager"
image: ${_param:docker_image_alertmanager}
ports:
- 15011:${prometheus:alertmanager:bind:port}
volumes:
- - /srv/volumes/prometheus:/opt/alertmanager/config
+ - ${prometheus:alertmanager:dir:config}:${_param:prometheus_alertmanager_config_directory}
+ - ${prometheus:alertmanager:dir:data}:${_param:prometheus_alertmanager_data_directory}
environment:
- config_dir: /opt/alertmanager/config
+ config_dir: ${_param:prometheus_alertmanager_config_directory}
+ data_dir: ${_param:prometheus_alertmanager_data_directory}
bind_port: ${prometheus:alertmanager:bind:port}
bind_address: ${prometheus:alertmanager:bind:address}
discovery_domain: 'monitoring_alertmanager'
@@ -35,11 +43,15 @@
- monitoring
deploy:
replicas: 2
+ labels:
+ com.mirantis.monitoring: "pushgateway"
restart_policy:
condition: any
environment:
bind_port: ${prometheus:pushgateway:bind:port}
bind_address: ${prometheus:pushgateway:bind:address}
+ labels:
+ com.mirantis.monitoring: "pushgateway"
image: ${_param:docker_image_pushgateway}
ports:
- 15012:${prometheus:pushgateway:bind:port}
@@ -48,15 +60,21 @@
- monitoring
deploy:
replicas: 1
+ labels:
+ com.mirantis.monitoring: "prometheus"
restart_policy:
condition: any
+ labels:
+ com.mirantis.monitoring: "prometheus"
image: ${_param:docker_image_prometheus}
ports:
- 15010:${prometheus:server:bind:port}
volumes:
- - /srv/volumes/prometheus:/opt/prometheus/config
+ - ${prometheus:server:dir:config}:${_param:prometheus_server_config_directory}
+ - ${prometheus:server:dir:data}:${_param:prometheus_server_data_directory}
environment:
- config_dir: /opt/prometheus/config
+ config_dir: ${_param:prometheus_server_config_directory}
+ data_dir: ${_param:prometheus_server_data_directory}
bind_port: ${prometheus:server:bind:port}
bind_address: ${prometheus:server:bind:address}
alertmanager_port: ${prometheus:alertmanager:bind:port}
diff --git a/heka/remote_collector/init.yml b/heka/remote_collector/init.yml
new file mode 100644
index 0000000..8446af5
--- /dev/null
+++ b/heka/remote_collector/init.yml
@@ -0,0 +1,15 @@
+classes:
+- service.heka.remote_collector.cluster
+- system.heka.server
+parameters:
+ keepalived:
+ cluster:
+ instance:
+ prometheus_server_vip:
+ notify_action:
+ master:
+ - service remote_collector start
+ backup:
+ - service remote_collector stop
+ fault:
+ - service remote_collector stop
diff --git a/heka/remote_collector/output/aggregator.yml b/heka/remote_collector/output/aggregator.yml
new file mode 100644
index 0000000..2a7444f
--- /dev/null
+++ b/heka/remote_collector/output/aggregator.yml
@@ -0,0 +1,7 @@
+parameters:
+ _param:
+ aggregator_port: 5565
+ heka:
+ remote_collector:
+ aggregator_host: ${_param:heka_aggregator_host}
+ aggregator_port: ${_param:aggregator_port}
diff --git a/heka/remote_collector/output/elasticsearch.yml b/heka/remote_collector/output/elasticsearch.yml
new file mode 100644
index 0000000..25f87cb
--- /dev/null
+++ b/heka/remote_collector/output/elasticsearch.yml
@@ -0,0 +1,7 @@
+parameters:
+ _param:
+ elasticsearch_port: 9200
+ heka:
+ remote_collector:
+ elasticsearch_host: ${_param:heka_elasticsearch_host}
+ elasticsearch_port: ${_param:elasticsearch_port}
diff --git a/heka/remote_collector/output/influxdb.yml b/heka/remote_collector/output/influxdb.yml
new file mode 100644
index 0000000..5383b66
--- /dev/null
+++ b/heka/remote_collector/output/influxdb.yml
@@ -0,0 +1,10 @@
+parameters:
+ _param:
+ influxdb_port: 8086
+ heka:
+ remote_collector:
+ influxdb_host: ${_param:heka_influxdb_host}
+ influxdb_port: ${_param:influxdb_port}
+ influxdb_database: lma
+ influxdb_username: lma
+ influxdb_password: ${_param:influxdb_stacklight_password}
diff --git a/heka/remote_collector/output/sensu.yml b/heka/remote_collector/output/sensu.yml
index c7c66e9..087a7c2 100644
--- a/heka/remote_collector/output/sensu.yml
+++ b/heka/remote_collector/output/sensu.yml
@@ -1,3 +1,2 @@
classes:
- service.heka.remote_collector.output.sensu
-
diff --git a/jenkins/client/approved_scripts.yml b/jenkins/client/approved_scripts.yml
index 77c4c26..f9e01b8 100644
--- a/jenkins/client/approved_scripts.yml
+++ b/jenkins/client/approved_scripts.yml
@@ -98,3 +98,13 @@
- method hudson.model.Run getNumber
- staticMethod java.lang.String valueOf int
- method jenkins.model.Jenkins getItemByFullName java.lang.String
+ - new java.util.ArrayList
+ - new java.util.HashMap
+ - staticMethod java.lang.Math min int int
+ - method hudson.model.Job getBuildByNumber int
+ - new java.io.IOException java.lang.String
+ - method org.jenkinsci.plugins.workflow.job.WorkflowRun finish hudson.model.Result java.lang.Throwable
+ - new groovy.json.JsonBuilder
+ - new java.lang.RuntimeException java.lang.String
+ - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods takeRight java.util.List int
+ - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getAt java.util.List groovy.lang.Range
diff --git a/jenkins/client/job/debian/packages/extra.yml b/jenkins/client/job/debian/packages/extra.yml
index 298452e..b7de941 100644
--- a/jenkins/client/job/debian/packages/extra.yml
+++ b/jenkins/client/job/debian/packages/extra.yml
@@ -137,6 +137,10 @@
dist: xenial
build: telegraf
branch: release-1.2
+ - package: libvirt-exporter
+ dist: xenial
+ build: libvirt-exporter
+ branch: master
template:
type: workflow-scm
concurrent: false
@@ -150,7 +154,7 @@
project:
debian/{{package}}:
branches:
- - debian/{{dist}}
+ - "{{branch}}"
message:
build_successful: "Build successful"
build_unstable: "Build unstable"
diff --git a/jenkins/client/job/deploy/lab/cicd.yml b/jenkins/client/job/deploy/lab/cicd.yml
index 0aa442e..7f53d29 100644
--- a/jenkins/client/job/deploy/lab/cicd.yml
+++ b/jenkins/client/job/deploy/lab/cicd.yml
@@ -75,3 +75,9 @@
OPENSTACK_API_VERSION:
type: string
default: "2"
+ OPENSTACK_API_PROJECT_DOMAIN_ID:
+ type: string
+ default: "default"
+ OPENSTACK_API_USER_DOMAIN_ID:
+ type: string
+ default: "default"
diff --git a/jenkins/client/job/deploy/lab/init.yml b/jenkins/client/job/deploy/lab/init.yml
index 5fc4401..e700325 100644
--- a/jenkins/client/job/deploy/lab/init.yml
+++ b/jenkins/client/job/deploy/lab/init.yml
@@ -2,6 +2,7 @@
- system.jenkins.client.job.deploy.lab.mk.physical
- system.jenkins.client.job.deploy.lab.mk.virtual
- system.jenkins.client.job.deploy.lab.mk.cleanup
+ - system.jenkins.client.job.deploy.lab.mk.cloud
- system.jenkins.client.job.deploy.lab.cicd
- system.jenkins.client.job.deploy.lab.demo
diff --git a/jenkins/client/job/deploy/lab/mk/cleanup.yml b/jenkins/client/job/deploy/lab/mk/cleanup.yml
index c2b32cc..8658eec 100644
--- a/jenkins/client/job/deploy/lab/mk/cleanup.yml
+++ b/jenkins/client/job/deploy/lab/mk/cleanup.yml
@@ -31,6 +31,12 @@
OPENSTACK_API_VERSION:
type: string
default: "2"
+ OPENSTACK_API_PROJECT_DOMAIN_ID:
+ type: string
+ default: "default"
+ OPENSTACK_API_USER_DOMAIN_ID:
+ type: string
+ default: "default"
# heat
HEAT_STACK_NAME:
type: string
@@ -66,4 +72,10 @@
default: "liberty"
OPENSTACK_API_VERSION:
type: string
- default: "2"
\ No newline at end of file
+ default: "2"
+ OPENSTACK_API_PROJECT_DOMAIN_ID:
+ type: string
+ default: "default"
+ OPENSTACK_API_USER_DOMAIN_ID:
+ type: string
+ default: "default"
diff --git a/jenkins/client/job/deploy/lab/mk/cloud.yml b/jenkins/client/job/deploy/lab/mk/cloud.yml
new file mode 100644
index 0000000..cbbcd34
--- /dev/null
+++ b/jenkins/client/job/deploy/lab/mk/cloud.yml
@@ -0,0 +1,134 @@
+parameters:
+ _param:
+ jenkins_cloud_deploy_pipelines:
+ - stack_name: k8s_calico
+ stack_type: heat
+ stack_install: core,k8s
+ job_timer: ""
+ - stack_name: k8s_calico
+ stack_type: aws
+ stack_install: core,k8s
+ job_timer: ""
+ jenkins:
+ client:
+ job_template:
+ cloud_deploy_heat_template:
+ name: cloud-deploy-{{stack_type}}-{{stack_name}}
+ jobs: ${_param:jenkins_cloud_deploy_pipelines}
+ template:
+ type: workflow-scm
+ discard:
+ build:
+ keep_num: 20
+ concurrent: true
+ display_name: "Deploy {{stack_type}} {{stack_name}} stack"
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+ credentials: "gerrit"
+ script: cloud-deploy-pipeline.groovy
+ trigger:
+ timer:
+ spec: "{{job_timer}}"
+ param:
+ # deployments and test settings
+ STACK_NAME:
+ type: string
+ description: Heat stack name. Will be generated if missing.
+ STACK_TEMPLATE:
+ type: string
+ default: "{{stack_name}}"
+ STACK_TYPE:
+ type: string
+ default: "{{stack_type}}"
+ STACK_INSTALL:
+ type: string
+ default: "{{stack_install}}"
+ STACK_TEST:
+ type: string
+ default: ""
+ STACK_DELETE:
+ type: boolean
+ default: 'true'
+ description: "Don't enable it if you need to use the lab after"
+ STACK_REUSE:
+ type: boolean
+ default: 'false'
+
+ STACK_TEMPLATE_URL:
+ type: string
+ default: "${_param:jenkins_gerrit_url}/mk/heat-templates"
+ STACK_TEMPLATE_CREDENTIALS:
+ type: string
+ default: "gerrit"
+ STACK_TEMPLATE_BRANCH:
+ type: string
+ default: "master"
+
+ # salt master
+ SALT_MASTER_CREDENTIALS:
+ type: string
+ default: "salt-qa-credentials"
+ SALT_MASTER_URL:
+ type: string
+ default: ""
+
+ # openstack api
+ AWS_STACK_REGION:
+ type: string
+ default: "us-west-2"
+ AWS_API_CREDENTIALS:
+ type: string
+ default: "aws-qa-credentials"
+
+ # openstack api
+ OPENSTACK_API_URL:
+ type: string
+ default: "https://vpc.tcpisek.cz:5000/v2.0"
+ OPENSTACK_API_CREDENTIALS:
+ type: string
+ default: "openstack-qa-credentials"
+ OPENSTACK_API_PROJECT:
+ type: string
+ default: "mirantis_mk20_qa"
+ OPENSTACK_API_CLIENT:
+ type: string
+ default: "liberty"
+ OPENSTACK_API_VERSION:
+ type: string
+ default: "2"
+ OPENSTACK_API_PROJECT_DOMAIN_ID:
+ type: string
+ default: "default"
+ OPENSTACK_API_USER_DOMAIN_ID:
+ type: string
+ default: "default"
+
+ # heat
+ HEAT_STACK_ENVIRONMENT:
+ type: string
+ default: "tcpisek"
+ HEAT_STACK_ZONE:
+ type: string
+ default: "workshop-sunnyvale"
+ HEAT_STACK_PUBLIC_NET:
+ type: string
+ default: "mirantis-private"
+
+ # k8s setttings
+ K8S_API_SERVER:
+ type: string
+ default: "http://127.0.0.1:8080"
+ K8S_CONFORMANCE_IMAGE:
+ type: string
+ default: "docker-dev-virtual.docker.mirantis.net/mirantis/kubernetes/k8s-conformance:v1.5.1-3_1482332392819"
+
+ # Tempest settings
+ TEMPEST_IMAGE_LINK:
+ type: string
+ default: "sandbox-docker-prod-local.docker.mirantis.net/mirantis/rally_tempest:0.1"
+
+ ASK_ON_ERROR:
+ type: boolean
+ default: 'false'
+
diff --git a/jenkins/client/job/deploy/lab/mk/init.yml b/jenkins/client/job/deploy/lab/mk/init.yml
index 2a32dc6..fba15ef 100644
--- a/jenkins/client/job/deploy/lab/mk/init.yml
+++ b/jenkins/client/job/deploy/lab/mk/init.yml
@@ -91,6 +91,12 @@
OPENSTACK_API_VERSION:
type: string
default: "2"
+ OPENSTACK_API_PROJECT_DOMAIN_ID:
+ type: string
+ default: "default"
+ OPENSTACK_API_USER_DOMAIN_ID:
+ type: string
+ default: "default"
# k8s setttings
K8S_API_SERVER:
diff --git a/jenkins/client/job/deploy/lab/mk/virtual.yml b/jenkins/client/job/deploy/lab/mk/virtual.yml
index 337d93d..e615408 100644
--- a/jenkins/client/job/deploy/lab/mk/virtual.yml
+++ b/jenkins/client/job/deploy/lab/mk/virtual.yml
@@ -9,72 +9,86 @@
stack_type: heat
test: openstack
timer: ""
+ extra_formulas: ""
- lab: virtual_mk20_basic
install: core,openstack
stack_type: heat
test: openstack
timer: ""
+ extra_formulas: ""
# mk22
- lab: virtual_mk22_advanced
install: core,openstack
stack_type: heat
test: openstack
timer: ""
+ extra_formulas: ""
- lab: virtual_mk22_basic
install: core,openstack
stack_type: heat
test: openstack
timer: ""
+ extra_formulas: ""
# mcp05
- lab: virtual_mcp05_dvr
install: core,openstack,dvr
stack_type: heat
test: openstack
timer: ""
+ extra_formulas: ""
- lab: virtual_mcp05_ovs
install: core,openstack,ovs
stack_type: heat
test: openstack
timer: ""
+ extra_formulas: ""
# mcp10
- lab: virtual_mcp10_contrail
install: core,openstack,contrail
stack_type: heat
test: openstack
timer: "H H(0-6) * * *"
+ extra_formulas: ""
- lab: virtual_mcp10_dvr
install: core,openstack,dvr
stack_type: heat
test: openstack
timer: "H H(0-6) * * *"
+ extra_formulas: ""
- lab: virtual_mcp10_ovs
install: core,openstack,ovs
stack_type: heat
test: openstack
timer: "H H(0-6) * * *"
+ extra_formulas: ""
# mcp11
- lab: virtual_mcp11_contrail
install: core,openstack,contrail
stack_type: heat
test: openstack
+ extra_formulas: ""
timer: ""
- lab: virtual_mcp11_dvr
install: core,openstack,dvr
stack_type: heat
test: openstack
timer: ""
+ extra_formulas: ""
- lab: virtual_mcp11_ovs
install: core,openstack,ovs
stack_type: heat
test: openstack
timer: ""
+ extra_formulas: ""
- lab: virtual_mcp11_k8s_calico
install: core,k8s,calico
stack_type: heat
test: k8s
timer: "H H(0-6) * * *"
+ extra_formulas: ""
- lab: virtual_mcp11_k8s_contrail
install: core,k8s,contrail
stack_type: heat
test: k8s
timer: "H H(0-6) * * *"
+ extra_formulas: ""
diff --git a/jenkins/client/job/deploy/update/saltenv.yml b/jenkins/client/job/deploy/update/saltenv.yml
index 0303aea..397e3f3 100644
--- a/jenkins/client/job/deploy/update/saltenv.yml
+++ b/jenkins/client/job/deploy/update/saltenv.yml
@@ -30,3 +30,6 @@
SALT_MASTER_CREDENTIALS:
type: string
default: "{{salt_credentials}}"
+ UPDATE_FORMULAS:
+ type: boolean
+ default: "true"
diff --git a/jenkins/client/job/deploy/update/upgrade.yml b/jenkins/client/job/deploy/update/upgrade.yml
index 81a7b16..efbd153 100644
--- a/jenkins/client/job/deploy/update/upgrade.yml
+++ b/jenkins/client/job/deploy/update/upgrade.yml
@@ -23,3 +23,15 @@
SALT_MASTER_CREDENTIALS:
type: string
default: "salt"
+ STAGE_TEST_UPGRADE:
+ type: boolean
+ default: 'true'
+ description: "Test if syncdb and APIs succeed"
+ STAGE_REAL_UPGRADE:
+ type: boolean
+ default: 'true'
+ description: "Run real control upgrade"
+ STAGE_ROLLBACK_UPGRADE:
+ type: boolean
+ default: 'true'
+ description: "Rollback if control upgrade fails"
diff --git a/jenkins/client/job/docker/aptly.yml b/jenkins/client/job/docker/aptly.yml
deleted file mode 100644
index 98ef8af..0000000
--- a/jenkins/client/job/docker/aptly.yml
+++ /dev/null
@@ -1,48 +0,0 @@
-parameters:
- jenkins:
- client:
- job:
- docker-build-images-aptly:
- name: docker-build-images-aptly
- discard:
- build:
- keep_num: 25
- artifact:
- keep_num: 25
- type: workflow-scm
- concurrent: true
- scm:
- type: git
- url: "${_param:jenkins_gerrit_url}/mk/docker-aptly"
- credentials: "gerrit"
- trigger:
- gerrit:
- project:
- "mk/docker-aptly":
- branches:
- - master
- event:
- ref:
- - updated: {}
- param:
- IMAGE_GIT_URL:
- type: string
- default: "${_param:jenkins_gerrit_url}/mk/docker-aptly"
- IMAGE_BRANCH:
- type: string
- default: "master"
- IMAGE_CREDENTIALS_ID:
- type: string
- default: "gerrit"
- IMAGE_TAGS:
- type: string
- default: "latest"
- REGISTRY_URL:
- type: string
- default: ""
- REGISTRY_CREDENTIALS_ID:
- type: string
- default: "dockerhub"
- DOCKER_GIT_TAG:
- type: boolean
- default: "true"
diff --git a/jenkins/client/job/docker/build-images.yml b/jenkins/client/job/docker/build-images.yml
new file mode 100644
index 0000000..1cc3709
--- /dev/null
+++ b/jenkins/client/job/docker/build-images.yml
@@ -0,0 +1,52 @@
+parameters:
+ jenkins:
+ client:
+ job:
+ docker-build-images:
+ name: "docker-build-images-{{name}}"
+ jobs:
+ - name: aptly
+ - name: ci
+ template:
+ discard:
+ build:
+ keep_num: 25
+ artifact:
+ keep_num: 25
+ type: workflow-scm
+ concurrent: true
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/mk/docker-{{name}}"
+ credentials: "gerrit"
+ trigger:
+ gerrit:
+ project:
+ "mk/docker-{{name}}":
+ branches:
+ - master
+ event:
+ ref:
+ - updated: {}
+ param:
+ IMAGE_GIT_URL:
+ type: string
+ default: "${_param:jenkins_gerrit_url}/mk/docker-{{name}}"
+ IMAGE_BRANCH:
+ type: string
+ default: "master"
+ IMAGE_CREDENTIALS_ID:
+ type: string
+ default: "gerrit"
+ IMAGE_TAGS:
+ type: string
+ default: "latest"
+ REGISTRY_URL:
+ type: string
+ default: ""
+ REGISTRY_CREDENTIALS_ID:
+ type: string
+ default: "dockerhub"
+ DOCKER_GIT_TAG:
+ type: boolean
+ default: "true"
diff --git a/jenkins/client/job/git-mirrors/downstream/debian-packages.yml b/jenkins/client/job/git-mirrors/downstream/debian-packages.yml
index 9708d9f..dde7d9a 100644
--- a/jenkins/client/job/git-mirrors/downstream/debian-packages.yml
+++ b/jenkins/client/job/git-mirrors/downstream/debian-packages.yml
@@ -7,6 +7,10 @@
downstream: debian/telegraf
upstream: "https://github.com/influxdata/telegraf.git"
branches: master
+ - name: libvirt-exporter
+ downstream: debian/libvirt-exporter
+ upstream: "https://github.com/kumina/libvirt_exporter.git"
+ branches: master
- name: debian-gophercloud
downstream: debian/gophercloud
upstream: "https://github.com/gophercloud/gophercloud.git"
diff --git a/jenkins/client/job/git-mirrors/downstream/salt_formulas_utils.yml b/jenkins/client/job/git-mirrors/downstream/salt_formulas_utils.yml
new file mode 100644
index 0000000..dfbdb60
--- /dev/null
+++ b/jenkins/client/job/git-mirrors/downstream/salt_formulas_utils.yml
@@ -0,0 +1,9 @@
+classes:
+ - system.jenkins.client.job.git-mirrors.downstream
+parameters:
+ _param:
+ jenkins_git_mirror_downstream_jobs:
+ - name: salt-formulas
+ downstream: salt-formulas/salt-formulas
+ upstream: "https://github.com/salt-formulas/salt-formulas"
+ branches: master
\ No newline at end of file
diff --git a/jenkins/client/job/git-mirrors/downstream/templates.yml b/jenkins/client/job/git-mirrors/downstream/templates.yml
index ef504af..1c34f37 100644
--- a/jenkins/client/job/git-mirrors/downstream/templates.yml
+++ b/jenkins/client/job/git-mirrors/downstream/templates.yml
@@ -6,7 +6,7 @@
- name: cookiecutter-templates
downstream: mk/cookiecutter-templates
upstream: "git@github.com:Mirantis/mk2x-cookiecutter-reclass-model"
- branches: master
+ branches: master,mcp10
- name: heat-templates
downstream: mk/heat-templates
upstream: "git@github.com:Mirantis/mk-lab-heat-templates"
diff --git a/jenkins/client/job/git-mirrors/upstream/salt_formulas_utils.yml b/jenkins/client/job/git-mirrors/upstream/salt_formulas_utils.yml
new file mode 100644
index 0000000..c86cda5
--- /dev/null
+++ b/jenkins/client/job/git-mirrors/upstream/salt_formulas_utils.yml
@@ -0,0 +1,9 @@
+classes:
+ - system.jenkins.client.job.git-mirrors.upstream
+parameters:
+ _param:
+ jenkins_git_mirror_upstream_jobs:
+ - name: salt-formulas
+ downstream: salt-formulas/salt-formulas
+ upstream: "git@github.com:salt-formulas/salt-formulas.git"
+ branches: master
diff --git a/jenkins/client/job/git-mirrors/upstream/templates.yml b/jenkins/client/job/git-mirrors/upstream/templates.yml
index 12e4a9a..5ffaa43 100644
--- a/jenkins/client/job/git-mirrors/upstream/templates.yml
+++ b/jenkins/client/job/git-mirrors/upstream/templates.yml
@@ -6,7 +6,7 @@
- name: cookiecutter-templates
downstream: mk/cookiecutter-templates
upstream: "git@github.com:Mirantis/mk2x-cookiecutter-reclass-model"
- branches: master
+ branches: master,mcp10
- name: heat-templates
downstream: mk/heat-templates
upstream: "git@github.com:Mirantis/mk-lab-heat-templates"
diff --git a/jenkins/client/job/opencontrail/build/dpdk-extra.yml b/jenkins/client/job/opencontrail/build/dpdk-extra.yml
index f250a8c..5b128a2 100644
--- a/jenkins/client/job/opencontrail/build/dpdk-extra.yml
+++ b/jenkins/client/job/opencontrail/build/dpdk-extra.yml
@@ -21,6 +21,10 @@
dist: xenial
branch_name: mitaka
branch_real_name: mitaka
+ - os: ubuntu
+ dist: xenial
+ branch_name: newton
+ branch_real_name: newton
template:
discard:
build:
diff --git a/jenkins/client/job/opencontrail/git-mirrors/2way.yml b/jenkins/client/job/opencontrail/git-mirrors/2way.yml
index 0ecb83f..349dad5 100644
--- a/jenkins/client/job/opencontrail/git-mirrors/2way.yml
+++ b/jenkins/client/job/opencontrail/git-mirrors/2way.yml
@@ -3,31 +3,79 @@
jenkins_pollscm_spec: "H/60 * * * *"
jenkins:
client:
- job:
- git-mirror-2way-contrail-kubernetes:
- type: workflow-scm
- concurrent: false
- scm:
- type: git
- url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
- credentials: "gerrit"
- script: git-mirror-2way-pipeline.groovy
- github:
- url: "https://github.com/Mirantis/contrail-kubernetes"
- trigger:
- github:
- pollscm:
- spec: ${_param:jenkins_pollscm_spec}
- param:
- SOURCE_URL:
- type: string
- default: "${_param:jenkins_gerrit_url}/contrail/contrail-kubernetes.git"
- TARGET_URL:
- type: string
- default: "https://github.com/Mirantis/contrail-kubernetes.git"
- CREDENTIALS_ID:
- type: string
- default: "gerrit"
- BRANCHES:
- type: string
- default: ${_param:contrail_kubernetes_branches}
+ job_template:
+ git-mirror-2way:
+ name: git-mirror-2way-{{name}}
+ jobs:
+ - name: contrail-build
+ branches: ${_param:contrail_branches}
+ - name: contrail-pipeline
+ branches: ${_param:contrail_branches}
+ - name: contrail-controller
+ branches: ${_param:contrail_branches}
+ - name: contrail-vrouter
+ branches: ${_param:contrail_branches}
+ - name: contrail-third-party
+ branches: ${_param:contrail_branches}
+ - name: contrail-generateDS
+ branches: ${_param:contrail_branches}
+ - name: contrail-sandesh
+ branches: ${_param:contrail_branches}
+ - name: contrail-packages
+ branches: ${_param:contrail_branches}
+ - name: contrail-nova-vif-driver
+ branches: ${_param:contrail_branches}
+ - name: contrail-neutron-plugin
+ branches: ${_param:contrail_branches}
+ - name: contrail-nova-extensions
+ branches: ${_param:contrail_branches}
+ - name: contrail-ceilometer-plugin
+ branches: ${_param:contrail_ceilometer_plugin_branches}
+ - name: contrail-heat
+ branches: ${_param:contrail_branches}
+ - name: contrail-web-storage
+ branches: ${_param:contrail_branches}
+ - name: contrail-web-server-manager
+ branches: ${_param:contrail_branches}
+ - name: contrail-web-controller
+ branches: ${_param:contrail_branches}
+ - name: contrail-web-core
+ branches: ${_param:contrail_branches}
+ - name: contrail-webui-third-party
+ branches: ${_param:contrail_branches}
+ - name: contrail-dpdk-extra-packages
+ branches: ${_param:contrail_dpdk_extra_branches}
+ - name: contrail-dpdk
+ branches: ${_param:contrail_dpdk_branches}
+ template:
+ discard:
+ build:
+ keep_num: 10
+ artifact:
+ keep_num: 10
+ type: workflow-scm
+ concurrent: false
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+ credentials: "gerrit"
+ script: git-mirror-2way-pipeline.groovy
+ github:
+ url: "https://github.com/Mirantis/{{name}}"
+ trigger:
+ github:
+ pollscm:
+ spec: ${_param:jenkins_pollscm_spec}
+ param:
+ SOURCE_URL:
+ type: string
+ default: "${_param:jenkins_gerrit_url}/contrail/{{name}}.git"
+ TARGET_URL:
+ type: string
+ default: "https://github.com/Mirantis/{{name}}.git"
+ CREDENTIALS_ID:
+ type: string
+ default: "gerrit"
+ BRANCHES:
+ type: string
+ default: "{{branches}}"
diff --git a/jenkins/client/job/opencontrail/init.yml b/jenkins/client/job/opencontrail/init.yml
index 2d38d5a..e76b322 100644
--- a/jenkins/client/job/opencontrail/init.yml
+++ b/jenkins/client/job/opencontrail/init.yml
@@ -5,7 +5,7 @@
_param:
contrail_branches: "R3.0.2.x,R3.0.3.x,R3.1,R3.1.1.x,R3.2,R4.0,master"
contrail_kubernetes_branches: "master,release-1.2"
- contrail_dpdk_extra_branches: "mitaka,kilo,liberty-multiqueue"
+ contrail_dpdk_extra_branches: "mitaka,kilo,liberty-multiqueue,newton"
contrail_ceilometer_plugin_branches: "master,R4.0"
contrail_kubernetes_branches: "master,origin-1.1,origin-1.1.3,release-1.1,release-1.2"
contrail_dpdk_branches: "master,R3.0.2.x,R3.0.3.x,R3.1,R3.1.1.x,R3.2,R4.0,contrail_dpdk_17_02,contrail_dpdk_1_7,contrail_dpdk_2_0,contrail_dpdk_2_1"
diff --git a/jenkins/client/job/salt-formulas/tests.yml b/jenkins/client/job/salt-formulas/tests.yml
index 111cc6a..69a0f9b 100644
--- a/jenkins/client/job/salt-formulas/tests.yml
+++ b/jenkins/client/job/salt-formulas/tests.yml
@@ -93,6 +93,7 @@
- name: roundcube
- name: rsync
- name: rsyslog
+ - name: rundeck
- name: sahara
- name: salt
- name: sensu
diff --git a/jenkins/client/job/salt-models/tests.yml b/jenkins/client/job/salt-models/tests.yml
index 1545eff..e4b573d 100644
--- a/jenkins/client/job/salt-models/tests.yml
+++ b/jenkins/client/job/salt-models/tests.yml
@@ -5,14 +5,19 @@
job_template:
test_salt_model:
name: test-salt-model-{{name}}
- param:
- name:
- - mcp-baremetal-lab
- - mcp-virtual-lab
- - mk-ci
- - qa
- - stacklight
- - training
+ jobs:
+ - name: mcp-baremetal-lab
+ extra_formulas: ""
+ - name: mcp-virtual-lab
+ extra_formulas: "prometheus"
+ - name: mk-ci
+ extra_formulas: ""
+ - name: qa
+ extra_formulas: ""
+ - name: stacklight
+ extra_formulas: ""
+ - name: training
+ extra_formulas: ""
template:
type: workflow-scm
scm:
@@ -50,6 +55,13 @@
CREDENTIALS_ID:
type: string
default: "gerrit"
+ PARALLEL_NODE_GROUP_SIZE:
+ type: string
+ default: "3"
+ # Salt master setup extra formulas
+ EXTRA_FORMULAS:
+ type: string
+ default: "{{extra_formulas}}"
test_system_reclass:
name: test-salt-model-{{name}}
jobs:
diff --git a/jenkins/client/job/test_devops_portal.yml b/jenkins/client/job/test_devops_portal.yml
index 711f42a..41be263 100644
--- a/jenkins/client/job/test_devops_portal.yml
+++ b/jenkins/client/job/test_devops_portal.yml
@@ -32,9 +32,15 @@
- addedContains:
commentAddedCommentContains: '(recheck|reverify)'
param:
+ COMPOSE_PATH:
+ type: string
+ default: "docker/stack/docker-compose.yml"
CREDENTIALS_ID:
type: string
default: "gerrit"
+ JSON_CONFIG:
+ type: string
+ default: '{"services": {"elasticsearch": {"endpoint": "http://elasticsearch:9200"}}}'
NODE_IMAGE:
type: string
default: "docker-sandbox.sandbox.mirantis.net/ikharin/ci/node-firefox:6.10"
diff --git a/jenkins/slave/docker.yml b/jenkins/slave/docker.yml
index b1356f0..ea3639b 100644
--- a/jenkins/slave/docker.yml
+++ b/jenkins/slave/docker.yml
@@ -8,9 +8,11 @@
groups:
- docker
sudo:
+ enabled: true
users:
jenkins:
+ setenv: true
hosts:
- ALL
commands:
- - docker
\ No newline at end of file
+ - /usr/bin/docker
\ No newline at end of file
diff --git a/linux/system/sudo.yml b/linux/system/sudo.yml
index 1668c12..8f03f7d 100644
--- a/linux/system/sudo.yml
+++ b/linux/system/sudo.yml
@@ -23,7 +23,21 @@
- /usr/sbin/visudo
sudo_coreutils_safe:
- /usr/bin/less
+ - /usr/bin/grep
+ - /usr/bin/fgrep
+ - /usr/bin/egrep
+ - /usr/bin/zgrep
+ - /usr/bin/tail
+ - /usr/bin/socat
+ - /usr/bin/top
+ - /usr/bin/tail
+ - /usr/bin/lsof
+ - /usr/bin/virsh
+ - /bin/ls
+ - /bin/cp
+ - /bin/netstat
sudo_rabbitmq_safe:
+ - /usr/sbin/rabbitmqctl
- /usr/sbin/rabbitmqctl status
- /usr/sbin/rabbitmqctl cluster_status
- /usr/sbin/rabbitmqctl list_queues*
@@ -41,3 +55,42 @@
- /usr/bin/salt-call saltutil*
sudo_salt_trusted:
- /usr/bin/salt*
+ sudo_networking:
+ - /sbin/ip
+ - /sbin/ss
+ - /sbin/ifconfig
+ - /sbin/route
+ - /sbin/ethtool
+ - /sbin/tcpdump
+ sudo_contrail_utilities:
+ - /usr/bin/contrail*
+ - /bin/contrail*
+ - /usr/bin/vif
+ - /usr/bin/flow
+ - /usr/bin/vrfstats
+ - /usr/bin/rt
+ - /usr/bin/dropstats
+ - /usr/bin/mpls
+ - /usr/bin/mirror
+ - /usr/bin/vxlan
+ - /usr/bin/nh
+ sudo_storage_utilities:
+ - /usr/bin/ceph*
+ - /usr/bin/rados*
+ - /usr/bin/rbd
+ - /usr/sbin/gluster
+ sudo_openstack_clients:
+ - /usr/bin/openstack
+ - /usr/bin/heat*
+ - /usr/bin/nova*
+ - /usr/bin/neutron*
+ - /usr/bin/keystone*
+ - /usr/bin/glance*
+ - /usr/bin/cinder*
+ - /usr/bin/swift*
+ - /usr/bin/ironic*
+ - /usr/bin/manila*
+ - /usr/bin/barbican*
+ - /usr/bin/ceilometer*
+ - /usr/bin/trove*
+
diff --git a/nginx/server/proxy/stacklight/grafana.yml b/nginx/server/proxy/stacklight/grafana.yml
index a1c7c49..24219ee 100644
--- a/nginx/server/proxy/stacklight/grafana.yml
+++ b/nginx/server/proxy/stacklight/grafana.yml
@@ -1,4 +1,6 @@
parameters:
+ _param:
+ nginx_proxy_grafana_port: 3000
nginx:
server:
enabled: true
@@ -9,7 +11,7 @@
name: grafana
proxy:
host: ${_param:stacklight_monitor_address}
- port: 3000
+ port: ${_param:nginx_proxy_grafana_port}
protocol: http
host:
name: ${_param:cluster_public_host}
diff --git a/opencontrail/control/analytics.yml b/opencontrail/control/analytics.yml
index 8cbd166..8065742 100644
--- a/opencontrail/control/analytics.yml
+++ b/opencontrail/control/analytics.yml
@@ -14,6 +14,9 @@
python-kafka:
version: 1.0.1-0contrail1
hold: true
+ kernel:
+ modules:
+ - nf_conntrack_ipv4
opencontrail:
common:
identity:
diff --git a/opencontrail/control/cluster.yml b/opencontrail/control/cluster.yml
index 4ffe081..a4126d6 100644
--- a/opencontrail/control/cluster.yml
+++ b/opencontrail/control/cluster.yml
@@ -13,8 +13,9 @@
version: 0.9.0-0contrail0
python-kafka:
version: 1.0.1-0contrail1
- contrail-api-cli:
- version: latest
+ kernel:
+ modules:
+ - nf_conntrack_ipv4
opencontrail:
web:
database:
diff --git a/opencontrail/control/control.yml b/opencontrail/control/control.yml
index 9c1d905..fdc4f7d 100644
--- a/opencontrail/control/control.yml
+++ b/opencontrail/control/control.yml
@@ -38,3 +38,8 @@
port: 9042
network:
host: ${_param:cluster_vip_address}
+ linux:
+ system:
+ kernel:
+ modules:
+ - nf_conntrack_ipv4
diff --git a/opencontrail/control/single.yml b/opencontrail/control/single.yml
index efdc267..064418e 100644
--- a/opencontrail/control/single.yml
+++ b/opencontrail/control/single.yml
@@ -12,6 +12,9 @@
version: 1.0.1-0contrail1
contrail-api-cli:
version: latest
+ kernel:
+ modules:
+ - nf_conntrack_ipv4
haproxy:
proxy:
listen:
diff --git a/openssh/server/team/k8s_team.yml b/openssh/server/team/k8s_team.yml
index c46a2a0..36f3252 100644
--- a/openssh/server/team/k8s_team.yml
+++ b/openssh/server/team/k8s_team.yml
@@ -72,6 +72,13 @@
full_name: Stan Lagun
home: /home/slagun
email: slagun@mirantis.com
+ psiwczak:
+ enabled: true
+ sudo: true
+ name: psiwczak
+ full_name: Piotr Siwczak
+ home: /home/psiwczak
+ email: psiwczak@mirantis.com
openssh:
server:
enabled: true
@@ -147,3 +154,5 @@
key: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA0IKYIbf05K67En++os8mfi2XYTCHp5ex+KBy4Y7NqAXC3J+hnqgcMry9sHtqVJ+O6do7bCRY7sjgnWosm6TxEupxMCs+euViT3VFvQlszAvj4v/xrAu0IwUUiqA0Pn9TKCJrHtYKYixkGfNw8IdxShH2FRTh52ufBqlLP5qRhdMP/nOohbNwtk0FAX49UB4AXzcLLkHu+P3gjTkR345CH+iciBGL88rp8qpEEA6QdtEjcgk1tGY3uktJ1tTWBv4ozth6EF9A+kG4yd1Fhwv2JVPRNkcL/xKR7f4i67A9KyyNoFLv4rHfXXPOjyproNpz5CZ06V7lJ4jgU/AbyHhLgw== mmosesohn@mattymo1
slagun:
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCfQtpitSDDfwP1TruBs7Nlim1B2PC8NKu1lOifZGOgGaL4G6CTXJunSoU48ovg0AOks6OPb7DSU9ocLTj6q0qNuPvy4yrsKWS+ZsrywLW5qp3OGfE7wmAWj5AGxNUiUaLAFKhriVV541v57OVw322dDuxQ3YE0P5dkKKBc9Xy3Su7PoDkR029fbQFvSlIsUtrICNGKvMtrTIm8V0EQHZnV7Y44+MMJMRxCMrulHJFmtaKE5uPaRz+eVVsbEOl1jfUA/BQ1WyU52Ol3gvm34kwBStQcnqhKC2CP/5ILVhf+Omylw+mcs58vKbc0Tw6dwFEDaTQlkYHLFZij+Y24HGyr slagun@MacLagun2.local
+ psiwczak:
+ key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFSHwjVOBC3nVVytH3DAaWEcfrca/cnurIn9K2elf8wn2PSet7q1OddfVTAtYdiG8pai9BX3uHswEu+TinAfgPoEnvKR4wSgk4hVf/W9eCf7xOn1X0fdSnfogQEjdP54Qk+mOmrh1vChcOL/NdBNNxJC6LGHRslVfcGu5ULaasT7EGzItMjUl8hKbbsM8tFX1IW7uRm3fZu4/HiMMaMnm+cPwH9LUB+cOaLEain5WNo0j0OKtpF6Kp53fpqCS6v4z/+wMgx0V2BMMrSla6cq4mL7iLvtufkO467j2ksa9sG8/ADD6Wh89hxkKGqF3yDm+olywNEo+WwTRfZf6Py5Uv
diff --git a/openssh/server/team/l1_support.yml b/openssh/server/team/l1_support.yml
index f25149a..266bd15 100644
--- a/openssh/server/team/l1_support.yml
+++ b/openssh/server/team/l1_support.yml
@@ -38,11 +38,19 @@
L1_SUPPORT_SALT_TRUSTED: ${_param:sudo_salt_trusted}
L1_SUPPORT_RESTRICTED_SHELLS: ${_param:sudo_shells}
L1_SUPPORT_RESTRICTED: ${_param:sudo_restricted_su}
+ L1_SUPPORT_NETWORKING: ${_param:sudo_networking}
+ L1_SUPPORT_CONTRAIL: ${_param:sudo_contrail_utilities}
+ L1_SUPPORT_STORAGE: ${_param:sudo_storage_utilities}
+ L1_SUPPORT_OPENSTACK_CLIENTS: ${_param:sudo_openstack_clients}
groups:
support:
commands:
- L1_SUPPORT_SALT
- L1_SUPPORT_COREUTILS
- L1_SUPPORT_RABBITMQ
+ - L1_SUPPORT_NETWORKING
+ - L1_SUPPORT_CONTRAIL
+ - L1_SUPPORT_STORAGE
+ - L1_SUPPORT_OPENSTACK_CLIENTS
- '!L1_SUPPORT_RESTRICTED_SHELLS'
- '!L1_SUPPORT_RESTRICTED'
diff --git a/openssh/server/team/stacklight.yml b/openssh/server/team/stacklight.yml
index ac7fd25..6d55bee 100644
--- a/openssh/server/team/stacklight.yml
+++ b/openssh/server/team/stacklight.yml
@@ -79,6 +79,20 @@
full_name: Ildar Svetlov
home: /home/isvetlov
email: isvetlov@mirantis.com
+ akholkin:
+ enabled: true
+ name: akholkin
+ sudo: true
+ full_name: Aleksandr Kholkin
+ home: /home/akholkin
+ email: akholkin@mirantis.com
+ kszukielojc:
+ enabled: true
+ name: kszukielojc
+ sudo: true
+ full_name: Krzysztof Szukiełojć
+ home: /home/kszukielojc
+ email: kszukielojc@mirantis.com
openssh:
client:
enabled: true
@@ -140,6 +154,16 @@
public_keys:
- ${public_keys:isvetlov}
user: ${linux:system:user:isvetlov}
+ akholkin:
+ enable: true
+ public_keys:
+ - ${public_keys:akholkin}
+ user: ${linux:system:user:akholkin}
+ kszukielojc:
+ enable: true
+ public_keys:
+ - ${public_keys:kszukielojc}
+ user: ${linux:system:user:kszukielojc}
public_keys:
newt:
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3odU+3V2uDA2ptAFL9hrJRPNEEdAyztWOZFQ5Oyd9oerTGOU3p4xmrgWWjfKFKbYGhiiIUcYAol5PkTfKukGEkkjCHYA1t023soCaaAj85wCZCnw2zQNAziwxTYmAzTqgxiSvtZNMMrtJvFHRIRDzJ3M1lV0prWNWkMM1/3FAd4W49y6VT3fkMCo8uqG7CfGdgR2DgBCxf9KaNPfW5eDEPOgmE5lK8tVSEI6T+Cg7hbcTf4lFYnlFBnlQgp/0JstsM4Vbwb4B34LOpOsf2S8rrWk2xQMjwaMHXkc2s/E8iW3F5nVFuyEXYISFQIiAHw8dzC6CHgLcyHUVWwznKawZ newt@newt-dev1
@@ -163,3 +187,7 @@
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDLTkl8X9HIJxruAHkmGNQTovy7DCr256pH68xh2DHWinPKUW4ccsCBbqJeF56aEA41OKJlEVOYzD3gQJkDAAbDdy9BlI14oEtzmk3yAtgBwwUzUNMq7oCPrbt4xNg5U26JSb26j69r5vQ4vXA2hf0bCQ68vb3VDqMMaMbneI3rP3qSaq7dauR8sEjx1XAtNen5SygLE46k0pCObJmahGkg39HisoJ/gkjoi/xvQn1JzrYSxWObrBfUbtQN3JbCRozSp/0Env0hMbXj7cS3J/uY68zAWc7GAEFKSmPAol4d/93sRknFUSQKqZjsDaLfiGLte/7oFwLquaz6AJw+mwP ityaptin@ityaptin.local
isvetlov:
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDflz5rJEC6+yKOteNG2uzObQCtV/c/Rnu9Aku1AJWLMMlouID7RaCUrP642xH2z11kZE+sZk/4c3515M5SPQFVKhjGceftbnI9I7DI1KF4OJwMCSfmACDHM3bJcld8eiKTRBxtk32i6YPdNi6m9unHvPultTIBJCxRP/KVyxOOnQparsSSBhBj2t3Kis+3dnDZNBUJJDWyo69FD0RvAOaWZdogwes0nCl+3JJSNWsATqyS+bi4ojqJimHFKiW2sz8qMX3cMzu9uTx1OWvJWJRgOV5/tPsuuNVt75zPAOsfJnIqQJtpkdZAb4SYK+0jLFcLvB6GBgXY3aHk9nHu9MHr isvetlov@ubuntu
+ akholkin:
+ key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDjpy9RI6iEDH/04eOOwreDa+R32USZiWxyFiKHa8zoDAlOfwaZVg6mZWepOxzwxCJPYusPGXCwQ6Zw9tHxVWOCgtzzPpsCCfhUU4v+99Wh08//W8d/s/WFka+5vqyskAO5Z8Ekk+kQU+jpUBG8/gMxAPBjj0fFc5BNeqDY9r9nmMNK6N2RVjvA6wZ8G5hLGxL9bn5Prhf/+avui1NAfy6gsT/mRt1W+eHWTvpijyNGm+m83jU34dQO6gE48n6WdSylLh/fY/p31rzAURaq1V/AZhdbSuZ8aJYDnfHevpK5+hMjoOop3v3hb7WHEmybGujQfW5HVaaWmG7SFlHeKGE/gZ2P9T+bQ+SgO+PmEAw4LayiBkzTPAHdZ2UGZe+3BI5gdM/ayovK2WVO1jS5FNlNGIvEQW+ws9V+ph+S1jL4jobDJEjs358iXrAYpf4JL+LvxFHiuj6EL51tbo8EU22z5mmgRQQ5eFrDzBuVLhcim651A3a5iSlmCeAQ5rTmHX/Op/PbK+3vAtI8vnlK4AhycLvWQ3kK2DRx+Uhzrlk5v6E14SopAhvpGOHqrLgmoHwHp1xt/9M1JgxkOUK5gccFKTQduxLHoTNBaNcP60IOG/MjqUPcOXSBcAN4Y1RDBg+pwXe4PFgOzwKdFoYeuhvtm8y185S0IvvfCHLCD8pNfQ== akholkin@mirantis.com
+ kszukielojc:
+ key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCiUm3Z3W3t4v7oe143rCNM/hbg9NU2bYUmQXek8DJPA4c3Xm6u0q+RL9kEXME+3zcj2HKqMxKsCBLXXdFIsgdUbOBV8AYiuySE220FTnEKRmdxsEnfSaBhXxFyIBNoew4gI7URSqAOclt5WuPJTqRM7K4VhbtzwEgeWVd/NUhxMCCtgkdJCYTSmycxmxs7R6V8vMr9Mb8DOqKkSpOu6f3JkR0lwnFN9zGGC4V/60FlJSDzvvI5Tn40ANPHITivs8xME0znsx7t0bF4vQUimvhYn1mumQCY1NwIaxJ/QqasD6Ag9Sn5dxSg9b3SeLn0JM6qKoIqZtfPYVuCp9gmlH0fyzJUdqu4lKKb2wBw/H5lK6icH4+owMawkav55rbvinHQOqmVCr/Bg/rTfc35ycVqjTXH/5J7OhzioKjU0yFkXFS2X/s8gpyxp3beJ+Ea4faoX+kcs0gyhMYzqC7/DOamrau7aVyEAjKYJNy60xRfjCQzjqiurbxVFh+3Fi64UUn7Bl1QV8VEiU3ztJ118psEI7zA+x2VROLZ1jrtaBYZTYB118JZicaFDycEVgg3+BHX3pFH/QSOjLsA4SK+HJjSz8CFKvWwaO6QJv1/3KHpcGEacMvmqKxwpQK0E4WpjWhglZRMPObQ0dBaGClOujgoOIHXtFGILEpWy2SdzDQkHw== kszukielojc@w541
diff --git a/postgresql/client/security_monkey.yml b/postgresql/client/security_monkey.yml
index 65f1de2..428753d 100644
--- a/postgresql/client/security_monkey.yml
+++ b/postgresql/client/security_monkey.yml
@@ -24,3 +24,9 @@
host: ${_param:secmonkey_db_host}
createdb: true
rights: all privileges
+ init:
+ maintenance_db: pushkin
+ force: true
+ queries:
+ - INSERT INTO login VALUES (11, 1) ON CONFLICT (id) DO UPDATE SET id = excluded.id;
+ - INSERT INTO device VALUES (1, 11, 42, 'security_audit_service', NULL, 1, NULL) ON CONFLICT (id) DO UPDATE SET id = excluded.id;
diff --git a/prometheus/alertmanager/init.yml b/prometheus/alertmanager/init.yml
new file mode 100644
index 0000000..b00a4b9
--- /dev/null
+++ b/prometheus/alertmanager/init.yml
@@ -0,0 +1,4 @@
+parameters:
+ _param:
+ prometheus_alertmanager_config_directory: /srv/alertmanager
+ prometheus_alertmanager_data_directory: /data
diff --git a/prometheus/server/init.yml b/prometheus/server/init.yml
new file mode 100644
index 0000000..0ecea17
--- /dev/null
+++ b/prometheus/server/init.yml
@@ -0,0 +1,4 @@
+parameters:
+ _param:
+ prometheus_server_config_directory: /srv/prometheus
+ prometheus_server_data_directory: /data
diff --git a/prometheus/server/target/dns.yml b/prometheus/server/target/dns.yml
index 14d5da3..7bbf92e 100644
--- a/prometheus/server/target/dns.yml
+++ b/prometheus/server/target/dns.yml
@@ -1,7 +1,3 @@
-classes:
-- service.prometheus.server.container
-- service.prometheus.alertmanager.container
-- service.prometheus.pushgateway.container
parameters:
prometheus:
server:
diff --git a/prometheus/server/target/etcd.yml b/prometheus/server/target/etcd.yml
index 4cd04bf..0ac3310 100644
--- a/prometheus/server/target/etcd.yml
+++ b/prometheus/server/target/etcd.yml
@@ -8,6 +8,6 @@
scheme: https
tls_config:
skip_verify: true
- ssl_dir: /opt/prometheus/config
+ ssl_dir: ${_param:prometheus_server_config_directory}
cert_name: prometheus-server.crt
key_name: prometheus-server.key
diff --git a/prometheus/server/target/kubernetes.yml b/prometheus/server/target/kubernetes.yml
index d7ba3d6..60ca1e0 100644
--- a/prometheus/server/target/kubernetes.yml
+++ b/prometheus/server/target/kubernetes.yml
@@ -5,6 +5,6 @@
kubernetes:
enabled: true
api_ip: ${_param:kubernetes_control_address}
- ssl_dir: /opt/prometheus/config
+ ssl_dir: ${_param:prometheus_server_config_directory}
cert_name: prometheus-server.crt
key_name: prometheus-server.key
diff --git a/reclass/storage/system/stacklightv2_server_cluster.yml b/reclass/storage/system/stacklightv2_server_cluster.yml
new file mode 100644
index 0000000..c72ac2c
--- /dev/null
+++ b/reclass/storage/system/stacklightv2_server_cluster.yml
@@ -0,0 +1,42 @@
+parameters:
+ _param:
+ stacklight_monitor_node01_hostname: mon01
+ stacklight_monitor_node02_hostname: mon02
+ stacklight_monitor_node03_hostname: mon03
+ reclass:
+ storage:
+ node:
+ stacklight_server_node01:
+ name: ${_param:stacklight_monitor_node01_hostname}
+ domain: ${_param:cluster_domain}
+ classes:
+ - system.docker.swarm.master
+ - cluster.${_param:cluster_name}.stacklight.server
+ - cluster.${_param:cluster_name}.stacklight.client
+ params:
+ salt_master_host: ${_param:reclass_config_master}
+ linux_system_codename: xenial
+ single_address: ${_param:stacklight_monitor_node01_address}
+ keepalived_vip_priority: 103
+ stacklight_server_node02:
+ name: ${_param:stacklight_monitor_node02_hostname}
+ domain: ${_param:cluster_domain}
+ classes:
+ - system.docker.swarm.manager
+ - cluster.${_param:cluster_name}.stacklight.server
+ params:
+ salt_master_host: ${_param:reclass_config_master}
+ linux_system_codename: xenial
+ single_address: ${_param:stacklight_monitor_node02_address}
+ keepalived_vip_priority: 102
+ stacklight_server_node03:
+ name: ${_param:stacklight_monitor_node03_hostname}
+ domain: ${_param:cluster_domain}
+ classes:
+ - system.docker.swarm.manager
+ - cluster.${_param:cluster_name}.stacklight.server
+ params:
+ salt_master_host: ${_param:reclass_config_master}
+ linux_system_codename: xenial
+ single_address: ${_param:stacklight_monitor_node03_address}
+ keepalived_vip_priority: 101
diff --git a/salt/minion/cert/prometheus_server.yml b/salt/minion/cert/prometheus_server.yml
index 23c4abf..30a0711 100644
--- a/salt/minion/cert/prometheus_server.yml
+++ b/salt/minion/cert/prometheus_server.yml
@@ -5,8 +5,8 @@
prometheus_server:
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
- key_file: /srv/volumes/prometheus/prometheus-server.key
- cert_file: /srv/volumes/prometheus/prometheus-server.crt
+ key_file: ${prometheus:server:dir:config}/prometheus-server.key
+ cert_file: ${prometheus:server:dir:config}/prometheus-server.crt
common_name: prometheus-server
signing_policy: cert_client
alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
diff --git a/swift/proxy/cluster.yml b/swift/proxy/cluster.yml
new file mode 100644
index 0000000..994eb1e
--- /dev/null
+++ b/swift/proxy/cluster.yml
@@ -0,0 +1,52 @@
+classes:
+- service.memcached.server.single
+- service.keepalived.cluster.single
+- service.haproxy.proxy.single
+- service.swift.proxy.cluster
+parameters:
+ _param:
+ cluster_node01_address: ${_param:swift_proxy_node01_address}
+ cluster_node02_address: ${_param:swift_proxy_node02_address}
+ keepalived:
+ cluster:
+ instance:
+ VIP:
+ virtual_router_id: ${_param:keepalived_vip_virtual_router_id}
+ haproxy:
+ proxy:
+ listen:
+ swift_admin:
+ type: stats
+ check: false
+ binds:
+ - address: ${_param:swift_proxy_vip_address}
+ port: 8080
+ swift_proxy_cluster:
+ type: general-service
+ check: false
+ binds:
+ - address: ${_param:swift_proxy_vip_address}
+ port: 8080
+ servers:
+ - name: ${_param:swift_proxy_node01_hostname}
+ host: ${_param:swift_proxy_node01_address}
+ port: 8080
+ params: check
+ - name: ${_param:swift_proxy_node02_hostname}
+ host: ${_param:swift_proxy_node02_address}
+ port: 8080
+ params: check
+ swift:
+ proxy:
+ bind:
+ address: ${_param:single_address}
+ identity:
+ host: ${_param:control_vip_address}
+ common:
+ cache:
+ engine: memcached
+ members:
+ - host: ${_param:swift_proxy_node01_address}
+ port: 11211
+ - host: ${_param:swift_proxy_node02_address}
+ port: 11211
diff --git a/swift/rings/default.yml b/swift/rings/default.yml
new file mode 100644
index 0000000..c0e06d6
--- /dev/null
+++ b/swift/rings/default.yml
@@ -0,0 +1,16 @@
+parameters:
+ swift:
+ ring_builder:
+ enabled: true
+ rings:
+ - partition_power: 9
+ replicas: 3
+ hours: 1
+ region: 1
+ devices:
+ - address: ${_param:swift_storage_node01_address}
+ device: ${_param:swift_device0}
+ - address: ${_param:swift_storage_node02_address}
+ device: ${_param:swift_device0}
+ - address: ${_param:swift_storage_node03_address}
+ device: ${_param:swift_device0}
\ No newline at end of file
diff --git a/swift/rings/init.yml b/swift/rings/init.yml
new file mode 100644
index 0000000..f157aff
--- /dev/null
+++ b/swift/rings/init.yml
@@ -0,0 +1,5 @@
+parameters:
+ swift:
+ ring_builder:
+ enabled: true
+ rings: []
diff --git a/swift/storage/cluster.yml b/swift/storage/cluster.yml
new file mode 100644
index 0000000..9f0fa8f
--- /dev/null
+++ b/swift/storage/cluster.yml
@@ -0,0 +1,38 @@
+classes:
+- service.swift.storage.cluster
+- service.rsync.server.single
+parameters:
+ rsync:
+ server:
+ module:
+ account:
+ max_connections: 100
+ path: /srv/node/
+ read_only: False
+ uid: swift
+ gid: swift
+ #write_only: False
+ #list: yes
+ #incoming_chmod = 0644
+ #outgoing_chmod = 0644
+ container:
+ max_connections: 100
+ path: /srv/node/
+ read_only: False
+ uid: swift
+ gid: swift
+ object:
+ max_connections: 100
+ path: /srv/node/
+ read_only: False
+ uid: swift
+ gid: swift
+ swift:
+ common:
+ cache:
+ engine: memcached
+ members:
+ - host: ${_param:swift_proxy_node01_address}
+ port: 11211
+ - host: ${_param:swift_proxy_node02_address}
+ port: 11211