Merge "Add public key of mpolenchuk" into release/proposed/2019.2.0
diff --git a/defaults/docker_images.yml b/defaults/docker_images.yml
index 14f48ab..ebc3761 100644
--- a/defaults/docker_images.yml
+++ b/defaults/docker_images.yml
@@ -5,7 +5,7 @@
# 2.6.2 version, from 12/18/2108, differ from latest 2.6.2 upstream - update next cycle
docker_image_registry: "${_param:mcp_docker_registry}/mirantis/external/registry:2019.2.6"
docker_image_visualizer: "${_param:mcp_docker_registry}/mirantis/external/visualizer:2019.2.6"
- docker_image_openldap: "${_param:mcp_docker_registry}/mirantis/external/osixia/openldap:1.2.2"
+ docker_image_openldap: "${_param:mcp_docker_registry}/mirantis/cicd/openldap:2019.2.11"
docker_image_postgresql: "${_param:mcp_docker_registry}/mirantis/external/library/postgres:9.6.10"
# 3.4.13, from Feb 15, differ from 3.4.13 upstream verison, from March 14 - update next cycle
docker_image_mongodb: "${_param:mcp_docker_registry}/mirantis/external/mongo:2019.2.6"
@@ -13,22 +13,22 @@
# phpldapadmin:0.6.12
docker_image_phpldapadmin: "${_param:mcp_docker_registry}/mirantis/cicd/phpldapadmin:2019.2.9"
# gerrit:2.15.18
- docker_image_gerrit: "${_param:mcp_docker_registry}/mirantis/cicd/gerrit:2019.2.10"
+ docker_image_gerrit: "${_param:mcp_docker_registry}/mirantis/cicd/gerrit:2019.2.11"
# mysql:5.6.48
docker_image_mysql: "${_param:mcp_docker_registry}/mirantis/cicd/mysql:2019.2.10"
# jenkins:2.204.3
docker_image_jenkins: "${_param:mcp_docker_registry}/mirantis/cicd/jenkins:2019.2.9"
- docker_image_jenkins_jnlp_slave: "${_param:mcp_docker_registry}/mirantis/cicd/jnlp-slave:2019.2.9"
+ docker_image_jenkins_jnlp_slave: "${_param:mcp_docker_registry}/mirantis/cicd/jnlp-slave:2019.2.11"
# TODO: fix tag
docker_image_jenkins_ssh_slave: "${_param:mcp_docker_registry}/mirantis/cicd/ssh-slave:2019.2.10"
# model-generator
docker_image_operations_api: "${_param:mcp_docker_registry}/mirantis/model-generator/operations-api:2019.2.6"
docker_image_operations_ui: "${_param:mcp_docker_registry}/mirantis/model-generator/operations-ui:2019.2.6"
# OpenContrail
- opencontrail_docker_image_tag: "2019.2.10"
+ opencontrail_docker_image_tag: "2019.2.11"
# stacklight
- # 6.5.0 version, from 11/29/2018, differ from latest upstream 6.5.0 - update next cycle
- docker_image_alerta: "${_param:mcp_docker_registry}/mirantis/external/alerta-web:2019.2.6"
+ # locally forked v7.4.4, updated 2020-08-06
+ docker_image_alerta: "${_param:mcp_docker_registry}/openstack-docker/alerta:2019.2.11"
docker_image_alertmanager: "${_param:mcp_docker_registry}/openstack-docker/alertmanager:2019.2.4"
docker_image_grafana: "${_param:mcp_docker_registry}/openstack-docker/grafana:2019.2.10"
docker_image_prometheus_es_exporter: "${_param:mcp_docker_registry}/openstack-docker/prometheus-es-exporter:2019.2.6"
@@ -37,7 +37,7 @@
docker_image_prometheus_gainsight_elasticsearch: "${_param:mcp_docker_registry}/openstack-docker/gainsight_elasticsearch:2019.2.6"
docker_image_prometheus_relay: "${_param:mcp_docker_registry}/openstack-docker/prometheus-relay:2019.2.10"
docker_image_pushgateway: "${_param:mcp_docker_registry}/openstack-docker/pushgateway:2019.2.6"
- docker_image_remote_agent: "${_param:mcp_docker_registry}/openstack-docker/telegraf:2019.2.10"
+ docker_image_remote_agent: "${_param:mcp_docker_registry}/openstack-docker/telegraf:2019.2.11"
docker_image_remote_collector: "${_param:mcp_docker_registry}/openstack-docker/heka:2019.2.6"
docker_image_remote_storage_adapter: "${_param:mcp_docker_registry}/openstack-docker/remote_storage_adapter:2019.2.6"
docker_image_sf_notifier: "${_param:mcp_docker_registry}/openstack-docker/sf_notifier:2019.2.4"
@@ -75,8 +75,8 @@
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/mirantis/external/docker
name: compose:1.17.1
- registry: ${_param:mcp_docker_registry}/mirantis/external/osixia
- target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/mirantis/external/osixia
- name: openldap:1.2.2
+ target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/mirantis/cicd
+ name: openldap:2019.2.11
- registry: ${_param:mcp_docker_registry}/mirantis/external/library
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/mirantis/external/library
name: postgres:9.6.10
@@ -96,7 +96,7 @@
- registry: ${_param:mcp_docker_registry}/mirantis/cicd
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/mirantis/cicd
- name: jnlp-slave:2019.2.9
+ name: jnlp-slave:2019.2.11
- registry: ${_param:mcp_docker_registry}/mirantis/cicd
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/mirantis/cicd
name: ssh-slave:2019.2.10
@@ -105,7 +105,7 @@
name: jenkins:2019.2.9
- registry: ${_param:mcp_docker_registry}/mirantis/cicd
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/mirantis/cicd
- name: gerrit:2019.2.10
+ name: gerrit:2019.2.11
- registry: ${_param:mcp_docker_registry}/mirantis/external/cockroach
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/mirantis/external/cockroach
name: cockroach:v2.1.1
@@ -119,9 +119,9 @@
- registry: ${_param:mcp_docker_registry}/openstack-docker
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/openstack-docker
name: alertmanager:2019.2.4
- - registry: ${_param:mcp_docker_registry}/mirantis/external
- target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/mirantis/external
- name: alerta-web:2019.2.6
+ - registry: ${_param:mcp_docker_registry}/openstack-docker
+ target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/openstack-docker
+ name: alerta:2019.2.11
- registry: ${_param:mcp_docker_registry}/openstack-docker
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/openstack-docker
name: pushgateway:2019.2.6
@@ -133,7 +133,7 @@
name: sf-reporter:2019.2.9
- registry: ${_param:mcp_docker_registry}/openstack-docker
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/openstack-docker
- name: telegraf:2019.2.10
+ name: telegraf:2019.2.11
- registry: ${_param:mcp_docker_registry}/openstack-docker
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/openstack-docker
name: remote_storage_adapter:2019.2.6
diff --git a/defaults/openstack/policy/all.yml b/defaults/openstack/policy/all.yml
index 3e0975a..ccb81a4 100644
--- a/defaults/openstack/policy/all.yml
+++ b/defaults/openstack/policy/all.yml
@@ -1448,6 +1448,13 @@
"load-balancer:read-quota-global": "rule:load-balancer:global_observer or role:load-balancer_quota_admin or rule:load-balancer:admin"
"load-balancer:write-quota": "role:load-balancer_quota_admin or rule:load-balancer:admin"
"os_load-balancer_api:loadbalancer:put_failover": "rule:load-balancer:admin"
+ panko_default_policy_ocata: {}
+ panko_default_policy_pike:
+ "context_is_admin": "role:admin"
+ "segregation": "rule:context_is_admin"
+ "telemetry:events:index": ""
+ "telemetry:events:show": ""
+ panko_default_policy_queens: ${_param:panko_default_policy_pike}
telemetry_default_policy_ocata: {}
telemetry_default_policy_pike:
"context_is_admin": "role:admin"
diff --git a/defaults/openstack/policy/panko.yml b/defaults/openstack/policy/panko.yml
new file mode 100644
index 0000000..d2c88ae
--- /dev/null
+++ b/defaults/openstack/policy/panko.yml
@@ -0,0 +1,6 @@
+classes:
+- system.defaults.openstack.policy.all
+parameters:
+ panko:
+ server:
+ policy: ${_param:panko_default_policy_${_param:openstack_version}}
diff --git a/docker/swarm/stack/dashboard.yml b/docker/swarm/stack/dashboard.yml
index 7b0eac5..9dfc85f 100644
--- a/docker/swarm/stack/dashboard.yml
+++ b/docker/swarm/stack/dashboard.yml
@@ -10,6 +10,7 @@
client:
stack:
dashboard:
+ version: '3.7'
service:
grafana:
deploy:
@@ -23,6 +24,18 @@
GF_DATABASE_TYPE: ${_param:grafana_database_type}
GF_DATABASE_NAME: grafana
GF_DATABASE_USER: grafana
- GF_DATABASE_PASSWORD: ${_param:grafana_database_password}
+ GF_DATABASE_PASSWORD__FILE: /run/secrets/grafana-database
GF_DATABASE_HOST: "${_param:grafana_database_host}:${_param:grafana_database_port}"
- GF_SECURITY_ADMIN_PASSWORD: ${_param:grafana_admin_password}
+ GF_SECURITY_ADMIN_PASSWORD__FILE: /run/secrets/grafana-admin
+ secrets:
+ - grafana-database
+ - grafana-admin
+ secrets:
+ grafana-database:
+ external: true
+ value: ${_param:grafana_database_password}
+ grafana-admin:
+ external: true
+ value: ${_param:grafana_admin_password}
+
+
diff --git a/docker/swarm/stack/gerrit.yml b/docker/swarm/stack/gerrit.yml
index d1a5aa7..2ce9444 100644
--- a/docker/swarm/stack/gerrit.yml
+++ b/docker/swarm/stack/gerrit.yml
@@ -16,6 +16,7 @@
client:
stack:
gerrit:
+ version: '3.7'
service:
server:
deploy:
@@ -30,12 +31,15 @@
- /etc/ssl/certs/java/cacerts:/etc/ssl/certs/java/cacerts:ro
depends_on:
- db
+ secrets:
+ - mysql-gerrit
+ - ldap-gerrit
environment:
#GERRIT_INIT_ARGS: ""
DATABASE_TYPE: "mysql"
DB_PORT_3306_TCP_ADDR: ${_param:cluster_vip_address}
DB_ENV_MYSQL_USER: gerrit
- DB_ENV_MYSQL_PASSWORD: ${_param:mysql_gerrit_password}
+ DB_ENV_MYSQL_PASSWORD_FILE: "/run/secrets/mysql-gerrit"
DB_ENV_MYSQL_DB: gerrit
AUTH_TYPE: ${_param:gerrit_auth_type}
LDAP_SERVER: ${_param:gerrit_ldap_server}
@@ -43,13 +47,10 @@
LDAP_ACCOUNTBASE: ${_param:gerrit_ldap_account_base}
LDAP_GROUPBASE: ${_param:gerrit_ldap_group_base}
LDAP_USERNAME: ${_param:gerrit_ldap_bind_user}
- LDAP_PASSWORD: ${_param:gerrit_ldap_bind_password}
+ LDAP_PASSWORD_FILE: "/run/secrets/ldap-gerrit"
WEBURL: ${_param:gerrit_public_host}
HTTPD_LISTENURL: ${_param:gerrit_http_listen_url}
HTTPD_REQUESTLOG: ${_param:gerrit_http_request_log}
- GERRIT_ADMIN_SSH_PUBLIC: ${_param:gerrit_admin_public_key}
- GERRIT_ADMIN_PWD: ${_param:gerrit_admin_password}
- GERRIT_ADMIN_EMAIL: ${_param:gerrit_admin_email}
CANLOADINIFRAME: "true"
IGNORE_VERSIONCHECK: "false"
JAVA_OPTIONS: "-Djavax.net.ssl.trustStore=/etc/ssl/certs/java/cacerts ${_param:gerrit_extra_opts}"
@@ -57,11 +58,14 @@
http_proxy: ${_param:docker_http_proxy}
no_proxy: ${_param:docker_no_proxy}
db:
+ secrets:
+ - mysql-gerrit
+ - mysql-root
environment:
MYSQL_USER: gerrit
- MYSQL_PASSWORD: ${_param:mysql_gerrit_password}
MYSQL_DATABASE: gerrit
- MYSQL_ROOT_PASSWORD: ${_param:mysql_admin_password}
+ MYSQL_ROOT_PASSWORD_FILE: "/run/secrets/mysql-root"
+ MYSQL_PASSWORD_FILE: "/run/secrets/mysql-gerrit"
MYSQL_START_TIMEOUT: 300
deploy:
restart_policy:
@@ -71,3 +75,13 @@
- ${_param:gerrit_db_publish_port}:3306
volumes:
- /srv/volumes/mysql:/var/lib/mysql
+ secrets:
+ mysql-root:
+ external: true
+ value: ${_param:mysql_admin_password}
+ mysql-gerrit:
+ external: true
+ value: ${_param:mysql_gerrit_password}
+ ldap-gerrit:
+ external: true
+ value: ${_param:gerrit_ldap_bind_password}
diff --git a/docker/swarm/stack/jenkins/jnlp_slave_multi.yml b/docker/swarm/stack/jenkins/jnlp_slave_multi.yml
index 3606bad..e7bf056 100644
--- a/docker/swarm/stack/jenkins/jnlp_slave_multi.yml
+++ b/docker/swarm/stack/jenkins/jnlp_slave_multi.yml
@@ -15,7 +15,7 @@
JENKINS_AGENT_NAME: slave02
JENKINS_UPDATE_SLAVE: 'true'
JENKINS_LOGIN: ${_param:jenkins_client_user}
- JENKINS_PASSWORD: ${_param:jenkins_client_password}
+ JENKINS_PASSWORD_FILE: /run/secrets/jenkins-admin
JAVA_OPTS: "-Dhttp.proxyHost=${_param:docker_http_proxy} -Dhttp.nonProxyHosts=|jenkins_master ${_param:jenkins_slave_extra_opts}"
https_proxy: ${_param:docker_https_proxy}
http_proxy: ${_param:docker_http_proxy}
@@ -35,13 +35,15 @@
- /var/run/docker.sock:/var/run/docker.sock
- /usr/bin/docker:/usr/bin/docker:ro
- /var/lib/jenkins:/var/lib/jenkins
+ secrets:
+ - jenkins-admin
slave03:
environment:
JENKINS_URL: ${_param:jenkins_master_url}
JENKINS_AGENT_NAME: slave03
JENKINS_UPDATE_SLAVE: 'true'
JENKINS_LOGIN: ${_param:jenkins_client_user}
- JENKINS_PASSWORD: ${_param:jenkins_client_password}
+ JENKINS_PASSWORD_FILE: /run/secrets/jenkins-admin
JAVA_OPTS: "-Dhttp.proxyHost=${_param:docker_http_proxy} -Dhttp.nonProxyHosts=|jenkins_master ${_param:jenkins_slave_extra_opts}"
https_proxy: ${_param:docker_https_proxy}
http_proxy: ${_param:docker_http_proxy}
@@ -61,3 +63,9 @@
- /var/run/docker.sock:/var/run/docker.sock
- /usr/bin/docker:/usr/bin/docker:ro
- /var/lib/jenkins:/var/lib/jenkins
+ secrets:
+ - jenkins-admin
+ secrets:
+ jenkins-admin:
+ external: true
+ value: ${_param:jenkins_client_password}
diff --git a/docker/swarm/stack/jenkins/jnlp_slave_single.yml b/docker/swarm/stack/jenkins/jnlp_slave_single.yml
index 956f918..6f9bff0 100644
--- a/docker/swarm/stack/jenkins/jnlp_slave_single.yml
+++ b/docker/swarm/stack/jenkins/jnlp_slave_single.yml
@@ -12,6 +12,7 @@
- ${_param:docker_image_jenkins_jnlp_slave}
stack:
jenkins:
+ version: '3.7'
service:
slave01:
environment:
@@ -19,7 +20,7 @@
JENKINS_AGENT_NAME: slave01
JENKINS_UPDATE_SLAVE: 'true'
JENKINS_LOGIN: ${_param:jenkins_client_user}
- JENKINS_PASSWORD: ${_param:jenkins_client_password}
+ JENKINS_PASSWORD_FILE: /run/secrets/jenkins-admin
JAVA_OPTS: "-Dhttp.proxyHost=${_param:docker_http_proxy} -Dhttp.nonProxyHosts=|jenkins_master ${_param:jenkins_slave_extra_opts}"
https_proxy: ${_param:docker_https_proxy}
http_proxy: ${_param:docker_http_proxy}
@@ -39,3 +40,9 @@
- /var/run/docker.sock:/var/run/docker.sock
- /usr/bin/docker:/usr/bin/docker:ro
- /var/lib/jenkins:/var/lib/jenkins
+ secrets:
+ - jenkins-admin
+ secrets:
+ jenkins-admin:
+ external: true
+ value: ${_param:jenkins_client_password}
diff --git a/docker/swarm/stack/ldap.yml b/docker/swarm/stack/ldap.yml
index 3091983..71a646e 100644
--- a/docker/swarm/stack/ldap.yml
+++ b/docker/swarm/stack/ldap.yml
@@ -5,6 +5,7 @@
client:
stack:
ldap:
+ version: '3.7'
service:
server:
networks:
@@ -18,6 +19,9 @@
ports:
- 1389:389
- 1636:636
+ secrets:
+ - openldap-admin
+ - openldap-config
volumes:
- /srv/volumes/openldap/database:/var/lib/ldap
- /srv/volumes/openldap/config:/etc/ldap/slapd.d
@@ -31,8 +35,8 @@
HOSTNAME: ldap01.${_param:openldap_domain}
LDAP_ORGANISATION: "${_param:openldap_organisation}"
LDAP_DOMAIN: "${_param:openldap_domain}"
- LDAP_ADMIN_PASSWORD: ${_param:openldap_admin_password}
- LDAP_CONFIG_PASSWORD: ${_param:openldap_config_password}
+ LDAP_ADMIN_PASSWORD_FILE: /run/secrets/openldap-admin
+ LDAP_CONFIG_PASSWORD_FILE: /run/secrets/openldap-config
LDAP_TLS: "true"
LDAP_TLS_VERIFY_CLIENT: try
LDAP_TLS_CIPHER_SUITE: NORMAL:-VERS-SSL3.0:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0
@@ -55,7 +59,6 @@
- ${_param:openldap_tls:certfile}:/container/service/ldap-client/assets/certs/drivetrain_ldap.crt:ro
- /etc/ssl/certs/ca-${_param:salt_minion_ca_authority}.pem:/container/service/ldap-client/assets/certs/ca.crt:ro
environment:
- PHPLDAPADMIN_LDAP_ADMIN_PASSWORD: ${_param:openldap_admin_password}
PHPLDAPADMIN_LDAP_HOSTS: "#PYTHON2BASH:[{'server': [{'server': [{'host': 'ldaps://${_param:cicd_control_address}', 'tls': False}]},{'login': [{'bind_id': 'cn=admin,${_param:openldap_dn}'},{'bind_pass': '$PHPLDAPADMIN_LDAP_ADMIN_PASSWORD'}]}]}]"
PHPLDAPADMIN_LDAP_CLIENT_TLS: "true"
PHPLDAPADMIN_LDAP_CLIENT_TLS_CA_CRT_FILENAME: ca.crt
@@ -73,3 +76,11 @@
driver: overlay
driver_opts:
encrypted: 1
+ secrets:
+ openldap-admin:
+ external: true
+ value: ${_param:openldap_admin_password}
+ openldap-config:
+ external: true
+ value: ${_param:openldap_config_password}
+
diff --git a/docker/swarm/stack/monitoring/alerta.yml b/docker/swarm/stack/monitoring/alerta.yml
index acd4d70..ac16a2b 100644
--- a/docker/swarm/stack/monitoring/alerta.yml
+++ b/docker/swarm/stack/monitoring/alerta.yml
@@ -8,6 +8,7 @@
client:
stack:
monitoring:
+ version: '3.7'
service:
alerta:
networks:
@@ -27,6 +28,13 @@
- ${prometheus:alerta:config_dir}/alertad.conf:/app/alertad.conf
environment:
ADMIN_USERS: ${_param:alerta_admin_username}
- ADMIN_PASSWORD: ${_param:alerta_admin_password}
+ ADMIN_PASSWORD_FILE: "/run/secrets/alerta"
MONGO_URI: ${_param:alerta_mongodb_uri}
PLUGINS: ""
+ secrets:
+ - alerta
+ secrets:
+ alerta:
+ external: true
+ value: ${_param:alerta_admin_password}
+
diff --git a/prometheus/gainsight/query/openstack.yml b/prometheus/gainsight/query/openstack.yml
index 1eac4c3..daed58e 100644
--- a/prometheus/gainsight/query/openstack.yml
+++ b/prometheus/gainsight/query/openstack.yml
@@ -11,15 +11,14 @@
instances: "'Instances','avg(sum(avg_over_time(openstack_nova_instances{state=\"active\"}[24h])) by (instance))'"
compute_nodes: "'Compute Nodes','avg(sum(openstack_nova_services{binary=~\"nova.compute\"}) by (instance))'"
tenants: "'Tenants','avg(sum(avg_over_time(openstack_keystone_tenants_total[24h])) by (instance))'"
- cinder_api: "'Cinder API','avg_over_time(name:openstack_api_check_status:avg5m:for5m:ceil:avg5m:floor{name=\"cinderv2\"}[24h]) * 100'"
- nova_api: "'Nova API','avg_over_time(name:openstack_api_check_status:avg5m:for5m:ceil:avg5m:floor{name=\"nova\"}[24h]) * 100'"
- keystone_api: "'Keystone API','avg_over_time(name:openstack_api_check_status:avg5m:for5m:ceil:avg5m:floor{name=\"keystone\"}[24h]) * 100'"
- glance_api: "'Glance API','avg_over_time(name:openstack_api_check_status:avg5m:for5m:ceil:avg5m:floor{name=\"glance\"}[24h]) * 100'"
- neutron_api: "'Neutron API','avg_over_time(name:openstack_api_check_status:avg5m:for5m:ceil:avg5m:floor{name=\"neutron\"}[24h]) * 100'"
+ cinder_api: "'Cinder API','avg_over_time(service_name:openstack_api_check_status:avg5m:for5m:ceil:avg5m:floor{service_name=\"cinderv2\"}[24h]) * 100'"
+ nova_api: "'Nova API','avg_over_time(service_name:openstack_api_check_status:avg5m:for5m:ceil:avg5m:floor{service_name=\"nova\"}[24h]) * 100'"
+ keystone_api: "'Keystone API','avg_over_time(service_name:openstack_api_check_status:avg5m:for5m:ceil:avg5m:floor{service_name=\"keystone\"}[24h]) * 100'"
+ glance_api: "'Glance API','avg_over_time(service_name:openstack_api_check_status:avg5m:for5m:ceil:avg5m:floor{service_name=\"glance\"}[24h]) * 100'"
+ neutron_api: "'Neutron API','avg_over_time(service_name:openstack_api_check_status:avg5m:for5m:ceil:avg5m:floor{service_name=\"neutron\"}[24h]) * 100'"
nova_vm_all: "'Total VM number','avg_over_time(total:openstack_nova_instance_all[1d])'"
nova_vm_failed: "'Failed VM number','avg_over_time(total:openstack_nova_instance_failed[1d])'"
kpi_downtime: "'KPI Downtime','1 - avg_over_time(total:openstack_nova_instance_failed[1d]) / avg_over_time(total:openstack_nova_instance_all[1d])'"
compute_instance_create_start: "'VM creation start','sum(compute_instance_create_start_event_doc_count)'"
compute_instance_create_end: "'VM creation end','sum(compute_instance_create_end_event_doc_count)'"
compute_instance_create_error: "'VM creation error','sum(compute_instance_create_error_event_doc_count)'"
-