Merge "adding release notes"
diff --git a/.releasenotes/notes/add-prometheus-relay-df282e14ed88da8c.yaml b/.releasenotes/notes/add-prometheus-relay-df282e14ed88da8c.yaml
new file mode 100644
index 0000000..e9db668
--- /dev/null
+++ b/.releasenotes/notes/add-prometheus-relay-df282e14ed88da8c.yaml
@@ -0,0 +1,10 @@
+---
+summary: >
+ Added the Prometheus Relay service
+
+features:
+ - Added the Prometheus Relay service. The Prometheus Relay service is
+ responsible for getting PromQL queries from external components,
+ such as Grafana, passing them to all discovered Prometheus servers,
+ merging the results and returning the data. Prometheus Relay can be
+ used to handle Prometheus high availability or sharding.
diff --git a/.releasenotes/notes/add-upstream-proxy-feauture-for-maas-gerrit-jenkins-aptly-53bec821be830377.yaml b/.releasenotes/notes/add-upstream-proxy-feauture-for-maas-gerrit-jenkins-aptly-53bec821be830377.yaml
new file mode 100644
index 0000000..3c408a2
--- /dev/null
+++ b/.releasenotes/notes/add-upstream-proxy-feauture-for-maas-gerrit-jenkins-aptly-53bec821be830377.yaml
@@ -0,0 +1,48 @@
+---
+features:
+ - |
+ Added system metadata to set upstream proxy for the MAAS, Gerrit, Jenkins,
+ and Aptly services.
+
+ **To apply the change to an existing cicd cluster deployment:**
+
+ #. Set the ``http_proxy`` parameter in
+ ``cluster.<CLUSTER_NAME>.cicd.control.init.yml``:
+
+ .. code-block:: yaml
+
+ parameters:
+ _param:
+ http_proxy: 'http://<<upstream_proxy_address>>:<<upstream_proxy_port>>'
+
+ #. Apply the :command:`docker.client` state:
+
+ .. code-block::
+
+ salt -C 'I@docker:client' state.sls docker.client
+
+ **To apply the change to an existing maas deployment:**
+
+ #. Configure ``upstream_proxy`` for MAAS:
+
+ .. code-block:: yaml
+
+ maas:
+ region:
+ upstream_proxy:
+ address: <<upstream_proxy_address>>
+ port: <<upstream_proxy_address>>
+
+ #. On the Salt Master node, update the MaaS Salt formula to latest:
+
+ .. code-block::
+
+ salt-call state.sls salt.master
+
+ #. On the MAAS node, apply the :command:`maas.region` state:
+
+ .. code-block::
+
+ salt-call state.sls maas.region
+ reboot
+
diff --git a/.releasenotes/notes/add_ssl_support_oss-ea1eb1e086d08e3c.yaml b/.releasenotes/notes/add_ssl_support_oss-ea1eb1e086d08e3c.yaml
new file mode 100644
index 0000000..b74bc21
--- /dev/null
+++ b/.releasenotes/notes/add_ssl_support_oss-ea1eb1e086d08e3c.yaml
@@ -0,0 +1,66 @@
+---
+summary: >
+ Added SSL support for cloud-monitoring services
+
+upgrades:
+ - |
+ Added SSL support for the following cloud-monitoring services:
+
+ * Rundeck CIS Collectors
+
+ To provide ssl support for CIS, set up ``cert`` and ``ssl_cert_file``
+ on a cluster level metadata:
+
+ .. code-block:: yaml
+
+ rundeck_cis_openstack:
+ auth_url: ${_param:oss_openstack_auth_url}/auth/tokens
+ username: ${_param:oss_openstack_username}
+ password: ${_param:oss_openstack_password}
+ cert: |
+ -----BEGIN CERTIFICATE-----
+ MIIE0DCCA7igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx
+ -----END CERTIFICATE-----
+ ssl_cert_file: cert.pem
+
+ If all parameters are defined properly, Rundeck enables the ssl support
+ automatically.
+
+ * Cleanup Service
+
+ To provide ssl support for Cleanup Service, specify the cert path
+ and set the ``ssl_verify`` variable to ``True`` on a cluster level
+ metadata:
+
+ .. code-block:: yaml
+
+ janitor_monkey_openstack:
+ username: ${_param:oss_openstack_username}
+ password: ${_param:oss_openstack_password}
+ auth_url: ${_param:oss_openstack_auth_url}
+ ssl_verify: True
+ cacert_path: ${_param:oss_openstack_cert_path}
+
+ * Security Audit Service
+
+ To provide ssl support for Security audit Service, provide cert path,
+ set the ``ssl_verify`` variable to ``True``, and select the endpoint
+ type for cloud connections on a cluster level metadata:
+
+ .. code-block:: yaml
+
+ security_monkey_openstack:
+ username: ${_param:oss_openstack_username}
+ password: ${_param:oss_openstack_password}
+ auth_url: ${_param:oss_openstack_auth_url}
+ ssl_verify: True
+ endpoint_type: public
+ cacert_path: ${_param:oss_openstack_cert_path}
+
+ .. note:: By default, the ``cacert_path`` variable is defined as
+ follows:
+
+ .. code-block:: yaml
+
+ oss_openstack_cert_path: /srv/volumes/rundeck/storage/content/keys/cis/openstack/cert.pem
+
diff --git a/.releasenotes/notes/rename-options-5db6ad4bb2ff80f5.yaml b/.releasenotes/notes/rename-options-5db6ad4bb2ff80f5.yaml
new file mode 100644
index 0000000..c318d41
--- /dev/null
+++ b/.releasenotes/notes/rename-options-5db6ad4bb2ff80f5.yaml
@@ -0,0 +1,37 @@
+---
+summary: >
+ change OS-cloud credentials defining process
+
+upgrades:
+ * 'cacert_path' and 'cafile' variables for Security Audit and Cleanup services were changed to:
+
+ .. code-block:: yaml
+ security_monkey_openstack:
+ source_credentials: source/path/for/os/credentials/on/env
+ service_credentials: path/to/os/credentials/in/service/container
+
+ janitor_monkey_openstack:
+ source_credentials: source/path/for/os/credentials/on/env
+ service_credentials: path/to/os/credentials/in/service/container
+
+ Now you do not need to specify cert-file properly, need to define directory only.
+ Cert-file named 'cert.pem' by default for all services.
+ 'source_credentials' equal to 'oss_openstack_credentials_path'.
+
+ * 'oss_openstack_cert_path' was changed to:
+
+ .. code-block:: yaml
+
+ oss_openstack_credentials_path: source/path/for/os/credentials/on/env
+
+ .. code-block:: text
+
+ Changes affect cluster and system levels.
+
+fixes:
+ - https://mirantis.jira.com/browse/PROD-14863
+ - https://mirantis.jira.com/browse/PROD-14870
+
+other:
+ * full change-list:
+ https://gerrit.mcp.mirantis.net/#/q/topic:os-creds+(status:open+OR+status:merged)
diff --git a/.releasenotes/notes/sfdc-support-995867e00a89add0.yaml b/.releasenotes/notes/sfdc-support-995867e00a89add0.yaml
new file mode 100644
index 0000000..0b4bff4
--- /dev/null
+++ b/.releasenotes/notes/sfdc-support-995867e00a89add0.yaml
@@ -0,0 +1,20 @@
+---
+summary: >
+ Added support for the Push Notifications service to Salesforce.
+
+features:
+ - |
+ Added support for the Push Notification service to Salesforce.
+ To configure the Push Notification service for a SalesForce account,
+ define following variables on the cluster level metadata:
+
+ .. code-block:: yaml
+
+ sfdc_auth_url: https://login.salesforce.com/services/oauth2/token
+ sfdc_username: user@example.net
+ sfdc_password: secret
+ sfdc_consumer_key: example_consumer_key
+ sfdc_consumer_secret: example_consumer_secret
+ sfdc_organization_id: example_organization_id
+ sfdc_sandbox_enabled: True/False
+
diff --git a/.releasenotes/notes/spawn-multiple-replicas-prometheus-b80eaede9c19b8cd.yaml b/.releasenotes/notes/spawn-multiple-replicas-prometheus-b80eaede9c19b8cd.yaml
new file mode 100644
index 0000000..df15d71
--- /dev/null
+++ b/.releasenotes/notes/spawn-multiple-replicas-prometheus-b80eaede9c19b8cd.yaml
@@ -0,0 +1,15 @@
+---
+summary: >
+ Spawned two replicas of Prometheus to provide HA
+
+features:
+ - Spawned two replicas of Prometheus inside Docker Swarm.
+ These two instances have the same configuration file
+ and scrape the same endpoints. Therefore, they can be
+ treated as one-to-one copies.
+ Due to a limitation, when connecting to the Prometheus
+ web UI it is not possible to choose to which of the
+ existing Prometheus servers to connect and those
+ servers may contain slightly different results for the
+ same queries. Therefore, we suggest that you use Grafana
+ to visualize the data.
diff --git a/aptly/server/mirror/ubuntu/trusty/docker.yml b/aptly/server/mirror/ubuntu/trusty/docker.yml
index 217d405..db97d14 100644
--- a/aptly/server/mirror/ubuntu/trusty/docker.yml
+++ b/aptly/server/mirror/ubuntu/trusty/docker.yml
@@ -3,12 +3,12 @@
server:
mirror:
docker-trusty:
- source: https://apt.dockerproject.org/repo
- distribution: ubuntu-trusty
- components: main
+ source: 'https://download.docker.com/linux/ubuntu'
+ distribution: trusty
+ components: stable
architectures: amd64
gpgkeys:
- - 58118E89F3A912897C070ADBF76221572C52609D
+ - 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
publisher:
component: docker
distributions:
diff --git a/aptly/server/mirror/ubuntu/xenial/docker.yml b/aptly/server/mirror/ubuntu/xenial/docker.yml
index 4334374..b5d98c5 100644
--- a/aptly/server/mirror/ubuntu/xenial/docker.yml
+++ b/aptly/server/mirror/ubuntu/xenial/docker.yml
@@ -1,16 +1,14 @@
parameters:
- _param:
- apt_mk_version: stable
aptly:
server:
mirror:
docker-xenial:
- source: https://apt.dockerproject.org/repo
- distribution: ubuntu-xenial
- components: main
+ source: 'https://download.docker.com/linux/ubuntu'
+ distribution: xenial
+ components: stable
architectures: amd64
gpgkeys:
- - 58118E89F3A912897C070ADBF76221572C52609D
+ - 9DC858229FC7DD38854AE2D88D81803C0EBFCD88
publisher:
component: docker
distributions:
diff --git a/artifactory/client/init.yml b/artifactory/client/init.yml
index ef43633..05c05be 100644
--- a/artifactory/client/init.yml
+++ b/artifactory/client/init.yml
@@ -7,13 +7,14 @@
server:
host: ${_param:artifactory_server_host}
port: ${_param:artifactory_server_port}
+ proto: ${_param:artifactory_server_proto}
+ ssl_verify: ${_param:artifactory_server_verify_ssl}
user: ${_param:artifactory_client_user}
password: ${_param:artifactory_client_password}
license_key: ${_param:artifactory_license_key}
ldap_server: ${_param:artifactory_security_ldap_server}
ldap_account_base: ${_param:artifactory_security_ldap_root_dn}
ldap_searchFilter: ${_param:artifactory_security_ldap_searchFilter}
- ssl_verify: False
repo:
_genericRepository-local:
description: "Used by Jimbo"
diff --git a/docker/host.yml b/docker/host.yml
index f7649b5..853a5d2 100644
--- a/docker/host.yml
+++ b/docker/host.yml
@@ -4,6 +4,9 @@
parameters:
docker:
host:
+ pkgs:
+ - docker-ce
+ - python-docker
experimental: true
insecure_registries:
- ${_param:cluster_vip_address}:5000
diff --git a/docker/init.yml b/docker/init.yml
new file mode 100644
index 0000000..8ef5e2c
--- /dev/null
+++ b/docker/init.yml
@@ -0,0 +1,6 @@
+parameters:
+ _param:
+ http_proxy: ""
+ docker_http_proxy: ${_param:http_proxy}
+ docker_https_proxy: ${_param:docker_http_proxy}
+ docker_no_proxy: ""
diff --git a/docker/swarm/service/artifactory.yml b/docker/swarm/service/artifactory.yml
index d7f8626..36d9577 100644
--- a/docker/swarm/service/artifactory.yml
+++ b/docker/swarm/service/artifactory.yml
@@ -30,3 +30,7 @@
type: bind
source: /srv/volumes/artifactory/logs
destination: /var/opt/jfrog/artifactory/logs
+ keys:
+ type: bind
+ source: /srv/volumes/artifactory/keys
+ destination: /var/opt/jfrog/artifactory/access/etc/keys
diff --git a/docker/swarm/stack/aptly.yml b/docker/swarm/stack/aptly.yml
index 5570c40..36c719b 100644
--- a/docker/swarm/stack/aptly.yml
+++ b/docker/swarm/stack/aptly.yml
@@ -1,3 +1,5 @@
+classes:
+- system.docker
parameters:
_param:
docker_image_aptly:
@@ -9,6 +11,8 @@
aptly:
environment:
EMAIL_ADDRESS: ${_param:admin_email}
+ https_proxy: ${_param:docker_https_proxy}
+ http_proxy: ${_param:docker_http_proxy}
service:
api:
deploy:
diff --git a/docker/swarm/stack/artifactory.yml b/docker/swarm/stack/artifactory.yml
index 411b22e..caab0ee 100644
--- a/docker/swarm/stack/artifactory.yml
+++ b/docker/swarm/stack/artifactory.yml
@@ -21,3 +21,4 @@
- /srv/volumes/artifactory/backup:/var/opt/jfrog/artifactory/backup
- /srv/volumes/artifactory/etc:/var/opt/jfrog/artifactory/etc
- /srv/volumes/artifactory/logs:/var/opt/jfrog/artifactory/logs
+ - /srv/volumes/artifactory/keys:/var/opt/jfrog/artifactory/access/etc/keys
diff --git a/docker/swarm/stack/gerrit.yml b/docker/swarm/stack/gerrit.yml
index 95bc233..49d0a11 100644
--- a/docker/swarm/stack/gerrit.yml
+++ b/docker/swarm/stack/gerrit.yml
@@ -1,3 +1,5 @@
+classes:
+- system.docker
parameters:
_param:
docker_image_gerrit: tcpcloud/gerrit:2.13.6
@@ -8,6 +10,7 @@
gerrit_ldap_account_base: ""
gerrit_ldap_group_base: ""
gerrit_http_listen_url: http://*:8080/
+ gerrit_extra_opts: ""
docker:
client:
stack:
@@ -45,6 +48,10 @@
GERRIT_ADMIN_PWD: ${_param:gerrit_admin_password}
GERRIT_ADMIN_EMAIL: ${_param:gerrit_admin_email}
CANLOADINIFRAME: "true"
+ JAVA_OPTIONS: ${_param:gerrit_extra_opts}
+ https_proxy: ${_param:docker_https_proxy}
+ http_proxy: ${_param:docker_http_proxy}
+ no_proxy: ${_param:docker_no_proxy}
db:
environment:
MYSQL_USER: gerrit
diff --git a/docker/swarm/stack/janitor_monkey.yml b/docker/swarm/stack/janitor_monkey.yml
index c010340..2e5698a 100644
--- a/docker/swarm/stack/janitor_monkey.yml
+++ b/docker/swarm/stack/janitor_monkey.yml
@@ -22,15 +22,19 @@
janitor_monkey_elasticsearch: ${_param:elasticsearch_bind_host}:${_param:elasticsearch_binary_bind_port}
janitor_monkey_cloudfire_region: RegionOne
janitor_monkey_cis_clustername: ${_param:elasticsearch_cluster_name}
+ janitor_monkey_instance_age_threshold: 15
+ janitor_monkey_notification_oss_url: http://${_param:haproxy_pushkin_bind_host}:${_param:haproxy_pushkin_bind_port}/post_notification_json
+ janitor_monkey_notification_oss_login_id: 12
+ janitor_monkey_notification_oss_application_id: 2
janitor_monkey_openstack:
project_domain_name: default
project_name: admin
- username: ""
- password: ""
- auth_url: ""
- disable_ssl_verification: True
- cacert_path: ""
- cafile: /opt/certs/cert.pem
+ auth_url: http://yourcloud.com:5000/v3/auth/tokens
+ username: admin
+ password: password
+ ssl_verify: False
+ source_credentials: /srv/volumes/rundeck/storage/content/cis/openstack
+ service_credentials: /opt/os_creds
docker:
client:
stack:
@@ -56,8 +60,12 @@
simianarmy.client.cloudfire.secretKey: ${_param:janitor_monkey_openstack:password}
simianarmy.client.cloudfire.domain: ${_param:janitor_monkey_openstack:project_domain_name}
simianarmy.client.cloudfire.project: ${_param:janitor_monkey_openstack:project_name}
- simianarmy.client.cloudfire.disableSSLVerification: ${_param:janitor_monkey_openstack:disable_ssl_verification}
- simianarmy.client.cloudfire.cafile: ${_param:janitor_monkey_openstack:cafile}
+ simianarmy.client.cloudfire.SSLVerify: ${_param:janitor_monkey_openstack:ssl_verify}
+ simianarmy.client.cloudfire.cafile: ${_param:janitor_monkey_openstack:service_credentials}/cert.pem
+ simianarmy.janitor.rule.stoppedInstanceRule.instanceAgeThreshold: ${_param:janitor_monkey_instance_age_threshold}
+ simianarmy.janitor.notification.oss.url: ${_param:janitor_monkey_notification_oss_url}
+ simianarmy.janitor.notification.oss.login_id: ${_param:janitor_monkey_notification_oss_login_id}
+ simianarmy.janitor.notification.oss.application_id: ${_param:janitor_monkey_notification_oss_application_id}
service:
cleanup-service-mongodb:
image: ${_param:docker_image_mongodb}
@@ -78,7 +86,7 @@
ports:
- ${_param:haproxy_janitor_monkey_exposed_port}:${_param:janitor_monkey_bind_port}
volumes:
- - ${_param:janitor_monkey_openstack:cacert_path}:${_param:janitor_monkey_openstack:cafile}:ro
+ - ${_param:janitor_monkey_openstack:source_credentials}:${_param:janitor_monkey_openstack:service_credentials}:ro
network:
default:
external:
diff --git a/docker/swarm/stack/jenkins/master.yml b/docker/swarm/stack/jenkins/master.yml
index 33ade24..5f8de05 100644
--- a/docker/swarm/stack/jenkins/master.yml
+++ b/docker/swarm/stack/jenkins/master.yml
@@ -1,8 +1,11 @@
+classes:
+- system.docker
parameters:
_param:
docker_image_jenkins: tcpcloud/jenkins:2.73
jenkins_master_extra_opts: ""
jenkins_master_executors_num: 4
+ jenkins_master_max_concurent_requests: 40
docker:
client:
stack:
@@ -13,6 +16,10 @@
JENKINS_HOME: /var/jenkins_home
JAVA_OPTS: " -server -XX:+AlwaysPreTouch -Xloggc:$JENKINS_HOME/gc-%t.log -XX:NumberOfGCLogFiles=5 -XX:+UseGCLogFileRotation -XX:GCLogFileSize=20m -XX:+PrintGC -XX:+PrintGCDateStamps -XX:+PrintGCDetails -XX:+PrintHeapAtGC -XX:+PrintGCCause -XX:+PrintTenuringDistribution -XX:+PrintReferenceGC -XX:+PrintAdaptiveSizePolicy -XX:+UseG1GC -XX:+ExplicitGCInvokesConcurrent -XX:+ParallelRefProcEnabled -XX:+UseStringDeduplication -XX:+UnlockExperimentalVMOptions -XX:G1NewSizePercent=20 -XX:+UnlockDiagnosticVMOptions -XX:G1SummarizeRSetStatsPeriod=1 -Djenkins.install.runSetupWizard=false -Dhudson.DNSMultiCast.disabled=true -Dhudson.udp=-1 -Dhudson.footerURL=https://www.mirantis.com ${_param:jenkins_master_extra_opts}"
JENKINS_NUM_EXECUTORS: ${_param:jenkins_master_executors_num}
+ JENKINS_OPTS: " --handlerCountMax=${_param:jenkins_master_max_concurent_requests}"
+ https_proxy: ${_param:docker_https_proxy}
+ http_proxy: ${_param:docker_http_proxy}
+ no_proxy: ${_param:docker_no_proxy}
deploy:
restart_policy:
condition: any
diff --git a/docker/swarm/stack/jenkins/slave.yml b/docker/swarm/stack/jenkins/slave.yml
index fc281b7..12a14d4 100644
--- a/docker/swarm/stack/jenkins/slave.yml
+++ b/docker/swarm/stack/jenkins/slave.yml
@@ -1,3 +1,5 @@
+classes:
+- system.docker
parameters:
_param:
docker_image_jenkins_slave: tcpcloud/jnlp-slave
@@ -7,6 +9,7 @@
jenkins_master_url: http://${_param:jenkins_master_host}:${_param:jenkins_master_port}
jenkins_slave_user: ${_param:jenkins_client_user}
jenkins_slave_password: ${_param:jenkins_client_password}
+ jenkins_slave_extra_opts: ""
docker:
client:
stack:
@@ -19,6 +22,10 @@
JENKINS_UPDATE_SLAVE: 'true'
JENKINS_LOGIN: ${_param:jenkins_slave_user}
JENKINS_PASSWORD: ${_param:jenkins_slave_password}
+ JAVA_OPTS: ${_param:jenkins_slave_extra_opts}
+ https_proxy: ${_param:docker_https_proxy}
+ http_proxy: ${_param:docker_http_proxy}
+ no_proxy: ${_param:docker_no_proxy}
deploy:
restart_policy:
condition: any
@@ -39,6 +46,10 @@
JENKINS_UPDATE_SLAVE: 'true'
JENKINS_LOGIN: ${_param:jenkins_slave_user}
JENKINS_PASSWORD: ${_param:jenkins_slave_password}
+ JAVA_OPTS: ${_param:jenkins_slave_extra_opts}
+ https_proxy: ${_param:docker_https_proxy}
+ http_proxy: ${_param:docker_http_proxy}
+ no_proxy: ${_param:docker_no_proxy}
deploy:
restart_policy:
condition: any
@@ -59,6 +70,10 @@
JENKINS_UPDATE_SLAVE: 'true'
JENKINS_LOGIN: ${_param:jenkins_slave_user}
JENKINS_PASSWORD: ${_param:jenkins_slave_password}
+ JAVA_OPTS: ${_param:jenkins_slave_extra_opts}
+ https_proxy: ${_param:docker_https_proxy}
+ http_proxy: ${_param:docker_http_proxy}
+ no_proxy: ${_param:docker_no_proxy}
deploy:
restart_policy:
condition: any
diff --git a/docker/swarm/stack/monitoring/init.yml b/docker/swarm/stack/monitoring/init.yml
index 95f5f8d..6efe125 100644
--- a/docker/swarm/stack/monitoring/init.yml
+++ b/docker/swarm/stack/monitoring/init.yml
@@ -15,6 +15,22 @@
driver_opts:
encrypted: 1
service:
+ relay:
+ networks:
+ - monitoring
+ deploy:
+ replicas: 2
+ labels:
+ com.mirantis.monitoring: "relay"
+ restart_policy:
+ condition: any
+ labels:
+ com.mirantis.monitoring: "relay"
+ image: ${_param:docker_image_prometheus_relay}
+ ports:
+ - 15016:8080
+ environment:
+ PROMETHEUS_RELAY_DNS: 'tasks.monitoring_server'
remote_storage_adapter:
networks:
- monitoring
@@ -60,6 +76,7 @@
ALERTMANAGER_BIND_PORT: ${prometheus:alertmanager:bind:port}
ALERTMANAGER_BIND_ADDRESS: ${prometheus:alertmanager:bind:address}
ALERTMANAGER_DISCOVERY_DOMAIN: 'monitoring_alertmanager'
+ ALERTMANAGER_EXTERNAL_URL: "http://${_param:stacklight_monitor_address}:15011"
pushgateway:
networks:
- monitoring
@@ -81,7 +98,7 @@
networks:
- monitoring
deploy:
- replicas: 1
+ replicas: 2
labels:
com.mirantis.monitoring: "prometheus"
restart_policy:
@@ -103,3 +120,4 @@
PROMETHEUS_STORAGE_LOCAL_RETENTION: ${prometheus:server:storage:local:retention}
PROMETHEUS_STORAGE_LOCAL_TARGET_HEAP_SIZE: ${prometheus:server:storage:local:target_heap_size}
PROMETHEUS_STORAGE_LOCAL_NUM_FINGERPRINT_MUTEXES: ${prometheus:server:storage:local:num_fingerprint_mutexes}
+ PROMETHEUS_EXTERNAL_URL: "http://${_param:stacklight_monitor_address}:15010"
diff --git a/docker/swarm/stack/pushkin.yml b/docker/swarm/stack/pushkin.yml
index 71b5f5f..892b4f9 100644
--- a/docker/swarm/stack/pushkin.yml
+++ b/docker/swarm/stack/pushkin.yml
@@ -9,6 +9,12 @@
pushkin_db: pushkin
pushkin_smtp_host: smtp.gmail.com
pushkin_smtp_port: 587
+ webhook_from: your_sender@mail.com
+ pushkin_email_sender_password: your_sender_password
+ webhook_recipients: "recepient1@mail.com,recepient2@mail.com"
+ webhook_login_id: 13
+ webhook_application_id: 24
+ webhook_sfdc_username: your_sfdc_username
docker:
client:
stack:
diff --git a/docker/swarm/stack/rundeck.yml b/docker/swarm/stack/rundeck.yml
index 0710819..8ab0554 100644
--- a/docker/swarm/stack/rundeck.yml
+++ b/docker/swarm/stack/rundeck.yml
@@ -18,7 +18,7 @@
restart_policy:
condition: any
ports:
- - 14440:4440
+ - ${_param:haproxy_rundeck_exposed_port}:${_param:haproxy_rundeck_bind_port}
volumes:
- /srv/volumes/rundeck/etc/framework.properties:/etc/rundeck/framework.properties
- /srv/volumes/rundeck/etc/tokens.properties:/etc/rundeck/tokens.properties
@@ -32,4 +32,4 @@
network:
default:
external:
- name: oss_backend
\ No newline at end of file
+ name: oss_backend
diff --git a/docker/swarm/stack/security_monkey.yml b/docker/swarm/stack/security_monkey.yml
index 33938b2..b5a1100 100644
--- a/docker/swarm/stack/security_monkey.yml
+++ b/docker/swarm/stack/security_monkey.yml
@@ -19,19 +19,19 @@
security_monkey_nginx_port: ${_param:security_monkey_bind_port}
devops_portal_sm_wtf_csrf_enabled: False
security_monkey_sync_interval: 15
- security_monkey_os_ssl_verify: False
- security_monkey_os_endpoint_type: "public"
security_monkey_openstack:
os_account_id: mcp_cloud
os_account_name: mcp_cloud
- username: ""
- password: ""
- auth_url: ""
+ auth_url: http://yourcloud.com:5000/v3/auth/tokens
+ username: admin
+ password: password
project_domain_name: Default
project_name: admin
user_domain_name: Default
- cacert_path: /srv/volumes/rundeck/storage/content/cis/openstack/cert.pem
- cafile: /opt/certs/cert.pem
+ source_credentials: /srv/volumes/rundeck/storage/content/cis/openstack
+ service_credentials: /opt/os_creds
+ endpoint_type: public
+ ssl_verify: False
docker:
client:
stack:
@@ -56,9 +56,9 @@
OS_AUTH_URL: ${_param:security_monkey_openstack:auth_url}
OS_PROJECT_DOMAIN_NAME: ${_param:security_monkey_openstack:project_domain_name}
OS_PROJECT_NAME: ${_param:security_monkey_openstack:project_name}
- OS_SSL_VERIFY: ${_param:security_monkey_os_ssl_verify}
- OS_ENDPOINT_TYPE: ${_param:security_monkey_os_endpoint_type}
- CACERT_PATH: ${_param:security_monkey_openstack:cafile}
+ OS_SSL_VERIFY: ${_param:security_monkey_openstack:ssl_verify}
+ OS_ENDPOINT_TYPE: ${_param:security_monkey_openstack:endpoint_type}
+ CACERT_PATH: ${_param:security_monkey_openstack:service_credentials}/cert.pem
USER_DOMAIN_NAME: ${_param:security_monkey_openstack:user_domain_name}
SM_WTF_CSRF_ENABLED: ${_param:devops_portal_sm_wtf_csrf_enabled}
SECURITY_MONKEY_SYNC_INTERVAL: ${_param:security_monkey_sync_interval}
@@ -75,7 +75,7 @@
- ${_param:haproxy_security_monkey_exposed_port}:${_param:haproxy_security_monkey_bind_port}
volumes:
- /srv/volumes/security_monkey/logs:/var/log/security_monkey/logs
- - ${_param:security_monkey_openstack:cacert_path}:${_param:security_monkey_openstack:cafile}:ro
+ - ${_param:security_monkey_openstack:source_credentials}:${_param:security_monkey_openstack:service_credentials}:ro
security-audit-scheduler:
image: ${_param:docker_image_security_monkey_scheduler}
deploy:
@@ -84,7 +84,7 @@
condition: any
volumes:
- /srv/volumes/security_monkey/logs:/var/log/security_monkey/logs
- - ${_param:security_monkey_openstack:cacert_path}:${_param:security_monkey_openstack:cafile}:ro
+ - ${_param:security_monkey_openstack:source_credentials}:${_param:security_monkey_openstack:service_credentials}:ro
network:
default:
external:
diff --git a/gerrit/client/project/ci.yml b/gerrit/client/project/ci.yml
index 86ff699..3e36556 100644
--- a/gerrit/client/project/ci.yml
+++ b/gerrit/client/project/ci.yml
@@ -1,11 +1,15 @@
parameters:
+ _param:
+ gerrit_pipeline_library_repo: https://github.com/Mirantis/pipeline-library
+ gerrit_mk_pipelines_repo: https://github.com/Mirantis/mk-pipelines
+ gerrit_decapod_pipelines_repo: https://github.com/mateuszlos/decapod-pipelines
gerrit:
client:
project:
mcp-ci/pipeline-library:
enabled: true
description: Jenkins pipeline libraries
- upstream: https://github.com/Mirantis/pipeline-library
+ upstream: ${_param:gerrit_pipeline_library_repo}
access: ${gerrit:client:default_access}
require_change_id: true
require_agreement: false
@@ -13,7 +17,7 @@
mk/mk-pipelines:
enabled: true
description: Jenkins pipelines
- upstream: https://github.com/Mirantis/mk-pipelines
+ upstream: ${_param:gerrit_mk_pipelines_repo}
access: ${gerrit:client:default_access}
require_change_id: true
require_agreement: false
@@ -21,7 +25,7 @@
mk/decapod-pipelines:
enabled: true
description: Decapod jenkins pipelines
- upstream: https://github.com/mateuszlos/decapod-pipelines
+ upstream: ${_param:gerrit_decapod_pipelines_repo}
access: ${gerrit:client:default_access}
require_change_id: true
require_agreement: false
diff --git a/haproxy/proxy/listen/cicd/aptly.yml b/haproxy/proxy/listen/cicd/aptly.yml
index 35ae3d6..e170a5d 100644
--- a/haproxy/proxy/listen/cicd/aptly.yml
+++ b/haproxy/proxy/listen/cicd/aptly.yml
@@ -1,4 +1,4 @@
-parameters:
+gerreparameters:
_param:
haproxy_aptly_api_bind_host: ${_param:haproxy_bind_address}
haproxy_aptly_api_bind_port: 8084
@@ -24,15 +24,7 @@
- name: ${_param:cluster_node01_name}
host: ${_param:cluster_node01_address}
port: 18084
- params: check
- - name: ${_param:cluster_node02_name}
- host: ${_param:cluster_node02_address}
- port: 18084
- params: backup check
- - name: ${_param:cluster_node03_name}
- host: ${_param:cluster_node03_address}
- port: 18084
- params: backup check
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
aptly-public:
mode: http
options:
@@ -45,14 +37,6 @@
port: ${_param:haproxy_aptly_public_bind_port}
servers:
- name: ${_param:cluster_node01_name}
- host: ${_param:cluster_node01_address}
+ host: localhost
port: 18085
- params: check
- - name: ${_param:cluster_node02_name}
- host: ${_param:cluster_node02_address}
- port: 18085
- params: check
- - name: ${_param:cluster_node03_name}
- host: ${_param:cluster_node03_address}
- port: 18085
- params: check
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
diff --git a/haproxy/proxy/listen/cicd/artifactory.yml b/haproxy/proxy/listen/cicd/artifactory.yml
index 349d998..cb6184e 100644
--- a/haproxy/proxy/listen/cicd/artifactory.yml
+++ b/haproxy/proxy/listen/cicd/artifactory.yml
@@ -12,27 +12,25 @@
mode: http
options:
- forwardfor
-# - httpchk
+ - httpchk
- httpclose
- httplog
balance: source
+ acl:
+ is_docker: "path_reg ^/v[12][/.]*"
http_request:
+ - action: "add-header X-Artifactory-Override-Base-Url https://%[req.hdr(host)]/artifactory"
+ condition: "if is_docker"
- action: "add-header X-Forwarded-Proto https"
condition: "if { ssl_fc }"
+ - action: "set-path /artifactory/api/docker/%[req.hdr(host),lower,field(1,'.')]%[path]"
+ condition: "if is_docker "
binds:
- address: ${_param:haproxy_artifactory_bind_host}
port: ${_param:haproxy_artifactory_bind_port}
ssl: ${_param:haproxy_artifactory_ssl}
servers:
- name: ${_param:cluster_node01_name}
- host: ${_param:cluster_node01_address}
+ host: localhost
port: 18082
- params: check
- - name: ${_param:cluster_node02_name}
- host: ${_param:cluster_node02_address}
- port: 18082
- params: backup check
- - name: ${_param:cluster_node03_name}
- host: ${_param:cluster_node03_address}
- port: 18082
- params: backup check
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
\ No newline at end of file
diff --git a/haproxy/proxy/listen/cicd/gerrit.yml b/haproxy/proxy/listen/cicd/gerrit.yml
index 3ee21b1..f6ded20 100644
--- a/haproxy/proxy/listen/cicd/gerrit.yml
+++ b/haproxy/proxy/listen/cicd/gerrit.yml
@@ -13,7 +13,7 @@
mode: http
options:
- forwardfor
-# - httpchk
+ - httpchk
- httpclose
- httplog
balance: source
@@ -26,17 +26,9 @@
ssl: ${_param:haproxy_gerrit_ssl}
servers:
- name: ${_param:cluster_node01_name}
- host: ${_param:cluster_node01_address}
+ host: localhost
port: 18083
- params: check
- - name: ${_param:cluster_node02_name}
- host: ${_param:cluster_node02_address}
- port: 18083
- params: backup check
- - name: ${_param:cluster_node03_name}
- host: ${_param:cluster_node03_address}
- port: 18083
- params: backup check
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
gerrit_ssh:
mode: tcp
balance: source
@@ -45,14 +37,7 @@
port: ${_param:haproxy_gerrit_ssh_bind_port}
servers:
- name: ${_param:cluster_node01_name}
- host: ${_param:cluster_node01_address}
+ host: localhost
port: 29417
- params: check
- - name: ${_param:cluster_node02_name}
- host: ${_param:cluster_node02_address}
- port: 29417
- params: backup check
- - name: ${_param:cluster_node03_name}
- host: ${_param:cluster_node03_address}
- port: 29417
- params: backup check
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+
diff --git a/haproxy/proxy/listen/cicd/jenkins.yml b/haproxy/proxy/listen/cicd/jenkins.yml
index eda12f8..150fac0 100644
--- a/haproxy/proxy/listen/cicd/jenkins.yml
+++ b/haproxy/proxy/listen/cicd/jenkins.yml
@@ -13,7 +13,7 @@
mode: http
options:
- forwardfor
-# - httpchk
+ - httpchk
- httpclose
- httplog
balance: source
@@ -28,17 +28,9 @@
ssl: ${_param:haproxy_jenkins_ssl}
servers:
- name: ${_param:cluster_node01_name}
- host: ${_param:cluster_node01_address}
+ host: localhost
port: 18081
- params: check
- - name: ${_param:cluster_node02_name}
- host: ${_param:cluster_node02_address}
- port: 18081
- params: backup check
- - name: ${_param:cluster_node03_name}
- host: ${_param:cluster_node03_address}
- port: 18081
- params: backup check
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
jenkins_jnlp:
mode: tcp
balance: source
@@ -47,14 +39,6 @@
port: ${_param:haproxy_jenkins_jnlp_bind_port}
servers:
- name: ${_param:cluster_node01_name}
- host: ${_param:cluster_node01_address}
+ host: localhost
port: 50001
- params: check
- - name: ${_param:cluster_node02_name}
- host: ${_param:cluster_node02_address}
- port: 50001
- params: backup check
- - name: ${_param:cluster_node03_name}
- host: ${_param:cluster_node03_address}
- port: 50001
- params: backup check
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
diff --git a/haproxy/proxy/listen/docker/registry.yml b/haproxy/proxy/listen/docker/registry.yml
index 8d45e97..e0f63e8 100644
--- a/haproxy/proxy/listen/docker/registry.yml
+++ b/haproxy/proxy/listen/docker/registry.yml
@@ -23,14 +23,7 @@
ssl: ${_param:haproxy_docker_registry_ssl}
servers:
- name: ${_param:cluster_node01_name}
- host: ${_param:cluster_node01_address}
+ host: localhost
port: 15000
- params: check
- - name: ${_param:cluster_node02_name}
- host: ${_param:cluster_node02_address}
- port: 15000
- params: check
- - name: ${_param:cluster_node03_name}
- host: ${_param:cluster_node03_address}
- port: 15000
- params: check
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+
diff --git a/haproxy/proxy/listen/docker/visualizer.yml b/haproxy/proxy/listen/docker/visualizer.yml
index 6fec3ba..d4e74bb 100644
--- a/haproxy/proxy/listen/docker/visualizer.yml
+++ b/haproxy/proxy/listen/docker/visualizer.yml
@@ -8,7 +8,7 @@
mode: http
options:
- forwardfor
-# - httpchk
+ - httpchk
- httpclose
- httplog
balance: source
@@ -17,14 +17,6 @@
port: ${_param:haproxy_docker_visualizer_listen_port}
servers:
- name: ${_param:cluster_node01_name}
- host: ${_param:cluster_node01_address}
+ host: localhost
port: 18090
- params: check
- - name: ${_param:cluster_node02_name}
- host: ${_param:cluster_node02_address}
- port: 18090
- params: check
- - name: ${_param:cluster_node03_name}
- host: ${_param:cluster_node03_address}
- port: 18090
- params: check
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
\ No newline at end of file
diff --git a/haproxy/proxy/listen/oss/rundeck.yml b/haproxy/proxy/listen/oss/rundeck.yml
index fbabb38..120a9ea 100644
--- a/haproxy/proxy/listen/oss/rundeck.yml
+++ b/haproxy/proxy/listen/oss/rundeck.yml
@@ -2,6 +2,7 @@
_param:
haproxy_rundeck_bind_host: ${_param:haproxy_bind_address}
haproxy_rundeck_bind_port: 4440
+ haproxy_rundeck_exposed_port: 14440
haproxy_rundeck_ssl:
enabled: false
haproxy:
@@ -25,13 +26,13 @@
servers:
- name: ${_param:cluster_node01_name}
host: ${_param:cluster_node01_address}
- port: 14440
+ port: ${_param:haproxy_rundeck_exposed_port}
params: check
- name: ${_param:cluster_node02_name}
host: ${_param:cluster_node02_address}
- port: 14440
+ port: ${_param:haproxy_rundeck_exposed_port}
params: backup check
- name: ${_param:cluster_node03_name}
host: ${_param:cluster_node03_address}
- port: 14440
+ port: ${_param:haproxy_rundeck_exposed_port}
params: backup check
diff --git a/jenkins/client/approved_scripts.yml b/jenkins/client/approved_scripts.yml
index 62bab8d..4e3d1d1 100644
--- a/jenkins/client/approved_scripts.yml
+++ b/jenkins/client/approved_scripts.yml
@@ -130,3 +130,4 @@
- method org.jenkinsci.plugins.workflow.support.steps.build.RunWrapper getRawBuild
- method hudson.model.Actionable getAction java.lang.Class
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods toSorted java.lang.Iterable
+ - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods intersect java.util.List java.lang.Iterable
diff --git a/jenkins/client/job/aptly.yml b/jenkins/client/job/aptly.yml
index c6a5755..256c04a 100644
--- a/jenkins/client/job/aptly.yml
+++ b/jenkins/client/job/aptly.yml
@@ -75,6 +75,9 @@
RECREATE:
type: boolean
default: 'false'
+ DUMP_PUBLISH:
+ type: boolean
+ default: 'true'
DIFF_ONLY:
type: boolean
default: '{{diff_only}}'
diff --git a/jenkins/client/job/debian/packages/extra.yml b/jenkins/client/job/debian/packages/extra.yml
index c726008..13ee191 100644
--- a/jenkins/client/job/debian/packages/extra.yml
+++ b/jenkins/client/job/debian/packages/extra.yml
@@ -181,6 +181,14 @@
dist: xenial
build: prometheus-relay
branch: master
+ - package: python-datrie
+ dist: xenial
+ build: pipeline
+ branch: debian/xenial
+ - package: contrail-api-cli
+ dist: xenial
+ build: pipeline
+ branch: debian/xenial
template:
type: workflow-scm
concurrent: false
diff --git a/jenkins/client/job/deploy/lab/component/kubernetes.yml b/jenkins/client/job/deploy/lab/component/kubernetes.yml
index 5ef3bd9..62526f7 100644
--- a/jenkins/client/job/deploy/lab/component/kubernetes.yml
+++ b/jenkins/client/job/deploy/lab/component/kubernetes.yml
@@ -33,3 +33,9 @@
stack_install: core,k8s,contrail
stack_test: ""
job_timer: "H H(0-6) * * *"
+ - stack_name: k8s_ha_calico_sm
+ stack_env: devcloud
+ stack_type: aws
+ stack_install: core,k8s,calico
+ stack_test: ""
+ job_timer: "H H(0-6) * * *"
diff --git a/jenkins/client/job/deploy/lab/component/openstack.yml b/jenkins/client/job/deploy/lab/component/openstack.yml
index 1e1d334..0e526c6 100644
--- a/jenkins/client/job/deploy/lab/component/openstack.yml
+++ b/jenkins/client/job/deploy/lab/component/openstack.yml
@@ -20,6 +20,12 @@
stack_install: core,openstack,contrail
stack_test: ""
job_timer: "H H(0-6) * * *"
+ - stack_name: os_ha_contrail_ironic
+ stack_env: devcloud
+ stack_type: heat
+ stack_install: core,openstack,contrail
+ stack_test: ""
+ job_timer: ""
- stack_name: os_ha_ovs
stack_env: devcloud
stack_type: heat
diff --git a/jenkins/client/job/deploy/lab/deploy.yml b/jenkins/client/job/deploy/lab/deploy.yml
index 54a13ad..4a18e8e 100644
--- a/jenkins/client/job/deploy/lab/deploy.yml
+++ b/jenkins/client/job/deploy/lab/deploy.yml
@@ -68,6 +68,10 @@
type: string
default: 'deploy-stack-cleanup'
+ STACK_RECLASS_BRANCH:
+ type: string
+ default: ""
+
# salt
SALT_MASTER_CREDENTIALS:
type: string
diff --git a/jenkins/client/job/deploy/update/config.yml b/jenkins/client/job/deploy/update/config.yml
index 9beabfb..e956736 100644
--- a/jenkins/client/job/deploy/update/config.yml
+++ b/jenkins/client/job/deploy/update/config.yml
@@ -42,4 +42,7 @@
TARGET_BATCH_LIVE:
type: string
description: Batch size for the complete live config changes on all nodes, empty string means apply to all targetted nodes.
-
+ PULL_MODEL:
+ type: boolean
+ default: 'true'
+ description: Pull the latest reclass cluster model before applying the states.
diff --git a/jenkins/client/job/docker/build-images.yml b/jenkins/client/job/docker/build-images.yml
index ca1d058..61f1e6d 100644
--- a/jenkins/client/job/docker/build-images.yml
+++ b/jenkins/client/job/docker/build-images.yml
@@ -26,7 +26,7 @@
trigger:
gerrit:
project:
- "mk/docker-{{name}}":
+ "{{repo}}/docker-{{name}}":
branches:
- master
event:
@@ -54,3 +54,6 @@
DOCKER_GIT_TAG:
type: boolean
default: "true"
+ EXTRA_REPO_URL:
+ type: string
+ default: "${_param:jenkins_aptly_url}"
diff --git a/jenkins/client/job/git-mirrors/upstream/init.yml b/jenkins/client/job/git-mirrors/upstream/init.yml
index e11e63c..cc267d9 100644
--- a/jenkins/client/job/git-mirrors/upstream/init.yml
+++ b/jenkins/client/job/git-mirrors/upstream/init.yml
@@ -25,7 +25,8 @@
project:
"{{downstream}}":
branches:
- - master
+ - compare_type: "REG_EXP"
+ name: "(.*?)"
message:
build_successful: "Build successful"
build_unstable: "Build unstable"
diff --git a/jenkins/client/job/opencontrail/build/generic.yml b/jenkins/client/job/opencontrail/build/generic.yml
index f21eaa9..14dd93c 100644
--- a/jenkins/client/job/opencontrail/build/generic.yml
+++ b/jenkins/client/job/opencontrail/build/generic.yml
@@ -95,6 +95,22 @@
upload_source_package: true
dpdk: contrail_dpdk_17_02
build_trigger: "H H(20-23) * * *"
+ - buildname: oc41
+ os: ubuntu
+ dist: trusty
+ branch: R4.1
+ ppa: mirantis-opencontrail/opencontrail-4.1
+ upload_source_package: true
+ dpdk: contrail_dpdk_17_02
+ build_trigger: "H H(20-23) * * *"
+ - buildname: oc41
+ os: ubuntu
+ dist: xenial
+ branch: R4.1
+ ppa: mirantis-opencontrail/opencontrail-4.1
+ upload_source_package: true
+ dpdk: contrail_dpdk_17_02
+ build_trigger: "H H(20-23) * * *"
- buildname: oc666
os: ubuntu
dist: trusty
diff --git a/jenkins/client/job/opencontrail/init.yml b/jenkins/client/job/opencontrail/init.yml
index e07adaf..34cc4e5 100644
--- a/jenkins/client/job/opencontrail/init.yml
+++ b/jenkins/client/job/opencontrail/init.yml
@@ -3,12 +3,12 @@
- system.jenkins.client.job.opencontrail.git-mirrors
parameters:
_param:
- contrail_branches: "R3.0.2.x,R3.0.3.x,R3.1,R3.1.1.x,R3.2,R3.2.3.x,R4.0,master"
+ contrail_branches: "R3.0.2.x,R3.0.3.x,R3.1,R3.1.1.x,R3.2,R3.2.3.x,R4.0,R4.1,master"
contrail_kubernetes_branches: "master,release-1.2"
contrail_dpdk_extra_branches: "mitaka,mitaka_dpdk_17_02,mitaka_dpdk_17_05,kilo,liberty-multiqueue,newton,ocata"
- contrail_ceilometer_plugin_branches: "master,R4.0"
+ contrail_ceilometer_plugin_branches: "master,R4.0,R4.1"
contrail_kubernetes_branches: "master,origin-1.1,origin-1.1.3,release-1.1,release-1.2"
- contrail_dpdk_branches: "master,R3.0.2.x,R3.0.3.x,R3.1,R3.1.1.x,R3.2,R3.2.3.x,R4.0,R4.0.1,contrail_dpdk_17_02,contrail_dpdk_17_05,contrail_dpdk_1_7,contrail_dpdk_2_0,contrail_dpdk_2_1"
+ contrail_dpdk_branches: "master,R3.0.2.x,R3.0.3.x,R3.1,R3.1.1.x,R3.2,R3.2.3.x,R4.0,R4.0.1,R4.1,contrail_dpdk_17_02,contrail_dpdk_17_05,contrail_dpdk_1_7,contrail_dpdk_2_0,contrail_dpdk_2_1"
jenkins:
client:
view:
@@ -31,5 +31,7 @@
naming_rule: "R3.2.3.x"
- group_regex: "build-opencontrail-oc40-.*"
naming_rule: "R4.0"
+ - group_regex: "build-opencontrail-oc41-.*"
+ naming_rule: "R4.1"
- group_regex: "build-opencontrail-oc666-.*"
naming_rule: "oc-666"
diff --git a/jenkins/client/job/oss/init.yml b/jenkins/client/job/oss/init.yml
index f8b5bdc..9478ffd 100644
--- a/jenkins/client/job/oss/init.yml
+++ b/jenkins/client/job/oss/init.yml
@@ -1,4 +1,5 @@
classes:
- system.jenkins.client.job.oss.test_devops_portal
- system.jenkins.client.job.oss.test_devops_portal_nightly
+ - system.jenkins.client.job.oss.test_pushkin_codebase
- system.jenkins.client.job.oss.test_security_monkey_openstack
diff --git a/jenkins/client/job/oss/test_pushkin_codebase.yml b/jenkins/client/job/oss/test_pushkin_codebase.yml
new file mode 100644
index 0000000..245f1d8
--- /dev/null
+++ b/jenkins/client/job/oss/test_pushkin_codebase.yml
@@ -0,0 +1,50 @@
+parameters:
+ jenkins:
+ client:
+ job:
+ test-oss-pushkin-codebase:
+ name: test-oss-pushkin-codebase
+ discard:
+ build:
+ keep_num: 15
+ artifact:
+ keep_num: 15
+ type: workflow-scm
+ concurrent: true
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/oss/jenkins/pipelines"
+ credentials: "gerrit"
+ script: test-pushkin-pipeline.groovy
+ trigger:
+ gerrit:
+ project:
+ "oss/pushkin":
+ branches:
+ - devel
+ - master
+ skip_vote:
+ - successful
+ - failed
+ - unstable
+ - not_built
+ event:
+ patchset:
+ - created:
+ excludeDrafts: false
+ excludeTrivialRebase: false
+ excludeNoCodeChange: false
+ comment:
+ - addedContains:
+ commentAddedCommentContains: '^(?s:Patch Set \d+:.*(test|recheck|reverify)\s*)$'
+ param:
+ CREDENTIALS_ID:
+ type: string
+ default: "gerrit"
+ DEFAULT_GIT_URL:
+ type: string
+ default: "${_param:jenkins_gerrit_url}/oss/pushkin"
+ DEFAULT_GIT_REF:
+ type: string
+ default: master
+ description: "Refspec in format refs/changes/, i.e. refs/changes/32/10332/4"
diff --git a/jenkins/client/job/salt-models/tests.yml b/jenkins/client/job/salt-models/tests.yml
index 3233495..fc1fc5f 100644
--- a/jenkins/client/job/salt-models/tests.yml
+++ b/jenkins/client/job/salt-models/tests.yml
@@ -98,8 +98,8 @@
PARALLEL_NODE_GROUP_SIZE:
type: string
default: "5"
- test_salt_model_cookiecutter:
- name: test-salt-model-cookiecutter-{{cookiecutter_template}}
+ test_mk_cookiecutter_templates:
+ name: test-mk-{{cookiecutter_template}}
jobs:
- cookiecutter_template: cookiecutter-templates
template:
diff --git a/jenkins/client/job/test_pipelines.yml b/jenkins/client/job/test_pipelines.yml
index 822084d..b1b782a 100644
--- a/jenkins/client/job/test_pipelines.yml
+++ b/jenkins/client/job/test_pipelines.yml
@@ -7,6 +7,8 @@
jobs:
- name: mk-mk-pipelines
repo: mk/mk-pipelines
+ - name: mcp-ci-pipeline-library
+ repo: mcp-ci/pipeline-library
- name: oss-jenkins-pipelines
repo: oss/jenkins/pipelines
template:
diff --git a/jenkins/client/node.yml b/jenkins/client/node.yml
index 321951a..e5e4d3b 100644
--- a/jenkins/client/node.yml
+++ b/jenkins/client/node.yml
@@ -7,6 +7,8 @@
master:
node_mode: Exclusive
remote_home: /var/lib/jenkins
+ labels:
+ - python
launcher:
type: master
slave01:
diff --git a/linux/system/repo/docker.yml b/linux/system/repo/docker.yml
index c527aa8..bb36728 100644
--- a/linux/system/repo/docker.yml
+++ b/linux/system/repo/docker.yml
@@ -3,7 +3,6 @@
system:
repo:
docker:
- source: "deb https://apt.dockerproject.org/repo ubuntu-${_param:linux_system_codename} main"
+ source: 'deb [arch=amd64] https://download.docker.com/linux/ubuntu/ ${_param:linux_system_codename} stable'
architectures: amd64
- key_id: 58118E89F3A912897C070ADBF76221572C52609D
- key_server: keyserver.ubuntu.com
+ key_url: https://download.docker.com/linux/ubuntu/gpg
diff --git a/linux/system/repo/elasticsearch.yml b/linux/system/repo/elasticsearch.yml
index 60f6fd0..2030114 100644
--- a/linux/system/repo/elasticsearch.yml
+++ b/linux/system/repo/elasticsearch.yml
@@ -5,4 +5,8 @@
elasticsearch:
source: "deb http://packages.elastic.co/elasticsearch/2.x/debian stable main"
architectures: amd64
- key_url: "https://packages.elastic.co/GPG-KEY-elasticsearch"
\ No newline at end of file
+ key_url: "https://packages.elastic.co/GPG-KEY-elasticsearch"
+ elasticsearch_curator:
+ source: "deb http://packages.elastic.co/curator/4/debian stable main"
+ architectures: amd64
+ key_url: "https://packages.elastic.co/GPG-KEY-elasticsearch"
diff --git a/linux/system/single/debian.yml b/linux/system/single/debian.yml
new file mode 100644
index 0000000..b6d0b2b
--- /dev/null
+++ b/linux/system/single/debian.yml
@@ -0,0 +1,10 @@
+classes:
+- system.linux.system.single
+
+# DEBIAN family overrides
+parameters:
+ linux:
+ system:
+ package:
+ python-msgpack:
+ version: latest
diff --git a/linux/system/single.yml b/linux/system/single/init.yml
similarity index 91%
rename from linux/system/single.yml
rename to linux/system/single/init.yml
index d7e03e8..1e68380 100644
--- a/linux/system/single.yml
+++ b/linux/system/single/init.yml
@@ -4,18 +4,21 @@
- system.openssh.server.single
- system.ntp.client.single
parameters:
+ _param:
+ local_package_repos: false
linux:
system:
+ local_package_repos: ${_param:local_package_repos}
user:
root:
enabled: true
name: root
home: /root
package:
- python-msgpack:
- version: latest
cloud-init:
version: purged
+ unattended-updates:
+ version: purged
mcelog:
version: latest
kernel:
diff --git a/linux/system/single/rhel.yml b/linux/system/single/rhel.yml
new file mode 100644
index 0000000..38dba03
--- /dev/null
+++ b/linux/system/single/rhel.yml
@@ -0,0 +1,4 @@
+classes:
+- system.linux.system.single
+
+# RHEL family overrides
diff --git a/openssh/server/team/l1_support.yml b/openssh/server/team/l1_support.yml
index 9d2a4c9..1db07d6 100644
--- a/openssh/server/team/l1_support.yml
+++ b/openssh/server/team/l1_support.yml
@@ -13,6 +13,7 @@
- system.openssh.server.team.members.deniskostriukov
- system.openssh.server.team.members.dmitrygoloshubov
- system.openssh.server.team.members.javierdiaz
+- system.openssh.server.team.members.jorgesorondo
- system.openssh.server.team.members.josuepalmerin
- system.openssh.server.team.members.krzysztoffranckowski
- system.openssh.server.team.members.matthewroark
diff --git a/openssh/server/team/members/jorgesorondo.yml b/openssh/server/team/members/jorgesorondo.yml
new file mode 100644
index 0000000..9f6a1c5
--- /dev/null
+++ b/openssh/server/team/members/jorgesorondo.yml
@@ -0,0 +1,22 @@
+parameters:
+ linux:
+ system:
+ user:
+ jsorondo:
+ enabled: true
+ name: jsorondo
+ sudo: ${_param:linux_system_user_sudo}
+ full_name: Jorge Sorondo
+ home: /home/jsorondo
+ email: jsorondo@mirantis.com
+ openssh:
+ server:
+ enabled: true
+ user:
+ jsorondo:
+ enabled: true
+ public_keys: ${public_keys:jsorondo}
+ user: ${linux:system:user:jsorondo}
+ public_keys:
+ jsorondo:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDQifWsY+b8n8imC0NaP1zVpgihzIT+8A5w35W8dF7YyGcgGOYAcmTRV2Wqm8el9iLsW1ANOdjjulZ/jAzicVwh5IEq9MYjNl4+YjThDN9J1yvw9BjkXPs0Ymrqt4Xq9wZdE5c3P6DaoicxOCEpaL3t1ZxigAcMpQxa5qSyxeY0mvr5eb9O6I0eznEsSjikHOJPaWTdAG5Wx6acwhqB6G7gAF0fpE3Hn+enmtAiqJQVnaBKeX06isMPxyabaNgDCdw1jIJ+uHa3RFRXlucResGiJiDggP+GabKenrSkig8xUWk6UBoO3h28fzEF/J3LSJbL2dHTcWLIrdPZJFVj/0l/
diff --git a/openssh/server/team/services.yml b/openssh/server/team/services.yml
index 564fc32..9fb36c9 100644
--- a/openssh/server/team/services.yml
+++ b/openssh/server/team/services.yml
@@ -1,9 +1,12 @@
classes:
- system.linux.system.sudo
- system.openssh.server.team.members.mniedbala
+- system.openssh.server.team.members.pmichalec
+- system.openssh.server.team.members.pcizinsky
+- system.openssh.server.team.members.lmercl
+- system.openssh.server.team.members.korlowska
+- system.openssh.server.team.members.miwinski
+- system.openssh.server.team.members.mlos
parameters:
- linux:
- system:
- user:
- mniedbala:
- sudo: true
+ _param:
+ linux_system_user_sudo: true
diff --git a/openssh/server/team/stacklight.yml b/openssh/server/team/stacklight.yml
index 1133135..5e2f9d3 100644
--- a/openssh/server/team/stacklight.yml
+++ b/openssh/server/team/stacklight.yml
@@ -18,13 +18,6 @@
full_name: Simon Pasquier
home: /home/spasquier
email: spasquier@mirantis.com
- ppetit:
- enabled: true
- name: ppetit
- sudo: true
- full_name: Patrick Petit
- home: /home/ppetit
- email: ppetit@mirantis.com
obourdon:
enabled: true
name: obourdon
@@ -81,6 +74,13 @@
full_name: Krzysztof Szukiełojć
home: /home/kszukielojc
email: kszukielojc@mirantis.com
+ bkupidura:
+ enabled: true
+ name: bkupidura
+ sudo: true
+ full_name: Bartosz Kupidura
+ home: /home/bkupidura
+ email: bkupidura@mirantis.com
isviridov:
enabled: true
name: isviridov
@@ -111,58 +111,58 @@
public_keys:
- ${public_keys:spasquier}
user: ${linux:system:user:spasquier}
- ppetit:
- enabled: true
- public_keys:
- - ${public_keys:ppetit}
- user: ${linux:system:user:ppetit}
obourdon:
- enable: true
+ enabled: true
public_keys:
- ${public_keys:obourdon}
user: ${linux:system:user:obourdon}
dkalashnik:
- enable: true
+ enabled: true
public_keys:
- ${public_keys:dkalashnik}
user: ${linux:system:user:dkalashnik}
rpromyshlennikov:
- enable: true
+ enabled: true
public_keys:
- ${public_keys:rpromyshlennikov}
user: ${linux:system:user:rpromyshlennikov}
vgusev:
- enable: true
+ enabled: true
public_keys:
- ${public_keys:vgusev}
user: ${linux:system:user:vgusev}
mpolreich:
- enable: true
+ enabled: true
public_keys:
- ${public_keys:mpolreich}
user: ${linux:system:user:mpolreich}
isvetlov:
- enable: true
+ enabled: true
public_keys:
- ${public_keys:isvetlov}
user: ${linux:system:user:isvetlov}
akholkin:
- enable: true
+ enabled: true
public_keys:
- ${public_keys:akholkin}
user: ${linux:system:user:akholkin}
kszukielojc:
- enable: true
+ enabled: true
public_keys:
- ${public_keys:kszukielojc}
user: ${linux:system:user:kszukielojc}
- isviridov:
+ bkupidura:
enable: true
public_keys:
+ - ${public_keys:bkupidura}
+ user: ${linux:system:user:bkupidura}
+ isviridov:
+ enabled: true
+ public_keys:
- ${public_keys:isviridov}
user: ${linux:system:user:isviridov}
nzaporozhets:
- enable: true
+ enabled: true
public_keys:
- ${public_keys:nzaporozhets}
user: ${linux:system:user:nzaporozhets}
@@ -171,8 +171,6 @@
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3odU+3V2uDA2ptAFL9hrJRPNEEdAyztWOZFQ5Oyd9oerTGOU3p4xmrgWWjfKFKbYGhiiIUcYAol5PkTfKukGEkkjCHYA1t023soCaaAj85wCZCnw2zQNAziwxTYmAzTqgxiSvtZNMMrtJvFHRIRDzJ3M1lV0prWNWkMM1/3FAd4W49y6VT3fkMCo8uqG7CfGdgR2DgBCxf9KaNPfW5eDEPOgmE5lK8tVSEI6T+Cg7hbcTf4lFYnlFBnlQgp/0JstsM4Vbwb4B34LOpOsf2S8rrWk2xQMjwaMHXkc2s/E8iW3F5nVFuyEXYISFQIiAHw8dzC6CHgLcyHUVWwznKawZ newt@newt-dev1
spasquier:
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXBHKQaGUNB92DsnyvflmCbmuXnkiuNahZiue3hnyXqLA2q8jmQmzBbxReAJzexnVfJhrUCTw8IPJUpMUP27u3igvGdkhfctdUuxVf9yGJErtGNgHK/aGbeLCvUOmhw6X/xbf3IbyFL1gwxOJ2cmmjlSptYU9E1W2xFY+IMFWBhzO3vso5EABgPVli/UUMfeXUUd++lIZpoyYe2Hkri1QGNhzfbZcFjEO78+vNiLZrvjJEtkXWu7iZTYK6eE365CiFJzqFL7N6Ichb28qakcmVqR/foreuz3cOMqMGssKoOQk1213x8w4fE0yLwf9Ft8L7GMf+vXQvuNt0ZKBPWqn7 spasquier@mirantis.com
- ppetit:
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCUGCb+mGidT4FRa4rJxoYx39NX2vCjRw+CmCQJW/Uf6xc0NNp5WRWJ0hnyIMRVVfehvfjdXPo4bO4cXIwmo06C1Wx+DMyvjI9NvuHtt52p3QTsh+PYZe5t4hFuGh7veWQw3LuLtDLVlVS633FQMgT/BXDaBc65yfN9CuV6lHqZ6KPKoGAi3ADlcQFqhFttO+GsVkxd6uGtelnbYXsDMwylCIKop0C/obu6wG85d/8Q2/Zts5CvUcCiCNfZtl8otgNMrpfnuhC0xAsmgwDxqK2kshxUujclyFfO7ixl+E9Plc7kUJvodNbzOcAmY3YpuHVoJQkHx/Ou81/q+JOVtFxz ppetit@baobab
obourdon:
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDOd0PnoQhjjo/UrmCotaGZxXfpxLoMmuZ+XjKqAkEb9kE+aE0+k8t2EUs8PIctEgIcIC9vmovqOzIt5uNLV5MyN4R+pdIBKyWEQ5fQPaFhn/uZKf7AxLYhTVVW1wM+cDzrpWTyNQ0w59JBfNPZ/BDMtdpch9gTP24pwJ8yUDHHMSt1FnVqa7+Czw8jig4/oM05Mob5DQKlWOdtdUP3XYHSGJuHY4tHmc5sPvzIqs5r47uj5VD4gaCUqYeRS2C1YJcisN880qIqUHuCK0k9gQP+0DKJPVPmPPCuwebBzUUfjhKcbqiikKxPS0p4DWiprmeF8xjvmVWX+V8lP/v0hXiVgMc3wMoXJklH+XM7U5y5uzN8MF4YqAi4M/uSK5UF+TPn5dtu9s+joQmqt5XXaV4iFQe5kcdIYEMNJUGxiwMzByhvqWgC1reYSD8FquqLTH/5ITvFFmaTyQbBJMnXAE+QxdTXMfhTnfI/pbbhAUmfr5w8Z34lZG5UDnUy/rR+LlvJS76MqCr3nemZTHqhUYIrIJA8f9Xa8o9UJTy2QICdj2NidW1UzHCPybc/nH7qc6TjZJALLdhzK2QDbO6seJLOXuVHwSxjOx2Jdv5HImpFSeEfiGRQqc8bT+NGZI5V+cW+FuztU8i46VaSPXFM8t+57Ut/MdndAVYSPqgc7E3u3w== obourdon@mirantis.com
dkalashnik:
@@ -189,6 +187,8 @@
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDjpy9RI6iEDH/04eOOwreDa+R32USZiWxyFiKHa8zoDAlOfwaZVg6mZWepOxzwxCJPYusPGXCwQ6Zw9tHxVWOCgtzzPpsCCfhUU4v+99Wh08//W8d/s/WFka+5vqyskAO5Z8Ekk+kQU+jpUBG8/gMxAPBjj0fFc5BNeqDY9r9nmMNK6N2RVjvA6wZ8G5hLGxL9bn5Prhf/+avui1NAfy6gsT/mRt1W+eHWTvpijyNGm+m83jU34dQO6gE48n6WdSylLh/fY/p31rzAURaq1V/AZhdbSuZ8aJYDnfHevpK5+hMjoOop3v3hb7WHEmybGujQfW5HVaaWmG7SFlHeKGE/gZ2P9T+bQ+SgO+PmEAw4LayiBkzTPAHdZ2UGZe+3BI5gdM/ayovK2WVO1jS5FNlNGIvEQW+ws9V+ph+S1jL4jobDJEjs358iXrAYpf4JL+LvxFHiuj6EL51tbo8EU22z5mmgRQQ5eFrDzBuVLhcim651A3a5iSlmCeAQ5rTmHX/Op/PbK+3vAtI8vnlK4AhycLvWQ3kK2DRx+Uhzrlk5v6E14SopAhvpGOHqrLgmoHwHp1xt/9M1JgxkOUK5gccFKTQduxLHoTNBaNcP60IOG/MjqUPcOXSBcAN4Y1RDBg+pwXe4PFgOzwKdFoYeuhvtm8y185S0IvvfCHLCD8pNfQ== akholkin@mirantis.com
kszukielojc:
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCiUm3Z3W3t4v7oe143rCNM/hbg9NU2bYUmQXek8DJPA4c3Xm6u0q+RL9kEXME+3zcj2HKqMxKsCBLXXdFIsgdUbOBV8AYiuySE220FTnEKRmdxsEnfSaBhXxFyIBNoew4gI7URSqAOclt5WuPJTqRM7K4VhbtzwEgeWVd/NUhxMCCtgkdJCYTSmycxmxs7R6V8vMr9Mb8DOqKkSpOu6f3JkR0lwnFN9zGGC4V/60FlJSDzvvI5Tn40ANPHITivs8xME0znsx7t0bF4vQUimvhYn1mumQCY1NwIaxJ/QqasD6Ag9Sn5dxSg9b3SeLn0JM6qKoIqZtfPYVuCp9gmlH0fyzJUdqu4lKKb2wBw/H5lK6icH4+owMawkav55rbvinHQOqmVCr/Bg/rTfc35ycVqjTXH/5J7OhzioKjU0yFkXFS2X/s8gpyxp3beJ+Ea4faoX+kcs0gyhMYzqC7/DOamrau7aVyEAjKYJNy60xRfjCQzjqiurbxVFh+3Fi64UUn7Bl1QV8VEiU3ztJ118psEI7zA+x2VROLZ1jrtaBYZTYB118JZicaFDycEVgg3+BHX3pFH/QSOjLsA4SK+HJjSz8CFKvWwaO6QJv1/3KHpcGEacMvmqKxwpQK0E4WpjWhglZRMPObQ0dBaGClOujgoOIHXtFGILEpWy2SdzDQkHw== kszukielojc@w541
+ bkupidura:
+ key: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAfsAyuh1O+SfVRgddjQ8nByz2nNzXm71sP9FAPi5G5WoJA7El3fdrOWsG5bj5kQveVZj/M4qlETajcxMLwaFQd36nS4C0WjmzfoX2i6X+iWHFH/L/ha0UaDclfYkuGdxtCeYRakJ0Xqsm0vNuMpGhIGQP8j+OSLK0Q9pnrd1md+jrxx6JS1MXM5iUh+zU4roklrGy75WQvDJcCD3miVnktJsjb2hda8cIxkRf+l88xPm5TcC82cVAWpXF91+kUVdcHiB1D13t0IDEL6BdeUHffQij1++9x6JUukIEVDoP8Ot6DC16cbma4H9ssjdc9vnTGJjsZiu7Am+BNLKD4zsMnuSqWWfPYzQuoG5HZlyonzQIYncxo98LsHLRtrEE/CWnnO+jrd8Zfe9nAatelBgVv86UHoKEPyL666nd4UxaTiyKaXfNlvHWhfgbV67ZGRTrmllfdTmu1olOIniO706L3t3V+Zu6RjN5VjYdLegKKMo2E6XwhkMCcIg9Syi95pj8x8jFoKwjvOhb1EleuZyNHNbEvosIjAy1HsUgEo5bIwiV8K0aWIQE8VVyqyhdXOpR/Gk9UtFYsACyfCX84DjQBXp7OXIkyYt9s5N15Panml2X1CXnNgsh9M60+RvJBsFj3k8M57zcc7VAarAUKnYrI59l3cCZZVLtd4aIp8= zynzel@banshee
isviridov:
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGNZxzOm7OsZi/q6Qk71fnvjCfWk4BfxpZ5hDig6N1f9D0iAMaINyNmlF2PxstSLW0Mjdq2tXTUvVWlYpGrw+YLHQmVk8dckmLdUAxe2Z0oEvtWhiQC64927ibBTgQ2Tjfkao+PFYPbdjiO4FgRymS1/FpGKhvpdyPDCcOLrxsMSK9YpPi4kbkd4GmlGMercuaEzP3JOOzJioOOLtEw3LOLWG5mAIzXjGFxuCNdTI4gqxQm/iw/tOpb9PcsY10EapZsS4Pd8j58vuhJlwdoTxI3gzySJcTlWm0tcphex0g8X0tEUI+zVjemJcrYkZgUpb6x5/mUjNxC4nv+4A4yMTP
nzaporozhets:
diff --git a/openssh/server/team/support.yml b/openssh/server/team/support.yml
index fae16a6..f78ceac 100644
--- a/openssh/server/team/support.yml
+++ b/openssh/server/team/support.yml
@@ -10,6 +10,7 @@
- system.openssh.server.team.members.deniskostriukov
- system.openssh.server.team.members.dmitrygoloshubov
- system.openssh.server.team.members.javierdiaz
+- system.openssh.server.team.members.jorgesorondo
- system.openssh.server.team.members.josuepalmerin
- system.openssh.server.team.members.krzysztoffranckowski
- system.openssh.server.team.members.matthewroark
@@ -161,5 +162,6 @@
support3:
# It's never safe to run unlimited number of commands with sudo.
# Use with caution.
+ setenv: true
commands:
- ALL
diff --git a/postgresql/client/janitor_monkey.yml b/postgresql/client/janitor_monkey.yml
new file mode 100644
index 0000000..def9a06
--- /dev/null
+++ b/postgresql/client/janitor_monkey.yml
@@ -0,0 +1,30 @@
+classes:
+ - system.postgresql.client
+parameters:
+ _param:
+ janmonkey_db_host: ${_param:haproxy_postgresql_bind_host}
+ janmonkey_db_user: janmonkey
+ janmonkey_db_user_password: janmonkey
+ janmonkey_login_id: 12
+ janmonkey_application_id: 2
+ postgresql:
+ client:
+ server:
+ server01:
+ database:
+ janmonkey:
+ enabled: true
+ encoding: 'UTF8'
+ locale: 'en_US'
+ users:
+ - name: ${_param:janmonkey_db_user}
+ password: ${_param:janmonkey_db_user_password}
+ host: ${_param:janmonkey_db_host}
+ createdb: true
+ rights: all privileges
+ init:
+ maintenance_db: pushkin
+ force: true
+ queries:
+ - INSERT INTO login VALUES (${_param:janmonkey_login_id}, ${_param:janmonkey_application_id}) ON CONFLICT (id) DO UPDATE SET id = excluded.id;
+ - INSERT INTO device VALUES (${_param:janmonkey_application_id}, ${_param:janmonkey_login_id}, 42, 'janitor_audit_service', NULL, 1, NULL) ON CONFLICT (id) DO UPDATE SET id = excluded.id;
diff --git a/postgresql/client/security_monkey.yml b/postgresql/client/security_monkey.yml
index 43e48d2..a7a341f 100644
--- a/postgresql/client/security_monkey.yml
+++ b/postgresql/client/security_monkey.yml
@@ -5,6 +5,8 @@
secmonkey_db_host: ${_param:haproxy_postgresql_bind_host}
secmonkey_db_user: secmonkey
secmonkey_db_user_password: secmonkey
+ secmonkey_login_id: 11
+ secmonkey_application_id: 1
postgresql:
client:
server:
@@ -24,5 +26,5 @@
maintenance_db: pushkin
force: true
queries:
- - INSERT INTO login VALUES (11, 1) ON CONFLICT (id) DO UPDATE SET id = excluded.id;
- - INSERT INTO device VALUES (1, 11, 42, 'security_audit_service', NULL, 1, NULL) ON CONFLICT (id) DO UPDATE SET id = excluded.id;
+ - INSERT INTO login VALUES (${_param:secmonkey_login_id}, ${_param:secmonkey_application_id}) ON CONFLICT (id) DO UPDATE SET id = excluded.id;
+ - INSERT INTO device VALUES (${_param:secmonkey_application_id}, ${_param:secmonkey_login_id}, 42, 'security_audit_service', NULL, 1, NULL) ON CONFLICT (id) DO UPDATE SET id = excluded.id;
diff --git a/prometheus/alertmanager/notification/email.yml b/prometheus/alertmanager/notification/email.yml
new file mode 100644
index 0000000..02b44ff
--- /dev/null
+++ b/prometheus/alertmanager/notification/email.yml
@@ -0,0 +1,23 @@
+parameters:
+ prometheus:
+ alertmanager:
+ config:
+ route:
+ routes:
+ email:
+ receiver: SMTP
+ match_re:
+ - label: route
+ value: email
+ receiver:
+ SMTP:
+ enabled: true
+ email_configs:
+ smtp_server:
+ to: ${_param:alertmanager_notification_email_to}
+ from: ${_param:alertmanager_notification_email_from}
+ auth_username: ${_param:alertmanager_notification_email_username}
+ auth_password: ${_param:alertmanager_notification_email_password}
+ smarthost: ${_param:alertmanager_notification_email_host}
+ require_tls: ${_param:alertmanager_notification_email_require_tls}
+ send_resolved: true
diff --git a/prometheus/alertmanager/notification/slack.yml b/prometheus/alertmanager/notification/slack.yml
new file mode 100644
index 0000000..c33e013
--- /dev/null
+++ b/prometheus/alertmanager/notification/slack.yml
@@ -0,0 +1,18 @@
+parameters:
+ prometheus:
+ alertmanager:
+ config:
+ route:
+ routes:
+ slack:
+ receiver: HTTP-slack
+ match_re:
+ - label: route
+ value: slack
+ receiver:
+ HTTP-slack:
+ enabled: true
+ slack_configs:
+ slack-endpoint:
+ api_url: "${_param:alertmanager_notification_slack_api_url}"
+ send_resolved: true
diff --git a/reclass/storage/system/openstack_compute_multi.yml b/reclass/storage/system/openstack_compute_multi.yml
index 86092db..b319fa6 100644
--- a/reclass/storage/system/openstack_compute_multi.yml
+++ b/reclass/storage/system/openstack_compute_multi.yml
@@ -2,6 +2,8 @@
_param:
openstack_compute_node01_hostname: cmp01
openstack_compute_node02_hostname: cmp02
+ openstack_compute_node01_address: 172.16.10.105
+ openstack_compute_node02_address: 172.16.10.106
reclass:
storage:
node:
@@ -13,7 +15,7 @@
params:
salt_master_host: ${_param:reclass_config_master}
linux_system_codename: ${_param:linux_system_codename}
- single_address: 172.16.10.105
+ single_address: ${_param:openstack_compute_node01_address}
openstack_compute_node02:
name: ${_param:openstack_compute_node02_hostname}
domain: ${_param:cluster_domain}
@@ -22,4 +24,4 @@
params:
salt_master_host: ${_param:reclass_config_master}
linux_system_codename: ${_param:linux_system_codename}
- single_address: 172.16.10.106
+ single_address: ${_param:openstack_compute_node02_address}
diff --git a/reclass/storage/system/openstack_compute_single.yml b/reclass/storage/system/openstack_compute_single.yml
index 215c0e6..1b16352 100644
--- a/reclass/storage/system/openstack_compute_single.yml
+++ b/reclass/storage/system/openstack_compute_single.yml
@@ -1,6 +1,7 @@
parameters:
_param:
openstack_compute_node01_hostname: cmp01
+ openstack_compute_node01_address: 172.16.10.105
reclass:
storage:
node:
@@ -12,4 +13,4 @@
params:
salt_master_host: ${_param:reclass_config_master}
linux_system_codename: ${_param:linux_system_codename}
- single_address: 172.16.10.105
+ single_address: ${_param:openstack_compute_node01_address}
diff --git a/rundeck/client/project/cicd.yml b/rundeck/client/project/cicd.yml
index cb427d8..ed8b256 100644
--- a/rundeck/client/project/cicd.yml
+++ b/rundeck/client/project/cicd.yml
@@ -1,14 +1,17 @@
parameters:
_param:
- rundeck_cis_os_auth_url: none
- rundeck_cis_os_username: admin
- rundeck_cis_os_password: password
- rundeck_cis_os_project_name: admin
- rundeck_cis_os_domain_id: default
rundeck_cis_jobs_repository: https://gerrit.mcp.mirantis.net/oss/rundeck-cis-jobs
rundeck_cis_jobs_revision: master
- rundeck_cis_elasticsearch_url: none
+ rundeck_cis_elasticsearch_url: yourelastic:9200
rundeck_cis_os_docker_image: docker-prod-local.artifactory.mirantis.com/mirantis/oss/cis-openstack:latest
+ rundeck_cis_openstack:
+ auth_url: http://yourcloud.com:5000/v3/auth/tokens
+ username: admin
+ password: password
+ cert: plain-certificate
+ ssl_cert_file: cert.pem
+ project_name: admin
+ domain_id: default
rundeck:
client:
project:
@@ -38,21 +41,27 @@
cis/elasticsearch/url:
type: password
content: ${_param:rundeck_cis_elasticsearch_url}
- cis/openstack/auth_url:
- type: password
- content: ${_param:rundeck_cis_os_auth_url}
- cis/openstack/username:
- type: password
- content: ${_param:rundeck_cis_os_username}
- cis/openstack/password:
- type: password
- content: ${_param:rundeck_cis_os_password}
- cis/openstack/project_name:
- type: password
- content: ${_param:rundeck_cis_os_project_name}
- cis/openstack/domain_id:
- type: password
- content: ${_param:rundeck_cis_os_domain_id}
cis/openstack/image:
type: password
content: ${_param:rundeck_cis_os_docker_image}
+ cis/openstack/auth_url:
+ type: password
+ content: ${_param:rundeck_cis_openstack:auth_url}
+ cis/openstack/username:
+ type: password
+ content: ${_param:rundeck_cis_openstack:username}
+ cis/openstack/password:
+ type: password
+ content: ${_param:rundeck_cis_openstack:password}
+ cis/openstack/project_name:
+ type: password
+ content: ${_param:rundeck_cis_openstack:project_name}
+ cis/openstack/domain_id:
+ type: password
+ content: ${_param:rundeck_cis_openstack:domain_id}
+ cis/openstack/cert.pem:
+ type: password
+ content: ${_param:rundeck_cis_openstack:cert}
+ cis/openstack/cert_file:
+ type: password
+ content: ${_param:rundeck_cis_openstack:ssl_cert_file}
diff --git a/rundeck/server/docker.yml b/rundeck/server/docker.yml
index 1c89f4f..492d135 100644
--- a/rundeck/server/docker.yml
+++ b/rundeck/server/docker.yml
@@ -8,6 +8,7 @@
rundeck_postgresql_database: rundeck
rundeck_postgresql_host: ${_param:control_vip_address}
rundeck_postgresql_port: 5432
+ rundeck_server_ssh_timeout: 300000
rundeck:
server:
user:
@@ -30,3 +31,4 @@
user: ${_param:rundeck_runbook_user}
private_key: ${_param:rundeck_runbook_private_key}
public_key: ${_param:rundeck_runbook_public_key}
+ timeout: ${_param:rundeck_server_ssh_timeout}
diff --git a/salt/control/virt.yml b/salt/control/virt.yml
index 6ed8537..7556dc9 100644
--- a/salt/control/virt.yml
+++ b/salt/control/virt.yml
@@ -45,3 +45,6 @@
xxxlarge:
- system:
size: 500000
+ xxxxlarge:
+ - system:
+ size: 700000