Merge "Bring in Ceilometer OpenDaylight polling source"
diff --git a/.releasenotes/notes/salt-control-ordered-interfaces.yaml b/.releasenotes/notes/salt-control-ordered-interfaces.yaml
new file mode 100644
index 0000000..92e21f3
--- /dev/null
+++ b/.releasenotes/notes/salt-control-ordered-interfaces.yaml
@@ -0,0 +1,32 @@
+---
+fixes:
+ - |
+ When defining interfaces for kvm-quemu VMs use sorted list of interfaces
+ to avoid random NIC assignment/name.
+
+ Fixes https://mirantis.jira.com/browse/PROD-21976
+
+ Required model change on existing deployments with MCP >= 2018.7.0, update
+ `salt:virt:nic` profiles to use list with `- name:` key instead of dict:
+
+ .. code-block:: yaml
+
+ salt:
+ virt:
+ nic:
+ default:
+ eth1:
+ bridge: br-mgm
+ eth0:
+ bridge: br-ctl
+ control:
+ - name: eth1
+ bridge: br_mgm
+ model: virtio
+ - name: eth2
+ bridge: br_ctl
+ model: virtio
+ - name: eth3
+ bridge: br_proxy
+ model: virtio
+
diff --git a/galera/server/database/ssl/nova.yml b/galera/server/database/ssl/nova.yml
new file mode 100644
index 0000000..b0a87c8
--- /dev/null
+++ b/galera/server/database/ssl/nova.yml
@@ -0,0 +1,4 @@
+parameters:
+ _param:
+ mysql_nova_ssl_option:
+ - SSL: True
\ No newline at end of file
diff --git a/galera/server/database/x509/nova.yml b/galera/server/database/x509/nova.yml
new file mode 100644
index 0000000..305fafd
--- /dev/null
+++ b/galera/server/database/x509/nova.yml
@@ -0,0 +1,7 @@
+parameters:
+ _param:
+ mysql_nova_clietn_ssl_x509_subject: '/C=cz/CN=mysql-nova-client/L=Prague/O=Mirantis'
+ mysql_nova_clietn_ssl_x509_issuer: '/C=cz/CN=Salt Master CA/L=Prague/O=Mirantis'
+ mysql_nova_ssl_option:
+ - SUBJECT: ${_param:mysql_nova_clietn_ssl_x509_subject}
+ - ISSUER: ${_param:mysql_nova_clietn_ssl_x509_issuer}
\ No newline at end of file
diff --git a/glusterfs/client/volume/keystone.yml b/glusterfs/client/volume/keystone.yml
index a93c0c1..f0a6e30 100644
--- a/glusterfs/client/volume/keystone.yml
+++ b/glusterfs/client/volume/keystone.yml
@@ -1,3 +1,5 @@
+classes:
+- system.linux.system.users.keystone
parameters:
_param:
keystone_glusterfs_service_host: ${_param:glusterfs_service_host}
@@ -20,20 +22,3 @@
user: keystone
group: keystone
opts: "defaults,backup-volfile-servers=${_param:glusterfs_node01_address}:${_param:glusterfs_node02_address}:${_param:glusterfs_node03_address}"
- linux:
- system:
- user:
- keystone:
- enabled: true
- name: keystone
- home: /var/lib/keystone
- uid: 301
- gid: 301
- shell: /bin/false
- system: True
- group:
- keystone:
- enabled: true
- name: keystone
- gid: 301
- system: True
diff --git a/horizon/server/cluster.yml b/horizon/server/cluster.yml
index a68ab12..1d1f5eb 100644
--- a/horizon/server/cluster.yml
+++ b/horizon/server/cluster.yml
@@ -2,6 +2,7 @@
- service.keepalived.cluster.single
- service.horizon.server.cluster
- service.haproxy.proxy.single
+- system.apache.server.single
- system.haproxy.proxy.listen.openstack.horizon
- system.memcached.server.single
parameters:
@@ -15,4 +16,7 @@
plugin: {}
session:
engine: "cache"
-
+ apache:
+ server:
+ modules:
+ - wsgi
diff --git a/horizon/server/single.yml b/horizon/server/single.yml
index 2b59f52..2555a50 100644
--- a/horizon/server/single.yml
+++ b/horizon/server/single.yml
@@ -1,5 +1,6 @@
classes:
- service.horizon.server.single
+- system.apache.server.single
- system.memcached.server.single
parameters:
_param:
@@ -13,4 +14,7 @@
plugin: {}
session:
engine: "cache"
-
+ apache:
+ server:
+ modules:
+ - wsgi
diff --git a/jenkins/client/approved_scripts.yml b/jenkins/client/approved_scripts.yml
index 65db576..0dc20b0 100644
--- a/jenkins/client/approved_scripts.yml
+++ b/jenkins/client/approved_scripts.yml
@@ -66,6 +66,7 @@
- method java.util.regex.MatchResult group int
- method java.util.regex.MatchResult groupCount
- method java.util.regex.Matcher find
+ - method java.util.regex.Matcher group java.lang.String
- method java.util.regex.Matcher matches
- method java.util.regex.Pattern matcher java.lang.CharSequence
- method java.util.stream.Stream collect java.util.stream.Collector
@@ -84,6 +85,7 @@
- new groovy.json.JsonSlurperClassic
- new groovy.util.XmlParser
- new java.io.File java.lang.String
+ - new java.io.File java.lang.String java.lang.String
- new java.io.IOException java.lang.String
- new java.io.OutputStreamWriter java.io.OutputStream
- new java.lang.Exception java.lang.String
diff --git a/jenkins/client/job/debian/packages/salt-multi.yml b/jenkins/client/job/debian/packages/salt-multi.yml
index e185b60..b58b801 100644
--- a/jenkins/client/job/debian/packages/salt-multi.yml
+++ b/jenkins/client/job/debian/packages/salt-multi.yml
@@ -63,7 +63,7 @@
upload_source_package: true
dist: xenial
- name: swift
- upload_source_package: true
+ upload_source_package: false
dist: xenial
template:
discard:
diff --git a/jenkins/client/job/deploy/update/upgrade_mcp_release.yml b/jenkins/client/job/deploy/update/upgrade_mcp_release.yml
index 5968245..18f5646 100644
--- a/jenkins/client/job/deploy/update/upgrade_mcp_release.yml
+++ b/jenkins/client/job/deploy/update/upgrade_mcp_release.yml
@@ -47,4 +47,8 @@
UPDATE_LOCAL_REPOS:
type: boolean
default: 'false'
- description: "Use only when local repositories are present."
\ No newline at end of file
+ description: "Use only when local repositories are present."
+ PIPELINE_TIMEOUT:
+ type: string
+ default: '12'
+ description: "Sets pipeline timeout in hours. Defaults to '12' if left empty."
\ No newline at end of file
diff --git a/jenkins/client/job/docker/opencontrail.yml b/jenkins/client/job/docker/opencontrail.yml
index b5052de..0e4f40a 100644
--- a/jenkins/client/job/docker/opencontrail.yml
+++ b/jenkins/client/job/docker/opencontrail.yml
@@ -6,7 +6,11 @@
name: "docker-build-images-opencontrail-{{version}}"
jobs:
- version: oc40
+ branch: master
- version: oc41
+ branch: master
+ - version: oc50
+ branch: R5.0
template:
discard:
build:
@@ -24,7 +28,7 @@
project:
"mk/docker-opencontrail":
branches:
- - master
+ - "{{branch}}"
event:
ref:
- updated: {}
@@ -44,6 +48,9 @@
IMAGE_CREDENTIALS_ID:
type: string
default: "gerrit"
+ IMAGE_BRANCH:
+ type: string
+ default: "{{branch}}"
APT_KEY:
type: string
default: "${_param:jenkins_aptly_url}/public.gpg"
diff --git a/jenkins/client/job/oscore/qa.yml b/jenkins/client/job/oscore/qa.yml
index 13d0e76..f076a78 100644
--- a/jenkins/client/job/oscore/qa.yml
+++ b/jenkins/client/job/oscore/qa.yml
@@ -70,8 +70,8 @@
project:
mcp/{{oscore-qa-project}}:
branches:
- - compare_type: "PLAIN"
- name: "master"
+ - master
+ - pike
event:
patchset:
- created
diff --git a/jenkins/client/job/oscore/salt_virtual_models.yml b/jenkins/client/job/oscore/salt_virtual_models.yml
index f315b3d..49ef6df 100644
--- a/jenkins/client/job/oscore/salt_virtual_models.yml
+++ b/jenkins/client/job/oscore/salt_virtual_models.yml
@@ -109,6 +109,30 @@
type: boolean
description: Whether to use container with rally
default: "false"
+ TEST_PASS_THRESHOLD:
+ type: string
+ description: Tests pass rate to consider build successful
+ default: "96"
+ FAIL_ON_TESTS:
+ type: boolean
+ default: 'true'
+ description: Whether to fail build on test results
+ TEST_PATTERN:
+ type: string
+ description: Run tests matched to pattern only
+ default: ''
+ TEST_MILESTONE:
+ type: string
+ description: Product milestone
+ default: 'MCP1.1'
+ TESTRAIL:
+ type: boolean
+ description: Whether to upload results to testrail or not
+ default: "false"
+ OPENSTACK_VERSION:
+ type: string
+ description: Version of openstack to test
+ default: ""
scm:
script: test-virtual-model-pipeline.groovy
type: git
diff --git a/jenkins/client/job/oscore/tests.yml b/jenkins/client/job/oscore/tests.yml
index 07ff243..f4fb7e0 100644
--- a/jenkins/client/job/oscore/tests.yml
+++ b/jenkins/client/job/oscore/tests.yml
@@ -35,10 +35,6 @@
type: string
description: Version of openstack to test
default: "{{openstack_version}}"
- PROJECT:
- type: string
- description: Project to test
- default: "all"
STACK_TEST_JOB:
type: string
description: Job for environment deployment
@@ -178,10 +174,6 @@
type: string
description: Version of openstack to test
default: "{{openstack_version}}"
- PROJECT:
- type: string
- description: Project to test
- default: "all"
STACK_TEST_JOB:
type: string
description: Job for environment deployment
@@ -312,9 +304,6 @@
OPENSTACK_VERSION:
type: string
description: Version of openstack to test
- PROJECT:
- type: string
- description: Name of project being tested
PROC_RESULTS_JOB:
type: string
description: Job for results processing
diff --git a/jenkins/client/job/salt-formulas/tests.yml b/jenkins/client/job/salt-formulas/tests.yml
index d1dc00b..f2ef200 100644
--- a/jenkins/client/job/salt-formulas/tests.yml
+++ b/jenkins/client/job/salt-formulas/tests.yml
@@ -183,6 +183,7 @@
RUN_TEST_IN_DOCKER:
type: boolean
description: "Run test stage in docker environment"
+ default: 'true'
SMOKE_TEST_DOCKER_IMG:
type: string
default: "ubuntu:16.04"
diff --git a/jenkins/client/job/salt-models/generate.yml b/jenkins/client/job/salt-models/generate.yml
index 39af9b8..73f815d 100644
--- a/jenkins/client/job/salt-models/generate.yml
+++ b/jenkins/client/job/salt-models/generate.yml
@@ -32,8 +32,8 @@
type: string
TEST_MODEL:
type: boolean
- default: false
+ default: true
RECLASS_VERSION:
type: string
default: 'v1.5.4'
- description: "Version (branch) of Reclass we will use"
+ description: "Version (branch) of Reclass we will use.pip+git package"
diff --git a/jenkins/client/job/validate.yml b/jenkins/client/job/validate.yml
index a020a73..112cb3d 100644
--- a/jenkins/client/job/validate.yml
+++ b/jenkins/client/job/validate.yml
@@ -206,12 +206,12 @@
description: e.g. skipped_nodes=nal01.local.com,ntw01.local.com
TESTS_SET:
type: string
- default: "cvp-sanity-check/cvp_checks/tests/"
- description: Leave empty for full run or choose a file, e.g. test_mtu.py
+ default: "cvp-sanity-checks/cvp_checks/tests/"
+ description: "Leave as is for full run or add a filename, e.g. _default_path_/test_mtu.py"
PROXY:
type: string
default: ""
- description: Proxy address to clone repo and install python requirements
+ description: "Proxy address to use to access the Internet. For offline mode, use \"offline\" value."
cvp-func:
type: workflow-scm
name: cvp-func
@@ -246,7 +246,7 @@
description: Credentials to the Salt API
TEST_IMAGE:
type: string
- default: "xrally/xrally-openstack:0.9.1"
+ default: "xrally/xrally-openstack:0.9.2"
description: Docker image to use for running Rally/Tempest
TARGET_NODE:
type: string
@@ -255,7 +255,7 @@
PROXY:
type: string
default: ""
- description: Proxy address to clone repo and install python requirements
+ description: "Proxy address to use to access the Internet. For offline mode, use \"offline\" value."
TEMPEST_TEST_PATTERN:
type: string
default: "set=smoke"
@@ -309,7 +309,7 @@
description: Node where container with tempest will be run
TEST_IMAGE:
type: string
- default: "xrally/xrally-openstack:0.9.1"
+ default: "xrally/xrally-openstack:0.9.2"
description: Docker image to use for running Rally/Tempest
TARGET_NODES:
type: string
@@ -330,7 +330,7 @@
PROXY:
type: string
default: ""
- description: Proxy address to clone repo and install python requirements
+ description: "Proxy address to use to access the Internet. For offline mode, use \"offline\" value."
TEMPEST_TEST_PATTERN:
type: string
default: "set=smoke"
@@ -373,7 +373,7 @@
description: Path to scenario file in container
TEST_IMAGE:
type: string
- default: "xrally/xrally-openstack:0.9.1"
+ default: "xrally/xrally-openstack:0.9.2"
description: Docker image to use for running Rally/Tempest
SALT_MASTER_URL:
type: string
@@ -390,9 +390,11 @@
TOOLS_REPO:
type: string
default: "https://github.com/Mirantis/cvp-configuration"
+ description: URL of repo where testing tools, scenarios, configs are located.
PROXY:
type: string
default: ""
+ description: "Proxy address to use to access the Internet. For offline mode, use \"offline\" value."
cvp-stacklight:
type: workflow-scm
name: cvp-stacklight
@@ -419,7 +421,7 @@
default: "salt"
TESTS_REPO:
type: string
- default: "https://github.com/legan4ik/stacklight-pytest"
+ default: "https://github.com/Mirantis/stacklight-pytest -b cvp_stacklight"
description: Url for cvp-stacklight-tests
TESTS_SETTINGS:
type: string
@@ -428,11 +430,11 @@
TESTS_SET:
type: string
default: "stacklight-pytest/stacklight_tests/tests/prometheus/"
- description: "Leave empty for full run or choose a file, e.g. test_dashboards.py"
+ description: "Leave as is for full run or add a filename, e.g. _default_path_/test_dashboards.py"
PROXY:
type: string
default: ""
- description: Proxy address to clone repo and install python requirements
+ description: "Proxy address to use to access the Internet. For offline mode, use \"offline\" value."
cvp-spt:
type: workflow-scm
name: cvp-spt
@@ -468,8 +470,8 @@
TESTS_SET:
type: string
default: "cvp-spt/cvp_spt/tests/"
- description: "Leave empty for full run or choose a file, e.g. test_glance.py"
+ description: "Leave as is for full run or add a filename, e.g. _default_path_/test_glance.py"
PROXY:
type: string
default: ""
- description: Proxy address to clone repo and install python requirements
+ description: "Proxy address to use to access the Internet. For offline mode, use \"offline\" value."
diff --git a/keystone/server/cluster.yml b/keystone/server/cluster.yml
index 7e6980b..4c24975 100644
--- a/keystone/server/cluster.yml
+++ b/keystone/server/cluster.yml
@@ -3,6 +3,7 @@
- service.keepalived.cluster.single
- system.haproxy.proxy.listen.openstack.keystone
- system.haproxy.proxy.listen.openstack.keystone.standalone
+- system.linux.system.users.keystone
parameters:
_param:
keystone_tokens_expiration: 3600
diff --git a/keystone/server/fernet_rotation/cluster.yml b/keystone/server/fernet_rotation/cluster.yml
new file mode 100644
index 0000000..e09b8e9
--- /dev/null
+++ b/keystone/server/fernet_rotation/cluster.yml
@@ -0,0 +1,20 @@
+parameters:
+ keystone:
+ server:
+ tokens:
+ fernet_sync_nodes_list:
+ sync_node01:
+ name: ${_param:openstack_control_node02_hostname}
+ enabled: True
+ sync_node02:
+ name: ${_param:openstack_control_node03_hostname}
+ enabled: True
+ fernet_rotation_driver: rsync
+ linux:
+ system:
+ job:
+ keystone_fernet_rotate_rsync:
+ command: '/var/lib/keystone/fernet_keys_rotate.sh -rs >> /var/log/keystone/fernet_rotate.log 2>> /var/log/keystone/fernet_rotate.log'
+ enabled: true
+ user: keystone
+ minute: 0
diff --git a/keystone/server/fernet_rotation/single.yml b/keystone/server/fernet_rotation/single.yml
new file mode 100644
index 0000000..3aa2add
--- /dev/null
+++ b/keystone/server/fernet_rotation/single.yml
@@ -0,0 +1,13 @@
+parameters:
+ keystone:
+ server:
+ tokens:
+ fernet_rotation_driver: rsync
+ linux:
+ system:
+ job:
+ keystone_fernet_rotate_rsync:
+ command: '/var/lib/keystone/fernet_keys_rotate.sh -r >> /var/log/keystone/fernet_rotate.log 2>> /var/log/keystone/fernet_rotate.log'
+ enabled: true
+ user: keystone
+ minute: 0
diff --git a/keystone/server/single.yml b/keystone/server/single.yml
index 2b1e89e..68a29a7 100644
--- a/keystone/server/single.yml
+++ b/keystone/server/single.yml
@@ -1,5 +1,6 @@
classes:
- service.keystone.server.single
+- system.linux.system.users.keystone
parameters:
_param:
keystone_service_token: token
diff --git a/kubernetes/common.yml b/kubernetes/common.yml
index 2dbccc4..218450a 100644
--- a/kubernetes/common.yml
+++ b/kubernetes/common.yml
@@ -1,21 +1,22 @@
parameters:
_param:
- kubernetes_calico_calicoctl_repo: docker-prod-virtual.docker.mirantis.net/mirantis/projectcalico/calico
- kubernetes_calico_repo: docker-prod-virtual.docker.mirantis.net/mirantis/projectcalico/calico
- kubernetes_calico_cni_repo: docker-prod-virtual.docker.mirantis.net/mirantis/projectcalico/calico
- kubernetes_hyperkube_repo: docker-prod-virtual.docker.mirantis.net/mirantis/kubernetes
- kubernetes_contrail_cni_repo: docker-prod-virtual.docker.mirantis.net/mirantis/kubernetes
- kubernetes_contrail_network_controller_repo: docker-prod-virtual.docker.mirantis.net/mirantis/kubernetes/contrail-integration
+ kubernetes_calico_calicoctl_repo: docker-prod-local.artifactory.mirantis.com/mirantis/projectcalico/calico
+ kubernetes_calico_repo: docker-prod-local.artifactory.mirantis.com/mirantis/projectcalico/calico
+ kubernetes_calico_cni_repo: docker-prod-local.artifactory.mirantis.com/mirantis/projectcalico/calico
+ kubernetes_hyperkube_repo: docker-prod-local.artifactory.mirantis.com/mirantis/kubernetes
+ kubernetes_contrail_cni_repo: docker-prod-local.artifactory.mirantis.com/mirantis/kubernetes
+ kubernetes_contrail_network_controller_repo: docker-prod-local.artifactory.mirantis.com/mirantis/kubernetes/contrail-integration
kubernetes_netchecker_agent_repo: mirantis
kubernetes_netchecker_server_repo: mirantis
kubernetes_virtlet_repo: mirantis
kubernetes_kubedns_repo: gcr.io/google_containers
kubernetes_externaldns_repo: mirantis
- kubernetes_genie_repo: https://artifactory.mcp.mirantis.net/artifactory/binary-prod-local/mirantis/kubernetes/cni-genie
+ kubernetes_genie_repo: https://docker-prod-local.artifactory.mirantis.com/artifactory/binary-prod-local/mirantis/kubernetes/cni-genie
kubernetes_flannel_repo: quay.io/coreos
kubernetes_metallb_repo: metallb
- kubernetes_sriov_repo: https://artifactory.mcp.mirantis.net/artifactory/binary-prod-local/mirantis/kubernetes/sriov-cni
- kubernetes_cniplugins_repo: https://artifactory.mcp.mirantis.net/artifactory/binary-prod-local/mirantis/kubernetes/containernetworking-plugins
+ kubernetes_sriov_repo: https://docker-prod-local.artifactory.mirantis.com/artifactory/binary-prod-local/mirantis/kubernetes/sriov-cni
+ kubernetes_cniplugins_repo: https://docker-prod-local.artifactory.mirantis.com/artifactory/binary-prod-local/mirantis/kubernetes/containernetworking-plugins
+ kubernetes_dashboard_repo: k8s.gcr.io
# component docker images
kubernetes_docker_package: docker-engine=1.13.1-0~ubuntu-xenial
@@ -45,8 +46,10 @@
kubernetes_sriov_source_hash: md5=c0cc33202afd02e4cc44b977a8faf6e7
kubernetes_cniplugins_source: ${_param:kubernetes_cniplugins_repo}/cni-plugins_v0.7.1-48-g696b1f9.tar.gz
kubernetes_cniplugins_source_hash: md5=5ec1cf5e989097c6127ea5365e277b02
+ kubernetes_dashboard_image: ${_param:kubernetes_dashboard_repo}/kubernetes-dashboard-amd64:v1.8.3
kubelet_fail_on_swap: true
+ kubernetes_dashboard_enabled: true
kubernetes_kubedns_enabled: true
kubernetes_externaldns_enabled: false
kubernetes_coredns_enabled: false
@@ -79,6 +82,9 @@
source: ${_param:kubernetes_cniplugins_source}
hash: ${_param:kubernetes_cniplugins_source_hash}
addons:
+ dashboard:
+ enabled: ${_param:kubernetes_dashboard_enabled}
+ image: ${_param:kubernetes_dashboard_image}
dns:
enabled: ${_param:kubernetes_kubedns_enabled}
kubedns_image: ${_param:kubernetes_kubedns_image}
diff --git a/linux/system/banner.yml b/linux/system/banner.yml
index 173a044..55b417f 100644
--- a/linux/system/banner.yml
+++ b/linux/system/banner.yml
@@ -8,9 +8,9 @@
contents: |
=================================== WARNING ====================================
You have accessed a computer managed by ${_param:banner_company_name}.
- You are required to have authorisation from ${_param:banner_company_name}
+ You are required to have authorization from ${_param:banner_company_name}
before you proceed and you are strictly limited to use set out within that
- authorisation. Unauthorised access to or misuse of this system is prohibited
+ authorization. Unauthorized access to or misuse of this system is prohibited
and constitutes an offence under the Computer Misuse Act 1990.
If you disclose any information obtained through this system without authority
${_param:banner_company_name} may take legal action against you.
diff --git a/linux/system/motd/static.yml b/linux/system/motd/static.yml
index c0e23c0..831a84e 100644
--- a/linux/system/motd/static.yml
+++ b/linux/system/motd/static.yml
@@ -6,9 +6,9 @@
motd: |
=================================== WARNING ====================================
You have accessed a computer managed by ${_param:motd_company_name}.
- You are required to have authorisation from ${_param:motd_company_name}
+ You are required to have authorization from ${_param:motd_company_name}
before you proceed and you are strictly limited to use set out within that
- authorisation. Unauthorised access to or misuse of this system is prohibited
+ authorization. Unauthorized access to or misuse of this system is prohibited
and constitutes an offence under the Computer Misuse Act 1990.
If you disclose any information obtained through this system without
authority ${_param:motd_company_name} may take legal action against you.
diff --git a/linux/system/users/keystone.yml b/linux/system/users/keystone.yml
new file mode 100644
index 0000000..14e38dd
--- /dev/null
+++ b/linux/system/users/keystone.yml
@@ -0,0 +1,18 @@
+parameters:
+ linux:
+ system:
+ user:
+ keystone:
+ enabled: true
+ name: keystone
+ home: /var/lib/keystone
+ uid: 301
+ gid: 301
+ shell: /bin/false
+ system: True
+ group:
+ keystone:
+ enabled: true
+ name: keystone
+ gid: 301
+ system: True
diff --git a/nginx/server/proxy/openstack_web.yml b/nginx/server/proxy/openstack_web.yml
index ad5ffea..b85527f 100644
--- a/nginx/server/proxy/openstack_web.yml
+++ b/nginx/server/proxy/openstack_web.yml
@@ -36,3 +36,7 @@
host:
name: ${_param:nginx_proxy_openstack_web_host}
port: 80
+ apache:
+ server:
+ bind:
+ listen_default_ports: false
diff --git a/openssh/server/team/mcp_qa.yml b/openssh/server/team/mcp_qa.yml
index b22272a..38e19c3 100644
--- a/openssh/server/team/mcp_qa.yml
+++ b/openssh/server/team/mcp_qa.yml
@@ -156,6 +156,13 @@
full_name: Artem Minasyan
home: /home/aminasyan
email: aminasyan@mirantis.com
+ imenkov:
+ enabled: true
+ name: imenkov
+ sudo: true
+ full_name: Ilya Menkov
+ home: /home/imenkov
+ email: imenkov@mirantis.com
group:
libvirtd:
enabled: true
@@ -284,6 +291,11 @@
public_keys:
- ${public_keys:aminasyan}
user: ${linux:system:user:aminasyan}
+ imenkov:
+ enable: true
+ public_keys:
+ - ${public_keys:imenkov}
+ user: ${linux:system:user:imenkov}
public_keys:
ddmitriev:
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDuD4wJ8hzkchQ0pfgdwWukQyps1xYRfHOsjosmDu/mmgaXVud5mnpwb2q35E2YYTox2mx+ulJqyS+099gz6MPg4P8D5qdMuRbAsJqbceLaaIGQhdT8qgSo7ESrl5pwvYnfWzKLKF0z5s7nrW0nvArC40zhV9o9XpvzzzSFByepWfkwA8ReldGUYVvTKp8YXaCrqEdMZrU42adPM2nl+fYBbGF+h4/Ka247aVjPeER0blV3znFXbv2Kf38G+i/TEGaktgpBdtGGDi1tX2loMypmTJeqZRJnM0Eoly0BnynB7CSxn11eoIXBUe1mVYNqmQd1hw6uh59iymhK5j939v9J ddmitriev@dis_xcom
@@ -333,4 +345,6 @@
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYj97WGfiL550eVPyQmFyrgpTw61tfins1CpgrZewWqAWJMgYklRdMYl4OReE5UO2po7ag0f/QsOtGU8aQbnxnWUYPZyS3Qk+Bg8OOSBmewPxmT7WH97KdGKBdC9b3xUNFOUXEUOMmOe3jq9YET+xebUnfsA5qwYU5dL9Cb5UAPzVxYI8z5RiaNTo8dtwZr7lbJJRy8YfSWCtiD59vewc6BE2NTUyDjsfmKd9K/IkyKboGU9AC5mLYDsjvWwiGcNdfigRyaYWKmoo7Xhe1W2Og4dpI5pozOwVg7hISW9NRgLXrZP/9me1rFBH7EQjpjO3+Pto1//R3Nx9QLsB59yuj snovikov@snovikov
aminasyan:
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCo9BHw8WdIFOEuY10XvUqHPl1jCqtA8TYntt5Aee2rR8X8pLG9lWjHPFkNArD5upCRvv6f88Xs4QLoEGWMWcbfMkJE4gMNkOWL4As5iNgagw+DybQrA6nXyassHi8le+quwICfJ1v16IXxPgMBCcrRcSYvHKv+n8KsuBH1csRnJ8aHvIZJTL43Eq0F+aj2S0/9D+m2dyRwcmamn6EqX61NfL5UP3422i4JykTXY6I8iwEHs7Er+jPBD7rtJ/q4Kn/bIyT/Vz0tGHiWyVt7B8GBoPb3PgDuzXKvU7OtOxFb3uhANeecjzIz5G5rAsAQcizf+MGCOoBwFLFJTPAharWN artem@Artem
+ imenkov:
+ key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSWoSuHV1FNRuooS3d0nVkTRCwC+Tc585Z1cPcMQns7H1ogLIya//T3gMfxINxCjlF1eek18vI9B5QszZZUL2P7prFxe5EJlt6iM8jD61umkncaTbx6oc8r8xu5ufH9RDxfKHvQX1mhhID5JK+/GoRDIW5Zs7wFSHCrANYV2dtmOfmRSc/qpgh87Z9X10UDymp5MLjpQZzjM+qZCtz6yV14m835j4eiEN7+QZ2XZ/Wtzer7VVdhtjbw8gESSyuPIVf66keuLVUixk0CXosQYrqWDPWpT0Rhh63lnUacgplh74TU+bb+vYRjIHxCgOY2Ex6Pk5jrsroi0YoWtI4SErD imenkov@atopilin-nb-wifi.srt.mirantis.net
diff --git a/openssh/server/team/members/pbasov.yml b/openssh/server/team/members/pbasov.yml
new file mode 100644
index 0000000..567f1cd
--- /dev/null
+++ b/openssh/server/team/members/pbasov.yml
@@ -0,0 +1,19 @@
+parameters:
+ linux:
+ system:
+ user:
+ pbasov:
+ enabled: true
+ name: pbasov
+ sudo: ${_param:linux_system_user_sudo}
+ full_name: Pavel Basov
+ home: /home/pbasov
+ email: pbasov@mirantis.com
+ openssh:
+ server:
+ user:
+ pbasov:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6cHg1SvsxWp5tD0Ee7nl4pyW9cLO/ZQYYxUYa2zSn/RWFm9BFuy1VwkJiYCIvk0lTXfKQMiO10mKm2xFC3VT0vpTSGIYDh4oxDu0FpIaTmXX3ULVdLNwWvrkHoPkIbPy1nUYlJQ+9PEh6KWkbxeYXFxVPoouWkDwshF63GrRA7Pyg2CuVn/FEA+ldSeq7mp/kkOWvlKXpJzvKXt4A/6odOCUiCnX//CWreHCnfCV3KsteyBc+UP2ql6wpEXmIIYdrOF0O3ofqRPTx6ivIOGGDuYB6e/XDivoEBPWNcLYcr9d5HKOTgRE6xF2Q1ElzpbvAY4AS+kggEjIgImiB3TxX pbasov@mirantis.com
+ user: ${linux:system:user:pbasov}
diff --git a/openssh/server/team/services.yml b/openssh/server/team/services.yml
index c2f4e28..3116d90 100644
--- a/openssh/server/team/services.yml
+++ b/openssh/server/team/services.yml
@@ -19,6 +19,7 @@
- system.openssh.server.team.members.dstremkouski
- system.openssh.server.team.members.mchernik
- system.openssh.server.team.members.hkraemer
+- system.openssh.server.team.members.pbasov
parameters:
_param:
linux_system_user_sudo: true
diff --git a/reclass/storage/system/openstack_telemetry_cluster.yml b/reclass/storage/system/openstack_telemetry_cluster.yml
index c33a8db..4c688a8 100644
--- a/reclass/storage/system/openstack_telemetry_cluster.yml
+++ b/reclass/storage/system/openstack_telemetry_cluster.yml
@@ -18,6 +18,8 @@
single_address: ${_param:openstack_telemetry_node01_address}
keepalived_vip_priority: 103
openstack_node_role: primary
+ ceilometer_create_gnocchi_resources: true
+ redis_cluster_role: 'master'
openstack_telemetry_node02:
name: ${_param:openstack_telemetry_node02_hostname}
domain: ${_param:cluster_domain}
@@ -29,6 +31,7 @@
single_address: ${_param:openstack_telemetry_node02_address}
keepalived_vip_priority: 102
openstack_node_role: secondary
+ redis_cluster_role: 'slave'
openstack_telemetry_node03:
name: ${_param:openstack_telemetry_node03_hostname}
domain: ${_param:cluster_domain}
@@ -40,3 +43,4 @@
single_address: ${_param:openstack_telemetry_node03_address}
keepalived_vip_priority: 101
openstack_node_role: secondary
+ redis_cluster_role: 'slave'
diff --git a/salt/control/virt.yml b/salt/control/virt.yml
index 0bbb7fa..05bf23d 100644
--- a/salt/control/virt.yml
+++ b/salt/control/virt.yml
@@ -62,4 +62,4 @@
size: 4000000
xxxxhuge:
- system:
- size: 5000000
\ No newline at end of file
+ size: 5000000
diff --git a/salt/master/formula/pkg/openstack.yml b/salt/master/formula/pkg/openstack.yml
index 381ae1a..4717682 100644
--- a/salt/master/formula/pkg/openstack.yml
+++ b/salt/master/formula/pkg/openstack.yml
@@ -34,6 +34,9 @@
glusterfs:
source: pkg
name: salt-formula-glusterfs
+ gnocchi:
+ source: pkg
+ name: salt-formula-gnocchi
designate:
source: pkg
name: salt-formula-designate
@@ -82,6 +85,9 @@
opencontrail:
source: pkg
name: salt-formula-opencontrail
+ panko:
+ source: pkg
+ name: salt-formula-panko
python:
source: pkg
name: salt-formula-python
@@ -97,6 +103,3 @@
supervisor:
source: pkg
name: salt-formula-supervisor
- swift:
- source: pkg
- name: salt-formula-swift
diff --git a/salt/minion/cert/mysql/clients/openstack/nova.yml b/salt/minion/cert/mysql/clients/openstack/nova.yml
new file mode 100644
index 0000000..154a553
--- /dev/null
+++ b/salt/minion/cert/mysql/clients/openstack/nova.yml
@@ -0,0 +1,27 @@
+parameters:
+ _param:
+ salt_minion_ca_host: cfg01.${_param:cluster_domain}
+ salt_minion_ca_authority: salt_master_ca
+ mysql_nova_client_ssl_key_file: /etc/pki/mysql-nova-client/client-key.pem
+ mysql_nova_client_ssl_cert_file: /etc/pki/mysql-nova-client/client-cert.pem
+ mysql_nova_ssl_ca_file: /etc/pki/mysql-nova-client/ca-cert.pem
+ salt:
+ minion:
+ cert:
+ mysql-nova-client:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: mysql-nova-client
+ signing_policy: cert_client
+ alternative_names: >
+ IP:${_param:cluster_local_address},
+ DNS:${_param:cluster_local_address},
+ DNS:${linux:system:name},
+ DNS:${linux:network:fqdn}
+ key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+ key_file: ${_param:mysql_nova_client_ssl_key_file}
+ cert_file: ${_param:mysql_nova_client_ssl_cert_file}
+ ca_file: ${_param:mysql_nova_ssl_ca_file}
+ user: nova
+ group: nova
+ mode: 640
\ No newline at end of file