Merge "Add support for ssh jenkins slaves" into release/proposed/2019.2.0
diff --git a/defaults/docker_images.yml b/defaults/docker_images.yml
index 16016a5..a6c0e8d 100644
--- a/defaults/docker_images.yml
+++ b/defaults/docker_images.yml
@@ -13,7 +13,7 @@
# phpldapadmin:0.6.12
docker_image_phpldapadmin: "${_param:mcp_docker_registry}/mirantis/cicd/phpldapadmin:${_param:mcp_version}"
# gerrit:2.13.6
- docker_image_gerrit: "${_param:mcp_docker_registry}/mirantis/cicd/gerrit:${_param:mcp_version}"
+ docker_image_gerrit: "${_param:mcp_docker_registry}/mirantis/cicd/gerrit:2019.2.5"
# mysql:5.6
docker_image_mysql: "${_param:mcp_docker_registry}/mirantis/cicd/mysql:${_param:mcp_version}"
# jenkins:2.150.3
@@ -47,7 +47,7 @@
docker_image_keycloak_server: "${_param:mcp_docker_registry}/mirantis/external/jboss/keycloak:4.5.0.Final"
docker_image_keycloak_proxy: "${_param:mcp_docker_registry}/mirantis/external/jboss/keycloak:3.4.2.Final"
# CVP
- docker_image_cvp_sanity_checks: ${_param:mcp_docker_registry}/mirantis/cvp/cvp-sanity-checks:2019.2.4
+ docker_image_cvp_sanity_checks: ${_param:mcp_docker_registry}/mirantis/cvp/cvp-sanity-checks:2019.2.5
docker_image_cvp_shaker_checks: ${_param:mcp_docker_registry}/mirantis/cvp/cvp-shaker:2019.2.3
# aptly
docker_image_aptly:
diff --git a/docker/swarm/stack/gerrit.yml b/docker/swarm/stack/gerrit.yml
index c164d75..14325a5 100644
--- a/docker/swarm/stack/gerrit.yml
+++ b/docker/swarm/stack/gerrit.yml
@@ -27,6 +27,7 @@
- ${_param:gerrit_ssh_publish_port}:29418
volumes:
- /srv/volumes/gerrit:/var/gerrit/review_site
+ - /etc/ssl/certs/java/cacerts:/etc/ssl/certs/java/cacerts:ro
depends_on:
- db
environment:
diff --git a/docker/swarm/stack/ldap.yml b/docker/swarm/stack/ldap.yml
index b785711..5130caf 100644
--- a/docker/swarm/stack/ldap.yml
+++ b/docker/swarm/stack/ldap.yml
@@ -21,13 +21,24 @@
volumes:
- /srv/volumes/openldap/database:/var/lib/ldap
- /srv/volumes/openldap/config:/etc/ldap/slapd.d
+ - ${_param:openldap_tls:keyfile}:/container/service/slapd/assets/certs/drivetrain_ldap.key:ro
+ - ${_param:openldap_tls:certfile}:/container/service/slapd/assets/certs/drivetrain_ldap.crt:ro
+ - /etc/ssl/certs/ca-${_param:salt_minion_ca_authority}.pem:/container/service/slapd/assets/certs/ca.crt:ro
+ # copy to /container/run/service to avoid issues with owning certs as openldap user
+ # https://github.com/osixia/docker-openldap/issues/59
+ command: --copy-service
environment:
HOSTNAME: ldap01.${_param:openldap_domain}
LDAP_ORGANISATION: "${_param:openldap_organisation}"
LDAP_DOMAIN: "${_param:openldap_domain}"
LDAP_ADMIN_PASSWORD: ${_param:openldap_admin_password}
LDAP_CONFIG_PASSWORD: ${_param:openldap_config_password}
- LDAP_TLS: "false"
+ LDAP_TLS: "true"
+ LDAP_TLS_VERIFY_CLIENT: try
+ LDAP_TLS_CIPHER_SUITE: NORMAL:-VERS-SSL3.0:+VERS-TLS1.2:+VERS-TLS1.1:+VERS-TLS1.0
+ LDAP_TLS_CRT_FILENAME: drivetrain_ldap.crt
+ LDAP_TLS_KEY_FILENAME: drivetrain_ldap.key
+ LDAP_TLS_CA_CRT_FILENAME: ca.crt
admin:
networks:
- ldap
diff --git a/haproxy/proxy/listen/phpldapadmin.yml b/haproxy/proxy/listen/phpldapadmin.yml
index b2b7f93..6bbb885 100644
--- a/haproxy/proxy/listen/phpldapadmin.yml
+++ b/haproxy/proxy/listen/phpldapadmin.yml
@@ -2,6 +2,9 @@
_param:
haproxy_phpldapadmin_bind_host: ${_param:haproxy_bind_address}
haproxy_phpldapadmin_bind_port: 8089
+ haproxy_phpldapadmin_ssl:
+ enabled: true
+ pem_file: /etc/haproxy/ssl/drivetrain.pem
haproxy:
proxy:
listen:
@@ -12,9 +15,13 @@
- httpclose
- httplog
balance: source
+ http_request:
+ - action: "add-header X-Forwarded-Proto https"
+ condition: "if { ssl_fc }"
binds:
- address: ${_param:haproxy_phpldapadmin_bind_host}
port: ${_param:haproxy_phpldapadmin_bind_port}
+ ssl: ${_param:haproxy_phpldapadmin_ssl}
servers:
- name: ${_param:cluster_node01_name}
host: ${_param:cluster_node01_address}
diff --git a/jenkins/client/credential/source_git.yml b/jenkins/client/credential/source_git.yml
new file mode 100644
index 0000000..ec350f0
--- /dev/null
+++ b/jenkins/client/credential/source_git.yml
@@ -0,0 +1,10 @@
+parameters:
+ _param:
+ pipeline_library_source_credentials: source_git
+ jenkins:
+ client:
+ credential:
+ source_git:
+ desc: Credentials to source git repositories for pipelines
+ username: ${_param:source_git_username}
+ password: ${_param:source_git_password}
diff --git a/jenkins/client/job/deploy/backupninja_backup.yml b/jenkins/client/job/deploy/backupninja_backup.yml
index e798e64..ab5caf0 100644
--- a/jenkins/client/job/deploy/backupninja_backup.yml
+++ b/jenkins/client/job/deploy/backupninja_backup.yml
@@ -14,7 +14,7 @@
type: git
url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
branch: "${_param:jenkins_pipelines_branch}"
- credentials: "gerrit"
+ credentials: "${_param:jenkins_gerrit_credentials}"
script: backupninja-backup-pipeline.groovy
param:
SALT_MASTER_CREDENTIALS:
diff --git a/jenkins/client/job/deploy/backupninja_restore.yml b/jenkins/client/job/deploy/backupninja_restore.yml
index 664aa26..192f5dc 100644
--- a/jenkins/client/job/deploy/backupninja_restore.yml
+++ b/jenkins/client/job/deploy/backupninja_restore.yml
@@ -15,7 +15,7 @@
type: git
url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
branch: "${_param:jenkins_pipelines_branch}"
- credentials: "gerrit"
+ credentials: "${_param:jenkins_gerrit_credentials}"
script: backupninja-restore-pipeline.groovy
param:
SALT_MASTER_CREDENTIALS:
diff --git a/jenkins/client/job/deploy/kqueen.yml b/jenkins/client/job/deploy/kqueen.yml
index 1935a43..ff4a35f 100644
--- a/jenkins/client/job/deploy/kqueen.yml
+++ b/jenkins/client/job/deploy/kqueen.yml
@@ -33,7 +33,7 @@
default: "${_param:jenkins_gerrit_url}/mk/heat-templates"
STACK_TEMPLATE_CREDENTIALS:
type: string
- default: "gerrit"
+ default: ${_param:jenkins_gerrit_credentials}
STACK_TEMPLATE_BRANCH:
type: string
default: "master"
@@ -93,7 +93,7 @@
default: "${_param:jenkins_gerrit_url}/mk/heat-templates"
STACK_TEMPLATE_CREDENTIALS:
type: string
- default: "gerrit"
+ default: ${_param:jenkins_gerrit_credentials}
STACK_TEMPLATE_BRANCH:
type: string
default: "master"
diff --git a/jenkins/client/job/deploy/lab/mom_deploy.yml b/jenkins/client/job/deploy/lab/mom_deploy.yml
index c6bbbc5..f03b485 100644
--- a/jenkins/client/job/deploy/lab/mom_deploy.yml
+++ b/jenkins/client/job/deploy/lab/mom_deploy.yml
@@ -100,7 +100,7 @@
default: "master"
STACK_TEMPLATE_CREDENTIALS:
type: string
- default: "gerrit"
+ default: "${_param:jenkins_gerrit_credentials}"
STACK_TEMPLATE_URL:
type: string
default: "${_param:jenkins_gerrit_url}/mk/heat-templates"
diff --git a/jenkins/client/job/git-mirrors/downstream/init.yml b/jenkins/client/job/git-mirrors/downstream/init.yml
index 5a6257c..92a3d6d 100644
--- a/jenkins/client/job/git-mirrors/downstream/init.yml
+++ b/jenkins/client/job/git-mirrors/downstream/init.yml
@@ -19,18 +19,21 @@
type: git
url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
branch: "${_param:jenkins_pipelines_branch}"
- credentials: ${_param:jenkins_gerrit_credentials}
+ credentials: "${_param:jenkins_gerrit_credentials}"
script: git-mirror-pipeline.groovy
param:
SOURCE_URL:
type: string
default: "{{upstream}}"
+ SOURCE_CREDENTIALS:
+ type: string
+ default: "{{source_credentials}}"
TARGET_URL:
type: string
default: "${_param:jenkins_gerrit_url}/{{downstream}}"
CREDENTIALS_ID:
type: string
- default: "gerrit"
+ default: ${_param:jenkins_gerrit_credentials}
BRANCHES:
type: string
default: "{{branches}}"
diff --git a/jenkins/client/job/git-mirrors/downstream/pipelines.yml b/jenkins/client/job/git-mirrors/downstream/pipelines.yml
index fbec27c..ea9cbe1 100644
--- a/jenkins/client/job/git-mirrors/downstream/pipelines.yml
+++ b/jenkins/client/job/git-mirrors/downstream/pipelines.yml
@@ -4,12 +4,17 @@
_param:
gerrit_pipeline_library_repo: https://github.com/Mirantis/pipeline-library
gerrit_mk_pipelines_repo: https://github.com/Mirantis/mk-pipelines
+ pipeline_library_source_credentials: ""
+ mk_pipelines_source_credentials: ${_param:pipeline_library_source_credentials}
+ vnf_onboaring_source_credentials: ${_param:pipeline_library_source_credentials}
jenkins_git_mirror_downstream_jobs:
- name: pipeline-library
downstream: mcp-ci/pipeline-library
upstream: "${_param:gerrit_pipeline_library_repo}"
branches: "*"
+ source_credentials: "${_param:pipeline_library_source_credentials}"
- name: mk-pipelines
downstream: mk/mk-pipelines
upstream: "${_param:gerrit_mk_pipelines_repo}"
- branches: "*"
\ No newline at end of file
+ branches: "*"
+ source_credentials: "${_param:mk_pipelines_source_credentials}"
\ No newline at end of file
diff --git a/openldap/client/init.yml b/openldap/client/init.yml
index 25812f6..c0c20a8 100644
--- a/openldap/client/init.yml
+++ b/openldap/client/init.yml
@@ -3,7 +3,10 @@
parameters:
_param:
openldap_server: ${_param:cluster_vip_address}
- openldap_tls: false
+ openldap_tls:
+ starttls: true
+ keyfile: /etc/haproxy/ssl/drivetrain.key
+ certfile: /etc/haproxy/ssl/drivetrain.crt
openldap:
client:
server:
diff --git a/salt/minion/cert/proxy/drivetrain_ssl.yml b/salt/minion/cert/proxy/drivetrain_ssl.yml
index aecb5fb..5e7cf5f 100644
--- a/salt/minion/cert/proxy/drivetrain_ssl.yml
+++ b/salt/minion/cert/proxy/drivetrain_ssl.yml
@@ -2,7 +2,7 @@
salt:
minion:
cert:
- gerrit:
+ drivetrain:
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
common_name: drivetrain
diff --git a/vnf_onboarding/common/init.yml b/vnf_onboarding/common/init.yml
index f988897..88ade04 100644
--- a/vnf_onboarding/common/init.yml
+++ b/vnf_onboarding/common/init.yml
@@ -1,7 +1,6 @@
parameters:
_param:
mcp_docker_registry: 'docker-dev-local.docker.mirantis.net'
- vnf_gerrit_credentials: "gerrit"
vnf_openstack_api_url: "${_param:cluster_public_protocol}://${_param:cluster_public_host}:5000/v2.0"
vnf_openstack_api_credentials: "test-openstack"
vnf_openstack_api_admin_credentials: "admin-openstack"
diff --git a/vnf_onboarding/common/jenkins_job.yml b/vnf_onboarding/common/jenkins_job.yml
index b63aa34..a928d2f 100644
--- a/vnf_onboarding/common/jenkins_job.yml
+++ b/vnf_onboarding/common/jenkins_job.yml
@@ -12,7 +12,7 @@
scm:
type: git
url: "${_param:jenkins_gerrit_url}/vnf-onboarding/pipelines"
- credentials: "${_param:vnf_gerrit_credentials}"
+ credentials: "${_param:jenkins_gerrit_credentials}"
script: deploy_cloudify.groovy
param:
OPENSTACK_API_URL:
@@ -33,7 +33,7 @@
default: "master"
NFV_PLATFORM_REPO_CREDENTIALS:
type: string
- default: "${_param:vnf_gerrit_credentials}"
+ default: "${_param:jenkins_gerrit_credentials}"
CFM_IMAGE:
type: string
default: "cloudify-manager-4.3.1ga"
diff --git a/vnf_onboarding/common/mirrors.yml b/vnf_onboarding/common/mirrors.yml
index 83d11c0..c830d85 100644
--- a/vnf_onboarding/common/mirrors.yml
+++ b/vnf_onboarding/common/mirrors.yml
@@ -9,7 +9,9 @@
downstream: vnf-onboarding/pipelines
upstream: ${_param:gerrit_vnf_onboaring_pipelines_repo}
branches: master
+ source_credentials: "${_param:vnf_onboaring_source_credentials}"
- name: nfv-platform
downstream: vnf-onboarding/nfv-platform
upstream: ${_param:gerrit_vnf_onboaring_nfv_platform_repo}
- branches: master
\ No newline at end of file
+ branches: master
+ source_credentials: "${_param:vnf_onboaring_source_credentials}"
\ No newline at end of file
diff --git a/vnf_onboarding/vnf/avi_loadbalancer/jenkins_template.yml b/vnf_onboarding/vnf/avi_loadbalancer/jenkins_template.yml
index 54d82fc..c4ad531 100644
--- a/vnf_onboarding/vnf/avi_loadbalancer/jenkins_template.yml
+++ b/vnf_onboarding/vnf/avi_loadbalancer/jenkins_template.yml
@@ -17,7 +17,7 @@
scm:
type: git
url: "${_param:jenkins_gerrit_url}/vnf-onboarding/pipelines"
- credentials: "${_param:vnf_gerrit_credentials}"
+ credentials: "${_param:jenkins_gerrit_credentials}"
script: test_vnf_onboarding.groovy
trigger:
gerrit:
@@ -59,7 +59,7 @@
default: "test-avi"
GERRIT_CREDENTIALS:
type: string
- default: "${_param:vnf_gerrit_credentials}"
+ default: "${_param:jenkins_gerrit_credentials}"
ELASTIC_URL:
type: string
default: "${_param:vnf_elastic_url}"
@@ -75,7 +75,7 @@
default: "master"
NFV_PLATFORM_REPO_CREDENTIALS:
type: string
- default: "${_param:vnf_gerrit_credentials}"
+ default: "${_param:jenkins_gerrit_credentials}"
CONTRAIL_ENABLED:
type: boolean
default: false
diff --git a/vnf_onboarding/vnf/avi_loadbalancer/mirrors.yml b/vnf_onboarding/vnf/avi_loadbalancer/mirrors.yml
index c74bda3..0b47570 100644
--- a/vnf_onboarding/vnf/avi_loadbalancer/mirrors.yml
+++ b/vnf_onboarding/vnf/avi_loadbalancer/mirrors.yml
@@ -7,4 +7,5 @@
- name: avi-loadbalancer
downstream: vnf-onboarding/avi-loadbalancer
upstream: ${_param:gerrit_vnf_onboaring_avi_repo}
- branches: master
\ No newline at end of file
+ branches: master
+ source_credentials: "${_param:vnf_onboaring_source_credentials}"
\ No newline at end of file
diff --git a/vnf_onboarding/vnf/metaswitch_vsbc/jenkins_job.yml b/vnf_onboarding/vnf/metaswitch_vsbc/jenkins_job.yml
index e480d46..709ab38 100644
--- a/vnf_onboarding/vnf/metaswitch_vsbc/jenkins_job.yml
+++ b/vnf_onboarding/vnf/metaswitch_vsbc/jenkins_job.yml
@@ -14,7 +14,7 @@
scm:
type: git
url: "${_param:jenkins_gerrit_url}/vnf-onboarding/pipelines"
- credentials: "${_param:vnf_gerrit_credentials}"
+ credentials: "${_param:jenkins_gerrit_credentials}"
script: test_vnf_onboarding.groovy
trigger:
gerrit:
@@ -53,7 +53,7 @@
default: "test-metaswitch"
GERRIT_CREDENTIALS:
type: string
- default: "${_param:vnf_gerrit_credentials}"
+ default: "${_param:jenkins_gerrit_credentials}"
ELASTIC_URL:
type: string
default: "${_param:vnf_elastic_url}"
@@ -70,7 +70,7 @@
default: "master"
NFV_PLATFORM_REPO_CREDENTIALS:
type: string
- default: "${_param:vnf_gerrit_credentials}"
+ default: "${_param:jenkins_gerrit_credentials}"
CONTRAIL_ENABLED:
type: boolean
default: false
@@ -146,7 +146,7 @@
scm:
type: git
url: "${_param:jenkins_gerrit_url}/vnf-onboarding/pipelines"
- credentials: "${_param:vnf_gerrit_credentials}"
+ credentials: "${_param:jenkins_gerrit_credentials}"
script: test_platform.groovy
param:
OPENSTACK_API_CREDENTIALS:
@@ -202,7 +202,7 @@
default: "master"
VNF_PLATFORM_TESTS_REPO_CREDENTIALS:
type: string
- default: "${_param:vnf_gerrit_credentials}"
+ default: "${_param:jenkins_gerrit_credentials}"
TEMPEST_IMAGE_DOCKER_REGISTRY_PATH:
type: string
description: "Path for docker image with testing tool. If empty, image will be build using VNF_PLATFORM_TESTS_* parameters."
@@ -221,7 +221,7 @@
default: "${_param:jenkins_gerrit_url}/vnf-onboarding/nfv-platform"
ELASTIC_TRANSFER_REPO_CREDENTIALS:
type: string
- default: "${_param:vnf_gerrit_credentials}"
+ default: "${_param:jenkins_gerrit_credentials}"
ELASTIC_TRANSFER_REPO_BRANCH:
type: string
default: "master"
diff --git a/vnf_onboarding/vnf/metaswitch_vsbc/mirrors.yml b/vnf_onboarding/vnf/metaswitch_vsbc/mirrors.yml
index 0a0c300..f032fb4 100644
--- a/vnf_onboarding/vnf/metaswitch_vsbc/mirrors.yml
+++ b/vnf_onboarding/vnf/metaswitch_vsbc/mirrors.yml
@@ -9,7 +9,9 @@
downstream: vnf-onboarding/metaswitch-vsbc
upstream: ${_param:gerrit_vnf_onboaring_metaswitch_repo}
branches: master
+ source_credentials: "${_param:vnf_onboaring_source_credentials}"
- name: platform-tests
downstream: vnf-onboarding/platform-tests
upstream: ${_param:gerrit_vnf_onboaring_platform_tests_repo}
- branches: master
\ No newline at end of file
+ branches: master
+ source_credentials: "${_param:vnf_onboaring_source_credentials}"
\ No newline at end of file
diff --git a/vnf_onboarding/vnf/mock_nginx/jenkins_template.yml b/vnf_onboarding/vnf/mock_nginx/jenkins_template.yml
index e2f4cbd..b72994e 100644
--- a/vnf_onboarding/vnf/mock_nginx/jenkins_template.yml
+++ b/vnf_onboarding/vnf/mock_nginx/jenkins_template.yml
@@ -18,7 +18,7 @@
scm:
type: git
url: "${_param:jenkins_gerrit_url}/vnf-onboarding/pipelines"
- credentials: "${_param:vnf_gerrit_credentials}"
+ credentials: "${_param:jenkins_gerrit_credentials}"
script: test_vnf_onboarding.groovy
trigger:
gerrit:
@@ -60,7 +60,7 @@
default: "test-nginx"
GERRIT_CREDENTIALS:
type: string
- default: "${_param:vnf_gerrit_credentials}"
+ default: "${_param:jenkins_gerrit_credentials}"
ELASTIC_URL:
type: string
default: "${_param:vnf_elastic_url}"
@@ -77,7 +77,7 @@
default: "master"
NFV_PLATFORM_REPO_CREDENTIALS:
type: string
- default: "${_param:vnf_gerrit_credentials}"
+ default: "${_param:jenkins_gerrit_credentials}"
CONTRAIL_ENABLED:
type: boolean
default: false
diff --git a/vnf_onboarding/vnf/mock_nginx/mirrors.yml b/vnf_onboarding/vnf/mock_nginx/mirrors.yml
index 6aff50c..76ca94c 100644
--- a/vnf_onboarding/vnf/mock_nginx/mirrors.yml
+++ b/vnf_onboarding/vnf/mock_nginx/mirrors.yml
@@ -7,4 +7,5 @@
- name: nginx-vnf
downstream: vnf-onboarding/nginx-vnf
upstream: ${_param:gerrit_vnf_onboaring_nginx_repo}
- branches: master
\ No newline at end of file
+ branches: master
+ source_credentials: "${_param:vnf_onboaring_source_credentials}"
\ No newline at end of file