Merge "Fix trigger for mcp-k8s-test-pipeline"
diff --git a/.releasenotes/notes/add-jenkins-and-gerrit-nginx-proxy-support-272f290d7c92480a.yaml b/.releasenotes/notes/add-jenkins-and-gerrit-nginx-proxy-support-272f290d7c92480a.yaml
new file mode 100644
index 0000000..f15497f
--- /dev/null
+++ b/.releasenotes/notes/add-jenkins-and-gerrit-nginx-proxy-support-272f290d7c92480a.yaml
@@ -0,0 +1,30 @@
+---
+features:
+ - |
+ Added system metadata classes to deploy reverse proxy support for
+ Jenkins and Gerrit services. When enabled, these services can be
+ accessed through a public URL or DNS.
+
+ **To apply the change to your deployment:**
+
+ #. Add the following classes to
+ ``cluster.<CLUSTER_NAME>.openstack.proxy.yml``:
+
+ .. code-block:: yaml
+
+ classes:
+ - system.nginx.server.proxy.cicd.gerrit
+ - system.nginx.server.proxy.cicd.jenkins
+
+ #. Set up the following parameters in
+ ``cluster.<CLUSTER_NAME>.cicd.control.init.yml``:
+
+ .. code-block:: yaml
+
+ parameters:
+ _param:
+ nginx_proxy_gerrit_server_site_host: ${_param:openstack_proxy_address}
+ nginx_proxy_gerrit_server_site_port: 8080
+ gerrit_http_listen_url: proxy-https://*:8080/
+ gerrit_public_host: https://${_param:nginx_proxy_gerrit_server_site_host}:${_param:nginx_proxy_gerrit_server_site_port}
+
diff --git a/.releasenotes/notes/add-upstream-proxy-feauture-for-maas-gerrit-jenkins-aptly-53bec821be830377.yaml b/.releasenotes/notes/add-upstream-proxy-feauture-for-maas-gerrit-jenkins-aptly-53bec821be830377.yaml
new file mode 100644
index 0000000..3c408a2
--- /dev/null
+++ b/.releasenotes/notes/add-upstream-proxy-feauture-for-maas-gerrit-jenkins-aptly-53bec821be830377.yaml
@@ -0,0 +1,48 @@
+---
+features:
+ - |
+ Added system metadata to set upstream proxy for the MAAS, Gerrit, Jenkins,
+ and Aptly services.
+
+ **To apply the change to an existing cicd cluster deployment:**
+
+ #. Set the ``http_proxy`` parameter in
+ ``cluster.<CLUSTER_NAME>.cicd.control.init.yml``:
+
+ .. code-block:: yaml
+
+ parameters:
+ _param:
+ http_proxy: 'http://<<upstream_proxy_address>>:<<upstream_proxy_port>>'
+
+ #. Apply the :command:`docker.client` state:
+
+ .. code-block::
+
+ salt -C 'I@docker:client' state.sls docker.client
+
+ **To apply the change to an existing maas deployment:**
+
+ #. Configure ``upstream_proxy`` for MAAS:
+
+ .. code-block:: yaml
+
+ maas:
+ region:
+ upstream_proxy:
+ address: <<upstream_proxy_address>>
+ port: <<upstream_proxy_address>>
+
+ #. On the Salt Master node, update the MaaS Salt formula to latest:
+
+ .. code-block::
+
+ salt-call state.sls salt.master
+
+ #. On the MAAS node, apply the :command:`maas.region` state:
+
+ .. code-block::
+
+ salt-call state.sls maas.region
+ reboot
+
diff --git a/.releasenotes/notes/add_ssl_support_oss-ea1eb1e086d08e3c.yaml b/.releasenotes/notes/add_ssl_support_oss-ea1eb1e086d08e3c.yaml
index b74bc21..d28f488 100644
--- a/.releasenotes/notes/add_ssl_support_oss-ea1eb1e086d08e3c.yaml
+++ b/.releasenotes/notes/add_ssl_support_oss-ea1eb1e086d08e3c.yaml
@@ -60,7 +60,7 @@
.. note:: By default, the ``cacert_path`` variable is defined as
follows:
- .. code-block:: yaml
+ .. code-block:: yaml
- oss_openstack_cert_path: /srv/volumes/rundeck/storage/content/keys/cis/openstack/cert.pem
+ oss_openstack_cert_path: /srv/volumes/rundeck/storage/content/keys/cis/openstack/cert.pem
diff --git a/.releasenotes/notes/move-monitoring-and-oss-to-mon-nodes-9711005d184b1f59.yaml b/.releasenotes/notes/move-monitoring-and-oss-to-mon-nodes-9711005d184b1f59.yaml
new file mode 100644
index 0000000..c68faf1
--- /dev/null
+++ b/.releasenotes/notes/move-monitoring-and-oss-to-mon-nodes-9711005d184b1f59.yaml
@@ -0,0 +1,11 @@
+---
+fixes:
+ - |
+ For stability and diversification of resources, Prometheus-based Stacklight
+ and OSS services were moved to monitoring nodes. Now, on spawning new
+ monitoring nodes, different Docker swarm is set up on them to deliver
+ Stacklight and/or OSS services.
+
+ To deploy Stacklight with OSS services on monitoring nodes, generate a new
+ deployment model using the Model Designer UI.
+
diff --git a/.releasenotes/notes/nginx-timeouts-15edce840ee27b59.yaml b/.releasenotes/notes/nginx-timeouts-15edce840ee27b59.yaml
new file mode 100644
index 0000000..7d5893d
--- /dev/null
+++ b/.releasenotes/notes/nginx-timeouts-15edce840ee27b59.yaml
@@ -0,0 +1,51 @@
+---
+summary: >
+ Added possibility to define Nginx proxy timeouts for Devops Portal Service.
+
+features:
+ - |
+ Added possibility to define Nginx proxy timeouts for Devops Portal service through Salt metadata.
+ To avoid possible *Gateway Timeout* errors that occur due to huge amount
+ of data, connection, and other issues. Its possible to configure server timeouts on the side of
+ Devops Portal service.
+
+ **To configure Nginx proxy timeouts:**
+
+ #. Define following parameters on a system level for each service in
+ your Docker stack.
+
+ .. code-block:: yaml
+
+ parameters:
+ devops_portal:
+ config:
+ service:
+ your_service:
+ configure_proxy: true
+ resolve_hostname: true
+ # Proxy parameters, default value equals 300 ms
+ proxy_connect_timeout: 300
+ proxy_send_timeout: 300
+ proxy_read_timeout: 300
+ send_timeout: 300
+
+ .. note:: The following is the example of the above configuration
+ location:
+
+ .. code-block:: yaml
+
+ /srv/salt/reclass/classes/system/docker/swarm/stack/YOUR_SERVICE.yml
+
+ #. Recreate devops-portal stack:
+
+ .. code-block:: bash
+
+ docker stack rm devops-portal
+ salt -C 'I@devops_portal:config' state.sls devops_portal.config
+ salt -C 'I@docker:swarm:role:master' state.sls docker.client
+
+ The Nginx configuration are updated during the Devops Portal Salt
+ formula application.
+
+ .. fixes https://mirantis.jira.com/browse/PROD-14603
+
diff --git a/.releasenotes/notes/rename-options-5db6ad4bb2ff80f5.yaml b/.releasenotes/notes/rename-options-5db6ad4bb2ff80f5.yaml
index c318d41..e5bc283 100644
--- a/.releasenotes/notes/rename-options-5db6ad4bb2ff80f5.yaml
+++ b/.releasenotes/notes/rename-options-5db6ad4bb2ff80f5.yaml
@@ -1,37 +1,42 @@
---
summary: >
- change OS-cloud credentials defining process
+ Improved the OpenStack cloud credentials defining process for the OSS services
upgrades:
- * 'cacert_path' and 'cafile' variables for Security Audit and Cleanup services were changed to:
+ - |
+ Improved the OpenStack cloud credentials defining process for the OSS
+ services. The changes affect cluster and system levels of an MCP
+ deployment and include the following:
- .. code-block:: yaml
- security_monkey_openstack:
- source_credentials: source/path/for/os/credentials/on/env
- service_credentials: path/to/os/credentials/in/service/container
+ * ``cacert_path`` and ``cafile`` parameters for the Security Audit and
+ Cleanup services has changed to:
- janitor_monkey_openstack:
- source_credentials: source/path/for/os/credentials/on/env
- service_credentials: path/to/os/credentials/in/service/container
+ .. code-block:: yaml
- Now you do not need to specify cert-file properly, need to define directory only.
- Cert-file named 'cert.pem' by default for all services.
- 'source_credentials' equal to 'oss_openstack_credentials_path'.
+ security_monkey_openstack:
+ source_credentials: source/path/for/os/credentials/on/env
+ service_credentials: path/to/os/credentials/in/service/container
- * 'oss_openstack_cert_path' was changed to:
+ janitor_monkey_openstack:
+ source_credentials: source/path/for/os/credentials/on/env
+ service_credentials: path/to/os/credentials/in/service/container
- .. code-block:: yaml
+ Now, you do not need to specify the certificate file but only the
+ directory where it is located.
+ The certificate file is named ``cert.pem`` for all services by default;
+ and the ``source_credentials`` value equals to
+ the value of the ``oss_openstack_credentials_path`` parameter.
- oss_openstack_credentials_path: source/path/for/os/credentials/on/env
+ * ``oss_openstack_cert_path`` has changed as follows:
- .. code-block:: text
+ .. code-block:: yaml
- Changes affect cluster and system levels.
+ oss_openstack_credentials_path: source/path/for/os/credentials/on/env
-fixes:
- - https://mirantis.jira.com/browse/PROD-14863
- - https://mirantis.jira.com/browse/PROD-14870
+ .. fixes:
+ - https://mirantis.jira.com/browse/PROD-14863
+ - https://mirantis.jira.com/browse/PROD-14870
-other:
- * full change-list:
- https://gerrit.mcp.mirantis.net/#/q/topic:os-creds+(status:open+OR+status:merged)
+ .. full change-list:
+ https://gerrit.mcp.mirantis.net/#/q/topic:os-creds+(status:open+OR+status:merged)
+
diff --git a/.releasenotes/notes/sfdc-support-995867e00a89add0.yaml b/.releasenotes/notes/sfdc-support-995867e00a89add0.yaml
new file mode 100644
index 0000000..0b4bff4
--- /dev/null
+++ b/.releasenotes/notes/sfdc-support-995867e00a89add0.yaml
@@ -0,0 +1,20 @@
+---
+summary: >
+ Added support for the Push Notifications service to Salesforce.
+
+features:
+ - |
+ Added support for the Push Notification service to Salesforce.
+ To configure the Push Notification service for a SalesForce account,
+ define following variables on the cluster level metadata:
+
+ .. code-block:: yaml
+
+ sfdc_auth_url: https://login.salesforce.com/services/oauth2/token
+ sfdc_username: user@example.net
+ sfdc_password: secret
+ sfdc_consumer_key: example_consumer_key
+ sfdc_consumer_secret: example_consumer_secret
+ sfdc_organization_id: example_organization_id
+ sfdc_sandbox_enabled: True/False
+
diff --git a/aptly/server/mirror/ubuntu/trusty/mcp/apt_mk/init.yml b/aptly/server/mirror/ubuntu/trusty/mcp/apt_mk/init.yml
index 35ae854..0aad158 100644
--- a/aptly/server/mirror/ubuntu/trusty/mcp/apt_mk/init.yml
+++ b/aptly/server/mirror/ubuntu/trusty/mcp/apt_mk/init.yml
@@ -41,6 +41,18 @@
component: oc32
distributions:
- ubuntu-trusty/${_param:apt_mk_version}
+ mcp_opencontrail_trusty_oc323:
+ source: http://apt-mk.mirantis.com/trusty/
+ distribution: ${_param:apt_mk_version}
+ components: oc323
+ architectures: amd64
+ key_url: "http://apt-mk.mirantis.com/public.gpg"
+ gpgkeys:
+ - A76882D3
+ publisher:
+ component: oc323
+ distributions:
+ - ubuntu-trusty/${_param:apt_mk_version}
mirantis_openstack_trusty_extra:
source: http://apt-mk.mirantis.com/trusty/
distribution: ${_param:apt_mk_version}
diff --git a/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/init.yml b/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/init.yml
index a340a46..c95e3e5 100644
--- a/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/init.yml
+++ b/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/init.yml
@@ -41,6 +41,18 @@
component: oc32
distributions:
- ubuntu-xenial/${_param:apt_mk_version}
+ mcp_opencontrail_xenial_oc323:
+ source: http://apt-mk.mirantis.com/xenial/
+ distribution: ${_param:apt_mk_version}
+ components: oc323
+ architectures: amd64
+ key_url: "http://apt-mk.mirantis.com/public.gpg"
+ gpgkeys:
+ - A76882D3
+ publisher:
+ component: oc323
+ distributions:
+ - ubuntu-xenial/${_param:apt_mk_version}
mirantis_openstack_xenial_extra:
source: http://apt-mk.mirantis.com/xenial/
distribution: ${_param:apt_mk_version}
diff --git a/docker/swarm/stack/monitoring/init.yml b/docker/swarm/stack/monitoring/init.yml
index e274426..6efe125 100644
--- a/docker/swarm/stack/monitoring/init.yml
+++ b/docker/swarm/stack/monitoring/init.yml
@@ -76,6 +76,7 @@
ALERTMANAGER_BIND_PORT: ${prometheus:alertmanager:bind:port}
ALERTMANAGER_BIND_ADDRESS: ${prometheus:alertmanager:bind:address}
ALERTMANAGER_DISCOVERY_DOMAIN: 'monitoring_alertmanager'
+ ALERTMANAGER_EXTERNAL_URL: "http://${_param:stacklight_monitor_address}:15011"
pushgateway:
networks:
- monitoring
@@ -119,3 +120,4 @@
PROMETHEUS_STORAGE_LOCAL_RETENTION: ${prometheus:server:storage:local:retention}
PROMETHEUS_STORAGE_LOCAL_TARGET_HEAP_SIZE: ${prometheus:server:storage:local:target_heap_size}
PROMETHEUS_STORAGE_LOCAL_NUM_FINGERPRINT_MUTEXES: ${prometheus:server:storage:local:num_fingerprint_mutexes}
+ PROMETHEUS_EXTERNAL_URL: "http://${_param:stacklight_monitor_address}:15010"
diff --git a/glusterfs/client/volume/artifactory.yml b/glusterfs/client/volume/artifactory.yml
index 878131f..f8104a1 100644
--- a/glusterfs/client/volume/artifactory.yml
+++ b/glusterfs/client/volume/artifactory.yml
@@ -10,4 +10,4 @@
artifactory:
path: /srv/volumes/artifactory
server: ${_param:artifactory_glusterfs_service_host}
- opts: "defaults,backup-volfile-servers=${_param:glusterfs_node01_address}:${_param:glusterfs_node02_address}:${_param:glusterfs_node03_address}"
+ opts: "defaults,backup-volfile-servers=${_param:glusterfs_node01_address}:${_param:glusterfs_node02_address}:${_param:glusterfs_node03_address},direct-io-mode=disable"
diff --git a/haproxy/proxy/listen/cicd/aptly.yml b/haproxy/proxy/listen/cicd/aptly.yml
index 35ae3d6..682e0d3 100644
--- a/haproxy/proxy/listen/cicd/aptly.yml
+++ b/haproxy/proxy/listen/cicd/aptly.yml
@@ -24,15 +24,7 @@
- name: ${_param:cluster_node01_name}
host: ${_param:cluster_node01_address}
port: 18084
- params: check
- - name: ${_param:cluster_node02_name}
- host: ${_param:cluster_node02_address}
- port: 18084
- params: backup check
- - name: ${_param:cluster_node03_name}
- host: ${_param:cluster_node03_address}
- port: 18084
- params: backup check
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
aptly-public:
mode: http
options:
@@ -45,14 +37,6 @@
port: ${_param:haproxy_aptly_public_bind_port}
servers:
- name: ${_param:cluster_node01_name}
- host: ${_param:cluster_node01_address}
+ host: localhost
port: 18085
- params: check
- - name: ${_param:cluster_node02_name}
- host: ${_param:cluster_node02_address}
- port: 18085
- params: check
- - name: ${_param:cluster_node03_name}
- host: ${_param:cluster_node03_address}
- port: 18085
- params: check
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
diff --git a/haproxy/proxy/listen/cicd/artifactory.yml b/haproxy/proxy/listen/cicd/artifactory.yml
index 349d998..cb6184e 100644
--- a/haproxy/proxy/listen/cicd/artifactory.yml
+++ b/haproxy/proxy/listen/cicd/artifactory.yml
@@ -12,27 +12,25 @@
mode: http
options:
- forwardfor
-# - httpchk
+ - httpchk
- httpclose
- httplog
balance: source
+ acl:
+ is_docker: "path_reg ^/v[12][/.]*"
http_request:
+ - action: "add-header X-Artifactory-Override-Base-Url https://%[req.hdr(host)]/artifactory"
+ condition: "if is_docker"
- action: "add-header X-Forwarded-Proto https"
condition: "if { ssl_fc }"
+ - action: "set-path /artifactory/api/docker/%[req.hdr(host),lower,field(1,'.')]%[path]"
+ condition: "if is_docker "
binds:
- address: ${_param:haproxy_artifactory_bind_host}
port: ${_param:haproxy_artifactory_bind_port}
ssl: ${_param:haproxy_artifactory_ssl}
servers:
- name: ${_param:cluster_node01_name}
- host: ${_param:cluster_node01_address}
+ host: localhost
port: 18082
- params: check
- - name: ${_param:cluster_node02_name}
- host: ${_param:cluster_node02_address}
- port: 18082
- params: backup check
- - name: ${_param:cluster_node03_name}
- host: ${_param:cluster_node03_address}
- port: 18082
- params: backup check
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
\ No newline at end of file
diff --git a/haproxy/proxy/listen/cicd/gerrit.yml b/haproxy/proxy/listen/cicd/gerrit.yml
index 3ee21b1..f6ded20 100644
--- a/haproxy/proxy/listen/cicd/gerrit.yml
+++ b/haproxy/proxy/listen/cicd/gerrit.yml
@@ -13,7 +13,7 @@
mode: http
options:
- forwardfor
-# - httpchk
+ - httpchk
- httpclose
- httplog
balance: source
@@ -26,17 +26,9 @@
ssl: ${_param:haproxy_gerrit_ssl}
servers:
- name: ${_param:cluster_node01_name}
- host: ${_param:cluster_node01_address}
+ host: localhost
port: 18083
- params: check
- - name: ${_param:cluster_node02_name}
- host: ${_param:cluster_node02_address}
- port: 18083
- params: backup check
- - name: ${_param:cluster_node03_name}
- host: ${_param:cluster_node03_address}
- port: 18083
- params: backup check
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
gerrit_ssh:
mode: tcp
balance: source
@@ -45,14 +37,7 @@
port: ${_param:haproxy_gerrit_ssh_bind_port}
servers:
- name: ${_param:cluster_node01_name}
- host: ${_param:cluster_node01_address}
+ host: localhost
port: 29417
- params: check
- - name: ${_param:cluster_node02_name}
- host: ${_param:cluster_node02_address}
- port: 29417
- params: backup check
- - name: ${_param:cluster_node03_name}
- host: ${_param:cluster_node03_address}
- port: 29417
- params: backup check
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+
diff --git a/haproxy/proxy/listen/cicd/jenkins.yml b/haproxy/proxy/listen/cicd/jenkins.yml
index eda12f8..93a9fdd 100644
--- a/haproxy/proxy/listen/cicd/jenkins.yml
+++ b/haproxy/proxy/listen/cicd/jenkins.yml
@@ -13,7 +13,7 @@
mode: http
options:
- forwardfor
-# - httpchk
+ - httpchk get /login
- httpclose
- httplog
balance: source
@@ -28,17 +28,9 @@
ssl: ${_param:haproxy_jenkins_ssl}
servers:
- name: ${_param:cluster_node01_name}
- host: ${_param:cluster_node01_address}
+ host: localhost
port: 18081
- params: check
- - name: ${_param:cluster_node02_name}
- host: ${_param:cluster_node02_address}
- port: 18081
- params: backup check
- - name: ${_param:cluster_node03_name}
- host: ${_param:cluster_node03_address}
- port: 18081
- params: backup check
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
jenkins_jnlp:
mode: tcp
balance: source
@@ -47,14 +39,6 @@
port: ${_param:haproxy_jenkins_jnlp_bind_port}
servers:
- name: ${_param:cluster_node01_name}
- host: ${_param:cluster_node01_address}
+ host: localhost
port: 50001
- params: check
- - name: ${_param:cluster_node02_name}
- host: ${_param:cluster_node02_address}
- port: 50001
- params: backup check
- - name: ${_param:cluster_node03_name}
- host: ${_param:cluster_node03_address}
- port: 50001
- params: backup check
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
diff --git a/haproxy/proxy/listen/docker/registry.yml b/haproxy/proxy/listen/docker/registry.yml
index 8d45e97..e0f63e8 100644
--- a/haproxy/proxy/listen/docker/registry.yml
+++ b/haproxy/proxy/listen/docker/registry.yml
@@ -23,14 +23,7 @@
ssl: ${_param:haproxy_docker_registry_ssl}
servers:
- name: ${_param:cluster_node01_name}
- host: ${_param:cluster_node01_address}
+ host: localhost
port: 15000
- params: check
- - name: ${_param:cluster_node02_name}
- host: ${_param:cluster_node02_address}
- port: 15000
- params: check
- - name: ${_param:cluster_node03_name}
- host: ${_param:cluster_node03_address}
- port: 15000
- params: check
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+
diff --git a/haproxy/proxy/listen/docker/visualizer.yml b/haproxy/proxy/listen/docker/visualizer.yml
index 6fec3ba..d4e74bb 100644
--- a/haproxy/proxy/listen/docker/visualizer.yml
+++ b/haproxy/proxy/listen/docker/visualizer.yml
@@ -8,7 +8,7 @@
mode: http
options:
- forwardfor
-# - httpchk
+ - httpchk
- httpclose
- httplog
balance: source
@@ -17,14 +17,6 @@
port: ${_param:haproxy_docker_visualizer_listen_port}
servers:
- name: ${_param:cluster_node01_name}
- host: ${_param:cluster_node01_address}
+ host: localhost
port: 18090
- params: check
- - name: ${_param:cluster_node02_name}
- host: ${_param:cluster_node02_address}
- port: 18090
- params: check
- - name: ${_param:cluster_node03_name}
- host: ${_param:cluster_node03_address}
- port: 18090
- params: check
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
\ No newline at end of file
diff --git a/jenkins/client/job/debian/packages/salt.yml b/jenkins/client/job/debian/packages/salt.yml
index 31b8e2a..968c617 100644
--- a/jenkins/client/job/debian/packages/salt.yml
+++ b/jenkins/client/job/debian/packages/salt.yml
@@ -55,6 +55,8 @@
dist: trusty
- name: etcd
dist: trusty
+ - name: fluentbit
+ dist: trusty
- name: foreman
dist: trusty
- name: freeipa
@@ -253,6 +255,8 @@
dist: xenial
- name: etcd
dist: xenial
+ - name: fluentbit
+ dist: xenial
- name: foreman
dist: xenial
- name: freeipa
diff --git a/jenkins/client/job/deploy/lab/deploy.yml b/jenkins/client/job/deploy/lab/deploy.yml
index 4a18e8e..0dc136c 100644
--- a/jenkins/client/job/deploy/lab/deploy.yml
+++ b/jenkins/client/job/deploy/lab/deploy.yml
@@ -83,6 +83,10 @@
type: text
default: ""
description: "YAML with overrides for Salt deployment"
+ FORMULA_PKG_REVISION:
+ type: string
+ default: ""
+ description: "Formulas revision to install on Salt Master bootstrap stage"
# aws api
AWS_STACK_REGION:
diff --git a/jenkins/client/job/salt-formulas/git-mirrors/2way.yml b/jenkins/client/job/salt-formulas/git-mirrors/2way.yml
index 331eb59..ffcebd7 100644
--- a/jenkins/client/job/salt-formulas/git-mirrors/2way.yml
+++ b/jenkins/client/job/salt-formulas/git-mirrors/2way.yml
@@ -59,6 +59,8 @@
branches: ${_param:salt_formulas_branches}
- name: etcd
branches: ${_param:salt_formulas_branches}
+ - name: fluentbit
+ branches: ${_param:salt_formulas_branches}
- name: foreman
branches: ${_param:salt_formulas_branches}
- name: freeipa
diff --git a/jenkins/client/job/salt-formulas/tests.yml b/jenkins/client/job/salt-formulas/tests.yml
index 448c421..d35b179 100644
--- a/jenkins/client/job/salt-formulas/tests.yml
+++ b/jenkins/client/job/salt-formulas/tests.yml
@@ -32,6 +32,7 @@
- name: dovecot
- name: elasticsearch
- name: etcd
+ - name: fluentbit
- name: foreman
- name: freeipa
- name: galera
diff --git a/jenkins/client/job/salt-models/tests.yml b/jenkins/client/job/salt-models/tests.yml
index fc1fc5f..e60fe22 100644
--- a/jenkins/client/job/salt-models/tests.yml
+++ b/jenkins/client/job/salt-models/tests.yml
@@ -64,6 +64,12 @@
MAX_CPU_PER_JOB:
type: string
default: "2"
+ RECLASS_IGNORE_CLASS_NOTFOUND:
+ type: boolean
+ default: "{{reclass_ignore_class_notfound}}"
+ LEGACY_TEST_MODE:
+ type: boolean
+ default: "{{legacy_test_mode}}"
test_system_reclass:
name: test-salt-model-{{name}}
template:
@@ -196,3 +202,9 @@
MAX_CPU_PER_JOB:
type: string
default: "2"
+ RECLASS_IGNORE_CLASS_NOTFOUND:
+ type: boolean
+ default: "false"
+ LEGACY_TEST_MODE:
+ type: boolean
+ default: "false"
diff --git a/keystone/server/cluster.yml b/keystone/server/cluster.yml
index 0c79462..cbe89ca 100644
--- a/keystone/server/cluster.yml
+++ b/keystone/server/cluster.yml
@@ -4,6 +4,8 @@
- system.haproxy.proxy.listen.openstack.keystone
- system.haproxy.proxy.listen.openstack.keystone.standalone
parameters:
+ _param:
+ keystone_tokens_expiration: 3600
linux:
system:
package:
@@ -35,7 +37,7 @@
user: keystone
tokens:
engine: fernet
- expiration: 3600
+ expiration: ${_param:keystone_tokens_expiration}
max_active_keys: 3
location: /var/lib/keystone/fernet-keys
credential:
diff --git a/keystone/server/single.yml b/keystone/server/single.yml
index c35ef73..16c26ca 100644
--- a/keystone/server/single.yml
+++ b/keystone/server/single.yml
@@ -7,6 +7,7 @@
mysql_admin_user: root
mysql_admin_password: password
mysql_keystone_password: password
+ keystone_tokens_expiration: 3600
linux:
system:
package:
@@ -38,7 +39,7 @@
user: keystone
tokens:
engine: fernet
- expiration: 3600
+ expiration: ${_param:keystone_tokens_expiration}
max_active_keys: 3
location: /var/lib/keystone/fernet-keys
credential:
diff --git a/keystone/server/wsgi.yml b/keystone/server/wsgi.yml
index 1a949e9..f62c1cc 100644
--- a/keystone/server/wsgi.yml
+++ b/keystone/server/wsgi.yml
@@ -18,7 +18,7 @@
log:
custom:
format: >-
- %v:%p %h %l %u %t \"%r\" %>s %D %O \"%{Referer}i\" \"%{User-Agent}i\"
+ %v:%p %{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %D %O \"%{Referer}i\" \"%{User-Agent}i\"
modules:
- wsgi
diff --git a/maas/region/single.yml b/maas/region/single.yml
index d3227ca..2bf9469 100644
--- a/maas/region/single.yml
+++ b/maas/region/single.yml
@@ -1,5 +1,6 @@
classes:
- service.maas.region.single
+ - service.maas.cluster.single
- service.maas.region.vendor_repo
parameters:
_param:
diff --git a/neutron/compute/nfv/dpdk.yml b/neutron/compute/nfv/dpdk.yml
index 90f9095..3f05d53 100644
--- a/neutron/compute/nfv/dpdk.yml
+++ b/neutron/compute/nfv/dpdk.yml
@@ -1,6 +1,4 @@
parameters:
- _param:
- compute_dpdk_driver: uio
linux:
network:
bridge: openvswitch
diff --git a/neutron/control/cluster.yml b/neutron/control/cluster.yml
index 9beed6b..47928b6 100644
--- a/neutron/control/cluster.yml
+++ b/neutron/control/cluster.yml
@@ -3,6 +3,7 @@
- service.haproxy.proxy.single
- service.neutron.control.cluster
- system.haproxy.proxy.listen.openstack.neutron
+- system.galera.server.database.neutron
parameters:
linux:
system:
@@ -10,20 +11,6 @@
python-pymysql:
fromrepo: ${_param:openstack_version}
version: latest
- mysql:
- server:
- database:
- neutron:
- encoding: utf8
- users:
- - name: neutron
- password: ${_param:mysql_neutron_password}
- host: '%'
- rights: all
- - name: neutron
- password: ${_param:mysql_neutron_password}
- host: ${_param:cluster_local_address}
- rights: all
haproxy:
proxy:
listen:
diff --git a/neutron/control/opencontrail/cluster.yml b/neutron/control/opencontrail/cluster.yml
index caaaf6d..d85e554 100644
--- a/neutron/control/opencontrail/cluster.yml
+++ b/neutron/control/opencontrail/cluster.yml
@@ -3,21 +3,8 @@
- service.haproxy.proxy.single
- service.neutron.control.cluster
- system.haproxy.proxy.listen.openstack.neutron
+- system.galera.server.database.neutron
parameters:
- mysql:
- server:
- database:
- neutron:
- encoding: utf8
- users:
- - name: neutron
- password: ${_param:mysql_neutron_password}
- host: '%'
- rights: all
- - name: neutron
- password: ${_param:mysql_neutron_password}
- host: ${_param:cluster_local_address}
- rights: all
neutron:
server:
dns_domain: ${_param:cluster_domain}
diff --git a/neutron/control/opencontrail/single.yml b/neutron/control/opencontrail/single.yml
index 0c2841b..4bbd8f8 100644
--- a/neutron/control/opencontrail/single.yml
+++ b/neutron/control/opencontrail/single.yml
@@ -1,20 +1,7 @@
classes:
- service.neutron.control.single
+- system.galera.server.database.neutron
parameters:
- mysql:
- server:
- database:
- neutron:
- encoding: utf8
- users:
- - name: neutron
- password: ${_param:mysql_neutron_password}
- host: '%'
- rights: all
- - name: neutron
- password: ${_param:mysql_neutron_password}
- host: ${_param:cluster_local_address}
- rights: all
neutron:
server:
dns_domain: ${_param:cluster_domain}
diff --git a/neutron/control/openvswitch/cluster.yml b/neutron/control/openvswitch/cluster.yml
index c840e9a..54db248 100644
--- a/neutron/control/openvswitch/cluster.yml
+++ b/neutron/control/openvswitch/cluster.yml
@@ -2,6 +2,7 @@
- service.keepalived.cluster.single
- service.haproxy.proxy.single
- service.neutron.control.cluster
+- system.galera.server.database.neutron
parameters:
_param:
neutron_control_dvr: True
@@ -37,20 +38,6 @@
- host: ${_param:openstack_message_queue_node01_address}
- host: ${_param:openstack_message_queue_node02_address}
- host: ${_param:openstack_message_queue_node03_address}
- mysql:
- server:
- database:
- neutron:
- encoding: utf8
- users:
- - name: neutron
- password: ${_param:mysql_neutron_password}
- host: '%'
- rights: all
- - name: neutron
- password: ${_param:mysql_neutron_password}
- host: ${_param:cluster_local_address}
- rights: all
haproxy:
proxy:
listen:
diff --git a/neutron/control/openvswitch/single.yml b/neutron/control/openvswitch/single.yml
index 1b830f6..bdc050d 100644
--- a/neutron/control/openvswitch/single.yml
+++ b/neutron/control/openvswitch/single.yml
@@ -1,5 +1,6 @@
classes:
- service.neutron.control.single
+- system.galera.server.database.neutron
parameters:
_param:
neutron_control_dvr: True
@@ -33,17 +34,3 @@
message_queue:
members:
- host: ${_param:openstack_message_queue_node01_address}
- mysql:
- server:
- database:
- neutron:
- encoding: utf8
- users:
- - name: neutron
- password: ${_param:mysql_neutron_password}
- host: '%'
- rights: all
- - name: neutron
- password: ${_param:mysql_neutron_password}
- host: ${_param:cluster_local_address}
- rights: all
\ No newline at end of file
diff --git a/neutron/control/single.yml b/neutron/control/single.yml
index e412f36..7f02325 100644
--- a/neutron/control/single.yml
+++ b/neutron/control/single.yml
@@ -1,5 +1,6 @@
classes:
- service.neutron.control.single
+- system.galera.server.database.neutron
parameters:
linux:
system:
@@ -11,18 +12,3 @@
server:
database:
host: ${_param:single_address}
- mysql:
- server:
- database:
- neutron:
- encoding: utf8
- users:
- - name: neutron
- password: ${_param:mysql_neutron_password}
- host: '%'
- rights: all
- - name: neutron
- password: ${_param:mysql_neutron_password}
- host: ${_param:single_address}
- rights: all
-
diff --git a/openssh/server/team/members/pruzicka.yml b/openssh/server/team/members/pruzicka.yml
new file mode 100644
index 0000000..93aca1f
--- /dev/null
+++ b/openssh/server/team/members/pruzicka.yml
@@ -0,0 +1,20 @@
+parameters:
+ linux:
+ system:
+ user:
+ pruzicka:
+ enabled: true
+ name: pruzicka
+ sudo: ${_param:linux_system_user_sudo}
+ full_name: Petr Ruzicka
+ home: /home/pruzicka
+ email: pruzicka@mirantis.com
+ openssh:
+ server:
+ enabled: true
+ user:
+ pruzicka:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDG5m9Wwd2XIaG6iFrsH4BanLDUPpgeAy8o573iB8uqEe1vEp6IMCID5hL7+JUjRX7TGJ9B3QskgAenE50w0yTCqu+oIVXOfzYCbcOAI/Pestv7RDGwciLCX3wdtSYU1dW5Zl8mtH4LMGpBtAG1nAKP1suqXWHUr92bzrYeMicuTADvOYFLxAOVcAEXwBrRUYsy+wTF4ROSZRzE8HLwYAzSngmFqKyW1tj/nLEGTZGWcIYkXDfWR/TW1neP6svaUV6nFLXnj3pRP7KNSK8iil8YuMyT+YGz2f3971967woAAqvSOtF3Rh2f4PLGcNwsMd1tjqMIVvIlI7Lo4UsIA9AZ pruzicka@mirantis.com
+ user: ${linux:system:user:pruzicka}
diff --git a/openssh/server/team/services.yml b/openssh/server/team/services.yml
index 9fb36c9..8f15552 100644
--- a/openssh/server/team/services.yml
+++ b/openssh/server/team/services.yml
@@ -4,6 +4,7 @@
- system.openssh.server.team.members.pmichalec
- system.openssh.server.team.members.pcizinsky
- system.openssh.server.team.members.lmercl
+- system.openssh.server.team.members.pruzicka
- system.openssh.server.team.members.korlowska
- system.openssh.server.team.members.miwinski
- system.openssh.server.team.members.mlos
diff --git a/salt/control/virt.yml b/salt/control/virt.yml
index 6ed8537..7556dc9 100644
--- a/salt/control/virt.yml
+++ b/salt/control/virt.yml
@@ -45,3 +45,6 @@
xxxlarge:
- system:
size: 500000
+ xxxxlarge:
+ - system:
+ size: 700000
diff --git a/salt/master/formula/git/openstack.yml b/salt/master/formula/git/openstack.yml
index 9173a4a..3472f2e 100644
--- a/salt/master/formula/git/openstack.yml
+++ b/salt/master/formula/git/openstack.yml
@@ -12,6 +12,10 @@
# source: git
# address: '${_param:salt_master_environment_repository}/salt-formula-avinetworks.git'
# revision: ${_param:salt_master_environment_revision}
+ barbican:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-barbican.git'
+ revision: ${_param:salt_master_environment_revision}
billometer:
source: git
address: '${_param:salt_master_environment_repository}/salt-formula-billometer.git'
diff --git a/salt/master/formula/pkg/openstack.yml b/salt/master/formula/pkg/openstack.yml
index 827f096..663572b 100644
--- a/salt/master/formula/pkg/openstack.yml
+++ b/salt/master/formula/pkg/openstack.yml
@@ -10,6 +10,9 @@
#avinetworks:
# source: pkg
# name: salt-formula-avinetworks
+ barbican:
+ source: pkg
+ name: salt-formula-barbican
billometer:
source: pkg
name: salt-formula-billometer