Merge "Use PostgreSQL as DataSource in Rundeck by default"
diff --git a/aptly/server/docker.yml b/aptly/server/docker.yml
index ee8f4a2..3fa0a8e1 100644
--- a/aptly/server/docker.yml
+++ b/aptly/server/docker.yml
@@ -20,7 +20,6 @@
root_dir: /srv/volumes/aptly
no_config: true
gpg:
- keyring: .gnupg/trustdb.gpg
keypair_id: ${_param:aptly_gpg_keypair_id}
public_key: ${_param:aptly_gpg_public_key}
private_key: ${_param:aptly_gpg_private_key}
diff --git a/devops_portal/service/security_monkey.yml b/devops_portal/service/security_monkey.yml
index 3638e56..ba5fe81 100644
--- a/devops_portal/service/security_monkey.yml
+++ b/devops_portal/service/security_monkey.yml
@@ -8,3 +8,6 @@
address: ${_param:haproxy_security_monkey_bind_host}
port: ${_param:haproxy_security_monkey_bind_port}
https: ${_param:haproxy_security_monkey_ssl:enabled}
+ credentials:
+ username: ${_param:security_monkey_user}
+ password: ${_param:security_monkey_password}
diff --git a/docker/swarm/stack/devops_portal.yml b/docker/swarm/stack/devops_portal.yml
index c894d33..91bca12 100644
--- a/docker/swarm/stack/devops_portal.yml
+++ b/docker/swarm/stack/devops_portal.yml
@@ -1,7 +1,7 @@
parameters:
_param:
docker_devops_portal_replicas: 1
- docker_image_devops_portal: docker-sandbox.sandbox.mirantis.net/ikharin/oss/devops-portal:latest
+ docker_image_devops_portal: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/devops-portal:latest
docker:
client:
stack:
diff --git a/docker/swarm/stack/postgresql.yml b/docker/swarm/stack/postgresql.yml
index bdad6fb..7ae4052 100644
--- a/docker/swarm/stack/postgresql.yml
+++ b/docker/swarm/stack/postgresql.yml
@@ -1,7 +1,7 @@
parameters:
_param:
docker_postgresql_replicas: 1
- docker_image_postgresql: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/postgresql:latest
+ docker_image_postgresql: library/postgres:9.6
postgresql_admin_user: postgres
postgresql_admin_user_password: postgrespassword
docker:
diff --git a/docker/swarm/stack/security_monkey.yml b/docker/swarm/stack/security_monkey.yml
index 479b028..b3b4074 100644
--- a/docker/swarm/stack/security_monkey.yml
+++ b/docker/swarm/stack/security_monkey.yml
@@ -2,9 +2,22 @@
_param:
docker_security_monkey_api_replicas: 1
docker_security_monkey_scheduler_replicas: 1
- docker_image_security_monkey_api: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/security-monkey-api:3842.6
- docker_image_security_monkey_scheduler: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/security-monkey-scheduler:3842.6
+ docker_image_security_monkey_api: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/security-monkey-api:4435
+ docker_image_security_monkey_scheduler: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/security-monkey-scheduler:4435
security_monkey_db: secmonkey
+ notification_service_url: ${_param:haproxy_pushkin_bind_host}:${_param:haproxy_pushkin_bind_port}/post_notification_json
+ security_monkey_user: devopsportal@devopsportal.local
+ security_monkey_password: devopsportal
+ security_monkey_role: Justify
+ security_monkey_openstack:
+ os_account_id: mcp_cloud
+ os_account_name: mcp_cloud
+ username: ""
+ password: ""
+ auth_url: ""
+ project_domain_name: Default
+ project_name: admin
+ user_domain_name: Default
docker:
client:
stack:
@@ -14,6 +27,18 @@
SECURITY_MONKEY_POSTGRES_PASSWORD: ${_param:secmonkey_db_user_password}
SECURITY_MONKEY_POSTGRES_HOST: ${_param:secmonkey_db_host}
SECURITY_MONKEY_POSTGRES_PORT: ${_param:haproxy_postgresql_bind_port}
+ NOTIFICATIONS_SERVICE_URL: ${_param:notification_service_url}
+ DEFAULT_USER: ${_param:security_monkey_user}
+ DEFAULT_PASSWORD: ${_param:security_monkey_password}
+ DEFAULT_ROLE: ${_param:security_monkey_role}
+ OS_ACCOUNT_ID: ${_param:security_monkey_openstack:os_account_id}
+ OS_ACCOUNT_NAME: ${_param:security_monkey_openstack:os_account_name}
+ OS_USERNAME: ${_param:security_monkey_openstack:username}
+ OS_PASSWORD: ${_param:security_monkey_openstack:password}
+ OS_AUTH_URL: ${_param:security_monkey_openstack:auth_url}
+ OS_PROJECT_DOMAIN_NAME: ${_param:security_monkey_openstack:project_domain_name}
+ OS_PROJECT_NAME: ${_param:security_monkey_openstack:project_name}
+ USER_DOMAIN_NAME: ${_param:security_monkey_openstack:user_domain_name}
service:
api:
image: ${_param:docker_image_security_monkey_api}
@@ -24,7 +49,7 @@
ports:
- ${_param:haproxy_security_monkey_exposed_port}:${_param:haproxy_security_monkey_bind_port}
volumes:
- - /srv/volumes/security_monkey:/var/log/security_monkey
+ - /srv/volumes/security_monkey/logs:/var/log/security_monkey/logs
scheduler:
image: ${_param:docker_image_security_monkey_scheduler}
deploy:
@@ -32,4 +57,4 @@
restart_policy:
condition: any
volumes:
- - /srv/volumes/security_monkey:/var/log/security_monkey
\ No newline at end of file
+ - /srv/volumes/security_monkey/logs:/var/log/security_monkey/logs
\ No newline at end of file
diff --git a/galera/server/database/designate.yml b/galera/server/database/designate.yml
new file mode 100644
index 0000000..107e3ae
--- /dev/null
+++ b/galera/server/database/designate.yml
@@ -0,0 +1,26 @@
+parameters:
+ mysql:
+ server:
+ database:
+ designate:
+ encoding: utf8
+ users:
+ - name: designate
+ password: ${_param:mysql_designate_password}
+ host: '%'
+ rights: all
+ - name: designate
+ password: ${_param:mysql_designate_password}
+ host: ${_param:cluster_vip_address}
+ rights: all
+ designate_pool_manager:
+ encoding: utf8
+ users:
+ - name: designate
+ password: ${_param:mysql_designate_password}
+ host: '%'
+ rights: all
+ - name: designate
+ password: ${_param:mysql_designate_password}
+ host: ${_param:cluster_vip_address}
+ rights: all
diff --git a/jenkins/client/job/deploy/lab/mk/init.yml b/jenkins/client/job/deploy/lab/mk/init.yml
index 9e988ba..e67ca3f 100644
--- a/jenkins/client/job/deploy/lab/mk/init.yml
+++ b/jenkins/client/job/deploy/lab/mk/init.yml
@@ -94,7 +94,13 @@
OPENSTACK_API_VERSION:
type: string
default: "2"
- OPENSTACK_API_PROJECT_DOMAIN_ID:
+ OPENSTACK_API_PROJECT_DOMAIN:
+ type: string
+ default: "default"
+ OPENSTACK_API_PROJECT_ID:
+ type: string
+ default: ""
+ OPENSTACK_USER_DOMAIN:
type: string
default: "default"
OPENSTACK_API_USER_DOMAIN_ID:
diff --git a/jenkins/client/job/salt-models/generate.yml b/jenkins/client/job/salt-models/generate.yml
index 697ab51..f88c54d 100644
--- a/jenkins/client/job/salt-models/generate.yml
+++ b/jenkins/client/job/salt-models/generate.yml
@@ -44,3 +44,6 @@
default: false
EMAIL_ADDRESS:
type: string
+ TEST_MODEL:
+ type: boolean
+ default: true
diff --git a/jenkins/client/job/salt-models/tests.yml b/jenkins/client/job/salt-models/tests.yml
index e4b573d..8837573 100644
--- a/jenkins/client/job/salt-models/tests.yml
+++ b/jenkins/client/job/salt-models/tests.yml
@@ -96,3 +96,41 @@
DEFAULT_GIT_REF:
type: string
default: master
+ test_salt_model_cookiecutter:
+ name: test-salt-model-cookiecutter-{{cookiecutter_template}}
+ jobs:
+ - cookiecutter_template: cookiecutter-template
+ template:
+ type: workflow-scm
+ concurrent: true
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+ credentials: "jenkins-mk"
+ script: test-cookiecutter-reclass.groovy
+ trigger:
+ gerrit:
+ project:
+ mk/{{cookiecutter_template}}:
+ branches:
+ - master
+ event:
+ comment:
+ - addedContains:
+ commentAddedCommentContains: '(recheck|reverify)'
+ param:
+ COOKIECUTTER_TEMPLATE_URL:
+ type: string
+ default: "${_param:jenkins_gerrit_url}/mk/{{cookiecutter_template}}"
+ CREDENTIALS_ID:
+ type: string
+ default: gerrit
+ COOKIECUTTER_TEMPLATE_BRANCH:
+ type: string
+ default: master
+ RECLASS_MODEL_URL:
+ type: string
+ default: "${_param:jenkins_gerrit_url}/salt-models/reclass-system"
+ RECLASS_MODEL_BRANCH:
+ type: string
+ default: master
diff --git a/jenkins/slave/docker.yml b/jenkins/slave/docker.yml
index ea3639b..ddf997b 100644
--- a/jenkins/slave/docker.yml
+++ b/jenkins/slave/docker.yml
@@ -15,4 +15,13 @@
hosts:
- ALL
commands:
- - /usr/bin/docker
\ No newline at end of file
+ - /usr/bin/docker
+ docker:
+ client:
+ network:
+ docker_gwbridge:
+ subnet: 10.20.0.0/16
+ opt:
+ com.docker.network.bridge.name: docker_gwbridge
+ com.docker.network.bridge.enable_icc: false
+ com.docker.network.bridge.enable_ip_masquerade: true
\ No newline at end of file
diff --git a/linux/system/single.yml b/linux/system/single.yml
index 2c538f5..ef23a39 100644
--- a/linux/system/single.yml
+++ b/linux/system/single.yml
@@ -57,3 +57,8 @@
- type: hard
item: nproc
value: 307200
+ systemd:
+ system:
+ Manager:
+ DefaultLimitNOFILE: 307200
+ DefaultLimitNPROC: 307200
diff --git a/postgresql/client/pushkin.yml b/postgresql/client/pushkin.yml
index d768464..c6ec567 100644
--- a/postgresql/client/pushkin.yml
+++ b/postgresql/client/pushkin.yml
@@ -14,10 +14,13 @@
enabled: true
encoding: 'UTF8'
locale: 'en_US'
- template: 'hstore_enabled'
users:
- name: ${_param:pushkin_db_user}
password: ${_param:pushkin_db_user_password}
host: ${_param:pushkin_db_host}
createdb: true
rights: all privileges
+ extension:
+ hstore:
+ enabled: true
+