Merge "Change mongodb port for JanitorMonkey"
diff --git a/aodh/server/cluster.yml b/aodh/server/cluster.yml
index f9b8682..c458c2c 100644
--- a/aodh/server/cluster.yml
+++ b/aodh/server/cluster.yml
@@ -1,5 +1,6 @@
classes:
- service.aodh.server.cluster
+- system.aodh.upgrade
- system.salt.minion.cert.mysql.clients.openstack.aodh
- service.haproxy.proxy.single
- system.haproxy.proxy.listen.openstack.aodh
diff --git a/aodh/server/single.yml b/aodh/server/single.yml
index c231be6..3f2ea75 100644
--- a/aodh/server/single.yml
+++ b/aodh/server/single.yml
@@ -1,5 +1,6 @@
classes:
- service.aodh.server.single
+- system.aodh.upgrade
- system.salt.minion.cert.mysql.clients.openstack.aodh
- system.salt.minion.cert.rabbitmq.clients.openstack.aodh
parameters:
diff --git a/aodh/upgrade/init.yml b/aodh/upgrade/init.yml
new file mode 100644
index 0000000..fe99afa
--- /dev/null
+++ b/aodh/upgrade/init.yml
@@ -0,0 +1,6 @@
+parameters:
+ aodh:
+ upgrade:
+ enabled: ${_param:aodh_upgrade_enabled}
+ old_release: ${_param:aodh_old_version}
+ new_release: ${_param:aodh_version}
\ No newline at end of file
diff --git a/apache/server/site/horizon.yml b/apache/server/site/horizon.yml
index 2a3b098..5cfca1e 100644
--- a/apache/server/site/horizon.yml
+++ b/apache/server/site/horizon.yml
@@ -3,10 +3,12 @@
apache_ssl:
enabled: false
apache_horizon_ssl: ${_param:apache_ssl}
- apache_horizon_api_address: ${_param:single_address}
+ apache_horizon_api_address: ${_param:horizon_server_bind_address}
apache_horizon_api_host: ${linux:network:fqdn}
apache:
server:
+ bind:
+ listen_default_ports: false
enabled: true
default_mpm: event
modules:
diff --git a/barbican/client/init.yml b/barbican/client/init.yml
new file mode 100644
index 0000000..716242d
--- /dev/null
+++ b/barbican/client/init.yml
@@ -0,0 +1,4 @@
+parameters:
+ barbican:
+ client:
+ enabled: True
\ No newline at end of file
diff --git a/barbican/client/v1/init.yml b/barbican/client/v1/init.yml
new file mode 100644
index 0000000..c582343
--- /dev/null
+++ b/barbican/client/v1/init.yml
@@ -0,0 +1,5 @@
+barbican:
+ client:
+ resources:
+ v1:
+ enabled: true
\ No newline at end of file
diff --git a/barbican/client/v1/octavia.yml b/barbican/client/v1/octavia.yml
new file mode 100644
index 0000000..931bef0
--- /dev/null
+++ b/barbican/client/v1/octavia.yml
@@ -0,0 +1,26 @@
+classes:
+- system.barbican.client
+- system.barbican.client.v1
+- system.keystone.client.os_client_config.octavia_identity
+
+parameters:
+ _param:
+ octavia_image_cert_file: '/etc/octavia/certs/image.crt'
+
+ barbican:
+ client:
+ resources:
+ v1:
+ cloud_name: octavia_identity
+ secrets:
+ OctaviaAmphoraSecret:
+ type: certificate
+ algorithm: RSA
+ payload_content_type: application/octet-stream
+ payload_content_encoding: base64
+ payload_path: ${_param:octavia_image_cert_file}
+ encodeb64_payload: true
+ acl:
+ OctaviaAmphoraSecret:
+ octavia:
+ enabled: True
diff --git a/barbican/client/v1/signed_images/octavia.yml b/barbican/client/v1/signed_images/octavia.yml
new file mode 100644
index 0000000..c348674
--- /dev/null
+++ b/barbican/client/v1/signed_images/octavia.yml
@@ -0,0 +1,17 @@
+parameters:
+ _param:
+ octavia_image_cert_key: '/etc/octavia/certs/image.key'
+ amphora_image_name: "amphora-x64-haproxy"
+
+
+ barbican:
+ client:
+ signed_images:
+ v1:
+ enabled: true
+ images:
+ OctaviaAmphora:
+ secret_name: 'OctaviaAmphoraSecret'
+ cert_key: ${_param:octavia_image_cert_key}
+ name: ${_param:amphora_image_name}
+ cloud_name: octavia_identity
\ No newline at end of file
diff --git a/barbican/server/single.yml b/barbican/server/single.yml
index 4e8ef26..c1ef15e 100644
--- a/barbican/server/single.yml
+++ b/barbican/server/single.yml
@@ -1,5 +1,6 @@
classes:
- service.barbican.server.single
+- system.barbican.upgrade
- system.salt.minion.cert.mysql.clients.openstack.barbican
- system.salt.minion.cert.rabbitmq.clients.openstack.barbican
parameters:
diff --git a/barbican/upgrade/init.yml b/barbican/upgrade/init.yml
new file mode 100644
index 0000000..39276e5
--- /dev/null
+++ b/barbican/upgrade/init.yml
@@ -0,0 +1,6 @@
+parameters:
+ barbican:
+ upgrade:
+ enabled: ${_param:barbican_upgrade_enabled}
+ old_release: ${_param:barbican_old_version}
+ new_release: ${_param:barbican_version}
\ No newline at end of file
diff --git a/ceilometer/agent/cluster.yml b/ceilometer/agent/cluster.yml
index 681e990..6bb4e71 100644
--- a/ceilometer/agent/cluster.yml
+++ b/ceilometer/agent/cluster.yml
@@ -1,5 +1,6 @@
classes:
- service.ceilometer.agent.cluster
+- system.ceilometer.upgrade
- system.salt.minion.cert.rabbitmq.clients.openstack.ceilometer
parameters:
ceilometer:
diff --git a/ceilometer/agent/single.yml b/ceilometer/agent/single.yml
index ada8cd5..037bb4e 100644
--- a/ceilometer/agent/single.yml
+++ b/ceilometer/agent/single.yml
@@ -1,5 +1,6 @@
classes:
- service.ceilometer.agent.single
+- system.ceilometer.upgrade
- system.salt.minion.cert.rabbitmq.clients.openstack.ceilometer
parameters:
ceilometer:
diff --git a/ceilometer/agent/telemetry/cluster.yml b/ceilometer/agent/telemetry/cluster.yml
index 73f6d5a..26f9a68 100644
--- a/ceilometer/agent/telemetry/cluster.yml
+++ b/ceilometer/agent/telemetry/cluster.yml
@@ -1,5 +1,6 @@
classes:
- service.ceilometer.agent.cluster.common
+- system.ceilometer.upgrade
- system.salt.minion.cert.rabbitmq.clients.openstack.ceilometer
parameters:
ceilometer:
diff --git a/ceilometer/agent/telemetry/single.yml b/ceilometer/agent/telemetry/single.yml
index c86bee4..36f2f08 100644
--- a/ceilometer/agent/telemetry/single.yml
+++ b/ceilometer/agent/telemetry/single.yml
@@ -1,5 +1,6 @@
classes:
- service.ceilometer.agent.single.common
+- system.ceilometer.upgrade
- system.salt.minion.cert.rabbitmq.clients.openstack.ceilometer
parameters:
ceilometer:
diff --git a/ceilometer/client/init.yml b/ceilometer/client/init.yml
index 5a0aaa0..ff75932 100644
--- a/ceilometer/client/init.yml
+++ b/ceilometer/client/init.yml
@@ -3,4 +3,5 @@
- system.ceilometer.client.keystone
- system.ceilometer.client.glance
- system.ceilometer.client.heat
-- system.ceilometer.client.nova_control
\ No newline at end of file
+- system.ceilometer.client.nova_control
+- system.ceilometer.upgrade
\ No newline at end of file
diff --git a/ceilometer/server/cluster.yml b/ceilometer/server/cluster.yml
index 5e3c9a2..0704a2b 100644
--- a/ceilometer/server/cluster.yml
+++ b/ceilometer/server/cluster.yml
@@ -1,6 +1,7 @@
# This class is deprecated since Openstack Pike
classes:
- service.ceilometer.server.cluster
+- system.ceilometer.upgrade
- service.haproxy.proxy.single
- system.haproxy.proxy.listen.openstack.ceilometer
- system.keepalived.cluster.instance.openstack_telemetry_vip
diff --git a/ceilometer/server/single.yml b/ceilometer/server/single.yml
index 9045f68..eeadcc0 100644
--- a/ceilometer/server/single.yml
+++ b/ceilometer/server/single.yml
@@ -1,5 +1,6 @@
classes:
- service.ceilometer.server.single
+- system.ceilometer.upgrade
- system.salt.minion.cert.rabbitmq.clients.openstack.ceilometer
parameters:
ceilometer:
diff --git a/ceilometer/server/telemetry/cluster.yml b/ceilometer/server/telemetry/cluster.yml
index 81f6c38..c7d2686 100644
--- a/ceilometer/server/telemetry/cluster.yml
+++ b/ceilometer/server/telemetry/cluster.yml
@@ -1,6 +1,7 @@
# This class intended to be used since Openstack Pike release
classes:
- service.ceilometer.server.cluster.common
+- system.ceilometer.upgrade
- system.keepalived.cluster.instance.openstack_telemetry_vip
- system.salt.minion.cert.rabbitmq.clients.openstack.ceilometer
parameters:
diff --git a/ceilometer/server/telemetry/single.yml b/ceilometer/server/telemetry/single.yml
index 66b9431..1724277 100644
--- a/ceilometer/server/telemetry/single.yml
+++ b/ceilometer/server/telemetry/single.yml
@@ -1,5 +1,6 @@
classes:
- service.ceilometer.server.single.common
+- system.ceilometer.upgrade
- system.salt.minion.cert.rabbitmq.clients.openstack.ceilometer
parameters:
ceilometer:
diff --git a/ceilometer/upgrade/init.yml b/ceilometer/upgrade/init.yml
new file mode 100644
index 0000000..c4cb18e
--- /dev/null
+++ b/ceilometer/upgrade/init.yml
@@ -0,0 +1,6 @@
+parameters:
+ ceilometer:
+ upgrade:
+ enabled: ${_param:ceilometer_upgrade_enabled}
+ old_release: ${_param:ceilometer_old_version}
+ new_release: ${_param:ceilometer_version}
\ No newline at end of file
diff --git a/ceph/rgw/cluster.yml b/ceph/rgw/cluster.yml
index 31aae9a..82c9041 100644
--- a/ceph/rgw/cluster.yml
+++ b/ceph/rgw/cluster.yml
@@ -1,5 +1,5 @@
classes:
- system.haproxy.proxy.single
- system.haproxy.proxy.listen.radosgw
-- service.keepalived.cluster.single
+- system.keepalived.cluster.instance.ceph_rgw_vip
- service.ceph.radosgw.cluster
diff --git a/cinder/control/cluster.yml b/cinder/control/cluster.yml
index 8528bc6..7f8e2d7 100644
--- a/cinder/control/cluster.yml
+++ b/cinder/control/cluster.yml
@@ -1,5 +1,6 @@
classes:
- service.cinder.control.cluster_control
+- system.cinder.upgrade
- service.haproxy.proxy.single
- service.keepalived.cluster.single
- system.haproxy.proxy.listen.openstack.cinder
diff --git a/cinder/control/single.yml b/cinder/control/single.yml
index 890a5ea..b8f670d 100644
--- a/cinder/control/single.yml
+++ b/cinder/control/single.yml
@@ -1,5 +1,6 @@
classes:
- service.cinder.control.single
+- system.cinder.upgrade
- system.salt.minion.cert.mysql.clients.openstack.cinder
- system.salt.minion.cert.rabbitmq.clients.openstack.cinder
parameters:
diff --git a/cinder/upgrade/init.yml b/cinder/upgrade/init.yml
new file mode 100644
index 0000000..1a3cbcc
--- /dev/null
+++ b/cinder/upgrade/init.yml
@@ -0,0 +1,6 @@
+parameters:
+ cinder:
+ upgrade:
+ enabled: ${_param:cinder_upgrade_enabled}
+ old_release: ${_param:cinder_old_version}
+ new_release: ${_param:cinder_version}
\ No newline at end of file
diff --git a/cinder/volume/local.yml b/cinder/volume/local.yml
index a71c1df..301946b 100644
--- a/cinder/volume/local.yml
+++ b/cinder/volume/local.yml
@@ -1,5 +1,6 @@
classes:
- service.cinder.volume.local
+- system.cinder.upgrade
- system.salt.minion.cert.mysql.clients.openstack.cinder
- system.salt.minion.cert.rabbitmq.clients.openstack.cinder
parameters:
diff --git a/cinder/volume/single.yml b/cinder/volume/single.yml
index ea29a32..9531aa4 100644
--- a/cinder/volume/single.yml
+++ b/cinder/volume/single.yml
@@ -1,5 +1,6 @@
classes:
- service.cinder.volume.single
+- system.cinder.upgrade
- system.salt.minion.cert.mysql.clients.openstack.cinder
- system.salt.minion.cert.rabbitmq.clients.openstack.cinder
parameters:
diff --git a/defaults/docker_images.yml b/defaults/docker_images.yml
index 91f8d2c..fa13bdf 100644
--- a/defaults/docker_images.yml
+++ b/defaults/docker_images.yml
@@ -36,7 +36,7 @@
docker_image_remote_storage_adapter: "${_param:mcp_docker_registry}/openstack-docker/remote_storage_adapter:${_param:mcp_version}"
docker_image_sf_notifier: "${_param:mcp_docker_registry}/openstack-docker/sf_notifier:${_param:mcp_version}"
##
- docker_image_cockroachdb: "${_param:mcp_docker_registry}/mirantis/external/cockroach:v2.1.1"
+ docker_image_cockroachdb: "${_param:mcp_docker_registry}/mirantis/external/cockroach/cockroach:v2.1.1"
# keycloak
docker_image_keycloak_server: "${_param:mcp_docker_registry}/mirantis/external/jboss/keycloak:4.5.0.Final"
docker_image_keycloak_proxy: "${_param:mcp_docker_registry}/mirantis/external/jboss/keycloak:3.4.2.Final"
diff --git a/defaults/init.yml b/defaults/init.yml
index 2a595b4..e98e3ae 100644
--- a/defaults/init.yml
+++ b/defaults/init.yml
@@ -38,3 +38,4 @@
salt_minion_ca_host: cfg01.${_param:cluster_domain}
# Make sure this global variable is defined everywhere, where used it is already set on cluster level
cluster_public_host: '127.0.0.1'
+ single_address: '127.0.0.1'
diff --git a/defaults/keepalived/init.yml b/defaults/keepalived/init.yml
index 6d457e5..65c2c46 100644
--- a/defaults/keepalived/init.yml
+++ b/defaults/keepalived/init.yml
@@ -1,4 +1,4 @@
parameters:
_param:
keepalived_openstack_web_vrrp_script_check_pidof_args: "nginx"
- keepalived_galera_vrrp_script_check_pidof_args: "/usr/sbin/haproxy"
+ keepalived_vrrp_script_check_pidof_args: "/usr/sbin/haproxy"
diff --git a/defaults/openstack/init.yml b/defaults/openstack/init.yml
index 69ff618..b1f814c 100644
--- a/defaults/openstack/init.yml
+++ b/defaults/openstack/init.yml
@@ -19,35 +19,82 @@
openstack_memcache_security_strategy: 'ENCRYPT'
openstack_memcached_proto_tcp_enabled: True
openstack_memcached_proto_udp_enabled: False
+ openstack_old_version: ocata
+ openstack_version: ocata
+ openstack_upgrade_enabled: False
# Cinder
cinder_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
cinder_memcache_secret_key: ''
+ cinder_old_version: ${_param:openstack_old_version}
+ cinder_version: ${_param:openstack_version}
+ cinder_upgrade_enabled: ${_param:openstack_upgrade_enabled}
# Nova
nova_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
nova_memcache_secret_key: ''
+ nova_old_version: ${_param:openstack_old_version}
+ nova_version: ${_param:openstack_version}
+ nova_upgrade_enabled: ${_param:openstack_upgrade_enabled}
# Glance
glance_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
glance_memcache_secret_key: ''
+ glance_old_version: ${_param:openstack_old_version}
+ glance_version: ${_param:openstack_version}
+ glance_upgrade_enabled: ${_param:openstack_upgrade_enabled}
# Allow CORS from horizon, needed for direct upload
glance_cors_allowed_origin: '${_param:horizon_public_protocol}://${_param:horizon_public_host}'
# Heat
heat_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
heat_memcache_secret_key: ''
+ heat_old_version: ${_param:openstack_old_version}
+ heat_version: ${_param:openstack_version}
+ heat_upgrade_enabled: ${_param:openstack_upgrade_enabled}
# Aodh
aodh_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
aodh_memcache_secret_key: ''
+ aodh_old_version: ${_param:openstack_old_version}
+ aodh_version: ${_param:openstack_version}
+ aodh_upgrade_enabled: ${_param:openstack_upgrade_enabled}
+ # Ceilometer
+ ceilometer_old_version: ${_param:openstack_old_version}
+ ceilometer_version: ${_param:openstack_version}
+ ceilometer_upgrade_enabled: ${_param:openstack_upgrade_enabled}
# Gnocchi
gnocchi_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
gnocchi_memcache_secret_key: ''
+ gnocchi_old_version: 4.0
+ gnocchi_version: 4.0
+ gnocchi_upgrade_enabled: ${_param:openstack_upgrade_enabled}
# Panko
panko_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
panko_memcache_secret_key: ''
+ panko_old_version: ${_param:openstack_old_version}
+ panko_version: ${_param:openstack_version}
+ panko_upgrade_enabled: ${_param:openstack_upgrade_enabled}
# Barbican
barbican_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
barbican_memcache_secret_key: ''
+ barbican_old_version: ${_param:openstack_old_version}
+ barbican_version: ${_param:openstack_version}
+ barbican_upgrade_enabled: ${_param:openstack_upgrade_enabled}
+ # Designate
+ designate_old_version: ${_param:openstack_old_version}
+ designate_version: ${_param:openstack_version}
+ designate_upgrade_enabled: ${_param:openstack_upgrade_enabled}
# Ironic
ironic_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
ironic_memcache_secret_key: ''
+ # Keystone
+ keystone_old_version: ${_param:openstack_old_version}
+ keystone_version: ${_param:openstack_version}
+ keystone_upgrade_enabled: ${_param:openstack_upgrade_enabled}
+ # Manila
+ manila_old_version: ${_param:openstack_old_version}
+ manila_version: ${_param:openstack_version}
+ manila_upgrade_enabled: ${_param:openstack_upgrade_enabled}
+ # Neutron
+ neutron_old_version: ${_param:openstack_old_version}
+ neutron_version: ${_param:openstack_version}
+ neutron_upgrade_enabled: ${_param:openstack_upgrade_enabled}
# Apache mods defaults
apache_mods_status_enabled: True
apache_mods_status_status: 'disabled'
@@ -59,6 +106,10 @@
horizon_public_host: ${_param:cluster_public_host}
horizon_public_port: 443
horizon_public_protocol: https
+ horizon_server_bind_address: ${_param:single_address}
+ horizon_old_version: ${_param:openstack_old_version}
+ horizon_version: ${_param:openstack_version}
+ horizon_upgrade_enabled: ${_param:openstack_upgrade_enabled}
# HAproxy
haproxy_openstack_web_bind_port: ${_param:horizon_public_port}
#
diff --git a/designate/server/cluster/default.yml b/designate/server/cluster/default.yml
index ea53cb6..a7d6bb2 100644
--- a/designate/server/cluster/default.yml
+++ b/designate/server/cluster/default.yml
@@ -3,6 +3,7 @@
- service.haproxy.proxy.single
- system.haproxy.proxy.listen.openstack.designate
- service.designate.server.cluster
+- system.designate.upgrade
- system.salt.minion.cert.mysql.clients.openstack.designate
- system.salt.minion.cert.rabbitmq.clients.openstack.designate
parameters:
diff --git a/designate/server/cluster/simple.yml b/designate/server/cluster/simple.yml
index 6ab1013..ecf34c1 100644
--- a/designate/server/cluster/simple.yml
+++ b/designate/server/cluster/simple.yml
@@ -1,5 +1,6 @@
classes:
- service.designate.server.cluster
+- system.designate.upgrade
- system.salt.minion.cert.mysql.clients.openstack.designate
- system.salt.minion.cert.rabbitmq.clients.openstack.designate
parameters:
diff --git a/designate/server/single.yml b/designate/server/single.yml
index 10aac33..f054b0c 100644
--- a/designate/server/single.yml
+++ b/designate/server/single.yml
@@ -1,5 +1,6 @@
classes:
- service.designate.server.single
+- system.designate.upgrade
- system.salt.minion.cert.mysql.clients.openstack.designate
- system.salt.minion.cert.rabbitmq.clients.openstack.designate
parameters:
diff --git a/designate/upgrade/init.yml b/designate/upgrade/init.yml
new file mode 100644
index 0000000..28f6641
--- /dev/null
+++ b/designate/upgrade/init.yml
@@ -0,0 +1,6 @@
+parameters:
+ designate:
+ upgrade:
+ enabled: ${_param:designate_upgrade_enabled}
+ old_release: ${_param:designate_old_version}
+ new_release: ${_param:designate_version}
\ No newline at end of file
diff --git a/glance/client/init.yml b/glance/client/init.yml
index 305f9ba..c1590c7 100644
--- a/glance/client/init.yml
+++ b/glance/client/init.yml
@@ -1,3 +1,5 @@
+classes:
+ - system.glance.upgrade
parameters:
glance:
client:
diff --git a/glance/control/cluster.yml b/glance/control/cluster.yml
index d127aa3..a75f8c5 100644
--- a/glance/control/cluster.yml
+++ b/glance/control/cluster.yml
@@ -1,5 +1,6 @@
classes:
- service.glance.control.cluster
+- system.glance.upgrade
- service.keepalived.cluster.single
- service.haproxy.proxy.single
- system.haproxy.proxy.listen.openstack.glance
diff --git a/glance/control/single.yml b/glance/control/single.yml
index a22da65..694c395 100644
--- a/glance/control/single.yml
+++ b/glance/control/single.yml
@@ -1,5 +1,6 @@
classes:
- service.glance.control.single
+- system.glance.upgrade
- system.salt.minion.cert.mysql.clients.openstack.glance
- system.salt.minion.cert.rabbitmq.clients.openstack.glance
parameters:
diff --git a/glance/upgrade/init.yml b/glance/upgrade/init.yml
new file mode 100644
index 0000000..960ed4b
--- /dev/null
+++ b/glance/upgrade/init.yml
@@ -0,0 +1,6 @@
+parameters:
+ glance:
+ upgrade:
+ enabled: ${_param:glance_upgrade_enabled}
+ old_release: ${_param:glance_old_version}
+ new_release: ${_param:glance_version}
\ No newline at end of file
diff --git a/gnocchi/client/init.yml b/gnocchi/client/init.yml
index 2fcea87..bcef5d1 100644
--- a/gnocchi/client/init.yml
+++ b/gnocchi/client/init.yml
@@ -1,2 +1,3 @@
classes:
- service.gnocchi.client
+- system.gnocchi.upgrade
diff --git a/gnocchi/common/cluster.yml b/gnocchi/common/cluster.yml
index a841b56..b00ffa5 100644
--- a/gnocchi/common/cluster.yml
+++ b/gnocchi/common/cluster.yml
@@ -1,5 +1,6 @@
classes:
- service.gnocchi.common.cluster
+- system.gnocchi.upgrade
- system.salt.minion.cert.mysql.clients.openstack.gnocchi
parameters:
gnocchi:
diff --git a/gnocchi/common/single.yml b/gnocchi/common/single.yml
index b7d9d96..834db2f 100644
--- a/gnocchi/common/single.yml
+++ b/gnocchi/common/single.yml
@@ -1,5 +1,6 @@
classes:
- service.gnocchi.common.single
+- system.gnocchi.upgrade
- system.salt.minion.cert.mysql.clients.openstack.gnocchi
parameters:
gnocchi:
diff --git a/gnocchi/statsd/single.yml b/gnocchi/statsd/single.yml
index 4be519f..34722bb 100644
--- a/gnocchi/statsd/single.yml
+++ b/gnocchi/statsd/single.yml
@@ -1,2 +1,3 @@
classes:
-- service.gnocchi.statsd.single
\ No newline at end of file
+- service.gnocchi.statsd.single
+- system.gnocchi.upgrade
\ No newline at end of file
diff --git a/gnocchi/upgrade/init.yml b/gnocchi/upgrade/init.yml
new file mode 100644
index 0000000..c430188
--- /dev/null
+++ b/gnocchi/upgrade/init.yml
@@ -0,0 +1,6 @@
+parameters:
+ gnocchi:
+ upgrade:
+ enabled: ${_param:gnocchi_upgrade_enabled}
+ old_release: ${_param:gnocchi_old_version}
+ new_release: ${_param:gnocchi_version}
\ No newline at end of file
diff --git a/heat/client/init.yml b/heat/client/init.yml
index cb3ce4f..e0d999e 100644
--- a/heat/client/init.yml
+++ b/heat/client/init.yml
@@ -1,3 +1,5 @@
+classes:
+- system.heat.upgrade
parameters:
_param:
heat_data_revision: master
diff --git a/heat/server/cluster.yml b/heat/server/cluster.yml
index d442d82..1edf790 100644
--- a/heat/server/cluster.yml
+++ b/heat/server/cluster.yml
@@ -1,5 +1,6 @@
classes:
- service.heat.server.cluster
+- system.heat.upgrade
- service.haproxy.proxy.single
- service.keepalived.cluster.single
- system.haproxy.proxy.listen.openstack.heat
diff --git a/heat/server/single.yml b/heat/server/single.yml
index 2cef28a..24db595 100644
--- a/heat/server/single.yml
+++ b/heat/server/single.yml
@@ -1,5 +1,6 @@
classes:
- service.heat.server.single
+- system.heat.upgrade
- system.salt.minion.cert.mysql.clients.openstack.heat
- system.salt.minion.cert.rabbitmq.clients.openstack.heat
parameters:
diff --git a/heat/upgrade/init.yml b/heat/upgrade/init.yml
new file mode 100644
index 0000000..37c6343
--- /dev/null
+++ b/heat/upgrade/init.yml
@@ -0,0 +1,6 @@
+parameters:
+ heat:
+ upgrade:
+ enabled: ${_param:heat_upgrade_enabled}
+ old_release: ${_param:heat_old_version}
+ new_release: ${_param:heat_version}
\ No newline at end of file
diff --git a/horizon/server/cluster.yml b/horizon/server/cluster.yml
index 06a720c..837d9b5 100644
--- a/horizon/server/cluster.yml
+++ b/horizon/server/cluster.yml
@@ -1,6 +1,7 @@
classes:
- service.keepalived.cluster.single
- service.horizon.server.cluster
+- system.horizon.upgrade
- system.horizon.server.iptables
- service.haproxy.proxy.single
- system.apache.server.single
diff --git a/horizon/server/single.yml b/horizon/server/single.yml
index e1ceb2d..79783cc 100644
--- a/horizon/server/single.yml
+++ b/horizon/server/single.yml
@@ -1,5 +1,6 @@
classes:
- service.horizon.server.single
+- system.horizon.upgrade
- system.horizon.server.iptables
- system.apache.server.single
- system.memcached.server.single
@@ -11,7 +12,7 @@
server:
branding: ${_param:horizon_site_branding}
bind:
- address: 0.0.0.0
+ address: ${_param:horizon_server_bind_address}
port: 8078
plugin: {}
session:
diff --git a/horizon/upgrade/init.yml b/horizon/upgrade/init.yml
new file mode 100644
index 0000000..11e17b2
--- /dev/null
+++ b/horizon/upgrade/init.yml
@@ -0,0 +1,6 @@
+parameters:
+ horizon:
+ upgrade:
+ enabled: ${_param:horizon_upgrade_enabled}
+ old_release: ${_param:horizon_old_version}
+ new_release: ${_param:horizon_version}
\ No newline at end of file
diff --git a/jenkins/client/job/salt-models/generate.yml b/jenkins/client/job/salt-models/generate.yml
index 2500254..67f8747 100644
--- a/jenkins/client/job/salt-models/generate.yml
+++ b/jenkins/client/job/salt-models/generate.yml
@@ -1,2 +1,39 @@
-# This file will be removed in Q3
-# jobs was moved into salt-models/infra repo
+parameters:
+ jenkins:
+ client:
+ job_template:
+ generate-salt-model:
+ name: generate-salt-model-{{cookiecutter_template}}
+ param:
+ cookiecutter_template:
+ - separated-products
+ template:
+ type: workflow-scm
+ concurrent: true
+ discard:
+ build:
+ keep_days: 1
+ artifact:
+ keep_days: 1
+ display_name: "Generate reclass cluster {{cookiecutter_template}}"
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+ branch: "${_param:jenkins_pipelines_branch}"
+ credentials: "gerrit"
+ script: generate-cookiecutter-products.groovy
+ param:
+ # Cookiecutter
+ COOKIECUTTER_TEMPLATE_CONTEXT:
+ type: text
+ # Other
+ EMAIL_ADDRESS:
+ type: string
+ TEST_MODEL:
+ type: boolean
+ default: true
+ DISTRIB_REVISION:
+ type: string
+ default: 'proposed'
+ description: |-
+ "Those variable will be ignored, in case gerritTrigger=>GERRIT_BRANCH. Version of bin-artifacts,passed to test-env.Includes formula/reclass/ubuntu"
diff --git a/keepalived/cluster/instance/ceph_rgw_vip.yml b/keepalived/cluster/instance/ceph_rgw_vip.yml
new file mode 100644
index 0000000..e118ca7
--- /dev/null
+++ b/keepalived/cluster/instance/ceph_rgw_vip.yml
@@ -0,0 +1,9 @@
+classes:
+- service.keepalived.cluster.single
+- system.keepalived.cluster.vrrp_scripts.check_single_process
+parameters:
+ keepalived:
+ cluster:
+ instance:
+ VIP:
+ track_script: check_pidof
\ No newline at end of file
diff --git a/keepalived/cluster/instance/default_keepalived_check.yml b/keepalived/cluster/instance/default_keepalived_check.yml
index e088dd6..9f9afd2 100644
--- a/keepalived/cluster/instance/default_keepalived_check.yml
+++ b/keepalived/cluster/instance/default_keepalived_check.yml
@@ -1,21 +1,18 @@
+# DEPRECATED: for backward compatibility until openstack/control.yml migrate to
+# check_multiple_processes.yml
+#
# This instance is needed for the example case, where on control node the GlusterFS is deployed with keepalived and
# a `remote_agent` from `Stacklight` sends its queries to the control's VIP to gather the GlusterFS data.
# In case of `glusterd` process failure, the VIP should be moved to another node, to prevent `remote_agent` from failing.
# In addition, check for haproxy process too, as on its failure VIP should be also moved to another node.
classes:
-- service.keepalived.support
+- service.keepalived.cluster.single
+- system.keepalived.cluster.vrrp_scripts.check_custom_content
parameters:
_param:
keepalived_vip_vrrp_check_script_content: "pidof glusterd && pidof haproxy"
keepalived:
cluster:
- vrrp_scripts:
- vrrp_check:
- content: ${_param:keepalived_vip_vrrp_check_script_content}
- interval: 10
- rise: 1
- fall: 1
- enabled: true
instance:
VIP:
track_script: vrrp_check
diff --git a/keepalived/cluster/instance/galera_vip.yml b/keepalived/cluster/instance/galera_vip.yml
index 8b0a462..e118ca7 100644
--- a/keepalived/cluster/instance/galera_vip.yml
+++ b/keepalived/cluster/instance/galera_vip.yml
@@ -1,14 +1,9 @@
classes:
- service.keepalived.cluster.single
+- system.keepalived.cluster.vrrp_scripts.check_single_process
parameters:
keepalived:
cluster:
- vrrp_scripts:
- check_pidof:
- args: ${_param:keepalived_galera_vrrp_script_check_pidof_args}
- interval: 10
- rise: 1
- fall: 1
instance:
VIP:
- track_script: check_pidof
+ track_script: check_pidof
\ No newline at end of file
diff --git a/keepalived/cluster/instance/opencontrail_vip.yml b/keepalived/cluster/instance/opencontrail_vip.yml
new file mode 100644
index 0000000..e118ca7
--- /dev/null
+++ b/keepalived/cluster/instance/opencontrail_vip.yml
@@ -0,0 +1,9 @@
+classes:
+- service.keepalived.cluster.single
+- system.keepalived.cluster.vrrp_scripts.check_single_process
+parameters:
+ keepalived:
+ cluster:
+ instance:
+ VIP:
+ track_script: check_pidof
\ No newline at end of file
diff --git a/keepalived/cluster/instance/openstack_controller_vip.yml b/keepalived/cluster/instance/openstack_controller_vip.yml
new file mode 100644
index 0000000..30c839f
--- /dev/null
+++ b/keepalived/cluster/instance/openstack_controller_vip.yml
@@ -0,0 +1,11 @@
+classes:
+- service.keepalived.cluster.single
+- system.keepalived.cluster.vrrp_scripts.check_multiple_processes
+parameters:
+ _param:
+ keepalived_vrrp_script_check_multiple_processes: 'glusterd haproxy'
+ keepalived:
+ cluster:
+ instance:
+ VIP:
+ track_script: multiple_processes
\ No newline at end of file
diff --git a/keepalived/cluster/instance/openstack_proxy_vip.yml b/keepalived/cluster/instance/openstack_proxy_vip.yml
new file mode 100644
index 0000000..9af94ed
--- /dev/null
+++ b/keepalived/cluster/instance/openstack_proxy_vip.yml
@@ -0,0 +1,11 @@
+classes:
+- service.keepalived.cluster.single
+- system.keepalived.cluster.vrrp_scripts.check_multiple_processes
+parameters:
+ _param:
+ keepalived_vrrp_script_check_multiple_processes: 'nginx haproxy'
+ keepalived:
+ cluster:
+ instance:
+ VIP:
+ track_script: multiple_processes
\ No newline at end of file
diff --git a/keepalived/cluster/vrrp_scripts/check_custom_content.yml b/keepalived/cluster/vrrp_scripts/check_custom_content.yml
new file mode 100644
index 0000000..6cc7e80
--- /dev/null
+++ b/keepalived/cluster/vrrp_scripts/check_custom_content.yml
@@ -0,0 +1,9 @@
+parameters:
+ keepalived:
+ cluster:
+ vrrp_scripts:
+ vrrp_check:
+ content: ${_param:keepalived_vip_vrrp_check_script_content}
+ interval: 10
+ rise: 1
+ fall: 1
diff --git a/keepalived/cluster/vrrp_scripts/check_single_process.yml b/keepalived/cluster/vrrp_scripts/check_single_process.yml
new file mode 100644
index 0000000..4b605c3
--- /dev/null
+++ b/keepalived/cluster/vrrp_scripts/check_single_process.yml
@@ -0,0 +1,9 @@
+parameters:
+ keepalived:
+ cluster:
+ vrrp_scripts:
+ check_pidof:
+ args: ${_param:keepalived_vrrp_script_check_pidof_args}
+ interval: 10
+ rise: 1
+ fall: 1
diff --git a/keystone/server/cluster.yml b/keystone/server/cluster.yml
index 02e747d..95884e7 100644
--- a/keystone/server/cluster.yml
+++ b/keystone/server/cluster.yml
@@ -1,5 +1,6 @@
classes:
- service.keystone.server.cluster
+- system.keystone.upgrade
- service.keepalived.cluster.single
- system.haproxy.proxy.listen.openstack.keystone
- system.haproxy.proxy.listen.openstack.keystone.standalone
diff --git a/keystone/server/single.yml b/keystone/server/single.yml
index a57d99a..c792bf5 100644
--- a/keystone/server/single.yml
+++ b/keystone/server/single.yml
@@ -1,5 +1,6 @@
classes:
- service.keystone.server.single
+- system.keystone.upgrade
- system.linux.system.users.keystone
- system.keystone.server.fernet_rotation.single
- system.salt.minion.cert.mysql.clients.openstack.keystone
diff --git a/keystone/upgrade/init.yml b/keystone/upgrade/init.yml
new file mode 100644
index 0000000..cd72c7d
--- /dev/null
+++ b/keystone/upgrade/init.yml
@@ -0,0 +1,6 @@
+parameters:
+ keystone:
+ upgrade:
+ enabled: ${_param:keystone_upgrade_enabled}
+ old_release: ${_param:keystone_old_version}
+ new_release: ${_param:keystone_version}
\ No newline at end of file
diff --git a/manila/client/init.yml b/manila/client/init.yml
index 2fdadfd..268a1d1 100644
--- a/manila/client/init.yml
+++ b/manila/client/init.yml
@@ -2,3 +2,4 @@
- service.manila.client
- system.keystone.client.os_client_config.admin_identity
- system.manila.client.share_type
+- system.manila.upgrade
\ No newline at end of file
diff --git a/manila/common/cluster.yml b/manila/common/cluster.yml
index a821aa3..57ced1d 100644
--- a/manila/common/cluster.yml
+++ b/manila/common/cluster.yml
@@ -1,5 +1,6 @@
classes:
- service.manila.common.cluster
+- system.manila.upgrade
- system.salt.minion.cert.mysql.clients.openstack.manila
- system.salt.minion.cert.rabbitmq.clients.openstack.manila
parameters:
@@ -7,7 +8,7 @@
manila_cluster_vip_address: ${_param:cluster_vip_address}
manila:
common:
- version: ${_param:openstack_version}
+ version: ${_param:manila_version}
message_queue:
engine: rabbitmq
port: ${_param:openstack_rabbitmq_port}
diff --git a/manila/common/single.yml b/manila/common/single.yml
index d91a115..00f42eb 100644
--- a/manila/common/single.yml
+++ b/manila/common/single.yml
@@ -1,11 +1,12 @@
classes:
- service.manila.common.single
+- system.manila.upgrade
- system.salt.minion.cert.mysql.clients.openstack.manila
- system.salt.minion.cert.rabbitmq.clients.openstack.manila
parameters:
manila:
common:
- version: ${_param:openstack_version}
+ version: ${_param:manila_version}
message_queue:
engine: rabbitmq
port: ${_param:openstack_rabbitmq_port}
diff --git a/manila/control/cluster.yml b/manila/control/cluster.yml
index 75b6f76..087748b 100644
--- a/manila/control/cluster.yml
+++ b/manila/control/cluster.yml
@@ -7,11 +7,11 @@
manila:
common:
dhss: false
- version: ${_param:openstack_version}
+ version: ${_param:manila_version}
api:
enabled: true
- version: ${_param:openstack_version}
+ version: ${_param:manila_version}
role: ${_param:openstack_node_role}
scheduler:
enabled: true
- version: ${_param:openstack_version}
+ version: ${_param:manila_version}
diff --git a/manila/control/single.yml b/manila/control/single.yml
index 9d5f9f6..0b804c1 100644
--- a/manila/control/single.yml
+++ b/manila/control/single.yml
@@ -8,11 +8,11 @@
common:
dhss: false
default_share_type: default
- version: ${_param:openstack_version}
+ version: ${_param:manila_version}
api:
role: ${_param:openstack_node_role}
enabled: true
- version: ${_param:openstack_version}
+ version: ${_param:manila_version}
scheduler:
enabled: true
- version: ${_param:openstack_version}
+ version: ${_param:manila_version}
diff --git a/manila/share/init.yml b/manila/share/init.yml
index 346bfcd..6eb4163 100644
--- a/manila/share/init.yml
+++ b/manila/share/init.yml
@@ -4,7 +4,7 @@
manila:
common:
dhss: false
- version: ${_param:openstack_version}
+ version: ${_param:manila_version}
share:
enabled: true
- version: ${_param:openstack_version}
+ version: ${_param:manila_version}
diff --git a/manila/upgrade/init.yml b/manila/upgrade/init.yml
new file mode 100644
index 0000000..43e2021
--- /dev/null
+++ b/manila/upgrade/init.yml
@@ -0,0 +1,6 @@
+parameters:
+ manila:
+ upgrade:
+ enabled: ${_param:manila_upgrade_enabled}
+ old_release: ${_param:manila_old_version}
+ new_release: ${_param:manila_version}
\ No newline at end of file
diff --git a/neutron/compute/cluster.yml b/neutron/compute/cluster.yml
index a9cf9c1..c8a0922 100644
--- a/neutron/compute/cluster.yml
+++ b/neutron/compute/cluster.yml
@@ -1,5 +1,6 @@
classes:
- service.neutron.compute.single
+- system.neutron.upgrade
- system.salt.minion.cert.rabbitmq.clients.openstack.neutron
parameters:
_param:
diff --git a/neutron/control/cluster.yml b/neutron/control/cluster.yml
index 12e09e6..63e4faf 100644
--- a/neutron/control/cluster.yml
+++ b/neutron/control/cluster.yml
@@ -2,6 +2,7 @@
- service.keepalived.cluster.single
- service.haproxy.proxy.single
- service.neutron.control.cluster
+- system.neutron.upgrade
- system.haproxy.proxy.listen.openstack.neutron
- system.salt.minion.cert.mysql.clients.openstack.neutron
- system.salt.minion.cert.rabbitmq.clients.openstack.neutron
diff --git a/neutron/control/single.yml b/neutron/control/single.yml
index 2210f2f..803f12f 100644
--- a/neutron/control/single.yml
+++ b/neutron/control/single.yml
@@ -1,5 +1,6 @@
classes:
- service.neutron.control.single
+- system.neutron.upgrade
- system.salt.minion.cert.mysql.clients.openstack.neutron
- system.salt.minion.cert.rabbitmq.clients.openstack.neutron
parameters:
diff --git a/neutron/gateway/cluster.yml b/neutron/gateway/cluster.yml
index 8f84fa1..6d33684 100644
--- a/neutron/gateway/cluster.yml
+++ b/neutron/gateway/cluster.yml
@@ -1,5 +1,6 @@
classes:
- service.neutron.gateway.single
+- system.neutron.upgrade
- system.salt.minion.cert.rabbitmq.clients.openstack.neutron
parameters:
_param:
diff --git a/neutron/upgrade/init.yml b/neutron/upgrade/init.yml
new file mode 100644
index 0000000..616678d
--- /dev/null
+++ b/neutron/upgrade/init.yml
@@ -0,0 +1,6 @@
+parameters:
+ neutron:
+ upgrade:
+ enabled: ${_param:neutron_upgrade_enabled}
+ old_release: ${_param:neutron_old_version}
+ new_release: ${_param:neutron_version}
\ No newline at end of file
diff --git a/nginx/server/proxy/ceph_radosgw.yml b/nginx/server/proxy/ceph_radosgw.yml
index 2601849..c69ec3a 100644
--- a/nginx/server/proxy/ceph_radosgw.yml
+++ b/nginx/server/proxy/ceph_radosgw.yml
@@ -16,6 +16,8 @@
host: ${_param:nginx_proxy_radosgw_service_host}
port: ${_param:nginx_proxy_radosgw_service_port}
protocol: http
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_radosgw_host}
port: ${_param:nginx_proxy_radosgw_port}
diff --git a/nginx/server/proxy/opencontrail_web.yml b/nginx/server/proxy/opencontrail_web.yml
index 85169b3..5949b85 100644
--- a/nginx/server/proxy/opencontrail_web.yml
+++ b/nginx/server/proxy/opencontrail_web.yml
@@ -11,6 +11,8 @@
host: ${_param:opencontrail_control_address}
port: 8143
protocol: https
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:cluster_public_host}
port: 8143
diff --git a/nginx/server/proxy/openstack/aodh.yml b/nginx/server/proxy/openstack/aodh.yml
index d15bca5..e01bf44 100644
--- a/nginx/server/proxy/openstack/aodh.yml
+++ b/nginx/server/proxy/openstack/aodh.yml
@@ -17,6 +17,8 @@
host: ${_param:nginx_proxy_openstack_aodh_host}
port: 8042
protocol: ${_param:nginx_proxy_openstack_aodh_protocol}
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 8042
diff --git a/nginx/server/proxy/openstack/barbican.yml b/nginx/server/proxy/openstack/barbican.yml
index 6ac6a14..9776f14 100644
--- a/nginx/server/proxy/openstack/barbican.yml
+++ b/nginx/server/proxy/openstack/barbican.yml
@@ -17,6 +17,8 @@
host: ${_param:nginx_proxy_openstack_barbican_host}
port: 9311
protocol: ${_param:nginx_proxy_openstack_barbican_protocol}
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 9311
diff --git a/nginx/server/proxy/openstack/ceilometer.yml b/nginx/server/proxy/openstack/ceilometer.yml
index 78b1f00..553d5b4 100644
--- a/nginx/server/proxy/openstack/ceilometer.yml
+++ b/nginx/server/proxy/openstack/ceilometer.yml
@@ -17,6 +17,8 @@
host: ${_param:nginx_proxy_openstack_ceilometer_host}
port: 8777
protocol: ${_param:nginx_proxy_openstack_ceilometer_protocol}
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 8777
diff --git a/nginx/server/proxy/openstack/cinder.yml b/nginx/server/proxy/openstack/cinder.yml
index c89fa11..1d06df3 100644
--- a/nginx/server/proxy/openstack/cinder.yml
+++ b/nginx/server/proxy/openstack/cinder.yml
@@ -17,6 +17,8 @@
host: ${_param:nginx_proxy_openstack_cinder_host}
port: 8776
protocol: ${_param:nginx_proxy_openstack_cinder_protocol}
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 8776
diff --git a/nginx/server/proxy/openstack/designate.yml b/nginx/server/proxy/openstack/designate.yml
index ce92ff6..286c9d3 100644
--- a/nginx/server/proxy/openstack/designate.yml
+++ b/nginx/server/proxy/openstack/designate.yml
@@ -16,6 +16,8 @@
host: ${_param:nginx_proxy_openstack_designate_host}
port: 9001
protocol: ${_param:nginx_proxy_openstack_designate_protocol}
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 9001
diff --git a/nginx/server/proxy/openstack/glance_registry.yml b/nginx/server/proxy/openstack/glance_registry.yml
index b374e40..1677917 100644
--- a/nginx/server/proxy/openstack/glance_registry.yml
+++ b/nginx/server/proxy/openstack/glance_registry.yml
@@ -18,6 +18,8 @@
host: ${_param:nginx_proxy_openstack_glance_registry_host}
port: 9191
protocol: ${_param:nginx_proxy_openstack_glance_registry_protocol}
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 9191
diff --git a/nginx/server/proxy/openstack/glare.yml b/nginx/server/proxy/openstack/glare.yml
index 898f622..b761138 100644
--- a/nginx/server/proxy/openstack/glare.yml
+++ b/nginx/server/proxy/openstack/glare.yml
@@ -16,6 +16,8 @@
port: 9494
protocol: http
size: 30000m
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 9494
diff --git a/nginx/server/proxy/openstack/gnocchi.yml b/nginx/server/proxy/openstack/gnocchi.yml
index 6169648..125152e 100644
--- a/nginx/server/proxy/openstack/gnocchi.yml
+++ b/nginx/server/proxy/openstack/gnocchi.yml
@@ -17,6 +17,8 @@
host: ${_param:nginx_proxy_openstack_gnocchi_host}
port: 8041
protocol: ${_param:nginx_proxy_openstack_gnocchi_protocol}
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 8041
diff --git a/nginx/server/proxy/openstack/heat.yml b/nginx/server/proxy/openstack/heat.yml
index bfb7745..b16dc96 100644
--- a/nginx/server/proxy/openstack/heat.yml
+++ b/nginx/server/proxy/openstack/heat.yml
@@ -17,6 +17,8 @@
host: ${_param:nginx_proxy_openstack_heat_host}
port: 8004
protocol: ${_param:nginx_proxy_openstack_heat_protocol}
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 8004
diff --git a/nginx/server/proxy/openstack/heat_cfn.yml b/nginx/server/proxy/openstack/heat_cfn.yml
index 99bb2d3..3ac02c1 100644
--- a/nginx/server/proxy/openstack/heat_cfn.yml
+++ b/nginx/server/proxy/openstack/heat_cfn.yml
@@ -16,6 +16,8 @@
host: ${_param:nginx_proxy_openstack_heat_host}
port: 8000
protocol: ${_param:nginx_proxy_openstack_heat_protocol}
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 8000
diff --git a/nginx/server/proxy/openstack/heat_cloudwatch.yml b/nginx/server/proxy/openstack/heat_cloudwatch.yml
index 2c6a30a..3b2dad6 100644
--- a/nginx/server/proxy/openstack/heat_cloudwatch.yml
+++ b/nginx/server/proxy/openstack/heat_cloudwatch.yml
@@ -16,6 +16,8 @@
host: ${_param:nginx_proxy_openstack_heat_host}
port: 8003
protocol: ${_param:nginx_proxy_openstack_heat_protocol}
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 8003
diff --git a/nginx/server/proxy/openstack/horizon.yml b/nginx/server/proxy/openstack/horizon.yml
index 03e3f3c..a44f862 100644
--- a/nginx/server/proxy/openstack/horizon.yml
+++ b/nginx/server/proxy/openstack/horizon.yml
@@ -15,6 +15,8 @@
host: ${_param:nginx_proxy_openstack_horizon_host}
port: 443
protocol: https
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 443
diff --git a/nginx/server/proxy/openstack/ironic.yml b/nginx/server/proxy/openstack/ironic.yml
index 6ccedb3..1d13bf9 100644
--- a/nginx/server/proxy/openstack/ironic.yml
+++ b/nginx/server/proxy/openstack/ironic.yml
@@ -16,6 +16,8 @@
host: ${_param:nginx_proxy_openstack_ironic_host}
port: 6385
protocol: ${_param:nginx_proxy_openstack_ironic_protocol}
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 6385
diff --git a/nginx/server/proxy/openstack/keystone.yml b/nginx/server/proxy/openstack/keystone.yml
index bf6646a..6428eb9 100644
--- a/nginx/server/proxy/openstack/keystone.yml
+++ b/nginx/server/proxy/openstack/keystone.yml
@@ -17,6 +17,8 @@
host: ${_param:nginx_proxy_openstack_keystone_host}
port: 5000
protocol: ${_param:nginx_proxy_openstack_keystone_protocol}
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 5000
diff --git a/nginx/server/proxy/openstack/keystone_private.yml b/nginx/server/proxy/openstack/keystone_private.yml
index bffae74..2f13c6b 100644
--- a/nginx/server/proxy/openstack/keystone_private.yml
+++ b/nginx/server/proxy/openstack/keystone_private.yml
@@ -17,6 +17,8 @@
host: ${_param:nginx_proxy_openstack_keystone_host}
port: 35357
protocol: ${_param:nginx_proxy_openstack_keystone_protocol}
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 35357
diff --git a/nginx/server/proxy/openstack/manila.yml b/nginx/server/proxy/openstack/manila.yml
index 8157dd8..458ffc9 100644
--- a/nginx/server/proxy/openstack/manila.yml
+++ b/nginx/server/proxy/openstack/manila.yml
@@ -16,6 +16,8 @@
host: ${_param:nginx_proxy_openstack_manila_host}
port: 8786
protocol: ${_param:nginx_proxy_openstack_manila_protocol}
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 8786
diff --git a/nginx/server/proxy/openstack/murano.yml b/nginx/server/proxy/openstack/murano.yml
index 06b8c1a..4321c56 100644
--- a/nginx/server/proxy/openstack/murano.yml
+++ b/nginx/server/proxy/openstack/murano.yml
@@ -13,6 +13,8 @@
host: ${_param:nginx_proxy_openstack_api_proxy_host}
port: 8082
protocol: http
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 8082
diff --git a/nginx/server/proxy/openstack/neutron.yml b/nginx/server/proxy/openstack/neutron.yml
index 9ee5796..f7feb4a 100644
--- a/nginx/server/proxy/openstack/neutron.yml
+++ b/nginx/server/proxy/openstack/neutron.yml
@@ -16,6 +16,8 @@
host: ${_param:nginx_proxy_openstack_neutron_host}
port: 9696
protocol: ${_param:nginx_proxy_openstack_neutron_protocol}
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 9696
diff --git a/nginx/server/proxy/openstack/nova.yml b/nginx/server/proxy/openstack/nova.yml
index 456e056..0593639 100644
--- a/nginx/server/proxy/openstack/nova.yml
+++ b/nginx/server/proxy/openstack/nova.yml
@@ -17,6 +17,8 @@
host: ${_param:nginx_proxy_openstack_nova_host}
port: 8774
protocol: ${_param:nginx_proxy_openstack_nova_protocol}
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 8774
diff --git a/nginx/server/proxy/openstack/panko.yml b/nginx/server/proxy/openstack/panko.yml
index 45d389b..83c90e2 100644
--- a/nginx/server/proxy/openstack/panko.yml
+++ b/nginx/server/proxy/openstack/panko.yml
@@ -17,6 +17,8 @@
host: ${_param:nginx_proxy_openstack_panko_host}
port: 8977
protocol: ${_param:nginx_proxy_openstack_panko_protocol}
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 8977
diff --git a/nginx/server/proxy/openstack/placement.yml b/nginx/server/proxy/openstack/placement.yml
index 9e8b08c..a54966e 100644
--- a/nginx/server/proxy/openstack/placement.yml
+++ b/nginx/server/proxy/openstack/placement.yml
@@ -16,6 +16,8 @@
host: ${_param:nginx_proxy_openstack_placement_host}
port: 8778
protocol: ${_param:nginx_proxy_openstack_placement_protocol}
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 8778
diff --git a/nginx/server/proxy/openstack/sahara.yml b/nginx/server/proxy/openstack/sahara.yml
index 17ae236..2aa1b5e 100644
--- a/nginx/server/proxy/openstack/sahara.yml
+++ b/nginx/server/proxy/openstack/sahara.yml
@@ -11,6 +11,8 @@
host: ${_param:nginx_proxy_openstack_api_proxy_host}
port: 8386
protocol: http
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 8386
diff --git a/nginx/server/proxy/openstack_vnc.yml b/nginx/server/proxy/openstack_vnc.yml
index 526f0db..ab71656 100644
--- a/nginx/server/proxy/openstack_vnc.yml
+++ b/nginx/server/proxy/openstack_vnc.yml
@@ -13,6 +13,8 @@
port: 6080
protocol: http
websocket: true
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:cluster_public_host}
port: 6080
diff --git a/nginx/server/proxy/openstack_web.yml b/nginx/server/proxy/openstack_web.yml
index a9a4894..2de6606 100644
--- a/nginx/server/proxy/openstack_web.yml
+++ b/nginx/server/proxy/openstack_web.yml
@@ -14,7 +14,7 @@
type: nginx_proxy
name: openstack_web
proxy:
- host: localhost
+ host: ${_param:horizon_server_bind_address}
# TODO: port must be configurable, as some deployments might have HAproxy over prx nodes
port: 8078
size: 10000m
diff --git a/nova/compute/cluster.yml b/nova/compute/cluster.yml
index fdb8bcb..c3f60f8 100644
--- a/nova/compute/cluster.yml
+++ b/nova/compute/cluster.yml
@@ -1,5 +1,6 @@
classes:
- service.nova.compute.kvm
+- system.nova.upgrade
- system.salt.minion.cert.rabbitmq.clients.openstack.nova
parameters:
_param:
diff --git a/nova/compute/single.yml b/nova/compute/single.yml
index f14192c..5d161e2 100644
--- a/nova/compute/single.yml
+++ b/nova/compute/single.yml
@@ -2,6 +2,7 @@
- nova
classes:
- service.nova.compute.kvm
+- system.nova.upgrade
- system.salt.minion.cert.rabbitmq.clients.openstack.nova
parameters:
_param:
diff --git a/nova/compute_ironic/cluster.yml b/nova/compute_ironic/cluster.yml
index deed63a..a357ba8 100644
--- a/nova/compute_ironic/cluster.yml
+++ b/nova/compute_ironic/cluster.yml
@@ -1,5 +1,6 @@
classes:
- service.nova.compute.ironic
+- system.nova.upgrade
parameters:
nova:
compute:
diff --git a/nova/compute_ironic/single.yml b/nova/compute_ironic/single.yml
index cddaa4d..fe5db6c 100644
--- a/nova/compute_ironic/single.yml
+++ b/nova/compute_ironic/single.yml
@@ -1,5 +1,6 @@
classes:
- service.nova.compute.ironic
+- system.nova.upgrade
parameters:
nova:
compute:
diff --git a/nova/control/cluster.yml b/nova/control/cluster.yml
index 08bbf07..6591552 100644
--- a/nova/control/cluster.yml
+++ b/nova/control/cluster.yml
@@ -1,6 +1,7 @@
classes:
- service.haproxy.proxy.single
- service.nova.control.cluster
+- system.nova.upgrade
- service.keepalived.cluster.single
- system.haproxy.proxy.listen.openstack.nova
- system.haproxy.proxy.listen.openstack.novnc
diff --git a/nova/control/single.yml b/nova/control/single.yml
index a97a033..9a0bc00 100644
--- a/nova/control/single.yml
+++ b/nova/control/single.yml
@@ -2,6 +2,7 @@
- system.salt.minion.cert.mysql.clients.openstack.nova
- system.salt.minion.cert.rabbitmq.clients.openstack.nova
- service.nova.control.single
+- system.nova.upgrade
parameters:
linux:
system:
diff --git a/nova/upgrade/init.yml b/nova/upgrade/init.yml
new file mode 100644
index 0000000..4441bb7
--- /dev/null
+++ b/nova/upgrade/init.yml
@@ -0,0 +1,6 @@
+parameters:
+ nova:
+ upgrade:
+ enabled: ${_param:nova_upgrade_enabled}
+ old_release: ${_param:nova_old_version}
+ new_release: ${_param:nova_version}
\ No newline at end of file
diff --git a/opencontrail/control/control.yml b/opencontrail/control/control.yml
index 4719dff..4dd79f3 100644
--- a/opencontrail/control/control.yml
+++ b/opencontrail/control/control.yml
@@ -1,7 +1,7 @@
classes:
-- service.keepalived.cluster.single
- service.opencontrail.control.control
- system.haproxy.proxy.listen.opencontrail.control
+- system.keepalived.cluster.instance.opencontrail_vip
parameters:
_param:
multi_tenancy: true
diff --git a/opencontrail/control/control4_0.yml b/opencontrail/control/control4_0.yml
index 09b1e12..acf5530 100644
--- a/opencontrail/control/control4_0.yml
+++ b/opencontrail/control/control4_0.yml
@@ -1,8 +1,8 @@
classes:
- service.docker.host
-- service.keepalived.cluster.single
- service.opencontrail.control.control
- system.haproxy.proxy.listen.opencontrail.control4_0
+- system.keepalived.cluster.instance.opencontrail_vip
parameters:
_param:
opencontrail_version: 4.0
diff --git a/openssh/server/team/members/aminasyan.yml b/openssh/server/team/members/aminasyan.yml
index 0e189fc..133047d 100644
--- a/openssh/server/team/members/aminasyan.yml
+++ b/openssh/server/team/members/aminasyan.yml
@@ -15,5 +15,5 @@
aminasyan:
enabled: true
public_keys:
- - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBH7+vVgUiiflgclsGBVoGeeSYocSHDkHsRKUOfprH/EPwoYM4mwPotKaO3u342U7Gakxhe9X95jpa1xk4O70w3rsTKERiBcvwM1GUeMoCjyNfUtseZku817wUj+NmU2/bo6YB/Jtuqx+QxxrzXrctowl7rkZud13gypKqVA4kaeT8cclSD0ZNAL99p7y8aXa3CuJ2nBzkzfM0/tuXGsiBZxDm7MzbIjySCTPJz8Y+n8rvmETfMG4smfl1E5R4o0AXpKwWUTZxQxx/BXh1jC9CxnDO/CccLdSY+jY7qvzhCvUsQf3v3Ppdi5wgqaVBf7SaLIeEsyqBwu6CMg1K6jHJt46sdiDSG79/SQHUsrrbVY9lA3tV5CAO0kz4Caae01k8BsO2lT9xLhed7V4ReAbAL3QBTvWMEob8ARQCB6EuaI7VxMcQvmoGK5Rf8/qh+B8JmbgAUyUy/j8qIjeZv4C7LbQO9z86AeGBrd6H5zDzlBL6RcyhvtVvOybovXLTujeMTyydqXfnZ7XTOEwp3lVzavsQO5ej1Ao5CJ/7yXFN3bpTO0fLFDSg/zzS2cME6J6KaT3dJLFfUpS/0hoQlOCV5L10LhZeh0Ot4GfVJ2tGOBQRnYGZHR2MpxQTZV/yhQDfYFBxZtvKcmAFdLTMaJ6GxLleuymJI4n4Vy3pg14O/w== aminasyan@artem
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDaC1Esdbd0RgI4UrpYvZGckOW9PGaA5Q5CD0IRj/DB0RkxLpSaLJUPMml6xNhaL13nuQ7JnOmPKrzT8Vu3P5/rw2Kvo8rmXVoFTXj0xuzLlYJutqxpYj6zGQzzai4pXOtfNVOoKhwrLrQuJXOgNgWD0dECevNgA+6GLCVmAKCyzZxC89u5HpNVbv85fqn0Q2sgelxOHOlq2xEnqtcHX/MnMSSr8EjzcFXssshuYvgqanlbT1G63ie3RjbAzf/dSpqNpVaRJTB0RJpXrZyGnosxOjQpfkAY4VjfgdnRIFb1ul5JR6+Q25XBtS9DBWXq9dSpeLISENZG5THmO7vXhOD1 aminasyan@aminasyan-macbook.local
user: ${linux:system:user:aminasyan}
diff --git a/panko/server/cluster.yml b/panko/server/cluster.yml
index 7c442dd..b6e87bb 100644
--- a/panko/server/cluster.yml
+++ b/panko/server/cluster.yml
@@ -1,5 +1,6 @@
classes:
- service.panko.server.cluster
+- system.panko.upgrade
- service.haproxy.proxy.single
- system.apache.server.site.panko
- system.haproxy.proxy.listen.openstack.panko
diff --git a/panko/server/single.yml b/panko/server/single.yml
index dd08349..ea8f4a1 100644
--- a/panko/server/single.yml
+++ b/panko/server/single.yml
@@ -1,5 +1,6 @@
classes:
- service.panko.server.single
+- system.panko.upgrade
- system.apache.server.site.panko
- system.salt.minion.cert.mysql.clients.openstack.panko
parameters:
diff --git a/panko/upgrade/init.yml b/panko/upgrade/init.yml
new file mode 100644
index 0000000..4777146
--- /dev/null
+++ b/panko/upgrade/init.yml
@@ -0,0 +1,6 @@
+parameters:
+ panko:
+ upgrade:
+ enabled: ${_param:panko_upgrade_enabled}
+ old_release: ${_param:panko_old_version}
+ new_release: ${_param:panko_version}
\ No newline at end of file
diff --git a/prometheus/server/alert/alerta_relabel.yml b/prometheus/server/alert/alerta_relabel.yml
index 1e06b6c..63ed20a 100644
--- a/prometheus/server/alert/alerta_relabel.yml
+++ b/prometheus/server/alert/alerta_relabel.yml
@@ -1,8 +1,13 @@
parameters:
+ _param:
+ alerta_environment_label: ${_param:cluster_domain}
prometheus:
server:
config:
alert_relabel_configs:
+ - replacement: "${_param:alerta_environment_label}"
+ source_labels: "environment"
+ target_label: "environment"
- replacement: "aggregated"
source_labels: "instance"
target_label: "instance"
diff --git a/salt/minion/cert/k8s_client.yml b/salt/minion/cert/k8s_client.yml
index be262b5..5f065d5 100644
--- a/salt/minion/cert/k8s_client.yml
+++ b/salt/minion/cert/k8s_client.yml
@@ -11,7 +11,7 @@
common_name: system:node:${linux:system:name}
organization_name: system:nodes
signing_policy: cert_client
- alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
+ alternative_names: IP:${_param:kubernetes_control_address},IP:${_param:kubernetes_control_node01_address},IP:${_param:kubernetes_control_node02_address},IP:${_param:kubernetes_control_node03_address},IP:${_param:kubernetes_internal_api_address}
k8s_proxy:
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
@@ -20,7 +20,7 @@
ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
common_name: system:kube-proxy
signing_policy: cert_client
- alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
+ alternative_names: IP:${_param:kubernetes_control_address},IP:${_param:kubernetes_control_node01_address},IP:${_param:kubernetes_control_node02_address},IP:${_param:kubernetes_control_node03_address},IP:${_param:kubernetes_internal_api_address}
k8s_scheduler:
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
@@ -29,7 +29,7 @@
ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
common_name: system:kube-scheduler
signing_policy: cert_client
- alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
+ alternative_names: IP:${_param:kubernetes_control_address},IP:${_param:kubernetes_control_node01_address},IP:${_param:kubernetes_control_node02_address},IP:${_param:kubernetes_control_node03_address},IP:${_param:kubernetes_internal_api_address}
k8s_controller_manager:
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
@@ -38,4 +38,4 @@
ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
common_name: system:kube-controller-manager
signing_policy: cert_client
- alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
+ alternative_names: IP:${_param:kubernetes_control_address},IP:${_param:kubernetes_control_node01_address},IP:${_param:kubernetes_control_node02_address},IP:${_param:kubernetes_control_node03_address},IP:${_param:kubernetes_internal_api_address}
diff --git a/salt/minion/cert/k8s_client_single.yml b/salt/minion/cert/k8s_client_single.yml
index e9c7d79..a4302a3 100644
--- a/salt/minion/cert/k8s_client_single.yml
+++ b/salt/minion/cert/k8s_client_single.yml
@@ -11,7 +11,7 @@
common_name: system:node:${linux:system:name}
organization_name: system:nodes
signing_policy: cert_client
- alternative_names: IP:${_param:control_address},IP:${_param:kubernetes_internal_api_address}
+ alternative_names: IP:${_param:kubernetes_control_address},IP:${_param:kubernetes_internal_api_address}
k8s_proxy:
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
@@ -20,7 +20,7 @@
ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
common_name: system:kube-proxy
signing_policy: cert_client
- alternative_names: IP:${_param:control_address},IP:${_param:kubernetes_internal_api_address}
+ alternative_names: IP:${_param:kubernetes_control_address},IP:${_param:kubernetes_internal_api_address}
k8s_scheduler:
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
@@ -29,7 +29,7 @@
ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
common_name: system:kube-scheduler
signing_policy: cert_client
- alternative_names: IP:${_param:control_address},IP:${_param:kubernetes_internal_api_address}
+ alternative_names: IP:${_param:kubernetes_control_address},IP:${_param:kubernetes_internal_api_address}
k8s_controller_manager:
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
@@ -38,4 +38,4 @@
ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
common_name: system:kube-controller-manager
signing_policy: cert_client
- alternative_names: IP:${_param:control_address},IP:${_param:kubernetes_internal_api_address}
+ alternative_names: IP:${_param:kubernetes_control_address},IP:${_param:kubernetes_internal_api_address}
diff --git a/salt/minion/cert/k8s_server.yml b/salt/minion/cert/k8s_server.yml
index 603d369..025f3ae 100644
--- a/salt/minion/cert/k8s_server.yml
+++ b/salt/minion/cert/k8s_server.yml
@@ -10,4 +10,4 @@
cert_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.crt
all_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.pem
signing_policy: cert_server
- alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address},DNS:kubernetes.default,DNS:kubernetes.default.svc
+ alternative_names: IP:${_param:kubernetes_control_address},IP:${_param:kubernetes_control_node01_address},IP:${_param:kubernetes_control_node02_address},IP:${_param:kubernetes_control_node03_address},IP:${_param:kubernetes_internal_api_address},DNS:kubernetes.default,DNS:kubernetes.default.svc
diff --git a/salt/minion/cert/k8s_server_single.yml b/salt/minion/cert/k8s_server_single.yml
index 33637e4..2cc5caa 100644
--- a/salt/minion/cert/k8s_server_single.yml
+++ b/salt/minion/cert/k8s_server_single.yml
@@ -10,4 +10,4 @@
cert_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.crt
all_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.pem
signing_policy: cert_server
- alternative_names: IP:${_param:control_address},IP:${_param:kubernetes_internal_api_address}
+ alternative_names: IP:${_param:kubernetes_control_address},IP:${_param:kubernetes_internal_api_address}
diff --git a/salt/minion/cert/octavia/image_sign.yml b/salt/minion/cert/octavia/image_sign.yml
new file mode 100644
index 0000000..2e67a02
--- /dev/null
+++ b/salt/minion/cert/octavia/image_sign.yml
@@ -0,0 +1,17 @@
+classes:
+- system.salt.minion.cert.octavia
+parameters:
+ _param:
+ octavia_image_cert_key: /etc/octavia/certs/image.key
+ octavia_image_cert_file: /etc/octavia/certs/image.crt
+ salt:
+ minion:
+ cert:
+ octavia:
+ host: ${_param:octavia_ca_host}
+ authority: octavia_ca
+ common_name: octavia
+ signing_policy: cert_server
+ key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+ key_file: ${_param:octavia_image_cert_key}
+ cert_file: ${_param:octavia_image_cert_file}
\ No newline at end of file