Merge "Removing deprecated methods from Validate"
diff --git a/apache/server/site/aodh.yml b/apache/server/site/aodh.yml
index 6ce5ede..3b7fc23 100644
--- a/apache/server/site/aodh.yml
+++ b/apache/server/site/aodh.yml
@@ -22,8 +22,8 @@
port: ${_param:apache_aodh_api_port}
log:
custom:
- format: >-
- %v:%p %{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %D %O \"%{Referer}i\" \"%{User-Agent}i\"
+ format: ${_param:apache_site_openstack_aodh_log_format}
+ file: /var/log/apache2/aodh_access.log
wsgi:
daemon_process: aodh-api
processes: ${_param:aodh_api_workers}
diff --git a/apache/server/site/barbican.yml b/apache/server/site/barbican.yml
index 0e7da2c..7a4297b 100644
--- a/apache/server/site/barbican.yml
+++ b/apache/server/site/barbican.yml
@@ -31,7 +31,7 @@
port: 9311
log:
custom:
- format: 'combined'
+ format: ${_param:apache_site_openstack_barbican_log_format}
file: '/var/log/barbican/barbican-api.log'
error:
enabled: true
@@ -55,7 +55,7 @@
port: 9312
log:
custom:
- format: 'combined'
+ format: ${_param:apache_site_openstack_barbican_log_format}
file: '/var/log/barbican/barbican-api.log'
error:
enabled: true
diff --git a/apache/server/site/cinder.yml b/apache/server/site/cinder.yml
index d1e3475..785817a 100644
--- a/apache/server/site/cinder.yml
+++ b/apache/server/site/cinder.yml
@@ -35,8 +35,8 @@
port: 8776
log:
custom:
- format: >-
- %v:%p %{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %D %O \"%{Referer}i\" \"%{User-Agent}i\"
+ format: ${_param:apache_site_openstack_cinder_log_format}
+ file: /var/log/apache2/cinder.log
error:
enabled: true
format: '%M'
diff --git a/apache/server/site/gnocchi.yml b/apache/server/site/gnocchi.yml
index 12d5f24..7aaba6f 100644
--- a/apache/server/site/gnocchi.yml
+++ b/apache/server/site/gnocchi.yml
@@ -22,8 +22,7 @@
port: ${_param:apache_gnocchi_api_port}
log:
custom:
- format: >-
- %v:%p %{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %D %O \"%{Referer}i\" \"%{User-Agent}i\"
+ format: ${_param:apache_site_openstack_gnocchi_log_format}
wsgi:
daemon_process: gnocchi-api
processes: ${_param:gnocchi_api_workers}
diff --git a/apache/server/site/horizon.yml b/apache/server/site/horizon.yml
index 5cfca1e..e909d4c 100644
--- a/apache/server/site/horizon.yml
+++ b/apache/server/site/horizon.yml
@@ -56,8 +56,7 @@
allow: 'from all'
log:
custom:
- format: >-
- %v:%p %{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %D %O \"%{Referer}i\" \"%{User-Agent}i\"
+ format: ${_param:apache_site_openstack_horizon_log_format}
error:
enabled: true
level: debug
diff --git a/apache/server/site/manila.yml b/apache/server/site/manila.yml
index 3080d1d..163f237 100644
--- a/apache/server/site/manila.yml
+++ b/apache/server/site/manila.yml
@@ -38,8 +38,8 @@
port: 8786
log:
custom:
- format: >-
- %v:%p %{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %D %O \"%{Referer}i\" \"%{User-Agent}i\"
+ format: ${_param:apache_site_openstack_manila_log_format}
+ file: /var/log/apache2/manila.access.log
error:
enabled: true
level: debug
diff --git a/apache/server/site/nova-placement.yml b/apache/server/site/nova-placement.yml
index 7c8e8bd..a869fea 100644
--- a/apache/server/site/nova-placement.yml
+++ b/apache/server/site/nova-placement.yml
@@ -37,8 +37,7 @@
port: 8778
log:
custom:
- format: >-
- %v:%p %{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %D %O \"%{Referer}i\" \"%{User-Agent}i\"
+ format: ${_param:apache_site_openstack_placement_log_format}
file: '/var/log/apache2/nova_placement_access.log'
error:
enabled: true
diff --git a/apache/server/site/panko.yml b/apache/server/site/panko.yml
index eff49c5..a34190d 100644
--- a/apache/server/site/panko.yml
+++ b/apache/server/site/panko.yml
@@ -22,8 +22,8 @@
port: ${_param:apache_panko_api_port}
log:
custom:
- format: >-
- %v:%p %{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %D %O \"%{Referer}i\" \"%{User-Agent}i\"
+ format: ${_param:apache_site_openstack_panko_log_format}
+ file: /var/log/apache2/panko.access.log
wsgi:
daemon_process: panko-api
processes: ${_param:panko_api_workers}
diff --git a/defaults/backupninja.yml b/defaults/backupninja.yml
index e89ed86..f827173 100644
--- a/defaults/backupninja.yml
+++ b/defaults/backupninja.yml
@@ -1,4 +1,5 @@
parameters:
_param:
backupninja_engine: rsync
+ backupninja_backup_host: 127.0.0.1
backupninja_public_key: no-key-provided
diff --git a/defaults/docker_images.yml b/defaults/docker_images.yml
index bec34e7..2457920 100644
--- a/defaults/docker_images.yml
+++ b/defaults/docker_images.yml
@@ -22,6 +22,8 @@
# model-generator
docker_image_operations_api: "${_param:mcp_docker_registry}/mirantis/model-generator/operations-api:${_param:mcp_version}"
docker_image_operations_ui: "${_param:mcp_docker_registry}/mirantis/model-generator/operations-ui:${_param:mcp_version}"
+ # OpenContrail
+ opencontrail_docker_image_tag: "${_param:mcp_version}"
# stacklight
# 6.5.0 version, from 11/29/2018, differ from latest upstream 6.5.0 - update next cycle
docker_image_alerta: "${_param:mcp_docker_registry}/mirantis/external/alerta-web:${_param:mcp_version}"
@@ -44,6 +46,7 @@
docker_image_keycloak_proxy: "${_param:mcp_docker_registry}/mirantis/external/jboss/keycloak:3.4.2.Final"
# CVP
docker_image_cvp_sanity_checks: ${_param:mcp_docker_registry}/mirantis/cvp/cvp-sanity-checks:${_param:mcp_version}
+ docker_image_cvp_shaker_checks: ${_param:mcp_docker_registry}/mirantis/cvp/cvp-shaker:${_param:mcp_version}
# aptly
docker_image_aptly:
base: "${_param:mcp_docker_registry}/mirantis/cicd/aptly:${_param:mcp_version}"
diff --git a/defaults/openstack/init.yml b/defaults/openstack/init.yml
index b5b66e1..3ad9e13 100644
--- a/defaults/openstack/init.yml
+++ b/defaults/openstack/init.yml
@@ -157,6 +157,18 @@
apache_proxy_openstack_aodh_retry: ${_param:apache_proxy_openstack_api_retry}
apache_proxy_openstack_placement_retry: ${_param:apache_proxy_openstack_api_retry}
apache_proxy_openstack_octavia_retry: ${_param:apache_proxy_openstack_api_retry}
+ # Formats for logs for openstack apache sites
+ apache_site_openstack_api_log_format: >-
+ %v:%p %h %l %u %t \"%r\" %>s %D %O \"%{Referer}i\" \"%{User-Agent}i\"
+ apache_site_openstack_aodh_log_format: ${_param:apache_site_openstack_api_log_format}
+ apache_site_openstack_barbican_log_format: ${_param:apache_site_openstack_api_log_format}
+ apache_site_openstack_cinder_log_format: ${_param:apache_site_openstack_api_log_format}
+ apache_site_openstack_gnocchi_log_format: ${_param:apache_site_openstack_api_log_format}
+ apache_site_openstack_horizon_log_format: >-
+ %v:%p %{X-Forwarded-For}i %h %l %u %t \"%r\" %>s %D %O \"%{Referer}i\" \"%{User-Agent}i\"
+ apache_site_openstack_manila_log_format: ${_param:apache_site_openstack_api_log_format}
+ apache_site_openstack_placement_log_format: ${_param:apache_site_openstack_api_log_format}
+ apache_site_openstack_panko_log_format: ${_param:apache_site_openstack_api_log_format}
# Horizon
# 'direct' mode will require cors on glance side to be enabled.
horizon_images_upload_mode: 'direct'
diff --git a/jenkins/client/approved_scripts.yml b/jenkins/client/approved_scripts.yml
index f15b370..43bc5e2 100644
--- a/jenkins/client/approved_scripts.yml
+++ b/jenkins/client/approved_scripts.yml
@@ -85,6 +85,8 @@
- method java.util.stream.Stream collect java.util.stream.Collector
- method jenkins.model.Jenkins getItemByFullName java.lang.String
- method jenkins.model.Jenkins getPluginManager
+ - method org.apache.commons.net.util.SubnetUtils getInfo
+ - method org.apache.commons.net.util.SubnetUtils$SubnetInfo getNetmask
- method org.jenkinsci.plugins.workflow.job.WorkflowRun doStop
- method org.jenkinsci.plugins.workflow.job.WorkflowRun finish hudson.model.Result java.lang.Throwable
- method org.jenkinsci.plugins.workflow.steps.FlowInterruptedException getCauses
@@ -110,6 +112,7 @@
- new java.util.Date
- new java.util.HashMap
- new java.util.LinkedHashMap java.util.Map
+ - new org.apache.commons.net.util.SubnetUtils java.lang.String
- staticField groovy.io.FileType FILES
- staticMethod com.cloudbees.plugins.credentials.CredentialsProvider lookupCredentials java.lang.Class hudson.model.ItemGroup
- staticMethod hudson.model.Hudson getInstance
diff --git a/jenkins/client/job/deploy/galera_verify_restore.yml b/jenkins/client/job/deploy/galera_verify_restore.yml
index 73e312a..ce8a065 100644
--- a/jenkins/client/job/deploy/galera_verify_restore.yml
+++ b/jenkins/client/job/deploy/galera_verify_restore.yml
@@ -32,3 +32,10 @@
VERIFICATION_RETRIES:
type: string
default: 5
+ RESTORE_TYPE:
+ type: choice
+ choices:
+ - 'BACKUP_AND_RESTORE'
+ - 'ONLY_RESTORE'
+ - 'RESTART_CLUSTER'
+ description: "Choose required behavior. See documentation for more information."
diff --git a/jenkins/client/job/validate.yml b/jenkins/client/job/validate.yml
index 9890294..2165637 100644
--- a/jenkins/client/job/validate.yml
+++ b/jenkins/client/job/validate.yml
@@ -392,7 +392,7 @@
param:
IMAGE:
type: string
- default: "${_param:mcp_docker_registry}/mirantis/cvp/cvp-shaker:${_param:mcp_version}"
+ default: "${_param:docker_image_cvp_shaker_checks}"
description: Docker image to use for running Shaker.
SALT_MASTER_URL:
type: string
diff --git a/kubernetes/common/init.yml b/kubernetes/common/init.yml
index d893ad1..5ede5c3 100644
--- a/kubernetes/common/init.yml
+++ b/kubernetes/common/init.yml
@@ -38,9 +38,9 @@
kubernetes_calico_cni_source_hash: md5=2544bc1865c1451cac7a61264c25a2cb
kubernetes_calico_cni_ipam_source: ${_param:kubernetes_calico_cni_repo}/calico-ipam-v3.3.2
kubernetes_calico_cni_ipam_source_hash: md5=b22623eeea3b29ba8ec071d859ac7055
- kubernetes_hyperkube_source: ${_param:kubernetes_hyperkube_repo}/hyperkube_v1.13.2-1_1549961718696
- kubernetes_hyperkube_source_hash: md5=802e0ee43fd2a41e9ed84b0f867e70a2
- kubernetes_pause_image: ${_param:mcp_docker_registry}/mirantis/kubernetes/pause-amd64:v1.13.2-1
+ kubernetes_hyperkube_source: ${_param:kubernetes_hyperkube_repo}/hyperkube_v1.13.5-3_1553734030770
+ kubernetes_hyperkube_source_hash: md5=50e76be5db36adcffe24ede633e428d2
+ kubernetes_pause_image: ${_param:mcp_docker_registry}/mirantis/kubernetes/pause-amd64:v1.13.5-3
kubernetes_virtlet_image: ${_param:kubernetes_virtlet_repo}/virtlet:v1.5.0
kubernetes_criproxy_version: v0.14.0
kubernetes_criproxy_checksum: md5=f0fa669295a156a588f3480c9909e6fd
@@ -50,7 +50,7 @@
kubernetes_dnsmasq_image: ${_param:kubernetes_kubedns_repo}/k8s-dns-dnsmasq-amd64:1.14.5
kubernetes_sidecar_image: ${_param:kubernetes_kubedns_repo}/k8s-dns-sidecar-amd64:1.14.5
kubernetes_dns_autoscaler_image: ${_param:kubernetes_kubedns_repo}/cluster-proportional-autoscaler-amd64:1.0.0
- kubernetes_externaldns_image: ${_param:kubernetes_externaldns_repo}/external-dns:v0.5.9-3
+ kubernetes_externaldns_image: ${_param:kubernetes_externaldns_repo}/external-dns:v0.5.11-4
kubernetes_genie_source: ${_param:kubernetes_genie_repo}/genie_v2.0-1-g209d3c4
kubernetes_genie_source_hash: md5=fa7a27ecbb9f800c1b705f87c64f6226
kubernetes_flannel_image: ${_param:kubernetes_flannel_repo}/flannel:v0.10.0-amd64
@@ -58,17 +58,17 @@
kubernetes_metallb_speaker_image: ${_param:kubernetes_metallb_repo}/speaker:v0.7.3-2
kubernetes_sriov_source: ${_param:kubernetes_sriov_repo}/sriov_v0.3-9-g3b31f1a
kubernetes_sriov_source_hash: md5=cd9ea01e80d260218260314447c23b30
- kubernetes_cniplugins_source: ${_param:kubernetes_cniplugins_repo}/containernetworking-plugins_v0.7.2-151-g1d23302.tar.gz
- kubernetes_cniplugins_source_hash: md5=bb42444166a89ef6832529e9e39d000d
+ kubernetes_cniplugins_source: ${_param:kubernetes_cniplugins_repo}/containernetworking-plugins_v0.7.2-173-g8db2808.tar.gz
+ kubernetes_cniplugins_source_hash: md5=1861ab0c880fff58e7e8299e3dad8a0b
kubernetes_dashboard_image: ${_param:kubernetes_dashboard_repo}/kubernetes-dashboard-amd64:v1.10.1-2
kubernetes_telegraf_image: ${_param:mcp_docker_registry}/openstack-docker/telegraf:2018.8.0
- kubernetes_coredns_image: ${_param:kubernetes_coredns_repo}/coredns:v1.2.6-4
- kubernetes_ingressnginx_controller_image: ${_param:kubernetes_ingressnginx_repo}/nginx-ingress-controller-amd64:nginx-0.21.0-3
+ kubernetes_coredns_image: ${_param:kubernetes_coredns_repo}/coredns:v1.4.0-96
+ kubernetes_ingressnginx_controller_image: ${_param:kubernetes_ingressnginx_repo}/nginx-ingress-controller-amd64:nginx-0.23.0-4
kubernetes_corends_etcd_operator_image: ${_param:kubernetes_corends_etcd_operator_repo}/etcd-operator:v0.9.3
kubernetes_containerd_source: ${_param:kubernetes_containerd_repo}/v1.12.0/crictl-v1.12.0-linux-amd64.tar.gz
kubernetes_containerd_source_hash: md5=ff60b9ddfa5617f7ed14b3f3b6a60056
# images for formula compatibility
- kubernetes_hyperkube_image: ${_param:mcp_docker_registry}/mirantis/kubernetes/hyperkube-amd64:v1.13.2-1
+ kubernetes_hyperkube_image: ${_param:mcp_docker_registry}/mirantis/kubernetes/hyperkube-amd64:v1.13.5-3
kubernetes_calico_cni_image: ${_param:mcp_docker_registry}/mirantis/projectcalico/calico/cni:v3.3.2
kubernetes_calico_calicoctl_image: ${_param:mcp_docker_registry}/mirantis/projectcalico/calico/ctl:v3.3.2
kubernetes_containerd_package: containerd=1.2.4-2~u16.04+mcp
diff --git a/neutron/control/ovn/single.yml b/neutron/control/ovn/single.yml
index f3dd749..5305fc9 100644
--- a/neutron/control/ovn/single.yml
+++ b/neutron/control/ovn/single.yml
@@ -40,17 +40,3 @@
db-sb-create-insecure-remote: 'yes'
db-nb-addr: ${_param:single_address}
db-sb-addr: ${_param:single_address}
- mysql:
- server:
- database:
- neutron:
- encoding: utf8
- users:
- - name: neutron
- password: ${_param:mysql_neutron_password}
- host: '%'
- rights: all
- - name: neutron
- password: ${_param:mysql_neutron_password}
- host: ${_param:cluster_local_address}
- rights: all
diff --git a/nova/compute/libvirt/ssl/init.yml b/nova/compute/libvirt/ssl/init.yml
index d9be1a5..4523183 100644
--- a/nova/compute/libvirt/ssl/init.yml
+++ b/nova/compute/libvirt/ssl/init.yml
@@ -5,7 +5,7 @@
nova_compute_libvirt_allowed_dn_list:
all:
enabled: true
- value: '*CN=cmp*.${_param:cluster_domain}*'
+ value: '*CN=cmp*'
nova:
compute:
libvirt:
diff --git a/opencontrail/control/analytics4_0.yml b/opencontrail/control/analytics4_0.yml
index d60ed8b..18c5a5f 100644
--- a/opencontrail/control/analytics4_0.yml
+++ b/opencontrail/control/analytics4_0.yml
@@ -14,13 +14,12 @@
opencontrail_zookeeper_log_dir: '/var/log/zookeeper'
opencontrail_version: 4.0
linux_repo_contrail_component: oc40
- opencontrail_image_tag: latest
opencontrail_message_queue_node01_address: ${_param:openstack_message_queue_node01_address}
opencontrail_message_queue_node02_address: ${_param:openstack_message_queue_node02_address}
opencontrail_message_queue_node03_address: ${_param:openstack_message_queue_node03_address}
opencontrail_message_queue_address: ${_param:openstack_message_queue_address}
- opencontrail_analytics_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analytics:${_param:opencontrail_image_tag}
- opencontrail_analyticsdb_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analyticsdb:${_param:opencontrail_image_tag}
+ opencontrail_analytics_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analytics:${_param:opencontrail_docker_image_tag}
+ opencontrail_analyticsdb_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analyticsdb:${_param:opencontrail_docker_image_tag}
opencontrail_analytics_container_name: opencontrail_analytics_1
opencontrail_analyticsdb_container_name: opencontrail_analyticsdb_1
# Temprorary fix for MOS9 packages to pin old version of kafka
diff --git a/opencontrail/control/cluster4_0.yml b/opencontrail/control/cluster4_0.yml
index 129639c..6859b9c 100644
--- a/opencontrail/control/cluster4_0.yml
+++ b/opencontrail/control/cluster4_0.yml
@@ -15,14 +15,13 @@
opencontrail_zookeeper_log_dir: '/var/log/zookeeper'
opencontrail_version: 4.0
linux_repo_contrail_component: oc40
- opencontrail_image_tag: latest
opencontrail_message_queue_node01_address: ${_param:openstack_control_node01_address}
opencontrail_message_queue_node02_address: ${_param:openstack_control_node02_address}
opencontrail_message_queue_node03_address: ${_param:openstack_control_node03_address}
opencontrail_message_queue_address: ${_param:openstack_control_address}
- opencontrail_analytics_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analytics:${_param:opencontrail_image_tag}
- opencontrail_analyticsdb_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analyticsdb:${_param:opencontrail_image_tag}
- opencontrail_controller_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-controller:${_param:opencontrail_image_tag}
+ opencontrail_analytics_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analytics:${_param:opencontrail_docker_image_tag}
+ opencontrail_analyticsdb_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analyticsdb:${_param:opencontrail_docker_image_tag}
+ opencontrail_controller_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-controller:${_param:opencontrail_docker_image_tag}
opencontrail_controller_container_name: opencontrail_controller_1
opencontrail_analytics_container_name: opencontrail_analytics_1
opencontrail_analyticsdb_container_name: opencontrail_analyticsdb_1
diff --git a/opencontrail/control/cluster4_0_k8s.yml b/opencontrail/control/cluster4_0_k8s.yml
index e8d8b59..77c036d 100644
--- a/opencontrail/control/cluster4_0_k8s.yml
+++ b/opencontrail/control/cluster4_0_k8s.yml
@@ -9,14 +9,13 @@
opencontrail_kafka_log_dir: '/usr/share/kafka/logs'
opencontrail_version: 4.0
linux_repo_contrail_component: oc40
- opencontrail_image_tag: latest
opencontrail_message_queue_node01_address: ${_param:openstack_control_node01_address}
opencontrail_message_queue_node02_address: ${_param:openstack_control_node02_address}
opencontrail_message_queue_node03_address: ${_param:openstack_control_node03_address}
opencontrail_message_queue_address: ${_param:openstack_control_address}
- opencontrail_analytics_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analytics:${_param:opencontrail_image_tag}
- opencontrail_analyticsdb_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analyticsdb:${_param:opencontrail_image_tag}
- opencontrail_controller_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-controller:${_param:opencontrail_image_tag}
+ opencontrail_analytics_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analytics:${_param:opencontrail_docker_image_tag}
+ opencontrail_analyticsdb_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analyticsdb:${_param:opencontrail_docker_image_tag}
+ opencontrail_controller_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-controller:${_param:opencontrail_docker_image_tag}
opencontrail_controller_container_name: opencontrail_controller_1
opencontrail_analytics_container_name: opencontrail_analytics_1
opencontrail_analyticsdb_container_name: opencontrail_analyticsdb_1
diff --git a/opencontrail/control/control4_0.yml b/opencontrail/control/control4_0.yml
index a6dd1a0..bc37f8e 100644
--- a/opencontrail/control/control4_0.yml
+++ b/opencontrail/control/control4_0.yml
@@ -7,14 +7,13 @@
_param:
opencontrail_version: 4.0
linux_repo_contrail_component: oc40
- opencontrail_image_tag: latest
opencontrail_host_configdb_log_dir: '/var/log/configdb'
opencontrail_cassandra_log_dir: '/var/log/cassandra'
opencontrail_zookeeper_log_dir: '/var/log/zookeeper'
opencontrail_message_queue_node01_address: ${_param:openstack_message_queue_node01_address}
opencontrail_message_queue_node02_address: ${_param:openstack_message_queue_node02_address}
opencontrail_message_queue_node03_address: ${_param:openstack_message_queue_node03_address}
- opencontrail_controller_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-controller:${_param:opencontrail_image_tag}
+ opencontrail_controller_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-controller:${_param:opencontrail_docker_image_tag}
opencontrail_controller_container_name: opencontrail_controller_1
opencontrail_api_workers_count: 6
analytics_vip_address: ${_param:opencontrail_analytics_address}
diff --git a/opencontrail/control/single4_0.yml b/opencontrail/control/single4_0.yml
index 342eb98..89768d3 100644
--- a/opencontrail/control/single4_0.yml
+++ b/opencontrail/control/single4_0.yml
@@ -9,10 +9,9 @@
opencontrail_kafka_log_dir: '/usr/share/kafka/logs'
opencontrail_version: 4.0
linux_repo_contrail_component: oc40
- opencontrail_image_tag: latest
- opencontrail_analytics_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analytics:${_param:opencontrail_image_tag}
- opencontrail_analyticsdb_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analyticsdb:${_param:opencontrail_image_tag}
- opencontrail_controller_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-controller:${_param:opencontrail_image_tag}
+ opencontrail_analytics_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analytics:${_param:opencontrail_docker_image_tag}
+ opencontrail_analyticsdb_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analyticsdb:${_param:opencontrail_docker_image_tag}
+ opencontrail_controller_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-controller:${_param:opencontrail_docker_image_tag}
opencontrail_controller_container_name: opencontrail_controller_1
opencontrail_analytics_container_name: opencontrail_analytics_1
opencontrail_analyticsdb_container_name: opencontrail_analyticsdb_1
diff --git a/openssh/server/team/mcp_ci.yml b/openssh/server/team/mcp_ci.yml
index 829839e..4bdf615 100644
--- a/openssh/server/team/mcp_ci.yml
+++ b/openssh/server/team/mcp_ci.yml
@@ -1,67 +1,9 @@
+classes:
+- system.openssh.server.team.members.dburmistrov
+- system.openssh.server.team.members.sotpuschennikov
+# Deprecated users
+- system.openssh.server.team.members.deprecated.dkaiharodsev
+- system.openssh.server.team.members.deprecated.rkamaldinov
parameters:
_param:
linux_system_user_sudo: true
- linux:
- system:
- user:
- rkamaldinov:
- enabled: true
- name: rkamaldinov
- sudo: true
- full_name: Ruslan Kamaldinov
- home: /home/rkamaldinov
- email: rkamaldinov@mirantis.com
- dburmistrov:
- enabled: true
- name: dburmistrov
- sudo: true
- full_name: Dmitrii Burmistrov
- home: /home/dburmistrov
- email: dburmistrov@mirantis.com
- dkaiharodsev:
- enabled: true
- name: dkaiharodsev
- sudo: true
- full_name: Dmytro Kaiharodtsev
- home: /home/dkaiharodsev
- email: dkaiharodsev@mirantis.com
- sotpuschennikov:
- enabled: true
- name: sotpuschennikov
- sudo: true
- full_name: Sergey Otpuschennikov
- home: /home/sotpuschennikov
- email: sotpuschennikov@mirantis.com
- openssh:
- server:
- enabled: true
- user:
- rkamaldinov:
- enabled: true
- public_keys:
- - ${public_keys:rkamaldinov}
- user: ${linux:system:user:rkamaldinov}
- dburmistrov:
- enabled: true
- public_keys:
- - ${public_keys:dburmistrov}
- user: ${linux:system:user:dburmistrov}
- dkaiharodsev:
- enabled: true
- public_keys:
- - ${public_keys:dkaiharodsev}
- user: ${linux:system:user:dkaiharodsev}
- sotpuschennikov:
- enabled: true
- public_keys:
- - ${public_keys:sotpuschennikov}
- user: ${linux:system:user:sotpuschennikov}
- public_keys:
- rkamaldinov:
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCzeIFxatNuXWuaTomcGDTMlpqiF6KlK47BSO5yIpfWHTL7o0OFsQArB4UeZ9AC7JHQg1bpxzscJxz8Xj3tA1f8yOCrepR8LbWh7L6a1hMhSCJPK9QLUHPCLV4PW0ghq46Um8ekxMbEqGM/rrKP+GeYxNFUxJMHCkKbZAsV+BV8amuJHQkYt29GP/hgYyZEoWKErqoQ/uGQ0qWEMVQsnus6M3p3c/v1J4JtbbrmRBjyrPx/Tjinw6K2sgocgBZT7vVb4PYwbONi1IAclkPJIyrSNEavZ4MbK93ZXNQCV7rkUbKmHT71Qle34/ks9zyERJ3RgB+pWgQqCjtmJeV51V1 rkamaldinov@mirantis.com
- dburmistrov:
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPKldN0BL6C/pmjkKyaSUw9OTUQAumWLCgNPyLVGZIuYPyFs9GqvKgHVm0QChm1OLhnQuA1wxGW5piBtqaDCTyLbKb/ANR3nhO1rqX5LTwZS2W2I0ImP47HUpnxqsBl15/y9hY2JDHZ7qrd7zNqCD+uCkf9l9qA9BmN1aMSKm07fqaaUfhnl3AocxsPX4X4eHfzy7hPJdzrHEcHbGoLLEd8ahJLkHKieWF1lAI++fIhETPF41+ZbH7MBBG4qw/UhhYAgLP3YAEWwvm/J3DtRqGkpSvH2U21hmAlgJHwxtoCD9Q1jKpH5+BDTvqJIXu0K7Gcl00xbeNYyHrwTVsldFX dburmistrov@mirantis.com
- dkaiharodsev:
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSz9eH08GDUOSEDReJAIdjDCoYaoTwg1SSzYNwPRO/evJBeqYwRvZmxzITKq+1qy4jXnpa3ZpuBdaUebqKri2VtvMGmBrWtP8Ojbg3kNPjKOfvrW4cCyJE0yrnW03TULnRgrnf4/WXLK0dnHxL39AmlVjQTVS4pbx73XjyPoVjJbk4PXq37F5cLyyLj4aeWmCcPWn7MLsEC4RUkDwHy3DsDNdgKOlUSHmmOfVy9GBwVbXwVyYbq732Qm0Qqf/2zlJi84LgXOH2irv5HRTMDQ2Wey5Amcl7VpK8OMvtN4R8Sb7c3mgsmM/b/h+gefl0Y/vQfsSSi8GCPhmBoNT4FBgZ dkaiharodsev@dkaiharodsev-pc
- sotpuschennikov:
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDO/nNs4MF5ZOCooLxF+zrxVmuJa9URzAqIQG5eZkhWvSAnrYREN15BN6dlcixA+Ro4YsHY6iSHzsaanr8onNu89yZdCkHIqLZ8+DcBefpoVXcsLZzeXwNNqr9sUjHEJCTesI5dJcEe/222LjwzAdTW1Xv/o3mgVAwt+4XsQ2IPAlxl3LfJOlCQdC/0sL5FMFX6LwMonLBss3B/J45atXgPL1Dx9WKTP0QrJHaX+vh+Xj2PK9yXcB2hJhFP0IULmUqGkYgDw/mh2DiHSiCQUPGZDo49MIw4WqEwqpQKcJGjD0Ihy2pjzwI9ZUzCNWe+bUcqDdl/9SH4YsNbfaK4Te6H pers@sotpuschennikov
diff --git a/openssh/server/team/members/dburmistrov.yml b/openssh/server/team/members/dburmistrov.yml
new file mode 100644
index 0000000..adcdafb
--- /dev/null
+++ b/openssh/server/team/members/dburmistrov.yml
@@ -0,0 +1,19 @@
+parameters:
+ linux:
+ system:
+ user:
+ dburmistrov:
+ email: dburmistrov@mirantis.com
+ enabled: true
+ full_name: Dmitrii Burmistrov
+ home: /home/dburmistrov
+ name: dburmistrov
+ sudo: ${_param:linux_system_user_sudo}
+ openssh:
+ server:
+ user:
+ dburmistrov:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPKldN0BL6C/pmjkKyaSUw9OTUQAumWLCgNPyLVGZIuYPyFs9GqvKgHVm0QChm1OLhnQuA1wxGW5piBtqaDCTyLbKb/ANR3nhO1rqX5LTwZS2W2I0ImP47HUpnxqsBl15/y9hY2JDHZ7qrd7zNqCD+uCkf9l9qA9BmN1aMSKm07fqaaUfhnl3AocxsPX4X4eHfzy7hPJdzrHEcHbGoLLEd8ahJLkHKieWF1lAI++fIhETPF41+ZbH7MBBG4qw/UhhYAgLP3YAEWwvm/J3DtRqGkpSvH2U21hmAlgJHwxtoCD9Q1jKpH5+BDTvqJIXu0K7Gcl00xbeNYyHrwTVsldFX dburmistrov@mirantis.com
+ user: ${linux:system:user:dburmistrov}
diff --git a/openssh/server/team/members/deprecated/dkaiharodsev.yml b/openssh/server/team/members/deprecated/dkaiharodsev.yml
new file mode 100644
index 0000000..9fb83de
--- /dev/null
+++ b/openssh/server/team/members/deprecated/dkaiharodsev.yml
@@ -0,0 +1,16 @@
+parameters:
+ linux:
+ system:
+ user:
+ dkaiharodsev:
+ email: disabled
+ enabled: false
+ full_name: disabled
+ home: /home/dkaiharodsev
+ name: dkaiharodsev
+ openssh:
+ server:
+ user:
+ dkaiharodsev:
+ enabled: false
+ user: ${linux:system:user:dkaiharodsev}
diff --git a/openssh/server/team/members/deprecated/rkamaldinov.yml b/openssh/server/team/members/deprecated/rkamaldinov.yml
new file mode 100644
index 0000000..de65cad
--- /dev/null
+++ b/openssh/server/team/members/deprecated/rkamaldinov.yml
@@ -0,0 +1,16 @@
+parameters:
+ linux:
+ system:
+ user:
+ rkamaldinov:
+ email: disabled
+ enabled: false
+ full_name: disabled
+ home: /home/rkamaldinov
+ name: rkamaldinov
+ openssh:
+ server:
+ user:
+ rkamaldinov:
+ enabled: false
+ user: ${linux:system:user:rkamaldinov}
diff --git a/openssh/server/team/members/kalmog.yml b/openssh/server/team/members/kalmog.yml
new file mode 100644
index 0000000..d4f7ceb
--- /dev/null
+++ b/openssh/server/team/members/kalmog.yml
@@ -0,0 +1,19 @@
+parameters:
+ linux:
+ system:
+ user:
+ kalmog:
+ enabled: true
+ name: kalmog
+ sudo: ${_param:linux_system_user_sudo}
+ full_name: Karen Almog
+ home: /home/kalmog
+ email: kalmog@mirantis.com
+ openssh:
+ server:
+ user:
+ kalmog:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCbyRCfyI5STokPerwEDC1DQobZTxbg60bST87dc4Wnm3PY7qciGUgLR5CLR3olxsG+OyqbloXg/YZPh/rlDPZMuanxdpZOz1CRPUfF7s/+sISDOVkA2HOfGWOa8+f2SIHUM5PDgCim9hJ7SkKN3OGdBZS/DM8byjx7hDh6vd/KnoJR8M2plzr/xWkz1TwgL/S8mvB1HcnfWcGH+JatweMTSBNW0f/qwI5V2pRFyjKlSjZdDJzORMT4mbTveyZfbJP6nJe0cNrZDmKqa9kcjjxUGtLpEi+8HRLavBhet5DHrgBAzlXL5WR3H3ESSeee9I7rqhIW/zhcG3xmE7tJh9+z7ZZghhQq1iqvjgtmEXplC1CnhTkEDdtB39FrWDpJYOZb6/pP3bHTHxhSwxg1kCX1nYN+ugUOKB6UKYK9HP1teagd4bQ4dY5QCEs70av/cDdLWQxagGGDIgcHV9gR8T+MHazmhBFSzxk/eVkxo9ype2EbbIdQjUFclzGiImY1kpPx00k1XgwCIILuePJD84qizwLfAsb73r+UG4I5XWdhgCDa1VD3rOOgihQ7x2bciWgWyXzWG8O1kmBMZ92YjMpVQqlCpJVqhT2DJOR+eqYzuSaaYYnhRL2eb45kYaJVK/XzoJlDj4cVwdJzoNEFrrQkoxLHTkcf2vTYqTYjKZeIJw==
+ user: ${linux:system:user:kalmog}
diff --git a/openssh/server/team/members/mrasskazov.yml b/openssh/server/team/members/mrasskazov.yml
index 825c150..2a5a137 100644
--- a/openssh/server/team/members/mrasskazov.yml
+++ b/openssh/server/team/members/mrasskazov.yml
@@ -15,5 +15,5 @@
mrasskazov:
enabled: true
public_keys:
- - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCysPXCuMbUjqjtO/n0jVZK13/uMA/TI6Qsdyciih6jWJLbd6FCL/GWvkykngLHGH9lVGFYsOPRiAmlh8gXfYohCZFYuHxE88GoiycvJGRGoBDdxd/beDca6nP4Peqlg3TUUum9PefULDiv3eVHKwX4BC9mGIR6bWB41O003OxJMwEN9lLGmWqxAlAdCUwRIm9TlgTu6Fq3ZIkjSwGsZg4E+saBLnUiOjwYWSwmTiB8WTR2b19lZhXFEovdVY3/gF8Td84WT1TDXeWBAvwmAcFLRPEx/AI1Nt4AhM1toMMoq64pYbGCOYSgI7DZR/2vtxGa0IjQclLZ+M8YktyNErc9
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4Bq2NQlTLLXUZapAx1R7glnJHchDV+zo/6GPSLKYjDJduTqcd+K9K5Q4n15Nvst97vI7AJRxVIhuLgByIPhCb4M73AGrj/9kD3NBy+fSEqL4/BSAz2HSnP88Z8gJS5PaePx0ze8aduPKIoBiX/qN90VaIG4yOthfdt7L6odpm+WhbcauOI87Tdp6WIQ29hDVrdj+4XzD5WJ36il5bxTia0mJohy8BZzIkuwpbOX5UV6+E8cuPRwFmFVdezOUsCLF6uvcMHwMVgyZ243oZdH+33E0FQ60pzcMgc/drhlQg7SsYxosqOoX8BXn7uLo3YMftRNJrp6cEK3vo8dgnEx59 mrasskazov@mirantis.com
user: ${linux:system:user:mrasskazov}
diff --git a/openssh/server/team/members/mvollman.yml b/openssh/server/team/members/mvollman.yml
new file mode 100644
index 0000000..a024a59
--- /dev/null
+++ b/openssh/server/team/members/mvollman.yml
@@ -0,0 +1,19 @@
+parameters:
+ linux:
+ system:
+ user:
+ mvollman:
+ enabled: true
+ name: mvollman
+ sudo: ${_param:linux_system_user_sudo}
+ full_name: Michael Vollman
+ home: /home/mvollman
+ email: mvollman@mirantis.com
+ openssh:
+ server:
+ user:
+ mvollman:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHxIRMQtpFHzKPCMe+pXJC3JrW3RiHyqU8XEDFXrhYsKG3TyDzMUktailF03QaVFfUTifQH5fMavnfJENV7syngoo8VL7Qm3wdvKbcCRczNKxiDIhQb1uCnQcKA2VA7ywDyyvtuQHxptx3G2D7B781/zugBNrkjhiyyUuSFzDHkqjWwRYm7wCEzMgzHeKbyXz3qCblp6CsSvOFreG/7tRGJFvjmY7+FENXN8uMeK4NPVeXIUNGI068EzpZPvEeMCzpYNRF9CPdkz5rF9/EsyljSSx5Ymb2RfDZshjaEE9LOF7k1VXM0DzXYBsz7XVP7B5/JxumQRYpyqPMZoDoojN1 mvollman@1308-MBP13
+ user: ${linux:system:user:mvollman}
diff --git a/openssh/server/team/members/sotpuschennikov.yml b/openssh/server/team/members/sotpuschennikov.yml
new file mode 100644
index 0000000..50bc471
--- /dev/null
+++ b/openssh/server/team/members/sotpuschennikov.yml
@@ -0,0 +1,19 @@
+parameters:
+ linux:
+ system:
+ user:
+ sotpuschennikov:
+ email: sotpuschennikov@mirantis.com
+ enabled: true
+ full_name: Sergey Otpuschennikov
+ home: /home/sotpuschennikov
+ name: sotpuschennikov
+ sudo: ${_param:linux_system_user_sudo}
+ openssh:
+ server:
+ user:
+ sotpuschennikov:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDO/nNs4MF5ZOCooLxF+zrxVmuJa9URzAqIQG5eZkhWvSAnrYREN15BN6dlcixA+Ro4YsHY6iSHzsaanr8onNu89yZdCkHIqLZ8+DcBefpoVXcsLZzeXwNNqr9sUjHEJCTesI5dJcEe/222LjwzAdTW1Xv/o3mgVAwt+4XsQ2IPAlxl3LfJOlCQdC/0sL5FMFX6LwMonLBss3B/J45atXgPL1Dx9WKTP0QrJHaX+vh+Xj2PK9yXcB2hJhFP0IULmUqGkYgDw/mh2DiHSiCQUPGZDo49MIw4WqEwqpQKcJGjD0Ihy2pjzwI9ZUzCNWe+bUcqDdl/9SH4YsNbfaK4Te6H pers@sotpuschennikov
+ user: ${linux:system:user:sotpuschennikov}
diff --git a/openssh/server/team/services.yml b/openssh/server/team/services.yml
index 65e3cb1..9c74edb 100644
--- a/openssh/server/team/services.yml
+++ b/openssh/server/team/services.yml
@@ -25,6 +25,7 @@
- system.openssh.server.team.members.isviridov
- system.openssh.server.team.members.cdodda
- system.openssh.server.team.members.lmendes
+- system.openssh.server.team.members.kalmog
parameters:
_param:
linux_system_user_sudo: true
diff --git a/openssh/server/team/storage.yml b/openssh/server/team/storage.yml
index 075b9d1..f22cbf9 100644
--- a/openssh/server/team/storage.yml
+++ b/openssh/server/team/storage.yml
@@ -1,3 +1,4 @@
classes:
- system.openssh.server.team.members.akiseleva
- system.openssh.server.team.members.mlos
+- system.openssh.server.team.members.mvollman
diff --git a/salt/minion/cert/libvirtd/client.yml b/salt/minion/cert/libvirtd/client.yml
index 31c1b32..d7af492 100644
--- a/salt/minion/cert/libvirtd/client.yml
+++ b/salt/minion/cert/libvirtd/client.yml
@@ -8,7 +8,10 @@
libvirtd_client:
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
- common_name: ${linux:system:name}.${_param:cluster_domain}
+ # NOTE(vsaienko) according to RFC2380 CN is limited to 63 chars
+ # Set CN without domain name to fit this requirement.
+ # FQDN is included into alternative names field.
+ common_name: ${linux:system:name}
signing_policy: cert_client
alternative_names: >
IP:${_param:cluster_local_address},
diff --git a/salt/minion/cert/libvirtd/server.yml b/salt/minion/cert/libvirtd/server.yml
index b091d86..261ce56 100644
--- a/salt/minion/cert/libvirtd/server.yml
+++ b/salt/minion/cert/libvirtd/server.yml
@@ -8,7 +8,10 @@
libvirtd_server:
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
- common_name: ${linux:system:name}.${_param:cluster_domain}
+ # NOTE(vsaienko) according to RFC2380 CN is limited to 63 chars
+ # Set CN without domain name to fit this requirement.
+ # FQDN is included into alternative names field.
+ common_name: ${linux:system:name}
signing_policy: cert_server
alternative_names: >
IP:${_param:cluster_local_address},
diff --git a/salt/minion/cert/libvirtd/vnc_server.yml b/salt/minion/cert/libvirtd/vnc_server.yml
index ae35ff2..2929869 100644
--- a/salt/minion/cert/libvirtd/vnc_server.yml
+++ b/salt/minion/cert/libvirtd/vnc_server.yml
@@ -10,7 +10,10 @@
qemu_vnc_server:
host: ${_param:salt_minion_ca_host}
authority: ${_param:qemu_vnc_ca_authority}
- common_name: ${linux:system:name}.${_param:cluster_domain}
+ # NOTE(vsaienko) according to RFC2380 CN is limited to 63 chars
+ # Set CN without domain name to fit this requirement.
+ # FQDN is included into alternative names field.
+ common_name: ${linux:system:name}
signing_policy: cert_server
alternative_names: >
IP:${_param:cluster_local_address},