Merge "Add opencontrail_node_role parameter for contrail nodes"
diff --git a/artifactory/client/init.yml b/artifactory/client/init.yml
index bd69bd3..381681e 100644
--- a/artifactory/client/init.yml
+++ b/artifactory/client/init.yml
@@ -329,7 +329,8 @@
pypi-remote:
rclass: remote
packageType: pypi
- url: https://pypi.python.org
+ url: https://files.pythonhosted.org
+ pyPIRegistryUrl: https://pypi.org
unusedArtifactsCleanupEnabled: true
unusedArtifactsCleanupPeriodHours: 720
diff --git a/cinder/control/cluster.yml b/cinder/control/cluster.yml
index e34f55c..b56f46f 100644
--- a/cinder/control/cluster.yml
+++ b/cinder/control/cluster.yml
@@ -83,4 +83,7 @@
port: 11211
- host: ${_param:cluster_node03_address}
port: 11211
-
+ security:
+ enabled: ${_param:cinder_memcache_security_enabled}
+ strategy: ${_param:openstack_memcache_security_strategy}
+ secret_key: ${_param:cinder_memcache_secret_key}
diff --git a/cinder/control/single.yml b/cinder/control/single.yml
index 46bf972..6776835 100644
--- a/cinder/control/single.yml
+++ b/cinder/control/single.yml
@@ -39,4 +39,8 @@
cert_file: ${_param:rabbitmq_cinder_client_ssl_cert_file}
ssl:
enabled: ${_param:rabbitmq_ssl_enabled}
-
+ cache:
+ security:
+ enabled: ${_param:cinder_memcache_security_enabled}
+ strategy: ${_param:openstack_memcache_security_strategy}
+ secret_key: ${_param:cinder_memcache_secret_key}
diff --git a/cinder/volume/local.yml b/cinder/volume/local.yml
index 52f45db..2e7f8de 100644
--- a/cinder/volume/local.yml
+++ b/cinder/volume/local.yml
@@ -30,3 +30,8 @@
identity:
host: ${_param:single_address}
region: ${_param:openstack_region}
+ cache:
+ security:
+ enabled: ${_param:cinder_memcache_security_enabled}
+ strategy: ${_param:openstack_memcache_security_strategy}
+ secret_key: ${_param:cinder_memcache_secret_key}
diff --git a/cinder/volume/single.yml b/cinder/volume/single.yml
index 35902b8..c3115e1 100644
--- a/cinder/volume/single.yml
+++ b/cinder/volume/single.yml
@@ -43,3 +43,8 @@
host: ${_param:openstack_control_address}
protocol: ${_param:cluster_internal_protocol}
region: ${_param:openstack_region}
+ cache:
+ security:
+ enabled: ${_param:cinder_memcache_security_enabled}
+ strategy: ${_param:openstack_memcache_security_strategy}
+ secret_key: ${_param:cinder_memcache_secret_key}
diff --git a/defaults/openstack/init.yml b/defaults/openstack/init.yml
index c5464d3..49ad5c6 100644
--- a/defaults/openstack/init.yml
+++ b/defaults/openstack/init.yml
@@ -9,3 +9,9 @@
# Openstack memcache security
openstack_memcache_security_enabled: False
openstack_memcache_security_strategy: 'ENCRYPT'
+ # Neutron
+ neutron_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
+ neutron_memcache_secret_key: ''
+ # Cinder
+ cinder_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
+ cinder_memcache_secret_key: ''
diff --git a/docker/swarm/network/operations_api_backend.yml b/docker/swarm/network/operations_api_backend.yml
new file mode 100644
index 0000000..f23c239
--- /dev/null
+++ b/docker/swarm/network/operations_api_backend.yml
@@ -0,0 +1,10 @@
+parameters:
+ _param:
+ docker_operations_api_network_subnet: 10.80.0.0/24
+ docker:
+ client:
+ network:
+ operations_api_backend:
+ subnet: ${_param:docker_operations_api_network_subnet}
+ driver: overlay
+ attachable: true
diff --git a/docker/swarm/stack/keycloak.yml b/docker/swarm/stack/keycloak.yml
index c712fda..e613637 100644
--- a/docker/swarm/stack/keycloak.yml
+++ b/docker/swarm/stack/keycloak.yml
@@ -2,7 +2,7 @@
_param:
docker_keycloak_server_replicas: 1
docker_keycloak_proxy_replicas: 1
- docker_image_keycloak_server: jboss/keycloak:3.4.2.Final
+ docker_image_keycloak_server: jboss/keycloak:4.5.0.Final
docker_image_keycloak_proxy: jboss/keycloak-proxy:3.4.2.Final
keycloak_bind_port: ${_param:haproxy_keycloak_bind_port}
keycloak_proxy_bind_port: ${_param:haproxy_keycloak_proxy_bind_port}
@@ -16,6 +16,7 @@
environment:
KEYCLOAK_USER: ${_param:keycloak_admin_username}
KEYCLOAK_PASSWORD: ${_param:keycloak_admin_password}
+ KEYCLOAK_IMPORT: "/app/realms.json"
service:
keycloak-server:
image: ${_param:docker_image_keycloak_server}
diff --git a/docker/swarm/stack/operations_api.yml b/docker/swarm/stack/operations_api.yml
new file mode 100644
index 0000000..51cdeae
--- /dev/null
+++ b/docker/swarm/stack/operations_api.yml
@@ -0,0 +1,59 @@
+parameters:
+ _param:
+ docker_operations_api_replicas: 1
+ docker_image_operations_api: mirantis/python-operations-api:latest
+ operations_api_oidc_client_secrets: 'operations_api/config/client_secrets_docker.json'
+ operations_api_sqlalchemy_database_uri: 'cockroachdb://oapi@cockroach-ui:26257/oapi'
+ operations_api_sqlalchemy_echo: 'false'
+ operations_api_flask_debug: 'false'
+ operations_api_bind_host: 0.0.0.0
+ operations_api_bind_port: ${_param:haproxy_operations_api_bind_port}
+ docker_image_cockroachdb: cockroachdb/cockroach:latest
+ docker:
+ client:
+ stack:
+ operations_api:
+ service:
+ operations-api:
+ environment:
+ OAPI_OIDC_CLIENT_SECRETS: ${_param:operations_api_oidc_client_secrets}
+ OAPI_SQLALCHEMY_DATABASE_URI: ${_param:operations_api_sqlalchemy_database_uri}
+ OAPI_SQLALCHEMY_ECHO: ${_param:operations_api_sqlalchemy_echo}
+ OAPI_FLASK_DEBUG: ${_param:operations_api_flask_debug}
+ OAPI_FLASK_SECRET_KEY: ${_param:operations_api_flask_secret_key}
+ OAPI_FLASK_SERVER_HOST: ${_param:operations_api_bind_host}
+ OAPI_FLASK_SERVER_PORT: ${_param:operations_api_bind_port}
+ image: ${_param:docker_image_operations_api}
+ deploy:
+ replicas: ${_param:docker_operations_api_replicas}
+ restart_policy:
+ condition: any
+ ports:
+ - ${_param:haproxy_operations_api_exposed_port}:${_param:haproxy_operations_api_bind_port}
+ volumes:
+ - /srv/volumes/operations_api/logs/:/var/log/operations_api
+ cockroach-ui:
+ image: ${_param:docker_image_cockroachdb}
+ ports:
+ - ${_param:haproxy_cockroachdb_ui_exposed_port}:${_param:haproxy_cockroachdb_ui_bind_port}
+ command: start --insecure
+ cockroach-db-1:
+ image: cockroachdb/cockroach
+ command: start --insecure --join=cockroach-ui
+ depends_on:
+ - cockroach-ui
+ volumes:
+ - /srv/volumes/cockroachdb/cockroach-db-1:/cockroach/cockroach-data
+ cockroach-init:
+ environment:
+ COCKROACH_HOST: cockroach-ui
+ image: atengler/cockroach
+ deploy:
+ restart_policy:
+ condition: on-failure
+ depends_on:
+ - cockroach-db-1
+ network:
+ default:
+ external:
+ name: operations_api_backend
diff --git a/glance/control/cluster.yml b/glance/control/cluster.yml
index da4b9e8..de8e9ae 100644
--- a/glance/control/cluster.yml
+++ b/glance/control/cluster.yml
@@ -6,6 +6,9 @@
- system.salt.minion.cert.mysql.clients.openstack.glance
- system.salt.minion.cert.rabbitmq.clients.openstack.glance
parameters:
+ _param:
+ glance_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
+ glance_memcache_secret_key: ''
linux:
system:
cron:
@@ -69,6 +72,11 @@
cert_file: ${_param:rabbitmq_glance_client_ssl_cert_file}
ssl:
enabled: ${_param:rabbitmq_ssl_enabled}
+ cache:
+ security:
+ enabled: ${_param:glance_memcache_security_enabled}
+ strategy: ${_param:openstack_memcache_security_strategy}
+ secret_key: ${_param:glance_memcache_secret_key}
storage:
engine: file
images: []
diff --git a/glance/control/single.yml b/glance/control/single.yml
index 34e3e96..ad6e1cb 100644
--- a/glance/control/single.yml
+++ b/glance/control/single.yml
@@ -3,6 +3,9 @@
- system.salt.minion.cert.mysql.clients.openstack.glance
- system.salt.minion.cert.rabbitmq.clients.openstack.glance
parameters:
+ _param:
+ glance_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
+ glance_memcache_secret_key: ''
linux:
system:
cron:
@@ -40,3 +43,8 @@
cert_file: ${_param:rabbitmq_glance_client_ssl_cert_file}
ssl:
enabled: ${_param:rabbitmq_ssl_enabled}
+ cache:
+ security:
+ enabled: ${_param:glance_memcache_security_enabled}
+ strategy: ${_param:openstack_memcache_security_strategy}
+ secret_key: ${_param:glance_memcache_secret_key}
diff --git a/haproxy/proxy/listen/cicd/operations_api.yml b/haproxy/proxy/listen/cicd/operations_api.yml
new file mode 100644
index 0000000..14bb44a
--- /dev/null
+++ b/haproxy/proxy/listen/cicd/operations_api.yml
@@ -0,0 +1,76 @@
+parameters:
+ _param:
+ haproxy_operations_api_bind_host: ${_param:haproxy_bind_address}
+ haproxy_operations_api_bind_port: 8001
+ haproxy_operations_api_exposed_port: 18001
+ haproxy_cockroachdb_ui_bind_host: ${_param:haproxy_bind_address}
+ haproxy_cockroachdb_ui_bind_port: 8080
+ haproxy_cockroachdb_ui_exposed_port: 18080
+ haproxy_operations_api_ssl:
+ enabled: false
+ haproxy_cockroachdb_ui_ssl:
+ enabled: false
+ haproxy:
+ proxy:
+ listen:
+ operations_api:
+ mode: http
+ options:
+ - forwardfor
+ - httpchk GET /api/v1/
+ - httpclose
+ - httplog
+ balance: source
+ http_request:
+ - action: "add-header X-Forwarded-Proto https"
+ condition: "if { ssl_fc }"
+ sticks:
+ - http-check expect string 'API'
+ binds:
+ - address: ${_param:haproxy_operations_api_bind_host}
+ port: ${_param:haproxy_operations_api_bind_port}
+ ssl: ${_param:haproxy_operations_api_ssl}
+ servers:
+ - name: ${_param:cluster_node01_name}
+ host: ${_param:cluster_node01_address}
+ port: ${_param:haproxy_operations_api_exposed_port}
+ params: check
+ - name: ${_param:cluster_node02_name}
+ host: ${_param:cluster_node02_address}
+ port: ${_param:haproxy_operations_api_exposed_port}
+ params: backup check
+ - name: ${_param:cluster_node03_name}
+ host: ${_param:cluster_node03_address}
+ port: ${_param:haproxy_operations_api_exposed_port}
+ params: backup check
+ cockroachdb_ui:
+ mode: http
+ balance: source
+ options:
+ - forwardfor
+ - httpchk GET /#/overview/list
+ - httpclose
+ - httplog
+ balance: source
+ http_request:
+ - action: "add-header X-Forwarded-Proto https"
+ condition: "if { ssl_fc }"
+ sticks:
+ - http-check expect string 'CLUSTER OVERVIEW'
+ binds:
+ - address: ${_param:haproxy_cockroachdb_ui_bind_host}
+ port: ${_param:haproxy_cockroachdb_ui_bind_port}
+ ssl: ${_param:haproxy_cockroachdb_ui_ssl}
+ servers:
+ - name: ${_param:cluster_node01_name}
+ host: ${_param:cluster_node01_address}
+ port: ${_param:haproxy_cockroachdb_ui_exposed_port}
+ params: check
+ - name: ${_param:cluster_node02_name}
+ host: ${_param:cluster_node02_address}
+ port: ${_param:haproxy_cockroachdb_ui_exposed_port}
+ params: backup check
+ - name: ${_param:cluster_node03_name}
+ host: ${_param:cluster_node03_address}
+ port: ${_param:haproxy_cockroachdb_ui_exposed_port}
+ params: backup check
diff --git a/jenkins/client/job/deploy/update/kubernetes_update.yml b/jenkins/client/job/deploy/update/kubernetes_update.yml
index 11279ed..4100384 100644
--- a/jenkins/client/job/deploy/update/kubernetes_update.yml
+++ b/jenkins/client/job/deploy/update/kubernetes_update.yml
@@ -26,11 +26,11 @@
param:
KUBERNETES_HYPERKUBE_IMAGE:
type: string
- default: "${_param:kubernetes_hyperkube_repo}/hyperkube-amd64:v1.10.4-4"
+ default: "${_param:kubernetes_hyperkube_repo}/hyperkube-amd64:v1.11.3-2"
description: "Versioned image to update control plane from. Should be null if update rolling via reclass-system level"
KUBERNETES_PAUSE_IMAGE:
type: string
- default: "${_param:kubernetes_hyperkube_repo}/pause-amd64:v1.10.4-4"
+ default: "${_param:kubernetes_hyperkube_repo}/pause-amd64:v1.11.3-2"
description: "Versioned pause image to use in deployments. Should be null if update rolling via reclass-system level"
SALT_MASTER_URL:
type: string
@@ -60,5 +60,21 @@
description: "Salt targeted kubernetes CTL nodes (ex. I@kubernetes:master). Kubernetes control plane"
CMP_TARGET:
type: string
- default: "cmp* and I@kubernetes:pool"
+ default: "I@kubernetes:pool and not I@kubernetes:master"
description: "Salt targeted compute nodes (ex. 'cmp* and I@kubernetes:pool') Kubernetes computes"
+ CONFORMANCE_RUN_AFTER:
+ type: boolean
+ default: "false"
+ description: "Run conformance tests after upgrade"
+ CONFORMANCE_RUN_BEFORE:
+ type: boolean
+ default: "false"
+ description: "Run conformance tests before upgrade"
+ TEST_K8S_API_SERVER:
+ type: string
+ default: "http://127.0.0.1:8080"
+ description: "Local kubernetes apiserver variable for conformance tests"
+ ARTIFACTORY_URL:
+ type: string
+ default: "docker-prod-local.docker.mirantis.com"
+ description: "Artifactory URL where docker images located. Needed to correctly fetch conformance images."
diff --git a/keycloak/server/realm/drivetrain.yml b/keycloak/server/realm/drivetrain.yml
new file mode 100644
index 0000000..42b3473
--- /dev/null
+++ b/keycloak/server/realm/drivetrain.yml
@@ -0,0 +1,76 @@
+parameters:
+ _param:
+ keycloak_drivetrain_users_dn: ou=people,dc=cicd,dc=local
+ keycloak_drivetrain_bind_dn: cn=admin,dc=cicd,dc=local
+ keycloak_drivetrain_connection_url: ldap://${_param:single_address}:1389
+ keycloak_drivetrain_provider_display_name: drivetrain-ldap
+ keycloak:
+ server:
+ realm:
+ drivetrain-realm:
+ enabled: true
+ client:
+ operations-api:
+ enabled: true
+ base_url: /operations-api-portal
+ redirect_uris:
+ - /operations-api-portal/*
+ admin_url: /operations-api-portal
+ direct_access_grants_enabled: true
+ secret: ${_param:keycloak_operations_api_client_secret}
+ protocol_mapper:
+ oidc-usermodel-property-mapper:
+ username:
+ name: username
+ user_attribute: username
+ claim_name: preferred_username
+ given_name:
+ name: given name
+ user_attribute: firstName
+ claim_name: given_name
+ family_name:
+ name: family name
+ user_attribute: lastName
+ claim_name: family_name
+ email:
+ name: email
+ user_attribute: email
+ claim_name: email
+ oidc-full-name-mapper:
+ full_name:
+ name: full_name
+ federation_provider:
+ ldap:
+ display_name: ${_param:keycloak_drivetrain_provider_display_name}
+ users_dn: ${_param:keycloak_drivetrain_users_dn}
+ bind_dn: ${_param:keycloak_drivetrain_bind_dn}
+ bind_credential: ${_param:keycloak_drivetrain_bind_credential}
+ connection_url: ${_param:keycloak_drivetrain_connection_url}
+ federation_mapper:
+ user-attribute-ldap-mapper:
+ username:
+ name: username
+ provider_display_name: ${_param:keycloak_drivetrain_provider_display_name}
+ ldap_attribute: uid
+ model_attribute: username
+ first_name:
+ name: first name
+ provider_display_name: ${_param:keycloak_drivetrain_provider_display_name}
+ ldap_attribute: givenName
+ model_attribute: firstName
+ last_name:
+ name: last name
+ provider_display_name: ${_param:keycloak_drivetrain_provider_display_name}
+ ldap_attribute: sn
+ model_attribute: lastName
+ email:
+ name: email
+ provider_display_name: ${_param:keycloak_drivetrain_provider_display_name}
+ ldap_attribute: mail
+ model_attribute: email
+ mandatory: false
+ role-ldap-mapper:
+ realm_roles:
+ name: realm roles
+ provider_display_name: ${_param:keycloak_drivetrain_provider_display_name}
+ roles_dn: ou=groups,dc=cicd,dc=local
diff --git a/keycloak/server/single.yml b/keycloak/server/single.yml
new file mode 100644
index 0000000..504532b
--- /dev/null
+++ b/keycloak/server/single.yml
@@ -0,0 +1,3 @@
+classes:
+- service.keycloak.server
+- system.keycloak.server.realm.drivetrain
diff --git a/linux/system/repo/aptly.yml b/linux/system/repo/aptly.yml
index 330ba03..87d816d 100644
--- a/linux/system/repo/aptly.yml
+++ b/linux/system/repo/aptly.yml
@@ -5,5 +5,5 @@
aptly:
source: "deb http://repo.aptly.info/ squeeze main"
architectures: amd64
- key_id: 9E3E53F19C7DE460
- key_server: keys.gnupg.net
+ key_id: ED75B5A4483DA07C
+ key_server: pool.sks-keyservers.net
diff --git a/linux/system/repo/duo.yml b/linux/system/repo/duo.yml
new file mode 100644
index 0000000..95db543
--- /dev/null
+++ b/linux/system/repo/duo.yml
@@ -0,0 +1,12 @@
+classes:
+- system.linux.system.repo.keystorage.duo
+parameters:
+ _param:
+ linux_system_repo_duo_url: http://pkg.duosecurity.com/Ubuntu
+ linux:
+ system:
+ repo:
+ duo:
+ key: ${_param:linux_system_repo_duo_key}
+ source: "deb [arch=amd64] ${_param:linux_system_repo_duo_url} ${_param:linux_system_codename} main"
+ architectures: amd64
diff --git a/linux/system/repo/keystorage/duo.yml b/linux/system/repo/keystorage/duo.yml
new file mode 100644
index 0000000..19caa67
--- /dev/null
+++ b/linux/system/repo/keystorage/duo.yml
@@ -0,0 +1,46 @@
+parameters:
+ _param:
+ # pub 1024D/15D32EFC 2013-09-05 [expires: 2020-08-22]
+ linux_system_repo_duo_key: |
+ -----BEGIN PGP PUBLIC KEY BLOCK-----
+ Version: GnuPG v2.0.22 (GNU/Linux)
+
+ mQGiBFIog+QRBACobW/uA1UTaWWDlAhwdQGi+KVOomTVsBA/POo/xXX24kU550o3
+ ngeM0ibqIc/ghLUkt4Q2j08x9NgNEzcSjdG5DboouqBrcF5CoN4DOFaiKGiMq1zL
+ 14ZmushOHE2Qb0gA0zzxo7GwD/6GSvsH3y1z49JJU5hcXNt9PINsE6KXbwCg+Ob+
+ qesaO7JhIPMiDLBrNh20bHsD/3KYrgGyLhbKKaYQtS9B7HUIyS3zagDmC9EU4OsW
+ Tgwo6oDm7OTZ0W9ZSmFJn9IYs7LLu4AeDJqL+pQ83CeHvT205zM6dlgLmUgGvp22
+ 4KJ0K9Wp54AP2NqX7ok2y5edI1CDejPm01ZZLd2POXkJgeS43oftvBtkAUl+W0dD
+ eHPfA/0ZSsV5CJ0qyaLCtnUsoWczXs460Zs4vxvKkuMdUBwZz9W1RyhBvWdsxn0l
+ 5cwk+rv/49VaYP97M2hPQtrAi7WkRtiU34ze/7Pkpv4+Qiwg9vQjZtMbwzYhWSXt
+ C3ps0SyuwkvcHWoCejnqkdlTeZpfeQMQAvjonMyBpdgH0sgf6LQyRHVvIFNlY3Vy
+ aXR5IFBhY2thZ2UgU2lnbmluZyA8ZGV2QGR1b3NlY3VyaXR5LmNvbT6IZgQTEQIA
+ JgIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheABQJbfxQqBQkNGPdGAAoJEBzJH8YV
+ 0y78WGMAoPSPCVhvfjJFj0c4UQgRHL9zApThAJ9W2f39jm6qCshHoltGRxFAPvel
+ y7kEDQRSKIVDEBAAiu/l6B3dn0jhLyQsszyAwA1RHh3u4a6a7B4niRX+8zQ8LkQh
+ VWADc9TXPgPiKxAZyivhgupk9CHkUaRpgyHm/jK5wIZCV6bgQ62QJymfE1FdF5m7
+ uuq9IvfY/GTWdVwLA/XOxMw6AJMR+WiwNTd0OvlxD1C8u3TZiwEjuPatWVhPfRlT
+ +ISgsntjf1DdnyjqLNsOFqj4IDV8nEPlzzNHAhS8axeJAnIMkDG6RyLK2cakZahw
+ R/2VYH4K0zjtguyfK/+w5Md9VlEsHgVKfef+Lwwbo/MJ6evsHoEYGr7CvzNxSlse
+ 2p+3J88YY7tcrlLQRlmhqf3YARS4mjPXnW3fIhlOjCcUStxIT6qvX1a9q7ap7yoP
+ KpmXiQKqivg8eWmTFp5UACWYdcX/FXDvamd/6fwEniOtvNcblP5jQcipUAepd9uK
+ A6hpN+uwJvp7kIqRvHB7OhZbjKLvkRishZAPvrRt6VUUdmX9fGj/KiqIVB1Xc7cE
+ 1JwybE+vtY4CSq2CGUYeo0A4a0mq1GCGE4U+00t6ci4xEBtp3+WYbyluZzyBf62l
+ m5mFmCZ4fqu19ULB6yzmzcFxmMtw3lYPIgs7VbVSF1GjJ1n1nyLZ6mc+mBdHkhrx
+ tueir0NP0yhwpjC+RngKdQCJkFaEbnNprZBi8PviuP7VKFCxSTePWYdwzaMAAwUP
+ /3e8bgmKChAzdQroO/4MI6xBe0rCKur11J6lWINsm7oqtvjixqbAViiCKKhpNEgS
+ XytDy77a9uUewjlhlVzKQV+4CZ58plxJd2ge0IvQagA5qW7/qr9QWd3h/cUWeuLb
+ eg5iHd/uXS5LePz/jzUHgzuDrrfv2AfvPMLR4fv6lt6mg0I8P2Su5rBWXpP+zybf
+ lj8CX+bt6ngxPIka8BOUwgfXfp4zwygB8YonpEV24dbgzeeT8cIJ9B67MNgprZjI
+ un/0qHMo47sQxATRcqJIO3n/d/m1Rrd6b33T40xVXWvKu9SEoJ94ZbugGCkgR8LT
+ 3ir42GCFIJUahkR5ObLa9d4H5Mo1FyKsp9MqZ2p0xji4eBsNDJegiJnW+BIzuBaI
+ io7kp9c8y+X1ew4MtRYsHaiaKybzINKHQeDNDgdKdno1bRSmuQ0pAa97bfgQRtNR
+ 4RbB9izjHrdz0FYzzSCCglUqwc4Fgc4Z/6gsIIl743MVJp6VKh8hOfQiE5JhzgxY
+ vuGS0zrdyPEtEBTgIdMviCabgZZQCMseajFoOfNfKdtVYunAS6+X+b1Qby4WDcIV
+ cde6FFvjvIM4HxS0OIob2ikXIltfIDoHli2QtsZa948QVrqGvqsfcQCjWcS8bVnb
+ KLlyAI2kz675GFDmj+BKJomA4z2VW5yXtWFMeYmDYYTliE8EGBECAA8CGwwFAlt/
+ FDoFCQ0Y9fcACgkQHMkfxhXTLvzPBwCgp38icsfj38GinpxMpGF02yxpemUAn1kr
+ WbTIiN63dr6gdz7hoZJ7PFmJ
+ =t1j7
+ -----END PGP PUBLIC KEY BLOCK-----
+
diff --git a/neutron/compute/cluster.yml b/neutron/compute/cluster.yml
index a9cf9c1..0523c3f 100644
--- a/neutron/compute/cluster.yml
+++ b/neutron/compute/cluster.yml
@@ -38,3 +38,8 @@
cert_file: ${_param:rabbitmq_neutron_client_ssl_cert_file}
ssl:
enabled: ${_param:rabbitmq_ssl_enabled}
+ cache:
+ security:
+ enabled: ${_param:neutron_memcache_security_enabled}
+ strategy: ${_param:openstack_memcache_security_strategy}
+ secret_key: ${_param:neutron_memcache_secret_key}
diff --git a/neutron/control/cluster.yml b/neutron/control/cluster.yml
index 52a91ea..4a196fa 100644
--- a/neutron/control/cluster.yml
+++ b/neutron/control/cluster.yml
@@ -39,5 +39,10 @@
ssl:
enabled: ${_param:galera_ssl_enabled}
role: ${_param:openstack_node_role}
+ cache:
+ security:
+ enabled: ${_param:neutron_memcache_security_enabled}
+ strategy: ${_param:openstack_memcache_security_strategy}
+ secret_key: ${_param:neutron_memcache_secret_key}
identity:
protocol: ${_param:cluster_internal_protocol}
diff --git a/neutron/control/single.yml b/neutron/control/single.yml
index 40bdea3..8db8ead 100644
--- a/neutron/control/single.yml
+++ b/neutron/control/single.yml
@@ -34,3 +34,8 @@
enabled: ${_param:rabbitmq_ssl_enabled}
identity:
protocol: ${_param:internal_protocol}
+ cache:
+ security:
+ enabled: ${_param:neutron_memcache_security_enabled}
+ strategy: ${_param:openstack_memcache_security_strategy}
+ secret_key: ${_param:neutron_memcache_secret_key}
diff --git a/neutron/gateway/cluster.yml b/neutron/gateway/cluster.yml
index 8f84fa1..bc51ab9 100644
--- a/neutron/gateway/cluster.yml
+++ b/neutron/gateway/cluster.yml
@@ -31,3 +31,8 @@
cert_file: ${_param:rabbitmq_neutron_client_ssl_cert_file}
ssl:
enabled: ${_param:rabbitmq_ssl_enabled}
+ cache:
+ security:
+ enabled: ${_param:neutron_memcache_security_enabled}
+ strategy: ${_param:openstack_memcache_security_strategy}
+ secret_key: ${_param:neutron_memcache_secret_key}
diff --git a/salt/master/formula/pkg/oss.yml b/salt/master/formula/pkg/oss.yml
index 45739d2..aade8cf 100644
--- a/salt/master/formula/pkg/oss.yml
+++ b/salt/master/formula/pkg/oss.yml
@@ -10,3 +10,6 @@
rundeck:
source: pkg
name: salt-formula-rundeck
+ keycloak:
+ source: pkg
+ name: salt-formula-keycloak
diff --git a/salt/minion/cert/mysql/clients/openstack/aodh.yml b/salt/minion/cert/mysql/clients/openstack/aodh.yml
index ba5ef52..ee1dccc 100644
--- a/salt/minion/cert/mysql/clients/openstack/aodh.yml
+++ b/salt/minion/cert/mysql/clients/openstack/aodh.yml
@@ -9,6 +9,7 @@
minion:
cert:
mysql-aodh-client:
+ enabled: ${_param:openstack_mysql_x509_enabled}
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
common_name: mysql-aodh-client
diff --git a/salt/minion/cert/mysql/clients/openstack/barbican.yml b/salt/minion/cert/mysql/clients/openstack/barbican.yml
index 8d158ee..c6476d3 100644
--- a/salt/minion/cert/mysql/clients/openstack/barbican.yml
+++ b/salt/minion/cert/mysql/clients/openstack/barbican.yml
@@ -9,6 +9,7 @@
minion:
cert:
mysql-barbican-client:
+ enabled: ${_param:openstack_mysql_x509_enabled}
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
common_name: mysql-barbican-client
diff --git a/salt/minion/cert/mysql/clients/openstack/cinder.yml b/salt/minion/cert/mysql/clients/openstack/cinder.yml
index 1ff053f..475132a 100644
--- a/salt/minion/cert/mysql/clients/openstack/cinder.yml
+++ b/salt/minion/cert/mysql/clients/openstack/cinder.yml
@@ -9,6 +9,7 @@
minion:
cert:
mysql-cinder-client:
+ enabled: ${_param:openstack_mysql_x509_enabled}
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
common_name: mysql-cinder-client
diff --git a/salt/minion/cert/mysql/clients/openstack/designate.yml b/salt/minion/cert/mysql/clients/openstack/designate.yml
index f66c59f..7910dfb 100644
--- a/salt/minion/cert/mysql/clients/openstack/designate.yml
+++ b/salt/minion/cert/mysql/clients/openstack/designate.yml
@@ -9,6 +9,7 @@
minion:
cert:
mysql-designate-client:
+ enabled: ${_param:openstack_mysql_x509_enabled}
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
common_name: mysql-designate-client
diff --git a/salt/minion/cert/mysql/clients/openstack/glance.yml b/salt/minion/cert/mysql/clients/openstack/glance.yml
index ab71174..436ac64 100644
--- a/salt/minion/cert/mysql/clients/openstack/glance.yml
+++ b/salt/minion/cert/mysql/clients/openstack/glance.yml
@@ -9,6 +9,7 @@
minion:
cert:
mysql-glance-client:
+ enabled: ${_param:openstack_mysql_x509_enabled}
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
common_name: mysql-glance-client
diff --git a/salt/minion/cert/mysql/clients/openstack/gnocchi.yml b/salt/minion/cert/mysql/clients/openstack/gnocchi.yml
index 1aa31c9..f6f7497 100644
--- a/salt/minion/cert/mysql/clients/openstack/gnocchi.yml
+++ b/salt/minion/cert/mysql/clients/openstack/gnocchi.yml
@@ -9,6 +9,7 @@
minion:
cert:
mysql-gnocchi-client:
+ enabled: ${_param:openstack_mysql_x509_enabled}
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
common_name: mysql-gnocchi-client
diff --git a/salt/minion/cert/mysql/clients/openstack/heat.yml b/salt/minion/cert/mysql/clients/openstack/heat.yml
index 1246dae..f338de7 100644
--- a/salt/minion/cert/mysql/clients/openstack/heat.yml
+++ b/salt/minion/cert/mysql/clients/openstack/heat.yml
@@ -9,6 +9,7 @@
minion:
cert:
mysql-heat-client:
+ enabled: ${_param:openstack_mysql_x509_enabled}
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
common_name: mysql-heat-client
diff --git a/salt/minion/cert/mysql/clients/openstack/ironic.yml b/salt/minion/cert/mysql/clients/openstack/ironic.yml
index fe4aa19..d43dc86 100644
--- a/salt/minion/cert/mysql/clients/openstack/ironic.yml
+++ b/salt/minion/cert/mysql/clients/openstack/ironic.yml
@@ -9,6 +9,7 @@
minion:
cert:
mysql-ironic-client:
+ enabled: ${_param:openstack_mysql_x509_enabled}
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
common_name: mysql-ironic-client
diff --git a/salt/minion/cert/mysql/clients/openstack/keystone.yml b/salt/minion/cert/mysql/clients/openstack/keystone.yml
index c0fe71d..69b100b 100644
--- a/salt/minion/cert/mysql/clients/openstack/keystone.yml
+++ b/salt/minion/cert/mysql/clients/openstack/keystone.yml
@@ -9,6 +9,7 @@
minion:
cert:
mysql-keystone-client:
+ enabled: ${_param:openstack_mysql_x509_enabled}
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
common_name: mysql-keystone-client
diff --git a/salt/minion/cert/mysql/clients/openstack/manila.yml b/salt/minion/cert/mysql/clients/openstack/manila.yml
index a1ca797..700c3cb 100644
--- a/salt/minion/cert/mysql/clients/openstack/manila.yml
+++ b/salt/minion/cert/mysql/clients/openstack/manila.yml
@@ -9,6 +9,7 @@
minion:
cert:
mysql-manila-client:
+ enabled: ${_param:openstack_mysql_x509_enabled}
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
common_name: mysql-manila-client
diff --git a/salt/minion/cert/mysql/clients/openstack/neutron.yml b/salt/minion/cert/mysql/clients/openstack/neutron.yml
index d5b1cd8..8bca247 100644
--- a/salt/minion/cert/mysql/clients/openstack/neutron.yml
+++ b/salt/minion/cert/mysql/clients/openstack/neutron.yml
@@ -9,6 +9,7 @@
minion:
cert:
mysql-neutron-client:
+ enabled: ${_param:openstack_mysql_x509_enabled}
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
common_name: mysql-neutron-client
diff --git a/salt/minion/cert/mysql/clients/openstack/nova.yml b/salt/minion/cert/mysql/clients/openstack/nova.yml
index 4f03628..7aa67d6 100644
--- a/salt/minion/cert/mysql/clients/openstack/nova.yml
+++ b/salt/minion/cert/mysql/clients/openstack/nova.yml
@@ -9,6 +9,7 @@
minion:
cert:
mysql-nova-client:
+ enabled: ${_param:openstack_mysql_x509_enabled}
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
common_name: mysql-nova-client
diff --git a/salt/minion/cert/mysql/clients/openstack/panko.yml b/salt/minion/cert/mysql/clients/openstack/panko.yml
index 0593ae2..ea7c450 100644
--- a/salt/minion/cert/mysql/clients/openstack/panko.yml
+++ b/salt/minion/cert/mysql/clients/openstack/panko.yml
@@ -9,6 +9,7 @@
minion:
cert:
mysql-panko-client:
+ enabled: ${_param:openstack_mysql_x509_enabled}
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
common_name: mysql-panko-client
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/aodh.yml b/salt/minion/cert/rabbitmq/clients/openstack/aodh.yml
index 537a3a4..4f56674 100644
--- a/salt/minion/cert/rabbitmq/clients/openstack/aodh.yml
+++ b/salt/minion/cert/rabbitmq/clients/openstack/aodh.yml
@@ -9,6 +9,7 @@
minion:
cert:
rabbitmq-aodh-client:
+ enabled: ${_param:openstack_rabbitmq_x509_enabled}
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
common_name: rabbitmq-aodh-client
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/barbican.yml b/salt/minion/cert/rabbitmq/clients/openstack/barbican.yml
index 9fa04ef..11c8b22 100644
--- a/salt/minion/cert/rabbitmq/clients/openstack/barbican.yml
+++ b/salt/minion/cert/rabbitmq/clients/openstack/barbican.yml
@@ -9,6 +9,7 @@
minion:
cert:
rabbitmq-barbican-client:
+ enabled: ${_param:openstack_rabbitmq_x509_enabled}
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
common_name: rabbitmq-barbican-client
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/ceilometer.yml b/salt/minion/cert/rabbitmq/clients/openstack/ceilometer.yml
index a2b91fd..315e9f0 100644
--- a/salt/minion/cert/rabbitmq/clients/openstack/ceilometer.yml
+++ b/salt/minion/cert/rabbitmq/clients/openstack/ceilometer.yml
@@ -9,6 +9,7 @@
minion:
cert:
rabbitmq-ceilometer-client:
+ enabled: ${_param:openstack_rabbitmq_x509_enabled}
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
common_name: rabbitmq-ceilometer-client
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/cinder.yml b/salt/minion/cert/rabbitmq/clients/openstack/cinder.yml
index 576c135..9129ca8 100644
--- a/salt/minion/cert/rabbitmq/clients/openstack/cinder.yml
+++ b/salt/minion/cert/rabbitmq/clients/openstack/cinder.yml
@@ -9,6 +9,7 @@
minion:
cert:
rabbitmq-cinder-client:
+ enabled: ${_param:openstack_rabbitmq_x509_enabled}
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
common_name: rabbitmq-cinder-client
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/designate.yml b/salt/minion/cert/rabbitmq/clients/openstack/designate.yml
index f5eb631..973215f 100644
--- a/salt/minion/cert/rabbitmq/clients/openstack/designate.yml
+++ b/salt/minion/cert/rabbitmq/clients/openstack/designate.yml
@@ -9,6 +9,7 @@
minion:
cert:
rabbitmq-designate-client:
+ enabled: ${_param:openstack_rabbitmq_x509_enabled}
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
common_name: rabbitmq-designate-client
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/glance.yml b/salt/minion/cert/rabbitmq/clients/openstack/glance.yml
index 94749ae..e4ad7d4 100644
--- a/salt/minion/cert/rabbitmq/clients/openstack/glance.yml
+++ b/salt/minion/cert/rabbitmq/clients/openstack/glance.yml
@@ -9,6 +9,7 @@
minion:
cert:
rabbitmq-glance-client:
+ enabled: ${_param:openstack_rabbitmq_x509_enabled}
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
common_name: rabbitmq-glance-client
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/heat.yml b/salt/minion/cert/rabbitmq/clients/openstack/heat.yml
index e69ab14..f95f7d2 100644
--- a/salt/minion/cert/rabbitmq/clients/openstack/heat.yml
+++ b/salt/minion/cert/rabbitmq/clients/openstack/heat.yml
@@ -9,6 +9,7 @@
minion:
cert:
rabbitmq-heat-client:
+ enabled: ${_param:openstack_rabbitmq_x509_enabled}
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
common_name: rabbitmq-heat-client
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/ironic.yml b/salt/minion/cert/rabbitmq/clients/openstack/ironic.yml
index f9b0d74..007faf2 100644
--- a/salt/minion/cert/rabbitmq/clients/openstack/ironic.yml
+++ b/salt/minion/cert/rabbitmq/clients/openstack/ironic.yml
@@ -9,6 +9,7 @@
minion:
cert:
rabbitmq-ironic-client:
+ enabled: ${_param:openstack_rabbitmq_x509_enabled}
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
common_name: rabbitmq-ironic-client
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/keystone.yml b/salt/minion/cert/rabbitmq/clients/openstack/keystone.yml
index 8261f73..4226118 100644
--- a/salt/minion/cert/rabbitmq/clients/openstack/keystone.yml
+++ b/salt/minion/cert/rabbitmq/clients/openstack/keystone.yml
@@ -9,6 +9,7 @@
minion:
cert:
rabbitmq-keystone-client:
+ enabled: ${_param:openstack_rabbitmq_x509_enabled}
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
common_name: rabbitmq-keystone-client
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/manila.yml b/salt/minion/cert/rabbitmq/clients/openstack/manila.yml
index 345b697..787273c 100644
--- a/salt/minion/cert/rabbitmq/clients/openstack/manila.yml
+++ b/salt/minion/cert/rabbitmq/clients/openstack/manila.yml
@@ -9,6 +9,7 @@
minion:
cert:
rabbitmq-manila-client:
+ enabled: ${_param:openstack_rabbitmq_x509_enabled}
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
common_name: rabbitmq-manila-client
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/neutron.yml b/salt/minion/cert/rabbitmq/clients/openstack/neutron.yml
index 2f8f5c3..955506f 100644
--- a/salt/minion/cert/rabbitmq/clients/openstack/neutron.yml
+++ b/salt/minion/cert/rabbitmq/clients/openstack/neutron.yml
@@ -9,6 +9,7 @@
minion:
cert:
rabbitmq-neutron-client:
+ enabled: ${_param:openstack_rabbitmq_x509_enabled}
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
common_name: rabbitmq-neutron-client
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/nova.yml b/salt/minion/cert/rabbitmq/clients/openstack/nova.yml
index 160acd9..dfacb00 100644
--- a/salt/minion/cert/rabbitmq/clients/openstack/nova.yml
+++ b/salt/minion/cert/rabbitmq/clients/openstack/nova.yml
@@ -9,6 +9,7 @@
minion:
cert:
rabbitmq-nova-client:
+ enabled: ${_param:openstack_rabbitmq_x509_enabled}
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
common_name: rabbitmq-nova-client