Merge "add kubernetes_ha_calico_sm lab"
diff --git a/docker/swarm/stack/gerrit.yml b/docker/swarm/stack/gerrit.yml
index b59172a..95bc233 100644
--- a/docker/swarm/stack/gerrit.yml
+++ b/docker/swarm/stack/gerrit.yml
@@ -7,7 +7,7 @@
gerrit_ldap_bind_password: ""
gerrit_ldap_account_base: ""
gerrit_ldap_group_base: ""
-
+ gerrit_http_listen_url: http://*:8080/
docker:
client:
stack:
@@ -40,6 +40,7 @@
LDAP_USERNAME: ${_param:gerrit_ldap_bind_user}
LDAP_PASSWORD: ${_param:gerrit_ldap_bind_password}
WEBURL: ${_param:gerrit_public_host}
+ HTTPD_LISTENURL: ${_param:gerrit_http_listen_url}
GERRIT_ADMIN_SSH_PUBLIC: ${_param:gerrit_admin_public_key}
GERRIT_ADMIN_PWD: ${_param:gerrit_admin_password}
GERRIT_ADMIN_EMAIL: ${_param:gerrit_admin_email}
diff --git a/docker/swarm/stack/janitor_monkey.yml b/docker/swarm/stack/janitor_monkey.yml
index d1f240c..08fdb5c 100644
--- a/docker/swarm/stack/janitor_monkey.yml
+++ b/docker/swarm/stack/janitor_monkey.yml
@@ -25,9 +25,12 @@
janitor_monkey_openstack:
project_domain_name: default
project_name: admin
- username: ""
- password: ""
- auth_url: ""
+ auth_url: http://yourcloud.com:5000/v3/auth/tokens
+ username: admin
+ password: password
+ ssl_verify: False
+ cacert_path: /srv/volumes/rundeck/storage/content/cis/openstack/cert.pem
+ cafile: /opt/certs/cert.pem
docker:
client:
stack:
@@ -53,6 +56,8 @@
simianarmy.client.cloudfire.secretKey: ${_param:janitor_monkey_openstack:password}
simianarmy.client.cloudfire.domain: ${_param:janitor_monkey_openstack:project_domain_name}
simianarmy.client.cloudfire.project: ${_param:janitor_monkey_openstack:project_name}
+ simianarmy.client.cloudfire.SSLVerify: ${_param:janitor_monkey_openstack:ssl_verify}
+ simianarmy.client.cloudfire.cafile: ${_param:janitor_monkey_openstack:cafile}
service:
cleanup-service-mongodb:
image: ${_param:docker_image_mongodb}
@@ -72,6 +77,8 @@
condition: any
ports:
- ${_param:haproxy_janitor_monkey_exposed_port}:${_param:janitor_monkey_bind_port}
+ volumes:
+ - ${_param:janitor_monkey_openstack:cacert_path}:${_param:janitor_monkey_openstack:cafile}:ro
network:
default:
external:
diff --git a/docker/swarm/stack/pushkin.yml b/docker/swarm/stack/pushkin.yml
index 593f532..71b5f5f 100644
--- a/docker/swarm/stack/pushkin.yml
+++ b/docker/swarm/stack/pushkin.yml
@@ -7,6 +7,8 @@
pushkin_ssl:
enabled: false
pushkin_db: pushkin
+ pushkin_smtp_host: smtp.gmail.com
+ pushkin_smtp_port: 587
docker:
client:
stack:
@@ -18,6 +20,9 @@
PUSHKINDBHOST: ${_param:postgresql_bind_host}
PUSHKINELASTICHOST: ${_param:elasticsearch_bind_host}
WEBHOOK_FROM: ${_param:webhook_from}
+ EMAIL_SENDER_PASSWORD: ${_param:pushkin_email_sender_password}
+ SMTP_HOST: ${_param:pushkin_smtp_host}
+ SMTP_PORT: ${_param:pushkin_smtp_port}
WEBHOOK_RECIPIENTS: ${_param:webhook_recipients}
WEBHOOK_LOGIN_ID: ${_param:webhook_login_id}
WEBHOOK_APPLICATION_ID: ${_param:webhook_application_id}
diff --git a/docker/swarm/stack/security_monkey.yml b/docker/swarm/stack/security_monkey.yml
index f7b5980..67233c2 100644
--- a/docker/swarm/stack/security_monkey.yml
+++ b/docker/swarm/stack/security_monkey.yml
@@ -22,12 +22,16 @@
security_monkey_openstack:
os_account_id: mcp_cloud
os_account_name: mcp_cloud
- username: ""
- password: ""
- auth_url: ""
+ auth_url: http://yourcloud.com:5000/v3/auth/tokens
+ username: admin
+ password: password
project_domain_name: Default
project_name: admin
user_domain_name: Default
+ cacert_path: /srv/volumes/rundeck/storage/content/cis/openstack/cert.pem
+ cafile: /opt/certs/cert.pem
+ endpoint_type: public
+ ssl_verify: False
docker:
client:
stack:
@@ -52,6 +56,9 @@
OS_AUTH_URL: ${_param:security_monkey_openstack:auth_url}
OS_PROJECT_DOMAIN_NAME: ${_param:security_monkey_openstack:project_domain_name}
OS_PROJECT_NAME: ${_param:security_monkey_openstack:project_name}
+ OS_SSL_VERIFY: ${_param:security_monkey_openstack:ssl_verify}
+ OS_ENDPOINT_TYPE: ${_param:security_monkey_openstack:endpoint_type}
+ CACERT_PATH: ${_param:security_monkey_openstack:cafile}
USER_DOMAIN_NAME: ${_param:security_monkey_openstack:user_domain_name}
SM_WTF_CSRF_ENABLED: ${_param:devops_portal_sm_wtf_csrf_enabled}
SECURITY_MONKEY_SYNC_INTERVAL: ${_param:security_monkey_sync_interval}
@@ -68,6 +75,7 @@
- ${_param:haproxy_security_monkey_exposed_port}:${_param:haproxy_security_monkey_bind_port}
volumes:
- /srv/volumes/security_monkey/logs:/var/log/security_monkey/logs
+ - ${_param:security_monkey_openstack:cacert_path}:${_param:security_monkey_openstack:cafile}:ro
security-audit-scheduler:
image: ${_param:docker_image_security_monkey_scheduler}
deploy:
@@ -76,6 +84,7 @@
condition: any
volumes:
- /srv/volumes/security_monkey/logs:/var/log/security_monkey/logs
+ - ${_param:security_monkey_openstack:cacert_path}:${_param:security_monkey_openstack:cafile}:ro
network:
default:
external:
diff --git a/jenkins/client/job/debian/packages/extra.yml b/jenkins/client/job/debian/packages/extra.yml
index c726008..13ee191 100644
--- a/jenkins/client/job/debian/packages/extra.yml
+++ b/jenkins/client/job/debian/packages/extra.yml
@@ -181,6 +181,14 @@
dist: xenial
build: prometheus-relay
branch: master
+ - package: python-datrie
+ dist: xenial
+ build: pipeline
+ branch: debian/xenial
+ - package: contrail-api-cli
+ dist: xenial
+ build: pipeline
+ branch: debian/xenial
template:
type: workflow-scm
concurrent: false
diff --git a/jenkins/client/job/deploy/lab/component/openstack.yml b/jenkins/client/job/deploy/lab/component/openstack.yml
index 1e1d334..0e526c6 100644
--- a/jenkins/client/job/deploy/lab/component/openstack.yml
+++ b/jenkins/client/job/deploy/lab/component/openstack.yml
@@ -20,6 +20,12 @@
stack_install: core,openstack,contrail
stack_test: ""
job_timer: "H H(0-6) * * *"
+ - stack_name: os_ha_contrail_ironic
+ stack_env: devcloud
+ stack_type: heat
+ stack_install: core,openstack,contrail
+ stack_test: ""
+ job_timer: ""
- stack_name: os_ha_ovs
stack_env: devcloud
stack_type: heat
diff --git a/jenkins/client/job/oss/init.yml b/jenkins/client/job/oss/init.yml
index 0e23f01..f8b5bdc 100644
--- a/jenkins/client/job/oss/init.yml
+++ b/jenkins/client/job/oss/init.yml
@@ -1,3 +1,4 @@
classes:
- system.jenkins.client.job.oss.test_devops_portal
+ - system.jenkins.client.job.oss.test_devops_portal_nightly
- system.jenkins.client.job.oss.test_security_monkey_openstack
diff --git a/jenkins/client/job/oss/test_devops_portal.yml b/jenkins/client/job/oss/test_devops_portal.yml
index 4007010..7001200 100644
--- a/jenkins/client/job/oss/test_devops_portal.yml
+++ b/jenkins/client/job/oss/test_devops_portal.yml
@@ -41,3 +41,6 @@
DEFAULT_GIT_REF:
type: string
default: master
+ NIGHTLY_BUILD:
+ type: boolean
+ default: false
diff --git a/jenkins/client/job/oss/test_devops_portal_nightly.yml b/jenkins/client/job/oss/test_devops_portal_nightly.yml
new file mode 100644
index 0000000..34a8bec
--- /dev/null
+++ b/jenkins/client/job/oss/test_devops_portal_nightly.yml
@@ -0,0 +1,34 @@
+parameters:
+ jenkins:
+ client:
+ job:
+ test-oss-devops-portal-nightly:
+ name: test-oss-devops-portal-nightly
+ discard:
+ build:
+ keep_num: 15
+ artifact:
+ keep_num: 15
+ type: workflow-scm
+ concurrent: true
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/oss/jenkins/pipelines"
+ credentials: "gerrit"
+ script: test-devops-portal-pipeline.groovy
+ trigger:
+ timer:
+ spec: "0 23 * * *"
+ param:
+ CREDENTIALS_ID:
+ type: string
+ default: "gerrit"
+ DEFAULT_GIT_URL:
+ type: string
+ default: "${_param:jenkins_gerrit_url}/oss/devops-portal"
+ DEFAULT_GIT_REF:
+ type: string
+ default: master
+ NIGHTLY_BUILD:
+ type: boolean
+ default: true
diff --git a/jenkins/client/job/salt-models/tests.yml b/jenkins/client/job/salt-models/tests.yml
index 3233495..fc1fc5f 100644
--- a/jenkins/client/job/salt-models/tests.yml
+++ b/jenkins/client/job/salt-models/tests.yml
@@ -98,8 +98,8 @@
PARALLEL_NODE_GROUP_SIZE:
type: string
default: "5"
- test_salt_model_cookiecutter:
- name: test-salt-model-cookiecutter-{{cookiecutter_template}}
+ test_mk_cookiecutter_templates:
+ name: test-mk-{{cookiecutter_template}}
jobs:
- cookiecutter_template: cookiecutter-templates
template:
diff --git a/postgresql/client/alertmanager.yml b/postgresql/client/alertmanager.yml
new file mode 100644
index 0000000..8bd272a
--- /dev/null
+++ b/postgresql/client/alertmanager.yml
@@ -0,0 +1,30 @@
+classes:
+ - system.postgresql.client
+parameters:
+ _param:
+ alertmanager_db_host: ${_param:haproxy_postgresql_bind_host}
+ alertmanager_db_user: alertmanager
+ alertmanager_db_user_password: alertmanager
+ webhook_login_id: 13
+ webhook_application_id: 24
+ postgresql:
+ client:
+ server:
+ server01:
+ database:
+ alertmanager:
+ enabled: true
+ encoding: 'UTF8'
+ locale: 'en_US'
+ users:
+ - name: ${_param:alertmanager_db_user}
+ password: ${_param:alertmanager_db_user_password}
+ host: ${_param:alertmanager_db_host}
+ createdb: true
+ rights: all privileges
+ init:
+ maintenance_db: pushkin
+ force: true
+ queries:
+ - INSERT INTO login VALUES (${_param:webhook_login_id}, ${_param:webhook_application_id}) ON CONFLICT (id) DO UPDATE SET id = excluded.id;
+ - INSERT INTO device VALUES (${_param:webhook_application_id}, ${_param:webhook_login_id}, 42, 'stacklight_alertmanager', NULL, 1, NULL) ON CONFLICT (id) DO UPDATE SET id = excluded.id;
diff --git a/rundeck/client/project/cicd.yml b/rundeck/client/project/cicd.yml
index cb427d8..ed8b256 100644
--- a/rundeck/client/project/cicd.yml
+++ b/rundeck/client/project/cicd.yml
@@ -1,14 +1,17 @@
parameters:
_param:
- rundeck_cis_os_auth_url: none
- rundeck_cis_os_username: admin
- rundeck_cis_os_password: password
- rundeck_cis_os_project_name: admin
- rundeck_cis_os_domain_id: default
rundeck_cis_jobs_repository: https://gerrit.mcp.mirantis.net/oss/rundeck-cis-jobs
rundeck_cis_jobs_revision: master
- rundeck_cis_elasticsearch_url: none
+ rundeck_cis_elasticsearch_url: yourelastic:9200
rundeck_cis_os_docker_image: docker-prod-local.artifactory.mirantis.com/mirantis/oss/cis-openstack:latest
+ rundeck_cis_openstack:
+ auth_url: http://yourcloud.com:5000/v3/auth/tokens
+ username: admin
+ password: password
+ cert: plain-certificate
+ ssl_cert_file: cert.pem
+ project_name: admin
+ domain_id: default
rundeck:
client:
project:
@@ -38,21 +41,27 @@
cis/elasticsearch/url:
type: password
content: ${_param:rundeck_cis_elasticsearch_url}
- cis/openstack/auth_url:
- type: password
- content: ${_param:rundeck_cis_os_auth_url}
- cis/openstack/username:
- type: password
- content: ${_param:rundeck_cis_os_username}
- cis/openstack/password:
- type: password
- content: ${_param:rundeck_cis_os_password}
- cis/openstack/project_name:
- type: password
- content: ${_param:rundeck_cis_os_project_name}
- cis/openstack/domain_id:
- type: password
- content: ${_param:rundeck_cis_os_domain_id}
cis/openstack/image:
type: password
content: ${_param:rundeck_cis_os_docker_image}
+ cis/openstack/auth_url:
+ type: password
+ content: ${_param:rundeck_cis_openstack:auth_url}
+ cis/openstack/username:
+ type: password
+ content: ${_param:rundeck_cis_openstack:username}
+ cis/openstack/password:
+ type: password
+ content: ${_param:rundeck_cis_openstack:password}
+ cis/openstack/project_name:
+ type: password
+ content: ${_param:rundeck_cis_openstack:project_name}
+ cis/openstack/domain_id:
+ type: password
+ content: ${_param:rundeck_cis_openstack:domain_id}
+ cis/openstack/cert.pem:
+ type: password
+ content: ${_param:rundeck_cis_openstack:cert}
+ cis/openstack/cert_file:
+ type: password
+ content: ${_param:rundeck_cis_openstack:ssl_cert_file}
diff --git a/rundeck/server/docker.yml b/rundeck/server/docker.yml
index 1c89f4f..492d135 100644
--- a/rundeck/server/docker.yml
+++ b/rundeck/server/docker.yml
@@ -8,6 +8,7 @@
rundeck_postgresql_database: rundeck
rundeck_postgresql_host: ${_param:control_vip_address}
rundeck_postgresql_port: 5432
+ rundeck_server_ssh_timeout: 300000
rundeck:
server:
user:
@@ -30,3 +31,4 @@
user: ${_param:rundeck_runbook_user}
private_key: ${_param:rundeck_runbook_private_key}
public_key: ${_param:rundeck_runbook_public_key}
+ timeout: ${_param:rundeck_server_ssh_timeout}