Merge "Add rabbitmq policies for OpenStack services"
diff --git a/.gitignore b/.gitignore
index 485dee6..ae8e990 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
.idea
+.*.swp
diff --git a/aodh/server/cluster.yml b/aodh/server/cluster.yml
index 0a590cf..2ff4ea9 100644
--- a/aodh/server/cluster.yml
+++ b/aodh/server/cluster.yml
@@ -4,6 +4,8 @@
- system.haproxy.proxy.listen.openstack.aodh
- system.keepalived.cluster.instance.openstack_telemetry_vip
parameters:
+ _param:
+ openstack_event_alarm_topic: alarm.all
aodh:
server:
enabled: true
@@ -13,6 +15,7 @@
debug: false
verbose: true
region: ${_param:openstack_region}
+ event_alarm_topic: ${_param:openstack_event_alarm_topic}
database:
engine: "mysql"
host: ${_param:openstack_database_address}
diff --git a/aodh/server/single.yml b/aodh/server/single.yml
index eba3fc1..df4be81 100644
--- a/aodh/server/single.yml
+++ b/aodh/server/single.yml
@@ -1,2 +1,8 @@
classes:
- service.aodh.server.single
+parameters:
+ _param:
+ openstack_event_alarm_topic: alarm.all
+ aodh:
+ server:
+ event_alarm_topic: ${_param:openstack_event_alarm_topic}
diff --git a/auditd/server/ciscat.yml b/auditd/server/ciscat.yml
new file mode 100644
index 0000000..dc4baa7
--- /dev/null
+++ b/auditd/server/ciscat.yml
@@ -0,0 +1,3 @@
+classes:
+- service.auditd.server
+- service.auditd.rules.ciscat
diff --git a/ceilometer/server/backend/default.yml b/ceilometer/server/backend/default.yml
index 542314c..071e4a1 100644
--- a/ceilometer/server/backend/default.yml
+++ b/ceilometer/server/backend/default.yml
@@ -2,6 +2,8 @@
- service.ceilometer.server.publisher.gnocchi
- service.ceilometer.server.publisher.panko
parameters:
+ _param:
+ openstack_event_alarm_topic: alarm.all
# gnocchi and panko are default backends for Ceilometer since Pike
# they are incompatible with any legacy database publisher backends
ceilometer:
@@ -12,3 +14,7 @@
publisher:
default:
enabled: false
+ event_alarm_notifier:
+ enabled: true
+ url: "notifier://?topic=${_param:openstack_event_alarm_topic}"
+ publish_event: true
diff --git a/cinder/volume/single.yml b/cinder/volume/single.yml
index 1b9948d..b959d32 100644
--- a/cinder/volume/single.yml
+++ b/cinder/volume/single.yml
@@ -16,6 +16,7 @@
host: ${_param:openstack_database_address}
glance:
host: ${_param:openstack_control_address}
+ protocol: ${_param:cluster_internal_protocol}
message_queue:
members:
- host: ${_param:openstack_message_queue_node01_address}
diff --git a/debmirror/mirror_mirantis_com/maas/xenial.yml b/debmirror/mirror_mirantis_com/maas/xenial.yml
new file mode 100644
index 0000000..3204fd0
--- /dev/null
+++ b/debmirror/mirror_mirantis_com/maas/xenial.yml
@@ -0,0 +1,21 @@
+parameters:
+ _param:
+ apt_mk_version: 'stable'
+ mirror_mirantis_com_maas_xenial_force: False
+ debmirror_mirrors_base_target_dir: "/srv/volumes/aptly/public/${_param:apt_mk_version}/"
+ debmirror:
+ client:
+ enabled: true
+ mirrors:
+ mirror_mirantis_com_maas_xenial:
+ force: ${_param:mirror_mirantis_com_maas_xenial_force}
+ lock_target: True
+ extra_flags: [ '--verbose', '--progress', '--nosource', '--no-check-gpg', '--rsync-extra=none' ]
+ method: "rsync"
+ arch: [ 'amd64' ]
+ mirror_host: "mirror.mirantis.com"
+ mirror_root: ":mirror/${_param:apt_mk_version}/maas/xenial/"
+ target_dir: "${_param:debmirror_mirrors_base_target_dir}/maas/xenial/"
+ log_file: "/var/log/debmirror/mirror_mirantis_com_maas_xenial.log"
+ dist: [ xenial ]
+ section: [ main ]
diff --git a/debmirror/mirror_mirantis_com/ubuntu/xenial.yml b/debmirror/mirror_mirantis_com/ubuntu/xenial.yml
index 6a38787..d869e94 100644
--- a/debmirror/mirror_mirantis_com/ubuntu/xenial.yml
+++ b/debmirror/mirror_mirantis_com/ubuntu/xenial.yml
@@ -2,6 +2,7 @@
_param:
apt_mk_version: 'stable'
mirror_mirantis_com_ubuntu_xenial_force: False
+ debmirror_mirrors_base_target_dir: "/srv/volumes/aptly/public/${_param:apt_mk_version}/"
debmirror:
client:
enabled: true
@@ -15,10 +16,10 @@
arch: [ 'amd64' ]
mirror_host: "mirror.mirantis.com"
mirror_root: ":mirror/${_param:apt_mk_version}/ubuntu/"
- target_dir: "/srv/volumes/aptly/public/ubuntu/"
+ target_dir: "${_param:debmirror_mirrors_base_target_dir}/ubuntu/"
log_file: "/var/log/debmirror/mirror_mirantis_com_ubuntu_xenial.log"
dist: [ xenial , xenial-security, xenial-updates ]
- section: [ main , multiverse, restricted, universe ]
+ section: [ main , restricted, universe ]
# Don't exclude main/x11 - its required for many pkgs.
exclude_deb_section:
- games
@@ -135,6 +136,12 @@
301: "--exclude='(main|universe)/l/linux-*-(.*azure|.*aws|gke|.*azure-edge|.*oem/|.*euclid/)'"
302: "--exclude='/*universe.*(-armel-|-arm-)(?!.*amd64)'"
303: "--exclude='/main/l/linux(.*)/linux-source-*'"
+ # Generic: Old minor version of kernels. Old - if minor less then 3 digits.
+ 304: '--exclude="main/l/(linux|linux-signed)/linux-.*.4\.4\.0-[0-9]{1,2}\."'
+ # Hwe 4.8: Old minor version of kernels. Old - if minor in 30-40.
+ 305: '--exclude="main/l/.*hwe.*/linux-.*.4\.8\.0-((3|4)[0-9])"'
+ # Hwe 4.10: Old minor version of kernels. Old - if minor in 20-30.
+ 306: '--exclude="main/l/.*hwe.*/linux-.*.4\.10\.0-((2|3)[0-9])"'
# List of packages, that should be fetched from fresh ppa or other mirror
# So,removing them from upstream mirror.
500: "--exclude='/main/m/maas/'"
diff --git a/docker/swarm/stack/jenkins/slave.yml b/docker/swarm/stack/jenkins/slave.yml
index 42a0031..e6ed298 100644
--- a/docker/swarm/stack/jenkins/slave.yml
+++ b/docker/swarm/stack/jenkins/slave.yml
@@ -35,7 +35,7 @@
image: ${_param:docker_image_jenkins_slave}
volumes:
- /etc/ssl/certs/java/cacerts:/etc/ssl/certs/java/cacerts:ro
- - /etc/aptly-publisher.yaml:/etc/aptly-publisher.yaml:ro
+ - /etc/aptly:/etc/aptly:ro
- /var/run/docker.sock:/var/run/docker.sock
- /usr/bin/docker:/usr/bin/docker:ro
- /var/lib/jenkins:/var/lib/jenkins
@@ -59,7 +59,7 @@
image: ${_param:docker_image_jenkins_slave}
volumes:
- /etc/ssl/certs/java/cacerts:/etc/ssl/certs/java/cacerts:ro
- - /etc/aptly-publisher.yaml:/etc/aptly-publisher.yaml:ro
+ - /etc/aptly:/etc/aptly:ro
- /var/run/docker.sock:/var/run/docker.sock
- /usr/bin/docker:/usr/bin/docker:ro
- /var/lib/jenkins:/var/lib/jenkins
@@ -83,7 +83,7 @@
image: ${_param:docker_image_jenkins_slave}
volumes:
- /etc/ssl/certs/java/cacerts:/etc/ssl/certs/java/cacerts:ro
- - /etc/aptly-publisher.yaml:/etc/aptly-publisher.yaml:ro
+ - /etc/aptly:/etc/aptly:ro
- /var/run/docker.sock:/var/run/docker.sock
- /usr/bin/docker:/usr/bin/docker:ro
- /var/lib/jenkins:/var/lib/jenkins
diff --git a/docker/swarm/stack/monitoring/gainsight.yml b/docker/swarm/stack/monitoring/gainsight.yml
new file mode 100644
index 0000000..4254636
--- /dev/null
+++ b/docker/swarm/stack/monitoring/gainsight.yml
@@ -0,0 +1,49 @@
+classes:
+- system.prometheus.gainsight.container
+parameters:
+ _param:
+ gainsight_csv_upload_url: 'http://localhost:9999'
+ gainsight_account_id: 'default'
+ gainsight_environment_id: 'default'
+ gainsight_app_org_id: 'default'
+ gainsight_access_key: 'default'
+ gainsight_job_id: 'default'
+ gainsight_login: 'default'
+ gainsight_prometheus_url: "http://${_param:stacklight_monitor_address}:15010"
+ gainsight_config_directory: '/srv/gainsight'
+ gainsight_config_path: "${_param:gainsight_config_directory}/config.ini"
+ docker_image_prometheus_gainsight: 'docker-prod-local.artifactory.mirantis.com/openstack-docker/gainsight:nightly'
+ docker:
+ client:
+ stack:
+ monitoring:
+ network:
+ monitoring:
+ driver: overlay
+ driver_opts:
+ encrypted: 1
+ service:
+ gainsight:
+ networks:
+ - monitoring
+ deploy:
+ replicas: 1
+ labels:
+ com.mirantis.monitoring: "gainsight"
+ restart_policy:
+ condition: any
+ labels:
+ com.mirantis.monitoring: "gainsight"
+ image: ${_param:docker_image_prometheus_gainsight}
+ volumes:
+ - ${prometheus:gainsight:dir:config}:${_param:gainsight_config_directory}
+ environment:
+ CSV_UPLOAD_URL: "${_param:gainsight_csv_upload_url}"
+ ACCOUNT_ID: "${_param:gainsight_account_id}"
+ ENVIRONMENT_ID: "${_param:gainsight_environment_id}"
+ APP_ORG_ID: "${_param:gainsight_app_org_id}"
+ ACCESS_KEY: "${_param:gainsight_access_key}"
+ JOB_ID: "${_param:gainsight_job_id}"
+ LOGIN: "${_param:gainsight_login}"
+ PROMETHEUS_URL: "${_param:gainsight_prometheus_url}"
+ CONFIG_PATH: "${_param:gainsight_config_path}"
diff --git a/gerrit/client/init.yml b/gerrit/client/init.yml
index 5d719d4..16e4231 100644
--- a/gerrit/client/init.yml
+++ b/gerrit/client/init.yml
@@ -3,6 +3,7 @@
parameters:
_param:
gerrit_try_login: true
+ gerrit_server_host: ${_param:cluster_vip_address}
gerrit:
client:
enabled: True
@@ -12,7 +13,7 @@
gerrit_config: /srv/volumes/gerrit/etc/gerrit.config
gerrit_secure_config: /srv/volumes/gerrit/etc/secure.config
server:
- host: ${_param:cluster_vip_address}
+ host: ${_param:gerrit_server_host}
user: admin
email: ${_param:gerrit_admin_email}
auth_method: basic
diff --git a/haproxy/proxy/listen/openstack/horizon.yml b/haproxy/proxy/listen/openstack/horizon.yml
index 14f5c2b..d507b96 100644
--- a/haproxy/proxy/listen/openstack/horizon.yml
+++ b/haproxy/proxy/listen/openstack/horizon.yml
@@ -3,7 +3,7 @@
proxy:
listen:
horizon_web:
- type: general-service
+ type: horizon
check: false
binds:
- address: ${_param:cluster_vip_address}
@@ -20,4 +20,4 @@
- name: ${_param:cluster_node03_hostname}
host: ${_param:cluster_node03_address}
port: 8078
- params: check
\ No newline at end of file
+ params: check
diff --git a/jenkins/client/approved_scripts.yml b/jenkins/client/approved_scripts.yml
index 1fb68c9..2b2c6a7 100644
--- a/jenkins/client/approved_scripts.yml
+++ b/jenkins/client/approved_scripts.yml
@@ -151,3 +151,8 @@
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getAt java.util.Collection java.lang.String
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods init java.util.List
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods asBoolean java.lang.CharSequence
+ - staticMethod hudson.model.Hudson getInstance
+ - method hudson.model.Job getProperty java.lang.Class
+ - method hudson.model.ParametersDefinitionProperty getParameterDefinitions
+ - method hudson.model.ParameterDefinition getName
+ - hudson.model.StringParameterDefinition getDefaultValue
diff --git a/jenkins/client/init.yml b/jenkins/client/init.yml
index c1d600c..80724b1 100644
--- a/jenkins/client/init.yml
+++ b/jenkins/client/init.yml
@@ -10,8 +10,12 @@
jenkins_master_port: 8081
jenkins_aptly_storages: "local"
jenkins_pipelines_branch: "master"
+ jenkins_offline_deployment: "false"
jenkins:
client:
+ globalenvprop:
+ OFFLINE_DEPLOYMENT:
+ value: ${_param:jenkins_offline_deployment}
master:
host: ${_param:jenkins_master_host}
port: ${_param:jenkins_master_port}
@@ -63,6 +67,7 @@
enabled: true
url: ${_param:jenkins_gerrit_url}/mcp-ci/pipeline-library
credential_id: gerrit
+ branch: ${_param:jenkins_pipelines_branch}
view:
Mirrors:
enabled: true
diff --git a/jenkins/client/job/debian/packages/salt.yml b/jenkins/client/job/debian/packages/salt.yml
index ad35faa..7a9dd04 100644
--- a/jenkins/client/job/debian/packages/salt.yml
+++ b/jenkins/client/job/debian/packages/salt.yml
@@ -617,6 +617,10 @@
upload_source_package: true
upload_to_aptly: true
dist: xenial
+ - name: hubble
+ upload_source_package: true
+ upload_to_aptly: true
+ dist: xenial
- name: influxdb
upload_source_package: true
upload_to_aptly: true
@@ -749,6 +753,10 @@
upload_source_package: true
upload_to_aptly: true
dist: xenial
+ - name: openscap
+ upload_source_package: true
+ upload_to_aptly: true
+ dist: xenial
- name: openssh
upload_source_package: true
upload_to_aptly: true
diff --git a/jenkins/client/job/deploy/lab/deploy.yml b/jenkins/client/job/deploy/lab/deploy.yml
index 6c9eb2a..879d7c9 100644
--- a/jenkins/client/job/deploy/lab/deploy.yml
+++ b/jenkins/client/job/deploy/lab/deploy.yml
@@ -167,7 +167,7 @@
default: "http://127.0.0.1:8080"
TEST_K8S_CONFORMANCE_IMAGE:
type: string
- default: "docker-prod-virtual.docker.mirantis.net/mirantis/kubernetes/k8s-conformance:v1.8.13-11"
+ default: "docker-prod-virtual.docker.mirantis.net/mirantis/kubernetes/k8s-conformance:v1.10.4-4"
TEST_TEMPEST_IMAGE:
type: string
diff --git a/jenkins/client/job/deploy/update/upgrade_mcp_release.yml b/jenkins/client/job/deploy/update/upgrade_mcp_release.yml
index 8587140..9f18006 100644
--- a/jenkins/client/job/deploy/update/upgrade_mcp_release.yml
+++ b/jenkins/client/job/deploy/update/upgrade_mcp_release.yml
@@ -10,7 +10,7 @@
upgrade-mcp-release:
type: workflow-scm
concurrent: true
- display_name: "Deploy - upgrade MCP Release"
+ display_name: "Deploy - upgrade MCP Drivetrain"
scm:
type: git
url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
@@ -27,7 +27,15 @@
MCP_VERSION:
type: string
default: ""
+ UPDATE_CLUSTER_MODEL:
+ type: boolean
+ default: 'false'
+ description: "Replace `apt_mk_version` parameter in cluster level Reclass model."
+ UPDATE_PIPELINES:
+ type: boolean
+ default: 'false'
+ description: "Mirror pipelines from upstream/local mirror to Gerrit."
UPDATE_LOCAL_REPOS:
type: boolean
default: 'false'
- description: "Use only when local repositories are present"
\ No newline at end of file
+ description: "Use only when local repositories are present."
\ No newline at end of file
diff --git a/jenkins/client/job/oscore/cookiecutter.yml b/jenkins/client/job/oscore/cookiecutter.yml
index 04a805a..bc180b4 100644
--- a/jenkins/client/job/oscore/cookiecutter.yml
+++ b/jenkins/client/job/oscore/cookiecutter.yml
@@ -28,6 +28,7 @@
type: choice
description: "Context for coockiecutter template specified as filename."
choices:
+ - openstack-ovs-core-ocata
- openstack-ovs-core-pike
- openstack-ovs-core-ssl-pike
- openstack-ovs-core-barbican-pike
@@ -65,7 +66,6 @@
cookiecutter_template_branch: 'master'
shared_reclass_url: https://gerrit.mcp.mirantis.net/salt-models/reclass-system.git
shared_reclass_branch: 'master'
- openstack_version: pike
STACK_INSTALL:
type: string
default: 'core,openstack,ovs'
diff --git a/jenkins/client/job/oscore/init.yml b/jenkins/client/job/oscore/init.yml
index 3fb935d..61dbda8 100644
--- a/jenkins/client/job/oscore/init.yml
+++ b/jenkins/client/job/oscore/init.yml
@@ -4,6 +4,7 @@
- system.jenkins.client.job.oscore.qa
- system.jenkins.client.job.oscore.salt_virtual_models
- system.jenkins.client.job.oscore.cookiecutter
+ - system.jenkins.client.job.oscore.release
parameters:
_param:
job_description_oscore: <br>Deploy and test OpenStack.<br>
diff --git a/jenkins/client/job/oscore/qa.yml b/jenkins/client/job/oscore/qa.yml
index 6d54082..13d0e76 100644
--- a/jenkins/client/job/oscore/qa.yml
+++ b/jenkins/client/job/oscore/qa.yml
@@ -25,6 +25,7 @@
mcp/{{oscore-qa-project}}:
branches:
- master
+ - pike
event:
change:
- merged
@@ -43,7 +44,7 @@
default: "mirantis/oscore/{{oscore-qa-project}}"
IMAGE_TAG:
type: string
- default: "latest"
+ default: ""
DOCKER_REGISTRY:
type: string
default: "docker-prod-local.docker.mirantis.net"
diff --git a/jenkins/client/job/oscore/release.yml b/jenkins/client/job/oscore/release.yml
new file mode 100644
index 0000000..f73bd22
--- /dev/null
+++ b/jenkins/client/job/oscore/release.yml
@@ -0,0 +1,69 @@
+parameters:
+ jenkins:
+ client:
+ job_template:
+ promote-release-component:
+ name: "{{job_prefix}}-promote-{{component}}-{{version}}-{{distribution}}"
+ template:
+ discard:
+ build:
+ keep_num: 30
+ artifact:
+ keep_num: 30
+ type: workflow-scm
+ concurrent: true
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/openstack-ci/openstack-pipelines.git"
+ credentials: "gerrit"
+ branch: 'master'
+ script: promote-release-component.groovy
+ trigger:
+ timer:
+ spec: "{{timer_spec}}"
+ param:
+ # general
+ AIO_JOB:
+ type: string
+ description: "Job name to deploy all-ini-one envs are going to be tested"
+ default: "{{job_prefix}}-{{aioJobPrefix}}"
+ MULTINODE_JOB:
+ type: string
+ description: "Job name to deploy multinode envs are going to be tested"
+ default: "{{job_prefix}}-{{multinodeJobPrefix}}"
+ SYSTEM_DISTRIBUTION:
+ type: string
+ default: "{{distribution}}"
+ description: "Distribution of operating system"
+ COMPONENT:
+ type: string
+ default: "{{component}}"
+ description: "Tested MCP Component"
+ VERSION:
+ type: string
+ default: "{{version}}"
+ description: "Tested MCP Component"
+ SRC_REVISION:
+ type: string
+ default: "nightly"
+ description: "Tested revision of component - e.g. nightly"
+ SNAPSHOT_ID:
+ type: string
+ default: ""
+ description: "Tested snapshot id of component"
+ TARGET_REVISION:
+ type: string
+ default: "testing"
+ description: "Revision to promote SRC_REVISION to, e.g. testing"
+ TEST_SCHEME:
+ type: string
+ default: "{{test_scheme}}"
+ description: "Structure which defines parameters of deployment jobs"
+ MIRROR_HOST:
+ type: string
+ default: "mirror.mirantis.com"
+ description: "mirror with snapshots and packages"
+ AUTO_PROMOTE:
+ type: boolean
+ default: "{{auto_promote}}"
+ description: Enable to autopromote repo
diff --git a/jenkins/client/job/oscore/test_upgrades.yml b/jenkins/client/job/oscore/test_upgrades.yml
new file mode 100644
index 0000000..e513cf7
--- /dev/null
+++ b/jenkins/client/job/oscore/test_upgrades.yml
@@ -0,0 +1,68 @@
+parameters:
+ jenkins:
+ client:
+ job_template:
+ test-opentack-upgrade:
+ name: "oscore-test-openstack-upgrade-{{openstack_version_old}}-{{openstack_version_new}}"
+ template:
+ concurrent: true
+ description: Test upgrade flow for opentack cluster
+ discard:
+ build:
+ keep_num: 60
+ artifact:
+ keep_num: 60
+ type: workflow-scm
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/openstack-ci/openstack-pipelines"
+ credentials: "gerrit"
+ branch: 'master'
+ script: test-openstack-upgrade-pipeline.groovy
+ param:
+ CREDENTIALS_ID:
+ type: string
+ description: "ID of jenkins credentials to be used when connecting to gerrit."
+ default: "gerrit"
+ OPENSTACK_API_PROJECT:
+ type: string
+ default: "mcp-oscore"
+ HEAT_STACK_ZONE:
+ type: string
+ default: "mcp-oscore"
+ FLAVOR_PREFIX:
+ type: string
+ default: 'dev'
+ TEST_SCHEME:
+ type: string
+ description: "Yaml based scheme to be applied in testing"
+ default: '{"old": {"context_file_name": "openstack-ovs-core-{{openstack_version_old}}","extra_context": {"default_context": {"openstack_version": "{{openstack_version_old}}"}}, "new": {"extra_context": {"default_context": {"openstack_version": "{{openstack_version_new}}"}}}}}'
+ job:
+ oscore-test-adjust-cluster-model:
+ display_name: oscore-test-adjust-cluster-model
+ name: oscore-test-adjust-cluster-model
+ concurrent: true
+ description: Test upgrade flow for opentack cluster
+ discard:
+ build:
+ keep_num: 60
+ artifact:
+ keep_num: 60
+ type: workflow-scm
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/openstack-ci/openstack-pipelines"
+ credentials: "gerrit"
+ branch: 'master'
+ script: adjust-cluster-model.groovy
+ param:
+ SALT_MASTER_CREDENTIALS:
+ type: string
+ description: "ID of salt API credentials."
+ default: "salt-qa-credentials"
+ SALT_MASTER_URL:
+ type: string
+ description: 'Url for salt API.'
+ TEST_SCHEME:
+ type: text
+ description: "Yaml based scheme to be applied in testing"
diff --git a/jenkins/client/job/oscore/tests.yml b/jenkins/client/job/oscore/tests.yml
index a85342d..6e4b65f 100644
--- a/jenkins/client/job/oscore/tests.yml
+++ b/jenkins/client/job/oscore/tests.yml
@@ -708,7 +708,7 @@
trigger:
gerrit:
project:
- "^salt-formulas/(nova|cinder|glance|keystone|horizon|neutron|designate|heat|ironic|barbican|aodh|ceilometer|gnocchi|panko|manila|salt|linux|reclass|galera|memcached|rabbitmq|bind|apache|runtest)$":
+ "^salt-formulas/(nova|cinder|glance|keystone|horizon|neutron|designate|heat|ironic|barbican|aodh|ceilometer|gnocchi|panko|manila|salt|linux|reclass|galera|memcached|rabbitmq|bind|apache|runtest|oslo-templates)$":
compare_type: 'REG_EXP'
branches:
- master
diff --git a/jenkins/client/job/salt-formulas/tests.yml b/jenkins/client/job/salt-formulas/tests.yml
index 37f0543..1c9f4fb 100644
--- a/jenkins/client/job/salt-formulas/tests.yml
+++ b/jenkins/client/job/salt-formulas/tests.yml
@@ -92,6 +92,7 @@
- name: octavia
- name: opencontrail
- name: openldap
+ - name: openscap
- name: openssh
- name: openvpn
- name: openvstorage
diff --git a/keepalived/cluster/instance/kube_api_server_vip.yml b/keepalived/cluster/instance/kube_api_server_vip.yml
index 7e03d25..f7fbce8 100644
--- a/keepalived/cluster/instance/kube_api_server_vip.yml
+++ b/keepalived/cluster/instance/kube_api_server_vip.yml
@@ -6,6 +6,9 @@
_param:
keepalived_vip_priority: 101
keepalived_kube_apiserver_vrrp_script_content: "pidof haproxy && systemctl status kube-apiserver.service --quiet --no-pager"
+ keepalived_k8s_apiserver_vip_interface: ens3
+ keepalived_k8s_apiserver_vip_address: ${_param:kubernetes_control_address}
+ keepalived_k8s_apiserver_vip_password: password
keepalived:
cluster:
vrrp_scripts:
diff --git a/keystone/client/core.yml b/keystone/client/core.yml
index f869059..899f4aa 100644
--- a/keystone/client/core.yml
+++ b/keystone/client/core.yml
@@ -1,3 +1,5 @@
+classes:
+- system.keystone.client.os_client_config.admin_identity
parameters:
_param:
keystone_service_protocol: http
diff --git a/keystone/client/v3/init.yml b/keystone/client/v3/init.yml
new file mode 100644
index 0000000..148da41
--- /dev/null
+++ b/keystone/client/v3/init.yml
@@ -0,0 +1,15 @@
+parameters:
+ keystone:
+ client:
+ resources:
+ v3:
+ enabled: true
+ server:
+ identity:
+ admin:
+ api_version: 3
+ admin_identity:
+ admin:
+ api_version: ''
+ user_domain_name: 'Default'
+ project_domain_name: 'Default'
diff --git a/kubernetes/master/auth/rbac.yml b/kubernetes/master/auth/rbac.yml
new file mode 100644
index 0000000..be0577b
--- /dev/null
+++ b/kubernetes/master/auth/rbac.yml
@@ -0,0 +1,5 @@
+parameters:
+ kubernetes:
+ master:
+ auth:
+ mode: Node,RBAC
diff --git a/kubernetes/master/cluster.yml b/kubernetes/master/cluster.yml
index 1295f3a..6d6b404 100644
--- a/kubernetes/master/cluster.yml
+++ b/kubernetes/master/cluster.yml
@@ -1,16 +1,21 @@
classes:
- service.kubernetes.master.cluster
-- service.keepalived.cluster.single
- service.haproxy.proxy.single
- system.haproxy.proxy.listen.kubernetes.apiserver
+- system.keepalived.cluster.instance.kube_api_server_vip
parameters:
_param:
kubernetes_netchecker_agent_repo: mirantis
kubernetes_netchecker_server_repo: mirantis
kubernetes_netchecker_agent_image: ${_param:kubernetes_netchecker_agent_repo}/k8s-netchecker-agent:v1.2.2
kubernetes_netchecker_server_image: ${_param:kubernetes_netchecker_server_repo}/k8s-netchecker-server:v1.2.2
+
+ kubelet_fail_on_swap: true
+
kubernetes:
master:
+ kubelet:
+ fail_on_swap: ${_param:kubelet_fail_on_swap}
container: false
network:
calico:
diff --git a/kubernetes/master/single.yml b/kubernetes/master/single.yml
index 7fada57..b4f20b0 100644
--- a/kubernetes/master/single.yml
+++ b/kubernetes/master/single.yml
@@ -6,6 +6,11 @@
kubernetes_netchecker_server_repo: mirantis
kubernetes_netchecker_agent_image: ${_param:kubernetes_netchecker_agent_repo}/k8s-netchecker-agent:v1.2.2
kubernetes_netchecker_server_image: ${_param:kubernetes_netchecker_server_repo}/k8s-netchecker-server:v1.2.2
+
+ kubelet_fail_on_swap: true
+
kubernetes:
master:
+ kubelet:
+ fail_on_swap: ${_param:kubelet_fail_on_swap}
container: false
diff --git a/kubernetes/pool/cluster.yml b/kubernetes/pool/cluster.yml
index 40cc135..81b2d99 100644
--- a/kubernetes/pool/cluster.yml
+++ b/kubernetes/pool/cluster.yml
@@ -14,13 +14,24 @@
kubernetes_calico_calicoctl_image: ${_param:kubernetes_calico_calicoctl_repo}/ctl:v1.6.4
kubernetes_calico_image: ${_param:kubernetes_calico_repo}/node:v2.6.9
kubernetes_calico_cni_image: ${_param:kubernetes_calico_cni_repo}/cni:v1.11.5
- kubernetes_hyperkube_image: ${_param:kubernetes_hyperkube_repo}/hyperkube-amd64:v1.8.13-11
- kubernetes_pause_image: ${_param:kubernetes_hyperkube_repo}/pause-amd64:v1.8.13-11
+ kubernetes_hyperkube_image: ${_param:kubernetes_hyperkube_repo}/hyperkube-amd64:v1.10.4-4
+ kubernetes_pause_image: ${_param:kubernetes_hyperkube_repo}/pause-amd64:v1.10.4-4
kubernetes_contrail_cni_image: ${_param:kubernetes_contrail_cni_repo}/contrail-cni:v1.2.0
kubernetes_contrail_network_controller_image: ${_param:kubernetes_contrail_network_controller_repo}/contrail-network-controller:v1.2.0
+ kubernetes_virtlet_image: mirantis/virtlet:v1.1.0
+ kubernetes_criproxy_version: v0.11.0
+ kubernetes_criproxy_checksum: md5=115bbb0c27518db6b0b3bc8cdc5fc897
+
+ kubelet_fail_on_swap: true
kubernetes:
+ common:
+ hyperkube:
+ image: ${_param:kubernetes_hyperkube_image}
+ pause_image: ${_param:kubernetes_pause_image}
pool:
+ kubelet:
+ fail_on_swap: ${_param:kubelet_fail_on_swap}
container: false
network:
calico:
diff --git a/kubernetes/pool/single.yml b/kubernetes/pool/single.yml
index cf334df..a442a6b 100644
--- a/kubernetes/pool/single.yml
+++ b/kubernetes/pool/single.yml
@@ -14,13 +14,24 @@
kubernetes_calico_calicoctl_image: ${_param:kubernetes_calico_calicoctl_repo}/ctl:v1.6.4
kubernetes_calico_image: ${_param:kubernetes_calico_repo}/node:v2.6.9
kubernetes_calico_cni_image: ${_param:kubernetes_calico_cni_repo}/cni:v1.11.5
- kubernetes_hyperkube_image: ${_param:kubernetes_hyperkube_repo}/hyperkube-amd64:v1.8.13-11
- kubernetes_pause_image: ${_param:kubernetes_hyperkube_repo}/pause-amd64:v1.8.13-11
+ kubernetes_hyperkube_image: ${_param:kubernetes_hyperkube_repo}/hyperkube-amd64:v1.10.4-4
+ kubernetes_pause_image: ${_param:kubernetes_hyperkube_repo}/pause-amd64:v1.10.4-4
kubernetes_contrail_cni_image: ${_param:kubernetes_contrail_cni_repo}/contrail-cni:v1.2.0
kubernetes_contrail_network_controller_image: ${_param:kubernetes_contrail_network_controller_repo}/contrail-network-controller:v1.2.0
+ kubernetes_virtlet_image: mirantis/virtlet:v1.1.0
+ kubernetes_criproxy_version: v0.11.0
+ kubernetes_criproxy_checksum: md5=115bbb0c27518db6b0b3bc8cdc5fc897
+
+ kubelet_fail_on_swap: true
kubernetes:
+ common:
+ hyperkube:
+ image: ${_param:kubernetes_hyperkube_image}
+ pause_image: ${_param:kubernetes_pause_image}
pool:
+ kubelet:
+ fail_on_swap: ${_param:kubelet_fail_on_swap}
container: false
docker:
host:
diff --git a/linux/system/repo/keystorage/aptly.yml b/linux/system/repo/keystorage/aptly.yml
new file mode 100644
index 0000000..85997bc
--- /dev/null
+++ b/linux/system/repo/keystorage/aptly.yml
@@ -0,0 +1,59 @@
+parameters:
+ linux:
+ system:
+ repo:
+ mcp_aptly:
+ # pub 4096R/483DA07C 2018-03-15
+ key: |
+ -----BEGIN PGP PUBLIC KEY BLOCK-----
+ Version: GnuPG v1
+
+ mQINBFqq5noBEADD5vEO+RfaGCDpvtFKP4piVF0niHJ4nI52UvCLYa2Yn6dpiUCk
+ JVa+JL+XbO13nM4tmkzkNKQE1kvisxw3Q6+AZTol849EJqLSTRgxcda5ND4Lakiv
+ m46FwqQoVcKtcfkPm4uo4SYvaNH4bGPJzqpM5etfhCLmT+6xXA6Ke7PeYk61lh7d
+ IWxjUJFaljm6+SuElOhYlLFsh/XLx+PemEnoR3jsRTeysoieICfod5X+CEK6JxfZ
+ 9oR5Xl4RS7b7BTUVnOaWYCVOWYvg3/cYdqsdM34thZI474feaNmMgOMULc87HqbK
+ DwpYTzS1LLcEK1M3qqxk5KdG7vmydhOTI+xSiSLDD3HOsJ+Hy2f9kbFLZ+EpS9z6
+ 3rVTOROEMkjYxYJ2JwmlFZVGm17CNfEYUM/I0fSkH4c1NoJw0od9M+y1XZM/JV1I
+ MqnQO75ZWNU+Nta53Lo4dr2Un37FRBaa2RWh/deLOOkzd8uUiA51EKcJj+cEMf2U
+ FQZ+OZLA4N4PJux68dL6OyN4AOrITCP15ORKgTuj0ttweq0SswfSGVilB+H32sby
+ ctz8gEmM2FWpo78lja2MN5O6/9v3Nb1kRjCQPqyEyptg5ns3qzUqIumQvasOwqEs
+ GyEBOrB2M2+a2eLhDDcPHdvxhzMYOqvHm1FHeFI6Wqf9kQx73eknmPN1sQARAQAB
+ tBxBbmRyZXkgU21pcm5vdiA8bWVAc21pcmEucnU+iQI+BBMBAgAoBQJaquZ6AhsD
+ BQkDwmcABgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRDtdbWkSD2gfCEGD/91
+ U6fnzxyUB3+b+9gh7ODMJUcFU25MZOL6GKykerUcb40uR/u8L7P/BJGXtqdwwxEE
+ jhm4ML732xOgImYa/pkI/B0kUaH3wtzJeAK/owkA8xDmTFoOa47Th7cr0waOke9W
+ 5PR1X4mCFaj0y7wfKwut/MTooLp8GGNftJlChj/fZIusaFcZVZ/7jmeBvAS3wjrW
+ vnepRao1MQSzwEk9VQqG6FsyYG8RoBCqCx1on1JWDGMuvwqbbfJvbIO5FzoRmmR3
+ 0+Ryin0pVRUQD1PgqA534TwshNfxp6qJbv+/rbofOJCfD9ZS0qXmkuTxy8VrS+xK
+ P2vfqmc+xHB/TzNYVwVYFwh2rWf9b+pBxLVC1kwHvumnZgkCMZBkdSF3jw1tsivG
+ CqfeEUQaVUlDnxoiMfIChVPtN6RupCkuHLDA5SwdPYIwvwiQwAZHkkoTIXx1urQr
+ SPTIfYHo2xPgu/DMvVbdaOz04wCXH+ydDvVrKb8x3p4+dorNMnoSs97OUWndDuJa
+ 11cdZz6hQgFIuquWR++lXS8/dcCDBjSxrsSXqhTXmVrAoq2K0cRpm/hvrU6UNxzN
+ w9uxtOZ2rkl1v0vLZ3n7XWLZjIK03Jj8Mayf30CTktKyvPr1Fwg4G5TM0i1MJJva
+ flxqBVVse9cwdN/YBJxSIseMB0T5iVJoKypfzfo2sbkCDQRaquZ6ARAAwRl7P4h+
+ l2Soh3Eg3LvLJyHGc4KEAh7qRcxg3cFzDfk1q9f138I6z9qgpUGvYyec/O14pNgU
+ 8bXiiR4S+lvDmgDm6ImDRzCsYv0dJiyF5QQgfTI2mqG8b7UfQc8l6Htt3xkYkdkB
+ m+3DwpcY7UlgwqESulJNTGjBztlrP2LeaHHALTDEfvCPEjFMPYiaStMfaamTOnJA
+ dUA6bTlLxZkmc8p+3/8m0EOxQgiIsXWJOfnfSrUfrxR56utHpFmAB5uTgyl51sRl
+ mofzGBp8NMQqPXoXh2RntgxslmTAH/mKlB1Ma2XQn5wJaD5NAbVIwemAyi3km/EH
+ M2Zlb8Tw28so8eWMODuXAwstBuCY5917SWOugrJn9G3lylGsRcJQ7/CP114dNdun
+ v3y22y3ZrzM03+cQqJl7ZQjUijS/jyiLKYlvQ90byQ4nShNyiN0zcRP+uu9JzIZr
+ RBJzVBkbIx2BcCl195DYnnQNAzLmW9vbTZl0h3zUQNCwqsQ7zfUQVTXe3T6ApCmr
+ JQI4ValYL7NxtF1duEYSRAsQfhjUxnPBmcHyZzB1nHZXzqg5DwJ257F0fa1iP63w
+ ZQegrAGKcMssi/HzcXjEqQLQZmrT8mwHfIAJDU4+d8wmCg9kAQniN/tzPaWEmbk2
+ 887cBfR9fQNxrNNu9j/n1xWQowvVDP+FyiEAEQEAAYkCJQQYAQIADwUCWqrmegIb
+ DAUJA8JnAAAKCRDtdbWkSD2gfKFjD/9qCPNvT5N9ISAemzIAFVtigLAaA+QYgS38
+ wT4E6NkXuon/cdbJKIfaC6IiGdTLo5MwCFfZ01ZMVWF3EPz0XNmfxy3IQXBfd4Ru
+ A8sx8M0skXY4jYNLQymGePTJ3KYhRO5scC0MQjDrqIB9dnIR1sh8AJYoWUBmrkIw
+ jwxktVtSc97MKESRoWM9srvGiICCZqspKhovWJMEKAHf/ahxKa5iyrBasHljDwP7
+ FNnbba+xx3d8FNo3Xs6eVzDqXcQqgMuY/rUxPzDpcKi0KnrAK0k3HzM5z5Mjdd28
+ NCSM0u5FtkjFTxmpJgA9CzCzvXsvkEOlgCJ1ZFYe45C3S4X+NgPNpScZv/1A5dv4
+ M3AdP9d5s9u8C3Bn7G3VAZp5DH40SmVF71IZCMRG8XWf1GcjGcEgaX5ebtaiVAh8
+ RQFf0Hb9abDFF3txzFxINAM+W/ubSPSg5TxPSixVw+aTy79tLsfgXL9YiWRRTkfu
+ HvpNtogylDFf9p3BY4QLybUWp05XGpd0JIgs7yVkYZsOvYycymuGFcrZBaM1E9+e
+ xnwec2zdVAGv/4Ld8rnXNHQt11S4uwWJfU+0HLL0aXvinW4Eu1095+5jhiWzW/Nq
+ QjP7CvP+lh0uWI2cBLmrhBY5sua4qISXO6NpKerY6gbtvdIoG/0EoOKn2m1q69dv
+ UILGDNG5JA==
+ =uEdu
+ -----END PGP PUBLIC KEY BLOCK-----
diff --git a/linux/system/repo/keystorage/docker.yml b/linux/system/repo/keystorage/docker.yml
new file mode 100644
index 0000000..a93dece
--- /dev/null
+++ b/linux/system/repo/keystorage/docker.yml
@@ -0,0 +1,106 @@
+parameters:
+ linux:
+ system:
+ repo:
+ mcp_docker:
+ # pub 4096R/0EBFCD88 2017-02-22
+ key: |
+ -----BEGIN PGP PUBLIC KEY BLOCK-----
+ Version: GnuPG v1
+
+ mQINBFit2ioBEADhWpZ8/wvZ6hUTiXOwQHXMAlaFHcPH9hAtr4F1y2+OYdbtMuth
+ lqqwp028AqyY+PRfVMtSYMbjuQuu5byyKR01BbqYhuS3jtqQmljZ/bJvXqnmiVXh
+ 38UuLa+z077PxyxQhu5BbqntTPQMfiyqEiU+BKbq2WmANUKQf+1AmZY/IruOXbnq
+ L4C1+gJ8vfmXQt99npCaxEjaNRVYfOS8QcixNzHUYnb6emjlANyEVlZzeqo7XKl7
+ UrwV5inawTSzWNvtjEjj4nJL8NsLwscpLPQUhTQ+7BbQXAwAmeHCUTQIvvWXqw0N
+ cmhh4HgeQscQHYgOJjjDVfoY5MucvglbIgCqfzAHW9jxmRL4qbMZj+b1XoePEtht
+ ku4bIQN1X5P07fNWzlgaRL5Z4POXDDZTlIQ/El58j9kp4bnWRCJW0lya+f8ocodo
+ vZZ+Doi+fy4D5ZGrL4XEcIQP/Lv5uFyf+kQtl/94VFYVJOleAv8W92KdgDkhTcTD
+ G7c0tIkVEKNUq48b3aQ64NOZQW7fVjfoKwEZdOqPE72Pa45jrZzvUFxSpdiNk2tZ
+ XYukHjlxxEgBdC/J3cMMNRE1F4NCA3ApfV1Y7/hTeOnmDuDYwr9/obA8t016Yljj
+ q5rdkywPf4JF8mXUW5eCN1vAFHxeg9ZWemhBtQmGxXnw9M+z6hWwc6ahmwARAQAB
+ tCtEb2NrZXIgUmVsZWFzZSAoQ0UgZGViKSA8ZG9ja2VyQGRvY2tlci5jb20+iQEc
+ BBABAgAGBQJa4LwIAAoJELpjAAzZ0FPL758IAIVHn9eMwtHLHaIbZ+tIJqD9nTAj
+ cEn4Vpfe+onCs/t3DCSwvIUiU9aH0GcokKPs5CckdPDmS2vfq4m8/B8fWJj4aPgR
+ LapzAz0DojbRSFSZdWPl3b3Zf2UkLNIaMAkjnM+AqiM6rrHMwUdq922PQMnzYhay
+ rMKdPNftr32zdxL+h7PZRn57evdbmN5mrTNOK2ta2B/xfA7fvL1SqLqy4HJNF0fs
+ xuNLPncebvhSLJi2FyZtKbG0NgMb3d1sIMmBJnrBkAL4ZRJuu5OnnYkhvn3m0N5f
+ 9LaIy3M64+YiccOR8dj6xq0dKdGEhxM9QC5XU8AaOksWe3YTcHKVTYt6omeJAbME
+ EAEKAB0WIQQ2+Iu/epReyp03ClXuOntBcKJD8wUCWtoGVgAKCRDuOntBcKJD83Vr
+ C/9BtAoTdZSLV0vBK2ldwSJnpm3p4xv3MoBl7/P07X5AVJus//cP6Mdxd0nD8fqM
+ wkGv0zjy2h6UPf87ctDKV4olQ32cm7cwnVmrmWq76g6kwhb5W6l+nYEflpJ88u10
+ u06TCI+UfPhK9EPM3esEtvi2+K/7tFv9l9KgIBkf4rgul7ynj8LX9CBP721mVHDB
+ dxizEu2SkVDyEFu7UABk3ZrC5phviSqETZ/HLne5dAcGjj4HWLBuX1xLhAUGqMCQ
+ zOutF1yOtCczaaTv/YGlzPfUydq9vmtzdla0PAKw2CF38/9LRJJnqlqkZt9NgpXV
+ os2c+E7KrhMY7sztucfjpHtnuiEOSWbHOpvAcWjUp853iMZrTvP8BilNHoisBMX0
+ VzPR6u1mbC0xKgBNNIMGYUk4Gn6m/0n6VsiGiBO3nxbjbNLGZcP/bWwnUWMafpDL
+ z3Fj/FtEgH2lQjHXRaqFAeZoc8Tshntp32H3BGiqI40t02XpH3KYqPw9NYL4/sDc
+ 73SJAbMEEAEKAB0WIQRWiywsNlXKD2SKI3Mtwx6CjpuifwUCWtb07wAKCRAtwx6C
+ jpuif4aRDAC5X4kx2gHh0jN3+GaSE0i+UzHJB4Bm0S2O0L/fgIp/pdIV6KVz8toO
+ K3pRH6rutqmrOsCZFNAGAYTnwlpMZapRy916qf+MdljoKYTgD+bWZd5uuQTEhkNo
+ JmdQq+Oud3vKQBnUu8IIcGrK0vzjYRVF+Ac/YUrcW4b9L6rd3dHbPs2u2gMCrWQZ
+ Trw6VBuCUMTzoQG+hADQi/Ptu9jonbtRsOEfaS0Tpn23oskxNM4DDeiLILzDebd5
+ F4BVSQqzjDsUp+xTgL8dVCIRVF0EsEqnGRh3awrVA75OK9ZuiOesP/PCr5kbKGtL
+ Qncmi7sj35kz03FtqmpVJsv8Aixrmc0Fn5azcYMZZQCrpDjTf+qMJQNBvBQVw3v3
+ HC/Ab7metGlAbsCpyLSJoX1yG7d+mzXLt7IMt7wHWQVF7542u02yD2Tirj1tMfiz
+ ISugUyWcJUEdiMRMVA1T1JxR36KHAD+AXmS5pJ/uL0nzbSvN0dWVmwD7bI9j//V9
+ TkuL/mrJXJyJAhwEEAEKAAYFAlrkotQACgkQ90pg6wWlGpjd5Q/8DJM54FNxW3aK
+ TzBS6urfUy/c9jgDtOKWGXJ/X3IeWbFmSuA27lMnAwx9obcukeVjFuAGeabRCrc0
+ qd6LV3oyPG95qMwhwXHdzXFzA5RzLlArRJtRgyESvYXT493m45TJQbpDkO8NHRbq
+ /JtvXyBDAvfcfvNrd0newfp0gYIFvw0J36n5J1GQF9Klk+UJywmFkQN/gI1ZfD80
+ FnEzS9wkNySBcGghXWtoeABppAIaNlFp4P7P2wUX15DMXSD2mbnI/lYZsrtl8rbT
+ TMPNI0PTSqymMZv7RN0nLPOSdel1TlSUU31FER7Q1/OshWsvs1OKRnllv/ICkiZT
+ fA1tmMYhTXVS19LurMufXL2Q6va7Es8zwj6dc3OO4YqBVu7Kjk84AwVHMWx+1aTj
+ GzyMRNmWIyXVrZEz7GCO6WUUDw4ci1zAyCFNPDHVlEeeGSe+q+kPB87A4geAlyv8
+ xJAe4QUDdV3D8ufhR1k/a+vcLDRv+T6QyVo8f59Y5jW/hcMx+/3jJ5AZcd0VGGWU
+ aLuC1bWuGz/6bjoRB2/rrprXXdff8dPyUBXjOB4mFDgZsOzh6j2tgeAEJKkmO1SM
+ mh7RBMaE/4qGG2s77oFs8+1AsdXsbJLN0+v5XtO0P6RK77G6I/caM5kUIQc1WcSP
+ LRj3vUB3u7f8NhpBsjWNd3G2QXDmHNOJAjcEEwEKACEFAlit58ACGy8FCwkIBwMF
+ FQoJCAsFFgIDAQACHgECF4AACgkQjYGAPA6/zYiyyQ/+JBmjrx+UNCY2+fxfldN3
+ pFFpQffeRdheq5Po2QclyJLsTaBMmaq8yp20jiY1gcJIRjEjmqtxhXlipf0/r4qj
+ 6+jOjiex5RAs8f8BNDiovRmiT7WORqDcuCSOifJR/1vC1bEWnTkcLcYwc+GFxRJ7
+ ELFAtC+cVZcPaxYsqK8enZ9PxBtEZ5n53ebp+px3kW7unGyqbQRQMrk0v6c8iBiE
+ 35q5OuGDOErUJKF8Zxwz/B9GV6L1S3Pqn09dEoiVade1Pio0Zk1M3S1H40sb/oGp
+ 3w5gFoUBRy57/DVVbolDZUZhkedm71LwsxwVgFrkiD0/HAZA6CrpEMoNtX4+pNBP
+ kQUx5HWauNySTgNAmNvF4xluI0wbmQYQIDyDfzc/d6WGfTdYZsQRrgw1zdnj7tzb
+ fpAjfFYl8091RtdFoDCHL/qtNIVvPAoHQmZ5vDNB/CNBjp/nkyIj9GoMLK4+Peve
+ PJVGQrzqlAoEAnAUfKqP0popcxmN9WejAuH2y8gZ81sYem5wBOpES9Qe5Bs2eqQL
+ HxVWG1iSENv18Q/bEG7lW8dtH7ed9WEy63kbfgK3lFLsm3osh8V21yfwJpJqz+XU
+ duIZ5GBzvRf/1pjH9X8IQm/SUh7yA/q4OhYU8hnt3q8f5WujrG5YQaK4xqLOdqnY
+ qFmamSB+6nIWamWHSzqSfKa5Ag0EWK3aKgEQAOd4v1L2bi+FTduVpGNVRTIntv+p
+ ONxLKW8IfldQTpHaT5yQRmN8Axk8uk77+0UzYkgkwPhKJ8q5LfFyT0q1kYK58aZz
+ CItBHN4cXu8lQqssPlFOQ2LbfJ29ZmA+O3FD4NNPVlyfsGtAVjoWCdGhRUjHC13D
+ Vsxj/z2uwWBLnDC4wRJ3dDZFiBvsQ4U6me7Dp1rtZqRZ/giGcXmew1gYNVogfOmK
+ oKX65Nt/V6kKOs6UjORndndiTkIz9OIXM+TPaUvPz1ykPxT420Kx9qBZZ+N3ZTeM
+ NqmAf7udCcIRalE63NoocbqUDeld2LHnMbx5Fzr/QhtRJa9+MrEss9814JLakIvc
+ h4Qjmei2EQRh1AfqzOkuiDv3EH11WcnIoltV/Feex6hipWtHPZVVtQjkGXCboHjQ
+ Td4ZV9RBaK7HngOynJUwyTjUzHtAneLKchrU3hkCpUwASu7JdNFPFz1dbS1iEMwD
+ /UZi/PQSYWmbwvNMcDqwVW0+b9mU0Jfo/VfMnCu/sNJAoPoYaUFBRf454Qny1OSR
+ /xBMlI9R2Hw/xjEMVLkQ4YC+GGkwFgPjaRCmpeMQL5dzJxO8YjuKamC/08NjVEIL
+ XOQGMo9rXbSs2G/+GRWT9iG4ahqOgfLLiHtlCil1wy2k3Z2CaER6CfL0kJLDF9CZ
+ DTMrSDubpIeIozCPABEBAAGJBD4EGAEIAAkFAlit2ioCGwICKQkQjYGAPA6/zYjB
+ XSAEGQEIAAYFAlit2ioACgkQfqCpw/Jz/NjVYA//bAn5HSATqqxx7euNojPnw8mZ
+ zyCgquKvmGcSVaE+BurtxgixbmqIXIuGR2lhwyaEP2ZGI+lCfphrbDd7cHzN8hUq
+ KlswGeR7/K1n0zuoeYMJyOiJKbARc3fApgiYP1Uc42yX8IbWtT0izDWO0HmDVjG4
+ EDsz+bfpc3rHa74200wMH0/nrJziB+xlURIoD2/7Jjb+Xjkvx39ZSRSLRheiafqH
+ IEYjsmsEurQJffsYRg/o72usqKl/Pvdd87skgbM4pmWWNv8P1Ff+DudFsKf7cS0f
+ vGeT5Mr/nR64QrDxIxSDXjuwlNylCa/pTNlwzgmAvQdsdUKiNXgL+mUQvAx10As4
+ V5hDNOJ/qwxE9/7cNKPx+tsieMKELfI4vLTpuv3YoWibXsQiPYIByh6rtQ+GLaii
+ 5gHA/GHnK116EmSij6w3tEha5ro/ZZKaiflTzzxxLKVcLT4AMV2Atf0rbOsNVhQb
+ W+jwJfS/PEUFofA3o/Hbp+EhPX+FhQdBHXNV80NzJCZeqQ6dm++gx/P9DSz0GEUn
+ /NToCBBshkT+GbWymx+C+2wPV+tl/KBcn1+Ks/4xIAjzTEdJ/3WpJFk6Pg+Xdkk1
+ urjJjG/RvWmQyp4Z2N0JiEtT4tnjBtCakKRJV7amuUu6t6KBe2Zl+Sp69HPsWshm
+ K72TLzCcIA/ALv/OZLXyuA//Xts60vj+IjNCHEACgAxZWsbImK9KSOFIbHW4KiOx
+ Z+xMCbXU/uOyu4gvrVnMxRUTZozc+aPkb5b0BxnnwSb7VaxWcBd1RH/9syaHKvzA
+ v8bVg7VXckQlNF3GxLF1hrh14YEFj8B2mzDbiPGE4lH6WwmmohR5v3335Hx64OFE
+ cb14U7sNG7rB5q1Qnqy66mgNNFa2v/jIap50rFXepCE0tKdoDOpb/WcDeJQHiTuQ
+ JopnGF2ENsKV/0/fuppFbjrsEsJU79ygvfJWbnR3B2s20qkwGHdmlsHW4m+CL2Ze
+ 3IE4wne/xFl4PMWIbwd0K2D1G8i38AgWgdEfdL5Tv01PqLQo/MsiYN+zxPtGWnK4
+ xzhR+zyCDKD2/cB7pw3d5DLFwrfDRxsHCyH+dA1+wDq6770fs2Ft6EEyFiek1nKs
+ fMKbPJeRq7BECqgJsYI3KRNHCy6v2BLjVNAzyywPWMWF44l/eE4OeQpT4cqO8xE6
+ XUMrvN2Yt03MDVy+1kf+cIL0o+PXPxALjtLHH51NlLHg40CHBtL8s3c+gq2fws+N
+ j00/24NYj5NZiq5LZT4ocOsEOWyCjMNuz86MLFykPM2ZelZAcS0dTvrj05cc/tR4
+ 1JPWYJQIfmp1qeTRXWJ6MXr8J9MVTgx9ysZhP3SoUX3cze/TUFvE/4Qhjb/22Ig9
+ ut0=
+ =jAMc
+ -----END PGP PUBLIC KEY BLOCK-----
diff --git a/linux/system/repo/keystorage/docker_legacy.yml b/linux/system/repo/keystorage/docker_legacy.yml
new file mode 100644
index 0000000..fe317fa
--- /dev/null
+++ b/linux/system/repo/keystorage/docker_legacy.yml
@@ -0,0 +1,116 @@
+parameters:
+ linux:
+ system:
+ repo:
+ mcp_docker_legacy:
+ # pub 4096R/2C52609D 2015-07-14
+ key: |
+ -----BEGIN PGP PUBLIC KEY BLOCK-----
+ Version: GnuPG v1
+
+ mQINBFWln24BEADrBl5p99uKh8+rpvqJ48u4eTtjeXAWbslJotmC/CakbNSqOb9o
+ ddfzRvGVeJVERt/Q/mlvEqgnyTQy+e6oEYN2Y2kqXceUhXagThnqCoxcEJ3+KM4R
+ mYdoe/BJ/J/6rHOjq7Omk24z2qB3RU1uAv57iY5VGw5p45uZB4C4pNNsBJXoCvPn
+ TGAs/7IrekFZDDgVraPx/hdiwopQ8NltSfZCyu/jPpWFK28TR8yfVlzYFwibj5WK
+ dHM7ZTqlA1tHIG+agyPf3Rae0jPMsHR6q+arXVwMccyOi+ULU0z8mHUJ3iEMIrpT
+ X+80KaN/ZjibfsBOCjcfiJSB/acn4nxQQgNZigna32velafhQivsNREFeJpzENiG
+ HOoyC6qVeOgKrRiKxzymj0FIMLru/iFF5pSWcBQB7PYlt8J0G80lAcPr6VCiN+4c
+ NKv03SdvA69dCOj79PuO9IIvQsJXsSq96HB+TeEmmL+xSdpGtGdCJHHM1fDeCqkZ
+ hT+RtBGQL2SEdWjxbF43oQopocT8cHvyX6Zaltn0svoGs+wX3Z/H6/8P5anog43U
+ 65c0A+64Jj00rNDr8j31izhtQMRo892kGeQAaaxg4Pz6HnS7hRC+cOMHUU4HA7iM
+ zHrouAdYeTZeZEQOA7SxtCME9ZnGwe2grxPXh/U/80WJGkzLFNcTKdv+rwARAQAB
+ tDdEb2NrZXIgUmVsZWFzZSBUb29sIChyZWxlYXNlZG9ja2VyKSA8ZG9ja2VyQGRv
+ Y2tlci5jb20+iQGcBBABCgAGBQJaJYMKAAoJENNu5NUL+WcWfQML/RjicnhN0G28
+ +Hj3icn/SHYXg8VTHMX7aAuuClZh7GoXlvVlyN0cfRHTcFPkhv1LJ5/zFVwJxlIc
+ xX0DlWbv5zlPQQQfNYH7mGCt3OS0QJGDpCM9Q6iw1EqC0CdtBDIZMGn7s9pnuq5C
+ 3kzer097BltvuXWI+BRMvVad2dhzuOQi76jyxhprTUL6Xwm7ytNSja5Xyigfc8HF
+ rXhlQxnMEpWpTttY+En1SaTgGg7/4yB9jG7UqtdaVuAvWI69V+qzJcvgW6do5XwH
+ b/5waezxOU033stXcRCYkhEenm+mXzcJYXt2avg1BYIQsZuubCBlpPtZkgWWLOf+
+ eQR1Qcy9IdWQsfpH8DX6cEbeiC0xMImcuufI5KDHZQk7E7q8SDbDbk5Dam+2tRef
+ eTB2A+MybVQnpsgCvEBNQ2TfcWsZ6uLHMBhesx/+rmyOnpJDTvvCLlkOMTUNPISf
+ GJI0IHZFHUJ/+/uRfgIzG6dSqxQ0zHXOwGg4GbhjpQ5I+5Eg2BNRkYkCHAQQAQoA
+ BgUCVsO73QAKCRBcs2HlUvsNEB8rD/4t+5uEsqDglXJ8m5dfL88ARHKeFQkW17x7
+ zl7ctYHHFSFfP2iajSoAVfe5WN766TsoiHgfBE0HoLK8RRO7fxs9K7Czm6nyxB3Z
+ p+YgSUZIS3wqc43jp8gd2dCCQelKIDv5rEFWHuQlyZersK9AJqIggS61ZQwJLcVY
+ fUVnIdJdCmUV9haR7vIfrjNP88kqiInZWHy2t8uaB7HFPpxlNYuiJsA0w98rGQuY
+ 6fWlX71JnBEsgG+L73XAB0fm14QP0VvEB3njBZYlsO2do2B8rh5g51htslK5wqgC
+ U61lfjnykSM8yRQbOHvPK7uYdmSF3UXqcP/gjmI9+C8s8UdnMa9rv8b8cFwpEjHu
+ xeCmQKYQ/tcLOtRYZ1DIvzxETGH0xbrz6wpKuIMgY7d3xaWdjUf3ylvO0DnlXJ9Y
+ r15fYndzDLPSlybIO0GrE+5grHntlSBbMa5BUNozaQ/iQBEUZ/RY+AKxy+U28JJB
+ W2Wb0oun6+YdhmwgFyBoSFyp446Kz2P2A1+l/AGhzltc25Vsvwha+lRZfet464yY
+ GoNBurTbQWS63JWYFoTkKXmWeS2789mQOQqka3wFXMDzVtXzmxSEbaler7lZbhTj
+ wjAAJzp6kdNsPbde4lUIzt6FTdJm0Ivb47hMV4dWKEnFXrYjui0ppUH1RFUU6hyz
+ IF8kfxDKO4kCHAQQAQoABgUCV0lgZQAKCRBcs2HlUvsNEHh9EACOm7QH2MGD7gI3
+ 0VMvapZz4Wfsbda58LFM7G5qPCt10zYfpf0dPJ7tHbHM8N9ENcI7tvH4dTfGsttt
+ /uvX9PsiAml6kdfAGxoBRil+76NIHxFWsXSLVDd3hzcnRhc5njimwJa8SDBAp0kx
+ v05BVWDvTbZb/b0jdgbqZk2oE0RK8S2Sp1bFkc6fl3pcJYFOQQmelOmXvPmyHOhd
+ W2bLX9e1/IulzVf6zgi8dsj9IZ9aLKJY6Cz6VvJ85ML6mLGGwgNvJTLdWqntFFr0
+ QqkdM8ZSp9ezWUKo28XGoxDAmo6ENNTLIZjuRlnj1Yr9mmwmf4mgucyqlU93XjCR
+ y6u5bpuqoQONRPYCR/UKKk/qoGnYXnhX6AtUD+3JHvrV5mINkd/ad5eR5pviUGz+
+ H/VeZqVhMbxxgkm3Gra9+bZ2pCCWboKtqIM7JtXYwks/dttkV5fTqBarJtWzcwO/
+ Pv3DreTdnMoVNGzNk/84IeNmGww/iQ1Px0psVCKVPsKxr2RjNhVP7qdA0cTguFNX
+ y+hx5Y/JYjSVnxIN74aLoDoeuoBhfYpOY+HiJTaM+pbLfoJr5WUPf/YUQ3qBvgG4
+ WXiJUOAgsPmNY//n1MSMyhz1SvmhSXfqCVTb26IyVv0oA3UjLRcKjr18mHB5d9Fr
+ NIGVHg8gJjRmXid5BZJZwKQ5niivjokCIgQQAQoADAUCV3uc0wWDB4YfgAAKCRAx
+ uBWjAQZ0qe2DEACaq16AaJ2QKtOweqlGk92gQoJ2OCbIW15hW/1660u+X+2CQz8d
+ nySXaq22AyBx4Do88b6d54D6TqScyObGJpGroHqAjvyh7v/t/V6oEwe34Ls2qUX2
+ 77lqfqsz3B0nW/aKZ2oH8ygM3tw0J5y4sAj5bMrxqcwuCs14Fds3v+K2mjsntZCu
+ ztHB8mqZp/6v00d0vGGqcl6uVaS04cCQMNUkQ7tGMXlyAEIiH2ksU+/RJLaIqFtg
+ klfP3Y7foAY15ymCSQPD9c81+xjbf0XNmBtDreL+rQVtesahU4Pp+Sc23iuXGdY2
+ yF13wnGmScojNjM2BoUiffhFeyWBdOTgCFhOEhk0Y1zKrkNqDC0sDAj0B5vhQg/T
+ 10NLR2MerSk9+MJLHZqFrHXo5f59zUvte/JhtViP5TdO/Yd4ptoEcDspDKLv0FrN
+ 7xsP8Q6DmBz1doCe06PQS1Z1Sv4UToHRS2RXskUnDc8Cpuex5mDBQO+LV+tNToh4
+ ZNcpj9lFHNuaA1qS15X3EVCySZaPyn2WRd6ZisCKtwopRmshVItTTcLmrxu+hHAF
+ bVRVFRRSCE8JIZLkWwRyMrcxB2KLBYA+f2nCtD2rqiZ8K8Cr9J1qt2iu5yogCwA/
+ ombzzYxWWrt/wD6ixJr5kZwBJZroHB7FkRBcTDIzDFYGBYmClACTvLuOnokCIgQS
+ AQoADAUCWKy8/gWDB4YfgAAKCRAkW0txwCm5FmrGD/9lL31LQtn5wxwoZvfEKuMh
+ KRw0FDUq59lQpqyMxp7lrZozFUqlH4MLTeEWbFle+R+UbUoVkBnZ/cSvVGwtRVaH
+ wUeP9NAqBLtIqt4S0T2T0MW6Ug0DVH7V7uYuFktpv1xmIzcC4gV+LHhp95SPYbWr
+ uVMi6ENIMZoEqW9uHOy6n2/nh76dR2NVJiZHt5LbG8YXM/Y+z3XsIenwKQ97YO7x
+ yEaM7UdsQSqKVB0isTQXT2wxoA/pDvSyu7jpElD5dOtPPz3r0fQpcQKrq0IMjgcB
+ u5X5tQ5uktmmdaAvIwLibUB9A+htFiFP4irSx//Lkn66RLjrSqwtMCsv7wbPvTfc
+ fdpcmkR767t1VvjQWj9DBfOMjGJk9eiLkUSHYyQst6ELyVdutAIHRV2GQqfEKJzc
+ cD3wKdbaOoABqRVr/ok5Oj0YKSrvk0lW3l8vS/TZXvQppSMdJuaTR8JDy6dGuoKt
+ uyFDb0fKf1JU3+Gj3Yy2YEfqX0MjNQsck9pDV647UXXdzF9uh3cYVfPbl+xBYOU9
+ d9qRcqMut50AVIxpUepGa4Iw7yOSRPCnPAMNAPSmAdJTaQcRWcUd9LOaZH+ZFLJZ
+ mpbvS//jQpoBt++Ir8wl9ZJXICRJcvrQuhCjOSNLFzsNr/wyVLnGwmTjLWoJEA0p
+ c0cYtLW6fSGknkvNA7e8LYkCMwQQAQgAHRYhBFI9KC2HD6c70cN9svEo88fgKodF
+ BQJZ76NPAAoJEPEo88fgKodFYXwP+wW6F7UpNmKXaddu+aamLTe3uv8OSKUHQbRh
+ By1oxfINI7iC+BZl9ycJip0S08JH0F+RZsi1H24+GcP9vGTDgu3z0NcOOD4mPpzM
+ jSi2/hbGzh9C84pxRJVLAKrbqCz7YQ6JdNG4RUHW/r0QgKTnTlvikVx7n9QaPrVl
+ PsVFU3xv5oQxUHpwNWyvpPGTDiycuaGKekodYhZ0vKzJzfyyaUTgfxvTVVj10jyi
+ f+mSfY8YBHhDesgYF1d2CUEPth9z5KC/eDgY7KoWs8ZK6sVL3+tGrnqK/s6jqcsk
+ J7Kt4c3k0jU56rUo8+jnu9yUHcBXAjtr1Vz/nwVfqmPzukIF1ZkMqdQqIRtvDyEC
+ 16yGngMpWEVM3/vIsi2/uUMuGvjEkEmqs2oLK1hf+Y0W6Avq+9fZUQUEk0e4wbpu
+ RCqX5OjeQTEEXmAzoMsdAiwFvr1ul+eI/BPy+29OQ77hz3/dotdYYfs1JVkiFUhf
+ PJwvpoUOXiA5V56wl3i5tkbRSLRSkLmiLTlCEfClHEK/wwLU4ZKuD5UpW8xL438l
+ /Ycnsl7aumnofWoaEREBc1Xbnx9SZbrTT8VctW8XpMVIPxCwJCp/LqHtyEbnptnD
+ 7QoHtdWexFmQFUIlGaDiaL7nv0BD6RA/HwhVSxU3b3deKDYNpG9QnAzte8KXA9/s
+ ejP18gCKiQI4BBMBAgAiBQJVpZ9uAhsvBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIX
+ gAAKCRD3YiFXLFJgnbRfEAC9Uai7Rv20QIDlDogRzd+Vebg4ahyoUdj0CH+nAk40
+ RIoq6G26u1e+sdgjpCa8jF6vrx+smpgd1HeJdmpahUX0XN3X9f9qU9oj9A4I1WDa
+ lRWJh+tP5WNv2ySy6AwcP9QnjuBMRTnTK27pk1sEMg9oJHK5p+ts8hlSC4SluyMK
+ H5NMVy9c+A9yqq9NF6M6d6/ehKfBFFLG9BX+XLBATvf1ZemGVHQusCQebTGv0C0V
+ 9yqtdPdRWVIEhHxyNHATaVYOafTj/EF0lDxLl6zDT6trRV5n9F1VCEh4Aal8L5Mx
+ VPcIZVO7NHT2EkQgn8CvWjV3oKl2GopZF8V4XdJRl90U/WDv/6cmfI08GkzDYBHh
+ S8ULWRFwGKobsSTyIvnbk4NtKdnTGyTJCQ8+6i52s+C54PiNgfj2ieNn6oOR7d+b
+ NCcG1CdOYY+ZXVOcsjl73UYvtJrO0Rl/NpYERkZ5d/tzw4jZ6FCXgggA/Zxcjk6Y
+ 1ZvIm8Mt8wLRFH9Nww+FVsCtaCXJLP8DlJLASMD9rl5QS9Ku3u7ZNrr5HWXPHXIT
+ X660jglyshch6CWeiUATqjIAzkEQom/kEnOrvJAtkypRJ59vYQOedZ1sFVELMXg2
+ UCkD/FwojfnVtjzYaTCeGwFQeqzHmM241iuOmBYPeyTY5veF49aBJA1gEJOQTvBR
+ 8YkCOQQRAQgAIxYhBDlHZ/sRadXUayJzU3Es9wyw8WURBQJaajQrBYMHhh+AAAoJ
+ EHEs9wyw8WURDyEP/iD903EcaiZP68IqUBsdHMxOaxnKZD9H2RTBaTjR6r9UjCOf
+ bomXpVzL0dMZw1nHIE7u2VT++5wk+QvcN7epBgOWUb6tNcv3nI3vqMGRR+fKW15V
+ J1sUwMOKGC4vlbLRVRWd2bb+oPZWeteOxNIqu/8DHDFHg3LtoYxWbrMYHhvd0ben
+ B9GvwoqeBaqAeERKYCEoPZRB5O6ZHccX2HacjwFs4uYvIoRg4WI+ODXVHXCgOVZq
+ yRuVAuQUjwkLbKL1vxJ01EWzWwRI6cY9mngFXNTHEkoxNyjzlfpn/YWheRiwpwg+
+ ymDL4oj1KHNq06zNl38dZCd0rde3OFNuF904H6D+reYL50YA9lkL9mRtlaiYyo1J
+ SOOjdr+qxuelfbLgDSeM75YVSiYiZZO8DWr2Cq/SNp47z4T4Il/yhQ6eAstZOIkF
+ KQlBjr+ZtLdUu67sPdgPoT842IwSrRTrirEUd6cyADbRggPHrOoYEooBCrCgDYCM
+ K1xxG9f6Q42yvL1zWKollibsvJF8MVwgkWfJJyhLYylmJ8osvX9LNdCJZErVrRTz
+ wAM00crp/KIiIDCREEgE+5BiuGdM70gSuy3JXSs78JHA4l2tu1mDBrMxNR+C8lpj
+ 1pnLFHTfGYwHQSwKm42/JZqbePh6LKblUdS5Np1dl0tk5DDHBluRzhx16H7E
+ =lwu7
+ -----END PGP PUBLIC KEY BLOCK-----
+
+
diff --git a/linux/system/repo/keystorage/jenkins.yml b/linux/system/repo/keystorage/jenkins.yml
new file mode 100644
index 0000000..f50851a
--- /dev/null
+++ b/linux/system/repo/keystorage/jenkins.yml
@@ -0,0 +1,151 @@
+parameters:
+ linux:
+ system:
+ repo:
+ mcp_jenkins:
+ # pub 1024D/D50582E6 2009-02-01
+ key: |
+ -----BEGIN PGP PUBLIC KEY BLOCK-----
+ Version: GnuPG v1
+
+ mQGiBEmFQG0RBACXScOxb6BTV6rQE/tcJopAEWsdvmE0jNIRWjDDzB7HovX6Anrq
+ n7+Vq4spAReSFbBVaYiiOx2cGDymj2dyx2i9NAI/9/cQXJOU+RPdDzHVlO1Edksp
+ 5rKn0cGPWY5sLxRf8s/tO5oyKgwCVgTaB5a8gBHaoGms3nNC4YYf+lqlpwCgjbti
+ 3u1iMIx6Rs+dG0+xw1oi5FUD/2tLJMx7vCUQHhPRupeYFPoD8vWpcbGb5nHfHi4U
+ 8/x4qZspAIwvXtGw0UBHildGpqe9onp22Syadn/7JgMWhHoFw5Ke/rTMlxREL7pa
+ TiXuagD2G84tjJ66oJP1FigslJzrnG61y85V7THL61OFqDg6IOP4onbsdqHby4VD
+ zZj9A/9uQxIn5250AGLNpARStAcNPJNJbHOQuv0iF3vnG8uO7/oscB0TYb8/juxr
+ hs9GdSN0U0BxENR+8KWy5lttpqLMKlKRknQYy34UstQiyFgAQ9Epncu9uIbVDgWt
+ y7utnqXN033EyYkcWx5EhLAgHkC7wSzeSWABV3JSXN7CeeOif7QiS29oc3VrZSBL
+ YXdhZ3VjaGkgPGtrQGtvaHN1a2Uub3JnPohjBBMRAgAjAhsDBgsJCAcDAgQVAggD
+ BBYCAwECHgECF4AFAko/7vYCGQEACgkQm30y8tUFguabhgCgi54IQR4rpJZ/uUHe
+ ZB879zUWTQwAniQDBO+Zly7Fsvm0Mcvqvl02UzxCiGAEExECACAFAkmFQG0CGwMG
+ CwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRCbfTLy1QWC5qtXAJ9hPRisOhkexWXJ
+ nXQMl9cOTvm4LgCdGint1TONoZ2I4JtOiFzOmeP3ju3RzcvNyQEQAAEBAAAAAAAA
+ AAAAAAAA/9j/4AAQSkZJRgABAQEAYABgAAD/4QBgRXhpZgAASUkqAAgAAAAEADEB
+ AgAZAAAAPgAAABBRAQABAAAAAUOQABFRBAABAAAAEgsAABJRBAABAAAAEgsAAAAA
+ AABNYWNyb21lZGlhIEZpcmV3b3JrcyA0LjAAAP/bAEMACAYGBwYFCAcHBwkJCAoM
+ FA0MCwsMGRITDxQdGh8eHRocHCAkLicgIiwjHBwoNyksMDE0NDQfJzk9ODI8LjM0
+ Mv/bAEMBCQkJDAsMGA0NGDIhHCEyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIy
+ MjIyMjIyMjIyMjIyMjIyMjIyMjIyMv/AABEIAK4AlgMBIgACEQEDEQH/xAAfAAAB
+ BQEBAQEBAQAAAAAAAAAAAQIDBAUGBwgJCgv/xAC1EAACAQMDAgQDBQUEBAAAAX0B
+ AgMABBEFEiExQQYTUWEHInEUMoGRoQgjQrHBFVLR8CQzYnKCCQoWFxgZGiUmJygp
+ KjQ1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoOEhYaHiImK
+ kpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4eLj
+ 5OXm5+jp6vHy8/T19vf4+fr/xAAfAQADAQEBAQEBAQEBAAAAAAAAAQIDBAUGBwgJ
+ Cgv/xAC1EQACAQIEBAMEBwUEBAABAncAAQIDEQQFITEGEkFRB2FxEyIygQgUQpGh
+ scEJIzNS8BVictEKFiQ04SXxFxgZGiYnKCkqNTY3ODk6Q0RFRkdISUpTVFVWV1hZ
+ WmNkZWZnaGlqc3R1dnd4eXqCg4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1
+ tre4ubrCw8TFxsfIycrS09TV1tfY2dri4+Tl5ufo6ery8/T19vf4+fr/2gAMAwEA
+ AhEDEQA/APcBI/8Afb86XzH/AL7fnUYpwqRknmN/fP50u9v7x/OmCgUASb2/vH86
+ Xe394/nTBS0AP3t/eP50u4+p/OmUopgO3H1NO3H1NR5xThQA7cfWlyfU0ylFMQ/J
+ 9aXPvTKdQAuaM0lLQAtJmiigAzRSdqKAKApwpopc1mUOpRSUopgKKWkFLQAueKzr
+ zXbCwk2Tzxq3cFwK8v8Aih8V30aaTQ9DKtegYnuTyIvZR3b+VfP1/q17fzvLc3Ms
+ sjHJZ2JJNGr2HZdT6j8U/FbR/DcKsM3VxLkpGh6AetcI37Ql4Zcx6LAYx2aUgmvD
+ 1ju7obgJHA7nmmmG4TqjDHtS+ZXL1sfVPhT4yeH/ABFNHaXYbS71zhVnYGNz6B+n
+ 4HFejK2RmvhJJSDiTj6ivYvht8XptE8rSPEEklxpxwkFyTue39j6p+op3a3Javsf
+ RuacDVaC4juIUmhkWSKRQyspyGB7ipgasgfmlpoNLmgBaKSigBaKM0UAUBS0lKKz
+ KFFLSUooAdWR4o1qLw/4bvtSmZVEMRK57t2H51rCvJPj7etD4WsbQMQJ7jkDuFBN
+ D2GlqfP13dS3k89zM5eaZy7sTySTWvovhw3JWWdcqeQtUNGsWvtQRMfIvJr0u0t1
+ hjUKOnpXFi8Q6a5Y7npYLDqfvyILXQolRVWMdOwp1x4cjYH5QPwrftQcDippFavM
+ UpvW569ktLHnOp+FFaNiijcOlcfcW8tlN5UgI+tezXEeSeM5rmtf0OK/tSVUCVOV
+ Irsw+KlF8s9jhxWFjNc0dzpfgh49MV1/wimozExyndYOx+6/eP6HqPcEd697Vq+I
+ baWbTb+G5hJWe3lWVCDj5lOf6V9naTqUeraRZ6jEMR3UKTKM9NwzivXj2PDmrM1A
+ 1PqBTUoNMlDqKSloAKKOpopAUacKbS1mWOFKKbS0xC14p+0Gw+z6Ihb+ORsfgK9r
+ rxT9oO3X7Ho1zn5vMePHrxn+lJjW55t4QgZbOe7CbmJ2IPU10sltriIDaSW7ORlg
+ 44HsKz/BCbtFyBysjVdvo9bcTNDMyEFfKCEDdzzknpx04NeVUles9vme3Rjairdu
+ hoaXqOqwt5Wo2cSjoHRuv4VuTXKCAuBzjoa5myW9SKJLmVpH25lLEEBs9sVuTgGw
+ BGN3f3rOU7SaOqEW43Me7l1a8l225SCL+9tyajfT7lHS4SdmkH+sVujj+lQakuo3
+ ELC0uGjkBwqh9qlceuM5z/L3q1p9nfwyqzzs8WxQVkOTuxycjsT2q7+7e6MXH3mr
+ M898QWgtNbmVeEcbwK+l/hdK7/DXQjI+4iAgH0AY4FfO/jWMx6+oxx5QP619B/Cx
+ Wj+G2i7twzExww7bzj8K9bDO8UeJitJv1O5U1Mp4qshqdTW7RzpklLmmg0tSULmi
+ kopAU6WkFFZlDqWm0tMQteX/ABe8MXPiBLCSN1SODcq5H8bY5+mB+teoVi+KbQ3e
+ gXAU4dPnB9MVFS/I+Xc0pNKa5tjw/wAJ2L6fpbWsw2zRzOsg9wa6RIlk6Diszy5L
+ a5kYksJTuyfWrUN2xbArxpyUpczPoKS5VyiXKQwHoBk/mamID2AIFZ89w6SlvKSV
+ ugDNjFK2p3It/L8uIAc//WpRhd3RtKaSs2WLNIpQeAcGrjosYIFZVvcPLIr7Fibo
+ Qpzmp5rp/N24prTQmT0uYOv6LDrWt2avIIkSJjI3qMjAHuTmveNEsU0rRbGwjPyW
+ 0CRr9AK8k0y0S81yMMAzllQL3xnnAr2cdfavXwLbT8jwcwsmrbssoamU8VXQ1Otd
+ jOBEoNOBqMGnA1BY6ikHNFAypS0lLWRQtFFApgLTJoknheKQZRwVYe1OopiPO/GP
+ hq202xgu7RX+VishZs9a4pmaMtsGSRkAV7Xq9gupaXPasPvr8v17V4jKHt7qS3k4
+ kjYqa8vF0lCSaWh6uDrOSab1KAuLia9a2CJCQu7zLhgoI9q2f+Ecv2h877XZbTuB
+ Ikz0x/jVK4RZVAdckDg1QfEY8kW6EeoYgH6jOKwi0z0emkrfK5LcyXNpex2YEVyz
+ ruEkD5Cj1NX1Lbt0hyVHP1qpbxiFCyqN5HYYAq/pcH2/WbSyLcSyAMfbqaduaSij
+ KpJRTdz03w3p0dpo1m7RL57JvLFRuG7nr16YrdWolAHAGB2qVa+hjFRioo+YlJyk
+ 5MnSp1NQpUopMESCnA+tMFOBqS0Oz6UUlFIZWopKXNZFi0UlFMQuaM0maM0wOU8Z
+ /ELRfA8UQ1Ayz3kw3RWkABcrnG4k8KPr17CvIbjWR4lSXXbW2Nv5srHyS+4gA9Cc
+ DNYfxfl+1fEbVCsm8xFI+T0wo4/CrHg9kt9OFm88TyffwrA43DOPw71y4xfuk13O
+ zBfxGn2NWDU4ZFXLbXHDKamN7a7cfLn3qCWyt2nKyxAj3FLJo9hFGH8sNu5HJrzo
+ 2PTbkupHPqcafLHlnPCqKu6VqMfhy4h1nUEkdIDvdIwC2MYwM455rMW502wlzLLD
+ Cq+p5P4dax9e8S2N5aSWtuXcOMFsYH61vSpzlNOKMKs4qLUme6+EvHWk+MRcLp6X
+ EUtuAzxzqAcHjIwTmuqQ185/CTXo9J8XRW0iqsF+v2bcxxtbOVOfcjH419EqcHBr
+ 3FqeDJWZbQ1KDVeNqmBqWCJRTs1GDTgakseKKQc0UgK1LTaq6lqljo9g99qV3Fa2
+ qfellbAz6DuT7DmsjQuU15FiiaWR1SNBlndgFUe5PSvGfEfx02s8HhzTwR0F3eDr
+ 7rGP/Zj+FeU674u1zxE5bVtUuLlc5ETNiNfogwo/KrUWFj37xF8YfC+hiSK1mfVb
+ tePLtf8AVg+8h4/LNeSa/wDGHxRrcjpb3Q0u3OcRWZ2nHu5+Y/p9K89Z9x5ppOM8
+ 1SihXHTTyO7NIzO7MWZmOSxPUk+tQrKyNuUkEdwcGnFs8EVGV9Kom5YGoXqtuW7n
+ B9fMNPOrag67Wvbgr6eYap4OelA5qeSPYrnl3Jg7McsxJ9SakTrzUCg+1SgqgyTm
+ rJLkbjII6e9dfp/xR8VaciLFqjTxxAKI7pFkBHuTz+tcL5xI9AeAKcpGSSe1Az37
+ wx8adPv3S3122FjKeBPES8R+o6r+tepWl7b3tulxazxTwvyskbBlP4ivjASAnA4r
+ Z0DxVrHh2787TL+WDP3kzlG+qng0XFyo+wlfIp4NeN+FfjbaXs0dp4gt1tGPH2uH
+ Jjz/ALS9R9RmvWra6huoEnt5o5oXGUkjYMrD2IpE2aLgoqMOMUUWC5ka/rVv4e0K
+ 71W5G6O3QsEBwXboFH1OK+WPE3irVfE2pNeapcM7ZPlxA4jhX+6i9h+p71698dNZ
+ +z6Np+ko3zXMpmkH+yvA/U/pXgcz7k9x/KogtDR6DXmJ71EXOKYTzSE5qybi7uaU
+ mmd6UcimITPNKDmmnrQKAJM8Ck3egpuaQUAPBJ6k4ozknjimk9qB0oGO3E04NUYp
+ aQEu/wBqXOFAPeohyQKV25NMCdJDng103hjxnq/hm7WTTrp1jJy8LHMb/Vf8muU+
+ 6g9TThIUGB1Pf0osNM+wPCnie18U6HHqNspjbOyaInJjcdR7jnINFeY/APUUJ1jS
+ pZVQER3K7jjn7rf+y0U1YiWj0OW+NmoG68dvbhsrawIgHoTyf515qzbth9eDXQ+P
+ NQOo+NNUus5DzED6Dj+lc0DnI9DmohsXLcaTQOaG6n60CqJEpVpM0A80ADDmkpzd
+ RSUALRRRQACiijvQAtFJRmgY9B3po5b605DhGNN70CHu2CT+ApEwX5+ppG5AP1pM
+ 4GB1PWmBraZez2rvJBM8TMMEocHFFVLViFOKKm1y0xb9zNI0pJLFiT+PNUlPz5NW
+ Jm+/9RVYjGPenYlisMufrSE05vu5qOgQtA60dqB1oAe3QU2nN0plAC0tJSjrQAlL
+ miigAptL0pO9AEi8RfU0mM8560H/AFaikzx+NMBxx0H40zOeaU8KffikHSgCxC+y
+ LPqaKYeAq+gooHc//9mIYAQTEQIAIAUCSj/3IAIbAwYLCQgHAwIEFQIIAwQWAgMB
+ Ah4BAheAAAoJEJt9MvLVBYLmt2sAnRUJQoS4J/5+LW+Iy3tUYMTsR8aLAJ9gp9qD
+ YbGfdcFG+HeSbh/PEwrqbLQzS29oc3VrZSBLYXdhZ3VjaGkgPGtvaHN1a2Uua2F3
+ YWd1Y2hpQGNsb3VkYmVlcy5jb20+iGIEExECACIFAk0GnroCGwMGCwkIBwMCBhUI
+ AgkKCwQWAgMBAh4BAheAAAoJEJt9MvLVBYLmfugAnRb1qac6CqRaNUhHbzd1m/5S
+ niNzAJ9NJUC2Fjk7uEyvQ5bDJ+hAFbkQVLQpS29oc3VrZSBLYXdhZ3VjaGkgPGtv
+ aHN1a2VAY2xvdWRiZWVzLmNvbT6IYgQTEQIAIgUCVh045AIbAwYLCQgHAwIGFQgC
+ CQoLBBYCAwECHgECF4AACgkQm30y8tUFguZVLgCdElQ2ydLBp33/9SFyVEz3cFMk
+ 0DkAn2qWsQlPT549lAqeSnkhCOcGJAx0tCxLb2hzdWtlIEthd2FndWNoaSA8a2th
+ d2FndWNoaUBjbG91ZGJlZXMuY29tPohiBBMRAgAiBQJWHTjzAhsDBgsJCAcDAgYV
+ CAIJCgsEFgIDAQIeAQIXgAAKCRCbfTLy1QWC5sMTAKCA5kH0uH0x0HoTuxjrU740
+ pU/53gCfaFWE6s7nBFMkJ3RyxjtZBGnY2Jm5Ag0ESYVAbRAIAOoBdaCKKzjKL3qi
+ zdBmYrnzT2iONNOeUgKBvO2tPnlwxVMMFz1Kd7JFCULRxL4zXPgOjqWPzWw0l0mI
+ E+pNhgDX57FMW+znMLE8icM/eG+pfEdM/XjZc3WF3O3ndHuyafw7TDI75EIFRvjh
+ 702S6y8F3lQ/cl7jj2GelcnhY7dxUwWbiCHGzsRGWkCLk1MSxVV0zx2odtkm2TyB
+ vN0AcfTJuIBeZbIsUZkO64qIUCSqb9aV53uJ3o35w/HXTt3AFyXA/HN8RgoSonVg
+ MMegOXJ/HjTXbLXnd7mwbJqH8g8Fiussx8b5aaLCvmcJfS2bA5zK6S4T3iFvMkJf
+ bAF1tYsAAwYIALOXdy4ziUa3/CvmWIziCi1elkCilj4SdssgG44cVddHsefICBJP
+ WMf8BRtp+8+PIOESQUPJQ/Xhe0c0gCqw3VSm7Jhsz3Rsw8BZcnGtrMyxIX5O/nIj
+ EeLLhxzWmOiocDaTCogYeZPFjM485LX1lZAC16+hMTqkIBGmFjR3OmxwJZpcaz9m
+ o0CGMv3pYthXU6hS372ZOc5yzpW7FrGnbA3ZLkMrVL2B0jFYRzzAxQ+JB7wJiTQ7
+ JJ05EhuUyzdsaoMWgzkdwEBk/ViVeK08fachG/QO05AYxA4KSpRaZC5ABSApX5g7
+ zqU7hLsSFMRP8Y+xBvo/t5+b8KzzBur/DIiISQQYEQIACQUCSYVAbQIbDAAKCRCb
+ fTLy1QWC5raYAJ4k0FbiycMLg7OMpTpBPfzr8YD2ywCfe8vNLCfw3XG/kyKFYavm
+ RXO9oTa5Ag0EWBjgRgEQALze0WQartDG4x1DaOpqKLAol9pfxSX+O88Nafw9dDdV
+ v80CD7Q66p6X5o1TOOqEAqsI/dUFzDoZzW/EBN5TVKdNhV55WsIbvFJnJ9ccQ1yk
+ fCYVQAH/eCIdM8dujAOZLjKSapz/wBdFbbOffvz7GLmsjn1wCruZfIOcaIcfaUfY
+ QWsafzwU9VsRLSDrbwpylQJkvblfeb+ohQ/AYlVJmD1HcKF81AajgxbTUDCBxslY
+ 4kL6FmqqfLJDWXyg0aG7UEbP3ye7/61qrsKR0g84BHYgkLzQkdgsAGAMo3HvQzss
+ BAqhZy2QSWKZCe6OQuIEzL01oTWJOWJYAoak9pSkjuFDsRbFRHC4YiaCIvwFHA8C
+ 3nCaa/jAXQ/NrBFyc1TsrDdxiXi6cEgER9WichpQaD/NCKGGHbEzzHow1Ni+pABq
+ 1leoVAfAEw8OwRYEftfoAQ5O8VdWe754xK2I5wFWjGKM0IHruEqnRgbWXL9Vy6Cv
+ NTrQIoJbVuO/kQWH4jZ63TzsBnxHzdnRSuCNGXnuneIju8+wr33y+r914cNziCHm
+ Tt0UsyTcf7xfzVB++obS0sCyklDIy+1EEzLePkUYl7Ebkst5tKgbVRNyH1niKRwX
+ xoyowmIRznO79l46u9JMdlt9VO9oo+yR9DqMgNqUnc9Z+rt8EyUam87838FfF+OF
+ ABEBAAGJAmgEGBECAAkFAlgY4EYCGwICKQkQm30y8tUFgubBXSAEGQECAAYFAlgY
+ 4EYACgkQlHo/RMJzQlXPTg//UpZd7vx0wNm6dPSUc9Agw5tQU5oCR4BUaDOBFDfb
+ nKPNa8JQPVdH6lrt1Zaqc9Uka+l1eVK8SZiujohr3bCyal+5ParAdVbTt08pvh5d
+ 3YllLIKKad82Qy6WsUlAQmUpba+Fn5naXdd8WDN03J7LVOqYCQUWZu65r5oqmv8B
+ eh+vcZO5ozEt/Huy+ruCsdb0WavbgI5+Pj6sKJtKBo5WwZzbDpbPUEUd3/T5zFbJ
+ G/XDk77qfBP4DKC96tphzGp6EaEtrZ9Qto8AisCYGvhDptYqXqZm4J1mJj/SI+4C
+ /1kVY0EEf4ySLy4/8f91h/jzcEliQNnmNZWgUTmP/nyUS+iLqUa4NmhdO45NYBfJ
+ PZyviHsFxJhYppiPt32n5FpGrXM8fWaQsA+aKOL2D+AWeC8W/pPmDurLbYA1yRk7
+ T7E1llz4wDf53CumQGtT4gKwmUdGbwp0TNZKggv+/6auOMoBVjvWCRM0erxR+fAL
+ FKruuoXjQ69I2bTiZfoSHtDxqa+YMnNqqFOZdyJsH13Fx/Ma3k0EVI4uOuX5RoJ8
+ BN3SAkBSiZu/yRf9XF/ikKvrb3YcaPaUgRPVP3EweJJx98whWxPmgSbv/GvQCQa7
+ GyvwvqvWuiw+kgl4RlCGvL354zQwSoD+li+ZgnuhzRlSnj962O2cobvY+UzW1fiO
+ vTrGzQCgg7/WrciTjK8wtd8e/E26mU1agOMAniYHo/aFmpsSFfNp4n419EI+mCXU
+ =fBn8
+ -----END PGP PUBLIC KEY BLOCK-----
diff --git a/linux/system/repo/keystorage/maas.yml b/linux/system/repo/keystorage/maas.yml
new file mode 100644
index 0000000..cac2c27
--- /dev/null
+++ b/linux/system/repo/keystorage/maas.yml
@@ -0,0 +1,36 @@
+parameters:
+ linux:
+ system:
+ repo:
+ mcp_maas:
+ # pub 4096R/684D4A1C 2015-08-20
+ key: |
+ -----BEGIN PGP PUBLIC KEY BLOCK-----
+ Version: GnuPG v1
+
+ mQINBFXVlyMBEACqM3iz2EGJE0iE3/AAbNCnbBB25m3AWaSxJk+GJfkAAYWGqAKi
+ uWceCcetdNKNTKd8frSZFsRB7IceZr0u5sWpSYur6uoMNHzS8Y5cGdyAVrnEZtbd
+ ak652x13jlX7nrcE9g//lD0w254XW1Loyy5YOGWfUmJkGImndFWtkqd1J7SCVMMW
+ 5l/nS4LwsOx/wTxL5m/cFQLi67JyJGqszKXS88oHT1YFBWPyl1VcXifFwecH/32f
+ Rr6WGpEAaxGF4dO45WGvJIQs2yiT5f9ha3tuJCbzI58t9BxiR1MMZ9AAPjdNO6JZ
+ kX2q+/uqgJg9IWNcJ4E+fCgl/hvoB3AURXHmaagH7nMb/6OA/QFSbiR3eciSJ89c
+ EkK+7d0br+p2+shO/dOV6lUrbidVVjiiTdmYlyXzuPcvPWVYmXjDzsOi0sSZZNMq
+ 8G3/pAavjyGUvZtb781V1j9/8l3o5ScAPzzamT2W4rF+nCh1iHYz7+wP2XDNifE/
+ oK7fLNb0ig1G5S4PCqZHUp95LUaJrFczYCPwlERUxIC3B9a+UC3SdZmRuuSENWNs
+ YxKUlbU07GCrjxtcDhQHGQDVJDUGbqqkA4B/iKrwW3reA5fHo3yocQMX7YR6C2/Q
+ n+wn/EoEPIB1wkzAQvarnNCCdwjD5AB1VhANEFwUKMWHDEsofKOSTBYvgQARAQAB
+ tBZMYXVuY2hwYWQgUFBBIGZvciBNQUFTiQI4BBMBAgAiBQJV1ZcjAhsDBgsJCAcD
+ AgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAE5/3FaE1KHDH8D/9Mdc+4tw8foj6lILCg
+ fBRi9S37tOyV2m5YvD+qRzefUYgFKXYxleO+H9cjFH2XyHIBwa15dD/Yg+DkcAKb
+ 9f/a1llHNTzLkHiNVQl4tl8qeJPj2Obm53HsjhazIgh0L208GRGJxO4HSBbrBTo8
+ FNF00Cl52josZdG1mPCSDuJm1AkeY9q4WeAOnekquz2qjUa+L8J8z+HVPC9rUryE
+ NXdwCyh3TE0G0occjUAsb5oOu3bcKSbVraq+trhjp9sz7o7O4lc4+cT2gFIWl1Rp
+ 1djzXH8flU/s3U1vl0RcIFEZbuqsuDWukpxozq4M5y7VKq4y5dq7Y0PbMuJ0Dvgn
+ Bn4fbboMji4LYfgn++vosZv/MXkPIg6wubxdejVdrEoFRFxCcYqW4wObY8vxrvDr
+ Mjp4HrQ2guN8OJDUYnLdVv9P1MMKDAMrDjRdy3NsBpd7GuA9hXRXBPZ8y74nIwCR
+ jEDnIz5jsws9PxZIVabieoCI6RibJMw8qpuicM97Ss2Uq5vURvTBQ3f6wYjCMsdt
+ yqjz6TVJ3zwK9NPfMhXGVrrsxBOxO382r6XXuUbTcXZTDjAkoMsBqfjidlGDGTb3
+ Un0LkZJfpXrmZehyvO/GlsoYiFDhGf+EXJzKwRUEuJlIkVEZ72OtuoUMoBrjuADR
+ lJQUW0ZbcmpOxjK1c6w08nhSvA==
+ =QeWQ
+ -----END PGP PUBLIC KEY BLOCK-----
diff --git a/linux/system/repo/keystorage/saltstack_2016_3.yml b/linux/system/repo/keystorage/saltstack_2016_3.yml
new file mode 100644
index 0000000..d217202
--- /dev/null
+++ b/linux/system/repo/keystorage/saltstack_2016_3.yml
@@ -0,0 +1,38 @@
+parameters:
+ linux:
+ system:
+ repo:
+ mcp_saltstack:
+ # pub 2048R/DE57BFBE 2014-06-24
+ key: |
+ -----BEGIN PGP PUBLIC KEY BLOCK-----
+ Version: GnuPG v1
+
+ mQENBFOpvpgBCADkP656H41i8fpplEEB8IeLhugyC2rTEwwSclb8tQNYtUiGdna9
+ m38kb0OS2DDrEdtdQb2hWCnswxaAkUunb2qq18vd3dBvlnI+C4/xu5ksZZkRj+fW
+ tArNR18V+2jkwcG26m8AxIrT+m4M6/bgnSfHTBtT5adNfVcTHqiT1JtCbQcXmwVw
+ WbqS6v/LhcsBE//SHne4uBCK/GHxZHhQ5jz5h+3vWeV4gvxS3Xu6v1IlIpLDwUts
+ kT1DumfynYnnZmWTGc6SYyIFXTPJLtnoWDb9OBdWgZxXfHEcBsKGha+bXO+m2tHA
+ gNneN9i5f8oNxo5njrL8jkCckOpNpng18BKXABEBAAG0MlNhbHRTdGFjayBQYWNr
+ YWdpbmcgVGVhbSA8cGFja2FnaW5nQHNhbHRzdGFjay5jb20+iQE4BBMBAgAiBQJT
+ qb6YAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAOCKFJ3le/vhkqB/0Q
+ WzELZf4d87WApzolLG+zpsJKtt/ueXL1W1KA7JILhXB1uyvVORt8uA9FjmE083o1
+ yE66wCya7V8hjNn2lkLXboOUd1UTErlRg1GYbIt++VPscTxHxwpjDGxDB1/fiX2o
+ nK5SEpuj4IeIPJVE/uLNAwZyfX8DArLVJ5h8lknwiHlQLGlnOu9ulEAejwAKt9CU
+ 4oYTszYM4xrbtjB/fR+mPnYh2fBoQO4d/NQiejIEyd9IEEMd/03AJQBuMux62tjA
+ /NwvQ9eqNgLw9NisFNHRWtP4jhAOsshv1WW+zPzu3ozoO+lLHixUIz7fqRk38q8Q
+ 9oNR31KvrkSNrFbA3D89uQENBFOpvpgBCADJ79iH10AfAfpTBEQwa6vzUI3Eltqb
+ 9aZ0xbZV8V/8pnuU7rqM7Z+nJgldibFk4gFG2bHCG1C5aEH/FmcOMvTKDhJSFQUx
+ uhgxttMArXm2c22OSy1hpsnVG68G32Nag/QFEJ++3hNnbyGZpHnPiYgej3FrerQJ
+ zv456wIsxRDMvJ1NZQB3twoCqwapC6FJE2hukSdWB5yCYpWlZJXBKzlYz/gwD/Fr
+ GL578WrLhKw3UvnJmlpqQaDKwmV2s7MsoZogC6wkHE92kGPG2GmoRD3ALjmCvN1E
+ PsIsQGnwpcXsRpYVCoW7e2nW4wUf7IkFZ94yOCmUq6WreWI4NggRcFC5ABEBAAGJ
+ AR8EGAECAAkFAlOpvpgCGwwACgkQDgihSd5Xv74/NggA08kEdBkiWWwJZUZEy7cK
+ WWcgjnRuOHd4rPeT+vQbOWGu6x4bxuVf9aTiYkf7ZjVF2lPn97EXOEGFWPZeZbH4
+ vdRFH9jMtP+rrLt6+3c9j0M8SIJYwBL1+CNpEC/BuHj/Ra/cmnG5ZNhYebm76h5f
+ T9iPW9fFww36FzFka4VPlvA4oB7ebBtquFg3sdQNU/MmTVV4jPFWXxh4oRDDR+8N
+ 1bcPnbB11b5ary99F/mqr7RgQ+YFF0uKRE3SKa7a+6cIuHEZ7Za+zhPaQlzAOZlx
+ fuBmScum8uQTrEF5+Um5zkwC7EXTdH1co/+/V/fpOtxIg4XO4kcugZefVm5ERfVS
+ MA==
+ =dtMN
+ -----END PGP PUBLIC KEY BLOCK-----
diff --git a/linux/system/repo/keystorage/ubuntu.yml b/linux/system/repo/keystorage/ubuntu.yml
new file mode 100644
index 0000000..aaa6f88
--- /dev/null
+++ b/linux/system/repo/keystorage/ubuntu.yml
@@ -0,0 +1,86 @@
+parameters:
+ linux:
+ system:
+ repo:
+ ubuntu:
+ key: |
+ -----BEGIN PGP PUBLIC KEY BLOCK-----
+ Version: GnuPG v1
+
+ mQGiBEFEnz8RBAC7LstGsKD7McXZgd58oN68KquARLBl6rjA2vdhwl77KkPPOr3O
+ YeSBH/voUsqausJfDNuTNivOfwceDe50lbhq52ODj4Mx9Jg+4aHn9fmRkIk41i2J
+ 3hZiIGPACY/FsSlRq1AhBH2wZG1lQ45W/p77AeARRehYKJP9HY+1h/uihwCgrVE2
+ VzACJLuZWHbDsPoJaNQjiFcEAKbUF1rMyjd1xJM7bZeXbs8c+ohUo/ywSI/OIr8n
+ OfUswy08tsCof1KU0JBGLBCn0lHAYkAAcSr2pQ+k/odwdLQSjgm/JcUbi2ll16Wy
+ 7qFbUAUJ5xO+iP61vL3z4pJGcK1pMH6kBLA4CPBchJU/hh3f7vtX2oFdWw8tWqvm
+ m/W7BACE7h0p86OP2G3ZJBjNYNQTK1LFYa+3G0spsVi9wl+Ih49ImPbSsUc2CSMA
+ fDlGpYU8FuUKCgQnS3UZz6e0NwrHbZTHBy0ksRwT9jf7qSAEKEN2ECxfwR5i1dU+
+ Yi4owkqGPhTLAbwkYdZZMcqfGgTXbiU4uy8DzMH/VhqP5wxdwbQ7VWJ1bnR1IEFy
+ Y2hpdmUgQXV0b21hdGljIFNpZ25pbmcgS2V5IDxmdHBtYXN0ZXJAdWJ1bnR1LmNv
+ bT6IXgQTEQIAHgUCQUSfPwIbAwYLCQgHAwIDFQIDAxYCAQIeAQIXgAAKCRBAl26v
+ Q30FtSTNAJ9TwRBI9/dXHqsyx5LkWrPxyO2H7wCfXDY77HnwSK3tTqJzC4m6KuDd
+ RheJAhwEEwECAAYFAkFRZ98ACgkQ18PxMasqkfV9whAAj5sSzTHDIdYCmbZcumTH
+ limqS88m+0He6jkG5j6DjQq/xGWg7B/svG+mPCE4K/zYG3CA0G0lTgJJKQg6gcUg
+ oQpaiK22gLG5tjVOQRRaExu+FNKF9kvSYFbEwpn0OESsRPjrdS2RYpGjY+DLHPaB
+ 06Y/hQvMSCh67ZeDmLLTwQFzF0RAUHtwU+tU/gnvrk7kk/yPDqtj53J6zuAf86ZX
+ GRlmJCTDYJ/yXoYlm4sz0E1XANrdwtUGic0PF1gJIe7ZAnqMVvRGCxArNT1th83w
+ uppjI4/rGrFttbQUPb0cXyXhSmNauRMiiX/lrjqjouk9DX8CyVQG/mTgjrKLAMBZ
+ OJ/Im3D33jOdEWIaaVAVOmOej3S8s33zcWAUYbpqg+10i3O4SfVYH88tmEnmX3mq
+ Y21B7fkHHOVXF/4/sCzft6Ek6E57vIh0i7PjnrTWBO2/dl7zJyZZo7ty4f69B1xU
+ ZNClBZPXgYWmh68z5SgyfY5/N/CmfnsH6u5vHSRpm039Nr4IFNREkamkXl2GCPbA
+ rkZIkqdGdrX1EfWw/fsndHqHKwrPGHXIWWboZT1ZDx48P+825fVMg4N2cr87Mv1K
+ 7E/hgHjxJ6eeciJFic4GT199DZha+1Gs7FRXvCa+sOGP/9JuZ+/S+Tv71sIPmRqD
+ rr6bSBH/E6yBKz7jv42GO8iIRgQQEQIABgUCQ76shgAKCRDohqckZfvHogOmAKCQ
+ SaKL15jq0TvjWWrcjvQvODdgMgCfdkb3Jbsg5liM0edJohWfyhzfGIGIRgQQEQIA
+ BgUCQ/tL4QAKCRDk7WqA+zgH23hVAJ9WpyWCnJIHNQVHH4/V8kqaptbLQwCfQN5/
+ kutAyXprjtU+W2stn2HV4pKIRgQQEQIABgUCRMoo7AAKCRD+VG3tGS5BXGKuAJ9c
+ XxY6TqxwIt6kTIShyykHuia7KgCdHYYlu+akh8PYBAlF4RvGlIkqmyiIRgQQEQIA
+ BgUCRQfC6gAKCRBbGMCBbDPfCDsGAKCO313nAlhu/FggyId7IG8yXtCa2QCguWI6
+ WCp0v4jyAIA2LK/zKbNlDcCIRgQQEQIABgUCRRvO4AAKCRDgL5ttNArtqI0LAJ4i
+ vwtgU9g6hn6TsbejzabpS7JLAACeLKBkLfPymJXlbpCjzsav9qJdZhGIRgQQEQIA
+ BgUCRRvPMAAKCRCRA7V5h+SGXz8OAJ0aus80uJDxtlflUDD1B1iEcO9EMQCglMfy
+ ys5abo/h6ZicTp2WIhp9IBCIRgQQEQIABgUCRRvPQgAKCRALOQhgy6dmGRaTAJwJ
+ FCgDskBzIeqCEORLAtLaBJCLngCeJzjzf4A8G1ZhS39Y/Yk7LQYB3aGIRgQQEQIA
+ BgUCRRvPYAAKCRAurJaQpVDnhKIiAKDaziS1x3SZIOS8p4iVGVY43KYO7ACfdevW
+ FB3BLbmLKB9xsrH00safNJWIRgQQEQIABgUCRWfafAAKCRCV4getfktcl1R8AJ4x
+ 8HI/GPIcpHNuJ8PUlJKvjSOY1QCeN8glquCHP7d9XyBe4p41o0WdbAqIRgQQEQIA
+ BgUCRaABKQAKCRBZgbnSh0vryCoKAJ9/KYHPBGwGuR4WR8ZWujLqIue92ACfVk5G
+ hTCj8sjkC2835BOmWdPia3yIRgQQEQIABgUCRbQdHQAKCRB9RtY87eO1ZT4AAJ9q
+ OBuspkVxj9ewlJtFPZfzKkRypACeM/WVpw+2rz7UHVAGXYZpWnqjmwaIRgQQEQIA
+ BgUCRfkxvwAKCRA+O+Dt/wMVgO5fAKDEdUwaGl6sd8pS2N5f+Fdm25EWQQCdE8p9
+ Fsq+Q2lA2m3sbEgH3ga+zPGIRgQQEQIABgUCRq72nQAKCRD23TMCEPpM0XyeAJ9C
+ GZ1MNHUYsJv2ZdpzPqdc23EW6ACdEDfk5MnkAYX2i9eoEParoMRNcx+IRgQTEQIA
+ BgUCQp2FvgAKCRAwa1VExpE89g4LAJ9TY9lyD3u8eXXiVE11zw20lvIongCfUfLh
+ OE+oLMmUAwoCsCpVTxNhnRuIRgQTEQIABgUCQp2cvwAKCRBQ1yY84R14E1z9AKCG
+ 2I2enXp7roBiIosVi76hx4Dd9gCgs21hGpvQqouLs6Oz9TbQ4COqrT+ISQQQEQIA
+ CQUCRZtwwAIHAAAKCRAHjSWNsiCtxiKBAJ9KL7LtkZiVNcj8kJJ9u4+QX00LsACg
+ hJVJpjXC5Q4EeGfyzm4MICf2MVqJAhwEEAECAAYFAkc0xpUACgkQC/uEfz8nL1sU
+ rBAAsLGXDeZ/QHyYfWHPrph+ALC94xmblfSu8Q/BRD09VyPimnoRtSNHZwwbTp38
+ ysVU9G9mo3lgQ07HQP6XxoEDrw42sLUpnECUMptr1e66hlyvk4urMVjGEs4FCpA3
+ wRuDUYuI4McpB1mRzYqJEYZ2bGl9MWN+FGEE6oFHCvJUUAEDVj7enCN1+ouKw+Wf
+ giki1BqPWGofTrj2G/st8hn2LhBgomCDtnb14gRSFHvINO+dDr96QjVXGg9+WSr2
+ iIVeIHS8QWWOpYwgit16DK0SgXxlIMXMkcNpDosak639DF6wwRTvVoMGcr5OEbtU
+ I23GOdyX9RTrWCECmUctat9vprdx6e0nbYbt9jYheVBzTCMGCtc1pVSuNcsPBU3F
+ KZlMq6yH9D7POQPHamKcZdRhGKtR0vQadKt3bMZQP231pUMdCp9ayIMjLjjX7EDo
+ FO6iCqeuuqBa0quiz7Z6nAvTWkGHHXjd555iIrkTz1fgses05P9BHkfPmnOH55b3
+ 3vyopz53A74Vz6SutOUTQi0MaXAYNsX0A55bjNb3fm6LuuLAkOZAR1wfSM1Ecb5r
+ yZP+9kF6o9zSGcQ2sjG3b7pGFtQztwzXKNUCOI4Iv932IeD9O95w5omXZVahTGQ8
+ NesFHdmEwq69aEGOq3E3q7Qz1pAgZsj2N+6LmE3Ln2rudKW5Ag0EQUSfRxAIAMgl
+ vR9L60xR65i2QG4k2CnqZhmRUaTySxwOlNqKWtokUpzf8WmqA383uRLO8W9Tee1a
+ F7KEMEUXgFiP7nns0kroKGLlcLbC+nEzkv51ao6Lcr5dWr0817LmlvCl2N1KeQDk
+ pHIAiS0LTjuEFY1yosi2ECiOan6sgcLaVqJVbEUeIaYJOiZ8O1INTAGGdpVoSPvg
+ kuZVKhP2uMIhYq3qgs6sB5SshEaKAGYIiH3lZ6UJUIVEuyumxpNPqkJ1Jkpo4SxI
+ wy8KYiQ9Uo1NPP8bmvyGGaeWbRObLPHCO+iqxHxMiE4xX08sVizxA1YLw9iwtdNP
+ OWkQsM9rn8W/gieH0SsAAwYIAMLzDICy2IA1wcmf5XPpg4JBFuMjeg8pIuaQZMf/
+ MO2u+RlOVrIXPVFtYOpxQR9C1gCg+Blg2qQXBNw19cNT2EtSGi0HtycTww2xnIOn
+ aLOzq/eI/LnakdAMclaTVbNltraepkoRFE4Exvuq/tCdzssotnmAha1tzGf+O3Qy
+ xkIBJ6zHFTNCREGBPYi/Pe9iviWqNAIr3SPhlw7STFrVDgpne9VdpOZb3nVYYQHG
+ 6iwvVwzrE23+84RMFENq4Dhyx9L8R6+PMt347uT8dB03PXMovOpwXX06zMgfGwF6
+ 0TZsmHqun/E3gE46YiME26rmUX5KSNTm9N2IZA8jz/sFXz2ISQQYEQIACQUCQUSf
+ RwIbDAAKCRBAl26vQ30FtdxYAJsFjU+xbex7gevyGQ2/mhqidES4MwCggqQyo+w1
+ Twx6DKLF+3rF5nf1F3Q=
+ =PBAe
+ ubuntu_updates:
+ key: ${linux:system:repo:ubuntu:key}
+ ubuntu_security:
+ key: ${linux:system:repo:ubuntu:key}
diff --git a/linux/system/repo/mcp/apt_mirantis/aptly.yml b/linux/system/repo/mcp/apt_mirantis/aptly.yml
index f563502..d0f04c4 100644
--- a/linux/system/repo/mcp/apt_mirantis/aptly.yml
+++ b/linux/system/repo/mcp/apt_mirantis/aptly.yml
@@ -1,13 +1,14 @@
+classes:
+- system.linux.system.repo.keystorage.aptly
parameters:
_param:
apt_mk_version: stable
- linux_system_repo_mcp_aptly_version: ${_param:apt_mk_version}
+ linux_system_repo_url: http://mirror.mirantis.com/${_param:apt_mk_version}/
+ linux_system_repo_mcp_aptly_url: ${_param:linux_system_repo_url}/aptly/
linux:
system:
repo:
mcp_aptly:
- source: "deb [arch=amd64] http://mirror.mirantis.com/${_param:linux_system_repo_mcp_aptly_version}/aptly/${_param:linux_system_codename}/ squeeze main"
+ source: "deb [arch=amd64] ${_param:linux_system_repo_mcp_aptly_url}/${_param:linux_system_codename}/ squeeze main"
architectures: amd64
- key_id: ED75B5A4483DA07C
- key_server: keys.gnupg.net
clean_file: true
diff --git a/linux/system/repo/mcp/apt_mirantis/docker.yml b/linux/system/repo/mcp/apt_mirantis/docker.yml
index d3314a9..96080c8 100644
--- a/linux/system/repo/mcp/apt_mirantis/docker.yml
+++ b/linux/system/repo/mcp/apt_mirantis/docker.yml
@@ -1,13 +1,14 @@
+classes:
+- system.linux.system.repo.keystorage.docker
parameters:
_param:
apt_mk_version: stable
- linux_system_repo_mcp_docker_version: ${_param:apt_mk_version}
+ linux_system_repo_url: http://mirror.mirantis.com/${_param:apt_mk_version}/
+ linux_system_repo_mcp_docker_url: ${_param:linux_system_repo_url}/docker/
linux:
system:
repo:
mcp_docker:
- source: "deb [arch=amd64] http://mirror.mirantis.com/${_param:linux_system_repo_mcp_docker_version}/docker/${_param:linux_system_codename}/ ${_param:linux_system_codename} stable"
+ source: "deb [arch=amd64] ${_param:linux_system_repo_mcp_docker_url}/${_param:linux_system_codename}/ ${_param:linux_system_codename} stable"
architectures: amd64
- key_id: 8D81803C0EBFCD88
- key_server: keyserver.ubuntu.com
- clean_file: true
\ No newline at end of file
+ clean_file: true
diff --git a/linux/system/repo/mcp/apt_mirantis/docker_legacy.yml b/linux/system/repo/mcp/apt_mirantis/docker_legacy.yml
index 2689869..bab50fa 100644
--- a/linux/system/repo/mcp/apt_mirantis/docker_legacy.yml
+++ b/linux/system/repo/mcp/apt_mirantis/docker_legacy.yml
@@ -1,12 +1,14 @@
+classes:
+- system.linux.system.repo.keystorage.docker_legacy
parameters:
_param:
apt_mk_version: stable
- linux_system_repo_mcp_docker_legacy_version: ${_param:apt_mk_version}
+ linux_system_repo_url: http://mirror.mirantis.com/${_param:apt_mk_version}/
+ linux_system_repo_mcp_docker_legacy_url: ${_param:linux_system_repo_url}/docker-1.x/
linux:
system:
repo:
mcp_docker_legacy:
- source: "deb [arch=amd64] http://mirror.mirantis.com/${_param:linux_system_repo_mcp_docker_legacy_version}/docker-1.x/${_param:linux_system_codename}/ ubuntu-${_param:linux_system_codename} main"
+ source: "deb [arch=amd64] ${_param:linux_system_repo_mcp_docker_legacy_url}/${_param:linux_system_codename}/ ubuntu-${_param:linux_system_codename} main"
architectures: amd64
- key_id: 58118E89F3A912897C070ADBF76221572C52609D
- key_server: keyserver.ubuntu.com
\ No newline at end of file
+ clean_file: true
diff --git a/linux/system/repo/mcp/apt_mirantis/jenkins.yml b/linux/system/repo/mcp/apt_mirantis/jenkins.yml
new file mode 100644
index 0000000..0c256b6
--- /dev/null
+++ b/linux/system/repo/mcp/apt_mirantis/jenkins.yml
@@ -0,0 +1,19 @@
+classes:
+- system.linux.system.repo.keystorage.jenkins
+parameters:
+ _param:
+ apt_mk_version: stable
+ linux_system_repo_url: http://mirror.mirantis.com/${_param:apt_mk_version}/
+ linux_system_repo_mcp_jenkins_url: ${_param:linux_system_repo_url}/jenkins/
+ linux:
+ system:
+ repo:
+ mcp_jenkins:
+ # FIXME PROD-20733
+ source: "deb [arch=amd64 trusted=yes] ${_param:linux_system_repo_mcp_jenkins_url}/${_param:linux_system_codename}/ binary main"
+ architectures: amd64
+ clean_file: true
+ pin:
+ - pin: 'release o=jenkins.io'
+ priority: 1100
+ package: '*'
diff --git a/linux/system/repo/mcp/apt_mirantis/maas.yml b/linux/system/repo/mcp/apt_mirantis/maas.yml
index 7ee3537..c89e3fe 100644
--- a/linux/system/repo/mcp/apt_mirantis/maas.yml
+++ b/linux/system/repo/mcp/apt_mirantis/maas.yml
@@ -1,13 +1,18 @@
+classes:
+- system.linux.system.repo.keystorage.maas
parameters:
_param:
apt_mk_version: stable
- linux_system_repo_mcp_maas_version: ${_param:apt_mk_version}
+ linux_system_repo_url: http://mirror.mirantis.com/${_param:apt_mk_version}/
+ linux_system_repo_mcp_maas_url: ${_param:linux_system_repo_url}/maas/
linux:
system:
repo:
mcp_maas:
- source: "deb [arch=amd64] http://mirror.mirantis.com/${_param:linux_system_repo_mcp_maas_version}/maas/${_param:linux_system_codename}/ ${_param:linux_system_codename} main"
+ source: "deb [arch=amd64] ${_param:linux_system_repo_mcp_maas_url}/${_param:linux_system_codename} ${_param:linux_system_codename} main"
architectures: amd64
- key_id: 684D4A1C
- key_server: keyserver.ubuntu.com
clean_file: true
+ pin:
+ - pin: 'release o=LP-PPA-maas-stable'
+ priority: 1100
+ package: '*'
diff --git a/linux/system/repo/mcp/apt_mirantis/saltstack_2016_3.yml b/linux/system/repo/mcp/apt_mirantis/saltstack_2016_3.yml
index c47e177..5d5e494 100644
--- a/linux/system/repo/mcp/apt_mirantis/saltstack_2016_3.yml
+++ b/linux/system/repo/mcp/apt_mirantis/saltstack_2016_3.yml
@@ -1,13 +1,14 @@
+classes:
+- system.linux.system.repo.keystorage.saltstack_2016_3
parameters:
_param:
apt_mk_version: stable
- linux_system_repo_mcp_saltstack_version: ${_param:apt_mk_version}
+ linux_system_repo_url: http://mirror.mirantis.com/${_param:apt_mk_version}/
+ linux_system_repo_mcp_saltstack_url: ${_param:linux_system_repo_url}/saltstack-2016.3/
linux:
system:
repo:
mcp_saltstack:
- source: "deb [arch=amd64] http://mirror.mirantis.com/${_param:linux_system_repo_mcp_saltstack_version}/saltstack-2016.3/${_param:linux_system_codename}/ ${_param:linux_system_codename} main"
+ source: "deb [arch=amd64] ${_param:linux_system_repo_mcp_saltstack_url}/${_param:linux_system_codename}/ ${_param:linux_system_codename} main"
architectures: amd64
- key_id: 0E08A149DE57BFBE
- key_server: keyserver.ubuntu.com
clean_file: true
diff --git a/linux/system/repo/mcp/apt_mirantis/ubuntu.yml b/linux/system/repo/mcp/apt_mirantis/ubuntu.yml
index e254ed6..55f6387 100644
--- a/linux/system/repo/mcp/apt_mirantis/ubuntu.yml
+++ b/linux/system/repo/mcp/apt_mirantis/ubuntu.yml
@@ -1,24 +1,26 @@
+classes:
+- system.linux.system.repo.keystorage.ubuntu
parameters:
_param:
- apt_mk_version: stable
+ apt_mk_version: 'stable'
+ linux_repo_refresh_db: true
+ linux_system_repo_url: http://mirror.mirantis.com/${_param:apt_mk_version}/
+ linux_system_repo_ubuntu_url: ${_param:linux_system_repo_url}/ubuntu/
linux:
system:
repo:
ubuntu:
- source: "deb [arch=amd64] http://mirror.mirantis.com/${_param:apt_mk_version}/ubuntu/ ${_param:linux_system_codename} main restricted universe"
+ refresh_db: ${_param:linux_repo_refresh_db}
+ source: "deb [arch=amd64] ${_param:linux_system_repo_ubuntu_url} ${_param:linux_system_codename} main restricted universe"
architectures: amd64
default: true
- key_id: 437D05B5
- key_server: keyserver.ubuntu.com
ubuntu_updates:
- source: "deb [arch=amd64] http://mirror.mirantis.com/${_param:apt_mk_version}/ubuntu/ ${_param:linux_system_codename}-updates main restricted universe"
+ refresh_db: ${_param:linux_repo_refresh_db}
+ source: "deb [arch=amd64] ${_param:linux_system_repo_ubuntu_url} ${_param:linux_system_codename}-updates main restricted universe"
architectures: amd64
default: true
- key_id: 437D05B5
- key_server: keyserver.ubuntu.com
ubuntu_security:
- source: "deb [arch=amd64] http://mirror.mirantis.com/${_param:apt_mk_version}/ubuntu/ ${_param:linux_system_codename}-security main restricted universe"
+ refresh_db: ${_param:linux_repo_refresh_db}
+ source: "deb [arch=amd64] ${_param:linux_system_repo_ubuntu_url} ${_param:linux_system_codename}-security main restricted universe"
architectures: amd64
default: true
- key_id: 437D05B5
- key_server: keyserver.ubuntu.com
\ No newline at end of file
diff --git a/linux/system/repo_local/mcp/apt_mirantis/ubuntu.yml b/linux/system/repo_local/mcp/apt_mirantis/ubuntu.yml
index d510183..79c002f 100644
--- a/linux/system/repo_local/mcp/apt_mirantis/ubuntu.yml
+++ b/linux/system/repo_local/mcp/apt_mirantis/ubuntu.yml
@@ -1,23 +1,24 @@
+classes:
+- system.linux.system.repo.keystorage.ubuntu
parameters:
+ _param:
+ apt_mk_version: 'stable'
+ linux_repo_refresh_db: true
linux:
system:
repo:
ubuntu:
refresh_db: ${_param:linux_repo_refresh_db}
- source: "deb [arch=amd64] http://${_param:local_repo_url}/ubuntu ${_param:linux_system_codename} main universe restricted"
+ source: "deb [arch=amd64] http://${_param:local_repo_url}/${_param:apt_mk_version}/ubuntu ${_param:linux_system_codename} main universe restricted"
architectures: amd64
default: true
- key_url: "http://${_param:local_repo_url}/public.gpg"
- ubuntu-updates:
+ ubuntu_updates:
refresh_db: ${_param:linux_repo_refresh_db}
- source: "deb [arch=amd64] http://${_param:local_repo_url}/ubuntu ${_param:linux_system_codename}-updates main universe restricted"
+ source: "deb [arch=amd64] http://${_param:local_repo_url}/${_param:apt_mk_version}/ubuntu ${_param:linux_system_codename}-updates main universe restricted"
architectures: amd64
default: true
- key_url: "http://${_param:local_repo_url}/public.gpg"
- ubuntu-security:
+ ubuntu_security:
refresh_db: ${_param:linux_repo_refresh_db}
- source: "deb [arch=amd64] http://${_param:local_repo_url}/ubuntu ${_param:linux_system_codename}-security main universe restricted"
+ source: "deb [arch=amd64] http://${_param:local_repo_url}/${_param:apt_mk_version}/ubuntu ${_param:linux_system_codename}-security main universe restricted"
architectures: amd64
default: true
- key_url: "http://${_param:local_repo_url}/public.gpg"
-
diff --git a/linux/system/repo_local/ubuntu.yml b/linux/system/repo_local/ubuntu.yml
index 46994ee..e93a4b3 100644
--- a/linux/system/repo_local/ubuntu.yml
+++ b/linux/system/repo_local/ubuntu.yml
@@ -8,13 +8,13 @@
architectures: amd64
default: true
key_url: "http://${_param:local_repo_url}/public.gpg"
- ubuntu-updates:
+ ubuntu_updates:
refresh_db: ${_param:linux_repo_refresh_db}
source: "deb [arch=amd64] http://${_param:local_repo_url}/ubuntu ${_param:linux_system_codename}-updates main universe restricted"
architectures: amd64
default: true
key_url: "http://${_param:local_repo_url}/public.gpg"
- ubuntu-security:
+ ubuntu_security:
refresh_db: ${_param:linux_repo_refresh_db}
source: "deb [arch=amd64] http://${_param:local_repo_url}/ubuntu ${_param:linux_system_codename}-security main universe restricted"
architectures: amd64
diff --git a/maas/region/boot_sources/maas_ephemeral_v3/bss_xenial.yml b/maas/region/boot_sources/maas_ephemeral_v3/bss_xenial.yml
index a1d1620..ad54efa 100644
--- a/maas/region/boot_sources/maas_ephemeral_v3/bss_xenial.yml
+++ b/maas/region/boot_sources/maas_ephemeral_v3/bss_xenial.yml
@@ -1,15 +1,11 @@
parameters:
_param:
apt_mk_version: stable
- maas_region_boot_sources_maas_ephemeral_v3_version: ${_param:apt_mk_version}
- maas_region_boot_sources_maas_ephemeral_v3_host_url: "http://mirror.mirantis.com/"
- # http://mirror.mirantis.com/nightly/maas-ephemeral-v3/
- maas_region_boot_sources_maas_ephemeral_v3_url: "${_param:linux_system_repo_maas_ephemeral_v3_host_url}/${_param:apt_mk_version}/maas-ephemeral-v3/"
maas:
region:
boot_sources_selections:
- xenial:
- url: "${_param:maas_region_boot_sources_maas_ephemeral_v3_url}"
+ mcp_xenial:
+ url: ${maas:region:boot_sources:mcp_resources_mirror:url}
os: "ubuntu"
release: "xenial"
arches: "amd64"
diff --git a/maas/region/boot_sources/maas_ephemeral_v3/init.yml b/maas/region/boot_sources/maas_ephemeral_v3/init.yml
index 965f333..9d0abf2 100644
--- a/maas/region/boot_sources/maas_ephemeral_v3/init.yml
+++ b/maas/region/boot_sources/maas_ephemeral_v3/init.yml
@@ -1,14 +1,11 @@
parameters:
_param:
apt_mk_version: stable
- maas_region_boot_sources_maas_ephemeral_v3_version: ${_param:apt_mk_version}
- maas_region_boot_sources_maas_ephemeral_v3_host_url: "http://mirror.mirantis.com/"
- # http://mirror.mirantis.com/nightly/maas-ephemeral-v3/
- maas_region_boot_sources_maas_ephemeral_v3_url: "${_param:linux_system_repo_maas_ephemeral_v3_host_url}/${_param:apt_mk_version}/maas-ephemeral-v3/"
+ maas_region_boot_sources_maas_ephemeral_v3_bs_url: http://mirror.mirantis.com/${_param:apt_mk_version}/maas-ephemeral-v3/
maas:
region:
boot_sources_delete_all_others: true
boot_sources:
- resources_mirror:
- url: ${_param:maas_region_boot_sources_maas_ephemeral_v3_url}
+ mcp_resources_mirror:
+ url: ${_param:maas_region_boot_sources_maas_ephemeral_v3_bs_url}
keyring_file: /usr/share/keyrings/ubuntu-cloudimage-keyring.gpg
diff --git a/nova/compute/libvirt/ssl/init.yml b/nova/compute/libvirt/ssl/init.yml
new file mode 100644
index 0000000..9931cbd
--- /dev/null
+++ b/nova/compute/libvirt/ssl/init.yml
@@ -0,0 +1,14 @@
+classes:
+- system.salt.minion.cert.libvirtd
+parameters:
+ nova:
+ compute:
+ libvirt:
+ tls:
+ enabled: True
+ key_file: ${_param:libvirtd_server_ssl_key_file}
+ cert_file: ${_param:libvirtd_server_ssl_cert_file}
+ ca_file: ${_param:libvirtd_ssl_ca_file}
+ client:
+ key_file: ${_param:libvirtd_client_ssl_key_file}
+ cert_file: ${_param:libvirtd_client_ssl_cert_file}
diff --git a/openssh/server/team/members/kkushaev.yml b/openssh/server/team/members/kkushaev.yml
new file mode 100644
index 0000000..978c6f1
--- /dev/null
+++ b/openssh/server/team/members/kkushaev.yml
@@ -0,0 +1,20 @@
+parameters:
+ linux:
+ system:
+ user:
+ kkushaev:
+ enabled: true
+ name: kkushaev
+ sudo: ${_param:linux_system_user_sudo}
+ full_name: Kairat Kushaev
+ home: /home/kkushaev
+ email: kkushaev@mirantis.com
+ openssh:
+ server:
+ enabled: true
+ user:
+ kkushaev:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqsPMcXdObuEZCBqw3t+AutfjA6mxNJ9o4jZb+ov4Tatw0mlGZtpQXyOnn1kkvIW0TAmMdT8dXeSHusc/Ujd8MHFBDSnvGid/jtSpA7q4Op0VNo4cOFx1fw5KqnsZyymhafiVQywgj6UQOEYNpX7VHgPOMLL2Ymm3i9RF986jLpLqXJHWbJuy+0rOHzjFh127QuTV01AYONOaiDdcwZlHyFZgWShL5NSJCMhmREPLn118JTEsN8w+r10a51plzrrV3Tqcz6q7znfftBKlzKrPACVmbMdOzOQ+XBMuN3VmsFxtS//qcqd7y+YAgG1CJ+E+nk4JUYU5fxeiUWntvqFKl
+ user: ${linux:system:user:kkushaev}
diff --git a/openssh/server/team/members/ogrudev.yml b/openssh/server/team/members/ogrudev.yml
new file mode 100644
index 0000000..71964a6
--- /dev/null
+++ b/openssh/server/team/members/ogrudev.yml
@@ -0,0 +1,20 @@
+parameters:
+ linux:
+ system:
+ user:
+ ogrudev:
+ enabled: true
+ name: ogrudev
+ sudo: ${_param:linux_system_user_sudo}
+ full_name: Oleksii Grudev
+ home: /home/ogrudev
+ email: ogrudev@mirantis.com
+ openssh:
+ server:
+ enabled: true
+ user:
+ ogrudev:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDilSKhVkANZQLOY6zhLBxhKD0OabfORbuxL3H1o+Q0TfL223/I2A8FAqpZzu9RdX0FoOcP3S85S51IX1p4odipTAA9Wyp4jEtMNUUWvRkXWTvVR99+QNCq4QiB78c0JhtydKPu29DJNQr3/UHG877BCrLvOyiXFNrVZI+EBC+Md2SEqSN8e1P/DlORUrjgQKAxuKhMhDyoBbyBvnfK32IYbs8bKlYZRusj1dlL3Jv/nR4VvN4YT+CzNOPCBTljFdcxuqdPZvqdAyMBIYDxaCxx2id96L98kYavKlqUZJn0x6mJ8ndtHtfn+Fwjom/+8cPFUjuhULWsQiPRjfqA6p8r agrudev@agrudev-pc
+ user: ${linux:system:user:ogrudev}
diff --git a/openssh/server/team/oscore_devops.yml b/openssh/server/team/oscore_devops.yml
index 0ad8691..2404c31 100644
--- a/openssh/server/team/oscore_devops.yml
+++ b/openssh/server/team/oscore_devops.yml
@@ -7,6 +7,8 @@
- system.openssh.server.team.members.vdrok
- system.openssh.server.team.members.ikolodyazhny
- system.openssh.server.team.members.ohryhorov
+- system.openssh.server.team.members.ogrudev
+- system.openssh.server.team.members.kkushaev
parameters:
_param:
linux_system_user_sudo: true
diff --git a/prometheus/gainsight/container.yml b/prometheus/gainsight/container.yml
new file mode 100644
index 0000000..f98e052
--- /dev/null
+++ b/prometheus/gainsight/container.yml
@@ -0,0 +1,3 @@
+classes:
+- service.prometheus.gainsight.container
+
diff --git a/prometheus/server/alert/alerta_relabel.yml b/prometheus/server/alert/alerta_relabel.yml
index a81c59a..ca0f4b4 100644
--- a/prometheus/server/alert/alerta_relabel.yml
+++ b/prometheus/server/alert/alerta_relabel.yml
@@ -11,9 +11,15 @@
- replacement: "aggregated"
source_labels: "instance"
target_label: "instance"
+ - source_labels: "host"
+ target_label: "instance"
+ regex: "(.+)"
+ - source_labels: "job"
+ target_label: "instance"
+ regex: "(.+)"
- source_labels: ["host", "job"]
target_label: "instance"
- regex: "([a-zA-Z0-9]+;[a-zA-Z0-9_]+)"
+ regex: "(.+;.+)"
- source_labels: ["hostname", "job"]
target_label: "instance"
- regex: "([a-zA-Z0-9]+;[a-zA-Z0-9_]+)"
+ regex: "(.+;.+)"
\ No newline at end of file
diff --git a/reclass/storage/system/kubernetes_proxy_cluster.yml b/reclass/storage/system/kubernetes_proxy_cluster.yml
new file mode 100644
index 0000000..b00c254
--- /dev/null
+++ b/reclass/storage/system/kubernetes_proxy_cluster.yml
@@ -0,0 +1,28 @@
+parameters:
+ _param:
+ kubernetes_proxy_node01_hostname: prx01
+ kubernetes_proxy_node02_hostname: prx02
+ kubernetes_proxy_system_codename: xenial
+ reclass:
+ storage:
+ node:
+ kubernetes_proxy_node01:
+ name: ${_param:kubernetes_proxy_node01_hostname}
+ domain: ${_param:cluster_domain}
+ classes:
+ - cluster.${_param:cluster_name}.kubernetes.proxy
+ params:
+ salt_master_host: ${_param:reclass_config_master}
+ linux_system_codename: ${_param:kubernetes_proxy_system_codename}
+ single_address: ${_param:kubernetes_proxy_node01_address}
+ keepalived_vip_priority: 102
+ kubernetes_proxy_node02:
+ name: ${_param:kubernetes_proxy_node02_hostname}
+ domain: ${_param:cluster_domain}
+ classes:
+ - cluster.${_param:cluster_name}.kubernetes.proxy
+ params:
+ salt_master_host: ${_param:reclass_config_master}
+ linux_system_codename: ${_param:kubernetes_proxy_system_codename}
+ single_address: ${_param:kubernetes_proxy_node02_address}
+ keepalived_vip_priority: 101
diff --git a/salt/control/cluster/kubernetes_proxy_cluster.yml b/salt/control/cluster/kubernetes_proxy_cluster.yml
new file mode 100644
index 0000000..d4251a2
--- /dev/null
+++ b/salt/control/cluster/kubernetes_proxy_cluster.yml
@@ -0,0 +1,25 @@
+parameters:
+ salt:
+ control:
+ size:
+ kubernetes.proxy:
+ cpu: 32
+ ram: 65536
+ disk_profile: small
+ net_profile: default
+ cluster:
+ internal:
+ domain: ${_param:cluster_domain}
+ engine: virt
+ node:
+ prx01:
+ name: ${_param:kubernetes_proxy_node01_hostname}
+ provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_trusty_image}
+ size: kubernetes.proxy
+ prx02:
+ name: ${_param:kubernetes_proxy_node02_hostname}
+ provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_trusty_image}
+ size: kubernetes.proxy
+
diff --git a/salt/master/formula/git/auditd.yml b/salt/master/formula/git/auditd.yml
new file mode 100644
index 0000000..f88c0f9
--- /dev/null
+++ b/salt/master/formula/git/auditd.yml
@@ -0,0 +1,10 @@
+parameters:
+ salt:
+ master:
+ environment:
+ dev:
+ formula:
+ auditd:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-auditd.git'
+ revision: ${_param:salt_master_environment_revision}
diff --git a/salt/master/formula/git/openstack.yml b/salt/master/formula/git/openstack.yml
index cd9df0a..093279a 100644
--- a/salt/master/formula/git/openstack.yml
+++ b/salt/master/formula/git/openstack.yml
@@ -104,6 +104,10 @@
source: git
address: '${_param:salt_master_environment_repository}/salt-formula-opencontrail.git'
revision: ${_param:salt_master_environment_revision}
+ oslo_templates:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-oslo-templates.git'
+ revision: ${_param:salt_master_environment_revision}
python:
source: git
address: '${_param:salt_master_environment_repository}/salt-formula-python.git'
diff --git a/salt/master/formula/pkg/auditd.yml b/salt/master/formula/pkg/auditd.yml
new file mode 100644
index 0000000..b81c419
--- /dev/null
+++ b/salt/master/formula/pkg/auditd.yml
@@ -0,0 +1,9 @@
+parameters:
+ salt:
+ master:
+ environment:
+ prd:
+ formula:
+ auditd:
+ source: pkg
+ name: salt-formula-auditd
diff --git a/salt/master/formula/pkg/openstack.yml b/salt/master/formula/pkg/openstack.yml
index 3d22c41..381ae1a 100644
--- a/salt/master/formula/pkg/openstack.yml
+++ b/salt/master/formula/pkg/openstack.yml
@@ -76,6 +76,9 @@
octavia:
source: pkg
name: salt-formula-octavia
+ oslo_templates:
+ source: pkg
+ name: salt-formula-oslo-templates
opencontrail:
source: pkg
name: salt-formula-opencontrail
diff --git a/salt/minion/cert/libvirtd/client.yml b/salt/minion/cert/libvirtd/client.yml
new file mode 100644
index 0000000..bf0ce83
--- /dev/null
+++ b/salt/minion/cert/libvirtd/client.yml
@@ -0,0 +1,21 @@
+parameters:
+ _param:
+ libvirtd_client_ssl_key_file: /etc/pki/libvirt/private/clientkey.pem
+ libvirtd_client_ssl_cert_file: /etc/pki/libvirt/clientcert.pem
+ salt:
+ minion:
+ cert:
+ libvirtd_client:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: ${linux:system:name}.${_param:cluster_domain}
+ signing_policy: cert_client
+ alternative_names: >
+ IP:${_param:cluster_local_address},
+ DNS:${_param:cluster_local_address},
+ DNS:${linux:system:name},
+ DNS:${linux:network:fqdn}
+ key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+ key_file: ${_param:libvirtd_client_ssl_key_file}
+ cert_file: ${_param:libvirtd_client_ssl_cert_file}
+ ca_file: ${_param:libvirtd_ssl_ca_file}
\ No newline at end of file
diff --git a/salt/minion/cert/libvirtd/init.yml b/salt/minion/cert/libvirtd/init.yml
new file mode 100644
index 0000000..735312e
--- /dev/null
+++ b/salt/minion/cert/libvirtd/init.yml
@@ -0,0 +1,9 @@
+classes:
+- system.salt.minion.cert.libvirtd.server
+- system.salt.minion.cert.libvirtd.client
+
+parameters:
+ _param:
+ salt_minion_ca_host: cfg01.${_param:cluster_domain}
+ salt_minion_ca_authority: salt_master_ca
+ libvirtd_ssl_ca_file: /etc/pki/CA/cacert.pem
\ No newline at end of file
diff --git a/salt/minion/cert/libvirtd/server.yml b/salt/minion/cert/libvirtd/server.yml
new file mode 100644
index 0000000..9080672
--- /dev/null
+++ b/salt/minion/cert/libvirtd/server.yml
@@ -0,0 +1,21 @@
+parameters:
+ _param:
+ libvirtd_server_ssl_key_file: /etc/pki/libvirt/private/serverkey.pem
+ libvirtd_server_ssl_cert_file: /etc/pki/libvirt/servercert.pem
+ salt:
+ minion:
+ cert:
+ libvirtd_server:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: ${linux:system:name}.${_param:cluster_domain}
+ signing_policy: cert_server
+ alternative_names: >
+ IP:${_param:cluster_local_address},
+ DNS:${_param:cluster_local_address},
+ DNS:${linux:system:name},
+ DNS:${linux:network:fqdn}
+ key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+ key_file: ${_param:libvirtd_server_ssl_key_file}
+ cert_file: ${_param:libvirtd_server_ssl_cert_file}
+ ca_file: ${_param:libvirtd_ssl_ca_file}
\ No newline at end of file