Merge "Set Environment label in alerta to cluster_name"
diff --git a/apache/server/proxy/openstack/cinder.yml b/apache/server/proxy/openstack/cinder.yml
index 8b3fb4f..832c013 100644
--- a/apache/server/proxy/openstack/cinder.yml
+++ b/apache/server/proxy/openstack/cinder.yml
@@ -1,7 +1,8 @@
parameters:
_param:
- apache_proxy_ssl:
+ apache_ssl:
enabled: false
+ apache_proxy_ssl: ${_param:apache_ssl}
apache_proxy_openstack_api_host: ${_param:cluster_public_host}
apache_proxy_openstack_api_address: 0.0.0.0
apache_proxy_openstack_cinder_host: ${_param:cinder_service_host}
diff --git a/apache/server/proxy/openstack/designate.yml b/apache/server/proxy/openstack/designate.yml
index b681cf7..c39c9a4 100644
--- a/apache/server/proxy/openstack/designate.yml
+++ b/apache/server/proxy/openstack/designate.yml
@@ -1,7 +1,8 @@
parameters:
_param:
- apache_proxy_ssl:
+ apache_ssl:
enabled: false
+ apache_proxy_ssl: ${_param:apache_ssl}
apache_proxy_openstack_api_host: ${_param:cluster_public_host}
apache_proxy_openstack_api_address: 0.0.0.0
apache_proxy_openstack_designate_host: ${_param:designate_service_host}
diff --git a/apache/server/proxy/openstack/glance.yml b/apache/server/proxy/openstack/glance.yml
index 91bedea..f983ab4 100644
--- a/apache/server/proxy/openstack/glance.yml
+++ b/apache/server/proxy/openstack/glance.yml
@@ -1,7 +1,8 @@
parameters:
_param:
- apache_proxy_ssl:
+ apache_ssl:
enabled: false
+ apache_proxy_ssl: ${_param:apache_ssl}
apache_proxy_openstack_api_host: ${_param:cluster_public_host}
apache_proxy_openstack_api_address: 0.0.0.0
apache_proxy_openstack_glance_host: ${_param:glance_service_host}
diff --git a/apache/server/proxy/openstack/heat.yml b/apache/server/proxy/openstack/heat.yml
index b844c45..f3aab22 100644
--- a/apache/server/proxy/openstack/heat.yml
+++ b/apache/server/proxy/openstack/heat.yml
@@ -1,7 +1,8 @@
parameters:
_param:
- apache_proxy_ssl:
+ apache_ssl:
enabled: false
+ apache_proxy_ssl: ${_param:apache_ssl}
apache_proxy_openstack_api_host: ${_param:cluster_public_host}
apache_proxy_openstack_api_address: 0.0.0.0
apache_proxy_openstack_heat_host: ${_param:heat_service_host}
diff --git a/apache/server/proxy/openstack/ironic.yml b/apache/server/proxy/openstack/ironic.yml
index d6bd7d3..b6abf0f 100644
--- a/apache/server/proxy/openstack/ironic.yml
+++ b/apache/server/proxy/openstack/ironic.yml
@@ -1,7 +1,8 @@
parameters:
_param:
- apache_proxy_ssl:
+ apache_ssl:
enabled: false
+ apache_proxy_ssl: ${_param:apache_ssl}
apache_proxy_openstack_api_host: ${_param:cluster_public_host}
apache_proxy_openstack_api_address: 0.0.0.0
apache_proxy_openstack_ironic_host: ${_param:ironic_service_host}
diff --git a/apache/server/proxy/openstack/neutron.yml b/apache/server/proxy/openstack/neutron.yml
index dd18c40..1ed5726 100644
--- a/apache/server/proxy/openstack/neutron.yml
+++ b/apache/server/proxy/openstack/neutron.yml
@@ -1,7 +1,8 @@
parameters:
_param:
- apache_proxy_ssl:
+ apache_ssl:
enabled: false
+ apache_proxy_ssl: ${_param:apache_ssl}
apache_proxy_openstack_api_host: ${_param:cluster_public_host}
apache_proxy_openstack_api_address: 0.0.0.0
apache_proxy_openstack_neutron_host: ${_param:neutron_service_host}
diff --git a/apache/server/proxy/openstack/nova.yml b/apache/server/proxy/openstack/nova.yml
index 66a0107..610c6d5 100644
--- a/apache/server/proxy/openstack/nova.yml
+++ b/apache/server/proxy/openstack/nova.yml
@@ -1,7 +1,8 @@
parameters:
_param:
- apache_proxy_ssl:
+ apache_ssl:
enabled: false
+ apache_proxy_ssl: ${_param:apache_ssl}
apache_proxy_openstack_api_host: ${_param:cluster_public_host}
apache_proxy_openstack_api_address: 0.0.0.0
apache_proxy_openstack_nova_host: ${_param:nova_service_host}
diff --git a/apache/server/proxy/openstack/placement.yml b/apache/server/proxy/openstack/placement.yml
index 9e256b2..6030740 100644
--- a/apache/server/proxy/openstack/placement.yml
+++ b/apache/server/proxy/openstack/placement.yml
@@ -1,7 +1,8 @@
parameters:
_param:
- apache_proxy_ssl:
+ apache_ssl:
enabled: false
+ apache_proxy_ssl: ${_param:apache_ssl}
placement_service_host: ${_param:nova_service_host}
apache_proxy_openstack_api_host: ${_param:cluster_public_host}
apache_proxy_openstack_api_address: 0.0.0.0
diff --git a/apache/server/site/barbican.yml b/apache/server/site/barbican.yml
index 55f5cf5..0e7da2c 100644
--- a/apache/server/site/barbican.yml
+++ b/apache/server/site/barbican.yml
@@ -1,7 +1,8 @@
parameters:
_param:
- apache_barbican_ssl:
+ apache_ssl:
enabled: false
+ apache_barbican_ssl: ${_param:apache_ssl}
apache_barbican_api_address: 0.0.0.0
apache_barbican_api_host: ${linux:network:fqdn}
apache:
diff --git a/apache/server/site/cinder.yml b/apache/server/site/cinder.yml
index 7338b6e..d1e3475 100644
--- a/apache/server/site/cinder.yml
+++ b/apache/server/site/cinder.yml
@@ -1,7 +1,8 @@
parameters:
_param:
- apache_cinder_ssl:
+ apache_ssl:
enabled: false
+ apache_cinder_ssl: ${_param:apache_ssl}
apache_cinder_api_address: 0.0.0.0
apache_cinder_api_host: ${linux:network:fqdn}
cinder:
diff --git a/apache/server/site/gnocchi.yml b/apache/server/site/gnocchi.yml
index a3d6def..12d5f24 100644
--- a/apache/server/site/gnocchi.yml
+++ b/apache/server/site/gnocchi.yml
@@ -1,8 +1,9 @@
parameters:
_param:
gnocchi_api_workers: 2
- apache_gnocchi_ssl:
+ apache_ssl:
enabled: false
+ apache_gnocchi_ssl: ${_param:apache_ssl}
apache_gnocchi_api_host: ${linux:network:fqdn}
apache_gnocchi_api_address: ${_param:single_address}
apache_gnocchi_api_port: 8041
diff --git a/apache/server/site/manila.yml b/apache/server/site/manila.yml
index 2161882..cecf1d4 100644
--- a/apache/server/site/manila.yml
+++ b/apache/server/site/manila.yml
@@ -1,7 +1,8 @@
parameters:
_param:
- apache_manila_ssl:
+ apache_ssl:
enabled: false
+ apache_manila_ssl: ${_param:apache_ssl}
apache_manila_api_address: 0.0.0.0
apache_manila_api_host: ${linux:network:fqdn}
manila:
diff --git a/apache/server/site/nova-placement.yml b/apache/server/site/nova-placement.yml
index 9eeeae4..7c8e8bd 100644
--- a/apache/server/site/nova-placement.yml
+++ b/apache/server/site/nova-placement.yml
@@ -1,7 +1,8 @@
parameters:
_param:
- apache_nova_placement_ssl:
+ apache_ssl:
enabled: false
+ apache_nova_placement_ssl: ${_param:apache_ssl}
apache_nova_placement_api_address: 0.0.0.0
apache_nova_placement_api_host: ${linux:network:fqdn}
nova_placement:
diff --git a/apache/server/site/panko.yml b/apache/server/site/panko.yml
index d052c37..eff49c5 100644
--- a/apache/server/site/panko.yml
+++ b/apache/server/site/panko.yml
@@ -1,7 +1,8 @@
parameters:
_param:
- apache_panko_ssl:
+ apache_ssl:
enabled: false
+ apache_panko_ssl: ${_param:apache_ssl}
panko_api_workers: 2
apache_panko_api_host: ${linux:network:fqdn}
apache_panko_api_address: ${_param:single_address}
diff --git a/apache/server/ssl.yml b/apache/server/ssl.yml
new file mode 100644
index 0000000..b720d5d
--- /dev/null
+++ b/apache/server/ssl.yml
@@ -0,0 +1,112 @@
+parameters:
+ _param:
+ apache_ssl_enabled: false
+ apache_ssl:
+ mode: 'strict'
+ enabled: ${_param:apache_ssl_enabled}
+ engine: salt
+ prefer_server_ciphers: "on"
+ protocols:
+ all:
+ name: 'all'
+ enabled: True
+ excludeSSLv2:
+ name: '-SSLv2'
+ enabled: True
+ excludeSSLv3:
+ name: '-SSLv3'
+ enabled: True
+ ciphers:
+ ECDHE-ECDSA-CHACHA20-POLY1305:
+ name: 'ECDHE-ECDSA-CHACHA20-POLY1305'
+ enabled: True
+ ECDHE-RSA-CHACHA20-POLY1305:
+ name: 'ECDHE-RSA-CHACHA20-POLY1305'
+ enabled: True
+ ECDHE-ECDSA-AES128-GCM-SHA256:
+ name: 'ECDHE-ECDSA-AES128-GCM-SHA256'
+ enabled: True
+ ECDHE-RSA-AES128-GCM-SHA256:
+ name: 'ECDHE-RSA-AES128-GCM-SHA256'
+ enabled: True
+ ECDHE-ECDSA-AES256-GCM-SHA384:
+ name: 'ECDHE-ECDSA-AES256-GCM-SHA384'
+ enabled: True
+ ECDHE-RSA-AES256-GCM-SHA384:
+ name: 'ECDHE-RSA-AES256-GCM-SHA384'
+ enabled: True
+ DHE-RSA-AES128-GCM-SHA256:
+ name: 'DHE-RSA-AES128-GCM-SHA256'
+ enabled: True
+ DHE-RSA-AES256-GCM-SHA384:
+ name: 'DHE-RSA-AES256-GCM-SHA384'
+ enabled: True
+ ECDHE-ECDSA-AES128-SHA256:
+ name: 'ECDHE-ECDSA-AES128-SHA256'
+ enabled: True
+ ECDHE-RSA-AES128-SHA256:
+ name: 'ECDHE-RSA-AES128-SHA256'
+ enabled: True
+ ECDHE-ECDSA-AES128-SHA:
+ name: 'ECDHE-ECDSA-AES128-SHA'
+ enabled: True
+ ECDHE-RSA-AES256-SHA384:
+ name: 'ECDHE-RSA-AES256-SHA384'
+ enabled: True
+ ECDHE-RSA-AES128-SHA:
+ name: 'ECDHE-RSA-AES128-SHA'
+ enabled: True
+ ECDHE-ECDSA-AES256-SHA384:
+ name: 'ECDHE-ECDSA-AES256-SHA384'
+ enabled: True
+ ECDHE-ECDSA-AES256-SHA:
+ name: 'ECDHE-ECDSA-AES256-SHA'
+ enabled: True
+ ECDHE-RSA-AES256-SHA:
+ name: 'ECDHE-RSA-AES256-SHA'
+ enabled: True
+ DHE-RSA-AES128-SHA256:
+ name: 'DHE-RSA-AES128-SHA256'
+ enabled: True
+ DHE-RSA-AES128-SHA:
+ name: 'DHE-RSA-AES128-SHA'
+ enabled: True
+ DHE-RSA-AES256-SHA256:
+ name: 'DHE-RSA-AES256-SHA256'
+ enabled: True
+ DHE-RSA-AES256-SHA:
+ name: 'DHE-RSA-AES256-SHA'
+ enabled: True
+ ECDHE-ECDSA-DES-CBC3-SHA:
+ name: 'ECDHE-ECDSA-DES-CBC3-SHA'
+ enabled: True
+ ECDHE-RSA-DES-CBC3-SHA:
+ name: 'ECDHE-RSA-DES-CBC3-SHA'
+ enabled: True
+ EDH-RSA-DES-CBC3-SHA:
+ name: 'EDH-RSA-DES-CBC3-SHA'
+ enabled: True
+ AES128-GCM-SHA256:
+ name: 'AES128-GCM-SHA256'
+ enabled: True
+ AES256-GCM-SHA384:
+ name: 'AES256-GCM-SHA384'
+ enabled: True
+ AES128-SHA256:
+ name: 'AES128-SHA256'
+ enabled: True
+ AES256-SHA256:
+ name: 'AES256-SHA256'
+ enabled: True
+ AES256-SHA:
+ name: 'AES256-SHA'
+ enabled: True
+ AES128-SHA:
+ name: 'AES128-SHA'
+ enabled: True
+ DES-CBC3-SHA:
+ name: 'DES-CBC3-SHA'
+ enabled: True
+ removeDSS:
+ name: '!DSS'
+ enabled: True
\ No newline at end of file
diff --git a/haproxy/proxy/listen/openstack/designate.yml b/haproxy/proxy/listen/openstack/designate.yml
index 7a54af2..1310be4 100644
--- a/haproxy/proxy/listen/openstack/designate.yml
+++ b/haproxy/proxy/listen/openstack/designate.yml
@@ -1,4 +1,7 @@
parameters:
+ _param:
+ haproxy_designate_check_params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ haproxy_designate_port: 9001
haproxy:
proxy:
listen:
@@ -7,13 +10,13 @@
service_name: designate
binds:
- address: ${_param:cluster_vip_address}
- port: 9001
+ port: ${_param:haproxy_designate_port}
servers:
- name: ${_param:cluster_node01_hostname}
host: ${_param:cluster_node01_address}
- port: 9001
- params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ port: ${_param:haproxy_designate_port}
+ params: ${_param:haproxy_designate_check_params}
- name: ${_param:cluster_node02_hostname}
host: ${_param:cluster_node02_address}
- port: 9001
- params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ port: ${_param:haproxy_designate_port}
+ params: ${_param:haproxy_designate_check_params}
diff --git a/haproxy/proxy/listen/openstack/neutron.yml b/haproxy/proxy/listen/openstack/neutron.yml
index 29bd548..ebc3f1a 100644
--- a/haproxy/proxy/listen/openstack/neutron.yml
+++ b/haproxy/proxy/listen/openstack/neutron.yml
@@ -1,4 +1,7 @@
parameters:
+ _param:
+ haproxy_neutron_check_params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ haproxy_neutron_port: 9696
haproxy:
proxy:
listen:
@@ -7,17 +10,17 @@
service_name: neutron
binds:
- address: ${_param:cluster_vip_address}
- port: 9696
+ port: ${_param:haproxy_neutron_port}
servers:
- name: ${_param:cluster_node01_hostname}
host: ${_param:cluster_node01_address}
- port: 9696
- params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ port: ${_param:haproxy_neutron_port}
+ params: ${_param:haproxy_neutron_check_params}
- name: ${_param:cluster_node02_hostname}
host: ${_param:cluster_node02_address}
- port: 9696
- params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ port: ${_param:haproxy_neutron_port}
+ params: ${_param:haproxy_neutron_check_params}
- name: ${_param:cluster_node03_hostname}
host: ${_param:cluster_node03_address}
- port: 9696
- params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
\ No newline at end of file
+ port: ${_param:haproxy_neutron_port}
+ params: ${_param:haproxy_neutron_check_params}
diff --git a/haproxy/proxy/listen/openstack/neutron_large.yml b/haproxy/proxy/listen/openstack/neutron_large.yml
index 8df1243..5039586 100644
--- a/haproxy/proxy/listen/openstack/neutron_large.yml
+++ b/haproxy/proxy/listen/openstack/neutron_large.yml
@@ -1,4 +1,7 @@
parameters:
+ _param:
+ haproxy_neutron_check_params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ haproxy_neutron_port: 9696
haproxy:
proxy:
listen:
@@ -7,25 +10,25 @@
service_name: neutron
binds:
- address: ${_param:cluster_vip_address}
- port: 9696
+ port: ${_param:haproxy_neutron_port}
servers:
- name: ${_param:cluster_node01_hostname}
host: ${_param:cluster_node01_address}
- port: 9696
- params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ port: ${_param:haproxy_neutron_port}
+ params: ${_param:haproxy_neutron_check_params}
- name: ${_param:cluster_node02_hostname}
host: ${_param:cluster_node02_address}
- port: 9696
- params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ port: ${_param:haproxy_neutron_port}
+ params: ${_param:haproxy_neutron_check_params}
- name: ${_param:cluster_node03_hostname}
host: ${_param:cluster_node03_address}
- port: 9696
- params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ port: ${_param:haproxy_neutron_port}
+ params: ${_param:haproxy_neutron_check_params}
- name: ${_param:cluster_node04_hostname}
host: ${_param:cluster_node04_address}
- port: 9696
- params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ port: ${_param:haproxy_neutron_port}
+ params: ${_param:haproxy_neutron_check_params}
- name: ${_param:cluster_node05_hostname}
host: ${_param:cluster_node05_address}
- port: 9696
- params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
\ No newline at end of file
+ port: ${_param:haproxy_neutron_port}
+ params: ${_param:haproxy_neutron_check_params}
diff --git a/jenkins/client/job/validate.yml b/jenkins/client/job/validate.yml
index 207296b..d1638a6 100644
--- a/jenkins/client/job/validate.yml
+++ b/jenkins/client/job/validate.yml
@@ -246,7 +246,7 @@
description: Docker image to use for running Rally/Tempest
TARGET_NODE:
type: string
- default: "${_param:cicd_control_node03_hostname}.${_param:cluster_domain}"
+ default: ""
description: Node where container with Tempest will be run
PROXY:
type: string
@@ -301,7 +301,7 @@
description: Credentials to the Salt API
TEMPEST_TARGET_NODE:
type: string
- default: "${_param:cicd_control_node03_hostname}.${_param:cluster_domain}"
+ default: ""
description: Node where container with tempest will be run
TEST_IMAGE:
type: string
@@ -381,7 +381,7 @@
description: Credentials to the Salt API
TARGET_NODE:
type: string
- default: "${_param:cicd_control_node03_hostname}.${_param:cluster_domain}"
+ default: ""
description: Node where docker container with Rally will be run
TOOLS_REPO:
type: string
diff --git a/keystone/server/wsgi.yml b/keystone/server/wsgi.yml
index 333cb76..df8af68 100644
--- a/keystone/server/wsgi.yml
+++ b/keystone/server/wsgi.yml
@@ -2,8 +2,9 @@
- system.apache.server.single
parameters:
_param:
- apache_keystone_ssl:
+ apache_ssl:
enabled: false
+ apache_keystone_ssl: ${_param:apache_ssl}
apache_keystone_api_host: ${linux:network:fqdn}
keystone:
server:
diff --git a/nginx/server/proxy/ssl.yml b/nginx/server/proxy/ssl.yml
new file mode 100644
index 0000000..66a1938
--- /dev/null
+++ b/nginx/server/proxy/ssl.yml
@@ -0,0 +1,121 @@
+parameters:
+ _param:
+ nginx_proxy_ssl_enabled: false
+ nginx_proxy_ssl:
+ mode: 'strict'
+ enabled: ${_param:nginx_proxy_ssl_enabled}
+ engine: salt
+ dhparam:
+ enabled: True
+ numbits: 2048
+ ecdh_curve:
+ secp521r1:
+ name: 'secp521r1'
+ enabled: True
+ prefer_server_ciphers: "on"
+ protocols:
+ TLSv1:
+ name: 'TLSv1'
+ enabled: True
+ TLSv1.1:
+ name: 'TLSv1.1'
+ enabled: True
+ TLSv1.2:
+ name: 'TLSv1.2'
+ enabled: True
+ stapling: "on"
+ stapling_verify: "on"
+ ciphers:
+ ECDHE-ECDSA-CHACHA20-POLY1305:
+ name: 'ECDHE-ECDSA-CHACHA20-POLY1305'
+ enabled: True
+ ECDHE-RSA-CHACHA20-POLY1305:
+ name: 'ECDHE-RSA-CHACHA20-POLY1305'
+ enabled: True
+ ECDHE-ECDSA-AES128-GCM-SHA256:
+ name: 'ECDHE-ECDSA-AES128-GCM-SHA256'
+ enabled: True
+ ECDHE-RSA-AES128-GCM-SHA256:
+ name: 'ECDHE-RSA-AES128-GCM-SHA256'
+ enabled: True
+ ECDHE-ECDSA-AES256-GCM-SHA384:
+ name: 'ECDHE-ECDSA-AES256-GCM-SHA384'
+ enabled: True
+ ECDHE-RSA-AES256-GCM-SHA384:
+ name: 'ECDHE-RSA-AES256-GCM-SHA384'
+ enabled: True
+ DHE-RSA-AES128-GCM-SHA256:
+ name: 'DHE-RSA-AES128-GCM-SHA256'
+ enabled: True
+ DHE-RSA-AES256-GCM-SHA384:
+ name: 'DHE-RSA-AES256-GCM-SHA384'
+ enabled: True
+ ECDHE-ECDSA-AES128-SHA256:
+ name: 'ECDHE-ECDSA-AES128-SHA256'
+ enabled: True
+ ECDHE-RSA-AES128-SHA256:
+ name: 'ECDHE-RSA-AES128-SHA256'
+ enabled: True
+ ECDHE-ECDSA-AES128-SHA:
+ name: 'ECDHE-ECDSA-AES128-SHA'
+ enabled: True
+ ECDHE-RSA-AES256-SHA384:
+ name: 'ECDHE-RSA-AES256-SHA384'
+ enabled: True
+ ECDHE-RSA-AES128-SHA:
+ name: 'ECDHE-RSA-AES128-SHA'
+ enabled: True
+ ECDHE-ECDSA-AES256-SHA384:
+ name: 'ECDHE-ECDSA-AES256-SHA384'
+ enabled: True
+ ECDHE-ECDSA-AES256-SHA:
+ name: 'ECDHE-ECDSA-AES256-SHA'
+ enabled: True
+ ECDHE-RSA-AES256-SHA:
+ name: 'ECDHE-RSA-AES256-SHA'
+ enabled: True
+ DHE-RSA-AES128-SHA256:
+ name: 'DHE-RSA-AES128-SHA256'
+ enabled: True
+ DHE-RSA-AES128-SHA:
+ name: 'DHE-RSA-AES128-SHA'
+ enabled: True
+ DHE-RSA-AES256-SHA256:
+ name: 'DHE-RSA-AES256-SHA256'
+ enabled: True
+ DHE-RSA-AES256-SHA:
+ name: 'DHE-RSA-AES256-SHA'
+ enabled: True
+ ECDHE-ECDSA-DES-CBC3-SHA:
+ name: 'ECDHE-ECDSA-DES-CBC3-SHA'
+ enabled: True
+ ECDHE-RSA-DES-CBC3-SHA:
+ name: 'ECDHE-RSA-DES-CBC3-SHA'
+ enabled: True
+ EDH-RSA-DES-CBC3-SHA:
+ name: 'EDH-RSA-DES-CBC3-SHA'
+ enabled: True
+ AES128-GCM-SHA256:
+ name: 'AES128-GCM-SHA256'
+ enabled: True
+ AES256-GCM-SHA384:
+ name: 'AES256-GCM-SHA384'
+ enabled: True
+ AES128-SHA256:
+ name: 'AES128-SHA256'
+ enabled: True
+ AES256-SHA256:
+ name: 'AES256-SHA256'
+ enabled: True
+ AES256-SHA:
+ name: 'AES256-SHA'
+ enabled: True
+ AES128-SHA:
+ name: 'AES128-SHA'
+ enabled: True
+ DES-CBC3-SHA:
+ name: 'DES-CBC3-SHA'
+ enabled: True
+ removeDSS:
+ name: '!DSS'
+ enabled: True
\ No newline at end of file
diff --git a/openssh/server/team/members/dpyzhov.yml b/openssh/server/team/members/dpyzhov.yml
new file mode 100644
index 0000000..2f72fe5
--- /dev/null
+++ b/openssh/server/team/members/dpyzhov.yml
@@ -0,0 +1,19 @@
+parameters:
+ linux:
+ system:
+ user:
+ dpyzhov:
+ enabled: true
+ name: dpyzhov
+ sudo: ${_param:linux_system_user_sudo}
+ full_name: Dmitry Pyzhov
+ home: /home/dpyzhov
+ email: dpyzhov@mirantis.com
+ openssh:
+ server:
+ user:
+ dpyzhov:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCpCEigzaCPNPSuy0GMef/wsyGvBXjbZLxg4eR7oVKmRDsT01sjOFDgabwSBcbkvc7jeWw3RcxC8Upyhq2ADzwFSh+9AXRPbX1R2GxW85SYWg6xz4gFaM8CJ4XUT3S3lnhJ796xUSG9jOIe/pEk9L/4F41uzX8YSwQkGoio2j6za34ZWEVqDNNZt+PVC4woJjuw6r4jBZiEKWuVONeSLJeVwMwc9vwz1kED89OP3zenGknCY5PvM59CrcKHdVzseqHtzMW89nHTTAPTRPWX+07IgNWpI+IRB1KDbtRmeFpuLUwObfxzWqCDc2vpL6UF6uyIVEzLNBSSU4s0lmu0nyEM/uT5hpt/pchl50lfVBrIj+G3wIG+yy/sB4xddVNB5XxwiChxS1pkXgWx6apsOgrixdsVsw5sqRmYwecm3bqL2GFEl1UmLs3fdDyAfsG8uz/OyDl5I48LBZmklriDE6QB+vOG4n1BHPUkwiF2LeXf3JtUrBPhe7oe80xUVxPXjxZqtIHp2Tooj3u9TK5Wd00yOj4uGMyJoQdICSDqt/BATkTQ4a/JMhBGEb5GC6KuuEAIwfV7DnrDW+jyiV7JJ8GUHGbg3KKVPv7jCVcCnww6icywMClnFuAy+yagiq5DxYFkdk9wa1psbxpQKSXFBOO+iWqOYJoiIFwgSiujdM8ZfQ== dpyzhov@mac-pro-2017
+ user: ${linux:system:user:dpyzhov}
diff --git a/openssh/server/team/networking.yml b/openssh/server/team/networking.yml
index 6541e34..9921b5b 100644
--- a/openssh/server/team/networking.yml
+++ b/openssh/server/team/networking.yml
@@ -7,6 +7,7 @@
- system.openssh.server.team.members.jcach
- system.openssh.server.team.members.psvimbersky
- system.openssh.server.team.members.gzimin
+- system.openssh.server.team.members.dpyzhov
parameters:
_param:
linux_system_user_sudo: true