Merge "Minor fix of update-glusterfs-cluster-op-version job specification"
diff --git a/defaults/init.yml b/defaults/init.yml
index f12a8ec..b37fbfb 100644
--- a/defaults/init.yml
+++ b/defaults/init.yml
@@ -14,6 +14,7 @@
- system.defaults.jenkins
- system.defaults.postgresql
- system.defaults.maas
+- system.defaults.opencontrail
- system.defaults.openstack
- system.defaults.galera
- system.defaults.rabbitmq
diff --git a/defaults/opencontrail/init.yml b/defaults/opencontrail/init.yml
new file mode 100644
index 0000000..24cd68e
--- /dev/null
+++ b/defaults/opencontrail/init.yml
@@ -0,0 +1,6 @@
+parameters:
+ _param:
+ opencontrail_identity_protocol: http
+ opencontrail_identity_port: 35357
+ opencontrail_identity_version: '2.0'
+ opencontrail_admin_user: 'contrail'
diff --git a/defaults/openstack/init.yml b/defaults/openstack/init.yml
index 66b357d..153bca8 100644
--- a/defaults/openstack/init.yml
+++ b/defaults/openstack/init.yml
@@ -17,6 +17,7 @@
openstack_telemetry_redis_db: '0'
openstack_telemetry_redis_sentinel_mastername: 'master_1'
openstack_upgrade_enabled: False
+ openstack_region: RegionOne
# SSL
ceilometer_agent_ssl_enabled: False
openstack_mysql_x509_enabled: False
diff --git a/defaults/stacklight.yml b/defaults/stacklight.yml
index 1abbb5e..8838246 100644
--- a/defaults/stacklight.yml
+++ b/defaults/stacklight.yml
@@ -1,5 +1,8 @@
parameters:
_param:
+ fluentd_elasticsearch_host: 127.0.0.1
+ fluentd_elasticsearch_port: 9200
+ fluentd_elasticsearch_scheme: http
# ELK stack versions
elasticsearch_version: 5
kibana_version: 5
diff --git a/fluentd/label/default_output/elasticsearch.yml b/fluentd/label/default_output/elasticsearch.yml
index 398ea8c..daf95dd 100644
--- a/fluentd/label/default_output/elasticsearch.yml
+++ b/fluentd/label/default_output/elasticsearch.yml
@@ -2,9 +2,6 @@
- service.fluentd.agent.output.elasticsearch
- system.fluentd.label.default_output.filter.common
parameters:
- _param:
- fluentd_elasticsearch_host: 127.0.0.1
- elasticsearch_port: 9200
fluentd:
agent:
config:
@@ -13,4 +10,5 @@
match:
elasticsearch_output:
host: ${_param:fluentd_elasticsearch_host}
- port: ${_param:elasticsearch_port}
+ port: ${_param:fluentd_elasticsearch_port}
+ scheme: ${_param:fluentd_elasticsearch_scheme}
diff --git a/fluentd/label/default_output/elasticsearch_ssl.yml b/fluentd/label/default_output/elasticsearch_ssl.yml
deleted file mode 100644
index da3a5a7..0000000
--- a/fluentd/label/default_output/elasticsearch_ssl.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-parameters:
- fluentd:
- agent:
- config:
- label:
- default_output:
- match:
- elasticsearch_output:
- scheme: https
diff --git a/fluentd/label/notifications/audit.yml b/fluentd/label/notifications/audit.yml
index 6449e1e..da0c31a 100644
--- a/fluentd/label/notifications/audit.yml
+++ b/fluentd/label/notifications/audit.yml
@@ -45,7 +45,8 @@
audit_output:
tag: audit
type: elasticsearch
- host: ${_param:stacklight_log_address}
- port: ${_param:elasticsearch_port}
+ host: ${_param:fluentd_elasticsearch_host}
+ port: ${_param:fluentd_elasticsearch_port}
+ scheme: ${_param:fluentd_elasticsearch_scheme}
es_index_name: audit
tag_key: Type
diff --git a/fluentd/label/notifications/notifications.yml b/fluentd/label/notifications/notifications.yml
index 5556d6e..7d1e5c6 100644
--- a/fluentd/label/notifications/notifications.yml
+++ b/fluentd/label/notifications/notifications.yml
@@ -1,6 +1,4 @@
parameters:
- _param:
- elasticsearch_port: 9200
fluentd:
agent:
config:
@@ -118,7 +116,8 @@
notifications_output:
tag: notification
type: elasticsearch
- host: ${_param:stacklight_log_address}
- port: ${_param:elasticsearch_port}
+ host: ${_param:fluentd_elasticsearch_host}
+ port: ${_param:fluentd_elasticsearch_port}
+ scheme: ${_param:fluentd_elasticsearch_scheme}
es_index_name: notification
tag_key: Type
diff --git a/nginx/server/proxy/ssl.yml b/nginx/server/proxy/ssl.yml
index 66a1938..dd4f2cd 100644
--- a/nginx/server/proxy/ssl.yml
+++ b/nginx/server/proxy/ssl.yml
@@ -16,10 +16,10 @@
protocols:
TLSv1:
name: 'TLSv1'
- enabled: True
+ enabled: False
TLSv1.1:
name: 'TLSv1.1'
- enabled: True
+ enabled: False
TLSv1.2:
name: 'TLSv1.2'
enabled: True
@@ -28,16 +28,16 @@
ciphers:
ECDHE-ECDSA-CHACHA20-POLY1305:
name: 'ECDHE-ECDSA-CHACHA20-POLY1305'
- enabled: True
+ enabled: False
ECDHE-RSA-CHACHA20-POLY1305:
name: 'ECDHE-RSA-CHACHA20-POLY1305'
- enabled: True
+ enabled: False
ECDHE-ECDSA-AES128-GCM-SHA256:
name: 'ECDHE-ECDSA-AES128-GCM-SHA256'
- enabled: True
+ enabled: False
ECDHE-RSA-AES128-GCM-SHA256:
name: 'ECDHE-RSA-AES128-GCM-SHA256'
- enabled: True
+ enabled: False
ECDHE-ECDSA-AES256-GCM-SHA384:
name: 'ECDHE-ECDSA-AES256-GCM-SHA384'
enabled: True
@@ -46,76 +46,76 @@
enabled: True
DHE-RSA-AES128-GCM-SHA256:
name: 'DHE-RSA-AES128-GCM-SHA256'
- enabled: True
+ enabled: False
DHE-RSA-AES256-GCM-SHA384:
name: 'DHE-RSA-AES256-GCM-SHA384'
- enabled: True
+ enabled: False
ECDHE-ECDSA-AES128-SHA256:
name: 'ECDHE-ECDSA-AES128-SHA256'
- enabled: True
+ enabled: False
ECDHE-RSA-AES128-SHA256:
name: 'ECDHE-RSA-AES128-SHA256'
- enabled: True
+ enabled: False
ECDHE-ECDSA-AES128-SHA:
name: 'ECDHE-ECDSA-AES128-SHA'
- enabled: True
+ enabled: False
ECDHE-RSA-AES256-SHA384:
name: 'ECDHE-RSA-AES256-SHA384'
enabled: True
ECDHE-RSA-AES128-SHA:
name: 'ECDHE-RSA-AES128-SHA'
- enabled: True
+ enabled: False
ECDHE-ECDSA-AES256-SHA384:
name: 'ECDHE-ECDSA-AES256-SHA384'
enabled: True
ECDHE-ECDSA-AES256-SHA:
name: 'ECDHE-ECDSA-AES256-SHA'
- enabled: True
+ enabled: False
ECDHE-RSA-AES256-SHA:
name: 'ECDHE-RSA-AES256-SHA'
- enabled: True
+ enabled: False
DHE-RSA-AES128-SHA256:
name: 'DHE-RSA-AES128-SHA256'
- enabled: True
+ enabled: False
DHE-RSA-AES128-SHA:
name: 'DHE-RSA-AES128-SHA'
- enabled: True
+ enabled: False
DHE-RSA-AES256-SHA256:
name: 'DHE-RSA-AES256-SHA256'
- enabled: True
+ enabled: False
DHE-RSA-AES256-SHA:
name: 'DHE-RSA-AES256-SHA'
- enabled: True
+ enabled: False
ECDHE-ECDSA-DES-CBC3-SHA:
name: 'ECDHE-ECDSA-DES-CBC3-SHA'
- enabled: True
+ enabled: False
ECDHE-RSA-DES-CBC3-SHA:
name: 'ECDHE-RSA-DES-CBC3-SHA'
- enabled: True
+ enabled: False
EDH-RSA-DES-CBC3-SHA:
name: 'EDH-RSA-DES-CBC3-SHA'
- enabled: True
+ enabled: False
AES128-GCM-SHA256:
name: 'AES128-GCM-SHA256'
- enabled: True
+ enabled: False
AES256-GCM-SHA384:
name: 'AES256-GCM-SHA384'
- enabled: True
+ enabled: False
AES128-SHA256:
name: 'AES128-SHA256'
- enabled: True
+ enabled: False
AES256-SHA256:
name: 'AES256-SHA256'
- enabled: True
+ enabled: False
AES256-SHA:
name: 'AES256-SHA'
- enabled: True
+ enabled: False
AES128-SHA:
name: 'AES128-SHA'
- enabled: True
+ enabled: False
DES-CBC3-SHA:
name: 'DES-CBC3-SHA'
- enabled: True
+ enabled: False
removeDSS:
name: '!DSS'
- enabled: True
\ No newline at end of file
+ enabled: True
diff --git a/opencontrail/compute/cluster.yml b/opencontrail/compute/cluster.yml
index 7cdcdf6..32153df 100644
--- a/opencontrail/compute/cluster.yml
+++ b/opencontrail/compute/cluster.yml
@@ -4,6 +4,7 @@
- opencontrail
parameters:
_param:
+ opencontrail_version: 3.0
opencontrail_compute_iface_mask: 24
opencontrail:
common:
@@ -11,25 +12,15 @@
identity:
engine: keystone
host: ${_param:openstack_control_address}
- port: 35357
+ port: ${_param:opencontrail_identity_port}
token: ${_param:keystone_service_token}
password: ${_param:keystone_admin_password}
network:
- engine: neutron
host: ${_param:opencontrail_control_address}
- port: 9696
compute:
version: ${_param:opencontrail_version}
- disable_flow_collection: true
- enabled: True
+ disable_flow_collection: True
bind:
address: ${_param:single_address}
discovery:
host: ${_param:opencontrail_control_address}
- interface:
- address: ${_param:opencontrail_compute_address}
- dev: ${_param:opencontrail_compute_iface}
- gateway: ${_param:opencontrail_compute_gateway}
- mask: ${_param:opencontrail_compute_iface_mask}
- dns: ${_param:opencontrail_compute_dns}
- mtu: 9000
diff --git a/opencontrail/compute/cluster4_0.yml b/opencontrail/compute/cluster4_0.yml
index 3cb1514..058463d 100644
--- a/opencontrail/compute/cluster4_0.yml
+++ b/opencontrail/compute/cluster4_0.yml
@@ -1,31 +1,24 @@
-classes:
- - service.opencontrail.compute.cluster
applications:
- opencontrail
+classes:
+ - service.opencontrail.compute.cluster
parameters:
_param:
+ opencontrail_version: 4.1
opencontrail_compute_iface_mask: 24
- opencontrail_version: 4.0
- linux_repo_contrail_component: oc40
opencontrail:
common:
version: ${_param:opencontrail_version}
identity:
engine: keystone
host: ${_param:openstack_control_address}
- port: 35357
+ port: ${_param:opencontrail_identity_port}
token: ${_param:keystone_service_token}
password: ${_param:opencontrail_admin_password}
network:
- engine: neutron
host: ${_param:openstack_control_address}
- port: 9696
compute:
- version: ${_param:opencontrail_version}
- disable_flow_collection: true
- enabled: True
- bind:
- address: ${_param:single_address}
+ disable_flow_collection: True
config:
members:
- host: ${_param:opencontrail_control_node01_address}
@@ -41,10 +34,3 @@
- host: ${_param:opencontrail_control_node01_address}
- host: ${_param:opencontrail_control_node02_address}
- host: ${_param:opencontrail_control_node03_address}
- interface:
- address: ${_param:opencontrail_compute_address}
- dev: ${_param:opencontrail_compute_iface}
- gateway: ${_param:opencontrail_compute_gateway}
- mask: ${_param:opencontrail_compute_iface_mask}
- dns: ${_param:opencontrail_compute_dns}
- mtu: 9000
diff --git a/opencontrail/compute/single.yml b/opencontrail/compute/single.yml
index 6674e34..72dda61 100644
--- a/opencontrail/compute/single.yml
+++ b/opencontrail/compute/single.yml
@@ -1,7 +1,10 @@
applications:
- opencontrail
+classes:
+ - service.opencontrail.compute.single
parameters:
_param:
+ opencontrail_version: 3.0
opencontrail_compute_iface_mask: 24
opencontrail:
common:
@@ -9,7 +12,7 @@
identity:
engine: keystone
host: ${_param:control_address}
- port: 35357
+ port: ${_param:opencontrail_identity_port}
token: ${_param:keystone_service_token}
password: ${_param:keystone_admin_password}
network:
@@ -17,17 +20,8 @@
host: ${_param:control_address}
port: 9696
compute:
- version: ${_param:opencontrail_version}
- enabled: True
discovery:
host: ${_param:control_address}
- interface:
- address: ${_param:opencontrail_compute_address}
- dev: ${_param:opencontrail_compute_iface}
- gateway: ${_param:opencontrail_compute_gateway}
- mask: ${_param:opencontrail_compute_iface_mask}
- dns: ${_param:opencontrail_compute_dns}
- mtu: 9000
nova:
compute:
instance_build_timeout: ${_param:nova_instance_build_timeout}
diff --git a/opencontrail/compute/single4_0.yml b/opencontrail/compute/single4_0.yml
index b98522d..952827f 100644
--- a/opencontrail/compute/single4_0.yml
+++ b/opencontrail/compute/single4_0.yml
@@ -1,9 +1,11 @@
applications:
- opencontrail
+classes:
+ - service.opencontrail.compute.single
parameters:
_param:
+ opencontrail_version: 4.1
opencontrail_compute_iface_mask: 24
- opencontrail_version: 4.0
linux_repo_contrail_component: oc40
opencontrail:
common:
@@ -11,7 +13,7 @@
identity:
engine: keystone
host: ${_param:control_address}
- port: 35357
+ port: ${_param:opencontrail_identity_port}
token: ${_param:keystone_service_token}
password: ${_param:opencontrail_admin_password}
network:
@@ -19,8 +21,6 @@
host: ${_param:control_address}
port: 9696
compute:
- version: ${_param:opencontrail_version}
- enabled: True
config:
members:
- host: ${_param:opencontrail_control_node01_address}
@@ -31,11 +31,3 @@
- host: ${_param:opencontrail_analytics_node01_address}
- host: ${_param:opencontrail_analytics_node02_address}
- host: ${_param:opencontrail_analytics_node03_address}
- interface:
- address: ${_param:opencontrail_compute_address}
- dev: ${_param:opencontrail_compute_iface}
- gateway: ${_param:opencontrail_compute_gateway}
- mask: ${_param:opencontrail_compute_iface_mask}
- dns: ${_param:opencontrail_compute_dns}
- mtu: 9000
-