Merge "Revert "Add parameter TEMPEST_VERSION for cvp_func job PROD-21521 Change-Id: I700209e5a48d648a1f781001482781bfc2ecb4ce""
diff --git a/.releasenotes/notes/salt-control-ordered-interfaces.yaml b/.releasenotes/notes/salt-control-ordered-interfaces.yaml
new file mode 100644
index 0000000..92e21f3
--- /dev/null
+++ b/.releasenotes/notes/salt-control-ordered-interfaces.yaml
@@ -0,0 +1,32 @@
+---
+fixes:
+ - |
+ When defining interfaces for kvm-quemu VMs use sorted list of interfaces
+ to avoid random NIC assignment/name.
+
+ Fixes https://mirantis.jira.com/browse/PROD-21976
+
+ Required model change on existing deployments with MCP >= 2018.7.0, update
+ `salt:virt:nic` profiles to use list with `- name:` key instead of dict:
+
+ .. code-block:: yaml
+
+ salt:
+ virt:
+ nic:
+ default:
+ eth1:
+ bridge: br-mgm
+ eth0:
+ bridge: br-ctl
+ control:
+ - name: eth1
+ bridge: br_mgm
+ model: virtio
+ - name: eth2
+ bridge: br_ctl
+ model: virtio
+ - name: eth3
+ bridge: br_proxy
+ model: virtio
+
diff --git a/aodh/server/cluster.yml b/aodh/server/cluster.yml
index d1f6583..fb6839b 100644
--- a/aodh/server/cluster.yml
+++ b/aodh/server/cluster.yml
@@ -6,13 +6,15 @@
parameters:
_param:
openstack_event_alarm_topic: alarm.all
+ # Keep alarm history in database for 30 days
+ aodh_alarm_history_ttl: 2592000
aodh:
server:
enabled: true
role: ${_param:openstack_node_role}
version: ${_param:aodh_version}
cluster: true
- ttl: 86400
+ ttl: ${_param:aodh_alarm_history_ttl}
debug: false
verbose: true
region: ${_param:openstack_region}
@@ -45,3 +47,8 @@
- host: ${_param:openstack_message_queue_node01_address}
- host: ${_param:openstack_message_queue_node02_address}
- host: ${_param:openstack_message_queue_node03_address}
+ # Check for expired alarm history every day at 2 AM
+ expirer:
+ cron:
+ minute: 0
+ hour: 2
diff --git a/aodh/server/single.yml b/aodh/server/single.yml
index b2a55a6..6fec2a6 100644
--- a/aodh/server/single.yml
+++ b/aodh/server/single.yml
@@ -3,10 +3,18 @@
parameters:
_param:
openstack_event_alarm_topic: alarm.all
+ # Keep alarm history in database for 30 days
+ aodh_alarm_history_ttl: 2592000
aodh:
server:
+ ttl: ${_param:aodh_alarm_history_ttl}
role: ${_param:openstack_node_role}
region: ${_param:openstack_region}
event_alarm_topic: ${_param:openstack_event_alarm_topic}
identity:
region: ${_param:openstack_region}
+ # Check for expired alarm history every day at 2 AM
+ expirer:
+ cron:
+ minute: 0
+ hour: 2
diff --git a/apache/server/proxy/openstack/cinder.yml b/apache/server/proxy/openstack/cinder.yml
index 8b3fb4f..832c013 100644
--- a/apache/server/proxy/openstack/cinder.yml
+++ b/apache/server/proxy/openstack/cinder.yml
@@ -1,7 +1,8 @@
parameters:
_param:
- apache_proxy_ssl:
+ apache_ssl:
enabled: false
+ apache_proxy_ssl: ${_param:apache_ssl}
apache_proxy_openstack_api_host: ${_param:cluster_public_host}
apache_proxy_openstack_api_address: 0.0.0.0
apache_proxy_openstack_cinder_host: ${_param:cinder_service_host}
diff --git a/apache/server/proxy/openstack/designate.yml b/apache/server/proxy/openstack/designate.yml
index b681cf7..c39c9a4 100644
--- a/apache/server/proxy/openstack/designate.yml
+++ b/apache/server/proxy/openstack/designate.yml
@@ -1,7 +1,8 @@
parameters:
_param:
- apache_proxy_ssl:
+ apache_ssl:
enabled: false
+ apache_proxy_ssl: ${_param:apache_ssl}
apache_proxy_openstack_api_host: ${_param:cluster_public_host}
apache_proxy_openstack_api_address: 0.0.0.0
apache_proxy_openstack_designate_host: ${_param:designate_service_host}
diff --git a/apache/server/proxy/openstack/glance.yml b/apache/server/proxy/openstack/glance.yml
index 91bedea..f983ab4 100644
--- a/apache/server/proxy/openstack/glance.yml
+++ b/apache/server/proxy/openstack/glance.yml
@@ -1,7 +1,8 @@
parameters:
_param:
- apache_proxy_ssl:
+ apache_ssl:
enabled: false
+ apache_proxy_ssl: ${_param:apache_ssl}
apache_proxy_openstack_api_host: ${_param:cluster_public_host}
apache_proxy_openstack_api_address: 0.0.0.0
apache_proxy_openstack_glance_host: ${_param:glance_service_host}
diff --git a/apache/server/proxy/openstack/heat.yml b/apache/server/proxy/openstack/heat.yml
index b844c45..f3aab22 100644
--- a/apache/server/proxy/openstack/heat.yml
+++ b/apache/server/proxy/openstack/heat.yml
@@ -1,7 +1,8 @@
parameters:
_param:
- apache_proxy_ssl:
+ apache_ssl:
enabled: false
+ apache_proxy_ssl: ${_param:apache_ssl}
apache_proxy_openstack_api_host: ${_param:cluster_public_host}
apache_proxy_openstack_api_address: 0.0.0.0
apache_proxy_openstack_heat_host: ${_param:heat_service_host}
diff --git a/apache/server/proxy/openstack/ironic.yml b/apache/server/proxy/openstack/ironic.yml
index d6bd7d3..b6abf0f 100644
--- a/apache/server/proxy/openstack/ironic.yml
+++ b/apache/server/proxy/openstack/ironic.yml
@@ -1,7 +1,8 @@
parameters:
_param:
- apache_proxy_ssl:
+ apache_ssl:
enabled: false
+ apache_proxy_ssl: ${_param:apache_ssl}
apache_proxy_openstack_api_host: ${_param:cluster_public_host}
apache_proxy_openstack_api_address: 0.0.0.0
apache_proxy_openstack_ironic_host: ${_param:ironic_service_host}
diff --git a/apache/server/proxy/openstack/neutron.yml b/apache/server/proxy/openstack/neutron.yml
index dd18c40..1ed5726 100644
--- a/apache/server/proxy/openstack/neutron.yml
+++ b/apache/server/proxy/openstack/neutron.yml
@@ -1,7 +1,8 @@
parameters:
_param:
- apache_proxy_ssl:
+ apache_ssl:
enabled: false
+ apache_proxy_ssl: ${_param:apache_ssl}
apache_proxy_openstack_api_host: ${_param:cluster_public_host}
apache_proxy_openstack_api_address: 0.0.0.0
apache_proxy_openstack_neutron_host: ${_param:neutron_service_host}
diff --git a/apache/server/proxy/openstack/nova.yml b/apache/server/proxy/openstack/nova.yml
index 66a0107..610c6d5 100644
--- a/apache/server/proxy/openstack/nova.yml
+++ b/apache/server/proxy/openstack/nova.yml
@@ -1,7 +1,8 @@
parameters:
_param:
- apache_proxy_ssl:
+ apache_ssl:
enabled: false
+ apache_proxy_ssl: ${_param:apache_ssl}
apache_proxy_openstack_api_host: ${_param:cluster_public_host}
apache_proxy_openstack_api_address: 0.0.0.0
apache_proxy_openstack_nova_host: ${_param:nova_service_host}
diff --git a/apache/server/proxy/openstack/placement.yml b/apache/server/proxy/openstack/placement.yml
index 9e256b2..6030740 100644
--- a/apache/server/proxy/openstack/placement.yml
+++ b/apache/server/proxy/openstack/placement.yml
@@ -1,7 +1,8 @@
parameters:
_param:
- apache_proxy_ssl:
+ apache_ssl:
enabled: false
+ apache_proxy_ssl: ${_param:apache_ssl}
placement_service_host: ${_param:nova_service_host}
apache_proxy_openstack_api_host: ${_param:cluster_public_host}
apache_proxy_openstack_api_address: 0.0.0.0
diff --git a/apache/server/site/barbican.yml b/apache/server/site/barbican.yml
index 55f5cf5..0e7da2c 100644
--- a/apache/server/site/barbican.yml
+++ b/apache/server/site/barbican.yml
@@ -1,7 +1,8 @@
parameters:
_param:
- apache_barbican_ssl:
+ apache_ssl:
enabled: false
+ apache_barbican_ssl: ${_param:apache_ssl}
apache_barbican_api_address: 0.0.0.0
apache_barbican_api_host: ${linux:network:fqdn}
apache:
diff --git a/apache/server/site/cinder.yml b/apache/server/site/cinder.yml
index 7338b6e..d1e3475 100644
--- a/apache/server/site/cinder.yml
+++ b/apache/server/site/cinder.yml
@@ -1,7 +1,8 @@
parameters:
_param:
- apache_cinder_ssl:
+ apache_ssl:
enabled: false
+ apache_cinder_ssl: ${_param:apache_ssl}
apache_cinder_api_address: 0.0.0.0
apache_cinder_api_host: ${linux:network:fqdn}
cinder:
diff --git a/apache/server/site/gnocchi.yml b/apache/server/site/gnocchi.yml
index a3d6def..12d5f24 100644
--- a/apache/server/site/gnocchi.yml
+++ b/apache/server/site/gnocchi.yml
@@ -1,8 +1,9 @@
parameters:
_param:
gnocchi_api_workers: 2
- apache_gnocchi_ssl:
+ apache_ssl:
enabled: false
+ apache_gnocchi_ssl: ${_param:apache_ssl}
apache_gnocchi_api_host: ${linux:network:fqdn}
apache_gnocchi_api_address: ${_param:single_address}
apache_gnocchi_api_port: 8041
diff --git a/apache/server/site/manila.yml b/apache/server/site/manila.yml
index 2161882..cecf1d4 100644
--- a/apache/server/site/manila.yml
+++ b/apache/server/site/manila.yml
@@ -1,7 +1,8 @@
parameters:
_param:
- apache_manila_ssl:
+ apache_ssl:
enabled: false
+ apache_manila_ssl: ${_param:apache_ssl}
apache_manila_api_address: 0.0.0.0
apache_manila_api_host: ${linux:network:fqdn}
manila:
diff --git a/apache/server/site/nova-placement.yml b/apache/server/site/nova-placement.yml
index 9eeeae4..7c8e8bd 100644
--- a/apache/server/site/nova-placement.yml
+++ b/apache/server/site/nova-placement.yml
@@ -1,7 +1,8 @@
parameters:
_param:
- apache_nova_placement_ssl:
+ apache_ssl:
enabled: false
+ apache_nova_placement_ssl: ${_param:apache_ssl}
apache_nova_placement_api_address: 0.0.0.0
apache_nova_placement_api_host: ${linux:network:fqdn}
nova_placement:
diff --git a/apache/server/site/panko.yml b/apache/server/site/panko.yml
index d052c37..eff49c5 100644
--- a/apache/server/site/panko.yml
+++ b/apache/server/site/panko.yml
@@ -1,7 +1,8 @@
parameters:
_param:
- apache_panko_ssl:
+ apache_ssl:
enabled: false
+ apache_panko_ssl: ${_param:apache_ssl}
panko_api_workers: 2
apache_panko_api_host: ${linux:network:fqdn}
apache_panko_api_address: ${_param:single_address}
diff --git a/apache/server/ssl.yml b/apache/server/ssl.yml
new file mode 100644
index 0000000..b720d5d
--- /dev/null
+++ b/apache/server/ssl.yml
@@ -0,0 +1,112 @@
+parameters:
+ _param:
+ apache_ssl_enabled: false
+ apache_ssl:
+ mode: 'strict'
+ enabled: ${_param:apache_ssl_enabled}
+ engine: salt
+ prefer_server_ciphers: "on"
+ protocols:
+ all:
+ name: 'all'
+ enabled: True
+ excludeSSLv2:
+ name: '-SSLv2'
+ enabled: True
+ excludeSSLv3:
+ name: '-SSLv3'
+ enabled: True
+ ciphers:
+ ECDHE-ECDSA-CHACHA20-POLY1305:
+ name: 'ECDHE-ECDSA-CHACHA20-POLY1305'
+ enabled: True
+ ECDHE-RSA-CHACHA20-POLY1305:
+ name: 'ECDHE-RSA-CHACHA20-POLY1305'
+ enabled: True
+ ECDHE-ECDSA-AES128-GCM-SHA256:
+ name: 'ECDHE-ECDSA-AES128-GCM-SHA256'
+ enabled: True
+ ECDHE-RSA-AES128-GCM-SHA256:
+ name: 'ECDHE-RSA-AES128-GCM-SHA256'
+ enabled: True
+ ECDHE-ECDSA-AES256-GCM-SHA384:
+ name: 'ECDHE-ECDSA-AES256-GCM-SHA384'
+ enabled: True
+ ECDHE-RSA-AES256-GCM-SHA384:
+ name: 'ECDHE-RSA-AES256-GCM-SHA384'
+ enabled: True
+ DHE-RSA-AES128-GCM-SHA256:
+ name: 'DHE-RSA-AES128-GCM-SHA256'
+ enabled: True
+ DHE-RSA-AES256-GCM-SHA384:
+ name: 'DHE-RSA-AES256-GCM-SHA384'
+ enabled: True
+ ECDHE-ECDSA-AES128-SHA256:
+ name: 'ECDHE-ECDSA-AES128-SHA256'
+ enabled: True
+ ECDHE-RSA-AES128-SHA256:
+ name: 'ECDHE-RSA-AES128-SHA256'
+ enabled: True
+ ECDHE-ECDSA-AES128-SHA:
+ name: 'ECDHE-ECDSA-AES128-SHA'
+ enabled: True
+ ECDHE-RSA-AES256-SHA384:
+ name: 'ECDHE-RSA-AES256-SHA384'
+ enabled: True
+ ECDHE-RSA-AES128-SHA:
+ name: 'ECDHE-RSA-AES128-SHA'
+ enabled: True
+ ECDHE-ECDSA-AES256-SHA384:
+ name: 'ECDHE-ECDSA-AES256-SHA384'
+ enabled: True
+ ECDHE-ECDSA-AES256-SHA:
+ name: 'ECDHE-ECDSA-AES256-SHA'
+ enabled: True
+ ECDHE-RSA-AES256-SHA:
+ name: 'ECDHE-RSA-AES256-SHA'
+ enabled: True
+ DHE-RSA-AES128-SHA256:
+ name: 'DHE-RSA-AES128-SHA256'
+ enabled: True
+ DHE-RSA-AES128-SHA:
+ name: 'DHE-RSA-AES128-SHA'
+ enabled: True
+ DHE-RSA-AES256-SHA256:
+ name: 'DHE-RSA-AES256-SHA256'
+ enabled: True
+ DHE-RSA-AES256-SHA:
+ name: 'DHE-RSA-AES256-SHA'
+ enabled: True
+ ECDHE-ECDSA-DES-CBC3-SHA:
+ name: 'ECDHE-ECDSA-DES-CBC3-SHA'
+ enabled: True
+ ECDHE-RSA-DES-CBC3-SHA:
+ name: 'ECDHE-RSA-DES-CBC3-SHA'
+ enabled: True
+ EDH-RSA-DES-CBC3-SHA:
+ name: 'EDH-RSA-DES-CBC3-SHA'
+ enabled: True
+ AES128-GCM-SHA256:
+ name: 'AES128-GCM-SHA256'
+ enabled: True
+ AES256-GCM-SHA384:
+ name: 'AES256-GCM-SHA384'
+ enabled: True
+ AES128-SHA256:
+ name: 'AES128-SHA256'
+ enabled: True
+ AES256-SHA256:
+ name: 'AES256-SHA256'
+ enabled: True
+ AES256-SHA:
+ name: 'AES256-SHA'
+ enabled: True
+ AES128-SHA:
+ name: 'AES128-SHA'
+ enabled: True
+ DES-CBC3-SHA:
+ name: 'DES-CBC3-SHA'
+ enabled: True
+ removeDSS:
+ name: '!DSS'
+ enabled: True
\ No newline at end of file
diff --git a/aptly/server/repo/ubuntu/xenial/opencontrail.yml b/aptly/server/repo/ubuntu/xenial/opencontrail.yml
index 7f47577..6e90f75 100644
--- a/aptly/server/repo/ubuntu/xenial/opencontrail.yml
+++ b/aptly/server/repo/ubuntu/xenial/opencontrail.yml
@@ -123,6 +123,17 @@
- xenial-dev/nightly
architectures:
- amd64
+ ubuntu-xenial-oc50:
+ distribution: xenial
+ component: main
+ architectures: amd64
+ comment: "Opencontrail 5.0"
+ publisher:
+ component: oc50
+ distributions:
+ - xenial/nightly
+ architectures:
+ - amd64
ubuntu-xenial-oc666:
distribution: xenial
component: main
diff --git a/artifactory/client/init.yml b/artifactory/client/init.yml
index 7eab16e..bd69bd3 100644
--- a/artifactory/client/init.yml
+++ b/artifactory/client/init.yml
@@ -341,6 +341,10 @@
- pypi-remote
defaultDeploymentRepo: pypi-local
+ test-images:
+ rclass: local
+ packageType: generic
+
ubuntu-local:
rclass: local
packageType: debian
diff --git a/barbican/server/cluster.yml b/barbican/server/cluster.yml
index d8b570c..81ee5af 100644
--- a/barbican/server/cluster.yml
+++ b/barbican/server/cluster.yml
@@ -9,3 +9,5 @@
role: ${_param:openstack_node_role}
identity:
protocol: ${_param:cluster_internal_protocol}
+ database:
+ host: ${_param:openstack_database_address}
diff --git a/ceilometer/agent/polling/opendaylight.yml b/ceilometer/agent/polling/opendaylight.yml
new file mode 100644
index 0000000..aabbe9c
--- /dev/null
+++ b/ceilometer/agent/polling/opendaylight.yml
@@ -0,0 +1,33 @@
+parameters:
+ _param:
+ opendaylight_service_host: 127.0.0.1
+ opendaylight_rest_port: 8080
+ ceilometer:
+ opendaylight:
+ driver: opendaylight.v2
+ auth: basic
+ user: admin
+ password: admin
+ scheme: http
+ interval: 900
+ ceilometer:
+ agent:
+ polling:
+ sources:
+ odl_source:
+ meters:
+ - switch
+ - switch.ports
+ - switch.port
+ - switch.port.uptime
+ - switch.port.receive.drops
+ - switch.port.receive.errors
+ - switch.port.transmit.packets
+ - switch.port.receive.packets
+ - switch.port.transmit.bytes
+ - switch.port.receive.bytes
+ interval: ${_param:ceilometer:opendaylight:interval}
+ resources:
+ - ${_param:ceilometer:opendaylight:driver}://${_param:opendaylight_service_host}:${_param:opendaylight_rest_port}/controller/statistics?auth=${_param:ceilometer:opendaylight:auth}&user=${_param:ceilometer:opendaylight:user}&password=${_param:ceilometer:opendaylight:password}&scheme=${_param:ceilometer:opendaylight:scheme}
+ sinks:
+ - meter_sink
diff --git a/ceilometer/server/telemetry/cluster.yml b/ceilometer/server/telemetry/cluster.yml
index d1c28ef..fdf3e03 100644
--- a/ceilometer/server/telemetry/cluster.yml
+++ b/ceilometer/server/telemetry/cluster.yml
@@ -10,6 +10,7 @@
region: ${_param:openstack_region}
cluster: true
secret: ${_param:ceilometer_secret_key}
+ role: ${_param:openstack_node_role}
ttl: 86400
notification:
workload_partitioning: true
diff --git a/ceilometer/server/telemetry/single.yml b/ceilometer/server/telemetry/single.yml
index 7a98b73..2d8828c 100644
--- a/ceilometer/server/telemetry/single.yml
+++ b/ceilometer/server/telemetry/single.yml
@@ -1,2 +1,6 @@
classes:
- service.ceilometer.server.single.common
+parameters:
+ ceilometer:
+ server:
+ role: ${_param:openstack_node_role}
diff --git a/cinder/control/backend/vmware.yml b/cinder/control/backend/vmware.yml
new file mode 100644
index 0000000..d75e257
--- /dev/null
+++ b/cinder/control/backend/vmware.yml
@@ -0,0 +1,13 @@
+parameters:
+ cinder:
+ controller:
+ default_volume_type: vmware-driver
+ backend:
+ vmware:
+ engine: vmware
+ type_name: vmware-driver
+ host_ip: ${_param:openstack_vcenter_host}
+ host_username: ${_param:openstack_vcenter_username}
+ host_password: ${_param:openstack_vcenter_password}
+ cluster_names: ${_param:openstack_vcenter_cluster_names}
+ insecure: true
diff --git a/cinder/control/cluster.yml b/cinder/control/cluster.yml
index b5d6862..5bc5c75 100644
--- a/cinder/control/cluster.yml
+++ b/cinder/control/cluster.yml
@@ -3,9 +3,12 @@
- service.haproxy.proxy.single
- service.keepalived.cluster.single
- system.haproxy.proxy.listen.openstack.cinder
+- system.salt.minion.cert.mysql.clients.openstack.cinder
parameters:
_param:
cluster_internal_protocol: 'http'
+ openstack_mysql_x509_enabled: False
+ galera_ssl_enabled: False
linux:
system:
package:
@@ -35,6 +38,13 @@
name: cinder
user: cinder
password: ${_param:mysql_cinder_password}
+ x509:
+ enabled: ${_param:openstack_mysql_x509_enabled}
+ ca_file: ${_param:mysql_cinder_ssl_ca_file}
+ key_file: ${_param:mysql_cinder_client_ssl_key_file}
+ cert_file: ${_param:mysql_cinder_client_ssl_cert_file}
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
identity:
engine: keystone
region: ${_param:openstack_region}
diff --git a/cinder/control/single.yml b/cinder/control/single.yml
index 89c5307..f38cfb4 100644
--- a/cinder/control/single.yml
+++ b/cinder/control/single.yml
@@ -1,8 +1,11 @@
classes:
- service.cinder.control.single
+- system.salt.minion.cert.mysql.clients.openstack.cinder
parameters:
_param:
internal_protocol: 'http'
+ openstack_mysql_x509_enabled: False
+ galera_ssl_enabled: False
linux:
system:
package:
@@ -18,6 +21,13 @@
role: ${_param:openstack_node_role}
database:
host: ${_param:single_address}
+ x509:
+ enabled: ${_param:openstack_mysql_x509_enabled}
+ ca_file: ${_param:mysql_cinder_ssl_ca_file}
+ key_file: ${_param:mysql_cinder_client_ssl_key_file}
+ cert_file: ${_param:mysql_cinder_client_ssl_cert_file}
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
identity:
protocol: ${_param:internal_protocol}
region: ${_param:openstack_region}
diff --git a/cinder/volume/backend/vmware.yml b/cinder/volume/backend/vmware.yml
new file mode 100644
index 0000000..1c606d2
--- /dev/null
+++ b/cinder/volume/backend/vmware.yml
@@ -0,0 +1,13 @@
+parameters:
+ cinder:
+ volume:
+ default_volume_type: vmware-driver
+ backend:
+ vmware:
+ engine: vmware
+ type_name: vmware-driver
+ host_ip: ${_param:openstack_vcenter_host}
+ host_username: ${_param:openstack_vcenter_username}
+ host_password: ${_param:openstack_vcenter_password}
+ cluster_names: ${_param:openstack_vcenter_cluster_names}
+ insecure: true
diff --git a/cinder/volume/local.yml b/cinder/volume/local.yml
index d03d6f7..51c3ba8 100644
--- a/cinder/volume/local.yml
+++ b/cinder/volume/local.yml
@@ -1,11 +1,22 @@
classes:
- service.cinder.volume.local
+- system.salt.minion.cert.mysql.clients.openstack.cinder
parameters:
+ _param:
+ openstack_mysql_x509_enabled: False
+ galera_ssl_enabled: False
cinder:
volume:
enabled: True
database:
host: ${_param:single_address}
+ x509:
+ enabled: ${_param:openstack_mysql_x509_enabled}
+ ca_file: ${_param:mysql_cinder_ssl_ca_file}
+ key_file: ${_param:mysql_cinder_client_ssl_key_file}
+ cert_file: ${_param:mysql_cinder_client_ssl_cert_file}
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
glance:
host: ${_param:single_address}
message_queue:
diff --git a/cinder/volume/single.yml b/cinder/volume/single.yml
index f66a190..f6d4503 100644
--- a/cinder/volume/single.yml
+++ b/cinder/volume/single.yml
@@ -1,8 +1,11 @@
classes:
- service.cinder.volume.single
+- system.salt.minion.cert.mysql.clients.openstack.cinder
parameters:
_param:
cluster_internal_protocol: 'http'
+ openstack_mysql_x509_enabled: False
+ galera_ssl_enabled: False
linux:
system:
package:
@@ -14,6 +17,13 @@
enabled: True
database:
host: ${_param:openstack_database_address}
+ x509:
+ enabled: ${_param:openstack_mysql_x509_enabled}
+ ca_file: ${_param:mysql_cinder_ssl_ca_file}
+ key_file: ${_param:mysql_cinder_client_ssl_key_file}
+ cert_file: ${_param:mysql_cinder_client_ssl_cert_file}
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
glance:
host: ${_param:openstack_control_address}
protocol: ${_param:cluster_internal_protocol}
diff --git a/debmirror/mirror_mirantis_com/percona/xenial.yml b/debmirror/mirror_mirantis_com/percona/xenial.yml
new file mode 100644
index 0000000..e5efb9a
--- /dev/null
+++ b/debmirror/mirror_mirantis_com/percona/xenial.yml
@@ -0,0 +1,27 @@
+parameters:
+ _param:
+ apt_mk_version: 'stable'
+ mirror_mirantis_com_percona_xenial_force: False
+ debmirror_mirrors_base_target_dir: "/srv/volumes/aptly/public/${_param:apt_mk_version}/"
+ debmirror:
+ client:
+ enabled: true
+ mirrors:
+ mirror_mirantis_com_percona_xenial:
+ force: ${_param:mirror_mirantis_com_percona_xenial_force}
+ lock_target: True
+ extra_flags: [ '--verbose', '--progress', '--nosource', '--no-check-gpg', '--rsync-extra=none' ]
+ method: "rsync"
+ arch: [ 'amd64' ]
+ mirror_host: "mirror.mirantis.com"
+ mirror_root: ":mirror/${_param:apt_mk_version}/percona/xenial/"
+ target_dir: "${_param:debmirror_mirrors_base_target_dir}/percona/xenial/"
+ log_file: "/var/log/debmirror/mirror_mirantis_com_percona_xenial.log"
+ dist: [ xenial ]
+ section: [ main ]
+ filter:
+ 001: "--exclude='(-dbg_|-dbg-)'"
+ 002: "--exclude='/percona-server-5.(5|6)'"
+ 003: "--exclude='/percona-server-mongodb'"
+ 004: "--exclude='/(percona-xtradb-cluster|percona-server-5|percona-xtradb-cluster)'"
+ 050: "--include='/*galera*'"
diff --git a/debmirror/mirror_mirantis_com/ubuntu/xenial.yml b/debmirror/mirror_mirantis_com/ubuntu/xenial.yml
index d869e94..e8ef745 100644
--- a/debmirror/mirror_mirantis_com/ubuntu/xenial.yml
+++ b/debmirror/mirror_mirantis_com/ubuntu/xenial.yml
@@ -22,69 +22,57 @@
section: [ main , restricted, universe ]
# Don't exclude main/x11 - its required for many pkgs.
exclude_deb_section:
+ - Xfce
+ - comm
+ - doc
+ - electronics
- games
- gnome
- - Xfce
- - sound
- - electronics
- graphics
- hamradio
- - doc
- - localization
- kde
- - video
- - translations
+ - localization
- news
- - multiverse/games
- - multiverse/gnome
- - multiverse/Xfce
- - multiverse/sound
- - multiverse/electronics
- - multiverse/graphics
- - multiverse/hamradio
- - multiverse/doc
- - multiverse/localization
- - multiverse/kde
- - multiverse/video
- - multiverse/translations
- - multiverse/news
- - multiverse/x11
- - universe/games
- - universe/gnome
- - universe/Xfce
- - universe/sound
- - universe/electronics
- - universe/hamradio
- - universe/doc
- - universe/localization
- - universe/kde
- - universe/video
- - universe/translations
- - universe/news
- - universe/x11
- - universe/graphics
+ - science
+ - sound
+ - translations
+ - video
+ - main/debug
+ - main/science
+ - restricted/Xfce
+ - restricted/comm
+ - restricted/debug
+ - restricted/doc
+ - restricted/electronics
- restricted/games
- restricted/gnome
- - restricted/Xfce
- - restricted/sound
- - restricted/electronics
- restricted/graphics
- restricted/hamradio
- - restricted/doc
- - restricted/localization
- restricted/kde
- - restricted/video
- - restricted/translations
+ - restricted/localization
- restricted/news
+ - restricted/science
+ - restricted/sound
+ - restricted/translations
+ - restricted/video
- restricted/x11
- - main/debug
- - multiverse/debug
- - restricted/debug
- - universe/debug
- - comm
- - multiverse/comm
+ - universe/Xfce
- universe/comm
- - restricted/comm
+ - universe/debug
+ - universe/doc
+ - universe/electronics
+ - universe/games
+ - universe/gnome
+ - universe/graphics
+ - universe/hamradio
+ - universe/kde
+ - universe/localization
+ - universe/news
+ - universe/science
+ - universe/sound
+ - universe/translations
+ - universe/video
+ - universe/x11
# Updating filter, please always start from section, aka main|universe|multiverse
filter:
1: "--exclude='android*'"
@@ -131,17 +119,23 @@
94: "--exclude='/universe/o/(openstack-debian-images).*'"
95: "--exclude='/gcc-.*-cross.*'"
96: "--exclude='/(nvidia).*'"
+ 97: "--exclude='/universe/.*(metastudent).*'"
# List of unused linux kernels and unsupported arch
300: "--exclude='/.*(arm64|powerpc|s390x|armel|armhf|sparc64|mips64|ppc64el|mipsn32)(?!.*amd64)'"
- 301: "--exclude='(main|universe)/l/linux-*-(.*azure|.*aws|gke|.*azure-edge|.*oem/|.*euclid/)'"
+ 301: "--exclude='(main|universe)/l/linux-*-(.*azure|.*aws|gke|gcp|.*azure-edge|.*oem/|.*euclid/)'"
302: "--exclude='/*universe.*(-armel-|-arm-)(?!.*amd64)'"
303: "--exclude='/main/l/linux(.*)/linux-source-*'"
- # Generic: Old minor version of kernels. Old - if minor less then 3 digits.
- 304: '--exclude="main/l/(linux|linux-signed)/linux-.*.4\.4\.0-[0-9]{1,2}\."'
- # Hwe 4.8: Old minor version of kernels. Old - if minor in 30-40.
- 305: '--exclude="main/l/.*hwe.*/linux-.*.4\.8\.0-((3|4)[0-9])"'
- # Hwe 4.10: Old minor version of kernels. Old - if minor in 20-30.
- 306: '--exclude="main/l/.*hwe.*/linux-.*.4\.10\.0-((2|3)[0-9])"'
+ # Old minor version of kernel|tools|extra|cloud and related.
+ # Generic: Old - if minor less then < 127, but not 4numeric
+ 304: '--exclude="main/l/linux.*/linux-.*4\.4\.0-(([0-9][0-9])|([0-9][0-2][0-6]))(\.|_|-)"'
+ # Hwe 4.8: Old - if minor in 30-49 and < 57.
+ 305: '--exclude="main/l/linux.*/linux-.*4\.8\.0-(([0-4][0-9])|([0-9][0-6]))"'
+ # Hwe 4.10: Old - if minor in 0-39, < 42 .
+ 306: '--exclude="main/l/linux.*/linux-.*4\.10\.0-(([0-3][0-9])|(4[0-1]))"'
+ # Hwe 4.13: Old - if minor in 0-39, < 44
+ 307: '--exclude="main/l/linux.*/linux-.*4\.13\.0-(([0-3][0-9])|(4[0-4]))"'
+ # Hwe 4.15: Old - if minor in 0-19, < 24
+ 308: '--exclude="main/l/linux.*/linux-.*4\.15\.0-(([0-1][0-9])|([0-2][0-3]))"'
# List of packages, that should be fetched from fresh ppa or other mirror
# So,removing them from upstream mirror.
500: "--exclude='/main/m/maas/'"
@@ -181,5 +175,8 @@
802: "--include='/main(.*)python-(.*)network'"
803: "--include='/main(.*)unittest2'" # openstack* pkgs
804: "--include='/main(.*)libbluetooth3'" # python-guestfs
- 805: "--include='/main(.*)llvm-toolchain-5.0'" # pki-ca: < 389-ds-base < dogtag
+ # Get required llvm.But drop old llvm toolset.Old - if major in 1-5.
+ 805: '--include="/main(.*)llvm-toolchain-(?![1-5])"' # pki-ca: < 389-ds-base < dogtag
806: "--include='/main(.*)man-db'" # include man tool
+ 807: "--include='/main(.*)zfs-doc'" # Some extra fs dep's for MAAS provision stage.PROD-21531
+
diff --git a/designate/server/cluster/init.yml b/designate/server/cluster/init.yml
new file mode 100644
index 0000000..f5935d1
--- /dev/null
+++ b/designate/server/cluster/init.yml
@@ -0,0 +1,5 @@
+classes:
+- service.keepalived.cluster.single
+- service.haproxy.proxy.single
+- system.haproxy.proxy.listen.openstack.designate
+- system.designate.server.cluster.simple
\ No newline at end of file
diff --git a/designate/server/cluster.yml b/designate/server/cluster/simple.yml
similarity index 94%
rename from designate/server/cluster.yml
rename to designate/server/cluster/simple.yml
index f60f883..9f9b18b 100644
--- a/designate/server/cluster.yml
+++ b/designate/server/cluster/simple.yml
@@ -1,8 +1,5 @@
classes:
- service.designate.server.cluster
-- service.keepalived.cluster.single
-- system.haproxy.proxy.listen.openstack.designate
-- service.haproxy.proxy.single
parameters:
_param:
designate_admin_api_enabled: false
diff --git a/docker/swarm/stack/decapod.yml b/docker/swarm/stack/decapod.yml
index bd86062..2d915fc 100644
--- a/docker/swarm/stack/decapod.yml
+++ b/docker/swarm/stack/decapod.yml
@@ -1,12 +1,13 @@
parameters:
_param:
+ mcp_docker_registry: 'docker-prod-local.artifactory.mirantis.com'
docker_decapod_fe_replicas: 3
decapod_version: latest
- docker_image_admin: docker-prod-local.artifactory.mirantis.com/mirantis/ceph/decapod/admin:${_param:decapod_version}
- docker_image_db: docker-prod-local.artifactory.mirantis.com/mirantis/ceph/decapod/db:${_param:decapod_version}
- docker_image_api: docker-prod-local.artifactory.mirantis.com/mirantis/ceph/decapod/api:${_param:decapod_version}
- docker_image_controller: docker-prod-local.artifactory.mirantis.com/mirantis/ceph/decapod/controller:latest
- docker_image_frontend: docker-prod-local.artifactory.mirantis.com/mirantis/ceph/decapod/frontend:${_param:decapod_version}
+ docker_image_admin: ${_param:mcp_docker_registry}/mirantis/ceph/decapod/admin:${_param:decapod_version}
+ docker_image_db: ${_param:mcp_docker_registry}/mirantis/ceph/decapod/db:${_param:decapod_version}
+ docker_image_api: ${_param:mcp_docker_registry}/mirantis/ceph/decapod/api:${_param:decapod_version}
+ docker_image_controller: ${_param:mcp_docker_registry}/mirantis/ceph/decapod/controller:latest
+ docker_image_frontend: ${_param:mcp_docker_registry}/mirantis/ceph/decapod/frontend:${_param:decapod_version}
docker:
client:
stack:
diff --git a/docker/swarm/stack/devops_portal.yml b/docker/swarm/stack/devops_portal.yml
index f8f89f9..c7790d8 100644
--- a/docker/swarm/stack/devops_portal.yml
+++ b/docker/swarm/stack/devops_portal.yml
@@ -1,7 +1,8 @@
parameters:
_param:
+ mcp_docker_registry: 'docker-prod-local.artifactory.mirantis.com'
docker_devops_portal_replicas: 1
- docker_image_devops_portal: docker-prod-local.artifactory.mirantis.com/mirantis/oss/devops-portal:latest
+ docker_image_devops_portal: ${_param:mcp_docker_registry}/mirantis/oss/devops-portal:latest
docker:
client:
stack:
@@ -23,4 +24,4 @@
external:
name: oss_backend
frontend:
- driver: overlay
\ No newline at end of file
+ driver: overlay
diff --git a/docker/swarm/stack/hce.yml b/docker/swarm/stack/hce.yml
index 7a25ce4..a2d4505 100644
--- a/docker/swarm/stack/hce.yml
+++ b/docker/swarm/stack/hce.yml
@@ -1,7 +1,8 @@
parameters:
_param:
+ mcp_docker_registry: 'docker-prod-local.artifactory.mirantis.com'
docker_hce_replicas: 1
- docker_image_hce: docker-prod-local.artifactory.mirantis.com/mirantis/oss/hce
+ docker_image_hce: ${_param:mcp_docker_registry}/mirantis/oss/hce
hce_bind_host: hce-api
hce_bind_port: ${_param:haproxy_hce_bind_port}
hce_prometheus_protocol: http
diff --git a/docker/swarm/stack/janitor_monkey.yml b/docker/swarm/stack/janitor_monkey.yml
index 2849554..4793b1a 100644
--- a/docker/swarm/stack/janitor_monkey.yml
+++ b/docker/swarm/stack/janitor_monkey.yml
@@ -1,10 +1,11 @@
parameters:
_param:
+ mcp_docker_registry: 'docker-prod-local.artifactory.mirantis.com'
docker_janitor_monkey_replicas: 1
docker_image_mongodb: library/mongo:3.4
docker_mongodb_admin_username: admin
docker_mongodb_admin_password: password
- docker_image_janitor_monkey: docker-prod-local.artifactory.mirantis.com/mirantis/oss/janitor-monkey
+ docker_image_janitor_monkey: ${_param:mcp_docker_registry}/mirantis/oss/janitor-monkey
janitor_monkey_bind_host: cleanup-service-api
janitor_monkey_bind_port: 8080
janitor_monkey_ssl:
diff --git a/docker/swarm/stack/jenkins/slave.yml b/docker/swarm/stack/jenkins/slave.yml
index e6ed298..f3cd90c 100644
--- a/docker/swarm/stack/jenkins/slave.yml
+++ b/docker/swarm/stack/jenkins/slave.yml
@@ -35,7 +35,6 @@
image: ${_param:docker_image_jenkins_slave}
volumes:
- /etc/ssl/certs/java/cacerts:/etc/ssl/certs/java/cacerts:ro
- - /etc/aptly:/etc/aptly:ro
- /var/run/docker.sock:/var/run/docker.sock
- /usr/bin/docker:/usr/bin/docker:ro
- /var/lib/jenkins:/var/lib/jenkins
@@ -59,7 +58,6 @@
image: ${_param:docker_image_jenkins_slave}
volumes:
- /etc/ssl/certs/java/cacerts:/etc/ssl/certs/java/cacerts:ro
- - /etc/aptly:/etc/aptly:ro
- /var/run/docker.sock:/var/run/docker.sock
- /usr/bin/docker:/usr/bin/docker:ro
- /var/lib/jenkins:/var/lib/jenkins
@@ -83,7 +81,6 @@
image: ${_param:docker_image_jenkins_slave}
volumes:
- /etc/ssl/certs/java/cacerts:/etc/ssl/certs/java/cacerts:ro
- - /etc/aptly:/etc/aptly:ro
- /var/run/docker.sock:/var/run/docker.sock
- /usr/bin/docker:/usr/bin/docker:ro
- /var/lib/jenkins:/var/lib/jenkins
diff --git a/docker/swarm/stack/keycloak.yml b/docker/swarm/stack/keycloak.yml
index 0187a08..c712fda 100644
--- a/docker/swarm/stack/keycloak.yml
+++ b/docker/swarm/stack/keycloak.yml
@@ -1,15 +1,21 @@
parameters:
_param:
- docker_keycloak_server_replicas: 3
+ docker_keycloak_server_replicas: 1
docker_keycloak_proxy_replicas: 1
docker_image_keycloak_server: jboss/keycloak:3.4.2.Final
- docker_image_keycloak_proxy: jboss/keycloak-proxy:3.4.2.h
+ docker_image_keycloak_proxy: jboss/keycloak-proxy:3.4.2.Final
keycloak_bind_port: ${_param:haproxy_keycloak_bind_port}
keycloak_proxy_bind_port: ${_param:haproxy_keycloak_proxy_bind_port}
+ # Initial admin support
+ keycloak_admin_username: admin
+ keycloak_admin_password: password
docker:
client:
stack:
keycloak:
+ environment:
+ KEYCLOAK_USER: ${_param:keycloak_admin_username}
+ KEYCLOAK_PASSWORD: ${_param:keycloak_admin_password}
service:
keycloak-server:
image: ${_param:docker_image_keycloak_server}
diff --git a/docker/swarm/stack/monitoring/alerta.yml b/docker/swarm/stack/monitoring/alerta.yml
index 858eb38..8c9d7aa 100644
--- a/docker/swarm/stack/monitoring/alerta.yml
+++ b/docker/swarm/stack/monitoring/alerta.yml
@@ -2,7 +2,8 @@
- system.prometheus.alerta
parameters:
_param:
- docker_image_alerta: docker-prod-local.artifactory.mirantis.com/mirantis/external/alerta-web:latest
+ mcp_docker_registry: 'docker-prod-local.artifactory.mirantis.com'
+ docker_image_alerta: ${_param:mcp_docker_registry}/mirantis/external/alerta-web:latest
alerta_mongodb_uri: "mongodb://${_param:cluster_node01_address}:27017,${_param:cluster_node02_address}:27017,${_param:cluster_node03_address}:27017/alerta?replicaSet=stacklight"
alerta_admin_username: "admin@alerta.io"
docker:
@@ -29,3 +30,4 @@
ADMIN_USERS: ${_param:alerta_admin_username}
ADMIN_PASSWORD: ${_param:alerta_admin_password}
MONGO_URI: ${_param:alerta_mongodb_uri}
+ PLUGINS: ""
diff --git a/docker/swarm/stack/monitoring/elasticsearch_client_node.yml b/docker/swarm/stack/monitoring/elasticsearch_client_node.yml
new file mode 100644
index 0000000..2e509f1
--- /dev/null
+++ b/docker/swarm/stack/monitoring/elasticsearch_client_node.yml
@@ -0,0 +1,46 @@
+parameters:
+ _param:
+ mcp_docker_registry: 'docker-prod-local.artifactory.mirantis.com'
+ docker_image_elasticsearch: ${_param:mcp_docker_registry}/mirantis/external/elasticsearch:nightly
+ elasticsearch_client_node_publish_host: ${_param:cluster_public_host}
+ elasticsearch_cluster_name: elasticsearch
+ docker:
+ client:
+ stack:
+ monitoring:
+ network:
+ monitoring:
+ driver: overlay
+ driver_opts:
+ encrypted: 1
+ service:
+ elasticsearch_client_node:
+ networks:
+ - monitoring
+ deploy:
+ replicas: 1
+ labels:
+ com.mirantis.monitoring: "elasticsearch"
+ restart_policy:
+ condition: any
+ environment:
+ ES_JAVA_OPTS: "-Xms512m -Xmx512m"
+ cluster.name: ${_param:elasticsearch_cluster_name}
+ node.master: "false"
+ node.data: "false"
+ node.ingest: "false"
+ node.attr.client_node: "true"
+ search.remote.connect: "false"
+ network.host: 0.0.0.0
+ network.publish_host: ${_param:elasticsearch_client_node_publish_host}
+ xpack.security.enabled: "false"
+ xpack.monitoring.enabled: "false"
+ bootstrap.memory_lock: "false"
+ discovery.zen.minimum_master_nodes: 2
+ discovery.zen.ping.unicast.hosts: ${_param:stacklight_monitor_address}
+ labels:
+ com.mirantis.monitoring: "elasticsearch"
+ image: ${_param:docker_image_elasticsearch}
+ ports:
+ - 9305:9300
+ - 9205:9200
diff --git a/docker/swarm/stack/monitoring/gainsight.yml b/docker/swarm/stack/monitoring/gainsight.yml
index 11344b7..5748034 100644
--- a/docker/swarm/stack/monitoring/gainsight.yml
+++ b/docker/swarm/stack/monitoring/gainsight.yml
@@ -2,6 +2,7 @@
- system.prometheus.gainsight.container
parameters:
_param:
+ mcp_docker_registry: 'docker-prod-local.artifactory.mirantis.com'
gainsight_enabled: 'true'
gainsight_csv_upload_url: 'http://localhost:9999'
gainsight_account_id: 'default'
@@ -14,7 +15,7 @@
gainsight_config_directory: '/srv/gainsight'
gainsight_crontab_directory: '/etc/cron.d'
gainsight_config_path: "${_param:gainsight_config_directory}/config.ini"
- docker_image_prometheus_gainsight: 'docker-prod-local.artifactory.mirantis.com/openstack-docker/gainsight:nightly'
+ docker_image_prometheus_gainsight: '${_param:mcp_docker_registry}/openstack-docker/gainsight:nightly'
docker:
client:
stack:
diff --git a/docker/swarm/stack/pushkin.yml b/docker/swarm/stack/pushkin.yml
index 55f1fd6..65d400e 100644
--- a/docker/swarm/stack/pushkin.yml
+++ b/docker/swarm/stack/pushkin.yml
@@ -1,7 +1,8 @@
parameters:
_param:
+ mcp_docker_registry: 'docker-prod-local.artifactory.mirantis.com'
docker_pushkin_replicas: 1
- docker_image_pushkin: docker-prod-local.artifactory.mirantis.com/mirantis/oss/pushkin
+ docker_image_pushkin: ${_param:mcp_docker_registry}/mirantis/oss/pushkin
pushkin_bind_host: pushkin-api
pushkin_bind_port: ${_param:haproxy_pushkin_bind_port}
pushkin_elasticsearch: ${_param:elasticsearch_bind_host}
diff --git a/docker/swarm/stack/rundeck.yml b/docker/swarm/stack/rundeck.yml
index 88693be..b680eea 100644
--- a/docker/swarm/stack/rundeck.yml
+++ b/docker/swarm/stack/rundeck.yml
@@ -1,7 +1,8 @@
parameters:
_param:
+ mcp_docker_registry: 'docker-prod-local.artifactory.mirantis.com'
docker_rundeck_replicas: 1
- docker_image_rundeck: docker-prod-local.artifactory.mirantis.com/mirantis/oss/rundeck:latest
+ docker_image_rundeck: ${_param:mcp_docker_registry}/mirantis/oss/rundeck:latest
rundeck_bind_host: rundeck-api
rundeck_bind_port: ${_param:haproxy_rundeck_bind_port}
rundeck_ssl:
diff --git a/docker/swarm/stack/security_monkey.yml b/docker/swarm/stack/security_monkey.yml
index 2f844c0..2c46878 100644
--- a/docker/swarm/stack/security_monkey.yml
+++ b/docker/swarm/stack/security_monkey.yml
@@ -1,11 +1,12 @@
parameters:
_param:
+ mcp_docker_registry: 'docker-prod-local.artifactory.mirantis.com'
docker_security_monkey_api_replicas: 1
docker_security_monkey_scheduler_replicas: 1
secmonkey_login_id: 11
secmonkey_application_id: 1
- docker_image_security_monkey_api: docker-prod-local.artifactory.mirantis.com/mirantis/oss/security-monkey-api
- docker_image_security_monkey_scheduler: docker-prod-local.artifactory.mirantis.com/mirantis/oss/security-monkey-scheduler
+ docker_image_security_monkey_api: ${_param:mcp_docker_registry}/mirantis/oss/security-monkey-api
+ docker_image_security_monkey_scheduler: ${_param:mcp_docker_registry}/mirantis/oss/security-monkey-scheduler
security_monkey_bind_host: security-audit-api
security_monkey_bind_port: ${_param:haproxy_security_monkey_bind_port}
security_monkey_ssl:
diff --git a/galera/server/database/ssl/cinder.yml b/galera/server/database/ssl/cinder.yml
new file mode 100644
index 0000000..24554a7
--- /dev/null
+++ b/galera/server/database/ssl/cinder.yml
@@ -0,0 +1,4 @@
+parameters:
+ _param:
+ mysql_cinder_ssl_option:
+ - SSL: True
\ No newline at end of file
diff --git a/galera/server/database/ssl/nova.yml b/galera/server/database/ssl/nova.yml
new file mode 100644
index 0000000..b0a87c8
--- /dev/null
+++ b/galera/server/database/ssl/nova.yml
@@ -0,0 +1,4 @@
+parameters:
+ _param:
+ mysql_nova_ssl_option:
+ - SSL: True
\ No newline at end of file
diff --git a/galera/server/database/x509/cinder.yml b/galera/server/database/x509/cinder.yml
new file mode 100644
index 0000000..38fd75a
--- /dev/null
+++ b/galera/server/database/x509/cinder.yml
@@ -0,0 +1,7 @@
+parameters:
+ _param:
+ mysql_cinder_clietn_ssl_x509_subject: '/C=cz/CN=mysql-cinder-client/L=Prague/O=Mirantis'
+ mysql_cinder_clietn_ssl_x509_issuer: '/C=cz/CN=Salt Master CA/L=Prague/O=Mirantis'
+ mysql_cinder_ssl_option:
+ - SUBJECT: ${_param:mysql_cinder_clietn_ssl_x509_subject}
+ - ISSUER: ${_param:mysql_cinder_clietn_ssl_x509_issuer}
\ No newline at end of file
diff --git a/galera/server/database/x509/nova.yml b/galera/server/database/x509/nova.yml
new file mode 100644
index 0000000..305fafd
--- /dev/null
+++ b/galera/server/database/x509/nova.yml
@@ -0,0 +1,7 @@
+parameters:
+ _param:
+ mysql_nova_clietn_ssl_x509_subject: '/C=cz/CN=mysql-nova-client/L=Prague/O=Mirantis'
+ mysql_nova_clietn_ssl_x509_issuer: '/C=cz/CN=Salt Master CA/L=Prague/O=Mirantis'
+ mysql_nova_ssl_option:
+ - SUBJECT: ${_param:mysql_nova_clietn_ssl_x509_subject}
+ - ISSUER: ${_param:mysql_nova_clietn_ssl_x509_issuer}
\ No newline at end of file
diff --git a/gerrit/client/team/mirantis.yml b/gerrit/client/team/mirantis.yml
index 33e0bed..8088369 100644
--- a/gerrit/client/team/mirantis.yml
+++ b/gerrit/client/team/mirantis.yml
@@ -1,25 +1,4 @@
parameters:
gerrit:
client:
- user:
- akomarek:
- fullname: Ales Komarek
- email: "akomarek@mirantis.com"
- ssh_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3odU+3V2uDA2ptAFL9hrJRPNEEdAyztWOZFQ5Oyd9oerTGOU3p4xmrgWWjfKFKbYGhiiIUcYAol5PkTfKukGEkkjCHYA1t023soCaaAj85wCZCnw2zQNAziwxTYmAzTqgxiSvtZNMMrtJvFHRIRDzJ3M1lV0prWNWkMM1/3FAd4W49y6VT3fkMCo8uqG7CfGdgR2DgBCxf9KaNPfW5eDEPOgmE5lK8tVSEI6T+Cg7hbcTf4lFYnlFBnlQgp/0JstsM4Vbwb4B34LOpOsf2S8rrWk2xQMjwaMHXkc2s/E8iW3F5nVFuyEXYISFQIiAHw8dzC6CHgLcyHUVWwznKawZ
- groups:
- - devops-core
- - devops-release
- jpavlik:
- fullname: Jakub Pavlik
- email: "jpavlik@mirantis.com"
- ssh_key: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAylDZDzgMuEsJQpwFHDW+QivCVhryxXd1/HWqq1TVhJmT9oNAYdhUBnf/9kVtgmP0EWpDJtGSEaSugCmx8KE76I64RhpOTlm7wO0FFUVnzhFtTPx38WHfMjMdk1HF8twZU4svi72Xbg1KyBimwvaxTTd4zxq8Mskp3uwtkqPcQJDSQaZYv+wtuB6m6vHBCOTZwAognDGEvvCg0dgTU4hch1zoHSaxedS1UFHjUAM598iuI3+hMos/5hjG/vuay4cPLBJX5x1YF6blbFALwrQw8ZmTPaimqDUA9WD6KSmS1qg4rOkk4cszIfJ5vyymMrG+G3qk5LeT4VrgIgWQTAHyXw==
- groups:
- - devops-core
- - devops-release
- fpytloun:
- fullname: Filip Pytloun
- email: "fpytloun@mirantis.com"
- ssh_key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCcuHTjJ3CoWdkmvtag07bIWeyAMqFLAN+QApat7TXUcDYmm/neK4Asg3m/UicofZnB80cI4tjnB84Z8WazLHMxVTLwHbEqTVbXVeKebiZ5yn0yo4ndRzmppUfSvs0xcMysBwu+hYAnIDXTedctbciMSYKbuQ+b9XZ4mFZ/2RHG4QBA/dPUxJdCwvkBu7AOV+6zaRSR99UETr5nxICQUGVJBTy6VkCsch4mK3/K2SrujODUhytcROg+6ejV/aZHWH9xIFRBLfhmSFeOC6oneBWo4QBQ2tTZgb7Go744JpkhkoMfWQnR2s6cCgUN60BJ6j5snqmbv9/2CmgbI4UprC+E6lL04K/Jbgjv+fi3KqnCIpRiQzahmjSeeYdPducWme3BVDceUSb5EzF/RjSDi4yHcTWJS0TcPf195p42O1G6tLw5zfmIu2+PWUq1L4pLualboUbaDtwqg0WaLWKONi9tJkOS1OMz4hxqEbWBAtFNJLHC5K+OXcV8Yt6C7iB2dEZ4c26MAi1pdMqhFjxYiCGYKZ4lyV9xo8tWcs5fiUIi2PKyLQ9SMRQbhXIcb9ENby2D/ijh5AVpbBew8iaUQQKg83Yo0z2PwTWyNFuXECAl667XaTNZEMVUjo5yU/OtktVZiH6ZfvEFwj+7OpLBiZ3sFgp/7EHcGXa0FL6BcXuwfQ==
- groups:
- - devops-core
- - devops-release
+ user: {}
diff --git a/glance/control/storage/ceph.yml b/glance/control/storage/ceph.yml
index d48fb6d..3c5c8d9 100644
--- a/glance/control/storage/ceph.yml
+++ b/glance/control/storage/ceph.yml
@@ -2,7 +2,8 @@
glance:
server:
storage:
+ default_store: rbd
engine: rbd,http
user: ${_param:glance_storage_user}
pool: ${_param:glance_storage_pool}
- chunk_size: 8
\ No newline at end of file
+ chunk_size: 8
diff --git a/glance/control/storage/vmware.yml b/glance/control/storage/vmware.yml
new file mode 100644
index 0000000..d908214
--- /dev/null
+++ b/glance/control/storage/vmware.yml
@@ -0,0 +1,2 @@
+classes:
+- service.glance.control.storage.vmware
diff --git a/glusterfs/client/volume/keystone.yml b/glusterfs/client/volume/keystone.yml
index a93c0c1..f0a6e30 100644
--- a/glusterfs/client/volume/keystone.yml
+++ b/glusterfs/client/volume/keystone.yml
@@ -1,3 +1,5 @@
+classes:
+- system.linux.system.users.keystone
parameters:
_param:
keystone_glusterfs_service_host: ${_param:glusterfs_service_host}
@@ -20,20 +22,3 @@
user: keystone
group: keystone
opts: "defaults,backup-volfile-servers=${_param:glusterfs_node01_address}:${_param:glusterfs_node02_address}:${_param:glusterfs_node03_address}"
- linux:
- system:
- user:
- keystone:
- enabled: true
- name: keystone
- home: /var/lib/keystone
- uid: 301
- gid: 301
- shell: /bin/false
- system: True
- group:
- keystone:
- enabled: true
- name: keystone
- gid: 301
- system: True
diff --git a/haproxy/proxy/listen/cicd/jenkins.yml b/haproxy/proxy/listen/cicd/jenkins.yml
index 93a9fdd..d8c67d0 100644
--- a/haproxy/proxy/listen/cicd/jenkins.yml
+++ b/haproxy/proxy/listen/cicd/jenkins.yml
@@ -17,6 +17,9 @@
- httpclose
- httplog
balance: source
+ timeout:
+ server: 90m
+ client: 90m
http_request:
- action: "add-header X-Forwarded-Proto https"
condition: "if { ssl_fc }"
diff --git a/haproxy/proxy/listen/keycloak.yml b/haproxy/proxy/listen/keycloak.yml
index 73697a3..89a9670 100644
--- a/haproxy/proxy/listen/keycloak.yml
+++ b/haproxy/proxy/listen/keycloak.yml
@@ -1,7 +1,7 @@
parameters:
_param:
haproxy_keycloak_bind_host: ${_param:haproxy_bind_address}
- haproxy_keycloak_bind_port: 8086
+ haproxy_keycloak_bind_port: 8080
haproxy_keycloak_exposed_port: 18086
haproxy_keycloak_ssl:
enabled: false
diff --git a/haproxy/proxy/listen/openstack/ceilometer_large.yml b/haproxy/proxy/listen/openstack/ceilometer_large.yml
new file mode 100644
index 0000000..8b9fa7e
--- /dev/null
+++ b/haproxy/proxy/listen/openstack/ceilometer_large.yml
@@ -0,0 +1,31 @@
+parameters:
+ haproxy:
+ proxy:
+ listen:
+ ceilometer_api:
+ type: general-service
+ check: false
+ binds:
+ - address: ${_param:cluster_vip_address}
+ port: 8777
+ servers:
+ - name: ${_param:cluster_node01_hostname}
+ host: ${_param:cluster_node01_address}
+ port: 8777
+ params: check
+ - name: ${_param:cluster_node02_hostname}
+ host: ${_param:cluster_node02_address}
+ port: 8777
+ params: check
+ - name: ${_param:cluster_node03_hostname}
+ host: ${_param:cluster_node03_address}
+ port: 8777
+ params: check
+ - name: ${_param:cluster_node04_hostname}
+ host: ${_param:cluster_node04_address}
+ port: 8777
+ params: check
+ - name: ${_param:cluster_node05_hostname}
+ host: ${_param:cluster_node05_address}
+ port: 8777
+ params: check
diff --git a/haproxy/proxy/listen/openstack/cinder_large.yml b/haproxy/proxy/listen/openstack/cinder_large.yml
new file mode 100644
index 0000000..7721f94
--- /dev/null
+++ b/haproxy/proxy/listen/openstack/cinder_large.yml
@@ -0,0 +1,31 @@
+parameters:
+ haproxy:
+ proxy:
+ listen:
+ cinder_api:
+ type: openstack-service
+ service_name: cinder
+ binds:
+ - address: ${_param:cluster_vip_address}
+ port: 8776
+ servers:
+ - name: ${_param:cluster_node01_hostname}
+ host: ${_param:cluster_node01_address}
+ port: 8776
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node02_hostname}
+ host: ${_param:cluster_node02_address}
+ port: 8776
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node03_hostname}
+ host: ${_param:cluster_node03_address}
+ port: 8776
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node04_hostname}
+ host: ${_param:cluster_node04_address}
+ port: 8776
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node05_hostname}
+ host: ${_param:cluster_node05_address}
+ port: 8776
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
\ No newline at end of file
diff --git a/haproxy/proxy/listen/openstack/designate.yml b/haproxy/proxy/listen/openstack/designate.yml
index 7a54af2..1310be4 100644
--- a/haproxy/proxy/listen/openstack/designate.yml
+++ b/haproxy/proxy/listen/openstack/designate.yml
@@ -1,4 +1,7 @@
parameters:
+ _param:
+ haproxy_designate_check_params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ haproxy_designate_port: 9001
haproxy:
proxy:
listen:
@@ -7,13 +10,13 @@
service_name: designate
binds:
- address: ${_param:cluster_vip_address}
- port: 9001
+ port: ${_param:haproxy_designate_port}
servers:
- name: ${_param:cluster_node01_hostname}
host: ${_param:cluster_node01_address}
- port: 9001
- params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ port: ${_param:haproxy_designate_port}
+ params: ${_param:haproxy_designate_check_params}
- name: ${_param:cluster_node02_hostname}
host: ${_param:cluster_node02_address}
- port: 9001
- params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ port: ${_param:haproxy_designate_port}
+ params: ${_param:haproxy_designate_check_params}
diff --git a/haproxy/proxy/listen/openstack/glance_large.yml b/haproxy/proxy/listen/openstack/glance_large.yml
new file mode 100644
index 0000000..6d88933
--- /dev/null
+++ b/haproxy/proxy/listen/openstack/glance_large.yml
@@ -0,0 +1,58 @@
+parameters:
+ haproxy:
+ proxy:
+ listen:
+ glance_api:
+ type: openstack-service
+ service_name: glance
+ binds:
+ - address: ${_param:cluster_vip_address}
+ port: 9292
+ servers:
+ - name: ${_param:cluster_node01_hostname}
+ host: ${_param:cluster_node01_address}
+ port: 9292
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node02_hostname}
+ host: ${_param:cluster_node02_address}
+ port: 9292
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node03_hostname}
+ host: ${_param:cluster_node03_address}
+ port: 9292
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node04_hostname}
+ host: ${_param:cluster_node04_address}
+ port: 9292
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node05_hostname}
+ host: ${_param:cluster_node05_address}
+ port: 9292
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ glance_registry_api:
+ type: general-service
+ service_name: glance
+ binds:
+ - address: ${_param:cluster_vip_address}
+ port: 9191
+ servers:
+ - name: ${_param:cluster_node01_hostname}
+ host: ${_param:cluster_node01_address}
+ port: 9191
+ params: check
+ - name: ${_param:cluster_node02_hostname}
+ host: ${_param:cluster_node02_address}
+ port: 9191
+ params: check
+ - name: ${_param:cluster_node03_hostname}
+ host: ${_param:cluster_node03_address}
+ port: 9191
+ params: check
+ - name: ${_param:cluster_node04_hostname}
+ host: ${_param:cluster_node04_address}
+ port: 9191
+ params: check
+ - name: ${_param:cluster_node05_hostname}
+ host: ${_param:cluster_node05_address}
+ port: 9191
+ params: check
\ No newline at end of file
diff --git a/haproxy/proxy/listen/openstack/glare_large.yml b/haproxy/proxy/listen/openstack/glare_large.yml
new file mode 100644
index 0000000..4e3bd08
--- /dev/null
+++ b/haproxy/proxy/listen/openstack/glare_large.yml
@@ -0,0 +1,31 @@
+parameters:
+ haproxy:
+ proxy:
+ listen:
+ glare:
+ type: general-service
+ service_name: glare
+ binds:
+ - address: ${_param:cluster_vip_address}
+ port: 9494
+ servers:
+ - name: ${_param:cluster_node01_hostname}
+ host: ${_param:cluster_node01_address}
+ port: 9494
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node02_hostname}
+ host: ${_param:cluster_node02_address}
+ port: 9494
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node03_hostname}
+ host: ${_param:cluster_node03_address}
+ port: 9494
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node04_hostname}
+ host: ${_param:cluster_node04_address}
+ port: 9494
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node05_hostname}
+ host: ${_param:cluster_node05_address}
+ port: 9494
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
\ No newline at end of file
diff --git a/haproxy/proxy/listen/openstack/heat_large.yml b/haproxy/proxy/listen/openstack/heat_large.yml
new file mode 100644
index 0000000..50ba69f
--- /dev/null
+++ b/haproxy/proxy/listen/openstack/heat_large.yml
@@ -0,0 +1,85 @@
+parameters:
+ haproxy:
+ proxy:
+ listen:
+ heat_cloudwatch_api:
+ type: openstack-service
+ service_name: heat
+ binds:
+ - address: ${_param:cluster_vip_address}
+ port: 8003
+ servers:
+ - name: ${_param:cluster_node01_hostname}
+ host: ${_param:cluster_node01_address}
+ port: 8003
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node02_hostname}
+ host: ${_param:cluster_node02_address}
+ port: 8003
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node03_hostname}
+ host: ${_param:cluster_node03_address}
+ port: 8003
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node04_hostname}
+ host: ${_param:cluster_node04_address}
+ port: 8003
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node05_hostname}
+ host: ${_param:cluster_node05_address}
+ port: 8003
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ heat_api:
+ type: openstack-service
+ service_name: heat
+ binds:
+ - address: ${_param:cluster_vip_address}
+ port: 8004
+ servers:
+ - name: ${_param:cluster_node01_hostname}
+ host: ${_param:cluster_node01_address}
+ port: 8004
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node02_hostname}
+ host: ${_param:cluster_node02_address}
+ port: 8004
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node03_hostname}
+ host: ${_param:cluster_node03_address}
+ port: 8004
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node04_hostname}
+ host: ${_param:cluster_node04_address}
+ port: 8004
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node05_hostname}
+ host: ${_param:cluster_node05_address}
+ port: 8004
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ heat_cfn_api:
+ type: openstack-service
+ service_name: heat
+ binds:
+ - address: ${_param:cluster_vip_address}
+ port: 8000
+ servers:
+ - name: ${_param:cluster_node01_hostname}
+ host: ${_param:cluster_node01_address}
+ port: 8000
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node02_hostname}
+ host: ${_param:cluster_node02_address}
+ port: 8000
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node03_hostname}
+ host: ${_param:cluster_node03_address}
+ port: 8000
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node04_hostname}
+ host: ${_param:cluster_node04_address}
+ port: 8000
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node05_hostname}
+ host: ${_param:cluster_node05_address}
+ port: 8000
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
\ No newline at end of file
diff --git a/haproxy/proxy/listen/openstack/keystone/large.yml b/haproxy/proxy/listen/openstack/keystone/large.yml
new file mode 100644
index 0000000..17510ac
--- /dev/null
+++ b/haproxy/proxy/listen/openstack/keystone/large.yml
@@ -0,0 +1,54 @@
+parameters:
+ haproxy:
+ proxy:
+ listen:
+ keystone_public_api:
+ binds:
+ - address: ${_param:cluster_vip_address}
+ port: 5000
+ servers:
+ - name: ${_param:cluster_node01_hostname}
+ host: ${_param:cluster_node01_address}
+ port: 5000
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node02_hostname}
+ host: ${_param:cluster_node02_address}
+ port: 5000
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node03_hostname}
+ host: ${_param:cluster_node03_address}
+ port: 5000
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node04_hostname}
+ host: ${_param:cluster_node04_address}
+ port: 5000
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node05_hostname}
+ host: ${_param:cluster_node05_address}
+ port: 5000
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ keystone_admin_api:
+ binds:
+ - address: ${_param:cluster_vip_address}
+ port: 35357
+ servers:
+ - name: ${_param:cluster_node01_hostname}
+ host: ${_param:cluster_node01_address}
+ port: 35357
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node02_hostname}
+ host: ${_param:cluster_node02_address}
+ port: 35357
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node03_hostname}
+ host: ${_param:cluster_node03_address}
+ port: 35357
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node04_hostname}
+ host: ${_param:cluster_node04_address}
+ port: 35357
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node05_hostname}
+ host: ${_param:cluster_node05_address}
+ port: 35357
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
diff --git a/haproxy/proxy/listen/openstack/large_setup.yml b/haproxy/proxy/listen/openstack/large_setup.yml
new file mode 100644
index 0000000..947cfce
--- /dev/null
+++ b/haproxy/proxy/listen/openstack/large_setup.yml
@@ -0,0 +1,11 @@
+classes:
+- system.haproxy.proxy.listen.openstack.aodh_large
+- system.haproxy.proxy.listen.openstack.ceilometer_large
+- system.haproxy.proxy.listen.openstack.cinder_large
+- system.haproxy.proxy.listen.openstack.glance_large
+- system.haproxy.proxy.listen.openstack.glare_large
+- system.haproxy.proxy.listen.openstack.heat_large
+- system.haproxy.proxy.listen.openstack.keystone.large
+- system.haproxy.proxy.listen.openstack.neutron_large
+- system.haproxy.proxy.listen.openstack.nova_large
+- system.haproxy.proxy.listen.openstack.novanc_large
diff --git a/haproxy/proxy/listen/openstack/neutron.yml b/haproxy/proxy/listen/openstack/neutron.yml
index 29bd548..ebc3f1a 100644
--- a/haproxy/proxy/listen/openstack/neutron.yml
+++ b/haproxy/proxy/listen/openstack/neutron.yml
@@ -1,4 +1,7 @@
parameters:
+ _param:
+ haproxy_neutron_check_params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ haproxy_neutron_port: 9696
haproxy:
proxy:
listen:
@@ -7,17 +10,17 @@
service_name: neutron
binds:
- address: ${_param:cluster_vip_address}
- port: 9696
+ port: ${_param:haproxy_neutron_port}
servers:
- name: ${_param:cluster_node01_hostname}
host: ${_param:cluster_node01_address}
- port: 9696
- params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ port: ${_param:haproxy_neutron_port}
+ params: ${_param:haproxy_neutron_check_params}
- name: ${_param:cluster_node02_hostname}
host: ${_param:cluster_node02_address}
- port: 9696
- params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ port: ${_param:haproxy_neutron_port}
+ params: ${_param:haproxy_neutron_check_params}
- name: ${_param:cluster_node03_hostname}
host: ${_param:cluster_node03_address}
- port: 9696
- params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
\ No newline at end of file
+ port: ${_param:haproxy_neutron_port}
+ params: ${_param:haproxy_neutron_check_params}
diff --git a/haproxy/proxy/listen/openstack/neutron_large.yml b/haproxy/proxy/listen/openstack/neutron_large.yml
new file mode 100644
index 0000000..5039586
--- /dev/null
+++ b/haproxy/proxy/listen/openstack/neutron_large.yml
@@ -0,0 +1,34 @@
+parameters:
+ _param:
+ haproxy_neutron_check_params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ haproxy_neutron_port: 9696
+ haproxy:
+ proxy:
+ listen:
+ neutron_api:
+ type: openstack-service
+ service_name: neutron
+ binds:
+ - address: ${_param:cluster_vip_address}
+ port: ${_param:haproxy_neutron_port}
+ servers:
+ - name: ${_param:cluster_node01_hostname}
+ host: ${_param:cluster_node01_address}
+ port: ${_param:haproxy_neutron_port}
+ params: ${_param:haproxy_neutron_check_params}
+ - name: ${_param:cluster_node02_hostname}
+ host: ${_param:cluster_node02_address}
+ port: ${_param:haproxy_neutron_port}
+ params: ${_param:haproxy_neutron_check_params}
+ - name: ${_param:cluster_node03_hostname}
+ host: ${_param:cluster_node03_address}
+ port: ${_param:haproxy_neutron_port}
+ params: ${_param:haproxy_neutron_check_params}
+ - name: ${_param:cluster_node04_hostname}
+ host: ${_param:cluster_node04_address}
+ port: ${_param:haproxy_neutron_port}
+ params: ${_param:haproxy_neutron_check_params}
+ - name: ${_param:cluster_node05_hostname}
+ host: ${_param:cluster_node05_address}
+ port: ${_param:haproxy_neutron_port}
+ params: ${_param:haproxy_neutron_check_params}
diff --git a/haproxy/proxy/listen/openstack/nova-placement_large.yml b/haproxy/proxy/listen/openstack/nova-placement_large.yml
new file mode 100644
index 0000000..0139959
--- /dev/null
+++ b/haproxy/proxy/listen/openstack/nova-placement_large.yml
@@ -0,0 +1,40 @@
+parameters:
+ haproxy:
+ proxy:
+ listen:
+ # Nova placement API returns 401 when doing GET to root URL, while
+ # other serivces normally returns 200 and API versions data.
+ nova_placement_api:
+ mode: http
+ service_name: nova_placement
+ options:
+ - httpclose
+ - httplog
+ health-check:
+ http:
+ options:
+ - expect status 401
+ binds:
+ - address: ${_param:cluster_vip_address}
+ port: 8778
+ servers:
+ - name: ${_param:cluster_node01_hostname}
+ host: ${_param:cluster_node01_address}
+ port: 8778
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node02_hostname}
+ host: ${_param:cluster_node02_address}
+ port: 8778
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node03_hostname}
+ host: ${_param:cluster_node03_address}
+ port: 8778
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node04_hostname}
+ host: ${_param:cluster_node04_address}
+ port: 8778
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node05_hostname}
+ host: ${_param:cluster_node05_address}
+ port: 8778
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
diff --git a/haproxy/proxy/listen/openstack/nova_large.yml b/haproxy/proxy/listen/openstack/nova_large.yml
new file mode 100644
index 0000000..645e904
--- /dev/null
+++ b/haproxy/proxy/listen/openstack/nova_large.yml
@@ -0,0 +1,57 @@
+parameters:
+ haproxy:
+ proxy:
+ listen:
+ nova_api:
+ type: openstack-service
+ service_name: nova
+ binds:
+ - address: ${_param:cluster_vip_address}
+ port: 8774
+ servers:
+ - name: ${_param:cluster_node01_hostname}
+ host: ${_param:cluster_node01_address}
+ port: 8774
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node02_hostname}
+ host: ${_param:cluster_node02_address}
+ port: 8774
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node03_hostname}
+ host: ${_param:cluster_node03_address}
+ port: 8774
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node04_hostname}
+ host: ${_param:cluster_node04_address}
+ port: 8774
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node05_hostname}
+ host: ${_param:cluster_node05_address}
+ port: 8774
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ nova_metadata_api:
+ type: openstack-service
+ binds:
+ - address: ${_param:cluster_vip_address}
+ port: 8775
+ servers:
+ - name: ${_param:cluster_node01_hostname}
+ host: ${_param:cluster_node01_address}
+ port: 8775
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node02_hostname}
+ host: ${_param:cluster_node02_address}
+ port: 8775
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node03_hostname}
+ host: ${_param:cluster_node03_address}
+ port: 8775
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node04_hostname}
+ host: ${_param:cluster_node04_address}
+ port: 8775
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node05_hostname}
+ host: ${_param:cluster_node05_address}
+ port: 8775
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
diff --git a/haproxy/proxy/listen/openstack/novnc_large.yml b/haproxy/proxy/listen/openstack/novnc_large.yml
new file mode 100644
index 0000000..0951777
--- /dev/null
+++ b/haproxy/proxy/listen/openstack/novnc_large.yml
@@ -0,0 +1,32 @@
+parameters:
+ haproxy:
+ proxy:
+ listen:
+ nova_novnc:
+ type: general-service
+ service_name: http
+ check: true
+ binds:
+ - address: ${_param:cluster_vip_address}
+ port: 6080
+ servers:
+ - name: ${_param:cluster_node01_hostname}
+ host: ${_param:cluster_node01_address}
+ port: 6080
+ params: check
+ - name: ${_param:cluster_node02_hostname}
+ host: ${_param:cluster_node02_address}
+ port: 6080
+ params: check
+ - name: ${_param:cluster_node03_hostname}
+ host: ${_param:cluster_node03_address}
+ port: 6080
+ params: check
+ - name: ${_param:cluster_node04_hostname}
+ host: ${_param:cluster_node04_address}
+ port: 6080
+ params: check
+ - name: ${_param:cluster_node05_hostname}
+ host: ${_param:cluster_node05_address}
+ port: 6080
+ params: check
diff --git a/haproxy/proxy/listen/openstack/placement_large.yml b/haproxy/proxy/listen/openstack/placement_large.yml
new file mode 100644
index 0000000..c871fd7
--- /dev/null
+++ b/haproxy/proxy/listen/openstack/placement_large.yml
@@ -0,0 +1,34 @@
+# Starting with Nova (17.0.0) Queens - accessing to / of placement service
+# returns 200 with version data instead of 401 as it was before.
+# This file should be included for nova/placement higher than Queens.
+parameters:
+ haproxy:
+ proxy:
+ listen:
+ placement_api:
+ type: openstack-service
+ service_name: placement
+ binds:
+ - address: ${_param:cluster_vip_address}
+ port: 8778
+ servers:
+ - name: ${_param:cluster_node01_hostname}
+ host: ${_param:cluster_node01_address}
+ port: 8778
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node02_hostname}
+ host: ${_param:cluster_node02_address}
+ port: 8778
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node03_hostname}
+ host: ${_param:cluster_node03_address}
+ port: 8778
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node04_hostname}
+ host: ${_param:cluster_node04_address}
+ port: 8778
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ - name: ${_param:cluster_node05_hostname}
+ host: ${_param:cluster_node05_address}
+ port: 8778
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
diff --git a/heat/server/single.yml b/heat/server/single.yml
index e686050..2f28613 100644
--- a/heat/server/single.yml
+++ b/heat/server/single.yml
@@ -15,3 +15,9 @@
name: heat_domain_admin
password: ${_param:heat_domain_admin_password}
domain: heat
+ metadata:
+ protocol: ${_param:cluster_public_protocol}
+ waitcondition:
+ protocol: ${_param:cluster_public_protocol}
+ watch:
+ protocol: ${_param:cluster_public_protocol}
\ No newline at end of file
diff --git a/horizon/server/cluster.yml b/horizon/server/cluster.yml
index a68ab12..1d1f5eb 100644
--- a/horizon/server/cluster.yml
+++ b/horizon/server/cluster.yml
@@ -2,6 +2,7 @@
- service.keepalived.cluster.single
- service.horizon.server.cluster
- service.haproxy.proxy.single
+- system.apache.server.single
- system.haproxy.proxy.listen.openstack.horizon
- system.memcached.server.single
parameters:
@@ -15,4 +16,7 @@
plugin: {}
session:
engine: "cache"
-
+ apache:
+ server:
+ modules:
+ - wsgi
diff --git a/horizon/server/single.yml b/horizon/server/single.yml
index 2b59f52..2555a50 100644
--- a/horizon/server/single.yml
+++ b/horizon/server/single.yml
@@ -1,5 +1,6 @@
classes:
- service.horizon.server.single
+- system.apache.server.single
- system.memcached.server.single
parameters:
_param:
@@ -13,4 +14,7 @@
plugin: {}
session:
engine: "cache"
-
+ apache:
+ server:
+ modules:
+ - wsgi
diff --git a/jenkins/client/approved_scripts.yml b/jenkins/client/approved_scripts.yml
index 65db576..498cc62 100644
--- a/jenkins/client/approved_scripts.yml
+++ b/jenkins/client/approved_scripts.yml
@@ -66,6 +66,7 @@
- method java.util.regex.MatchResult group int
- method java.util.regex.MatchResult groupCount
- method java.util.regex.Matcher find
+ - method java.util.regex.Matcher group java.lang.String
- method java.util.regex.Matcher matches
- method java.util.regex.Pattern matcher java.lang.CharSequence
- method java.util.stream.Stream collect java.util.stream.Collector
@@ -84,6 +85,7 @@
- new groovy.json.JsonSlurperClassic
- new groovy.util.XmlParser
- new java.io.File java.lang.String
+ - new java.io.File java.lang.String java.lang.String
- new java.io.IOException java.lang.String
- new java.io.OutputStreamWriter java.io.OutputStream
- new java.lang.Exception java.lang.String
@@ -131,6 +133,7 @@
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods plus java.util.List java.util.Collection
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods println java.lang.Object java.lang.Object
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods putAt java.lang.Object java.lang.String java.lang.Object
+ - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods readLines java.lang.String
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods sort java.util.Collection
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods split java.lang.String
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods takeRight java.util.List int
diff --git a/jenkins/client/init.yml b/jenkins/client/init.yml
index 409b3f3..a64c76f 100644
--- a/jenkins/client/init.yml
+++ b/jenkins/client/init.yml
@@ -2,6 +2,7 @@
- service.jenkins.support
- service.jenkins.client
- system.jenkins.client.approved_scripts
+ - system.jenkins.client.plugins
parameters:
_param:
jenkins_client_user: none
@@ -21,49 +22,6 @@
port: ${_param:jenkins_master_port}
username: ${_param:jenkins_client_user}
password: ${_param:jenkins_client_password}
- plugin:
- antisamy-markup-formatter: {}
- artifactory: {}
- blueocean: {}
- build-blocker-plugin: {}
- build-monitor-plugin: {}
- build-timeout: {}
- build-user-vars-plugin: {}
- categorized-view: {}
- copyartifact: {}
- description-setter: {}
- discard-old-build: {}
- docker-workflow: {}
- email-ext: {}
- envinject: {}
- extended-choice-parameter: {}
- extensible-choice-parameter: {}
- gerrit-trigger: {}
- git: {}
- github: {}
- heavy-job: {}
- jobConfigHistory: {}
- jira: {}
- ldap: {}
- lockable-resources: {}
- matrix-auth: {}
- monitoring: {}
- multiple-scms: {}
- performance: {}
- permissive-script-security: {}
- pipeline-utility-steps: {}
- plot: {}
- prometheus: {}
- rebuild: {}
- simple-theme-plugin: {}
- slack: {}
- ssh-agent: {}
- test-stability: {}
- throttle-concurrents: {}
- workflow-cps: {}
- workflow-remote-loader: {}
- workflow-scm-step:
- restart: true
lib:
pipeline-library:
enabled: true
diff --git a/jenkins/client/job/debian/packages/extra.yml b/jenkins/client/job/debian/packages/extra.yml
index 0a21a55..f3475b3 100644
--- a/jenkins/client/job/debian/packages/extra.yml
+++ b/jenkins/client/job/debian/packages/extra.yml
@@ -212,6 +212,11 @@
template:
type: workflow-scm
concurrent: false
+ discard:
+ build:
+ keep_num: 10
+ artifact:
+ keep_num: 10
scm:
type: git
url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
diff --git a/jenkins/client/job/debian/packages/salt-multi.yml b/jenkins/client/job/debian/packages/salt-multi.yml
index e185b60..b58b801 100644
--- a/jenkins/client/job/debian/packages/salt-multi.yml
+++ b/jenkins/client/job/debian/packages/salt-multi.yml
@@ -63,7 +63,7 @@
upload_source_package: true
dist: xenial
- name: swift
- upload_source_package: true
+ upload_source_package: false
dist: xenial
template:
discard:
diff --git a/jenkins/client/job/debian/packages/salt.yml b/jenkins/client/job/debian/packages/salt.yml
index 7a9dd04..9c81b8e 100644
--- a/jenkins/client/job/debian/packages/salt.yml
+++ b/jenkins/client/job/debian/packages/salt.yml
@@ -29,6 +29,10 @@
upload_source_package: false
upload_to_aptly: true
dist: trusty
+ - name: auditd
+ upload_source_packages: false
+ upload_to_aptly: true
+ dist: trusty
- name: backupninja
upload_source_package: false
upload_to_aptly: true
@@ -201,6 +205,10 @@
upload_source_package: false
upload_to_aptly: true
dist: trusty
+ - name: keycloak
+ upload_source_package: false
+ upload_to_aptly: true
+ dist: trusty
- name: kibana
upload_source_package: false
upload_to_aptly: true
@@ -465,6 +473,10 @@
upload_source_package: true
upload_to_aptly: true
dist: xenial
+ - name: auditd
+ upload_source_packages: false
+ upload_to_aptly: true
+ dist: xenial
- name: barbican
upload_source_package: true
upload_to_aptly: true
@@ -653,6 +665,10 @@
upload_source_package: true
upload_to_aptly: true
dist: xenial
+ - name: keycloak
+ upload_source_package: true
+ upload_to_aptly: true
+ dist: xenial
- name: kibana
upload_source_package: true
upload_to_aptly: true
diff --git a/jenkins/client/job/debian/packages/testing.yml b/jenkins/client/job/debian/packages/testing.yml
index f150f80..84ff1cc 100644
--- a/jenkins/client/job/debian/packages/testing.yml
+++ b/jenkins/client/job/debian/packages/testing.yml
@@ -14,6 +14,11 @@
template:
type: workflow-scm
concurrent: false
+ discard:
+ build:
+ keep_num: 10
+ artifact:
+ keep_num: 10
scm:
type: git
url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
diff --git a/jenkins/client/job/decapod/add_mon.yml b/jenkins/client/job/decapod/add_mon.yml
deleted file mode 100644
index 03daed2..0000000
--- a/jenkins/client/job/decapod/add_mon.yml
+++ /dev/null
@@ -1,30 +0,0 @@
-parameters:
- jenkins:
- client:
- job:
- decapod_add_mon:
- type: workflow-scm
- name: decapod-add_mon
- display_name: "Decapod - add monitors"
- discard:
- build:
- keep_num: 20
- concurrent: true
- scm:
- type: git
- url: "${_param:jenkins_gerrit_url}/mk/decapod-pipelines"
- credentials: "gerrit"
- script: add-mon.groovy
- param:
- SALT_MASTER_CREDENTIALS:
- type: string
- default: "salt"
- SALT_MASTER_IP:
- type: string
- default: "${_param:infra_config_address}"
- SALT_MASTER_PORT:
- type: string
- default: "${_param:salt_master_api_port}"
- ASK_ON_ERROR:
- type: boolean
- default: 'false'
\ No newline at end of file
diff --git a/jenkins/client/job/decapod/add_osd.yml b/jenkins/client/job/decapod/add_osd.yml
deleted file mode 100644
index f0a4333..0000000
--- a/jenkins/client/job/decapod/add_osd.yml
+++ /dev/null
@@ -1,30 +0,0 @@
-parameters:
- jenkins:
- client:
- job:
- decapod_add_osd:
- type: workflow-scm
- name: decapod-add_osd
- display_name: "Decapod - add new osd"
- discard:
- build:
- keep_num: 20
- concurrent: true
- scm:
- type: git
- url: "${_param:jenkins_gerrit_url}/mk/decapod-pipelines"
- credentials: "gerrit"
- script: add-osd.groovy
- param:
- SALT_MASTER_CREDENTIALS:
- type: string
- default: "salt"
- SALT_MASTER_IP:
- type: string
- default: "${_param:infra_config_address}"
- SALT_MASTER_PORT:
- type: string
- default: "${_param:salt_master_api_port}"
- ASK_ON_ERROR:
- type: boolean
- default: 'false'
\ No newline at end of file
diff --git a/jenkins/client/job/decapod/cluster.yml b/jenkins/client/job/decapod/cluster.yml
deleted file mode 100644
index cb353a6..0000000
--- a/jenkins/client/job/decapod/cluster.yml
+++ /dev/null
@@ -1,30 +0,0 @@
-parameters:
- jenkins:
- client:
- job:
- deploy_decapod:
- type: workflow-scm
- name: deploy-decapod
- display_name: "Deploy - Decapod"
- discard:
- build:
- keep_num: 20
- concurrent: true
- scm:
- type: git
- url: "${_param:jenkins_gerrit_url}/mk/decapod-pipelines"
- credentials: "gerrit"
- script: decapod-pipeline.groovy
- param:
- SALT_MASTER_CREDENTIALS:
- type: string
- default: "salt"
- SALT_MASTER_IP:
- type: string
- default: "${_param:infra_config_address}"
- SALT_MASTER_PORT:
- type: string
- default: "${_param:salt_master_api_port}"
- ASK_ON_ERROR:
- type: boolean
- default: 'false'
diff --git a/jenkins/client/job/decapod/del_mon.yml b/jenkins/client/job/decapod/del_mon.yml
deleted file mode 100644
index d858431..0000000
--- a/jenkins/client/job/decapod/del_mon.yml
+++ /dev/null
@@ -1,30 +0,0 @@
-parameters:
- jenkins:
- client:
- job:
- decapod_del_mon:
- type: workflow-scm
- name: decapod-del_mon
- display_name: "Decapod - del monitors"
- discard:
- build:
- keep_num: 20
- concurrent: true
- scm:
- type: git
- url: "${_param:jenkins_gerrit_url}/mk/decapod-pipelines"
- credentials: "gerrit"
- script: del-mon.groovy
- param:
- SALT_MASTER_CREDENTIALS:
- type: string
- default: "salt"
- SALT_MASTER_IP:
- type: string
- default: "${_param:infra_config_address}"
- SALT_MASTER_PORT:
- type: string
- default: "${_param:salt_master_api_port}"
- ASK_ON_ERROR:
- type: boolean
- default: 'false'
diff --git a/jenkins/client/job/decapod/del_osd.yml b/jenkins/client/job/decapod/del_osd.yml
deleted file mode 100644
index b432762..0000000
--- a/jenkins/client/job/decapod/del_osd.yml
+++ /dev/null
@@ -1,30 +0,0 @@
-parameters:
- jenkins:
- client:
- job:
- decapod_del_osd:
- type: workflow-scm
- name: decapod-del_osd
- display_name: "Decapod - del osd"
- discard:
- build:
- keep_num: 20
- concurrent: true
- scm:
- type: git
- url: "${_param:jenkins_gerrit_url}/mk/decapod-pipelines"
- credentials: "gerrit"
- script: del-osd.groovy
- param:
- SALT_MASTER_CREDENTIALS:
- type: string
- default: "salt"
- SALT_MASTER_IP:
- type: string
- default: "${_param:infra_config_address}"
- SALT_MASTER_PORT:
- type: string
- default: "${_param:salt_master_api_port}"
- ASK_ON_ERROR:
- type: boolean
- default: 'false'
\ No newline at end of file
diff --git a/jenkins/client/job/decapod/monitoring.yml b/jenkins/client/job/decapod/monitoring.yml
deleted file mode 100644
index ea6a5c2..0000000
--- a/jenkins/client/job/decapod/monitoring.yml
+++ /dev/null
@@ -1,30 +0,0 @@
-parameters:
- jenkins:
- client:
- job:
- decapod_monitoring:
- type: workflow-scm
- name: decapod-monitoring
- display_name: "Decapod - monitoring"
- discard:
- build:
- keep_num: 20
- concurrent: true
- scm:
- type: git
- url: "${_param:jenkins_gerrit_url}/mk/decapod-pipelines"
- credentials: "gerrit"
- script: monitoring.groovy
- param:
- SALT_MASTER_CREDENTIALS:
- type: string
- default: "salt"
- SALT_MASTER_IP:
- type: string
- default: "${_param:infra_config_address}"
- SALT_MASTER_PORT:
- type: string
- default: "${_param:salt_master_api_port}"
- ASK_ON_ERROR:
- type: boolean
- default: 'false'
\ No newline at end of file
diff --git a/jenkins/client/job/deploy/lab/cicd.yml b/jenkins/client/job/deploy/lab/cicd.yml
index d524bbc..8252cfd 100644
--- a/jenkins/client/job/deploy/lab/cicd.yml
+++ b/jenkins/client/job/deploy/lab/cicd.yml
@@ -10,6 +10,9 @@
template:
type: workflow-scm
concurrent: true
+ discard:
+ build:
+ keep_num: 10
display_name: "Deploy {{name}} heat stack"
scm:
type: git
diff --git a/jenkins/client/job/deploy/lab/component/openstack.yml b/jenkins/client/job/deploy/lab/component/openstack.yml
index 0e526c6..2faa44a 100644
--- a/jenkins/client/job/deploy/lab/component/openstack.yml
+++ b/jenkins/client/job/deploy/lab/component/openstack.yml
@@ -18,7 +18,7 @@
stack_env: devcloud
stack_type: heat
stack_install: core,openstack,contrail
- stack_test: ""
+ stack_test: "opencontrail"
job_timer: "H H(0-6) * * *"
- stack_name: os_ha_contrail_ironic
stack_env: devcloud
diff --git a/jenkins/client/job/deploy/lab/demo.yml b/jenkins/client/job/deploy/lab/demo.yml
index 2bb6ad5..3af2d7c 100644
--- a/jenkins/client/job/deploy/lab/demo.yml
+++ b/jenkins/client/job/deploy/lab/demo.yml
@@ -5,6 +5,9 @@
deploy_kafka_demo:
type: workflow-scm
concurrent: false
+ discard:
+ build:
+ keep_num: 10
display_name: "Kafka demo"
scm:
type: git
diff --git a/jenkins/client/job/deploy/lab/deploy.yml b/jenkins/client/job/deploy/lab/deploy.yml
index 624e553..b1deafa 100644
--- a/jenkins/client/job/deploy/lab/deploy.yml
+++ b/jenkins/client/job/deploy/lab/deploy.yml
@@ -1,5 +1,6 @@
parameters:
_param:
+ mcp_docker_registry: 'docker-prod-local.artifactory.mirantis.com'
jenkins_deploy_jobs: []
heat_stack_zone_job_param:
type: string
@@ -180,7 +181,7 @@
TEST_TEMPEST_IMAGE:
type: string
description: "Tempest docker image"
- default: "docker-prod-local.artifactory.mirantis.com/mirantis/oscore/rally-tempest"
+ default: "${_param:mcp_docker_registry}/mirantis/oscore/rally-tempest"
TEST_TEMPEST_TARGET:
type: string
description: "Node to run tests"
diff --git a/jenkins/client/job/deploy/openstack.yml b/jenkins/client/job/deploy/openstack.yml
index a9f2007..d5ed556 100644
--- a/jenkins/client/job/deploy/openstack.yml
+++ b/jenkins/client/job/deploy/openstack.yml
@@ -44,6 +44,9 @@
deploy-openstack-compute:
type: workflow-scm
concurrent: true
+ discard:
+ build:
+ keep_num: 50
display_name: "Deploy - OpenStack Compute node"
scm:
type: git
diff --git a/jenkins/client/job/deploy/rollout.yml b/jenkins/client/job/deploy/rollout.yml
deleted file mode 100644
index 3b05fd6..0000000
--- a/jenkins/client/job/deploy/rollout.yml
+++ /dev/null
@@ -1,94 +0,0 @@
-parameters:
- jenkins:
- client:
- job:
- deploy_rollout_config_change:
- name: deploy-rollout-config-change
- type: workflow-scm
- discard:
- build:
- keep_num: 20
- concurrent: true
- display_name: "Deploy - Rollout change"
- scm:
- type: git
- url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
- branch: "${_param:jenkins_pipelines_branch}"
- credentials: "gerrit"
- script: rollout-config-change.groovy
- param:
- TST_SALT_MASTER_CREDENTIALS:
- type: string
- TST_SALT_MASTER_URL:
- type: string
- PRD_SALT_MASTER_CREDENTIALS:
- type: string
- PRD_SALT_MASTER_URL:
- type: string
- MODEL_REPO_URL:
- type: string
- MODEL_REPO_CREDENTIALS:
- type: string
- default: "gerrit"
- MODEL_REPO_SOURCE_BRANCH:
- type: string
- MODEL_REPO_TARGET_BRANCH:
- type: string
- TARGET_SERVERS:
- type: string
- TARGET_STATES:
- type: string
- TARGET_SUBSET_TEST:
- type: string
- TARGET_SUBSET_LIVE:
- type: string
- TARGET_BATCH_LIVE:
- type: string
- # test
- TEST_SERVICE:
- type: string
- TEST_K8S_API_SERVER:
- type: string
- default: "http://127.0.0.1:8080"
- TEST_K8S_CONFORMANCE_IMAGE:
- type: string
- default: "docker-dev-virtual.docker.mirantis.net/mirantis/kubernetes/k8s-conformance:v1.7.5-2_1504192939316"
- TEST_TEMPEST_IMAGE:
- type: string
- description: "Tempest docker image"
- default: "docker-prod-local.artifactory.mirantis.com/mirantis/oscore/rally-tempest"
- TEST_TEMPEST_TARGET:
- type: string
- description: "Node to run tests"
- default: ""
- TEST_DOCKER_INSTALL:
- type: boolean
- description: "Install docker on the target if true"
- default: "true"
- TEST_TEMPEST_PATTERN:
- type: string
- description: "Run tests matched to pattern only"
- git_merge_branches:
- name: git-merge-branches
- type: workflow-scm
- discard:
- build:
- keep_num: 20
- concurrent: true
- display_name: "Git - Merge branches"
- scm:
- type: git
- url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
- branch: "${_param:jenkins_pipelines_branch}"
- credentials: "gerrit"
- script: git-merge-branches-pipeline.groovy
- param:
- REPO_URL:
- type: string
- CREDENTIALS_ID:
- type: string
- default: "gerrit"
- SOURCE_BRANCH:
- type: string
- TARGET_BRANCH:
- type: string
diff --git a/jenkins/client/job/deploy/test.yml b/jenkins/client/job/deploy/test.yml
deleted file mode 100644
index acf6fa3..0000000
--- a/jenkins/client/job/deploy/test.yml
+++ /dev/null
@@ -1,60 +0,0 @@
-parameters:
- jenkins:
- client:
- job:
- test_service_job:
- name: deploy-test-service
- type: workflow-scm
- discard:
- build:
- keep_num: 50
- concurrent: true
- display_name: "Deploy - Test services in environment"
- scm:
- type: git
- url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
- branch: "${_param:jenkins_pipelines_branch}"
- credentials: "gerrit"
- script: test-service.groovy
- param:
-
- # salt
- SALT_MASTER_CREDENTIALS:
- type: string
- default: "salt-qa-credentials"
- SALT_MASTER_URL:
- type: string
- default: ""
-
- # test
- TEST_K8S_API_SERVER:
- type: string
- default: "http://127.0.0.1:8080"
- TEST_K8S_CONFORMANCE_IMAGE:
- type: string
- default: "docker-dev-virtual.docker.mirantis.net/mirantis/kubernetes/k8s-conformance:v1.7.5-2_1504192939316"
-
- TEST_TEMPEST_IMAGE:
- type: string
- description: "Tempest docker image"
- default: "docker-prod-local.artifactory.mirantis.com/mirantis/oscore/rally-tempest"
- TEST_TEMPEST_TARGET:
- type: string
- description: "Node to run tests. use FQDN for ctl01 e.g. ctl01.deploy-heat-os_ha_contrail-17.bud-mk.local"
- default: ""
- TEST_DOCKER_INSTALL:
- type: boolean
- description: "Install docker on the target if true"
- default: "true"
- TEST_TEMPEST_PATTERN:
- type: string
- description: "Run tests matched to pattern only e.g. tempest.api.identity"
- default: "false"
- TEST_SERVICE:
- type: string
- description: "openstack or k8s"
- default: "openstack"
- TEST_JUNIT_RATIO:
- type: string
- description: "The amplification factor to apply to test failures when computing the test result contribution to the build health score."
- default: "1.0"
diff --git a/jenkins/client/job/deploy/update/cloud_update.yml b/jenkins/client/job/deploy/update/cloud_update.yml
index d434850..4482324 100644
--- a/jenkins/client/job/deploy/update/cloud_update.yml
+++ b/jenkins/client/job/deploy/update/cloud_update.yml
@@ -10,6 +10,11 @@
deploy-update-cloud:
type: workflow-scm
concurrent: true
+ discard:
+ build:
+ keep_num: 10
+ artifact:
+ keep_num: 10
display_name: "Deploy - update cloud"
scm:
type: git
@@ -160,3 +165,7 @@
type: boolean
default: 'false'
description: "Run cloud validation pipelines before and after update"
+ MINIONS_TEST_TIMEOUT:
+ type: string
+ default: 10
+ description: "Time in seconds for a Salt result to receive a response when calling a minionsReachable method."
diff --git a/jenkins/client/job/deploy/update/config.yml b/jenkins/client/job/deploy/update/config.yml
index 7c75e5b..47ec321 100644
--- a/jenkins/client/job/deploy/update/config.yml
+++ b/jenkins/client/job/deploy/update/config.yml
@@ -10,6 +10,11 @@
deploy-update-service-config:
type: workflow-scm
concurrent: true
+ discard:
+ build:
+ keep_num: 10
+ artifact:
+ keep_num: 10
display_name: "Deploy - update service(s) config"
scm:
type: git
diff --git a/jenkins/client/job/deploy/update/kubernetes_update.yml b/jenkins/client/job/deploy/update/kubernetes_update.yml
index 9fb23f9..acdb8e0 100644
--- a/jenkins/client/job/deploy/update/kubernetes_update.yml
+++ b/jenkins/client/job/deploy/update/kubernetes_update.yml
@@ -11,6 +11,11 @@
deploy-k8s-upgrade:
type: workflow-scm
concurrent: true
+ discard:
+ build:
+ keep_num: 10
+ artifact:
+ keep_num: 10
display_name: "Deploy - update kubernetes cluster"
scm:
type: git
diff --git a/jenkins/client/job/deploy/update/package.yml b/jenkins/client/job/deploy/update/package.yml
index b276ce4..a485c3e 100644
--- a/jenkins/client/job/deploy/update/package.yml
+++ b/jenkins/client/job/deploy/update/package.yml
@@ -10,6 +10,11 @@
deploy-update-package:
type: workflow-scm
concurrent: true
+ discard:
+ build:
+ keep_num: 10
+ artifact:
+ keep_num: 10
display_name: "Deploy - update system package(s)"
scm:
type: git
diff --git a/jenkins/client/job/deploy/update/restore_cassandra.yml b/jenkins/client/job/deploy/update/restore_cassandra.yml
index 115f7a2..34179af 100644
--- a/jenkins/client/job/deploy/update/restore_cassandra.yml
+++ b/jenkins/client/job/deploy/update/restore_cassandra.yml
@@ -10,6 +10,11 @@
deploy-cassandra-db-restore:
type: workflow-scm
concurrent: true
+ discard:
+ build:
+ keep_num: 10
+ artifact:
+ keep_num: 10
display_name: "Cassandra - restore db"
scm:
type: git
diff --git a/jenkins/client/job/deploy/update/restore_mysql.yml b/jenkins/client/job/deploy/update/restore_mysql.yml
index 2c4ce12..aaf4552 100644
--- a/jenkins/client/job/deploy/update/restore_mysql.yml
+++ b/jenkins/client/job/deploy/update/restore_mysql.yml
@@ -10,6 +10,11 @@
deploy-mysql-db-restore:
type: workflow-scm
concurrent: true
+ discard:
+ build:
+ keep_num: 10
+ artifact:
+ keep_num: 10
display_name: "Xtrabackup - restore mysql db"
scm:
type: git
diff --git a/jenkins/client/job/deploy/update/restore_zookeeper.yml b/jenkins/client/job/deploy/update/restore_zookeeper.yml
index b6d044a..ebb57f7 100644
--- a/jenkins/client/job/deploy/update/restore_zookeeper.yml
+++ b/jenkins/client/job/deploy/update/restore_zookeeper.yml
@@ -10,6 +10,11 @@
deploy-zookeeper-restore:
type: workflow-scm
concurrent: true
+ discard:
+ build:
+ keep_num: 10
+ artifact:
+ keep_num: 10
display_name: "Zookeeper - restore"
scm:
type: git
diff --git a/jenkins/client/job/deploy/update/saltenv.yml b/jenkins/client/job/deploy/update/saltenv.yml
index 1ce1494..734a4e5 100644
--- a/jenkins/client/job/deploy/update/saltenv.yml
+++ b/jenkins/client/job/deploy/update/saltenv.yml
@@ -19,6 +19,11 @@
display_name: "Deploy - update {{name}} environment"
type: workflow-scm
concurrent: false
+ discard:
+ build:
+ keep_num: 10
+ artifact:
+ keep_num: 10
scm:
type: git
url: "${_param:jenkins_gerrit_url}/salt-models/{{name}}"
diff --git a/jenkins/client/job/deploy/update/update_mirror_image.yml b/jenkins/client/job/deploy/update/update_mirror_image.yml
index 2b2dc26..73fd434 100644
--- a/jenkins/client/job/deploy/update/update_mirror_image.yml
+++ b/jenkins/client/job/deploy/update/update_mirror_image.yml
@@ -10,6 +10,11 @@
deploy-update-mirror-image:
type: workflow-scm
concurrent: true
+ discard:
+ build:
+ keep_num: 10
+ artifact:
+ keep_num: 10
display_name: "Deploy - update local mirror"
scm:
type: git
diff --git a/jenkins/client/job/deploy/update/update_salt_environment.yml b/jenkins/client/job/deploy/update/update_salt_environment.yml
index f9ea6d5..dcc58d7 100644
--- a/jenkins/client/job/deploy/update/update_salt_environment.yml
+++ b/jenkins/client/job/deploy/update/update_salt_environment.yml
@@ -10,6 +10,11 @@
deploy-update-salt-environment:
type: workflow-scm
concurrent: true
+ discard:
+ build:
+ keep_num: 10
+ artifact:
+ keep_num: 10
display_name: "Deploy - update Salt environment"
scm:
type: git
diff --git a/jenkins/client/job/deploy/update/upgrade.yml b/jenkins/client/job/deploy/update/upgrade.yml
index 6ffc9c1..01fdf2a 100644
--- a/jenkins/client/job/deploy/update/upgrade.yml
+++ b/jenkins/client/job/deploy/update/upgrade.yml
@@ -10,6 +10,11 @@
deploy-upgrade-control:
type: workflow-scm
concurrent: true
+ discard:
+ build:
+ keep_num: 10
+ artifact:
+ keep_num: 10
display_name: "Deploy - upgrade control VMs"
scm:
type: git
diff --git a/jenkins/client/job/deploy/update/upgrade_compute.yml b/jenkins/client/job/deploy/update/upgrade_compute.yml
index 3986997..706863d 100644
--- a/jenkins/client/job/deploy/update/upgrade_compute.yml
+++ b/jenkins/client/job/deploy/update/upgrade_compute.yml
@@ -10,6 +10,11 @@
deploy-upgrade-compute:
type: workflow-scm
concurrent: true
+ discard:
+ build:
+ keep_num: 10
+ artifact:
+ keep_num: 10
display_name: "Deploy - upgrade computes"
scm:
type: git
diff --git a/jenkins/client/job/deploy/update/upgrade_mcp_release.yml b/jenkins/client/job/deploy/update/upgrade_mcp_release.yml
index c9b846f..18f5646 100644
--- a/jenkins/client/job/deploy/update/upgrade_mcp_release.yml
+++ b/jenkins/client/job/deploy/update/upgrade_mcp_release.yml
@@ -10,6 +10,11 @@
upgrade-mcp-release:
type: workflow-scm
concurrent: true
+ discard:
+ build:
+ keep_num: 10
+ artifact:
+ keep_num: 10
display_name: "Deploy - upgrade MCP Drivetrain"
scm:
type: git
@@ -42,4 +47,8 @@
UPDATE_LOCAL_REPOS:
type: boolean
default: 'false'
- description: "Use only when local repositories are present."
\ No newline at end of file
+ description: "Use only when local repositories are present."
+ PIPELINE_TIMEOUT:
+ type: string
+ default: '12'
+ description: "Sets pipeline timeout in hours. Defaults to '12' if left empty."
\ No newline at end of file
diff --git a/jenkins/client/job/deploy/update/upgrade_opencontrail.yml b/jenkins/client/job/deploy/update/upgrade_opencontrail.yml
index de7e46f..0b0d945 100644
--- a/jenkins/client/job/deploy/update/upgrade_opencontrail.yml
+++ b/jenkins/client/job/deploy/update/upgrade_opencontrail.yml
@@ -10,6 +10,11 @@
deploy-upgrade-opencontrail:
type: workflow-scm
concurrent: true
+ discard:
+ build:
+ keep_num: 10
+ artifact:
+ keep_num: 10
display_name: "Deploy - upgrade Opencontrail"
scm:
type: git
diff --git a/jenkins/client/job/deploy/update/upgrade_opencontrail4_0.yml b/jenkins/client/job/deploy/update/upgrade_opencontrail4_0.yml
index f622371..c1f448c 100644
--- a/jenkins/client/job/deploy/update/upgrade_opencontrail4_0.yml
+++ b/jenkins/client/job/deploy/update/upgrade_opencontrail4_0.yml
@@ -10,6 +10,11 @@
deploy-upgrade-opencontrail40:
type: workflow-scm
concurrent: true
+ discard:
+ build:
+ keep_num: 10
+ artifact:
+ keep_num: 10
display_name: "Deploy - upgrade Opencontrail to 4.x"
scm:
type: git
diff --git a/jenkins/client/job/deploy/update/upgrade_ovs_gateway.yml b/jenkins/client/job/deploy/update/upgrade_ovs_gateway.yml
index e7cdb12..b0c92b7 100644
--- a/jenkins/client/job/deploy/update/upgrade_ovs_gateway.yml
+++ b/jenkins/client/job/deploy/update/upgrade_ovs_gateway.yml
@@ -10,6 +10,11 @@
deploy-upgrade-ovs-gateway:
type: workflow-scm
concurrent: true
+ discard:
+ build:
+ keep_num: 10
+ artifact:
+ keep_num: 10
display_name: "Deploy - upgrade OVS gateway"
scm:
type: git
diff --git a/jenkins/client/job/deploy/update/utils.yml b/jenkins/client/job/deploy/update/utils.yml
index 1a6062e..ca669d4 100644
--- a/jenkins/client/job/deploy/update/utils.yml
+++ b/jenkins/client/job/deploy/update/utils.yml
@@ -5,6 +5,11 @@
reclass_metadata_update:
type: workflow-scm
concurrent: true
+ discard:
+ build:
+ keep_num: 10
+ artifact:
+ keep_num: 10
display_name: "Deploy - Update reclass metadata"
scm:
type: git
@@ -28,6 +33,11 @@
salt_master_formula_update:
type: workflow-scm
concurrent: true
+ discard:
+ build:
+ keep_num: 10
+ artifact:
+ keep_num: 10
display_name: "Deploy - Update salt master formulas"
scm:
type: git
@@ -51,6 +61,11 @@
jenkins_master_job_update:
type: workflow-scm
concurrent: true
+ discard:
+ build:
+ keep_num: 10
+ artifact:
+ keep_num: 10
display_name: "Deploy - Update jenkins master jobs"
scm:
type: git
diff --git a/jenkins/client/job/deploy/update/virt_snapshot.yml b/jenkins/client/job/deploy/update/virt_snapshot.yml
index 0388ed1..be92c8d 100644
--- a/jenkins/client/job/deploy/update/virt_snapshot.yml
+++ b/jenkins/client/job/deploy/update/virt_snapshot.yml
@@ -10,6 +10,11 @@
manage-virt-snapshot:
type: workflow-scm
concurrent: true
+ discard:
+ build:
+ keep_num: 10
+ artifact:
+ keep_num: 10
display_name: "Deploy - virt snapshot VM"
scm:
type: git
diff --git a/jenkins/client/job/docker/opencontrail.yml b/jenkins/client/job/docker/opencontrail.yml
index b5052de..0e4f40a 100644
--- a/jenkins/client/job/docker/opencontrail.yml
+++ b/jenkins/client/job/docker/opencontrail.yml
@@ -6,7 +6,11 @@
name: "docker-build-images-opencontrail-{{version}}"
jobs:
- version: oc40
+ branch: master
- version: oc41
+ branch: master
+ - version: oc50
+ branch: R5.0
template:
discard:
build:
@@ -24,7 +28,7 @@
project:
"mk/docker-opencontrail":
branches:
- - master
+ - "{{branch}}"
event:
ref:
- updated: {}
@@ -44,6 +48,9 @@
IMAGE_CREDENTIALS_ID:
type: string
default: "gerrit"
+ IMAGE_BRANCH:
+ type: string
+ default: "{{branch}}"
APT_KEY:
type: string
default: "${_param:jenkins_aptly_url}/public.gpg"
diff --git a/jenkins/client/job/gating.yml b/jenkins/client/job/gating.yml
index 1ed093e..513df82 100644
--- a/jenkins/client/job/gating.yml
+++ b/jenkins/client/job/gating.yml
@@ -44,6 +44,8 @@
compare_type: REG_EXP
branches:
- master
+ - compare_type: ANT
+ name: release/*
skip_vote:
- successful
- failed
diff --git a/jenkins/client/job/git-mirrors/upstream/templates.yml b/jenkins/client/job/git-mirrors/upstream/templates.yml
index a83a6de..a386ba4 100644
--- a/jenkins/client/job/git-mirrors/upstream/templates.yml
+++ b/jenkins/client/job/git-mirrors/upstream/templates.yml
@@ -6,7 +6,7 @@
- name: cookiecutter-templates
downstream: mk/cookiecutter-templates
upstream: "git@github.com:Mirantis/mk2x-cookiecutter-reclass-model"
- branches: master,mcp10
+ branches: master,mcp10,release/2018.8.1
- name: heat-fragments
downstream: mk/heat-fragments
upstream: "git@github.com:Mirantis/heat-fragments"
diff --git a/jenkins/client/job/image/centos.yml b/jenkins/client/job/image/centos.yml
index d5856e4..5358d92 100644
--- a/jenkins/client/job/image/centos.yml
+++ b/jenkins/client/job/image/centos.yml
@@ -9,6 +9,11 @@
build-image-centos-7:
type: workflow-scm
concurrent: false
+ discard:
+ build:
+ keep_num: 5
+ artifact:
+ keep_num: 5
scm:
type: git
url: "${_param:jenkins_packer_pipeline}"
diff --git a/jenkins/client/job/image/debian.yml b/jenkins/client/job/image/debian.yml
index ab17c06..eef4740 100644
--- a/jenkins/client/job/image/debian.yml
+++ b/jenkins/client/job/image/debian.yml
@@ -9,6 +9,11 @@
build-image-debian-8:
type: workflow-scm
concurrent: false
+ discard:
+ build:
+ keep_num: 5
+ artifact:
+ keep_num: 5
scm:
type: git
url: "${_param:jenkins_packer_pipeline}"
diff --git a/jenkins/client/job/image/ubuntu.yml b/jenkins/client/job/image/ubuntu.yml
index 8d7e1de..e4a8251 100644
--- a/jenkins/client/job/image/ubuntu.yml
+++ b/jenkins/client/job/image/ubuntu.yml
@@ -88,6 +88,13 @@
build-image-ubuntu-16-04:
type: workflow-scm
concurrent: false
+ discard:
+ build:
+ keep_num: 5
+ keep_days: 5
+ artifact:
+ keep_num: 6
+ keep_days: 6
scm:
type: git
url: "${_param:jenkins_packer_pipeline}"
diff --git a/jenkins/client/job/k8s-test/init.yml b/jenkins/client/job/k8s-test/init.yml
index 0cdaa09..4d22797 100644
--- a/jenkins/client/job/k8s-test/init.yml
+++ b/jenkins/client/job/k8s-test/init.yml
@@ -1,3 +1,4 @@
classes:
- system.jenkins.client.job.k8s-test.mcp-k8s-test-pipeline
-- system.jenkins.client.job.k8s-test.mcp-k8s-merge-pipeline
\ No newline at end of file
+- system.jenkins.client.job.k8s-test.mcp-k8s-merge-pipeline
+- system.jenkins.client.job.k8s-test.mcp-k8s-formula-test-pipeline
diff --git a/jenkins/client/job/k8s-test/mcp-k8s-formula-test-pipeline.yml b/jenkins/client/job/k8s-test/mcp-k8s-formula-test-pipeline.yml
new file mode 100644
index 0000000..976ed1a
--- /dev/null
+++ b/jenkins/client/job/k8s-test/mcp-k8s-formula-test-pipeline.yml
@@ -0,0 +1,67 @@
+parameters:
+ jenkins:
+ client:
+ job:
+ mcp_k8s_formula_test_pipeline:
+ type: workflow-scm
+ name: mcp-k8s-formula-test-pipeline
+ display_name: "Kubernetes formula test pipeline"
+ description: "Run k8s conformance against gerrit commit"
+ discard:
+ build:
+ keep_num: 30
+ artifact:
+ keep_num: 30
+ concurrent: true
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/kubernetes-ci/kubernetes-pipelines"
+ credentials: "gerrit"
+ script: pipelines/mcp-formula-change-test-pipeline.groovy
+ param:
+ SOURCE_CREDENTIALS:
+ type: string
+ default: "gerrit"
+ UPLOAD_APTLY:
+ type: boolean
+ default: 'true'
+ description: Whether to upload to Aptly
+ APTLY_REPO:
+ type: string
+ default: ""
+ description: Aptly repo name
+ BUILD_PACKAGE:
+ type: boolean
+ default: 'true'
+ description: Whether to build package
+ APTLY_REPO_URL:
+ type: string
+ default: "${_param:jenkins_aptly_url}"
+ description: Aptly url
+ APTLY_API_URL:
+ type: string
+ default: "${_param:jenkins_aptly_api_url}"
+ description: Aptly API url
+ SOURCES:
+ type: text
+ default: ""
+ description: Optional parameter to list Git refspecs to be build
+ PKG_BUILD_JOB_NAME:
+ type: string
+ default: "oscore-build-salt-formula-refspec"
+ description: Jenkins job name to build package
+ STACK_DELETE:
+ type: boolean
+ default: 'true'
+ description: Whether to delete stacks ater tests
+ APTLY_PREFIX:
+ type: string
+ default: "oscc-dev"
+ description: Aptly prefix
+ SOURCE_REPO_NAME:
+ type: string
+ description: "Name of the repo where packages are stored"
+ default: "ubuntu-xenial-salt"
+ DEPLOY_JOB:
+ type: string
+ default: "deploy-heat-k8s_ha_calico"
diff --git a/jenkins/client/job/k8s-test/mcp-k8s-merge-pipeline.yml b/jenkins/client/job/k8s-test/mcp-k8s-merge-pipeline.yml
index f209aa2..e7697a0 100644
--- a/jenkins/client/job/k8s-test/mcp-k8s-merge-pipeline.yml
+++ b/jenkins/client/job/k8s-test/mcp-k8s-merge-pipeline.yml
@@ -1,4 +1,6 @@
parameters:
+ _param:
+ mcp_docker_registry: 'docker-dev-local.docker.mirantis.net'
jenkins:
client:
job:
@@ -32,5 +34,5 @@
param:
KUBE_DOCKER_REGISTRY:
type: string
- default: 'docker-dev-local.docker.mirantis.net'
+ default: ${_param:mcp_docker_registry}
description: 'Docker registry for binaries and images'
diff --git a/jenkins/client/job/k8s-test/mcp-k8s-test-pipeline.yml b/jenkins/client/job/k8s-test/mcp-k8s-test-pipeline.yml
index 0fdbbfe..99a3884 100644
--- a/jenkins/client/job/k8s-test/mcp-k8s-test-pipeline.yml
+++ b/jenkins/client/job/k8s-test/mcp-k8s-test-pipeline.yml
@@ -1,4 +1,6 @@
parameters:
+ _param:
+ mcp_docker_registry: 'docker-dev-local.docker.mirantis.net'
jenkins:
client:
job:
@@ -41,7 +43,7 @@
param:
KUBE_DOCKER_REGISTRY:
type: string
- default: 'docker-dev-local.docker.mirantis.net'
+ default: ${_param:mcp_docker_registry}
description: 'Docker registry for binaries and images'
CALICO_DOCKER_REGISTRY:
type: string
diff --git a/jenkins/client/job/opencontrail/build/generic.yml b/jenkins/client/job/opencontrail/build/generic.yml
index 1506326..0f130c4 100644
--- a/jenkins/client/job/opencontrail/build/generic.yml
+++ b/jenkins/client/job/opencontrail/build/generic.yml
@@ -140,7 +140,7 @@
build:
keep_num: 5
artifact:
- keep_num: 5
+ keep_num: 2
type: workflow-scm
concurrent: true
quiet_period: 120
diff --git a/jenkins/client/job/oscore/cookiecutter.yml b/jenkins/client/job/oscore/cookiecutter.yml
index bc180b4..5ffe289 100644
--- a/jenkins/client/job/oscore/cookiecutter.yml
+++ b/jenkins/client/job/oscore/cookiecutter.yml
@@ -97,6 +97,8 @@
compare_type: 'REG_EXP'
branches:
- master
+ - compare_type: ANT
+ name: release/*
skip_vote:
- successful
- failed
diff --git a/jenkins/client/job/oscore/qa.yml b/jenkins/client/job/oscore/qa.yml
index 13d0e76..f076a78 100644
--- a/jenkins/client/job/oscore/qa.yml
+++ b/jenkins/client/job/oscore/qa.yml
@@ -70,8 +70,8 @@
project:
mcp/{{oscore-qa-project}}:
branches:
- - compare_type: "PLAIN"
- name: "master"
+ - master
+ - pike
event:
patchset:
- created
diff --git a/jenkins/client/job/oscore/salt_virtual_models.yml b/jenkins/client/job/oscore/salt_virtual_models.yml
index 4377a7f..49ef6df 100644
--- a/jenkins/client/job/oscore/salt_virtual_models.yml
+++ b/jenkins/client/job/oscore/salt_virtual_models.yml
@@ -35,6 +35,10 @@
type: string
description: "Heat stack zone where build stack"
default: "mcp-oscore-ci"
+ HEAT_STACK_ENVIRONMENT:
+ type: string
+ description: "Heat stack env parameters for deployment"
+ default: "devcloud"
STACK_RECLASS_ADDRESS:
type: string
default: 'https://gerrit.mcp.mirantis.net/salt-models/mcp-virtual-lab'
@@ -105,6 +109,30 @@
type: boolean
description: Whether to use container with rally
default: "false"
+ TEST_PASS_THRESHOLD:
+ type: string
+ description: Tests pass rate to consider build successful
+ default: "96"
+ FAIL_ON_TESTS:
+ type: boolean
+ default: 'true'
+ description: Whether to fail build on test results
+ TEST_PATTERN:
+ type: string
+ description: Run tests matched to pattern only
+ default: ''
+ TEST_MILESTONE:
+ type: string
+ description: Product milestone
+ default: 'MCP1.1'
+ TESTRAIL:
+ type: boolean
+ description: Whether to upload results to testrail or not
+ default: "false"
+ OPENSTACK_VERSION:
+ type: string
+ description: Version of openstack to test
+ default: ""
scm:
script: test-virtual-model-pipeline.groovy
type: git
diff --git a/jenkins/client/job/oscore/test_upgrades.yml b/jenkins/client/job/oscore/test_upgrades.yml
index 27619e3..26a9960 100644
--- a/jenkins/client/job/oscore/test_upgrades.yml
+++ b/jenkins/client/job/oscore/test_upgrades.yml
@@ -33,6 +33,10 @@
FLAVOR_PREFIX:
type: string
default: 'dev'
+ STACK_DELETE:
+ type: boolean
+ default: 'true'
+ description: Don't enable it if you need to use the lab after
TEST_SCHEME:
type: string
description: "Yaml based scheme to be applied in testing"
diff --git a/jenkins/client/job/oscore/tests.yml b/jenkins/client/job/oscore/tests.yml
index af33cc1..f4fb7e0 100644
--- a/jenkins/client/job/oscore/tests.yml
+++ b/jenkins/client/job/oscore/tests.yml
@@ -35,10 +35,6 @@
type: string
description: Version of openstack to test
default: "{{openstack_version}}"
- PROJECT:
- type: string
- description: Project to test
- default: "all"
STACK_TEST_JOB:
type: string
description: Job for environment deployment
@@ -144,10 +140,6 @@
type: string
default: "salt-qa-credentials"
description: Jenkins credential ID for Salt master
- USE_RALLY:
- type: boolean
- description: Whether to use container with rally
- default: "{{use_rally}}"
TEST_MILESTONE:
type: string
description: Product milestone
@@ -182,10 +174,6 @@
type: string
description: Version of openstack to test
default: "{{openstack_version}}"
- PROJECT:
- type: string
- description: Project to test
- default: "all"
STACK_TEST_JOB:
type: string
description: Job for environment deployment
@@ -287,10 +275,6 @@
type: string
default: "salt-qa-credentials"
description: Jenkins credential ID for Salt master
- USE_RALLY:
- type: boolean
- description: Whether to use container with rally
- default: "{{use_rally}}"
test-runner-template:
name: "{{job_prefix}}-{{test_type}}-runner"
template:
@@ -320,9 +304,6 @@
OPENSTACK_VERSION:
type: string
description: Version of openstack to test
- PROJECT:
- type: string
- description: Name of project being tested
PROC_RESULTS_JOB:
type: string
description: Job for results processing
@@ -360,9 +341,6 @@
TEST_PATTERN:
type: string
description: Run tests matched to pattern only
- TEST_SET:
- type: string
- description: Run tests matched by tempest set only
TEST_CONCURRENCY:
type: string
description: How much test threads to run
@@ -386,10 +364,6 @@
type: boolean
description: Whether to use pepper to connect to salt master
default: 'false'
- USE_RALLY:
- type: boolean
- description: Whether to use container with rally
- default: 'true'
results-checker-template:
name: "{{job_prefix}}-{{test_type}}-results-checker"
template:
diff --git a/jenkins/client/job/salt-formulas/git-mirrors/2way.yml b/jenkins/client/job/salt-formulas/git-mirrors/2way.yml
index d8e9f22..cae768a 100644
--- a/jenkins/client/job/salt-formulas/git-mirrors/2way.yml
+++ b/jenkins/client/job/salt-formulas/git-mirrors/2way.yml
@@ -275,6 +275,9 @@
- name: openvstorage
branches: ${_param:salt_formulas_branches}
notification_recipients: ${_param:salt_formulas_notification_recipients}
+ - name: oslo-templates
+ branches: ${_param:salt_formulas_branches}
+ notification_recipients: ${_param:salt_formulas_notification_recipients}
- name: owncloud
branches: ${_param:salt_formulas_branches}
notification_recipients: ${_param:salt_formulas_notification_recipients}
diff --git a/jenkins/client/job/salt-formulas/release.yml b/jenkins/client/job/salt-formulas/release.yml
index fe6df5e..eca83f6 100644
--- a/jenkins/client/job/salt-formulas/release.yml
+++ b/jenkins/client/job/salt-formulas/release.yml
@@ -5,6 +5,11 @@
release-salt-formulas:
type: workflow-scm
concurrent: false
+ discard:
+ build:
+ keep_num: 10
+ artifact:
+ keep_num: 10
scm:
type: git
url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
diff --git a/jenkins/client/job/salt-formulas/tests.yml b/jenkins/client/job/salt-formulas/tests.yml
index 1c9f4fb..ca8d0a5 100644
--- a/jenkins/client/job/salt-formulas/tests.yml
+++ b/jenkins/client/job/salt-formulas/tests.yml
@@ -10,6 +10,7 @@
- name: aptcacher
- name: aptly
- name: artifactory
+ - name: auditd
- name: avinetworks
- name: backupninja
- name: barbican
@@ -63,6 +64,7 @@
- name: jenkins
- name: kedb
- name: keepalived
+ - name: keycloak
- name: keystone
- name: kibana
- name: kubernetes
@@ -158,7 +160,7 @@
param:
SALT_VERSION:
type: string
- default: ""
+ default: "2017.7.7"
description: "Version of salt for use in test, empty string means latest (default)"
SALT_OPTS:
type: string
@@ -181,6 +183,7 @@
RUN_TEST_IN_DOCKER:
type: boolean
description: "Run test stage in docker environment"
+ default: 'true'
SMOKE_TEST_DOCKER_IMG:
type: string
default: "ubuntu:16.04"
diff --git a/jenkins/client/job/salt-models/generate.yml b/jenkins/client/job/salt-models/generate.yml
index 686e74d..73f815d 100644
--- a/jenkins/client/job/salt-models/generate.yml
+++ b/jenkins/client/job/salt-models/generate.yml
@@ -10,6 +10,11 @@
template:
type: workflow-scm
concurrent: true
+ discard:
+ build:
+ keep_num: 10
+ artifact:
+ keep_num: 10
display_name: "Generate reclass cluster {{cookiecutter_template}}"
scm:
type: git
@@ -27,4 +32,8 @@
type: string
TEST_MODEL:
type: boolean
- default: false
+ default: true
+ RECLASS_VERSION:
+ type: string
+ default: 'v1.5.4'
+ description: "Version (branch) of Reclass we will use.pip+git package"
diff --git a/jenkins/client/job/salt-models/git-mirrors.yml b/jenkins/client/job/salt-models/git-mirrors.yml
index a04043b..f567ba8 100644
--- a/jenkins/client/job/salt-models/git-mirrors.yml
+++ b/jenkins/client/job/salt-models/git-mirrors.yml
@@ -9,6 +9,11 @@
template:
type: workflow-scm
concurrent: false
+ discard:
+ build:
+ keep_num: 10
+ artifact:
+ keep_num: 10
scm:
type: git
url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
diff --git a/jenkins/client/job/salt-models/tests.yml b/jenkins/client/job/salt-models/tests.yml
index c820d26..983a88b 100644
--- a/jenkins/client/job/salt-models/tests.yml
+++ b/jenkins/client/job/salt-models/tests.yml
@@ -217,6 +217,8 @@
salt-models/{{name}}:
branches:
- master
+ - compare_type: ANT
+ name: release/*
event:
comment:
- addedContains:
@@ -260,6 +262,8 @@
mk/{{cookiecutter_template}}:
branches:
- master
+ - compare_type: ANT
+ name: release/*
event:
comment:
- addedContains:
@@ -294,7 +298,11 @@
default: "1"
EXTRA_FORMULAS:
type: string
- default: "aptly artifactory auditd backupninja collectd devops-portal docker elasticsearch fluentd freeipa gerrit glusterfs grafana haproxy heka horizon influxdb jenkins keepalived kibana libvirt maas memcached mysql nginx ntp openldap openssh postfix prometheus rsync rsyslog rundeck sensu sphinx telegraf xtrabackup watchdog"
+ default: "aptly artifactory auditd backupninja collectd devops-portal docker elasticsearch fluentd freeipa gerrit glusterfs grafana haproxy heka horizon influxdb jenkins keepalived kibana libvirt maas memcached mysql nginx ntp openldap openssh postfix prometheus rsync rsyslog rundeck sensu sphinx telegraf xtrabackup watchdog logrotate"
+ RECLASS_VERSION:
+ type: string
+ default: 'v1.5.4'
+ description: "Version (branch) of Reclass we will use"
job:
test-salt-model-node:
name: test-salt-model-node
@@ -371,3 +379,28 @@
APT_REPOSITORY_GPG:
type: string
default: ""
+ test-mk-cookiecutter-templates-chunk:
+ name: test-mk-cookiecutter-templates-chunk
+ discard:
+ build:
+ keep_num: 300
+ artifact:
+ keep_num: 30
+ type: workflow-scm
+ concurrent: true
+ plugin_properties:
+ throttleconcurrents:
+ enabled: true
+ throttle_option: category
+ categories:
+ - test-model
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+ branch: "${_param:jenkins_pipelines_branch}"
+ credentials: "gerrit"
+ script: test-cookiecutter-reclass-chunk.groovy
+ param:
+ EXTRA_VARIABLES_YAML:
+ type: string
+ default: ""
diff --git a/jenkins/client/job/stacklight/cookiecutter.yml b/jenkins/client/job/stacklight/cookiecutter.yml
new file mode 100644
index 0000000..2cdfd07
--- /dev/null
+++ b/jenkins/client/job/stacklight/cookiecutter.yml
@@ -0,0 +1,61 @@
+parameters:
+ jenkins:
+ client:
+ job:
+ stacklight-test-cookiecutter-model:
+ display_name: stacklight-test-cookiecutter-model
+ name: stacklight-test-cookiecutter-model
+ concurrent: true
+ description: Test specified cookiecutter context
+ discard:
+ build:
+ keep_num: 60
+ artifact:
+ keep_num: 60
+ type: workflow-scm
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/openstack-ci/openstack-pipelines"
+ credentials: "gerrit"
+ branch: 'master'
+ script: test-cookiecutter-model-pipeline.groovy
+ param:
+ CREDENTIALS_ID:
+ type: string
+ description: "ID of jenkins credentials for connecting to gerrit"
+ default: "gerrit"
+ COOKIECUTTER_TEMPLATE_CONTEXT_FILE:
+ type: choice
+ description: "Context for cookiecutter template specified as filename"
+ default: 'stacklight-openstack-ovs-pike'
+ OPENSTACK_API_PROJECT:
+ type: string
+ default: "mcp-stacklight"
+ HEAT_STACK_ZONE:
+ type: string
+ default: "mcp-stacklight"
+ FLAVOR_PREFIX:
+ type: string
+ default: 'dev'
+ RUN_SMOKE:
+ type: boolean
+ description: "Run smoke after deployment or not (bool)"
+ default: 'false'
+ COOKIECUTTER_EXTRA_CONTEXT:
+ type: text
+ description: "Extra context items, will be merged to COOKIECUTTER_TEMPLATE_CONTEXT_FILE"
+ default: |-
+ #Extra context that will be merged with content of COOKIECUTTER_TEMPLATE_CONTEXT_FILE
+ default_context:
+ openssh_groups: "qa_scale,oscore_devops,networking,tcpcloud,stacklight,k8s_team"
+ cookiecutter_template_url: https://gerrit.mcp.mirantis.net/mk/cookiecutter-templates.git
+ cookiecutter_template_branch: 'master'
+ shared_reclass_url: https://gerrit.mcp.mirantis.net/salt-models/reclass-system.git
+ shared_reclass_branch: 'master'
+ STACK_INSTALL:
+ type: string
+ default: 'core,openstack,ovs,stacklight'
+ STACK_DELETE:
+ type: boolean
+ description: "Delete Heat stack when finished (bool)"
+ default: 'false'
diff --git a/jenkins/client/job/stacklight/init.yml b/jenkins/client/job/stacklight/init.yml
new file mode 100644
index 0000000..6d8f563
--- /dev/null
+++ b/jenkins/client/job/stacklight/init.yml
@@ -0,0 +1,2 @@
+classes:
+ - system.jenkins.client.job.stacklight.cookiecutter
diff --git a/jenkins/client/job/test_pipelines.yml b/jenkins/client/job/test_pipelines.yml
index 2b0fabe..4d661da 100644
--- a/jenkins/client/job/test_pipelines.yml
+++ b/jenkins/client/job/test_pipelines.yml
@@ -1,4 +1,6 @@
parameters:
+ _param:
+ mcp_docker_registry: 'docker-dev-local.docker.mirantis.net'
jenkins:
client:
job_template:
@@ -11,6 +13,8 @@
repo: mcp-ci/pipeline-library
- name: oss-jenkins-pipelines
repo: oss/jenkins/pipelines
+ - name: map-map-pipelines
+ repo: map/map-pipelines
template:
discard:
build:
@@ -31,6 +35,8 @@
"{{repo}}":
branches:
- master
+ - compare_type: ANT
+ name: release/*
event:
patchset:
- created:
@@ -46,7 +52,7 @@
default: "gerrit"
GRADLE_IMAGE:
type: string
- default: "docker-dev-local.docker.mirantis.net/mirantis/cicd/niaquinto_gradle"
+ default: "${_param:mcp_docker_registry}/mirantis/cicd/niaquinto_gradle"
GRADLE_CMD:
type: string
default: "check --info"
diff --git a/jenkins/client/job/validate.yml b/jenkins/client/job/validate.yml
index 32b0c0f..6187e93 100644
--- a/jenkins/client/job/validate.yml
+++ b/jenkins/client/job/validate.yml
@@ -2,6 +2,7 @@
_param:
jenkins_salt_api_url: "http://${_param:salt_master_host}:6969"
cvp_sanity_default_repo: "https://github.com/Mirantis/cvp-sanity-checks"
+ mcp_docker_registry: 'docker-prod-local.artifactory.mirantis.com'
jenkins:
client:
view:
@@ -37,7 +38,7 @@
description: Credentials to the Salt API
TEST_IMAGE:
type: string
- default: "docker-prod-local.artifactory.mirantis.com/mirantis/oss/qa-tools"
+ default: "${_param:mcp_docker_registry}/mirantis/oss/qa-tools"
description: Docker image to setup testing environment
TARGET_NODE:
type: string
@@ -148,6 +149,30 @@
type: boolean
default: 'true'
description: If chosen then previous build results will be used in the current build
+ RALLY_PLUGINS_REPO:
+ type: string
+ default: ""
+ description: Git repository with Rally plugins
+ RALLY_PLUGINS_BRANCH:
+ type: string
+ default: ""
+ description: Git branch which will be used during the checkout
+ K8S_RALLY:
+ type: boolean
+ default: 'false'
+ description: If chosen then K8S Rally test will be executed
+ JOB_TIMEOUT:
+ type: string
+ default: "3"
+ description: Job timeout in hours
+ REPORT_DIR:
+ type: string
+ default: ""
+ description: Path for reports outside docker image
+ SKIP_LIST:
+ type: string
+ description: "Skip list for Rally test"
+ default: ""
cvp-sanity:
type: workflow-scm
name: cvp-sanity
@@ -182,12 +207,12 @@
description: e.g. skipped_nodes=nal01.local.com,ntw01.local.com
TESTS_SET:
type: string
- default: "cvp-sanity-check/cvp_checks/tests/"
- description: Leave empty for full run or choose a file, e.g. test_mtu.py
+ default: "cvp-sanity-checks/cvp_checks/tests/"
+ description: "Leave as is for full run or add a filename, e.g. _default_path_/test_mtu.py"
PROXY:
type: string
default: ""
- description: Proxy address to clone repo and install python requirements
+ description: "Proxy address to use to access the Internet. For offline mode, use \"offline\" value."
cvp-func:
type: workflow-scm
name: cvp-func
@@ -222,16 +247,16 @@
description: Credentials to the Salt API
TEST_IMAGE:
type: string
- default: "xrally/xrally-openstack:0.9.1"
+ default: "xrally/xrally-openstack:0.9.2"
description: Docker image to use for running Rally/Tempest
TARGET_NODE:
type: string
- default: "${_param:cicd_control_node03_hostname}.${_param:cluster_domain}"
+ default: ""
description: Node where container with Tempest will be run
PROXY:
type: string
default: ""
- description: Proxy address to clone repo and install python requirements
+ description: "Proxy address to use to access the Internet. For offline mode, use \"offline\" value."
TEMPEST_TEST_PATTERN:
type: string
default: "set=smoke"
@@ -277,11 +302,11 @@
description: Credentials to the Salt API
TEMPEST_TARGET_NODE:
type: string
- default: "${_param:cicd_control_node03_hostname}.${_param:cluster_domain}"
+ default: ""
description: Node where container with tempest will be run
TEST_IMAGE:
type: string
- default: "xrally/xrally-openstack:0.9.1"
+ default: "xrally/xrally-openstack:0.9.2"
description: Docker image to use for running Rally/Tempest
TARGET_NODES:
type: string
@@ -302,7 +327,7 @@
PROXY:
type: string
default: ""
- description: Proxy address to clone repo and install python requirements
+ description: "Proxy address to use to access the Internet. For offline mode, use \"offline\" value."
TEMPEST_TEST_PATTERN:
type: string
default: "set=smoke"
@@ -345,7 +370,7 @@
description: Path to scenario file in container
TEST_IMAGE:
type: string
- default: "xrally/xrally-openstack:0.9.1"
+ default: "xrally/xrally-openstack:0.9.2"
description: Docker image to use for running Rally/Tempest
SALT_MASTER_URL:
type: string
@@ -357,14 +382,16 @@
description: Credentials to the Salt API
TARGET_NODE:
type: string
- default: "${_param:cicd_control_node03_hostname}.${_param:cluster_domain}"
+ default: ""
description: Node where docker container with Rally will be run
TOOLS_REPO:
type: string
default: "https://github.com/Mirantis/cvp-configuration"
+ description: URL of repo where testing tools, scenarios, configs are located.
PROXY:
type: string
default: ""
+ description: "Proxy address to use to access the Internet. For offline mode, use \"offline\" value."
cvp-stacklight:
type: workflow-scm
name: cvp-stacklight
@@ -391,7 +418,7 @@
default: "salt"
TESTS_REPO:
type: string
- default: "https://github.com/legan4ik/stacklight-pytest"
+ default: "https://github.com/Mirantis/stacklight-pytest -b cvp_stacklight"
description: Url for cvp-stacklight-tests
TESTS_SETTINGS:
type: string
@@ -400,11 +427,11 @@
TESTS_SET:
type: string
default: "stacklight-pytest/stacklight_tests/tests/prometheus/"
- description: "Leave empty for full run or choose a file, e.g. test_dashboards.py"
+ description: "Leave as is for full run or add a filename, e.g. _default_path_/test_dashboards.py"
PROXY:
type: string
default: ""
- description: Proxy address to clone repo and install python requirements
+ description: "Proxy address to use to access the Internet. For offline mode, use \"offline\" value."
cvp-spt:
type: workflow-scm
name: cvp-spt
@@ -440,8 +467,8 @@
TESTS_SET:
type: string
default: "cvp-spt/cvp_spt/tests/"
- description: "Leave empty for full run or choose a file, e.g. test_glance.py"
+ description: "Leave as is for full run or add a filename, e.g. _default_path_/test_glance.py"
PROXY:
type: string
default: ""
- description: Proxy address to clone repo and install python requirements
+ description: "Proxy address to use to access the Internet. For offline mode, use \"offline\" value."
diff --git a/jenkins/client/job/vnf-onboarding/init.yml b/jenkins/client/job/vnf-onboarding/init.yml
index 69b4f4d..60f9ce1 100644
--- a/jenkins/client/job/vnf-onboarding/init.yml
+++ b/jenkins/client/job/vnf-onboarding/init.yml
@@ -1,15 +1,15 @@
classes:
- system.jenkins.client.job.vnf-onboarding.deploy_cloudify
-
parameters:
_param:
cluster_public_protocol: https
+ mcp_docker_registry: 'docker-dev-local.docker.mirantis.net'
vnf_gerrit_credentials: "gerrit"
vnf_openstack_api_url: "${_param:cluster_public_protocol}://${_param:cluster_public_host}:5000/v2.0"
vnf_openstack_api_credentials: "test-openstack"
vnf_openstack_api_admin_credentials: "admin-openstack"
vnf_openstack_ssh_key_credentials: "openstack_key"
vnf_elastic_url: "${_param:stacklight_log_address}:${_param:cluster_elasticsearch_port}"
- vnf_docker_registry_path: "docker-dev-local.docker.mirantis.net/mirantis/vnf-onboarding"
+ vnf_docker_registry_path: "${_param:mcp_docker_registry}/mirantis/vnf-onboarding"
vnf_artifactory_url: "https://artifactory.mcp.mirantis.net/artifactory/vnf-onboarding-sandbox"
contrail_api_url: "http://127.0.0.1:8082"
diff --git a/jenkins/client/job/vnf-onboarding/test_metaswitch_vsbc.yml b/jenkins/client/job/vnf-onboarding/test_metaswitch_vsbc.yml
index 8720fb1..e480d46 100644
--- a/jenkins/client/job/vnf-onboarding/test_metaswitch_vsbc.yml
+++ b/jenkins/client/job/vnf-onboarding/test_metaswitch_vsbc.yml
@@ -6,8 +6,8 @@
job:
test_metaswitch_vnf:
type: workflow-scm
- name: test_metaswitch_vnf
- display_name: "Onboarding tests for Metaswitch vSBC VNF"
+ name: test_metaswitch_vnf_ee
+ display_name: "Onboarding tests for Metaswitch vSBC VNF against CFY Enterprise Edition"
discard:
build:
keep_num: 20
@@ -50,7 +50,7 @@
default: "${_param:vnf_openstack_api_credentials}"
OPENSTACK_API_TENANT:
type: string
- default: "test"
+ default: "test-metaswitch"
GERRIT_CREDENTIALS:
type: string
default: "${_param:vnf_gerrit_credentials}"
@@ -79,11 +79,11 @@
default: "${_param:contrail_api_url}"
SETUP_OWN_CLOUDIFY:
type: boolean
- description: "Use temporary private Cloudify instance"
- default: false
+ description: "Use temporary private Cloudify instance. Metaswitch vSBC can work only with its own CFY instance"
+ default: true
CLOUDIFY_MANAGER_IP:
type: string
- description: "IP address of extrenal Cloudify. \"auto\" refers to address of deploy_cloudify job Cloudify instance"
+ description: "IP address of external Cloudify. \"auto\" refers to address of deploy_cloudify_enterprise job Cloudify instance"
default: "auto"
CLOUDIFY_MANAGER_OPTIONS:
type: string
@@ -97,6 +97,13 @@
type: string
description: "Parameters for cloudify agent VMs."
default: "CFY_AGENT_NET=cfm-net-shared CFY_AGENT_FLAVOR=cfy.agent CFY_AGENT_BACKEND_FLAVOR=backend.metaswitch CFY_AGENT_IMAGE=agent_vm CFY_AGENT_BASE_IMAGE=base_agent_vm CFY_AGENT_BACKEND_IMAGE=base_backend_vm"
+ CLOUDIFY_MANAGER_VERSION:
+ type: choice
+ choices:
+ - enterprise
+ - community
+ default: "enterprise"
+ description: "CFY edition version, make sure that it is consistent with CFY Manager image"
VNF_ARTIFACTORY_URL:
type: string
default: "${_param:vnf_artifactory_url}"
@@ -116,14 +123,14 @@
VNF_PLUGINS:
type: string
description: "Plugins to fetch from artifactory and install during build package step"
- default: "vnf_onboarding_tools-0.1-py27-none-linux_x86_64_Ubuntu_xenial"
+ default: "vnf_onboarding_tools-0.2-py27-none-linux_x86_64_CentOS_Core, cloudify_diamond_plugin-1.3.8-py27-none-linux_x86_64-centos-Core, metaswitch_deployment_plugin-2.1.0-py27-none-linux_x86_64-centos-Core"
VNF_OPTIONS:
type: string
- default: ""
+ default: "METASWITCH_VSBS_BPS=mirantis-blueprint-insecure-withoutsas-newlicense.tar DCM_IMAGE_NAME=MSwVA-DCM-V3.3 MDM_IMAGE_NAME=MSwVA-MDM-centos PERIMETA_IMAGE_NAME=MSwVA-Perimeta-V4.3.50_SU42_P252"
VNF_DOCKER_CLI_PLATFORM:
type: string
default: "ubuntu"
- CLOUDIFY_DEPLOYMENT_TIMEOUT:
+ VNF_DEPLOYMENT_TIMEOUT:
type: string
description: "Set up timeout for cloudify deployment (depends on each VNF specific and network throughput)."
default: 7200
diff --git a/jenkins/client/plugins/init.yml b/jenkins/client/plugins/init.yml
new file mode 100644
index 0000000..903aae3
--- /dev/null
+++ b/jenkins/client/plugins/init.yml
@@ -0,0 +1,46 @@
+parameters:
+ jenkins:
+ client:
+ plugin:
+ antisamy-markup-formatter: {}
+ artifactory: {}
+ blueocean: {}
+ build-blocker-plugin: {}
+ build-monitor-plugin: {}
+ build-timeout: {}
+ build-user-vars-plugin: {}
+ categorized-view: {}
+ copyartifact: {}
+ description-setter: {}
+ discard-old-build: {}
+ docker-workflow: {}
+ email-ext: {}
+ envinject: {}
+ extended-choice-parameter: {}
+ extensible-choice-parameter: {}
+ gerrit-trigger: {}
+ git: {}
+ github: {}
+ heavy-job: {}
+ jobConfigHistory: {}
+ jira: {}
+ ldap: {}
+ lockable-resources: {}
+ matrix-auth: {}
+ monitoring: {}
+ multiple-scms: {}
+ performance: {}
+ permissive-script-security: {}
+ pipeline-utility-steps: {}
+ plot: {}
+ prometheus: {}
+ rebuild: {}
+ simple-theme-plugin: {}
+ slack: {}
+ ssh-agent: {}
+ test-stability: {}
+ throttle-concurrents: {}
+ workflow-cps: {}
+ workflow-remote-loader: {}
+ workflow-scm-step:
+ restart: true
diff --git a/jenkins/master/config.yml b/jenkins/master/config.yml
index 41e3ffb..0eb465c 100644
--- a/jenkins/master/config.yml
+++ b/jenkins/master/config.yml
@@ -1,11 +1,3 @@
-parameters:
- linux:
- system:
- config:
- jenkins_master:
- grains:
- fqdn: dummy
- pillar:
- jenkins:
- master:
- home: /srv/volumes/jenkins
\ No newline at end of file
+# Deprecated. Please remove this include
+# from you'r cluster.
+# Related-Bug: PROD-21889 (PROD:21889)
diff --git a/keystone/client/core.yml b/keystone/client/core.yml
index 899f4aa..8c73b16 100644
--- a/keystone/client/core.yml
+++ b/keystone/client/core.yml
@@ -3,12 +3,13 @@
parameters:
_param:
keystone_service_protocol: http
+###TODO: the section below should be removed in the future together with same related changes in cookiecutter-templates (control_init.yml)
linux:
system:
job:
keystone_job_rotate:
command: '/usr/bin/keystone-manage fernet_rotate --keystone-user keystone --keystone-group keystone >> /var/log/key_rotation_log 2>> /var/log/key_rotation_log'
- enabled: true
+ enabled: false
user: root
minute: 0
keystone:
diff --git a/keystone/client/single.yml b/keystone/client/single.yml
index ad2d55a..b8ab7f1 100644
--- a/keystone/client/single.yml
+++ b/keystone/client/single.yml
@@ -10,12 +10,13 @@
parameters:
_param:
keystone_service_protocol: http
+###TODO: the section below should be removed in the future together with same related changes in cookiecutter-templates (control_init.yml)
linux:
system:
job:
keystone_job_rotate:
command: '/usr/bin/keystone-manage fernet_rotate --keystone-user keystone --keystone-group keystone >> /var/log/key_rotation_log 2>> /var/log/key_rotation_log'
- enabled: true
+ enabled: false
user: root
minute: 0
keystone:
diff --git a/keystone/server/cluster.yml b/keystone/server/cluster.yml
index 7e6980b..c9642bd 100644
--- a/keystone/server/cluster.yml
+++ b/keystone/server/cluster.yml
@@ -3,6 +3,8 @@
- service.keepalived.cluster.single
- system.haproxy.proxy.listen.openstack.keystone
- system.haproxy.proxy.listen.openstack.keystone.standalone
+- system.linux.system.users.keystone
+- system.keystone.server.fernet_rotation.cluster
parameters:
_param:
keystone_tokens_expiration: 3600
diff --git a/keystone/server/fernet_rotation/cluster.yml b/keystone/server/fernet_rotation/cluster.yml
new file mode 100644
index 0000000..a4aad33
--- /dev/null
+++ b/keystone/server/fernet_rotation/cluster.yml
@@ -0,0 +1,38 @@
+parameters:
+ _param:
+ fernet_rotation_driver: 'rsync'
+ credential_rotation_driver: 'rsync'
+ keystone:
+ server:
+ tokens:
+ fernet_sync_nodes_list:
+ sync_node01:
+ name: ${_param:cluster_node02_hostname}
+ enabled: True
+ sync_node02:
+ name: ${_param:cluster_node03_hostname}
+ enabled: True
+ fernet_rotation_driver: ${_param:fernet_rotation_driver}
+ credential:
+ credential_sync_nodes_list:
+ sync_node01:
+ name: ${_param:cluster_node02_hostname}
+ enabled: True
+ sync_node02:
+ name: ${_param:cluster_node03_hostname}
+ enabled: True
+ credential_rotation_driver: ${_param:credential_rotation_driver}
+ linux:
+ system:
+ job:
+ keystone_fernet_rotate_rsync:
+ command: '/var/lib/keystone/keystone_keys_rotate.sh -r -s -t fernet >> /var/log/keystone/keystone-rotate.log 2>> /var/log/keystone/keystone-rotate.log'
+ enabled: true
+ user: keystone
+ minute: 0
+ keystone_credential_rotate_rsync:
+ command: '/var/lib/keystone/keystone_keys_rotate.sh -r -s -t credential >> /var/log/keystone/keystone-rotate.log 2>> /var/log/keystone/keystone-rotate.log'
+ enabled: true
+ user: keystone
+ hour: 0
+ minute: 0
diff --git a/keystone/server/fernet_rotation/single.yml b/keystone/server/fernet_rotation/single.yml
new file mode 100644
index 0000000..de5ca6a
--- /dev/null
+++ b/keystone/server/fernet_rotation/single.yml
@@ -0,0 +1,24 @@
+parameters:
+ _param:
+ fernet_rotation_driver: 'rsync'
+ credential_rotation_driver: 'rsync'
+ keystone:
+ server:
+ tokens:
+ fernet_rotation_driver: ${_param:fernet_rotation_driver}
+ credential:
+ credential_rotation_driver: ${_param:credential_rotation_driver}
+ linux:
+ system:
+ job:
+ keystone_fernet_rotate_rsync:
+ command: '/var/lib/keystone/keystone_keys_rotate.sh -r -t fernet >> /var/log/keystone/keystone-rotate.log 2>> /var/log/keystone/keystone-rotate.log'
+ enabled: true
+ user: keystone
+ minute: 0
+ keystone_credential_rotate_rsync:
+ command: '/var/lib/keystone/keystone_keys_rotate.sh -r -t credential >> /var/log/keystone/keystone-rotate.log 2>> /var/log/keystone/keystone-rotate.log'
+ enabled: true
+ user: keystone
+ hour: 0
+ minute: 0
diff --git a/keystone/server/single.yml b/keystone/server/single.yml
index 2b1e89e..e1131c0 100644
--- a/keystone/server/single.yml
+++ b/keystone/server/single.yml
@@ -1,5 +1,7 @@
classes:
- service.keystone.server.single
+- system.linux.system.users.keystone
+- system.keystone.server.fernet_rotation.single
parameters:
_param:
keystone_service_token: token
diff --git a/keystone/server/wsgi.yml b/keystone/server/wsgi.yml
index 333cb76..df8af68 100644
--- a/keystone/server/wsgi.yml
+++ b/keystone/server/wsgi.yml
@@ -2,8 +2,9 @@
- system.apache.server.single
parameters:
_param:
- apache_keystone_ssl:
+ apache_ssl:
enabled: false
+ apache_keystone_ssl: ${_param:apache_ssl}
apache_keystone_api_host: ${linux:network:fqdn}
keystone:
server:
diff --git a/kubernetes/common.yml b/kubernetes/common.yml
index ddf6973..c178ced 100644
--- a/kubernetes/common.yml
+++ b/kubernetes/common.yml
@@ -1,27 +1,31 @@
parameters:
_param:
- kubernetes_calico_calicoctl_repo: docker-prod-virtual.docker.mirantis.net/mirantis/projectcalico/calico
- kubernetes_calico_repo: docker-prod-virtual.docker.mirantis.net/mirantis/projectcalico/calico
- kubernetes_calico_cni_repo: docker-prod-virtual.docker.mirantis.net/mirantis/projectcalico/calico
- kubernetes_hyperkube_repo: docker-prod-virtual.docker.mirantis.net/mirantis/kubernetes
- kubernetes_contrail_cni_repo: docker-prod-virtual.docker.mirantis.net/mirantis/kubernetes
- kubernetes_contrail_network_controller_repo: docker-prod-virtual.docker.mirantis.net/mirantis/kubernetes/contrail-integration
+ mcp_docker_registry: 'docker-prod-local.artifactory.mirantis.com'
+ kubernetes_calico_calicoctl_repo: ${_param:mcp_docker_registry}/mirantis/projectcalico/calico
+ kubernetes_calico_repo: ${_param:mcp_docker_registry}/mirantis/projectcalico/calico
+ kubernetes_calico_cni_repo: ${_param:mcp_docker_registry}/mirantis/projectcalico/calico
+ kubernetes_calico_kube_ctl_repo: ${_param:mcp_docker_registry}/mirantis/projectcalico/calico
+ kubernetes_hyperkube_repo: ${_param:mcp_docker_registry}/mirantis/kubernetes
+ kubernetes_contrail_cni_repo: ${_param:mcp_docker_registry}/mirantis/kubernetes
+ kubernetes_contrail_network_controller_repo: ${_param:mcp_docker_registry}/mirantis/kubernetes/contrail-integration
kubernetes_netchecker_agent_repo: mirantis
kubernetes_netchecker_server_repo: mirantis
kubernetes_virtlet_repo: mirantis
kubernetes_kubedns_repo: gcr.io/google_containers
kubernetes_externaldns_repo: mirantis
- kubernetes_genie_repo: https://artifactory.mcp.mirantis.net/artifactory/binary-prod-local/mirantis/kubernetes/cni-genie
+ kubernetes_genie_repo: https://docker-prod-local.artifactory.mirantis.com/artifactory/binary-prod-local/mirantis/kubernetes/cni-genie
kubernetes_flannel_repo: quay.io/coreos
kubernetes_metallb_repo: metallb
- kubernetes_sriov_repo: https://artifactory.mcp.mirantis.net/artifactory/binary-prod-local/mirantis/kubernetes/sriov-cni
- kubernetes_cniplugins_repo: https://artifactory.mcp.mirantis.net/artifactory/binary-prod-local/mirantis/kubernetes/containernetworking-plugins
+ kubernetes_sriov_repo: https://docker-prod-local.artifactory.mirantis.com/artifactory/binary-prod-local/mirantis/kubernetes/sriov-cni
+ kubernetes_cniplugins_repo: https://docker-prod-local.artifactory.mirantis.com/artifactory/binary-prod-local/mirantis/kubernetes/containernetworking-plugins
+ kubernetes_dashboard_repo: k8s.gcr.io
# component docker images
kubernetes_docker_package: docker-engine=1.13.1-0~ubuntu-xenial
- kubernetes_calico_calicoctl_image: ${_param:kubernetes_calico_calicoctl_repo}/ctl:v1.6.4
- kubernetes_calico_image: ${_param:kubernetes_calico_repo}/node:v2.6.10
- kubernetes_calico_cni_image: ${_param:kubernetes_calico_cni_repo}/cni:v1.11.6
+ kubernetes_calico_calicoctl_image: ${_param:kubernetes_calico_calicoctl_repo}/ctl:v3.1.3
+ kubernetes_calico_image: ${_param:kubernetes_calico_repo}/node:v3.1.3
+ kubernetes_calico_cni_image: ${_param:kubernetes_calico_cni_repo}/cni:v3.1.3
+ kubernetes_calico_kube_controllers_image: ${_param:kubernetes_calico_kube_ctl_repo}/kube-controllers:v3.1.3
kubernetes_hyperkube_image: ${_param:kubernetes_hyperkube_repo}/hyperkube-amd64:v1.10.4-4
kubernetes_pause_image: ${_param:kubernetes_hyperkube_repo}/pause-amd64:v1.10.4-4
kubernetes_contrail_cni_image: ${_param:kubernetes_contrail_cni_repo}/contrail-cni:v1.2.0
@@ -45,8 +49,13 @@
kubernetes_sriov_source_hash: md5=c0cc33202afd02e4cc44b977a8faf6e7
kubernetes_cniplugins_source: ${_param:kubernetes_cniplugins_repo}/cni-plugins_v0.7.1-48-g696b1f9.tar.gz
kubernetes_cniplugins_source_hash: md5=5ec1cf5e989097c6127ea5365e277b02
+ kubernetes_dashboard_image: ${_param:kubernetes_dashboard_repo}/kubernetes-dashboard-amd64:v1.8.3
+ kubernetes_fluentd_aggregator_image: fluent/fluentd-kubernetes-daemonset:v1.2-debian-elasticsearch
+ kubernetes_fluentd_logger_image: fluent/fluentd-kubernetes-daemonset:v1.2-debian-stackdriver
+ kubernetes_telegraf_image: docker.io/telegraf:1.5.3
kubelet_fail_on_swap: true
+ kubernetes_dashboard_enabled: true
kubernetes_kubedns_enabled: true
kubernetes_externaldns_enabled: false
kubernetes_coredns_enabled: false
@@ -59,6 +68,64 @@
kubernetes_contrail_network_controller_enabled: false
kubernetes_metallb_enabled: false
kubernetes_sriov_enabled: false
+ kubernetes_fluentd_enabled: false
+ kubernetes_telegraf_enabled: false
+
+ # the rest of fluentd related params, the non bools
+ kubernetes_fluentd_namespace: stacklight
+ kubernetes_fluentd_aggregator_resources_limits_memory: 500Mi
+ kubernetes_fluentd_aggregator_resources_requests_memory: 500Mi
+ kubernetes_fluentd_aggregator_config_forward_input_bind_port: 24224
+ kubernetes_fluentd_aggregator_config_general_time_format: '%Y-%m-%dT%H:%M:%S.%N%z'
+ kubernetes_fluentd_aggregator_config_systemd_filter_docker_parse_format: /^time="(?<time>[^)]*)" level=(?<severity>[^ ]*) msg="(?<message>[^"]*)"( err="(?<error>[^"]*)")?( statusCode=($<status_code>\d+))?/
+ kubernetes_fluentd_aggregator_config_output_log_level: 'info'
+ kubernetes_fluentd_aggregator_config_output_logstash_format: true
+ kubernetes_fluentd_aggregator_config_output_logstash_prefix: 'log'
+ kubernetes_fluentd_aggregator_config_output_logstash_dateformat: '%Y.%m.%d'
+ kubernetes_fluentd_aggregator_config_output_num_threads: 8
+ kubernetes_fluentd_aggregator_config_output_max_retry_wait: 30
+ kubernetes_fluentd_aggregator_config_output_flush_interval: '10s'
+ kubernetes_fluentd_aggregator_config_output_buffer_chunk_limit: '2m'
+ kubernetes_fluentd_aggregator_config_output_buffer_queue_limit: 32
+ kubernetes_fluentd_aggregator_config_output_request_timeout: '10s'
+ kubernetes_fluentd_aggregator_config_output_es_host: 127.0.0.1
+ kubernetes_fluentd_aggregator_config_output_es_port: 9200
+ kubernetes_fluentd_aggregator_config_output_es_scheme: http
+
+ kubernetes_fluentd_logger_resources_limits_memory: 500Mi
+ kubernetes_fluentd_logger_resources_requests_memory: 500Mi
+ kubernetes_fluentd_logger_config_kubernetes_input_time_format: '%Y-%m-%dT%H:%M:%S.%NZ'
+ kubernetes_fluentd_logger_config_forward_output_require_ack_response: true
+ kubernetes_fluentd_logger_config_forward_output_ack_response_timeout: 30
+ kubernetes_fluentd_logger_config_forward_output_recover_wait: '10s'
+ kubernetes_fluentd_logger_config_forward_output_heartbeat_interval: '1s'
+ kubernetes_fluentd_logger_config_forward_output_phi_threshold: 16
+ kubernetes_fluentd_logger_config_forward_output_send_timeout: '10s'
+ kubernetes_fluentd_logger_config_forward_output_hard_timeout: '10s'
+ kubernetes_fluentd_logger_config_forward_output_expire_dns_cache: 15
+ kubernetes_fluentd_logger_config_forward_output_heartbeat_type: 'tcp'
+ kubernetes_fluentd_logger_config_forward_output_buffer_chunk_limit: '2M'
+ kubernetes_fluentd_logger_config_forward_output_buffer_queue_limit: 32
+ kubernetes_fluentd_logger_config_forward_output_flush_interval: '5s'
+ kubernetes_fluentd_logger_config_forward_output_max_retry_wait: 15
+ kubernetes_fluentd_logger_config_forward_output_num_threads: 8
+
+ # telegraf stuff
+ kubernetes_telegraf_namespace: stacklight
+ kubernetes_telegraf_resources_limits_memory: 500Mi
+ kubernetes_telegraf_resources_requests_memory: 500Mi
+ kubernetes_telegraf_agent_interval: 15
+ kubernetes_telegraf_agent_round_interval: false
+ kubernetes_telegraf_agent_metric_batch_size: 1000
+ kubernetes_telegraf_agent_metric_buffer_limit: 10000
+ kubernetes_telegraf_agent_collection_jitter: 2
+ kubernetes_telegraf_agent_flush_interval: 10
+ kubernetes_telegraf_agent_flush_jitter: 2
+ kubernetes_telegraf_agent_precision: ms
+ kubernetes_telegraf_agent_logfile: etc/telegraf/log
+ kubernetes_telegraf_agent_debug: false
+ kubernetes_telegraf_agent_quiet: false
+ kubernetes_telegraf_agent_omit_hostname: false
docker:
host:
@@ -79,6 +146,9 @@
source: ${_param:kubernetes_cniplugins_source}
hash: ${_param:kubernetes_cniplugins_source_hash}
addons:
+ dashboard:
+ enabled: ${_param:kubernetes_dashboard_enabled}
+ image: ${_param:kubernetes_dashboard_image}
dns:
enabled: ${_param:kubernetes_kubedns_enabled}
kubedns_image: ${_param:kubernetes_kubedns_image}
@@ -97,8 +167,86 @@
enabled: ${_param:kubernetes_contrail_network_controller_enabled}
image: ${_param:kubernetes_contrail_network_controller_image}
flannel:
- enabled: ${_param:kubernetes_flannel_enabled}
image: ${_param:kubernetes_flannel_image}
+ fluentd:
+ enabled: ${_param:kubernetes_fluentd_enabled}
+ namespace: ${_param:kubernetes_fluentd_namespace}
+ aggregator:
+ image: ${_param:kubernetes_fluentd_aggregator_image}
+ resources:
+ limits:
+ memory: ${_param:kubernetes_fluentd_aggregator_resources_limits_memory}
+ requests:
+ memory: ${_param:kubernetes_fluentd_aggregator_resources_requests_memory}
+ config:
+ forward_input:
+ bind:
+ port: ${_param:kubernetes_fluentd_aggregator_config_forward_input_bind_port}
+ general:
+ time_format: ${_param:kubernetes_fluentd_aggregator_config_general_time_format}
+ systemd_filter:
+ docker_parse_format: ${_param:kubernetes_fluentd_aggregator_config_systemd_filter_docker_parse_format}
+ output:
+ log_level: ${_param:kubernetes_fluentd_aggregator_config_output_log_level}
+ logstash_format: ${_param:kubernetes_fluentd_aggregator_config_output_logstash_format}
+ logstash_prefix: ${_param:kubernetes_fluentd_aggregator_config_output_logstash_prefix}
+ logstash_dateformat: ${_param:kubernetes_fluentd_aggregator_config_output_logstash_dateformat}
+ request_timeout: ${_param:kubernetes_fluentd_aggregator_config_output_request_timeout}
+ buffer_chunk_limit: ${_param:kubernetes_fluentd_aggregator_config_output_buffer_chunk_limit}
+ buffer_queue_limit: ${_param:kubernetes_fluentd_aggregator_config_output_buffer_queue_limit}
+ flush_interval: ${_param:kubernetes_fluentd_aggregator_config_output_flush_interval}
+ num_threads: ${_param:kubernetes_fluentd_aggregator_config_output_num_threads}
+ max_retry_wait: ${_param:kubernetes_fluentd_aggregator_config_output_max_retry_wait}
+ es:
+ host: ${_param:kubernetes_fluentd_aggregator_config_output_es_host}
+ port: ${_param:kubernetes_fluentd_aggregator_config_output_es_port}
+ scheme: ${_param:kubernetes_fluentd_aggregator_config_output_es_scheme}
+ logger:
+ image: ${_param:kubernetes_fluentd_logger_image}
+ resources:
+ limits:
+ memory: ${_param:kubernetes_fluentd_logger_resources_limits_memory}
+ requests:
+ memory: ${_param:kubernetes_fluentd_logger_resources_requests_memory}
+ config:
+ kubernetes_input:
+ time_format: ${_param:kubernetes_fluentd_logger_config_kubernetes_input_time_format}
+ forward_output:
+ require_ack_response: ${_param:kubernetes_fluentd_logger_config_forward_output_require_ack_response}
+ ack_response_timeout: ${_param:kubernetes_fluentd_logger_config_forward_output_ack_response_timeout}
+ recover_wait: ${_param:kubernetes_fluentd_logger_config_forward_output_recover_wait}
+ heartbeat_interval: ${_param:kubernetes_fluentd_logger_config_forward_output_heartbeat_interval}
+ phi_threshold: ${_param:kubernetes_fluentd_logger_config_forward_output_phi_threshold}
+ send_timeout: ${_param:kubernetes_fluentd_logger_config_forward_output_send_timeout}
+ hard_timeout: ${_param:kubernetes_fluentd_logger_config_forward_output_hard_timeout}
+ expire_dns_cache: ${_param:kubernetes_fluentd_logger_config_forward_output_expire_dns_cache}
+ heartbeat_type: ${_param:kubernetes_fluentd_logger_config_forward_output_heartbeat_type}
+ buffer_chunk_limit: ${_param:kubernetes_fluentd_logger_config_forward_output_buffer_chunk_limit}
+ buffer_queue_limit: ${_param:kubernetes_fluentd_logger_config_forward_output_buffer_queue_limit}
+ flush_interval: ${_param:kubernetes_fluentd_logger_config_forward_output_flush_interval}
+ max_retry_wait: ${_param:kubernetes_fluentd_logger_config_forward_output_max_retry_wait}
+ num_threads: ${_param:kubernetes_fluentd_logger_config_forward_output_num_threads}
+ telegraf:
+ enabled: ${_param:kubernetes_telegraf_enabled}
+ image: ${_param:kubernetes_telegraf_image}
+ resources:
+ limits:
+ memory: ${_param:kubernetes_telegraf_resources_limits_memory}
+ requests:
+ memory: ${_param:kubernetes_telegraf_resources_requests_memory}
+ agent:
+ interval: ${_param:kubernetes_telegraf_agent_interval}
+ round_interval: ${_param:kubernetes_telegraf_agent_round_interval}
+ metric_batch_size: ${_param:kubernetes_telegraf_agent_metric_batch_size}
+ metric_buffer_limit: ${_param:kubernetes_telegraf_agent_metric_buffer_limit}
+ collection_jitter: ${_param:kubernetes_telegraf_agent_collection_jitter}
+ flush_interval: ${_param:kubernetes_telegraf_agent_flush_interval}
+ flush_jitter: ${_param:kubernetes_telegraf_agent_flush_jitter}
+ precision: ${_param:kubernetes_telegraf_agent_precision}
+ logfile: ${_param:kubernetes_telegraf_agent_logfile}
+ debug: ${_param:kubernetes_telegraf_agent_debug}
+ quiet: ${_param:kubernetes_telegraf_agent_quiet}
+ omit_hostname: ${_param:kubernetes_telegraf_agent_omit_hostname}
virtlet:
enabled: ${_param:kubernetes_virtlet_enabled}
namespace: kube-system
@@ -122,6 +270,7 @@
image: ${_param:kubernetes_calico_image}
calicoctl_image: ${_param:kubernetes_calico_calicoctl_image}
cni_image: ${_param:kubernetes_calico_cni_image}
+ kube_controllers_image: ${_param:kubernetes_calico_kube_controllers_image}
opencontrail:
enabled: ${_param:kubernetes_opencontrail_enabled}
cni_image: ${_param:kubernetes_contrail_cni_image}
@@ -129,3 +278,5 @@
enabled: ${_param:kubernetes_sriov_enabled}
source: ${_param:kubernetes_sriov_source}
source_hash: ${_param:kubernetes_sriov_source_hash}
+ flannel:
+ enabled: ${_param:kubernetes_flannel_enabled}
diff --git a/kubernetes/control/opencontrail.yaml b/kubernetes/control/opencontrail.yaml
new file mode 100644
index 0000000..ba22753
--- /dev/null
+++ b/kubernetes/control/opencontrail.yaml
@@ -0,0 +1,41 @@
+parameters:
+ _param:
+ opencontrail_identity_user: admin
+ opencontrail_identity_password: contrail123
+ opencontrail_identity_tenant: admin
+ kubernetes:
+ pool:
+ network:
+ engine: none
+ opencontrail:
+ enabled: false
+ master:
+ network:
+ engine: none
+ opencontrail:
+ version: {{ cookiecutter.opencontrail_version }}
+ public_ip_range: {{ cookiecutter.opencontrail_public_ip_range }}
+ public_network: {{ cookiecutter.get('opencontrail_public_ip_network', 'default-domain:default-project:Public') }}
+ private_ip_range: {{ cookiecutter.opencontrail_private_ip_range }}
+ config:
+ api:
+ host: ${_param:opencontrail_control_address}
+ identity:
+ auth_user: ${_param:opencontrail_identity_user}
+ auth_password: ${_param:opencontrail_identity_password}
+ auth_tenant: ${_param:kubernetes_opencontrail_identity_tenant}
+ message_queue:
+ host: ${_param:single_address}
+ database:
+ members:
+ - host: ${_param:kubernetes_control_node01_address}
+ port: 9161
+ - host: ${_param:kubernetes_control_node02_address}
+ port: 9161
+ - host: ${_param:kubernetes_control_node03_address}
+ port: 9161
+ collector:
+ members:
+ - host: ${_param:kubernetes_control_node01_address}
+ - host: ${_param:kubernetes_control_node02_address}
+ - host: ${_param:kubernetes_control_node03_address}
diff --git a/kubernetes/control/roles/genie-pod-patch.yml b/kubernetes/control/roles/genie-pod-patch.yml
new file mode 100644
index 0000000..2cfa17e
--- /dev/null
+++ b/kubernetes/control/roles/genie-pod-patch.yml
@@ -0,0 +1,2 @@
+classes:
+ - service.kubernetes.control.roles.genie-pod-patch
\ No newline at end of file
diff --git a/kubernetes/master/cluster.yml b/kubernetes/master/cluster.yml
index 7cddd21..a283873 100644
--- a/kubernetes/master/cluster.yml
+++ b/kubernetes/master/cluster.yml
@@ -7,6 +7,9 @@
parameters:
kubernetes:
master:
+ network:
calico:
prometheus:
enabled: true
+ policy:
+ enabled: false
diff --git a/kubernetes/master/common.yml b/kubernetes/master/common.yml
index 0923286..1c92e00 100644
--- a/kubernetes/master/common.yml
+++ b/kubernetes/master/common.yml
@@ -17,10 +17,13 @@
image: ${_param:kubernetes_calico_image}
calicoctl_image: ${_param:kubernetes_calico_calicoctl_image}
cni_image: ${_param:kubernetes_calico_cni_image}
+ kube_controllers_image: ${_param:kubernetes_calico_kube_controllers_image}
opencontrail:
enabled: ${_param:kubernetes_opencontrail_enabled}
cni_image: ${_param:kubernetes_contrail_cni_image}
sriov:
enabled: ${_param:kubernetes_sriov_enabled}
source: ${_param:kubernetes_sriov_source}
- source_hash: ${_param:kubernetes_sriov_source_hash}
\ No newline at end of file
+ source_hash: ${_param:kubernetes_sriov_source_hash}
+ flannel:
+ enabled: ${_param:kubernetes_flannel_enabled}
diff --git a/kubernetes/pool/cluster.yml b/kubernetes/pool/cluster.yml
index 61ebc3c..a375748 100644
--- a/kubernetes/pool/cluster.yml
+++ b/kubernetes/pool/cluster.yml
@@ -10,6 +10,8 @@
calico:
prometheus:
enabled: true
+ policy:
+ enabled: false
docker:
host:
options:
diff --git a/linux/system/banner.yml b/linux/system/banner.yml
index 173a044..55b417f 100644
--- a/linux/system/banner.yml
+++ b/linux/system/banner.yml
@@ -8,9 +8,9 @@
contents: |
=================================== WARNING ====================================
You have accessed a computer managed by ${_param:banner_company_name}.
- You are required to have authorisation from ${_param:banner_company_name}
+ You are required to have authorization from ${_param:banner_company_name}
before you proceed and you are strictly limited to use set out within that
- authorisation. Unauthorised access to or misuse of this system is prohibited
+ authorization. Unauthorized access to or misuse of this system is prohibited
and constitutes an offence under the Computer Misuse Act 1990.
If you disclose any information obtained through this system without authority
${_param:banner_company_name} may take legal action against you.
diff --git a/linux/system/ca_certificates/vmware.yml b/linux/system/ca_certificates/vmware.yml
new file mode 100644
index 0000000..0fac87f
--- /dev/null
+++ b/linux/system/ca_certificates/vmware.yml
@@ -0,0 +1,5 @@
+parameters:
+ linux:
+ system:
+ ca_certificates:
+ vcenter: ${_param:openstack_vcenter_cacert}
diff --git a/linux/system/motd/static.yml b/linux/system/motd/static.yml
index c0e23c0..831a84e 100644
--- a/linux/system/motd/static.yml
+++ b/linux/system/motd/static.yml
@@ -6,9 +6,9 @@
motd: |
=================================== WARNING ====================================
You have accessed a computer managed by ${_param:motd_company_name}.
- You are required to have authorisation from ${_param:motd_company_name}
+ You are required to have authorization from ${_param:motd_company_name}
before you proceed and you are strictly limited to use set out within that
- authorisation. Unauthorised access to or misuse of this system is prohibited
+ authorization. Unauthorized access to or misuse of this system is prohibited
and constitutes an offence under the Computer Misuse Act 1990.
If you disclose any information obtained through this system without
authority ${_param:motd_company_name} may take legal action against you.
diff --git a/linux/system/repo/keystorage/influxdb.yml b/linux/system/repo/keystorage/influxdb.yml
new file mode 100644
index 0000000..2d154cc
--- /dev/null
+++ b/linux/system/repo/keystorage/influxdb.yml
@@ -0,0 +1,59 @@
+parameters:
+ linux:
+ system:
+ repo:
+ mcp_influxdb:
+ # pub 4096R/2582E0C5 2015-09-28
+ key: |
+ -----BEGIN PGP PUBLIC KEY BLOCK-----
+ Version: GnuPG v1
+
+ mQINBFYJmwQBEADCw7mob8Vzk+DmkYyiv0dTU/xgoSlp4SQwrTzat8MB8jxmx60l
+ QjmhqEyuB8ho4zzZF9KV+gJWrG6Rj4t69JMTJWM7jFz+0B1PC7kJfNM+VcBmkTnj
+ fP+KJjqz50ETnsF0kQTG++UJeRYjG1dDK0JQNQJAM6NQpIWJI339lcDf15vzrMnb
+ OgIlNxV6j1ZZqkle4fvScF1NQxYScRiL+sRgVx92SI4SyD/xZnVGD/szB+4OCzah
+ +0Q/MnNGV6TtN0RiCDZjIUYiHoeT9iQXEONKf7T62T4zUafO734HyqGvht93MLVU
+ GQAeuyx0ikGsULfOsJfBmb3XJS9u+16v7oPFt5WIbeyyNuhUu0ocK/PKt5sPYR4u
+ ouPq6Ls3RY3BGCH9DpokcYsdalo51NMrMdnYwdkeq9MEpsEKrKIN5ke7fk4weamJ
+ BiLI/bTcfM7Fy5r4ghdI9Ksw/ULXLm4GNabkIOSfT7UjTzcBDOvWfKRBLX4qvsx4
+ YzA5kR+nX85u6I7W10aSqBiaLqk6vCj0QmBmCjlSeYqNQqSzH/6OoL6FZ7lP6AiG
+ F2NyGveJKjugoXlreLEhOYp20F81PNwlRBCAlMC2Q9mpcFu0dtAriVoG4gVDdYn5
+ t+BiGfD2rJlCinYLgYBDpTPcdRT3VKHWqL9fcC4HKmic0mwWg9homx550wARAQAB
+ tDFJbmZsdXhEQiBQYWNrYWdpbmcgU2VydmljZSA8c3VwcG9ydEBpbmZsdXhkYi5j
+ b20+iQI3BBMBCgAhBQJWCZsEAhsDBQsJCAcDBRUKCQgLBRYDAgEAAh4BAheAAAoJ
+ EGhKFM8lguDF9XEQAK9rREnZt6ujh7GXfeNki35bkn39q8GYh0mouShFbFY9o0i3
+ UJVChsxokJSRPgFh9GOhOPTupl3rzfdpD+IlWI2Myt6han2HOjZKNZ4RGNrYJ5UR
+ uxt4dKMWlMbpkzL56bhHlx97RoXKv2d2zRQfw9nyZb6t3lw2k2kKXsMxjGa0agM+
+ 2SropwYOXdtkz8UWaGd3LYxwEvW3AuhI8EEEHdLetQaYe9sANDvUEofgFbdsuICH
+ 9QLmbYavk7wyGTPBKfPBbeyTxwW2rMUnFCNccMKLm1i5NpZYineBtQbX2cfx9Xsk
+ 1JLOzEBmNal53H2ob0kjev6ufzOD3s8hLu4KMCivbIz4YT3fZyeExn0/0lUtsQ56
+ 5fCxE983+ygDzKsCnfdXqm3GgjaI90OkNr1y4gWbcd5hicVDv5fD3TD9f0GbpDVw
+ yDz8YmvNzxMILt5Glisr6aH7gLG/u8jxy0D8YcBiyv5kfY4vMI2yXHpGg1cn/sVu
+ ZB01sU09VVIM2BznnimyAayI430wquxkZCyMx//BqFM1qetIgk1wDZTlFd0n6qtA
+ fDmXAC4s5pM5rfM5V57WmPaIqnRIaESJ35tFUFlCHfkfl/N/ribGVDg1z2KDW08r
+ 96oEiIIiV4GfXl+NprJqpNS3Cn+aCXtd7/TsDScDEgs4sMaR29Lsf26cuWk8uQIN
+ BFYJmwQBEADDPi3fmwn6iwkiDcH2E2V31cHlBw9OdJfxKVUdyAQEhTtqmG9P8XFZ
+ ERRQF155XLQPLvRlUlq7vEYSROn5J6BAnsjdjsH9LmFMOEV8CIRCRIDePG/Mez2d
+ nIK5yiU6GkS3IFaQg2T9/tOBKxm0ZJPfqTXbT4jFSfvYJ3oUqc+AyYxtb8gj1GRk
+ X283/86/bA3C98u7re1vPtiDRyM8r0+lhEc59Yx/EAOL+X2gZyTgyUoH+LLuOWQK
+ s1egI8y80R8NZfM1nMiQk2ywMsTFwQjSVimScvzqv5Nt8k8CvHUQ3a6R+6doXGNX
+ 5RnUqn9Qvmh0JY5sNgFsoaGbuk2PJrVaGBRnfnjaDqAlZpDhwkWhcCcguNhRbRHp
+ N7/a0pQr70bAG9VikzLyGC17EU0sxney/hyNHkr4Uyy2OXHpuJvRjVKy/BwZ3fxA
+ AYX2oZIOxQB3/OulzO/DppaCVhRtp1bt+Z5f+fpisiVb5DvZcMdeyAoQ4+oOr7v3
+ EasIs2XYcQ+kOE3Y2kdlHWBeuXzxgWgJZ1OOpwGMjR3Uy6IwhuSWtreJBA4er+Df
+ vgSPwKBsRLNLbPe3ftjArnC5GfMiGgikVdAUdN4OkEqvUbkRoAVGKTOMLUKm+ZkG
+ OskJOVYS+JAina0qkYEFF7haycMjf9olhqLmTIC+6X7Ox9R2plaOhQARAQABiQIf
+ BBgBCgAJBQJWCZsEAhsMAAoJEGhKFM8lguDF8ZIP/1q9Sdz8oMvf9AJXZ7AYxm77
+ V+kJzJqi62nZLWJnrFXDZJpU+LkYlb3fstsZ1rvBhnrEPSmFxoj72CP0RtcyX7wJ
+ dA7K1Fl9LpJi5H8300cC7UyG94MUYbrXijbLTbnFTfNr1tGx4a1T/7Yyxx/wZGrT
+ H/X8cvNybkl33SxDdlQQ9kx3lFOwC41e3TkGsUWxn3TCfvDh8VdA6Py6JeSPFGOb
+ MEO2/q7oUgvjfV+ivN5ayZi9bWgeqm1sgtmTHHQ4RqwwKrAb5ynXpn1b9QrkevgT
+ b91uzMA22Prl4DuzKiaMYDcZOQ3vtf0eFBP0GOSSgUKS4bQ3dGgi1JmQ7VuAM4uj
+ +Ug5TnGoLwclTwLksc7v89C5MMPgm2vVXvCUDzyzQA7bIHFeX+Rziby4nymec4Nr
+ eeXYNBJWrEp8XR7UNWmEgroXRoN1x9/6esh5pnoUXGAIWuKzSLQM70/wWxS67+v2
+ aC1GNb+pXXAzYeIIiyLWaZwCSr8sWMvshFT9REk2+lnb6sAeJswQtfTUWI00mVqZ
+ dvI3Wys2h0IyIejuwetTUvGhr9VgpqiLLfGzGlt/y2sg27wdHzSJbMh0VrVAK26/
+ BlvEwWDCFT0ZJUMG9Lvre25DD0ycbougLsRYjzmGb/3k3UktS3XTCxyBa/k3TPw3
+ vqIHrEqk446nGPDqJPS5
+ =9iF7
+ -----END PGP PUBLIC KEY BLOCK-----
diff --git a/linux/system/repo/keystorage/percona.yml b/linux/system/repo/keystorage/percona.yml
new file mode 100644
index 0000000..809f3cb
--- /dev/null
+++ b/linux/system/repo/keystorage/percona.yml
@@ -0,0 +1,86 @@
+parameters:
+ linux:
+ system:
+ repo:
+ mcp_percona:
+ # Percona Development Team (Packaging key) <info@percona.com>
+ # pub 4096R/8507EFA5 2016-06-30
+ key: |
+ -----BEGIN PGP PUBLIC KEY BLOCK-----
+ Version: GnuPG v1
+
+ mQINBFd0veABEADyFa8jPHXhhX1XS9W7Og4p+jLxB0aowElk4Kt6lb/mYjwKmQ77
+ 9ZKUAvb1xRYFU1/NEaykEl/jxE7RA/fqlqheZzBblB3WLIPM0sMfh/D4fyFCaKKF
+ k2CSwXtYfhk9DOsBP2K+ZEg0PoLqMbLIBUxPl61ZIy2tnF3G+gCfGu6pMHK7WTtI
+ nnruMKk51s9Itc9vUeUvRGDcFIiEEq0xJhEX/7J/WAReD5Am/kD4CvkkunSqbhhu
+ B6DV9tAeEFtDppEHdFDzfHfTOwlHLgTvgVETDgLgTRXzztgBVKl7Gdvc3ulbtowB
+ uBtbuRr49+QIlcBdFZmM6gA4V5P9/qrkUaarvuIkXWQYs9/8oCd3SRluhdxXs3xX
+ 1/gQQXYHUhcdAWrqS56txncXf0cnO2v5kO5rlOX1ovpNQsc69R52LJKOLA1Kmjca
+ JNtC+4e+SF2upK14gtXK384z7owXYUA4NRZOEu+UAw7wAoiIWPUfzMEHYi8I3Rsz
+ EtpVyOQC5YyYgwzIdt4YxlVJ0CUoinvtIygies8LkA5GQvaGJHYG1aQ3i9WDddCX
+ wtoV1uA4EZlEWjTXlSRc92jhSKut/EWbmYHEUhmvcfFErrxUPqirpVZHSaXY5Rdh
+ KVFyx9JcRuIQ0SJxeHQPlaEkyhKpTDN5Cw7USLwoXfIu2w0w0W06LdXZ7wARAQAB
+ tDtQZXJjb25hIERldmVsb3BtZW50IFRlYW0gKFBhY2thZ2luZyBrZXkpIDxpbmZv
+ QHBlcmNvbmEuY29tPokCNwQTAQgAIQUCWwLC+wIbAwULCQgHAgYVCAkKCwIEFgID
+ AQIeAQIXgAAKCRCTNKJfhQfvpYf+D/oD7dFS0eXR4OH2g8CACNeTWB2EJ57W0gyL
+ wko42IjBSOSogB4BMm/3vlk8PefikTU5+Z/fYK3OIJV7kMIEXNfnNzr3QWvafHRR
+ qGUoTmvP29O5Y4s7oGllIUOlr9gwtSGfHnjtF+WZBhko2uH6KvXBJay28ye4S8sS
+ zDQdk8RULFN4hfIT4duOjo7Clf4iZtoUX7bVN32NRYH8Ss4IvbdDOAjlzjQa+NgO
+ SEsDvP3DwRoZQcAIMXngOMlPa/SA87pAcOup/8AvX3i7F7ZfWkKys3jpoSRyt0Ol
+ InpOrlJqJY4ugSxNkCgz+21kb1EVtIjSY8LAMPzZ5OAiiG0MyOTUyKFhzAkE1Mn3
+ Cs9TzNjybPlvPGt6CsckjgReL2XQBqITRsmLOwzWguuqduBlPISVoeGUPpEBj7Hv
+ Ca7p9QbEaXtN5JmlAFLwPTuM4S5IxG5bEXMFECKL45J8F9G/EGs/qO/HSebQsJ/+
+ i5Ct6gElUwIOaaCUPpWG0qwR2aP4QAndvLsaGN7v6BmtLYw8+n5vjIueFXh/gRyI
+ 8eOIxrCUYhukkdM+YQ0h6Xd+X8FvHdYRGHmW86Ro2HkBqqKyXbab04+769jpzCdM
+ b0oKzXapU94mKuWZ+fOncshTpUN17neFzb1YIc2kcwb3rQxDJNd7IR3mq+d3yapk
+ vTYlP7uFk7RGUGVyY29uYSBNeVNRTCBEZXZlbG9wbWVudCBUZWFtIChQYWNrYWdp
+ bmcga2V5KSA8bXlzcWwtZGV2QHBlcmNvbmEuY29tPokCOQQwAQgAIwUCWwLD2Rwd
+ IFVzZXIgSUQgaXMgbm8gbG9uZ2VyIHZhbGlkAAoJEJM0ol+FB++lW4UQALX2/ofm
+ ALXhdC0nlh4X1MJLPpmLjyZKTyK3YNOUJukzGW0LVGIq4SAvPxw4oc4zQ1PCQuUG
+ oj062Fd4sWF1oGFQBOVUAebnyCOcAE1ybcpw9FhdB6ZGa0hTx1RD9jg+OT8e1u62
+ XbQyRuLBbbncyIt/lhTcqnCVv14auolAVLuFqiFx5uk2n1x5Y5bs6ABt9Ka0MhYZ
+ m6Qyhm0kGNYn+AiHEwNgdAboe155zp2augVVDmGS+s+tVD60nnWzZLsZGCCZh2gJ
+ jyxxXNaIeY7OyaMRQFa3gBVGd7UeJZ1d3MR4nR7wlKMUXSC8a0l+bkgi/sgyAJNg
+ X3bCiEDRIGxGv/Dgg1/ahKVEch/W0Y+0DyifPzAFtnCBH0c2GJUrU8/c2i1iKhYf
+ /r/711136Oqd5LDROQGzo4dnzdTs3qEeWdIVkgSwaLUFrw6Kq0tAnZSqHK2WQw3C
+ 1oPdlBMimysOhJnwsmYbtlgRF2/rU7QiuJvMHXqBPfOSHKRcy5hoa5S2+PCe/IXB
+ Qmod1MlmfsUH6TjwC5SWGFaIm76+ROsiQKie28fAqRLKqeNvuaMqxTsVpYofQZXE
+ JcSyhwhTcaQxsrYYM+4z8sbdxiIqR7PW6BthsAKCrOr6U53Pm00+yI16Tt7FNcVc
+ wHl+lRTe/EhDQ93LvbFvB4/Svx/GLdlvdsHaiQI3BBMBCgAhBQJXdL3gAhsDBQsJ
+ CAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEJM0ol+FB++l4koQAKkrRP+K/p/TGlnq
+ lbNyS5gdSIB1hxT3iFwIdF9EPZq0U+msh8OY7omV/82rJp4T5cIJFvivtWQpEwpU
+ jJtqBzVrQlF+12D1RFPSoXkmk6t4opAmCsAmAtRHaXIzU9WGJETaHl57Trv5IPMv
+ 15X3TmLnk1mDMSImJoxWJMyUHzA37BlPjvqQZv5meuweLCbL4qJS015s7Uz+1f/F
+ siDLsrlE0iYCAScfBeRSKF4MSnk5huIGgncaltKJPnNYppXUb2wt+4X2dpY3/V0B
+ oiG8YBxV6N7sA7lC/OoYF6+H3DMlSxGBQEb1i9b6ypwZIbG6CnM2abLqO67D3XGx
+ 559/FtAgxrDBX1f63MQKlu+tQ9mOrCvSbt+bMGT6frFopgH6XiSOhOiMmjUazVRB
+ sXRK/HM5qIk5MK0tGPSgpc5tr9NbMDmp58OQZYQscslKhx0EDDYHQyHfYFS2qodu
+ RwQG4BgpZm2xjGM/auCvdZ+pxjqy7dnEXvMVf0i1BylkyW4p+oK5nEwY3KHljsRx
+ uJ0+gjfyj64ihNMSqDX5k38T2GPSXm5XAN+/iazlIuiqPQKLZWUjTOwr2/AA6Azt
+ U/fmsXV2swz8WekqT2fphvWKUOISr3tEGG+HF1iIY43BoAMHYYOcdSI1ZODZq3Wi
+ c+zlN1WzPshDB+d3acxeV5JhstvPuQINBFd0veABEACfuHVbey5qG5P6rRhAX2pd
+ d/f7iwHdcW1+evxCfCR5fHzsO1LRwlHM9GRqlztKzgxzAIfgUXqdMXUs6vW8agfk
+ u553h8gBqrhdq9NH65/YenzV/Sv9c/EGzsBQurau1RC4gfJ4jgAedu4FQKZvVr//
+ 0NTWuJm3el3orYYz4rLq79avSgD7Q/uK8/j71zgCJixsFzjC8ehRlOtMdetPTY36
+ zc2LjQSMTSpE7SvEbrk6yDKpQvZabl3dmkEkBvoFpat7x+i3ZtBCzRFTx2rH/9DW
+ KCO+SuGVBXs8vhLtAvKKjbWGGU9LrmESZcahI6fliH5w28NvpOuJlr8Rn/6jQmJD
+ DPKO50XKM8hpT6DBqIE99YqYLUzXAKf4Y88FyHvlO6kiVbXaOYz1OTqCWVqjaMYF
+ biPW6NgDX0hyE9uG0lfNA9P5edqyPSEaTN+kpD9OVqG6R0uPBCFY8u25NrNRhMqI
+ FQdvI54eEtN0ktFP0FrlFFkg6S+l+3Qsr9sMDKCUVTJ/BkKwqkdhTv5XY4KiIEJQ
+ jvMKr0vH5lYiPDGX/3KsJL+rxJjA++4Wh40WBLYDSDWSAfCPSokg1lRjOaMDhnH5
+ YnUeEk6Mhy61DQRsH+xEpeL/F1L06u0Wh+0iXqKXJA4jvU4XwGSkzg3yaablkYnu
+ n5myhIQYswIdCyEH4Wl3SQARAQABiQIfBBgBCgAJBQJXdL3gAhsMAAoJEJM0ol+F
+ B++lxqkQAIC7jz1CWt+tbKgutLRFcxexNQZoTAAPTk3OjqqeCLWO1cmHtmjNSXTc
+ 5rpX78vPEYQjzQpAARZxAppAdeJHBzm9Qrfiyo7TW8P0Gf9c9p1mPUtl2g0BNvRU
+ 7zYzgCF1aIwKtS+XO2UdTT56Gy5vaxd1BiTg8J9ytkIGSkuSXSOASeGC5RmN3SaD
+ 6yomVa483k9kVhhSOUzKwYK9f2WgGhI1xxpVF5LbbRhCoEz4ia/TqJoWdH/agul3
+ 4AGWOgPRhMu+FEpb/nons73XTwQtcXiZAe9z4ZltVsSciolgRzPwkXxMmWVMme9Y
+ ymVCPTrzxPi6nc6npSZzE275m02u86V2htwD2MbSuGmcTdmAPPfXgQ5XM57ELElD
+ bNA1eN1jZAhzYBLv63X+nNOy6ysuac5Q7ozyBOIpNksLleA0+FzsnYmPlGqzYtnD
+ 6nFglDn898jk/LWkwitL472fh8RRbDYffsXealiy6W2TYKrQl52ajLV7D5PUUS9x
+ SlAPcdPSuXAzh7GhOKDommWwLfPo0uYN3Xja+AkW135ctz4evCpvZjkBTfog07FG
+ lumduUK5fHvJYiSyV1P5SKr4722C8jWCo2YcS+IsZgVFFuY1bG6HtiImpP75IM0G
+ 3g1uyd2OhF9nGDSxjp4kKWnUoGdV0P1bUXaAbvXRzlIcx7dOD7tZ
+ =cTh+
+ -----END PGP PUBLIC KEY BLOCK-----
+
diff --git a/linux/system/repo/mcp/apt_mirantis/influxdb.yml b/linux/system/repo/mcp/apt_mirantis/influxdb.yml
index e6ebcb3..f5f4c90 100644
--- a/linux/system/repo/mcp/apt_mirantis/influxdb.yml
+++ b/linux/system/repo/mcp/apt_mirantis/influxdb.yml
@@ -1,13 +1,18 @@
+classes:
+- system.linux.system.repo.keystorage.influxdb
parameters:
_param:
apt_mk_version: stable
- linux_system_repo_mcp_influxdb_version: ${_param:apt_mk_version}
+ linux_system_repo_url: http://mirror.mirantis.com/${_param:apt_mk_version}/
+ linux_system_repo_mcp_influxdb_url: ${_param:linux_system_repo_url}/influxdb/
linux:
system:
repo:
mcp_influxdb:
- source: "deb [arch=amd64] http://mirror.mirantis.com/${_param:linux_system_repo_mcp_influxdb_version}/influxdb/${_param:linux_system_codename}/ ${_param:linux_system_codename} stable"
+ source: "deb [arch=amd64] ${_param:linux_system_repo_mcp_influxdb_url}/${_param:linux_system_codename}/ ${_param:linux_system_codename} stable"
architectures: amd64
- key_id: 684A14CF2582E0C5
- key_server: keyserver.ubuntu.com
clean_file: true
+ pin:
+ - pin: 'release l=InfluxDB'
+ priority: 1100
+ package: '*'
diff --git a/linux/system/repo/mcp/apt_mirantis/percona.yml b/linux/system/repo/mcp/apt_mirantis/percona.yml
new file mode 100644
index 0000000..0cdd192
--- /dev/null
+++ b/linux/system/repo/mcp/apt_mirantis/percona.yml
@@ -0,0 +1,18 @@
+classes:
+- system.linux.system.repo.keystorage.percona
+parameters:
+ _param:
+ apt_mk_version: stable
+ linux_system_repo_url: http://mirror.mirantis.com/${_param:apt_mk_version}/
+ linux_system_repo_mcp_percona_url: ${_param:linux_system_repo_url}/percona/
+ linux:
+ system:
+ repo:
+ mcp_percona:
+ source: "deb ${_param:linux_system_repo_mcp_percona_url}/${_param:linux_system_codename}/ ${_param:linux_system_codename} main"
+ architectures: amd64
+ clean_file: true
+ pin:
+ - pin: "release l=percona"
+ priority: 1100
+ package: '*'
diff --git a/linux/system/repo/mcp/extra.yml b/linux/system/repo/mcp/extra.yml
index 9839a23..7711fa0 100644
--- a/linux/system/repo/mcp/extra.yml
+++ b/linux/system/repo/mcp/extra.yml
@@ -12,5 +12,5 @@
clean_file: true
pin:
- pin: 'release a=${_param:linux_system_repo_mcp_extra_version}'
- priority: 1100
+ priority: 1200
package: '*'
diff --git a/linux/system/repo_local/mcp/apt_mirantis/influxdb.yml b/linux/system/repo_local/mcp/apt_mirantis/influxdb.yml
index 6bd6509..06c646c 100644
--- a/linux/system/repo_local/mcp/apt_mirantis/influxdb.yml
+++ b/linux/system/repo_local/mcp/apt_mirantis/influxdb.yml
@@ -1,3 +1,5 @@
+# DEPRECATED since 2018.7+ release.
+# Please use system/repo/mcp/apt_mirantis
parameters:
_param:
apt_mk_version: stable
diff --git a/linux/system/single/init.yml b/linux/system/single/init.yml
index 970184c..edefd93 100644
--- a/linux/system/single/init.yml
+++ b/linux/system/single/init.yml
@@ -1,65 +1,5 @@
classes:
-- service.linux.system
+- system.linux.system.single.mcp
- service.salt.minion.master
-- system.linux.system.banner
- system.openssh.server.single
- system.ntp.client.single
-parameters:
- _param:
- local_package_repos: false
- linux:
- system:
- local_package_repos: ${_param:local_package_repos}
- user:
- root:
- enabled: true
- name: root
- home: /root
- kernel:
- modules:
- - nf_conntrack
- sysctl:
- net.ipv4.tcp_keepalive_intvl: 3
- net.ipv4.tcp_keepalive_time: 30
- net.ipv4.tcp_keepalive_probes: 8
- fs.file-max: 124165
- net.core.somaxconn: 4096
- vm.swappiness: 10
- net.nf_conntrack_max: 1048576
- net.ipv4.tcp_retries2: 5
- net.ipv4.tcp_max_syn_backlog: 8192
- net.ipv4.neigh.default.gc_thresh1: 4096
- net.ipv4.neigh.default.gc_thresh2: 8192
- net.ipv4.neigh.default.gc_thresh3: 16384
- net.core.netdev_max_backlog: 261144
- net.ipv4.tcp_tw_reuse: 1
- kernel.panic: 60
- cpu:
- governor: performance
- timezone: UTC
- locale:
- en_US.UTF-8:
- enabled: true
- default: true
- limit:
- default:
- enabled: true
- domain: "*"
- limits:
- - type: hard
- item: nofile
- value: 307200
- - type: soft
- item: nofile
- value: 307200
- - type: soft
- item: nproc
- value: 307200
- - type: hard
- item: nproc
- value: 307200
- systemd:
- system:
- Manager:
- DefaultLimitNOFILE: 307200
- DefaultLimitNPROC: 307200
diff --git a/linux/system/single/mcp.yml b/linux/system/single/mcp.yml
new file mode 100644
index 0000000..850a7ac
--- /dev/null
+++ b/linux/system/single/mcp.yml
@@ -0,0 +1,48 @@
+classes:
+- system.linux.system.single.simple
+parameters:
+ linux:
+ system:
+ kernel:
+ modules:
+ - nf_conntrack
+ sysctl:
+ net.ipv4.tcp_keepalive_intvl: 3
+ net.ipv4.tcp_keepalive_time: 30
+ net.ipv4.tcp_keepalive_probes: 8
+ fs.file-max: 124165
+ net.core.somaxconn: 4096
+ vm.swappiness: 10
+ net.nf_conntrack_max: 1048576
+ net.ipv4.tcp_retries2: 5
+ net.ipv4.tcp_max_syn_backlog: 8192
+ net.ipv4.neigh.default.gc_thresh1: 4096
+ net.ipv4.neigh.default.gc_thresh2: 8192
+ net.ipv4.neigh.default.gc_thresh3: 16384
+ net.core.netdev_max_backlog: 261144
+ net.ipv4.tcp_tw_reuse: 1
+ kernel.panic: 60
+ cpu:
+ governor: performance
+ limit:
+ default:
+ enabled: true
+ domain: "*"
+ limits:
+ - type: hard
+ item: nofile
+ value: 307200
+ - type: soft
+ item: nofile
+ value: 307200
+ - type: soft
+ item: nproc
+ value: 307200
+ - type: hard
+ item: nproc
+ value: 307200
+ systemd:
+ system:
+ Manager:
+ DefaultLimitNOFILE: 307200
+ DefaultLimitNPROC: 307200
diff --git a/linux/system/single/simple.yml b/linux/system/single/simple.yml
new file mode 100644
index 0000000..2b4e919
--- /dev/null
+++ b/linux/system/single/simple.yml
@@ -0,0 +1,16 @@
+classes:
+- service.linux.system
+- service.linux.system.cis
+- system.linux.system.banner
+- service.logrotate.server
+parameters:
+ _param:
+ local_package_repos: false
+ linux:
+ system:
+ local_package_repos: ${_param:local_package_repos}
+ timezone: UTC
+ locale:
+ en_US.UTF-8:
+ enabled: true
+ default: true
diff --git a/linux/system/users/keystone.yml b/linux/system/users/keystone.yml
new file mode 100644
index 0000000..14e38dd
--- /dev/null
+++ b/linux/system/users/keystone.yml
@@ -0,0 +1,18 @@
+parameters:
+ linux:
+ system:
+ user:
+ keystone:
+ enabled: true
+ name: keystone
+ home: /var/lib/keystone
+ uid: 301
+ gid: 301
+ shell: /bin/false
+ system: True
+ group:
+ keystone:
+ enabled: true
+ name: keystone
+ gid: 301
+ system: True
diff --git a/maas/region/cluster.yml b/maas/region/cluster.yml
index 8df6ea8..ff6dac5 100644
--- a/maas/region/cluster.yml
+++ b/maas/region/cluster.yml
@@ -1,12 +1,18 @@
classes:
- system.maas.region.single
- system.keepalived.server.cluster_maas
+ - system.linux.system.repo.keystorage.saltstack
parameters:
_param:
cluster_vip_address: 10.0.175.80
+ linux_system_repo_mcp_saltstack_url: http://mirror.mirantis.com/${_param:apt_mk_version}/saltstack-2017.7/
maas:
cluster:
enabled: true
role: ${_param:maas_cluster_role}
region:
- host: ${_param:cluster_vip_address}
\ No newline at end of file
+ host: ${_param:cluster_vip_address}
+ saltstack_repo_key: ${linux:system:repo:mcp_saltstack:key}
+ saltstack_repo_trusty: "deb [arch=amd64] ${_param:linux_system_repo_mcp_saltstack_url}/trusty/ trusty main"
+ saltstack_repo_xenial: "deb [arch=amd64] ${_param:linux_system_repo_mcp_saltstack_url}/xenial/ xenial main"
+
diff --git a/maas/region/single.yml b/maas/region/single.yml
index 7c57d9e..3569fff 100644
--- a/maas/region/single.yml
+++ b/maas/region/single.yml
@@ -42,4 +42,5 @@
ntp_external_only: true
upstream_dns: ${_param:dns_server01}
enable_http_proxy: false
- default_min_hwe_kernel: ''
+ # linux-signed-image-generic-hwe-16.04
+ default_min_hwe_kernel: 'hwe-16.04'
diff --git a/neutron/control/vmware/dvs.yml b/neutron/control/vmware/dvs.yml
new file mode 100644
index 0000000..e22e8cc
--- /dev/null
+++ b/neutron/control/vmware/dvs.yml
@@ -0,0 +1,13 @@
+parameters:
+ neutron:
+ server:
+ backend:
+ engine: 'vmware'
+ core_plugin: vmware_dvs
+ vmware:
+ dvs:
+ host_ip: ${_param:openstack_vcenter_host}
+ host_username: ${_param:openstack_vcenter_username}
+ host_password: ${_param:openstack_vcenter_password}
+ dvs_name: ${_param:openstack_vcenter_dvs_name}
+ insecure: true
diff --git a/neutron/gateway/vmware/dvs.yml b/neutron/gateway/vmware/dvs.yml
new file mode 100644
index 0000000..6b508ca
--- /dev/null
+++ b/neutron/gateway/vmware/dvs.yml
@@ -0,0 +1,23 @@
+parameters:
+ linux:
+ network:
+ bridge: openvswitch
+ interface:
+ br-dvs:
+ enabled: true
+ type: ovs_bridge
+ neutron:
+ gateway:
+ bridge_mappings:
+ dvs: br-dvs
+ dvr: false
+ agents:
+ dhcp:
+ dhcp_driver: vmware_nsx.plugins.dvs.dhcp.Dnsmasq
+ services:
+ - 'neutron-metadata-agent'
+ - 'neutron-dhcp-agent'
+ pkgs:
+ - 'neutron-dhcp-agent'
+ - 'openvswitch-common'
+ - 'neutron-metadata-agent'
diff --git a/nginx/server/proxy/openstack/glance_registry.yml b/nginx/server/proxy/openstack/glance_registry.yml
new file mode 100644
index 0000000..b374e40
--- /dev/null
+++ b/nginx/server/proxy/openstack/glance_registry.yml
@@ -0,0 +1,25 @@
+parameters:
+ _param:
+ nginx_proxy_openstack_api_host: ${_param:cluster_public_host}
+ nginx_proxy_openstack_glance_registry_protocol: 'http'
+ nginx_proxy_openstack_glance_registry_host: ${_param:glance_service_host}
+ nginx_proxy_openstack_api_address: 0.0.0.0
+ nginx:
+ server:
+ enabled: true
+ site:
+ nginx_proxy_openstack_api_glance_registry:
+ enabled: true
+ type: nginx_proxy
+ name: openstack_api_glance_registry
+ check: false
+ underscores_in_headers: true
+ proxy:
+ host: ${_param:nginx_proxy_openstack_glance_registry_host}
+ port: 9191
+ protocol: ${_param:nginx_proxy_openstack_glance_registry_protocol}
+ host:
+ name: ${_param:nginx_proxy_openstack_api_host}
+ port: 9191
+ address: ${_param:nginx_proxy_openstack_api_address}
+ ssl: ${_param:nginx_proxy_ssl}
diff --git a/nginx/server/proxy/openstack_web.yml b/nginx/server/proxy/openstack_web.yml
index ad5ffea..b85527f 100644
--- a/nginx/server/proxy/openstack_web.yml
+++ b/nginx/server/proxy/openstack_web.yml
@@ -36,3 +36,7 @@
host:
name: ${_param:nginx_proxy_openstack_web_host}
port: 80
+ apache:
+ server:
+ bind:
+ listen_default_ports: false
diff --git a/nginx/server/proxy/ssl.yml b/nginx/server/proxy/ssl.yml
new file mode 100644
index 0000000..66a1938
--- /dev/null
+++ b/nginx/server/proxy/ssl.yml
@@ -0,0 +1,121 @@
+parameters:
+ _param:
+ nginx_proxy_ssl_enabled: false
+ nginx_proxy_ssl:
+ mode: 'strict'
+ enabled: ${_param:nginx_proxy_ssl_enabled}
+ engine: salt
+ dhparam:
+ enabled: True
+ numbits: 2048
+ ecdh_curve:
+ secp521r1:
+ name: 'secp521r1'
+ enabled: True
+ prefer_server_ciphers: "on"
+ protocols:
+ TLSv1:
+ name: 'TLSv1'
+ enabled: True
+ TLSv1.1:
+ name: 'TLSv1.1'
+ enabled: True
+ TLSv1.2:
+ name: 'TLSv1.2'
+ enabled: True
+ stapling: "on"
+ stapling_verify: "on"
+ ciphers:
+ ECDHE-ECDSA-CHACHA20-POLY1305:
+ name: 'ECDHE-ECDSA-CHACHA20-POLY1305'
+ enabled: True
+ ECDHE-RSA-CHACHA20-POLY1305:
+ name: 'ECDHE-RSA-CHACHA20-POLY1305'
+ enabled: True
+ ECDHE-ECDSA-AES128-GCM-SHA256:
+ name: 'ECDHE-ECDSA-AES128-GCM-SHA256'
+ enabled: True
+ ECDHE-RSA-AES128-GCM-SHA256:
+ name: 'ECDHE-RSA-AES128-GCM-SHA256'
+ enabled: True
+ ECDHE-ECDSA-AES256-GCM-SHA384:
+ name: 'ECDHE-ECDSA-AES256-GCM-SHA384'
+ enabled: True
+ ECDHE-RSA-AES256-GCM-SHA384:
+ name: 'ECDHE-RSA-AES256-GCM-SHA384'
+ enabled: True
+ DHE-RSA-AES128-GCM-SHA256:
+ name: 'DHE-RSA-AES128-GCM-SHA256'
+ enabled: True
+ DHE-RSA-AES256-GCM-SHA384:
+ name: 'DHE-RSA-AES256-GCM-SHA384'
+ enabled: True
+ ECDHE-ECDSA-AES128-SHA256:
+ name: 'ECDHE-ECDSA-AES128-SHA256'
+ enabled: True
+ ECDHE-RSA-AES128-SHA256:
+ name: 'ECDHE-RSA-AES128-SHA256'
+ enabled: True
+ ECDHE-ECDSA-AES128-SHA:
+ name: 'ECDHE-ECDSA-AES128-SHA'
+ enabled: True
+ ECDHE-RSA-AES256-SHA384:
+ name: 'ECDHE-RSA-AES256-SHA384'
+ enabled: True
+ ECDHE-RSA-AES128-SHA:
+ name: 'ECDHE-RSA-AES128-SHA'
+ enabled: True
+ ECDHE-ECDSA-AES256-SHA384:
+ name: 'ECDHE-ECDSA-AES256-SHA384'
+ enabled: True
+ ECDHE-ECDSA-AES256-SHA:
+ name: 'ECDHE-ECDSA-AES256-SHA'
+ enabled: True
+ ECDHE-RSA-AES256-SHA:
+ name: 'ECDHE-RSA-AES256-SHA'
+ enabled: True
+ DHE-RSA-AES128-SHA256:
+ name: 'DHE-RSA-AES128-SHA256'
+ enabled: True
+ DHE-RSA-AES128-SHA:
+ name: 'DHE-RSA-AES128-SHA'
+ enabled: True
+ DHE-RSA-AES256-SHA256:
+ name: 'DHE-RSA-AES256-SHA256'
+ enabled: True
+ DHE-RSA-AES256-SHA:
+ name: 'DHE-RSA-AES256-SHA'
+ enabled: True
+ ECDHE-ECDSA-DES-CBC3-SHA:
+ name: 'ECDHE-ECDSA-DES-CBC3-SHA'
+ enabled: True
+ ECDHE-RSA-DES-CBC3-SHA:
+ name: 'ECDHE-RSA-DES-CBC3-SHA'
+ enabled: True
+ EDH-RSA-DES-CBC3-SHA:
+ name: 'EDH-RSA-DES-CBC3-SHA'
+ enabled: True
+ AES128-GCM-SHA256:
+ name: 'AES128-GCM-SHA256'
+ enabled: True
+ AES256-GCM-SHA384:
+ name: 'AES256-GCM-SHA384'
+ enabled: True
+ AES128-SHA256:
+ name: 'AES128-SHA256'
+ enabled: True
+ AES256-SHA256:
+ name: 'AES256-SHA256'
+ enabled: True
+ AES256-SHA:
+ name: 'AES256-SHA'
+ enabled: True
+ AES128-SHA:
+ name: 'AES128-SHA'
+ enabled: True
+ DES-CBC3-SHA:
+ name: 'DES-CBC3-SHA'
+ enabled: True
+ removeDSS:
+ name: '!DSS'
+ enabled: True
\ No newline at end of file
diff --git a/nginx/server/proxy/stacklight/elasticsearch.yml b/nginx/server/proxy/stacklight/elasticsearch.yml
new file mode 100644
index 0000000..82d8bad
--- /dev/null
+++ b/nginx/server/proxy/stacklight/elasticsearch.yml
@@ -0,0 +1,25 @@
+parameters:
+ nginx:
+ server:
+ stream:
+ elasticsearch_binary:
+ backend:
+ elasticsearch:
+ address: ${_param:stacklight_monitor_address}
+ port: 9305
+ host:
+ port: 9300
+ site:
+ nginx_proxy_elasticsearch:
+ enabled: true
+ type: nginx_proxy
+ name: elasticsearch
+ proxy:
+ host: ${_param:stacklight_monitor_address}
+ port: 9205
+ protocol: http
+ host:
+ name: ${_param:cluster_public_host}
+ port: 9200
+ protocol: https
+ ssl: ${_param:nginx_proxy_ssl}
diff --git a/nginx/server/stream/gerrit_ssh.yml b/nginx/server/stream/gerrit_ssh.yml
new file mode 100644
index 0000000..13b7ba2
--- /dev/null
+++ b/nginx/server/stream/gerrit_ssh.yml
@@ -0,0 +1,16 @@
+parameters:
+ _param:
+ nginx_proxy_gerrit_server_stream_host: ${_param:cicd_control_address}
+ nginx_proxy_gerrit_server_stream_port: 29418
+ nginx_proxy_gerrit_server_site_stream_port: 29418
+ nginx:
+ server:
+ stream:
+ gerrit_ssh:
+ backend:
+ cicd:
+ address: ${_param:nginx_proxy_gerrit_server_stream_host}
+ port: ${_param:nginx_proxy_gerrit_server_stream_port}
+ host:
+ port: ${_param:nginx_proxy_gerrit_server_site_stream_port}
+
diff --git a/nova/client/flavor/vnf_onboarding/metaswitch_vsbc.yml b/nova/client/flavor/vnf_onboarding/metaswitch_vsbc.yml
index 636fc73..831811f 100644
--- a/nova/client/flavor/vnf_onboarding/metaswitch_vsbc.yml
+++ b/nova/client/flavor/vnf_onboarding/metaswitch_vsbc.yml
@@ -20,7 +20,7 @@
vcpus: 1
MetaswitchSSC:
ram: 4096
- disk: 40
+ disk: 80
vcpus: 2
backend.metaswitch:
ram: 2048
diff --git a/nova/compute/nfv/sriov.yml b/nova/compute/nfv/sriov.yml
index b93363c..ac6bf98 100644
--- a/nova/compute/nfv/sriov.yml
+++ b/nova/compute/nfv/sriov.yml
@@ -13,9 +13,12 @@
kernel:
sriov: True
unsafe_interrupts: ${_param:sriov_unsafe_interrupts}
- rc:
- local: |
- #!/bin/sh -e
- # Enabling ${_param:sriov_nic01_numvfs} VFs on ${_param:sriov_nic01_device_name} PF
- echo ${_param:sriov_nic01_numvfs} > /sys/class/net/${_param:sriov_nic01_device_name}/device/sriov_numvfs; sleep 2; ip link set ${_param:sriov_nic01_device_name} up
- exit 0
\ No newline at end of file
+ network:
+ interface:
+ sriov_nic01:
+ pre_up_cmds:
+ - echo ${_param:sriov_nic01_numvfs} > /sys/class/net/${_param:sriov_nic01_device_name}/device/sriov_numvfs
+ enabled: true
+ name: ${_param:sriov_nic01_device_name}
+ type: eth
+ proto: manual
diff --git a/nova/compute/vmware.yml b/nova/compute/vmware.yml
new file mode 100644
index 0000000..acae309
--- /dev/null
+++ b/nova/compute/vmware.yml
@@ -0,0 +1,13 @@
+parameters:
+ nova:
+ compute:
+ pkgs:
+ - nova-compute-vmware
+ vmware:
+ host_ip: ${_param:openstack_vcenter_host}
+ host_username: ${_param:openstack_vcenter_host}
+ host_username: ${_param:openstack_vcenter_username}
+ host_password: ${_param:openstack_vcenter_password}
+ cluster_name: ${_param:openstack_vcenter_cluster_name}
+ insecure: true
+
diff --git a/nova/control/cluster.yml b/nova/control/cluster.yml
index 90a2bae..2f411b5 100644
--- a/nova/control/cluster.yml
+++ b/nova/control/cluster.yml
@@ -4,6 +4,7 @@
- service.keepalived.cluster.single
- system.haproxy.proxy.listen.openstack.nova
- system.haproxy.proxy.listen.openstack.novnc
+- system.salt.minion.cert.mysql.clients.openstack.nova
parameters:
_param:
nova_vncproxy_url: http://${_param:cluster_vip_address}:6080
@@ -12,6 +13,8 @@
nova_disk_allocation_ratio: 1.0
metadata_password: metadataPass
cluster_internal_protocol: 'http'
+ openstack_mysql_x509_enabled: False
+ galera_ssl_enabled: False
linux:
system:
package:
@@ -44,6 +47,13 @@
name: nova
user: nova
password: ${_param:mysql_nova_password}
+ x509:
+ enabled: ${_param:openstack_mysql_x509_enabled}
+ ca_file: ${_param:mysql_nova_ssl_ca_file}
+ key_file: ${_param:mysql_nova_client_ssl_key_file}
+ cert_file: ${_param:mysql_nova_client_ssl_cert_file}
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
identity:
engine: keystone
region: ${_param:openstack_region}
diff --git a/nova/control/novncproxy/init.yml b/nova/control/novncproxy/init.yml
deleted file mode 100644
index 3cd04b8..0000000
--- a/nova/control/novncproxy/init.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-classes:
-- system.salt.minion.cert.vnc.novncproxy_client
-parameters:
- nova:
- controller:
- novncproxy:
- tls:
- enabled: True
- key_file: ${_param:novncproxy_client_ssl_key_file}
- cert_file: ${_param:novncproxy_client_ssl_cert_file}
- ca_file: ${_param:novncproxy_ssl_ca_file}
- all_file: ${_param:nova_websocketproxy_ssl_all_file}
-
diff --git a/nova/control/novncproxy/tls/init.yml b/nova/control/novncproxy/tls/init.yml
new file mode 100644
index 0000000..717d55e
--- /dev/null
+++ b/nova/control/novncproxy/tls/init.yml
@@ -0,0 +1,16 @@
+classes:
+- system.salt.minion.cert.vnc.novncproxy_client
+- system.salt.minion.cert.vnc.novncproxy_server
+parameters:
+ _param:
+ nova_vnc_tls_enabled: true
+ nova:
+ controller:
+ # Communication between noVNC proxy and client machine over TLS
+ novncproxy:
+ tls:
+ enabled: ${_param:nova_vnc_tls_enabled}
+ # Only for Queens. Communication between noVNC proxy service and QEMU
+ vencrypt:
+ tls:
+ enabled: ${_param:nova_vnc_tls_enabled}
diff --git a/nova/control/single.yml b/nova/control/single.yml
index 4e3799b..e7d7671 100644
--- a/nova/control/single.yml
+++ b/nova/control/single.yml
@@ -1,8 +1,11 @@
classes:
+- system.salt.minion.cert.mysql.clients.openstack.nova
- service.nova.control.single
parameters:
_param:
cluster_internal_protocol: 'http'
+ openstack_mysql_x509_enabled: False
+ galera_ssl_enabled: False
linux:
system:
package:
@@ -14,6 +17,13 @@
role: ${_param:openstack_node_role}
database:
host: ${_param:single_address}
+ x509:
+ enabled: ${_param:openstack_mysql_x509_enabled}
+ ca_file: ${_param:mysql_nova_ssl_ca_file}
+ key_file: ${_param:mysql_nova_client_ssl_key_file}
+ cert_file: ${_param:mysql_nova_client_ssl_cert_file}
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
identity:
protocol: ${_param:cluster_internal_protocol}
region: ${_param:openstack_region}
diff --git a/octavia/client/init.yml b/octavia/client/init.yml
new file mode 100644
index 0000000..f114e3d
--- /dev/null
+++ b/octavia/client/init.yml
@@ -0,0 +1,2 @@
+classes:
+- service.octavia.client
diff --git a/opencontrail/control/analytics4_0.yml b/opencontrail/control/analytics4_0.yml
index 88abb7f..b779aed 100644
--- a/opencontrail/control/analytics4_0.yml
+++ b/opencontrail/control/analytics4_0.yml
@@ -6,6 +6,7 @@
- system.haproxy.proxy.listen.opencontrail.analytics
parameters:
_param:
+ mcp_docker_registry: 'docker-prod-local.artifactory.mirantis.com'
opencontrail_kafka_log_cleanup_mtime: '+7'
opencontrail_kafka_log_cleanup_dir: '/usr/share/kafka/logs/'
opencontrail_version: 4.0
@@ -15,8 +16,8 @@
opencontrail_message_queue_node02_address: ${_param:openstack_message_queue_node02_address}
opencontrail_message_queue_node03_address: ${_param:openstack_message_queue_node03_address}
opencontrail_message_queue_address: ${_param:openstack_message_queue_address}
- opencontrail_analytics_image: docker-prod-local.artifactory.mirantis.com/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analytics:${_param:opencontrail_image_tag}
- opencontrail_analyticsdb_image: docker-prod-local.artifactory.mirantis.com/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analyticsdb:${_param:opencontrail_image_tag}
+ opencontrail_analytics_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analytics:${_param:opencontrail_image_tag}
+ opencontrail_analyticsdb_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analyticsdb:${_param:opencontrail_image_tag}
opencontrail_analytics_container_name: opencontrail_analytics_1
opencontrail_analyticsdb_container_name: opencontrail_analyticsdb_1
# Temprorary fix for MOS9 packages to pin old version of kafka
@@ -112,4 +113,4 @@
privileged: true
restart: always
env_file:
- - contrail.env
\ No newline at end of file
+ - contrail.env
diff --git a/opencontrail/control/cluster4_0.yml b/opencontrail/control/cluster4_0.yml
index 05cf7d6..4f1127f 100644
--- a/opencontrail/control/cluster4_0.yml
+++ b/opencontrail/control/cluster4_0.yml
@@ -6,6 +6,7 @@
- system.haproxy.proxy.listen.opencontrail.analytics
parameters:
_param:
+ mcp_docker_registry: 'docker-prod-local.artifactory.mirantis.com'
opencontrail_kafka_log_cleanup_mtime: '+7'
opencontrail_kafka_log_cleanup_dir: '/usr/share/kafka/logs/'
opencontrail_version: 4.0
@@ -15,9 +16,9 @@
opencontrail_message_queue_node02_address: ${_param:openstack_control_node02_address}
opencontrail_message_queue_node03_address: ${_param:openstack_control_node03_address}
opencontrail_message_queue_address: ${_param:openstack_control_address}
- opencontrail_analytics_image: docker-prod-local.artifactory.mirantis.com/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analytics:${_param:opencontrail_image_tag}
- opencontrail_analyticsdb_image: docker-prod-local.artifactory.mirantis.com/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analyticsdb:${_param:opencontrail_image_tag}
- opencontrail_controller_image: docker-prod-local.artifactory.mirantis.com/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-controller:${_param:opencontrail_image_tag}
+ opencontrail_analytics_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analytics:${_param:opencontrail_image_tag}
+ opencontrail_analyticsdb_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analyticsdb:${_param:opencontrail_image_tag}
+ opencontrail_controller_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-controller:${_param:opencontrail_image_tag}
opencontrail_controller_container_name: opencontrail_controller_1
opencontrail_analytics_container_name: opencontrail_analytics_1
opencontrail_analyticsdb_container_name: opencontrail_analyticsdb_1
diff --git a/opencontrail/control/control4_0.yml b/opencontrail/control/control4_0.yml
index 932a789..207e9da 100644
--- a/opencontrail/control/control4_0.yml
+++ b/opencontrail/control/control4_0.yml
@@ -5,13 +5,14 @@
- system.haproxy.proxy.listen.opencontrail.control
parameters:
_param:
+ mcp_docker_registry: 'docker-prod-local.artifactory.mirantis.com'
opencontrail_version: 4.0
linux_repo_contrail_component: oc40
opencontrail_image_tag: latest
opencontrail_message_queue_node01_address: ${_param:openstack_message_queue_node01_address}
opencontrail_message_queue_node02_address: ${_param:openstack_message_queue_node02_address}
opencontrail_message_queue_node03_address: ${_param:openstack_message_queue_node03_address}
- opencontrail_controller_image: docker-prod-local.artifactory.mirantis.com/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-controller:${_param:opencontrail_image_tag}
+ opencontrail_controller_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-controller:${_param:opencontrail_image_tag}
opencontrail_controller_container_name: opencontrail_controller_1
analytics_vip_address: ${_param:opencontrail_analytics_address}
opencontrail:
diff --git a/opencontrail/control/single4_0.yml b/opencontrail/control/single4_0.yml
index 4570e69..9826b28 100644
--- a/opencontrail/control/single4_0.yml
+++ b/opencontrail/control/single4_0.yml
@@ -4,14 +4,15 @@
- service.haproxy.proxy.single
parameters:
_param:
+ mcp_docker_registry: 'docker-prod-local.artifactory.mirantis.com'
opencontrail_kafka_log_cleanup_mtime: '+7'
opencontrail_kafka_log_cleanup_dir: '/usr/share/kafka/logs/'
opencontrail_version: 4.0
linux_repo_contrail_component: oc40
opencontrail_image_tag: latest
- opencontrail_analytics_image: docker-prod-local.artifactory.mirantis.com/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analytics:${_param:opencontrail_image_tag}
- opencontrail_analyticsdb_image: docker-prod-local.artifactory.mirantis.com/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analyticsdb:${_param:opencontrail_image_tag}
- opencontrail_controller_image: docker-prod-local.artifactory.mirantis.com/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-controller:${_param:opencontrail_image_tag}
+ opencontrail_analytics_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analytics:${_param:opencontrail_image_tag}
+ opencontrail_analyticsdb_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analyticsdb:${_param:opencontrail_image_tag}
+ opencontrail_controller_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-controller:${_param:opencontrail_image_tag}
opencontrail_controller_container_name: opencontrail_controller_1
opencontrail_analytics_container_name: opencontrail_analytics_1
opencontrail_analyticsdb_container_name: opencontrail_analyticsdb_1
diff --git a/openldap/client/groups/mirantis.yml b/openldap/client/groups/mirantis.yml
index 003eba0..7d6b054 100644
--- a/openldap/client/groups/mirantis.yml
+++ b/openldap/client/groups/mirantis.yml
@@ -10,10 +10,7 @@
attr:
description: Mirantis Administrators
gidNumber: 20002
- memberUid:
- - akomarek
- - fpytloun
- - jpavlik
+ memberUid: []
classes:
- posixGroup
- top
diff --git a/openldap/client/people/mirantis.yml b/openldap/client/people/mirantis.yml
index 3673783..31e8969 100644
--- a/openldap/client/people/mirantis.yml
+++ b/openldap/client/people/mirantis.yml
@@ -10,55 +10,4 @@
client:
entry:
people:
- entry:
- jpavlik:
- attr:
- uid: jpavlik
- userPassword: '{CRYPT}$6$rounds=500000$sSdm1peCUw78UsaP$l55AuiLv3j.0avLg.k8B2jM.xBczuf9CMursuS4QUm0ZEUgIZkmToPU1PiaTJB37zGgv2ubAYbr2oME7.TX8G1'
- uidNumber: 20051
- gidNumber: ${openldap:client:entry:groups:entry:mirantis:attr:gidNumber}
- gecos: "Jakub Pavlik"
- givenName: Jakub
- sn: Pavlik
- homeDirectory: /home/jpavlik
- loginShell: /bin/bash
- mail: jpavlik@mirantis.com
- classes:
- - posixAccount
- - inetOrgPerson
- - top
- - shadowAccount
- akomarek:
- attr:
- uid: akomarek
- userPassword: '{CRYPT}$6$rounds=500000$sSdm1peCUw78UsaP$l55AuiLv3j.0avLg.k8B2jM.xBczuf9CMursuS4QUm0ZEUgIZkmToPU1PiaTJB37zGgv2ubAYbr2oME7.TX8G1'
- uidNumber: 20052
- gidNumber: ${openldap:client:entry:groups:entry:mirantis:attr:gidNumber}
- gecos: "Ales Komarek"
- givenName: Ales
- sn: Komarek
- homeDirectory: /home/akomarek
- loginShell: /bin/bash
- mail: akomarek@mirantis.com
- classes:
- - posixAccount
- - inetOrgPerson
- - top
- - shadowAccount
- fpytloun:
- attr:
- uid: fpytloun
- userPassword: '{CRYPT}$6$rounds=500000$T84bEG26yetA1384$.Zh2GZu6pjWdS3hA2WVFzMnWe/hD15IeNIiGM.clq4XpKkwzbNeLbIs7F21vMsxzdOs0R8P8fvjepVHyrPrjQ.'
- uidNumber: 20053
- gidNumber: ${openldap:client:entry:groups:entry:mirantis:attr:gidNumber}
- gecos: "Filip Pytloun"
- givenName: Filip
- sn: Pytloun
- homeDirectory: /home/fpytloun
- loginShell: /bin/bash
- mail: fpytloun@mirantis.com
- classes:
- - posixAccount
- - inetOrgPerson
- - top
- - shadowAccount
+ entry: {}
diff --git a/openssh/server/team/l1_support.yml b/openssh/server/team/l1_support.yml
deleted file mode 100644
index 79db71d..0000000
--- a/openssh/server/team/l1_support.yml
+++ /dev/null
@@ -1,64 +0,0 @@
-## DEPRECATED, this class will be removed 01/2018
-## please integrate submodule opscare instead
-## https://gerrit.mirantis.com/#/admin/projects/mmo-support/reclass-opscare
-classes:
-- system.linux.system.sudo
-# L1
-- system.openssh.server.team.members.aleksandrdobdin
-- system.openssh.server.team.members.aleksandrrubtsov
-- system.openssh.server.team.members.anatoliineliubin
-- system.openssh.server.team.members.antonrodionov
-- system.openssh.server.team.members.collinmay
-- system.openssh.server.team.members.daniillapshin
-- system.openssh.server.team.members.danilakhmetov
-- system.openssh.server.team.members.deniskostriukov
-- system.openssh.server.team.members.dmitrygoloshubov
-- system.openssh.server.team.members.javierdiaz
-- system.openssh.server.team.members.jorgesorondo
-- system.openssh.server.team.members.josuepalmerin
-- system.openssh.server.team.members.krzysztoffranckowski
-- system.openssh.server.team.members.matthewroark
-- system.openssh.server.team.members.maximefimov
-- system.openssh.server.team.members.michaelpetersen
-- system.openssh.server.team.members.mikhailkraynov
-- system.openssh.server.team.members.nkabanova
-- system.openssh.server.team.members.renesoto
-- system.openssh.server.team.members.rsafonov
-- system.openssh.server.team.members.mmazepa
-- system.openssh.server.team.members.scottmachtmes
-- system.openssh.server.team.members.zahedkhurasani
-parameters:
- _param:
- linux_system_user_sudo: false
- linux:
- system:
- group:
- support:
- enabled: true
- name: support
- sudo:
- enabled: true
- aliases:
- command:
- L1_SUPPORT_SALT: ${_param:sudo_salt_safe}
- L1_SUPPORT_COREUTILS: ${_param:sudo_coreutils_safe}
- L1_SUPPORT_RABBITMQ: ${_param:sudo_rabbitmq_safe}
- L1_SUPPORT_SALT_TRUSTED: ${_param:sudo_salt_trusted}
- L1_SUPPORT_RESTRICTED_SHELLS: ${_param:sudo_shells}
- L1_SUPPORT_RESTRICTED: ${_param:sudo_restricted_su}
- L1_SUPPORT_NETWORKING: ${_param:sudo_networking}
- L1_SUPPORT_CONTRAIL: ${_param:sudo_contrail_utilities}
- L1_SUPPORT_STORAGE: ${_param:sudo_storage_utilities}
- L1_SUPPORT_OPENSTACK_CLIENTS: ${_param:sudo_openstack_clients}
- groups:
- support:
- commands:
- - L1_SUPPORT_SALT
- - L1_SUPPORT_COREUTILS
- - L1_SUPPORT_RABBITMQ
- - L1_SUPPORT_NETWORKING
- - L1_SUPPORT_CONTRAIL
- - L1_SUPPORT_STORAGE
- - L1_SUPPORT_OPENSTACK_CLIENTS
- - '!L1_SUPPORT_RESTRICTED_SHELLS'
- - '!L1_SUPPORT_RESTRICTED'
diff --git a/openssh/server/team/l2_support.yml b/openssh/server/team/l2_support.yml
deleted file mode 100644
index 91c7fa8..0000000
--- a/openssh/server/team/l2_support.yml
+++ /dev/null
@@ -1,43 +0,0 @@
-## DEPRECATED, this class will be removed 01/2018
-## please integrate submodule opscare instead
-## https://gerrit.mirantis.com/#/admin/projects/mmo-support/reclass-opscare
-classes:
-- system.linux.system.sudo
-# L2
-- system.openssh.server.team.members.aepifanov
-- system.openssh.server.team.members.apetrenko
-- system.openssh.server.team.members.ashishkin
-- system.openssh.server.team.members.atarasov
-- system.openssh.server.team.members.dklepikov
-- system.openssh.server.team.members.dsutyagin
-- system.openssh.server.team.members.ekozhemyakin
-- system.openssh.server.team.members.enikanorov
-- system.openssh.server.team.members.fsoppelsa
-- system.openssh.server.team.members.manashkin
-- system.openssh.server.team.members.nkondra
-- system.openssh.server.team.members.obryndzii
-- system.openssh.server.team.members.oliemieshko
-- system.openssh.server.team.members.sovsianikov
-parameters:
- _param:
- linux_system_user_sudo: false
- linux:
- system:
- group:
- supportl2:
- enabled: true
- name: supportl2
- sudo:
- enabled: true
- aliases:
- command:
- L2_SUPPORT_SALT: ${_param:sudo_salt_safe}
- L2_SUPPORT_SALT_TRUSTED: ${_param:sudo_salt_trusted}
- L2_SUPPORT_RESTRICTED_SHELLS: ${_param:sudo_shells}
- L2_SUPPORT_RESTRICTED: ${_param:sudo_restricted_su}
- groups:
- supportl2:
- commands:
- - ALL
- - '!L2_SUPPORT_RESTRICTED_SHELLS'
- - '!L2_SUPPORT_RESTRICTED'
diff --git a/openssh/server/team/mcp_qa.yml b/openssh/server/team/mcp_qa.yml
index b898218..38e19c3 100644
--- a/openssh/server/team/mcp_qa.yml
+++ b/openssh/server/team/mcp_qa.yml
@@ -149,6 +149,20 @@
full_name: Sergey Novikov
home: /home/snovikov
email: snovikov@mirantis.com
+ aminasyan:
+ enabled: true
+ name: aminasyan
+ sudo: true
+ full_name: Artem Minasyan
+ home: /home/aminasyan
+ email: aminasyan@mirantis.com
+ imenkov:
+ enabled: true
+ name: imenkov
+ sudo: true
+ full_name: Ilya Menkov
+ home: /home/imenkov
+ email: imenkov@mirantis.com
group:
libvirtd:
enabled: true
@@ -272,6 +286,16 @@
public_keys:
- ${public_keys:snovikov}
user: ${linux:system:user:snovikov}
+ aminasyan:
+ enable: true
+ public_keys:
+ - ${public_keys:aminasyan}
+ user: ${linux:system:user:aminasyan}
+ imenkov:
+ enable: true
+ public_keys:
+ - ${public_keys:imenkov}
+ user: ${linux:system:user:imenkov}
public_keys:
ddmitriev:
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDuD4wJ8hzkchQ0pfgdwWukQyps1xYRfHOsjosmDu/mmgaXVud5mnpwb2q35E2YYTox2mx+ulJqyS+099gz6MPg4P8D5qdMuRbAsJqbceLaaIGQhdT8qgSo7ESrl5pwvYnfWzKLKF0z5s7nrW0nvArC40zhV9o9XpvzzzSFByepWfkwA8ReldGUYVvTKp8YXaCrqEdMZrU42adPM2nl+fYBbGF+h4/Ka247aVjPeER0blV3znFXbv2Kf38G+i/TEGaktgpBdtGGDi1tX2loMypmTJeqZRJnM0Eoly0BnynB7CSxn11eoIXBUe1mVYNqmQd1hw6uh59iymhK5j939v9J ddmitriev@dis_xcom
@@ -319,3 +343,8 @@
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDEaWwPVtsj39s0A2efRQ1ejL5B7ZetFPmXJDi/8W/gTWIIII3xP750H8QWZfvbjiJ+KBCxOndDL8aL3SHC/iRCvmzrVkgXBgf5J9vTu8uas7BNGf7oiDBuB75fryDtkg57Pam/A47IlgxJTCwYz+ofUGHb6WrWwQ+MUTEWAk9PB+RPyxjwNC4XxEwtULkKQMgFmg52kauESpx0R0ni8/LLKUJucdse7NCcUTvEcafppnXsxdZ640G0K82ADS1neg1CDwdtCPKLG57GZYs4iL3sPcOhQxnVUoONXsRpBD8kQTKOMl5R6hTDJHBd3oimUPEXlPqeb/XeGKatVraRA6nJ ekhomyakova@ekhomyakova
snovikov:
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYj97WGfiL550eVPyQmFyrgpTw61tfins1CpgrZewWqAWJMgYklRdMYl4OReE5UO2po7ag0f/QsOtGU8aQbnxnWUYPZyS3Qk+Bg8OOSBmewPxmT7WH97KdGKBdC9b3xUNFOUXEUOMmOe3jq9YET+xebUnfsA5qwYU5dL9Cb5UAPzVxYI8z5RiaNTo8dtwZr7lbJJRy8YfSWCtiD59vewc6BE2NTUyDjsfmKd9K/IkyKboGU9AC5mLYDsjvWwiGcNdfigRyaYWKmoo7Xhe1W2Og4dpI5pozOwVg7hISW9NRgLXrZP/9me1rFBH7EQjpjO3+Pto1//R3Nx9QLsB59yuj snovikov@snovikov
+ aminasyan:
+ key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCo9BHw8WdIFOEuY10XvUqHPl1jCqtA8TYntt5Aee2rR8X8pLG9lWjHPFkNArD5upCRvv6f88Xs4QLoEGWMWcbfMkJE4gMNkOWL4As5iNgagw+DybQrA6nXyassHi8le+quwICfJ1v16IXxPgMBCcrRcSYvHKv+n8KsuBH1csRnJ8aHvIZJTL43Eq0F+aj2S0/9D+m2dyRwcmamn6EqX61NfL5UP3422i4JykTXY6I8iwEHs7Er+jPBD7rtJ/q4Kn/bIyT/Vz0tGHiWyVt7B8GBoPb3PgDuzXKvU7OtOxFb3uhANeecjzIz5G5rAsAQcizf+MGCOoBwFLFJTPAharWN artem@Artem
+ imenkov:
+ key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSWoSuHV1FNRuooS3d0nVkTRCwC+Tc585Z1cPcMQns7H1ogLIya//T3gMfxINxCjlF1eek18vI9B5QszZZUL2P7prFxe5EJlt6iM8jD61umkncaTbx6oc8r8xu5ufH9RDxfKHvQX1mhhID5JK+/GoRDIW5Zs7wFSHCrANYV2dtmOfmRSc/qpgh87Z9X10UDymp5MLjpQZzjM+qZCtz6yV14m835j4eiEN7+QZ2XZ/Wtzer7VVdhtjbw8gESSyuPIVf66keuLVUixk0CXosQYrqWDPWpT0Rhh63lnUacgplh74TU+bb+vYRjIHxCgOY2Ex6Pk5jrsroi0YoWtI4SErD imenkov@atopilin-nb-wifi.srt.mirantis.net
+
diff --git a/openssh/server/team/members/akomarek.yml b/openssh/server/team/members/akomarek.yml
index 4ccc697..1fc9f49 100644
--- a/openssh/server/team/members/akomarek.yml
+++ b/openssh/server/team/members/akomarek.yml
@@ -3,10 +3,10 @@
system:
user:
newt:
- enabled: true
+ enabled: false
name: newt
sudo: ${_param:linux_system_user_sudo}
- full_name: Ales Komarek
+ full_name: disabled
home: /home/newt
email: mail@newt.cz
openssh:
@@ -14,7 +14,7 @@
enabled: true
user:
newt:
- enabled: true
+ enabled: false
public_keys:
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3odU+3V2uDA2ptAFL9hrJRPNEEdAyztWOZFQ5Oyd9oerTGOU3p4xmrgWWjfKFKbYGhiiIUcYAol5PkTfKukGEkkjCHYA1t023soCaaAj85wCZCnw2zQNAziwxTYmAzTqgxiSvtZNMMrtJvFHRIRDzJ3M1lV0prWNWkMM1/3FAd4W49y6VT3fkMCo8uqG7CfGdgR2DgBCxf9KaNPfW5eDEPOgmE5lK8tVSEI6T+Cg7hbcTf4lFYnlFBnlQgp/0JstsM4Vbwb4B34LOpOsf2S8rrWk2xQMjwaMHXkc2s/E8iW3F5nVFuyEXYISFQIiAHw8dzC6CHgLcyHUVWwznKawZ newt@newt-dev1
- user: ${linux:system:user:newt}
\ No newline at end of file
+ user: ${linux:system:user:newt}
diff --git a/openssh/server/team/members/apetrenko.yml b/openssh/server/team/members/apetrenko.yml
index f4fa3d9..22ee651 100644
--- a/openssh/server/team/members/apetrenko.yml
+++ b/openssh/server/team/members/apetrenko.yml
@@ -3,10 +3,10 @@
system:
user:
apetrenko:
- enabled: true
+ enabled: false
name: apetrenko
sudo: ${_param:linux_system_user_sudo}
- full_name: Andrii Petrenko
+ full_name: disable
home: /home/apetrenko
email: apetrenko@mirantis.com
openssh:
@@ -14,7 +14,7 @@
enabled: true
user:
apetrenko:
- enabled: true
+ enabled: false
public_keys:
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDU7eLohJKXXB57H/buBlUcBTQXgsXmGXxMao0PQthdfDWhFKXc9fI+1rdsNjA8NPmq8gYdqldOgoIFAmBSwK/+z12ihIGmQJY8vRhr5jnsxee8VZczEj1bhYq/72mpN2KMxiL7Sv2l+WknviqitLzLgYZr17nJtqRdbhiqhEVQOZWKIngRZb4HIdRyA8qCpCFFbUN1etgsVuQaPMwcPdHKHHUzf2hBaELDBF+liVAJzwYlxBQ7m183K6zZ7Gs+wMKphVA5PjyPQbpA3ascF3fdottsat9QJOjrQsXlu+gekPy+fK8GkzDCrCWVcg5LHO+hj3ZnFIjEPxcPPEFo/NRF apl@MMO.mirantis.com
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC9cTDTzDVzIhZi/2F4tdEEIqewAOr8YY55Hk+zhuNZSZeI47eKVBvn09p0uiBLQIjrtO3TNh/93Bd+ts/wqwyembXdx5/hW+WdbpneRr8dRI03VEkLomHQqSsXMkr+VvegMc7i+266i5yDC1u4awX5+pR9WWzqaJrybNItmVucRGLGucx7qownV+Kp+8xXIG3lgT2fJw0qbv6hTbdvl7uw1JJ7bKhVxdeyeiv9blWLdQ7oCzQbjrQq8wlJvUfzNOGURMaFRQO4MHvecsBO99EgAaSqRmsDSLGQ/90RMH72BfP8YU/zSRwZNZDDq091oRhowgB1zfy1VgKm0/At1sswcsmfH+H/aC/RBB3NmG5GZq5uqRvgjlC4dz0GXalcJLN/NqQYywQ5WlOp518C5m2Is6t8mNvZh+is2GrmvCX97Y1gvzn65lUdfCP+Ee397mBi8XP5QZ4ojZ+SDt9efgpFUbmhbei2mNF9hpt2fhvLCv3HCayG9M/1QA9m3WdKo3gZKTBbMfKxU5mlTWsSLOt/44zMxdBLFq5gyhof7GxZiMeEllMF9v1cX0MCFlqbRSxfpqJv/0qsU3w9xRwDjWnm51uVeo69apRTlSNOyuXOsLyxzBS3n5cvlJ8L6r1cikmd0sx9LlrNw1ENxELDDIxj77BTcXNQVLfOfrEnSDIt+Q== apetrenko@mirantis.com
diff --git a/openssh/server/team/members/ashishkin.yml b/openssh/server/team/members/ashishkin.yml
index 9f74171..4659ff5 100644
--- a/openssh/server/team/members/ashishkin.yml
+++ b/openssh/server/team/members/ashishkin.yml
@@ -3,10 +3,10 @@
system:
user:
ashishkin:
- enabled: true
+ enabled: false
name: ashishkin
sudo: ${_param:linux_system_user_sudo}
- full_name: Aleksei Shishkin
+ full_name: disabled
home: /home/ashishkin
email: ashishkin@mirantis.com
openssh:
@@ -14,7 +14,7 @@
enabled: true
user:
ashishkin:
- enabled: true
+ enabled: false
public_keys:
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWlGbkhGN+DPrs3S/szWdwieH3Zu/E5bXnm8OCNSSS/xHbeSimqCIoAlZny58GYYabvsOmwh6qjiFmLmZq0MIlEc1RjMR95XLBWmhtpvYABRzMnUZUoFQ+cq1Lzo3ina4mLZAs2u27eEFmLLtV3sCcRAiDUnc6VoUne55NwjP4Ns+OL0Yin46Fr6SFxh6NUwi6woH58DWm1bfaisRyHzCBQJNmI3k0XKB9L9inpPMdmjzbdbitlrokHhDHE+ospLjZMBcV+8h1pK0yq/klT04ClJ58KXJeWJq2dz4nNyyVFNE2+DKwk18YUmtKLz/+BZxiaYY4Z5o6tXIttjfzf6Bn ashishkin@m83.local
user: ${linux:system:user:ashishkin}
diff --git a/openssh/server/team/members/astupnikov.yml b/openssh/server/team/members/astupnikov.yml
index d4522f6..41b8e34 100644
--- a/openssh/server/team/members/astupnikov.yml
+++ b/openssh/server/team/members/astupnikov.yml
@@ -3,10 +3,10 @@
system:
user:
astupnikov:
- enabled: true
+ enabled: false
name: astupnikov
sudo: ${_param:linux_system_user_sudo}
- full_name: Alexey Stupnikov
+ full_name: disabled
home: /home/astupnikov
email: astupnikov@mirantis.com
openssh:
@@ -14,7 +14,7 @@
enabled: true
user:
astupnikov:
- enabled: true
+ enabled: false
public_keys:
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDrV6q403BYodTCb8BCsWlkW6AHxvtCH5JxI9gUANsvbQd9n8fd16xqgXVecCRBJOS4PVauLNiQPMaj6ZuFeRZ8ZXvX498eNSNa5WhBbSwk0X/DqdK1LN/MStTAtL60JQV0yQSY+BghVJkREw4MJJBksyP0X+OG5AB+ijh/bjsabYr+EQNK+WJblrsRvNNCbjiWPcjzXVMxUrzphB09CYMwWFgx1An5jS7c1EGvXrzf0aK1KkadhGnXcjPACFaMGPYmu5HNgQcRnzNXDQU6PLGeyqNnZYZjHdQWZR88cQywznqzI8y9P4qSOTVStYoKLlYsdQFRTw8sJrRpPZupgSED astupnikov@astupnikov-srv
user: ${linux:system:user:astupnikov}
diff --git a/openssh/server/team/members/atarasov.yml b/openssh/server/team/members/atarasov.yml
index 935aa91..5c50be8 100644
--- a/openssh/server/team/members/atarasov.yml
+++ b/openssh/server/team/members/atarasov.yml
@@ -3,10 +3,10 @@
system:
user:
atarasov:
- enabled: true
+ enabled: false
name: atarasov
sudo: ${_param:linux_system_user_sudo}
- full_name: Anton Tarasov
+ full_name: disabled
home: /home/atarasov
email: atarasov@mirantis.com
openssh:
@@ -14,7 +14,7 @@
enabled: true
user:
atarasov:
- enabled: true
+ enabled: false
public_keys:
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSY2GXoKjTudh4iB8rXj6LP5nARndPoh4WeRYxcz57BdT9Xl9gN4E7wGn81kXoJOue5mYUNhjAvUCzKHOB2I6m/zSp5Fv6YDn6oeuD50vKhA6DkMllTVDX+UAegNRVNRRaTCeiqFlqym+2WbxaPjpuWvxuMcR9aZU5MT8H+UMWKbFpuvS83c/nD9QMC0s80bfz9e8OV/ysHsAvXmgQrkl3T0aKpV6IGU597li9k2z2DO9vLxd61rEsYsedPXpUGVn9l3NGW3Ix7dIOQPDFc/rOHVpwLu8V/Lq9zeo8g/12/50RewQ5TIOA3NPeO0D4FUUfj+yBvSjTDj4v6oTY+dyn tonyco@Tonys-MBP
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDI9aXXUufNBbexFsXVPSoaZ8S1gX9gdMGFZUNz9yGdkO5AtGp8A925UCYXZyENB1ZOO7GRFrfeWG2HZEGkcAANw/mWewdNZ1ESnLHSJa/VLtkhOp50647QdaSS5N9jvWbfJOepF6qxfuOpcSZjMj06cfFTXkv65A8jFq4iU/HV6V31csYl00WRF6aFX5u1sgpg4QzklvM4gJykNn8cw2Igi7UhjIvo74HG0UlVFt6qc4yahD2YURn8ZF8A62KVwZ26HbFejzD0S48DivldFGF4AH+tY81CCOrCfJSPs1nemoORwp9J20AnjZ7tGZR5KA9+Op+klvaJxsP4K/y1rBUH tonyco@atarasov-pc
diff --git a/openssh/server/team/members/cade.yml b/openssh/server/team/members/cade.yml
index fb22394..692f07c 100644
--- a/openssh/server/team/members/cade.yml
+++ b/openssh/server/team/members/cade.yml
@@ -6,7 +6,7 @@
enabled: false
name: cade
sudo: ${_param:linux_system_user_sudo}
- full_name: Cade Ekblad-Frank
+ full_name: disabled
home: /home/cade
email: cade@mirantis.com
openssh:
diff --git a/openssh/server/team/members/chnyda.yml b/openssh/server/team/members/chnyda.yml
index 2bcecaf..401a416 100644
--- a/openssh/server/team/members/chnyda.yml
+++ b/openssh/server/team/members/chnyda.yml
@@ -3,10 +3,10 @@
system:
user:
chnyda:
- enabled: true
+ enabled: false
name: chnyda
sudo: true
- full_name: Cedric Hnyda
+ full_name: disabled
home: /home/chnyda
email: chnyda@mirantis.com
openssh:
@@ -14,7 +14,7 @@
enabled: true
user:
chnyda:
- enabled: true
+ enabled: false
public_keys:
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDHmLTwDSFslOUVo4ViT0bqVLhSaweuLt0QNWhnIaSPgqWhHOSkdqt3+Tg4l8Vd4O4Z44Yv/rXqhmO5X1AIytNccA6+nJe4Km3JC6QzG6npS3ghtHWDU3DOGgWd5RrULviEDSIj1w1oG8oHxdycGkbfjApAkiDR/xr7NHhTcPhEuvn/q7i1raj4vpNdIrR+cr6XA3l+I4cmaizpjuWaFrag1q24RS7PVEUmcPRSODrkdwFREsrLkIlIgtIoMIIjtEDdk1RU/loiXrNwuVRI3KTLqhheFlHedQd13uzpn66KF6UVlZAm+k2y2jLdEi5IFKD3g6mmWsNH6xSZYVn6d84/XvLjMsS/UL+WHr5xetHNSi3RtQOkCPYphq1KcRAXLwH0dgtDwfyg2F+5ezG3wMsZAqD3KiaGNmDcA6R19Fpjm0S4SXa+QnX5eZcO9DS5cYTjs8F2T9Vsaspvwc0U80M6+JvOlV1PBNJYQhSxdX1Plf2p1MrrRnYhlgMdzCiPSQHsKp3tei8I+bqCvV9iScLAbLxKaW/yWdeuh74oGitTfI4R0h0HMJ1lqK+rT5wtMXyJSvFMK6Zph0GqJf3QHBhzCfs5PIto1pyNdXbI8KzfgTgyo+3gpIPAQ2VD/pf8mOD218UPNQglYWP6wniTq/hVtC2tl3DW53qx5qv10osGmw== chnyda@mirantis.com
user: ${linux:system:user:chnyda}
diff --git a/openssh/server/team/members/collinmay.yml b/openssh/server/team/members/collinmay.yml
index 9b29a34..b944537 100644
--- a/openssh/server/team/members/collinmay.yml
+++ b/openssh/server/team/members/collinmay.yml
@@ -3,10 +3,10 @@
system:
user:
cmay:
- enabled: true
+ enabled: false
name: cmay
sudo: ${_param:linux_system_user_sudo}
- full_name: Collin May
+ full_name: disabled
home: /home/cmay
email: cmay@mirantis.com
openssh:
@@ -14,7 +14,7 @@
enabled: true
user:
cmay:
- enabled: true
+ enabled: false
public_keys: ${public_keys:cmay}
user: ${linux:system:user:cmay}
public_keys:
diff --git a/openssh/server/team/members/daniillapshin.yml b/openssh/server/team/members/daniillapshin.yml
index 0796ca7..df80183 100644
--- a/openssh/server/team/members/daniillapshin.yml
+++ b/openssh/server/team/members/daniillapshin.yml
@@ -6,7 +6,7 @@
enabled: false
name: dlapshin
sudo: ${_param:linux_system_user_sudo}
- full_name: Daniil Lapshin
+ full_name: disabled
home: /home/dlapshin
email: dlapshin@mirantis.com
openssh:
diff --git a/openssh/server/team/members/dmitrygoloshubov.yml b/openssh/server/team/members/dmitrygoloshubov.yml
index 4509f64..ab76658 100644
--- a/openssh/server/team/members/dmitrygoloshubov.yml
+++ b/openssh/server/team/members/dmitrygoloshubov.yml
@@ -3,10 +3,10 @@
system:
user:
dgoloshubov:
- enabled: true
+ enabled: false
name: dgoloshubov
sudo: ${_param:linux_system_user_sudo}
- full_name: Dmitry Goloshubov
+ full_name: disabled
home: /home/dgoloshubov
email: dgoloshubov@mirantis.com
openssh:
@@ -14,7 +14,7 @@
enabled: true
user:
dgoloshubov:
- enabled: true
+ enabled: false
public_keys: ${public_keys:dgoloshubov}
user: ${linux:system:user:dgoloshubov}
public_keys:
diff --git a/openssh/server/team/members/dpyzhov.yml b/openssh/server/team/members/dpyzhov.yml
new file mode 100644
index 0000000..2f72fe5
--- /dev/null
+++ b/openssh/server/team/members/dpyzhov.yml
@@ -0,0 +1,19 @@
+parameters:
+ linux:
+ system:
+ user:
+ dpyzhov:
+ enabled: true
+ name: dpyzhov
+ sudo: ${_param:linux_system_user_sudo}
+ full_name: Dmitry Pyzhov
+ home: /home/dpyzhov
+ email: dpyzhov@mirantis.com
+ openssh:
+ server:
+ user:
+ dpyzhov:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCpCEigzaCPNPSuy0GMef/wsyGvBXjbZLxg4eR7oVKmRDsT01sjOFDgabwSBcbkvc7jeWw3RcxC8Upyhq2ADzwFSh+9AXRPbX1R2GxW85SYWg6xz4gFaM8CJ4XUT3S3lnhJ796xUSG9jOIe/pEk9L/4F41uzX8YSwQkGoio2j6za34ZWEVqDNNZt+PVC4woJjuw6r4jBZiEKWuVONeSLJeVwMwc9vwz1kED89OP3zenGknCY5PvM59CrcKHdVzseqHtzMW89nHTTAPTRPWX+07IgNWpI+IRB1KDbtRmeFpuLUwObfxzWqCDc2vpL6UF6uyIVEzLNBSSU4s0lmu0nyEM/uT5hpt/pchl50lfVBrIj+G3wIG+yy/sB4xddVNB5XxwiChxS1pkXgWx6apsOgrixdsVsw5sqRmYwecm3bqL2GFEl1UmLs3fdDyAfsG8uz/OyDl5I48LBZmklriDE6QB+vOG4n1BHPUkwiF2LeXf3JtUrBPhe7oe80xUVxPXjxZqtIHp2Tooj3u9TK5Wd00yOj4uGMyJoQdICSDqt/BATkTQ4a/JMhBGEb5GC6KuuEAIwfV7DnrDW+jyiV7JJ8GUHGbg3KKVPv7jCVcCnww6icywMClnFuAy+yagiq5DxYFkdk9wa1psbxpQKSXFBOO+iWqOYJoiIFwgSiujdM8ZfQ== dpyzhov@mac-pro-2017
+ user: ${linux:system:user:dpyzhov}
diff --git a/openssh/server/team/members/dszeluga.yml b/openssh/server/team/members/dszeluga.yml
index 6557eac..b035f42 100644
--- a/openssh/server/team/members/dszeluga.yml
+++ b/openssh/server/team/members/dszeluga.yml
@@ -7,7 +7,7 @@
enabled: false
name: dszeluga
sudo: ${_param:linux_system_user_sudo}
- full_name: Damian Szeluga
+ full_name: disabled
home: /home/dszeluga
email: dszeluga@mirantis.com
openssh:
@@ -15,7 +15,7 @@
enabled: true
user:
dszeluga:
- enabled: true
+ enabled: false
public_keys:
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDEEFoCOaivah6AjFZmPIDlDlp8mUfsh9UFrjgLL8vqVYoyVnuZ5DQZTeZsCgFCPxodEsgHDkSEFwkB6hbyqEXszGIL8dWwSBR3QfNJD2cjZ8ZYqXsKN63RzHGAjTXMjlCB7TZtcui1SWpKjGd+x3gQ0KkHZI9V9WVYDcC75kyEAHZptM2N9jlwbhr9lXZ77gZacjaGoKN0Agb/ydd1TyhQ1F3g56pnvgZtkOe/bStwjpz2NS0FqiqAR3wOeZZUGsR3TCP70oYfaeJvpCDVRR/gVXqqvcBAiNYTGC/tMlKuECKPtOOAP8Oc+bt1eOrbiPVJ5NfoOIpmMCDUUSnFoNGN damjanek@cocaine.local
user: ${linux:system:user:dszeluga}
diff --git a/openssh/server/team/members/ecantwell.yml b/openssh/server/team/members/ecantwell.yml
index d662836..6003b15 100644
--- a/openssh/server/team/members/ecantwell.yml
+++ b/openssh/server/team/members/ecantwell.yml
@@ -6,7 +6,7 @@
enabled: false
name: ecantwell
sudo: ${_param:linux_system_user_sudo}
- full_name: Erick Cantwell
+ full_name: disabled
home: /home/ecantwell
email: ecantwell@mirantis.com
openssh:
diff --git a/openssh/server/team/members/ekozhemyakin.yml b/openssh/server/team/members/ekozhemyakin.yml
index afd36c6..70dc2b2 100644
--- a/openssh/server/team/members/ekozhemyakin.yml
+++ b/openssh/server/team/members/ekozhemyakin.yml
@@ -3,10 +3,10 @@
system:
user:
ekozhemyakin:
- enabled: true
+ enabled: false
name: ekozhemyakin
sudo: ${_param:linux_system_user_sudo}
- full_name: Evgeny Kozhemyakin
+ full_name: disabled
home: /home/ekozhemyakin
email: ekozhemyakin@mirantis.com
openssh:
@@ -14,7 +14,7 @@
enabled: true
user:
ekozhemyakin:
- enabled: true
+ enabled: false
public_keys:
- key: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAgEAnQ3OD1g35wYDnHwnNKuA/daYMJ7YmMsGoucOG8Y4HFXv9JXMd7MgqpfgyRc22y3VqV6G7ddGgjI0TDzENAzxUAd6pjIhl8GPtwBRY0q5LDPZwatkX8KH1T/da5EDM3iwekftd50s8hsUKRhmCfuFlgC9R0eVAVbzLMsB+OgtasLygoCrfWa5chZ6exbIkDnQRN+SDxBEHjpAK22OGeDuW4Vuf8DS74cNgX2zZBkcQEwxfzGBi3AsJhUEm91d1JJqYtD4nwcRSIUEEiKLroW/AKACko8GihHXCRxmgLSFNhMLwV9g5LE4E9O/MMN8E7ik2JnmAVuhjttsa4tzj62raAlrUBvA/4KBwwocXgR6lLZ/dLBcCdbSZ8UQJy3IM9rwa/r9v/T6qGWm1GwTqL7MWAp4XKPpUbHvykSh9XqQm0Zs2/eTsa387Oxo40IuLcJk8tOlZwYiu2wdnrhnex90dMweMEHTe9lBi0JOqz48uFDYa3NsNQ6ZhkZGYgGblH1Ip3Z75K69HDZJUrM++4bDRuN2y5BL3K1M2GKZVnSwVvkcw7wCL7KyEMzX5uyHc1IiBtpZjPGorIQvJvmUzNe/IDSwVwu2Lm8YsYyMmboyiQ+NZex9+9ZW7htyREYGKNJZHAB+YIgvXRKJOjw0JyCXDqkNOeMDOlkfwYEcrhsN7A8= evg@ThinkPad
user: ${linux:system:user:ekozhemyakin}
diff --git a/openssh/server/team/members/fpytloun.yml b/openssh/server/team/members/fpytloun.yml
index d5b0937..70f8b73 100644
--- a/openssh/server/team/members/fpytloun.yml
+++ b/openssh/server/team/members/fpytloun.yml
@@ -3,10 +3,10 @@
system:
user:
filip:
- enabled: true
+ enabled: false
name: filip
sudo: ${_param:linux_system_user_sudo}
- full_name: Filip Pytloun
+ full_name: disabled
home: /home/filip
email: filip@pytloun.cz
openssh:
@@ -14,7 +14,7 @@
enabled: true
user:
filip:
- enabled: true
+ enabled: false
public_keys:
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCcuHTjJ3CoWdkmvtag07bIWeyAMqFLAN+QApat7TXUcDYmm/neK4Asg3m/UicofZnB80cI4tjnB84Z8WazLHMxVTLwHbEqTVbXVeKebiZ5yn0yo4ndRzmppUfSvs0xcMysBwu+hYAnIDXTedctbciMSYKbuQ+b9XZ4mFZ/2RHG4QBA/dPUxJdCwvkBu7AOV+6zaRSR99UETr5nxICQUGVJBTy6VkCsch4mK3/K2SrujODUhytcROg+6ejV/aZHWH9xIFRBLfhmSFeOC6oneBWo4QBQ2tTZgb7Go744JpkhkoMfWQnR2s6cCgUN60BJ6j5snqmbv9/2CmgbI4UprC+E6lL04K/Jbgjv+fi3KqnCIpRiQzahmjSeeYdPducWme3BVDceUSb5EzF/RjSDi4yHcTWJS0TcPf195p42O1G6tLw5zfmIu2+PWUq1L4pLualboUbaDtwqg0WaLWKONi9tJkOS1OMz4hxqEbWBAtFNJLHC5K+OXcV8Yt6C7iB2dEZ4c26MAi1pdMqhFjxYiCGYKZ4lyV9xo8tWcs5fiUIi2PKyLQ9SMRQbhXIcb9ENby2D/ijh5AVpbBew8iaUQQKg83Yo0z2PwTWyNFuXECAl667XaTNZEMVUjo5yU/OtktVZiH6ZfvEFwj+7OpLBiZ3sFgp/7EHcGXa0FL6BcXuwfQ== filip@pytloun.cz
- user: ${linux:system:user:filip}
\ No newline at end of file
+ user: ${linux:system:user:filip}
diff --git a/openssh/server/team/members/fsoppelsa.yml b/openssh/server/team/members/fsoppelsa.yml
index 4478112..7921474 100644
--- a/openssh/server/team/members/fsoppelsa.yml
+++ b/openssh/server/team/members/fsoppelsa.yml
@@ -3,10 +3,10 @@
system:
user:
fsoppelsa:
- enabled: true
+ enabled: false
name: fsoppelsa
sudo: ${_param:linux_system_user_sudo}
- full_name: Fabrizio Soppelsa
+ full_name: disabled
home: /home/fsoppelsa
email: fsoppelsa@mirantis.com
openssh:
@@ -14,7 +14,7 @@
enabled: true
user:
fsoppelsa:
- enabled: true
+ enabled: false
public_keys:
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCs1bA1kgjstOfTVlS5+COuv3U1UYmAkDkTHHCw188XmZKQwmjrHQdbxA91fi/LmGNO87r9S3Sy6bmwYeBd8MUycYKXYPvHaS2JnflgtOy8L1xxubOgA+bpaziHImC0Xf6AQZRbVNlegVG5dVxZ1b1gNIaxufO8BmR4X/apG7TBXAhd+IYRzXsHlZVyrnZyUHNWJWQaUt+640ziR2+1mQZMktgfC9X3G9FxXtCEl6zvkHv8I2XOuzAfHFyoZlv32fo7BF1SjJnMkAhU5jMaliKQNt9Z3G3zcW0yA4D2IruueCJ7HNbXP2wxxiCpTxfpadfglUhm4U0wvTluippKlC1j fsoppelsa@yoda.local
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDTui9BfPuQgiGH0MkOrjWAkveC2J6Kh8zWmPMj3x2QIlHaXoMjnOTsfYqSSzlXIdswU6+46MMOG2jn1D78/hOEqNOFhOp+jtrjAhNUsufDdHclcMQJXPh/m/OaKyJq5UeNdFpq7UdhwA6E8Z9w4Jld/MzoV675RvI2OrzjSw8/K8pxf5YDOPrsxohFTwHaosbqrt/Owjiyqsh8NnJkEnNoFjvVNebpiKDZB2hOTOGjSOmHExQ7rmWNcdUISe/jwLrl5oR7ciwg4BnvcBye1W8l68w5vJ1dlUH8k3NNx010nnKal4MvL0mSYVqd32m5stBLSwZ57UBVVTJl6i3aSQz fsoppelsa@darthvader.local
diff --git a/openssh/server/team/members/gzimin.yml b/openssh/server/team/members/gzimin.yml
new file mode 100644
index 0000000..2052f21
--- /dev/null
+++ b/openssh/server/team/members/gzimin.yml
@@ -0,0 +1,20 @@
+parameters:
+ linux:
+ system:
+ user:
+ gzimin:
+ enabled: true
+ name: gzimin
+ sudo: ${_param:linux_system_user_sudo}
+ full_name: Gleb Zimin
+ home: /home/gzimin
+ email: gzimin@mirantis.com
+ openssh:
+ server:
+ enabled: true
+ user:
+ gzimin:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDitupT4OHwP9EsJTDu10Y3XslxjbvyTxC/EMjgxwDM1LxooJK7AO+WkgdCP0o5nkiPi3y50pw66yKGYDlzNu8JkTIWGRvzfBWK8aU55m0F2wmxNkoT7eiCCrhwThwKfNI44MV0ZZ7plf3eeIthAonsyc5rkC+7ZseF7xmErjKcwfApS3AWn44KXs3iSdp8uJbZ3GARGDtzjfcyEzYQK8c8J4AHeXtGStWQnk146UN7m9F8AztOEkmtzkQXLWR+DQgPkFsS+KfSacqCriYCHJPN3C9tcMSCfCdwN4/P1HoYoAGz8WE9YulRGnmb9JSCmo+Lu/f2liC63llhhcr5eJsj gzimin@Glebs-MacBook-Pro.local
+ user: ${linux:system:user:gzimin}
diff --git a/openssh/server/team/members/jpavlik.yml b/openssh/server/team/members/jpavlik.yml
index b073d7f..4474062 100644
--- a/openssh/server/team/members/jpavlik.yml
+++ b/openssh/server/team/members/jpavlik.yml
@@ -3,10 +3,10 @@
system:
user:
jpavlik:
- enabled: true
+ enabled: false
name: jpavlik
sudo: ${_param:linux_system_user_sudo}
- full_name: Jakub Pavlik
+ full_name: disabled
home: /home/jpavlik
email: jpavlik@mirantis.com
openssh:
@@ -14,7 +14,7 @@
enabled: true
user:
jpavlik:
- enabled: true
+ enabled: false
public_keys:
- key: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAylDZDzgMuEsJQpwFHDW+QivCVhryxXd1/HWqq1TVhJmT9oNAYdhUBnf/9kVtgmP0EWpDJtGSEaSugCmx8KE76I64RhpOTlm7wO0FFUVnzhFtTPx38WHfMjMdk1HF8twZU4svi72Xbg1KyBimwvaxTTd4zxq8Mskp3uwtkqPcQJDSQaZYv+wtuB6m6vHBCOTZwAognDGEvvCg0dgTU4hch1zoHSaxedS1UFHjUAM598iuI3+hMos/5hjG/vuay4cPLBJX5x1YF6blbFALwrQw8ZmTPaimqDUA9WD6KSmS1qg4rOkk4cszIfJ5vyymMrG+G3qk5LeT4VrgIgWQTAHyXw== pavlk.jakub@gmail.com
- user: ${linux:system:user:jpavlik}
\ No newline at end of file
+ user: ${linux:system:user:jpavlik}
diff --git a/openssh/server/team/members/krzysztoffranckowski.yml b/openssh/server/team/members/krzysztoffranckowski.yml
index 454c833..9d8a95c 100644
--- a/openssh/server/team/members/krzysztoffranckowski.yml
+++ b/openssh/server/team/members/krzysztoffranckowski.yml
@@ -3,7 +3,7 @@
system:
user:
kfranckowski:
- enabled: true
+ enabled: false
name: kfranckowski
sudo: ${_param:linux_system_user_sudo}
full_name: Krzysztof Franckowski
@@ -14,7 +14,7 @@
enabled: true
user:
kfranckowski:
- enabled: true
+ enabled: false
public_keys: ${public_keys:kfranckowski}
user: ${linux:system:user:kfranckowski}
public_keys:
diff --git a/openssh/server/team/members/matthewroark.yml b/openssh/server/team/members/matthewroark.yml
index 3dc01a6..ef6f755 100644
--- a/openssh/server/team/members/matthewroark.yml
+++ b/openssh/server/team/members/matthewroark.yml
@@ -3,7 +3,7 @@
system:
user:
mroark:
- enabled: true
+ enabled: false
name: mroark
sudo: ${_param:linux_system_user_sudo}
full_name: Matthew Roark
@@ -14,7 +14,7 @@
enabled: true
user:
mroark:
- enabled: true
+ enabled: false
public_keys: ${public_keys:mroark}
user: ${linux:system:user:mroark}
public_keys:
diff --git a/openssh/server/team/members/mceloud.yml b/openssh/server/team/members/mceloud.yml
index d1f3359..a00afb8 100644
--- a/openssh/server/team/members/mceloud.yml
+++ b/openssh/server/team/members/mceloud.yml
@@ -3,10 +3,10 @@
system:
user:
marco:
- enabled: true
+ enabled: false
name: marco
sudo: ${_param:linux_system_user_sudo}
- full_name: Marek Celoud
+ full_name: disabled
home: /home/marco
email: mceloud@mirantis.com
openssh:
@@ -14,7 +14,7 @@
enabled: true
user:
marco:
- enabled: true
+ enabled: false
public_keys:
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDmrJJsRR1dIqaomk83+sn5OnRLvVqrxtROT2uO83W0C4036t3OfJEBL2COJ4Z1iQmyoQUcIpRdJns+Ft8GpVEEQ+mW4eo33jhVEkfLBzRTE7f/WqDmMeDbdxO7LdUNlIIc40KBPcnJWvEorqV2z2UF0+xqittTE34A3CgF82BI2Nx6vCNhgnJJnCyYisD+wT4f+Ovor3Rm2s6zdnJRqcLgx5lkNx6fM2ffkD36MjyPyVYWvFqw68kEsBPcpB0EmiINKQRg3A/iPvUgRWMl9nSvSMVopkbTOBpSK3H9hzGCLiQJvE8pGjHhb7SOix0p0sFdNrNRiC5ayaGQUDQgWH8h marco@marco-MS-7699
- user: ${linux:system:user:marco}
\ No newline at end of file
+ user: ${linux:system:user:marco}
diff --git a/openssh/server/team/members/myatsenko.yml b/openssh/server/team/members/myatsenko.yml
index 01c2417..839a868 100644
--- a/openssh/server/team/members/myatsenko.yml
+++ b/openssh/server/team/members/myatsenko.yml
@@ -3,10 +3,10 @@
system:
user:
myatsenko:
- enabled: true
+ enabled: false
name: myatsenko
sudo: ${_param:linux_system_user_sudo}
- full_name: Maksym Yatsenko
+ full_name: disabled
home: /home/myatsenko
email: myatsenko@mirantis.com
openssh:
@@ -14,7 +14,7 @@
enabled: true
user:
myatsenko:
- enabled: true
+ enabled: false
public_keys:
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3wCjIm2PVzViGp5NFxeDHLVLxSq67gR+mm4jarHyDVb8wz9kfSG6cWGXNZhrqse7NgpDZpurFunFddXQBOgR6LmOfo9sDlcl4oT0+OnWHgyK6RMYcigkVYVYI5W2f5M+3Dz/KjV1S/VmRYlh/tz46PECV+Y93RaUUXS/91Uv19SAzuCd3Rj0l43HY5ROZNK0VZSrIsnhOqLZxF71v0jY/AbFxswooMH0NCM7XFqVBsRjwclfQjIGkV1j4xeWGM1xWkvvHCSEz2JdeAR5w3C7mhCzPpQJXvQGJNuccyZzoNbHPgDdFPx76MGj/VdmeUu5yKnFSnNNoQ1CcbxmaYeJ7 myatsenko@myatsenko-pc
user: ${linux:system:user:myatsenko}
diff --git a/openssh/server/team/members/nkondra.yml b/openssh/server/team/members/nkondra.yml
index b250e2b..33685eb 100644
--- a/openssh/server/team/members/nkondra.yml
+++ b/openssh/server/team/members/nkondra.yml
@@ -3,10 +3,10 @@
system:
user:
nkondra:
- enabled: true
+ enabled: false
name: nkondra
sudo: ${_param:linux_system_user_sudo}
- full_name: Nazarii Kondra
+ full_name: disabled
home: /home/nkondra
email: nkondra@mirantis.com
openssh:
@@ -14,7 +14,7 @@
enabled: true
user:
nkondra:
- enabled: true
+ enabled: false
public_keys:
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9A6qJfHEIegIcHHgbBFONf3Yld5cbvhvylqDsy+Cu0vSkGHjMRATQJcTeMuG9HGOirVFMzmlKZHPJoQyFGo7FsJS81ZHwPCnh4UnQ3AL5CBp2nofeeXjOInA1CBJfqXgPhwjPexN1k/P7a7psmZ6nD61BHHeHR8U8SHy0Q0SxQPW9S2aFUxt1HVeZYTdWsSe4TIANepZomokcNi2s5GbfAzYo11ga0i56+ZHP0plrQXu8HYHPBjpHctFgE1NpE7vvrIo3c8E154jkxPj8vD+snHsQjpwUmK5lbbkOq9clchPtRtiTu83qZO0/es4zwyohrbqiqvKUITnzz/NcKPbD root@nazaros
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4UpJRI+XeVqSU8ENSgQwQyqEKwmuV+xsr1xqd6hm8cIGTImnJQSAKKHErgW0Dm5LIaZFOzYEhrxuFxPymQ5jBCyh9kK/SpeFYZNn7PUo7QLvRE12eze2EfEIS8OeLeyew3UJE+ropP7sZTBUbO9ZeOjVN0sU0GT1XMGOr3AcKB5R6P84ZIzL8KX+vw7VRGoWqgNmM4ZSM1JIp1n6S//2Is78hmoQjaw6SqcDJxqfNT4VtLnV8BDFJyiiu/ufWZ1FwSoFOSUpUYkI+Bg8zF0hHP2mf0gr/8hlTubM5UGtIWO6K849D7H43LF2QxlOXqisMJTYnIzIEVlSz9QWyRmAD nazaros@nazaros
diff --git a/openssh/server/team/members/pbasov.yml b/openssh/server/team/members/pbasov.yml
new file mode 100644
index 0000000..567f1cd
--- /dev/null
+++ b/openssh/server/team/members/pbasov.yml
@@ -0,0 +1,19 @@
+parameters:
+ linux:
+ system:
+ user:
+ pbasov:
+ enabled: true
+ name: pbasov
+ sudo: ${_param:linux_system_user_sudo}
+ full_name: Pavel Basov
+ home: /home/pbasov
+ email: pbasov@mirantis.com
+ openssh:
+ server:
+ user:
+ pbasov:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6cHg1SvsxWp5tD0Ee7nl4pyW9cLO/ZQYYxUYa2zSn/RWFm9BFuy1VwkJiYCIvk0lTXfKQMiO10mKm2xFC3VT0vpTSGIYDh4oxDu0FpIaTmXX3ULVdLNwWvrkHoPkIbPy1nUYlJQ+9PEh6KWkbxeYXFxVPoouWkDwshF63GrRA7Pyg2CuVn/FEA+ldSeq7mp/kkOWvlKXpJzvKXt4A/6odOCUiCnX//CWreHCnfCV3KsteyBc+UP2ql6wpEXmIIYdrOF0O3ofqRPTx6ivIOGGDuYB6e/XDivoEBPWNcLYcr9d5HKOTgRE6xF2Q1ElzpbvAY4AS+kggEjIgImiB3TxX pbasov@mirantis.com
+ user: ${linux:system:user:pbasov}
diff --git a/openssh/server/team/members/pshchelo.yml b/openssh/server/team/members/pshchelo.yml
new file mode 100644
index 0000000..52e7cc6
--- /dev/null
+++ b/openssh/server/team/members/pshchelo.yml
@@ -0,0 +1,20 @@
+parameters:
+ linux:
+ system:
+ user:
+ pshchelo:
+ enabled: true
+ name: pshchelo
+ sudo: ${_param:linux_system_user_sudo}
+ full_name: Pavlo Shchelokovskyy
+ home: /home/pshchelo
+ email: pshchelokovskyy@mirantis.com
+ openssh:
+ server:
+ enabled: true
+ user:
+ pshchelo:
+ enabled: true
+ public_keys:
+ - key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOns6c3H+TP0HBYWI+N6nX/ilPrGth5ElLCyN4EHJqcq pshchelo@git
+ user: ${linux:system:user:pshchelo}
diff --git a/openssh/server/team/members/renesoto.yml b/openssh/server/team/members/renesoto.yml
index a9988ed..e05a090 100644
--- a/openssh/server/team/members/renesoto.yml
+++ b/openssh/server/team/members/renesoto.yml
@@ -3,10 +3,10 @@
system:
user:
rsoto:
- enabled: true
+ enabled: false
name: rsoto
sudo: ${_param:linux_system_user_sudo}
- full_name: Rene Soto
+ full_name: disabled
home: /home/rsoto
email: rsoto@mirantis.com
openssh:
@@ -14,7 +14,7 @@
enabled: true
user:
rsoto:
- enabled: true
+ enabled: false
public_keys: ${public_keys:rsoto}
user: ${linux:system:user:rsoto}
public_keys:
diff --git a/openssh/server/team/members/rsafonov.yml b/openssh/server/team/members/rsafonov.yml
index 9965a1b..75eac67 100644
--- a/openssh/server/team/members/rsafonov.yml
+++ b/openssh/server/team/members/rsafonov.yml
@@ -3,10 +3,10 @@
system:
user:
rsafonov:
- enabled: true
+ enabled: false
name: rsafonov
sudo: ${_param:linux_system_user_sudo}
- full_name: Roman Safonov
+ full_name: disabled
home: /home/rsafonov
email: rsafonov@mirantis.com
openssh:
@@ -14,7 +14,7 @@
enabled: true
user:
rsafonov:
- enabled: true
+ enabled: false
public_keys: ${public_keys:rsafonov}
user: ${linux:system:user:rsafonov}
public_keys:
diff --git a/openssh/server/team/members/rsatek.yml b/openssh/server/team/members/rsatek.yml
index 227d20d..fb394e1 100644
--- a/openssh/server/team/members/rsatek.yml
+++ b/openssh/server/team/members/rsatek.yml
@@ -3,10 +3,10 @@
system:
user:
rsatek:
- enabled: true
+ enabled: false
name: rsatek
sudo: ${_param:linux_system_user_sudo}
- full_name: Rudolf Satek
+ full_name: disabled
home: /home/rsatek
email: rsatek@mirantis.com
openssh:
@@ -14,7 +14,7 @@
enabled: true
user:
rsatek:
- enabled: true
+ enabled: false
public_keys:
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC63DK9CdBB2WNHcbgzReBlcVY7YDvVKBJI4P5O8N3lg/T+01ROL99/6k8drFYFJjdeXJaMkCg7UM17yIyouDijBHB9G9AM7jkefBZrGDF7QaWJeGvpxB9W3BQnhotCeuP363CNBup+oUfPwXVnkE5iGuLJAGS8SENpVZpZsF0gXAUuVtvl5D8h1wIqQtFveJSV6qJkjVIudZYJfOMDBfiyS5nEwKmboP5jFtrm3e64HpxDhm2J5irNtzw3hOO8cq2ssnZ0ZAHFf2FfnPAzZ2L0Z1MpZcEPdzBonsdO8/cfxdbov9hW4iLmpJF80KxgPyHU0R304uyfnsfkC164l0Rx rsatek@Rudolfs-MacBook-Pro.local
user: ${linux:system:user:rsatek}
diff --git a/openssh/server/team/members/scottmachtmes.yml b/openssh/server/team/members/scottmachtmes.yml
index fc466fa..0daf80f 100644
--- a/openssh/server/team/members/scottmachtmes.yml
+++ b/openssh/server/team/members/scottmachtmes.yml
@@ -6,7 +6,7 @@
enabled: false
name: smachtmes
sudo: ${_param:linux_system_user_sudo}
- full_name: Scott Machtmes
+ full_name: disabled
home: /home/smachtmes
email: smachtmes@mirantis.com
openssh:
diff --git a/openssh/server/team/members/sovsianikov.yml b/openssh/server/team/members/sovsianikov.yml
index d5a2fed..cab343e 100644
--- a/openssh/server/team/members/sovsianikov.yml
+++ b/openssh/server/team/members/sovsianikov.yml
@@ -3,10 +3,10 @@
system:
user:
sovsianikov:
- enabled: true
+ enabled: false
name: sovsianikov
sudo: ${_param:linux_system_user_sudo}
- full_name: Serhii Ovsianikov
+ full_name: disabled
home: /home/sovsianikov
email: sovsianikov@mirantis.com
openssh:
@@ -14,7 +14,7 @@
enabled: true
user:
sovsianikov:
- enabled: true
+ enabled: false
public_keys:
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC728opxEr1QAil48NXPoA1QH4qzbGy8OjEq0s+JuovWYg6eRxf4UEhZgtxW3z3vls0xV5fNpoGa1j2xIDYRIxdZV05X9J+CZ9hxUfE0tIi8iS8/r5x+SFeWQmf4zVOwQMRwXujNsmKBDQVpP/y/2wlYHk3RPrPLGZAH5LkO29W4iTKDciOF4p9uGw55CCR7Iaw/S3fq/CV3rSbtsxXpnYzJ0JZEYIVhO8ZRN9kP1upmTOGeC3g8ahSWgkWOD4xLbrUjoaOTqZjEVIUxDf0bLT2/ztihgqvKG9CTObKrHM8/V3tPqns9Xhu+uDc+h0pplxrVAlVtGiC9yx/R3e3gahJ sovsianikov@sovsianikov-nbook
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDqe1+ymHcc750HopiD17J79Yh2P3Bdg7csJi1C/1B8Xk09rOoo5eIGGdo+7EqO2alRqzdan8Um7eSd6sH2sGUakHXApz0ig1xyqDcKpbla+13kJ9bEYyI3+7kXdm5/iAIzRmQVBYbtf6MK7GwLv6+5h+QKA4yiHr1xj2mXgmakU8B5r7GZXCq+DDEDXL+7r9h68DqOuQacKesbQZHPUBLCjINigLHA24Z+8Fglk0BkH+EiuBj91/QBT7Wy003njMz4/ecx0t1jRE6yMImDq62h/L7dS17no2ghVhZbFfDTBoyGuMp200tnhIP9Dwuisy0TuGBjiSVO/QJ2o0aAptwl sovsianikov@sovsianikov-lin
diff --git a/openssh/server/team/members/tkukral.yml b/openssh/server/team/members/tkukral.yml
index 60b34f5..915af8b 100644
--- a/openssh/server/team/members/tkukral.yml
+++ b/openssh/server/team/members/tkukral.yml
@@ -3,10 +3,10 @@
system:
user:
tkukral:
- enabled: true
+ enabled: false
name: tkukral
sudo: ${_param:linux_system_user_sudo}
- full_name: Tomas Kukral
+ full_name: disabled
home: /home/tkukral
email: tkukral@mirantis.com
openssh:
@@ -14,7 +14,7 @@
enabled: true
user:
tkukral:
- enabled: true
+ enabled: false
public_keys:
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDRM6WquKic6i6v/JbNR2XuMqCCYqlfyGU1K7XHK7tWFordRLz2/o4S76sZULBTXR0rLHtynvHM4QHlloE1/XJnd0BtI/3y8aY0OkXyu6PHvTC8Az8SyGj2XAcaiPlaT2f+oTJHoPc9rxLhMMD7OTwias6QeVKB3UrT0OaHfy2wWCF7t8cQeofi2ldEHKeCsC1jrT1vaVuoThQgZ00h0rNk4COPZEW34FXdmdJFUmZcUIDMa71HtYgnn4gmE8sUiJ/j6ardvPaycCDT9j1GW1Yu6UVLBWOoMMCb04bDJiidlvY1fQqbM/G4cR4ZPHFZ0RQiM2+wnRaB5RCmBVgNT0Tj
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAAEAQDIcEZKBvsDAVOeUyucpTXH7nubNjXxlQSMf6oXmcXW5EFzQ7bcBjUJIC2/w4NV2v+/qbbvax1BiI5wU3TWM+LKx6VyhexwrnGQ4p9xprbAIiYaDAbT4KsSOyFnItmbD3qo5JzYruF/jxpus2fV/rBjfsgENHSDSL7ZNO5XLRhdfdcjGrReYf6MU+Py90mOxIcafJQ0nI2PkZ4JURtiJmd/lBp+QJH+6JpQ4Fjm1C0stJFLZfyn0r9YtMXs7j3LK5QaypbZO63NvBKp/1GhZUbC48Cb19SqIoBfQl8JroT93PFzhcQaXd/iXbbBg1WPhEJLAaJEJ7aHGVN+93YHoukP+AFobrpCES3LPFrwbRXpjZNCbKtQCMS1oZHLNBrIsa6uuvAhd9ni3Q/iJq4O6uZ8g0gW69+VI3FT7l3adBCBlOQUVvN51k2k3Q18oeFZAuVPoH49gUDXgxaUHjA5nE0hgPd6KaZkh5UGs/8jyvDLRLVRCUGYfVZcXlMAa5uc1SaUGR3XZgciUlY9DWAGTS8mA4ZnD6mXdnQmjDqhaI2S9jFmuO1Z4YAlHCs+qqMmnFBwbIZuIJaTgl9blr2pi8g6SVQGOE8eA9SDZYTH2EM741ZgVxBPTC/QjMcRtERWNTzfK+R6nZgsdozi9w8MMlmLgvjhney+YuhPhBI2YUwafV2wngqcz7qKP35Jx4E0AeI/Z6z2duuP4JHtaswkR7Zwk4/ebRm1DGIvImh4UxucumEMpXrNOyPZqyJwOb1GM7U5w/kfGSU10y6Y2/db23eYvIb2c1aIbKcGI+Db+1UuED9KcmI9JuYnxqzQZe66T56s+jOi0zyjQDlx9gu2ib/ORE+XVuKqvqii/WF4dTK42YgzTY1RX4wag4mNOEhY4hX+VA6eEFLruqIE+zQ9L+vjf4w2jqpC2CTtY+UtgAbkpZWn9/00CqS9EAh3cmYVgL8se+mfo9iQkcOrHoJ/hN9wyWOK8yQXACMtm/zdFyMtCzhWeSvz03SPz4o1L5QcS3VG+FF6XE5jb0KCWH2C0U6ufgKhpna+LXmG1nXGtay7KqUkQeIwOXq2nq2xehPwgfM25xIPHJ+t1dQMstXrR/h0Bs9lHM7V7mTcgA4MtuYM1mwUpuK9QYantvWE7aq1KtFwFBaP/4swtSoxWsotIDv9GxJhWRJ8aUJIAbsN2znMlbtsIDGTMlWLW3pbpr+1ANAZx6YiQOSCkDDzk4eaFMhlGaa+4sBVfIU0QwnO9swOjQMQH+3/qaeGl9LOZEf87kwFKnQDpMEdDl4vmpsSwzcyGT8AIFl/ybrrl///v3cvCZe1lDJZxPag6KT4BOwycoWTKfL5ll06v+JzW67XqkQT
diff --git a/openssh/server/team/members/vmikes.yml b/openssh/server/team/members/vmikes.yml
index eb506ac..5a1b6de 100644
--- a/openssh/server/team/members/vmikes.yml
+++ b/openssh/server/team/members/vmikes.yml
@@ -3,10 +3,10 @@
system:
user:
vmikes:
- enabled: true
+ enabled: false
name: vmikes
sudo: ${_param:linux_system_user_sudo}
- full_name: Vlasta Mikes
+ full_name: disabled
home: /home/vmikes
email: vmikes@mirantis.com
openssh:
@@ -14,7 +14,7 @@
enabled: true
user:
vmikes:
- enabled: true
+ enabled: false
public_keys:
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXng0oUbSGMlZCamlSWuc4jzgTym+p9u0ukbQvaWW2cneOhLw6QbVkOgRETBIfXitiIB+5nNqTYy7lrYqc3wofjZJzonR07oFoNcyhITLnKjLHV9eZ8aRhwKL2PONyp8d61cdm5zqeth1tMP8uBB+SOn+aD12Hu5tfTJjQeH286p+Xt75Llo/bHybfYmt2HaV9Ts6qb/Kw3Eom0Jkjh8837navek/PnFF7WAkM8GvP5Taqzp4Tmu2UfLeMv4459q+ZiS56WRbcixBQGb7uUUy4jkuis0batBNoY0pwMaaTj8KzSwrQ8shc/LuU2QhR7xwXVIgZR/Yqa/Ojw/U36N4t v.mikes@tcpisek.cz
- user: ${linux:system:user:vmikes}
\ No newline at end of file
+ user: ${linux:system:user:vmikes}
diff --git a/openssh/server/team/members/zahedkhurasani.yml b/openssh/server/team/members/zahedkhurasani.yml
index 3b6f9c8..423828a 100644
--- a/openssh/server/team/members/zahedkhurasani.yml
+++ b/openssh/server/team/members/zahedkhurasani.yml
@@ -6,7 +6,7 @@
enabled: false
name: zkhurasani
sudo: ${_param:linux_system_user_sudo}
- full_name: Zahed Khurasani
+ full_name: disabled
home: /home/zkhurasani
email: zkhurasani@mirantis.com
openssh:
diff --git a/openssh/server/team/networking.yml b/openssh/server/team/networking.yml
index 7e5f915..9921b5b 100644
--- a/openssh/server/team/networking.yml
+++ b/openssh/server/team/networking.yml
@@ -3,6 +3,11 @@
- system.openssh.server.team.members.pjediny
- system.openssh.server.team.members.skreys
- system.openssh.server.team.members.smatov
+- system.openssh.server.team.members.ivasilevskaya
+- system.openssh.server.team.members.jcach
+- system.openssh.server.team.members.psvimbersky
+- system.openssh.server.team.members.gzimin
+- system.openssh.server.team.members.dpyzhov
parameters:
_param:
linux_system_user_sudo: true
diff --git a/openssh/server/team/oscore_devops.yml b/openssh/server/team/oscore_devops.yml
index f629d9e..31830fc 100644
--- a/openssh/server/team/oscore_devops.yml
+++ b/openssh/server/team/oscore_devops.yml
@@ -11,6 +11,7 @@
- system.openssh.server.team.members.kkushaev
- system.openssh.server.team.members.sgarbuz
- system.openssh.server.team.members.oshyshko
+- system.openssh.server.team.members.pshchelo
parameters:
_param:
linux_system_user_sudo: true
diff --git a/openssh/server/team/services.yml b/openssh/server/team/services.yml
index c2f4e28..3116d90 100644
--- a/openssh/server/team/services.yml
+++ b/openssh/server/team/services.yml
@@ -19,6 +19,7 @@
- system.openssh.server.team.members.dstremkouski
- system.openssh.server.team.members.mchernik
- system.openssh.server.team.members.hkraemer
+- system.openssh.server.team.members.pbasov
parameters:
_param:
linux_system_user_sudo: true
diff --git a/panko/server/cluster.yml b/panko/server/cluster.yml
index e277c30..d641f36 100644
--- a/panko/server/cluster.yml
+++ b/panko/server/cluster.yml
@@ -9,9 +9,12 @@
panko_memcached_node01_address: ${_param:cluster_node01_address}
panko_memcached_node02_address: ${_param:cluster_node02_address}
panko_memcached_node03_address: ${_param:cluster_node03_address}
+ # Keep events in database for 30 days
+ panko_event_time_to_live: 2592000
panko:
server:
role: ${_param:openstack_node_role}
+ event_time_to_live: ${_param:panko_event_time_to_live}
identity:
host: ${_param:openstack_control_address}
database:
@@ -24,4 +27,9 @@
- host: ${_param:panko_memcached_node02_address}
port: 11211
- host: ${_param:panko_memcached_node03_address}
- port: 11211
\ No newline at end of file
+ port: 11211
+ # Check for expired events every day at 2 AM
+ expirer:
+ cron:
+ minute: 0
+ hour: 2
\ No newline at end of file
diff --git a/panko/server/single.yml b/panko/server/single.yml
new file mode 100644
index 0000000..497b21e
--- /dev/null
+++ b/panko/server/single.yml
@@ -0,0 +1,16 @@
+classes:
+- service.panko.server.single
+- system.apache.server.site.panko
+parameters:
+ _param:
+ # Keep events in database for 30 days
+ panko_event_time_to_live: 2592000
+ panko:
+ server:
+ role: ${_param:openstack_node_role}
+ event_time_to_live: ${_param:panko_event_time_to_live}
+ # Check for expired events every day at 2 AM
+ expirer:
+ cron:
+ minute: 0
+ hour: 2
\ No newline at end of file
diff --git a/prometheus/gainsight/query/openstack.yml b/prometheus/gainsight/query/openstack.yml
index 9215d2e..34c81c3 100644
--- a/prometheus/gainsight/query/openstack.yml
+++ b/prometheus/gainsight/query/openstack.yml
@@ -4,7 +4,7 @@
queries:
vcpu_used: "'vCPU Used','sum(avg_over_time(openstack_nova_used_vcpus[24h]))'"
vcpu_free: "'vCPU Free','sum(avg_over_time(openstack_nova_free_vcpus[24h]))'"
- vstorge_used: "'vStorage Used','sum(avg_over_time(openstack_nova_used_disk[24h]))'"
+ vstorage_used: "'vStorage Used','sum(avg_over_time(openstack_nova_used_disk[24h]))'"
vstorage_free: "'vStorage Free','sum(avg_over_time(openstack_nova_free_disk[24h]))'"
vram_used: "'vRAM Used','sum(avg_over_time(openstack_nova_used_ram[24h]))'"
vram_free: "'vRAM Free','sum(avg_over_time(openstack_nova_free_ram[24h]))'"
@@ -15,5 +15,4 @@
nova_api: "'Nova API','avg(avg_over_time(openstack_api_check_status{service=\"nova\"}[24h]))'"
keystone_api: "'Keystone API','avg(avg_over_time(openstack_api_check_status{service=\"keystone\"}[24h]))'"
glance_api: "'Glance API','avg(avg_over_time(openstack_api_check_status{service=\"glance\"}[24h]))'"
- keystone_api: "'Keystone API','avg(avg_over_time(openstack_api_check_status{service=\"keystone\"}[24h]))'"
neutron_api: "'Neutron API','avg(avg_over_time(openstack_api_check_status{service=\"neutron\"}[24h]))'"
diff --git a/prometheus/server/alert/alerta_relabel.yml b/prometheus/server/alert/alerta_relabel.yml
index ca0f4b4..df6aca0 100644
--- a/prometheus/server/alert/alerta_relabel.yml
+++ b/prometheus/server/alert/alerta_relabel.yml
@@ -1,6 +1,6 @@
parameters:
_param:
- alerta_environment_label: Development
+ alerta_environment_label: ${_param:cluster_name}
prometheus:
server:
config:
@@ -22,4 +22,4 @@
regex: "(.+;.+)"
- source_labels: ["hostname", "job"]
target_label: "instance"
- regex: "(.+;.+)"
\ No newline at end of file
+ regex: "(.+;.+)"
diff --git a/rabbitmq/server/ssl/init.yml b/rabbitmq/server/ssl/init.yml
new file mode 100644
index 0000000..7fefae7
--- /dev/null
+++ b/rabbitmq/server/ssl/init.yml
@@ -0,0 +1,11 @@
+classes:
+- system.salt.minion.cert.rabbitmq_server
+- service.rabbitmq.server.ssl
+parameters:
+ _param:
+ rabbitmq_ssl_enabled: true
+ rabbitmq_port: 5671 # for non-ssl use 5672 / for ssl 5671
+ rabbitmq:
+ server:
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
diff --git a/reclass/storage/system/openstack_dashboard_single.yml b/reclass/storage/system/openstack_dashboard_single.yml
index 51e2d91..00bd6a8 100644
--- a/reclass/storage/system/openstack_dashboard_single.yml
+++ b/reclass/storage/system/openstack_dashboard_single.yml
@@ -2,6 +2,7 @@
_param:
openstack_proxy_hostname: prx01
openstack_proxy_system_codename: trusty
+ openstack_proxy_node01_address: 172.16.10.121
reclass:
storage:
node:
@@ -13,4 +14,4 @@
params:
salt_master_host: ${_param:reclass_config_master}
linux_system_codename: ${_param:openstack_proxy_system_codename}
- single_address: 172.16.10.121
+ single_address: ${_param:openstack_proxy_node01_address}
diff --git a/reclass/storage/system/openstack_telemetry_cluster.yml b/reclass/storage/system/openstack_telemetry_cluster.yml
index c33a8db..4c688a8 100644
--- a/reclass/storage/system/openstack_telemetry_cluster.yml
+++ b/reclass/storage/system/openstack_telemetry_cluster.yml
@@ -18,6 +18,8 @@
single_address: ${_param:openstack_telemetry_node01_address}
keepalived_vip_priority: 103
openstack_node_role: primary
+ ceilometer_create_gnocchi_resources: true
+ redis_cluster_role: 'master'
openstack_telemetry_node02:
name: ${_param:openstack_telemetry_node02_hostname}
domain: ${_param:cluster_domain}
@@ -29,6 +31,7 @@
single_address: ${_param:openstack_telemetry_node02_address}
keepalived_vip_priority: 102
openstack_node_role: secondary
+ redis_cluster_role: 'slave'
openstack_telemetry_node03:
name: ${_param:openstack_telemetry_node03_hostname}
domain: ${_param:cluster_domain}
@@ -40,3 +43,4 @@
single_address: ${_param:openstack_telemetry_node03_address}
keepalived_vip_priority: 101
openstack_node_role: secondary
+ redis_cluster_role: 'slave'
diff --git a/rundeck/client/project/cicd.yml b/rundeck/client/project/cicd.yml
index 4cbcd40..6038fcc 100644
--- a/rundeck/client/project/cicd.yml
+++ b/rundeck/client/project/cicd.yml
@@ -1,9 +1,10 @@
parameters:
_param:
+ mcp_docker_registry: 'docker-prod-local.artifactory.mirantis.com'
rundeck_cis_jobs_repository: https://gerrit.mcp.mirantis.net/oss/rundeck-cis-jobs
rundeck_cis_jobs_revision: master
rundeck_cis_elasticsearch_url: yourelastic:9200
- rundeck_cis_os_docker_image: docker-prod-local.artifactory.mirantis.com/mirantis/oss/cis-openstack:latest
+ rundeck_cis_os_docker_image: ${_param:mcp_docker_registry}/mirantis/oss/cis-openstack:latest
rundeck_cis_openstack:
auth_url: http://yourcloud.com:5000/v3/auth/tokens
endpoint_type: publicURL
diff --git a/salt/control/cluster/init.yml b/salt/control/cluster/init.yml
new file mode 100644
index 0000000..49d30b3
--- /dev/null
+++ b/salt/control/cluster/init.yml
@@ -0,0 +1,9 @@
+parameters:
+ _param:
+ salt_control_cluster_rng_backend: "/dev/random"
+ salt:
+ control:
+ cluster:
+ internal:
+ rng:
+ backend: ${_param:salt_control_cluster_rng_backend}
diff --git a/salt/control/cluster/kubernetes_control_cluster.yml b/salt/control/cluster/kubernetes_control_cluster.yml
new file mode 100644
index 0000000..c3049ec
--- /dev/null
+++ b/salt/control/cluster/kubernetes_control_cluster.yml
@@ -0,0 +1,29 @@
+parameters:
+ salt:
+ control:
+ size:
+ kubernetes.control:
+ cpu: 4
+ ram: 8192
+ disk_profile: small
+ net_profile: default
+ cluster:
+ internal:
+ domain: ${_param:cluster_domain}
+ engine: virt
+ node:
+ ctl01:
+ name: ${_param:kubernetes_control_node01_hostname}
+ provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_xenial_image}
+ size: kubernetes.control
+ ctl02:
+ name: ${_param:kubernetes_control_node02_hostname}
+ provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_xenial_image}
+ size: kubernetes.control
+ ctl03:
+ name: ${_param:kubernetes_control_node03_hostname}
+ provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_xenial_image}
+ size: kubernetes.control
diff --git a/salt/control/cluster/kubernetes_proxy_cluster.yml b/salt/control/cluster/kubernetes_proxy_cluster.yml
index d4251a2..379a333 100644
--- a/salt/control/cluster/kubernetes_proxy_cluster.yml
+++ b/salt/control/cluster/kubernetes_proxy_cluster.yml
@@ -3,8 +3,8 @@
control:
size:
kubernetes.proxy:
- cpu: 32
- ram: 65536
+ cpu: 2
+ ram: 4096
disk_profile: small
net_profile: default
cluster:
@@ -15,11 +15,11 @@
prx01:
name: ${_param:kubernetes_proxy_node01_hostname}
provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
- image: ${_param:salt_control_trusty_image}
+ image: ${_param:salt_control_xenial_image}
size: kubernetes.proxy
prx02:
name: ${_param:kubernetes_proxy_node02_hostname}
provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
- image: ${_param:salt_control_trusty_image}
+ image: ${_param:salt_control_xenial_image}
size: kubernetes.proxy
diff --git a/salt/control/placement/ovs/compact.yml b/salt/control/placement/ovs/compact.yml
new file mode 100644
index 0000000..3102b3e
--- /dev/null
+++ b/salt/control/placement/ovs/compact.yml
@@ -0,0 +1,28 @@
+parameters:
+ _param:
+ infra_kvm01_hostname: kvm01
+ infra_kvm02_hostname: kvm02
+ infra_kvm03_hostname: kvm03
+ openstack_gateway_node01_hostname: gtw01
+ openstack_gateway_node02_hostname: gtw02
+ openstack_gateway_node03_hostname: gtw03
+ salt:
+ control:
+ cluster:
+ internal:
+ node:
+ gtw01:
+ name: ${_param:openstack_gateway_node01_hostname}
+ image: ${_param:salt_control_xenial_image}
+ provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
+ size: openstack.gateway
+ gtw02:
+ name: ${_param:openstack_gateway_node02_hostname}
+ image: ${_param:salt_control_xenial_image}
+ provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
+ size: openstack.gateway
+ gtw03:
+ name: ${_param:openstack_gateway_node03_hostname}
+ image: ${_param:salt_control_xenial_image}
+ provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
+ size: openstack.gateway
\ No newline at end of file
diff --git a/salt/control/placement/ovs/minimal.yml b/salt/control/placement/ovs/minimal.yml
new file mode 100644
index 0000000..3102b3e
--- /dev/null
+++ b/salt/control/placement/ovs/minimal.yml
@@ -0,0 +1,28 @@
+parameters:
+ _param:
+ infra_kvm01_hostname: kvm01
+ infra_kvm02_hostname: kvm02
+ infra_kvm03_hostname: kvm03
+ openstack_gateway_node01_hostname: gtw01
+ openstack_gateway_node02_hostname: gtw02
+ openstack_gateway_node03_hostname: gtw03
+ salt:
+ control:
+ cluster:
+ internal:
+ node:
+ gtw01:
+ name: ${_param:openstack_gateway_node01_hostname}
+ image: ${_param:salt_control_xenial_image}
+ provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
+ size: openstack.gateway
+ gtw02:
+ name: ${_param:openstack_gateway_node02_hostname}
+ image: ${_param:salt_control_xenial_image}
+ provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
+ size: openstack.gateway
+ gtw03:
+ name: ${_param:openstack_gateway_node03_hostname}
+ image: ${_param:salt_control_xenial_image}
+ provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
+ size: openstack.gateway
\ No newline at end of file
diff --git a/salt/control/placement/ovs/small.yml b/salt/control/placement/ovs/small.yml
new file mode 100644
index 0000000..3102b3e
--- /dev/null
+++ b/salt/control/placement/ovs/small.yml
@@ -0,0 +1,28 @@
+parameters:
+ _param:
+ infra_kvm01_hostname: kvm01
+ infra_kvm02_hostname: kvm02
+ infra_kvm03_hostname: kvm03
+ openstack_gateway_node01_hostname: gtw01
+ openstack_gateway_node02_hostname: gtw02
+ openstack_gateway_node03_hostname: gtw03
+ salt:
+ control:
+ cluster:
+ internal:
+ node:
+ gtw01:
+ name: ${_param:openstack_gateway_node01_hostname}
+ image: ${_param:salt_control_xenial_image}
+ provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
+ size: openstack.gateway
+ gtw02:
+ name: ${_param:openstack_gateway_node02_hostname}
+ image: ${_param:salt_control_xenial_image}
+ provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
+ size: openstack.gateway
+ gtw03:
+ name: ${_param:openstack_gateway_node03_hostname}
+ image: ${_param:salt_control_xenial_image}
+ provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
+ size: openstack.gateway
\ No newline at end of file
diff --git a/salt/control/sizes/cicd/compact.yml b/salt/control/sizes/cicd/compact.yml
index 65ad7b7..78cb384 100644
--- a/salt/control/sizes/cicd/compact.yml
+++ b/salt/control/sizes/cicd/compact.yml
@@ -3,4 +3,12 @@
salt_control_size_cpu_cicd_control: 8
salt_control_size_ram_cicd_control: 12288
salt_control_size_disk_profile_cicd_control: large
- salt_control_size_net_profile_cicd_control: default
\ No newline at end of file
+ salt_control_size_net_profile_cicd_control: default
+ salt:
+ control:
+ size:
+ cicd.control:
+ cpu: ${_param:salt_control_size_cpu_cicd_control}
+ ram: ${_param:salt_control_size_ram_cicd_control}
+ disk_profile: ${_param:salt_control_size_disk_profile_cicd_control}
+ net_profile: ${_param:salt_control_size_net_profile_cicd_control}
\ No newline at end of file
diff --git a/salt/control/sizes/cicd/large.yml b/salt/control/sizes/cicd/large.yml
index deb3722..3250dc0 100644
--- a/salt/control/sizes/cicd/large.yml
+++ b/salt/control/sizes/cicd/large.yml
@@ -3,4 +3,12 @@
salt_control_size_cpu_cicd_control: 8
salt_control_size_ram_cicd_control: 32768
salt_control_size_disk_profile_cicd_control: xxxlarge
- salt_control_size_net_profile_cicd_control: default
\ No newline at end of file
+ salt_control_size_net_profile_cicd_control: default
+ salt:
+ control:
+ size:
+ cicd.control:
+ cpu: ${_param:salt_control_size_cpu_cicd_control}
+ ram: ${_param:salt_control_size_ram_cicd_control}
+ disk_profile: ${_param:salt_control_size_disk_profile_cicd_control}
+ net_profile: ${_param:salt_control_size_net_profile_cicd_control}
\ No newline at end of file
diff --git a/salt/control/sizes/cicd/medium.yml b/salt/control/sizes/cicd/medium.yml
index 2ef4866..8735537 100644
--- a/salt/control/sizes/cicd/medium.yml
+++ b/salt/control/sizes/cicd/medium.yml
@@ -3,4 +3,12 @@
salt_control_size_cpu_cicd_control: 8
salt_control_size_ram_cicd_control: 32768
salt_control_size_disk_profile_cicd_control: xxlarge
- salt_control_size_net_profile_cicd_control: default
\ No newline at end of file
+ salt_control_size_net_profile_cicd_control: default
+ salt:
+ control:
+ size:
+ cicd.control:
+ cpu: ${_param:salt_control_size_cpu_cicd_control}
+ ram: ${_param:salt_control_size_ram_cicd_control}
+ disk_profile: ${_param:salt_control_size_disk_profile_cicd_control}
+ net_profile: ${_param:salt_control_size_net_profile_cicd_control}
\ No newline at end of file
diff --git a/salt/control/sizes/cicd/minimal.yml b/salt/control/sizes/cicd/minimal.yml
index 876578b..6e61013 100644
--- a/salt/control/sizes/cicd/minimal.yml
+++ b/salt/control/sizes/cicd/minimal.yml
@@ -3,4 +3,12 @@
salt_control_size_cpu_cicd_control: 8
salt_control_size_ram_cicd_control: 8192
salt_control_size_disk_profile_cicd_control: small
- salt_control_size_net_profile_cicd_control: default
\ No newline at end of file
+ salt_control_size_net_profile_cicd_control: default
+ salt:
+ control:
+ size:
+ cicd.control:
+ cpu: ${_param:salt_control_size_cpu_cicd_control}
+ ram: ${_param:salt_control_size_ram_cicd_control}
+ disk_profile: ${_param:salt_control_size_disk_profile_cicd_control}
+ net_profile: ${_param:salt_control_size_net_profile_cicd_control}
\ No newline at end of file
diff --git a/salt/control/sizes/cicd/small.yml b/salt/control/sizes/cicd/small.yml
index 2ef4866..8735537 100644
--- a/salt/control/sizes/cicd/small.yml
+++ b/salt/control/sizes/cicd/small.yml
@@ -3,4 +3,12 @@
salt_control_size_cpu_cicd_control: 8
salt_control_size_ram_cicd_control: 32768
salt_control_size_disk_profile_cicd_control: xxlarge
- salt_control_size_net_profile_cicd_control: default
\ No newline at end of file
+ salt_control_size_net_profile_cicd_control: default
+ salt:
+ control:
+ size:
+ cicd.control:
+ cpu: ${_param:salt_control_size_cpu_cicd_control}
+ ram: ${_param:salt_control_size_ram_cicd_control}
+ disk_profile: ${_param:salt_control_size_disk_profile_cicd_control}
+ net_profile: ${_param:salt_control_size_net_profile_cicd_control}
\ No newline at end of file
diff --git a/salt/control/sizes/opencontrail/compact.yml b/salt/control/sizes/opencontrail/compact.yml
index 5e70d89..e650d86 100644
--- a/salt/control/sizes/opencontrail/compact.yml
+++ b/salt/control/sizes/opencontrail/compact.yml
@@ -7,4 +7,17 @@
salt_control_size_cpu_opencontrail_analytics: 8
salt_control_size_ram_opencontrail_analytics: 32768
salt_control_size_disk_profile_opencontrail_analytics: large
- salt_control_size_net_profile_opencontrail_analytics: default
\ No newline at end of file
+ salt_control_size_net_profile_opencontrail_analytics: default
+ salt:
+ control:
+ size:
+ opencontrail.control:
+ cpu: ${_param:salt_control_size_cpu_opencontrail_control}
+ ram: ${_param:salt_control_size_ram_opencontrail_control}
+ disk_profile: ${_param:salt_control_size_disk_profile_opencontrail_control}
+ net_profile: ${_param:salt_control_size_net_profile_opencontrail_control}
+ opencontrail.analytics:
+ cpu: ${_param:salt_control_size_cpu_opencontrail_analytics}
+ ram: ${_param:salt_control_size_ram_opencontrail_analytics}
+ disk_profile: ${_param:salt_control_size_disk_profile_opencontrail_analytics}
+ net_profile: ${_param:salt_control_size_net_profile_opencontrail_analytics}
\ No newline at end of file
diff --git a/salt/control/sizes/opencontrail/large.yml b/salt/control/sizes/opencontrail/large.yml
index 3af75d7..0b0ed56 100644
--- a/salt/control/sizes/opencontrail/large.yml
+++ b/salt/control/sizes/opencontrail/large.yml
@@ -7,4 +7,17 @@
salt_control_size_cpu_opencontrail_analytics: 24
salt_control_size_ram_opencontrail_analytics: 131072
salt_control_size_disk_profile_opencontrail_analytics: xxhuge
- salt_control_size_net_profile_opencontrail_analytics: default
\ No newline at end of file
+ salt_control_size_net_profile_opencontrail_analytics: default
+ salt:
+ control:
+ size:
+ opencontrail.control:
+ cpu: ${_param:salt_control_size_cpu_opencontrail_control}
+ ram: ${_param:salt_control_size_ram_opencontrail_control}
+ disk_profile: ${_param:salt_control_size_disk_profile_opencontrail_control}
+ net_profile: ${_param:salt_control_size_net_profile_opencontrail_control}
+ opencontrail.analytics:
+ cpu: ${_param:salt_control_size_cpu_opencontrail_analytics}
+ ram: ${_param:salt_control_size_ram_opencontrail_analytics}
+ disk_profile: ${_param:salt_control_size_disk_profile_opencontrail_analytics}
+ net_profile: ${_param:salt_control_size_net_profile_opencontrail_analytics}
\ No newline at end of file
diff --git a/salt/control/sizes/opencontrail/medium.yml b/salt/control/sizes/opencontrail/medium.yml
index 410092c..48f62c3 100644
--- a/salt/control/sizes/opencontrail/medium.yml
+++ b/salt/control/sizes/opencontrail/medium.yml
@@ -7,4 +7,17 @@
salt_control_size_cpu_opencontrail_analytics: 16
salt_control_size_ram_opencontrail_analytics: 98304
salt_control_size_disk_profile_opencontrail_analytics: xhuge
- salt_control_size_net_profile_opencontrail_analytics: default
\ No newline at end of file
+ salt_control_size_net_profile_opencontrail_analytics: default
+ salt:
+ control:
+ size:
+ opencontrail.control:
+ cpu: ${_param:salt_control_size_cpu_opencontrail_control}
+ ram: ${_param:salt_control_size_ram_opencontrail_control}
+ disk_profile: ${_param:salt_control_size_disk_profile_opencontrail_control}
+ net_profile: ${_param:salt_control_size_net_profile_opencontrail_control}
+ opencontrail.analytics:
+ cpu: ${_param:salt_control_size_cpu_opencontrail_analytics}
+ ram: ${_param:salt_control_size_ram_opencontrail_analytics}
+ disk_profile: ${_param:salt_control_size_disk_profile_opencontrail_analytics}
+ net_profile: ${_param:salt_control_size_net_profile_opencontrail_analytics}
\ No newline at end of file
diff --git a/salt/control/sizes/opencontrail/minimal.yml b/salt/control/sizes/opencontrail/minimal.yml
index ad80ca9..b6f893f 100644
--- a/salt/control/sizes/opencontrail/minimal.yml
+++ b/salt/control/sizes/opencontrail/minimal.yml
@@ -7,4 +7,17 @@
salt_control_size_cpu_opencontrail_analytics: 12
salt_control_size_ram_opencontrail_analytics: 8192
salt_control_size_disk_profile_opencontrail_analytics: medium
- salt_control_size_net_profile_opencontrail_analytics: default
\ No newline at end of file
+ salt_control_size_net_profile_opencontrail_analytics: default
+ salt:
+ control:
+ size:
+ opencontrail.control:
+ cpu: ${_param:salt_control_size_cpu_opencontrail_control}
+ ram: ${_param:salt_control_size_ram_opencontrail_control}
+ disk_profile: ${_param:salt_control_size_disk_profile_opencontrail_control}
+ net_profile: ${_param:salt_control_size_net_profile_opencontrail_control}
+ opencontrail.analytics:
+ cpu: ${_param:salt_control_size_cpu_opencontrail_analytics}
+ ram: ${_param:salt_control_size_ram_opencontrail_analytics}
+ disk_profile: ${_param:salt_control_size_disk_profile_opencontrail_analytics}
+ net_profile: ${_param:salt_control_size_net_profile_opencontrail_analytics}
\ No newline at end of file
diff --git a/salt/control/sizes/opencontrail/small.yml b/salt/control/sizes/opencontrail/small.yml
index 5e70d89..e650d86 100644
--- a/salt/control/sizes/opencontrail/small.yml
+++ b/salt/control/sizes/opencontrail/small.yml
@@ -7,4 +7,17 @@
salt_control_size_cpu_opencontrail_analytics: 8
salt_control_size_ram_opencontrail_analytics: 32768
salt_control_size_disk_profile_opencontrail_analytics: large
- salt_control_size_net_profile_opencontrail_analytics: default
\ No newline at end of file
+ salt_control_size_net_profile_opencontrail_analytics: default
+ salt:
+ control:
+ size:
+ opencontrail.control:
+ cpu: ${_param:salt_control_size_cpu_opencontrail_control}
+ ram: ${_param:salt_control_size_ram_opencontrail_control}
+ disk_profile: ${_param:salt_control_size_disk_profile_opencontrail_control}
+ net_profile: ${_param:salt_control_size_net_profile_opencontrail_control}
+ opencontrail.analytics:
+ cpu: ${_param:salt_control_size_cpu_opencontrail_analytics}
+ ram: ${_param:salt_control_size_ram_opencontrail_analytics}
+ disk_profile: ${_param:salt_control_size_disk_profile_opencontrail_analytics}
+ net_profile: ${_param:salt_control_size_net_profile_opencontrail_analytics}
\ No newline at end of file
diff --git a/salt/control/sizes/openstack/compact.yml b/salt/control/sizes/openstack/compact.yml
index 16e5dba..d326a9b 100644
--- a/salt/control/sizes/openstack/compact.yml
+++ b/salt/control/sizes/openstack/compact.yml
@@ -19,4 +19,32 @@
salt_control_size_cpu_openstack_upgrade: 8
salt_control_size_ram_openstack_upgrade: 16384
salt_control_size_disk_profile_openstack_upgrade: medium
- salt_control_size_net_profile_openstack_upgrade: default
\ No newline at end of file
+ salt_control_size_net_profile_openstack_upgrade: default
+ salt:
+ control:
+ size:
+ openstack.control:
+ cpu: ${_param:salt_control_size_cpu_openstack_control}
+ ram: ${_param:salt_control_size_ram_openstack_control}
+ disk_profile: ${_param:salt_control_size_disk_profile_openstack_control}
+ net_profile: ${_param:salt_control_size_net_profile_openstack_control}
+ openstack.database:
+ cpu: ${_param:salt_control_size_cpu_openstack_database}
+ ram: ${_param:salt_control_size_ram_openstack_database}
+ disk_profile: ${_param:salt_control_size_disk_profile_openstack_database}
+ net_profile: ${_param:salt_control_size_net_profile_openstack_database}
+ openstack.message_queue:
+ cpu: ${_param:salt_control_size_cpu_openstack_message_queue}
+ ram: ${_param:salt_control_size_ram_openstack_message_queue}
+ disk_profile: ${_param:salt_control_size_disk_profile_openstack_message_queue}
+ net_profile: ${_param:salt_control_size_net_profile_openstack_message_queue}
+ openstack.proxy:
+ cpu: ${_param:salt_control_size_cpu_openstack_proxy}
+ ram: ${_param:salt_control_size_ram_openstack_proxy}
+ disk_profile: ${_param:salt_control_size_disk_profile_openstack_proxy}
+ net_profile: ${_param:salt_control_size_net_profile_openstack_proxy}
+ openstack.upgrade:
+ cpu: ${_param:salt_control_size_cpu_openstack_upgrade}
+ ram: ${_param:salt_control_size_ram_openstack_upgrade}
+ disk_profile: ${_param:salt_control_size_disk_profile_openstack_upgrade}
+ net_profile: ${_param:salt_control_size_net_profile_openstack_upgrade}
\ No newline at end of file
diff --git a/salt/control/sizes/openstack/large.yml b/salt/control/sizes/openstack/large.yml
index 04aa0c4..db27874 100644
--- a/salt/control/sizes/openstack/large.yml
+++ b/salt/control/sizes/openstack/large.yml
@@ -19,4 +19,32 @@
salt_control_size_cpu_openstack_upgrade: 8
salt_control_size_ram_openstack_upgrade: 16384
salt_control_size_disk_profile_openstack_upgrade: medium
- salt_control_size_net_profile_openstack_upgrade: default
\ No newline at end of file
+ salt_control_size_net_profile_openstack_upgrade: default
+ salt:
+ control:
+ size:
+ openstack.control:
+ cpu: ${_param:salt_control_size_cpu_openstack_control}
+ ram: ${_param:salt_control_size_ram_openstack_control}
+ disk_profile: ${_param:salt_control_size_disk_profile_openstack_control}
+ net_profile: ${_param:salt_control_size_net_profile_openstack_control}
+ openstack.database:
+ cpu: ${_param:salt_control_size_cpu_openstack_database}
+ ram: ${_param:salt_control_size_ram_openstack_database}
+ disk_profile: ${_param:salt_control_size_disk_profile_openstack_database}
+ net_profile: ${_param:salt_control_size_net_profile_openstack_database}
+ openstack.message_queue:
+ cpu: ${_param:salt_control_size_cpu_openstack_message_queue}
+ ram: ${_param:salt_control_size_ram_openstack_message_queue}
+ disk_profile: ${_param:salt_control_size_disk_profile_openstack_message_queue}
+ net_profile: ${_param:salt_control_size_net_profile_openstack_message_queue}
+ openstack.proxy:
+ cpu: ${_param:salt_control_size_cpu_openstack_proxy}
+ ram: ${_param:salt_control_size_ram_openstack_proxy}
+ disk_profile: ${_param:salt_control_size_disk_profile_openstack_proxy}
+ net_profile: ${_param:salt_control_size_net_profile_openstack_proxy}
+ openstack.upgrade:
+ cpu: ${_param:salt_control_size_cpu_openstack_upgrade}
+ ram: ${_param:salt_control_size_ram_openstack_upgrade}
+ disk_profile: ${_param:salt_control_size_disk_profile_openstack_upgrade}
+ net_profile: ${_param:salt_control_size_net_profile_openstack_upgrade}
\ No newline at end of file
diff --git a/salt/control/sizes/openstack/medium.yml b/salt/control/sizes/openstack/medium.yml
index 7fa5d24..e436ca6 100644
--- a/salt/control/sizes/openstack/medium.yml
+++ b/salt/control/sizes/openstack/medium.yml
@@ -19,4 +19,32 @@
salt_control_size_cpu_openstack_upgrade: 8
salt_control_size_ram_openstack_upgrade: 16384
salt_control_size_disk_profile_openstack_upgrade: medium
- salt_control_size_net_profile_openstack_upgrade: default
\ No newline at end of file
+ salt_control_size_net_profile_openstack_upgrade: default
+ salt:
+ control:
+ size:
+ openstack.control:
+ cpu: ${_param:salt_control_size_cpu_openstack_control}
+ ram: ${_param:salt_control_size_ram_openstack_control}
+ disk_profile: ${_param:salt_control_size_disk_profile_openstack_control}
+ net_profile: ${_param:salt_control_size_net_profile_openstack_control}
+ openstack.database:
+ cpu: ${_param:salt_control_size_cpu_openstack_database}
+ ram: ${_param:salt_control_size_ram_openstack_database}
+ disk_profile: ${_param:salt_control_size_disk_profile_openstack_database}
+ net_profile: ${_param:salt_control_size_net_profile_openstack_database}
+ openstack.message_queue:
+ cpu: ${_param:salt_control_size_cpu_openstack_message_queue}
+ ram: ${_param:salt_control_size_ram_openstack_message_queue}
+ disk_profile: ${_param:salt_control_size_disk_profile_openstack_message_queue}
+ net_profile: ${_param:salt_control_size_net_profile_openstack_message_queue}
+ openstack.proxy:
+ cpu: ${_param:salt_control_size_cpu_openstack_proxy}
+ ram: ${_param:salt_control_size_ram_openstack_proxy}
+ disk_profile: ${_param:salt_control_size_disk_profile_openstack_proxy}
+ net_profile: ${_param:salt_control_size_net_profile_openstack_proxy}
+ openstack.upgrade:
+ cpu: ${_param:salt_control_size_cpu_openstack_upgrade}
+ ram: ${_param:salt_control_size_ram_openstack_upgrade}
+ disk_profile: ${_param:salt_control_size_disk_profile_openstack_upgrade}
+ net_profile: ${_param:salt_control_size_net_profile_openstack_upgrade}
\ No newline at end of file
diff --git a/salt/control/sizes/openstack/minimal.yml b/salt/control/sizes/openstack/minimal.yml
index bee7c71..9e41e75 100644
--- a/salt/control/sizes/openstack/minimal.yml
+++ b/salt/control/sizes/openstack/minimal.yml
@@ -19,4 +19,32 @@
salt_control_size_cpu_openstack_upgrade: 8
salt_control_size_ram_openstack_upgrade: 16384
salt_control_size_disk_profile_openstack_upgrade: medium
- salt_control_size_net_profile_openstack_upgrade: default
\ No newline at end of file
+ salt_control_size_net_profile_openstack_upgrade: default
+ salt:
+ control:
+ size:
+ openstack.control:
+ cpu: ${_param:salt_control_size_cpu_openstack_control}
+ ram: ${_param:salt_control_size_ram_openstack_control}
+ disk_profile: ${_param:salt_control_size_disk_profile_openstack_control}
+ net_profile: ${_param:salt_control_size_net_profile_openstack_control}
+ openstack.database:
+ cpu: ${_param:salt_control_size_cpu_openstack_database}
+ ram: ${_param:salt_control_size_ram_openstack_database}
+ disk_profile: ${_param:salt_control_size_disk_profile_openstack_database}
+ net_profile: ${_param:salt_control_size_net_profile_openstack_database}
+ openstack.message_queue:
+ cpu: ${_param:salt_control_size_cpu_openstack_message_queue}
+ ram: ${_param:salt_control_size_ram_openstack_message_queue}
+ disk_profile: ${_param:salt_control_size_disk_profile_openstack_message_queue}
+ net_profile: ${_param:salt_control_size_net_profile_openstack_message_queue}
+ openstack.proxy:
+ cpu: ${_param:salt_control_size_cpu_openstack_proxy}
+ ram: ${_param:salt_control_size_ram_openstack_proxy}
+ disk_profile: ${_param:salt_control_size_disk_profile_openstack_proxy}
+ net_profile: ${_param:salt_control_size_net_profile_openstack_proxy}
+ openstack.upgrade:
+ cpu: ${_param:salt_control_size_cpu_openstack_upgrade}
+ ram: ${_param:salt_control_size_ram_openstack_upgrade}
+ disk_profile: ${_param:salt_control_size_disk_profile_openstack_upgrade}
+ net_profile: ${_param:salt_control_size_net_profile_openstack_upgrade}
\ No newline at end of file
diff --git a/salt/control/sizes/openstack/small.yml b/salt/control/sizes/openstack/small.yml
index 9f820d6..3e8aeb6 100644
--- a/salt/control/sizes/openstack/small.yml
+++ b/salt/control/sizes/openstack/small.yml
@@ -19,4 +19,32 @@
salt_control_size_cpu_openstack_upgrade: 8
salt_control_size_ram_openstack_upgrade: 16384
salt_control_size_disk_profile_openstack_upgrade: medium
- salt_control_size_net_profile_openstack_upgrade: default
\ No newline at end of file
+ salt_control_size_net_profile_openstack_upgrade: default
+ salt:
+ control:
+ size:
+ openstack.control:
+ cpu: ${_param:salt_control_size_cpu_openstack_control}
+ ram: ${_param:salt_control_size_ram_openstack_control}
+ disk_profile: ${_param:salt_control_size_disk_profile_openstack_control}
+ net_profile: ${_param:salt_control_size_net_profile_openstack_control}
+ openstack.database:
+ cpu: ${_param:salt_control_size_cpu_openstack_database}
+ ram: ${_param:salt_control_size_ram_openstack_database}
+ disk_profile: ${_param:salt_control_size_disk_profile_openstack_database}
+ net_profile: ${_param:salt_control_size_net_profile_openstack_database}
+ openstack.message_queue:
+ cpu: ${_param:salt_control_size_cpu_openstack_message_queue}
+ ram: ${_param:salt_control_size_ram_openstack_message_queue}
+ disk_profile: ${_param:salt_control_size_disk_profile_openstack_message_queue}
+ net_profile: ${_param:salt_control_size_net_profile_openstack_message_queue}
+ openstack.proxy:
+ cpu: ${_param:salt_control_size_cpu_openstack_proxy}
+ ram: ${_param:salt_control_size_ram_openstack_proxy}
+ disk_profile: ${_param:salt_control_size_disk_profile_openstack_proxy}
+ net_profile: ${_param:salt_control_size_net_profile_openstack_proxy}
+ openstack.upgrade:
+ cpu: ${_param:salt_control_size_cpu_openstack_upgrade}
+ ram: ${_param:salt_control_size_ram_openstack_upgrade}
+ disk_profile: ${_param:salt_control_size_disk_profile_openstack_upgrade}
+ net_profile: ${_param:salt_control_size_net_profile_openstack_upgrade}
\ No newline at end of file
diff --git a/salt/control/sizes/ovs/compact.yml b/salt/control/sizes/ovs/compact.yml
new file mode 100644
index 0000000..c5d69a0
--- /dev/null
+++ b/salt/control/sizes/ovs/compact.yml
@@ -0,0 +1,14 @@
+parameters:
+ _param:
+ salt_control_size_cpu_openstack_gateway: 4
+ salt_control_size_ram_openstack_gateway: 16384
+ salt_control_size_disk_profile_openstack_gateway: small
+ salt_control_size_net_profile_openstack_gateway: default
+ salt:
+ control:
+ size:
+ openstack.gateway:
+ cpu: ${_param:salt_control_size_cpu_openstack_gateway}
+ ram: ${_param:salt_control_size_ram_openstack_gateway}
+ disk_profile: ${_param:salt_control_size_disk_profile_openstack_gateway}
+ net_profile: ${_param:salt_control_size_net_profile_openstack_gateway}
\ No newline at end of file
diff --git a/salt/control/sizes/ovs/minimal.yml b/salt/control/sizes/ovs/minimal.yml
new file mode 100644
index 0000000..c5d69a0
--- /dev/null
+++ b/salt/control/sizes/ovs/minimal.yml
@@ -0,0 +1,14 @@
+parameters:
+ _param:
+ salt_control_size_cpu_openstack_gateway: 4
+ salt_control_size_ram_openstack_gateway: 16384
+ salt_control_size_disk_profile_openstack_gateway: small
+ salt_control_size_net_profile_openstack_gateway: default
+ salt:
+ control:
+ size:
+ openstack.gateway:
+ cpu: ${_param:salt_control_size_cpu_openstack_gateway}
+ ram: ${_param:salt_control_size_ram_openstack_gateway}
+ disk_profile: ${_param:salt_control_size_disk_profile_openstack_gateway}
+ net_profile: ${_param:salt_control_size_net_profile_openstack_gateway}
\ No newline at end of file
diff --git a/salt/control/sizes/ovs/small.yml b/salt/control/sizes/ovs/small.yml
new file mode 100644
index 0000000..c5d69a0
--- /dev/null
+++ b/salt/control/sizes/ovs/small.yml
@@ -0,0 +1,14 @@
+parameters:
+ _param:
+ salt_control_size_cpu_openstack_gateway: 4
+ salt_control_size_ram_openstack_gateway: 16384
+ salt_control_size_disk_profile_openstack_gateway: small
+ salt_control_size_net_profile_openstack_gateway: default
+ salt:
+ control:
+ size:
+ openstack.gateway:
+ cpu: ${_param:salt_control_size_cpu_openstack_gateway}
+ ram: ${_param:salt_control_size_ram_openstack_gateway}
+ disk_profile: ${_param:salt_control_size_disk_profile_openstack_gateway}
+ net_profile: ${_param:salt_control_size_net_profile_openstack_gateway}
\ No newline at end of file
diff --git a/salt/control/sizes/stacklight/compact.yml b/salt/control/sizes/stacklight/compact.yml
index 8d67466..d4533d7 100644
--- a/salt/control/sizes/stacklight/compact.yml
+++ b/salt/control/sizes/stacklight/compact.yml
@@ -11,4 +11,22 @@
salt_control_size_cpu_stacklight_telemetry: 4
salt_control_size_ram_stacklight_telemetry: 8192
salt_control_size_disk_profile_stacklight_telemetry: xxlarge
- salt_control_size_net_profile_stacklight_telemetry: default
\ No newline at end of file
+ salt_control_size_net_profile_stacklight_telemetry: default
+ salt:
+ control:
+ size:
+ stacklight.log:
+ cpu: ${_param:salt_control_size_cpu_stacklight_log}
+ ram: ${_param:salt_control_size_ram_stacklight_log}
+ disk_profile: ${_param:salt_control_size_disk_profile_stacklight_log}
+ net_profile: ${_param:salt_control_size_net_profile_stacklight_log}
+ stacklight.server:
+ cpu: ${_param:salt_control_size_cpu_stacklight_server}
+ ram: ${_param:salt_control_size_ram_stacklight_server}
+ disk_profile: ${_param:salt_control_size_disk_profile_stacklight_server}
+ net_profile: ${_param:salt_control_size_net_profile_stacklight_server}
+ stacklight.telemetry:
+ cpu: ${_param:salt_control_size_cpu_stacklight_telemetry}
+ ram: ${_param:salt_control_size_ram_stacklight_telemetry}
+ disk_profile: ${_param:salt_control_size_disk_profile_stacklight_telemetry}
+ net_profile: ${_param:salt_control_size_net_profile_stacklight_telemetry}
\ No newline at end of file
diff --git a/salt/control/sizes/stacklight/large.yml b/salt/control/sizes/stacklight/large.yml
index 6e2463f..fc225fb 100644
--- a/salt/control/sizes/stacklight/large.yml
+++ b/salt/control/sizes/stacklight/large.yml
@@ -11,4 +11,22 @@
salt_control_size_cpu_stacklight_telemetry: 16
salt_control_size_ram_stacklight_telemetry: 200704
salt_control_size_disk_profile_stacklight_telemetry: xxhuge
- salt_control_size_net_profile_stacklight_telemetry: default
\ No newline at end of file
+ salt_control_size_net_profile_stacklight_telemetry: default
+ salt:
+ control:
+ size:
+ stacklight.log:
+ cpu: ${_param:salt_control_size_cpu_stacklight_log}
+ ram: ${_param:salt_control_size_ram_stacklight_log}
+ disk_profile: ${_param:salt_control_size_disk_profile_stacklight_log}
+ net_profile: ${_param:salt_control_size_net_profile_stacklight_log}
+ stacklight.server:
+ cpu: ${_param:salt_control_size_cpu_stacklight_server}
+ ram: ${_param:salt_control_size_ram_stacklight_server}
+ disk_profile: ${_param:salt_control_size_disk_profile_stacklight_server}
+ net_profile: ${_param:salt_control_size_net_profile_stacklight_server}
+ stacklight.telemetry:
+ cpu: ${_param:salt_control_size_cpu_stacklight_telemetry}
+ ram: ${_param:salt_control_size_ram_stacklight_telemetry}
+ disk_profile: ${_param:salt_control_size_disk_profile_stacklight_telemetry}
+ net_profile: ${_param:salt_control_size_net_profile_stacklight_telemetry}
\ No newline at end of file
diff --git a/salt/control/sizes/stacklight/medium.yml b/salt/control/sizes/stacklight/medium.yml
index 6207f48..f41ffd2 100644
--- a/salt/control/sizes/stacklight/medium.yml
+++ b/salt/control/sizes/stacklight/medium.yml
@@ -11,4 +11,22 @@
salt_control_size_cpu_stacklight_telemetry: 12
salt_control_size_ram_stacklight_telemetry: 98304
salt_control_size_disk_profile_stacklight_telemetry: xhuge
- salt_control_size_net_profile_stacklight_telemetry: default
\ No newline at end of file
+ salt_control_size_net_profile_stacklight_telemetry: default
+ salt:
+ control:
+ size:
+ stacklight.log:
+ cpu: ${_param:salt_control_size_cpu_stacklight_log}
+ ram: ${_param:salt_control_size_ram_stacklight_log}
+ disk_profile: ${_param:salt_control_size_disk_profile_stacklight_log}
+ net_profile: ${_param:salt_control_size_net_profile_stacklight_log}
+ stacklight.server:
+ cpu: ${_param:salt_control_size_cpu_stacklight_server}
+ ram: ${_param:salt_control_size_ram_stacklight_server}
+ disk_profile: ${_param:salt_control_size_disk_profile_stacklight_server}
+ net_profile: ${_param:salt_control_size_net_profile_stacklight_server}
+ stacklight.telemetry:
+ cpu: ${_param:salt_control_size_cpu_stacklight_telemetry}
+ ram: ${_param:salt_control_size_ram_stacklight_telemetry}
+ disk_profile: ${_param:salt_control_size_disk_profile_stacklight_telemetry}
+ net_profile: ${_param:salt_control_size_net_profile_stacklight_telemetry}
\ No newline at end of file
diff --git a/salt/control/sizes/stacklight/minimal.yml b/salt/control/sizes/stacklight/minimal.yml
index 8d5c935..5013907 100644
--- a/salt/control/sizes/stacklight/minimal.yml
+++ b/salt/control/sizes/stacklight/minimal.yml
@@ -11,4 +11,22 @@
salt_control_size_cpu_stacklight_telemetry: 4
salt_control_size_ram_stacklight_telemetry: 4096
salt_control_size_disk_profile_stacklight_telemetry: medium
- salt_control_size_net_profile_stacklight_telemetry: default
\ No newline at end of file
+ salt_control_size_net_profile_stacklight_telemetry: default
+ salt:
+ control:
+ size:
+ stacklight.log:
+ cpu: ${_param:salt_control_size_cpu_stacklight_log}
+ ram: ${_param:salt_control_size_ram_stacklight_log}
+ disk_profile: ${_param:salt_control_size_disk_profile_stacklight_log}
+ net_profile: ${_param:salt_control_size_net_profile_stacklight_log}
+ stacklight.server:
+ cpu: ${_param:salt_control_size_cpu_stacklight_server}
+ ram: ${_param:salt_control_size_ram_stacklight_server}
+ disk_profile: ${_param:salt_control_size_disk_profile_stacklight_server}
+ net_profile: ${_param:salt_control_size_net_profile_stacklight_server}
+ stacklight.telemetry:
+ cpu: ${_param:salt_control_size_cpu_stacklight_telemetry}
+ ram: ${_param:salt_control_size_ram_stacklight_telemetry}
+ disk_profile: ${_param:salt_control_size_disk_profile_stacklight_telemetry}
+ net_profile: ${_param:salt_control_size_net_profile_stacklight_telemetry}
\ No newline at end of file
diff --git a/salt/control/sizes/stacklight/small.yml b/salt/control/sizes/stacklight/small.yml
index 293e14d..204432a 100644
--- a/salt/control/sizes/stacklight/small.yml
+++ b/salt/control/sizes/stacklight/small.yml
@@ -11,4 +11,22 @@
salt_control_size_cpu_stacklight_telemetry: 12
salt_control_size_ram_stacklight_telemetry: 65536
salt_control_size_disk_profile_stacklight_telemetry: xxxlarge
- salt_control_size_net_profile_stacklight_telemetry: default
\ No newline at end of file
+ salt_control_size_net_profile_stacklight_telemetry: default
+ salt:
+ control:
+ size:
+ stacklight.log:
+ cpu: ${_param:salt_control_size_cpu_stacklight_log}
+ ram: ${_param:salt_control_size_ram_stacklight_log}
+ disk_profile: ${_param:salt_control_size_disk_profile_stacklight_log}
+ net_profile: ${_param:salt_control_size_net_profile_stacklight_log}
+ stacklight.server:
+ cpu: ${_param:salt_control_size_cpu_stacklight_server}
+ ram: ${_param:salt_control_size_ram_stacklight_server}
+ disk_profile: ${_param:salt_control_size_disk_profile_stacklight_server}
+ net_profile: ${_param:salt_control_size_net_profile_stacklight_server}
+ stacklight.telemetry:
+ cpu: ${_param:salt_control_size_cpu_stacklight_telemetry}
+ ram: ${_param:salt_control_size_ram_stacklight_telemetry}
+ disk_profile: ${_param:salt_control_size_disk_profile_stacklight_telemetry}
+ net_profile: ${_param:salt_control_size_net_profile_stacklight_telemetry}
\ No newline at end of file
diff --git a/salt/control/virt.yml b/salt/control/virt.yml
index 0bbb7fa..05bf23d 100644
--- a/salt/control/virt.yml
+++ b/salt/control/virt.yml
@@ -62,4 +62,4 @@
size: 4000000
xxxxhuge:
- system:
- size: 5000000
\ No newline at end of file
+ size: 5000000
diff --git a/salt/master/formula/pkg/openstack.yml b/salt/master/formula/pkg/openstack.yml
index 381ae1a..4717682 100644
--- a/salt/master/formula/pkg/openstack.yml
+++ b/salt/master/formula/pkg/openstack.yml
@@ -34,6 +34,9 @@
glusterfs:
source: pkg
name: salt-formula-glusterfs
+ gnocchi:
+ source: pkg
+ name: salt-formula-gnocchi
designate:
source: pkg
name: salt-formula-designate
@@ -82,6 +85,9 @@
opencontrail:
source: pkg
name: salt-formula-opencontrail
+ panko:
+ source: pkg
+ name: salt-formula-panko
python:
source: pkg
name: salt-formula-python
@@ -97,6 +103,3 @@
supervisor:
source: pkg
name: salt-formula-supervisor
- swift:
- source: pkg
- name: salt-formula-swift
diff --git a/salt/minion/ca/octavia_ca.yml b/salt/minion/ca/octavia_ca.yml
index 453c450..e6e0ae0 100644
--- a/salt/minion/ca/octavia_ca.yml
+++ b/salt/minion/ca/octavia_ca.yml
@@ -27,7 +27,5 @@
days_valid:
authority: ${_param:octavia_ca_days_valid_authority}
certificate: ${_param:octavia_ca_days_valid_certificate}
- ca_file: ${octavia:manager:certificates:ca_certificate}
- ca_key_file: ${octavia:manager:certificates:ca_private_key}
user: octavia
group: octavia
diff --git a/salt/minion/ca/qemu-vnc_ca.yml b/salt/minion/ca/qemu-vnc_ca.yml
index 53778f1..a4583ad 100644
--- a/salt/minion/ca/qemu-vnc_ca.yml
+++ b/salt/minion/ca/qemu-vnc_ca.yml
@@ -21,7 +21,7 @@
signing_policy:
cert_server:
type: v3_edge_cert_server
- minions: 'cmp*'
+ minions: '*'
cert_client:
type: v3_edge_cert_client
minions: 'ctl*'
diff --git a/salt/minion/cert/mysql/clients/openstack/cinder.yml b/salt/minion/cert/mysql/clients/openstack/cinder.yml
new file mode 100644
index 0000000..ec6a77a
--- /dev/null
+++ b/salt/minion/cert/mysql/clients/openstack/cinder.yml
@@ -0,0 +1,27 @@
+parameters:
+ _param:
+ salt_minion_ca_host: cfg01.${_param:cluster_domain}
+ salt_minion_ca_authority: salt_master_ca
+ mysql_cinder_client_ssl_key_file: /etc/pki/mysql-cinder-client/client-key.pem
+ mysql_cinder_client_ssl_cert_file: /etc/pki/mysql-cinder-client/client-cert.pem
+ mysql_cinder_ssl_ca_file: /etc/pki/mysql-cinder-client/ca-cert.pem
+ salt:
+ minion:
+ cert:
+ mysql-cinder-client:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: mysql-cinder-client
+ signing_policy: cert_client
+ alternative_names: >
+ IP:${_param:cluster_local_address},
+ DNS:${_param:cluster_local_address},
+ DNS:${linux:system:name},
+ DNS:${linux:network:fqdn}
+ key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+ key_file: ${_param:mysql_cinder_client_ssl_key_file}
+ cert_file: ${_param:mysql_cinder_client_ssl_cert_file}
+ ca_file: ${_param:mysql_cinder_ssl_ca_file}
+ user: cinder
+ group: cinder
+ mode: 640
\ No newline at end of file
diff --git a/salt/minion/cert/mysql/clients/openstack/nova.yml b/salt/minion/cert/mysql/clients/openstack/nova.yml
new file mode 100644
index 0000000..154a553
--- /dev/null
+++ b/salt/minion/cert/mysql/clients/openstack/nova.yml
@@ -0,0 +1,27 @@
+parameters:
+ _param:
+ salt_minion_ca_host: cfg01.${_param:cluster_domain}
+ salt_minion_ca_authority: salt_master_ca
+ mysql_nova_client_ssl_key_file: /etc/pki/mysql-nova-client/client-key.pem
+ mysql_nova_client_ssl_cert_file: /etc/pki/mysql-nova-client/client-cert.pem
+ mysql_nova_ssl_ca_file: /etc/pki/mysql-nova-client/ca-cert.pem
+ salt:
+ minion:
+ cert:
+ mysql-nova-client:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: mysql-nova-client
+ signing_policy: cert_client
+ alternative_names: >
+ IP:${_param:cluster_local_address},
+ DNS:${_param:cluster_local_address},
+ DNS:${linux:system:name},
+ DNS:${linux:network:fqdn}
+ key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+ key_file: ${_param:mysql_nova_client_ssl_key_file}
+ cert_file: ${_param:mysql_nova_client_ssl_cert_file}
+ ca_file: ${_param:mysql_nova_ssl_ca_file}
+ user: nova
+ group: nova
+ mode: 640
\ No newline at end of file
diff --git a/salt/minion/cert/vnc/novncproxy_client.yml b/salt/minion/cert/vnc/novncproxy_client.yml
index 7f695eb..9641611 100644
--- a/salt/minion/cert/vnc/novncproxy_client.yml
+++ b/salt/minion/cert/vnc/novncproxy_client.yml
@@ -5,11 +5,10 @@
novncproxy_client_ssl_key_file: /etc/pki/nova-novncproxy/client-key.pem
novncproxy_client_ssl_cert_file: /etc/pki/nova-novncproxy/client-cert.pem
novncproxy_ssl_ca_file: /etc/pki/nova-novncproxy/ca-cert.pem
- nova_websocketproxy_ssl_all_file: /var/lib/nova/self.pem
salt:
minion:
cert:
- libvirt_novnc_client:
+ novncproxy_novnc_client:
host: ${_param:salt_minion_ca_host}
authority: ${_param:qemu_vnc_ca_authority}
common_name: ${linux:system:name}.${_param:cluster_domain}
@@ -23,7 +22,6 @@
key_file: ${_param:novncproxy_client_ssl_key_file}
cert_file: ${_param:novncproxy_client_ssl_cert_file}
ca_file: ${_param:novncproxy_ssl_ca_file}
- all_file: ${_param:nova_websocketproxy_ssl_all_file}
user: nova
group: nova
mode: 640
diff --git a/salt/minion/cert/vnc/novncproxy_server.yml b/salt/minion/cert/vnc/novncproxy_server.yml
new file mode 100644
index 0000000..20c24e2
--- /dev/null
+++ b/salt/minion/cert/vnc/novncproxy_server.yml
@@ -0,0 +1,29 @@
+classes:
+- system.salt.minion.cert.vnc
+parameters:
+ _param:
+ novncproxy_server_ssl_key_file: /etc/pki/nova-novncproxy/server-key.pem
+ novncproxy_server_ssl_cert_file: /etc/pki/nova-novncproxy/server-cert.pem
+ novncproxy_ssl_ca_file: /etc/pki/nova-novncproxy/ca-cert.pem
+ salt:
+ minion:
+ cert:
+ novncproxy_novnc_server:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:qemu_vnc_ca_authority}
+ common_name: ${linux:system:name}.${_param:cluster_domain}
+ signing_policy: cert_server
+ alternative_names: >
+ IP:${_param:cluster_local_address},
+ IP:${_param:cluster_vip_address},
+ DNS:${_param:cluster_local_address},
+ DNS:${linux:system:name},
+ DNS:${_param:cluster_vip_address},
+ DNS:${linux:network:fqdn}
+ key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+ key_file: ${_param:novncproxy_server_ssl_key_file}
+ cert_file: ${_param:novncproxy_server_ssl_cert_file}
+ ca_file: ${_param:novncproxy_ssl_ca_file}
+ user: nova
+ group: nova
+ mode: 640
diff --git a/xtrabackup/server/single.yml b/xtrabackup/server/single.yml
index d1d54fd..f72a92a 100644
--- a/xtrabackup/server/single.yml
+++ b/xtrabackup/server/single.yml
@@ -1,2 +1,6 @@
classes:
- service.xtrabackup.server.single
+parameters:
+ _param:
+ xtrabackup_qpress_source: pkg
+ xtrabackup_qpress_source_name: qpress