Merge "Update keystone default softparams" into release/2019.2.0
diff --git a/defaults/openstack/init.yml b/defaults/openstack/init.yml
index b75f0c8..e4f686b 100644
--- a/defaults/openstack/init.yml
+++ b/defaults/openstack/init.yml
@@ -6,7 +6,13 @@
cluster_public_protocol: https
cluster_internal_protocol: http
openstack_service_hostname: os-ctl-vip
+ openstack_share_service_hostname: os-share-vip
+ openstack_kmn_service_hostname: os-kmn-vip
+ openstack_telemetry_service_hostname: os-telemetry-vip
openstack_service_host: ${_param:openstack_service_hostname}.${linux:system:domain}
+ openstack_share_service_host: ${_param:openstack_share_service_hostname}.${linux:system:domain}
+ openstack_kmn_service_host: ${_param:openstack_kmn_service_hostname}.${linux:system:domain}
+ openstack_telemetry_service_host: ${_param:openstack_telemetry_service_hostname}.${linux:system:domain}
# SSL
ceilometer_agent_ssl_enabled: False
openstack_mysql_x509_enabled: False
@@ -22,6 +28,12 @@
openstack_version: queens
openstack_old_version: ${_param:openstack_version}
openstack_upgrade_enabled: False
+ # Security compliance user options
+ openstack_service_user_options:
+ ignore_change_password_upon_first_use: True
+ ignore_password_expiry: True
+ ignore_lockout_failure_attempts: False
+ lock_password: False
# Cinder
cinder_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
cinder_memcache_secret_key: ''
diff --git a/docker/client/images/monitoring.yml b/docker/client/images/monitoring.yml
index 229152d..2189b52 100644
--- a/docker/client/images/monitoring.yml
+++ b/docker/client/images/monitoring.yml
@@ -7,6 +7,7 @@
- ${_param:docker_image_alertmanager}
- ${_param:docker_image_grafana}
- ${_param:docker_image_prometheus}
+ - ${_param:docker_image_prometheus_es_exporter}
- ${_param:docker_image_prometheus_gainsight}
- ${_param:docker_image_prometheus_gainsight_elasticsearch}
- ${_param:docker_image_prometheus_relay}
@@ -14,4 +15,4 @@
- ${_param:docker_image_remote_agent}
- ${_param:docker_image_remote_collector}
- ${_param:docker_image_remote_storage_adapter}
- - ${_param:docker_image_sf_notifier}
\ No newline at end of file
+ - ${_param:docker_image_sf_notifier}
diff --git a/docker/swarm/stack/monitoring/elasticsearch_exporter.yml b/docker/swarm/stack/monitoring/elasticsearch_exporter.yml
new file mode 100644
index 0000000..5cbc05e
--- /dev/null
+++ b/docker/swarm/stack/monitoring/elasticsearch_exporter.yml
@@ -0,0 +1,28 @@
+classes:
+- system.prometheus.elasticsearch_exporter.container
+parameters:
+ docker:
+ client:
+ stack:
+ monitoring:
+ network:
+ monitoring:
+ driver: overlay
+ driver_opts:
+ encrypted: 1
+ service:
+ elasticsearch_exporter:
+ command: --es-cluster ${_param:stacklight_log_address}:9200 --nodes-stats-disable --cluster-health-disable --indices-stats-disable
+ networks:
+ - monitoring
+ deploy:
+ replicas: 1
+ labels:
+ com.mirantis.monitoring: "elasticsearch_exporter"
+ restart_policy:
+ condition: any
+ labels:
+ com.mirantis.monitoring: "elasticsearch_exporter"
+ image: ${_param:docker_image_prometheus_es_exporter}
+ volumes:
+ - "${prometheus:elasticsearch_exporter:dir:config}/elasticsearch_exporter.cfg:/usr/src/app/exporter.cfg"
diff --git a/docker/swarm/stack/monitoring/init.yml b/docker/swarm/stack/monitoring/init.yml
index 134efdc..9fa4281 100644
--- a/docker/swarm/stack/monitoring/init.yml
+++ b/docker/swarm/stack/monitoring/init.yml
@@ -2,6 +2,7 @@
- system.docker.swarm.stack.monitoring.prometheus
- system.docker.swarm.stack.monitoring.prometheus.replicated
- system.docker.swarm.stack.monitoring.alertmanager
+- system.docker.swarm.stack.monitoring.elasticsearch_exporter
- system.docker.swarm.stack.monitoring.prometheus_relay
- system.docker.swarm.stack.monitoring.pushgateway
- system.docker.swarm.stack.monitoring.remote_agent
diff --git a/docker/swarm/stack/monitoring/prometheus_global.yml b/docker/swarm/stack/monitoring/prometheus_global.yml
index 6d8e4ba..925675a 100644
--- a/docker/swarm/stack/monitoring/prometheus_global.yml
+++ b/docker/swarm/stack/monitoring/prometheus_global.yml
@@ -2,6 +2,7 @@
- system.docker.swarm.stack.monitoring.prometheus
- system.docker.swarm.stack.monitoring.prometheus.global
- system.docker.swarm.stack.monitoring.alertmanager
+- system.docker.swarm.stack.monitoring.elasticsearch_exporter
- system.docker.swarm.stack.monitoring.prometheus_relay
- system.docker.swarm.stack.monitoring.pushgateway
- system.docker.swarm.stack.monitoring.remote_agent
diff --git a/heat/server/cluster.yml b/heat/server/cluster.yml
index 1edf790..be2f211 100644
--- a/heat/server/cluster.yml
+++ b/heat/server/cluster.yml
@@ -18,7 +18,6 @@
stack_domain_admin:
name: heat_domain_admin
password: ${_param:heat_domain_admin_password}
- domain: heat
enabled: true
region: ${_param:openstack_region}
version: ${_param:heat_version}
diff --git a/heat/server/single.yml b/heat/server/single.yml
index 24db595..4ce11fa 100644
--- a/heat/server/single.yml
+++ b/heat/server/single.yml
@@ -17,7 +17,6 @@
stack_domain_admin:
name: heat_domain_admin
password: ${_param:heat_domain_admin_password}
- domain: heat
metadata:
protocol: ${_param:cluster_public_protocol}
waitcondition:
diff --git a/jenkins/client/job/deploy/openstack.yml b/jenkins/client/job/deploy/openstack.yml
index d5ed556..d18ccae 100644
--- a/jenkins/client/job/deploy/openstack.yml
+++ b/jenkins/client/job/deploy/openstack.yml
@@ -44,6 +44,7 @@
deploy-openstack-compute:
type: workflow-scm
concurrent: true
+ description: "\n This pipeline is provided as technical preview. Do not use the pipeline in production environments as the result of the pipeline is unpredictable."
discard:
build:
keep_num: 50
diff --git a/keystone/client/core.yml b/keystone/client/core.yml
index 8c73b16..c965e6f 100644
--- a/keystone/client/core.yml
+++ b/keystone/client/core.yml
@@ -35,6 +35,7 @@
is_admin: true
password: ${_param:keystone_admin_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
admin_identity:
admin:
user: admin
diff --git a/keystone/client/image_manager.yml b/keystone/client/image_manager.yml
index becd512..3f7c773 100644
--- a/keystone/client/image_manager.yml
+++ b/keystone/client/image_manager.yml
@@ -21,5 +21,6 @@
is_admin: false
password: ${_param:keystone_image_manager_password}
email: ${_param:keystone_image_manager_email}
+ options: ${_param:openstack_service_user_options}
roles:
- image_manager
diff --git a/keystone/client/service/aodh.yml b/keystone/client/service/aodh.yml
index e7c8a0d..3d2dae0 100644
--- a/keystone/client/service/aodh.yml
+++ b/keystone/client/service/aodh.yml
@@ -15,6 +15,7 @@
is_admin: true
password: ${_param:keystone_aodh_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
aodh:
type: alarming
diff --git a/keystone/client/service/barbican.yml b/keystone/client/service/barbican.yml
index 8c975ba..1a65afd 100644
--- a/keystone/client/service/barbican.yml
+++ b/keystone/client/service/barbican.yml
@@ -16,6 +16,7 @@
barbican:
password: ${_param:keystone_barbican_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
- admin
- creator
diff --git a/keystone/client/service/billometer.yml b/keystone/client/service/billometer.yml
index 5aa1f2e..14c570e 100644
--- a/keystone/client/service/billometer.yml
+++ b/keystone/client/service/billometer.yml
@@ -14,6 +14,7 @@
is_admin: true
password: ${_param:keystone_billometer_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
billometer:
type: billing
diff --git a/keystone/client/service/ceilometer.yml b/keystone/client/service/ceilometer.yml
index e3bc485..131f3bb 100644
--- a/keystone/client/service/ceilometer.yml
+++ b/keystone/client/service/ceilometer.yml
@@ -16,6 +16,7 @@
is_admin: true
password: ${_param:keystone_ceilometer_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
ceilometer:
type: metering
diff --git a/keystone/client/service/cinder.yml b/keystone/client/service/cinder.yml
index cf27875..ec0b2ca 100644
--- a/keystone/client/service/cinder.yml
+++ b/keystone/client/service/cinder.yml
@@ -14,3 +14,4 @@
is_admin: true
password: ${_param:keystone_cinder_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
diff --git a/keystone/client/service/cinder2.yml b/keystone/client/service/cinder2.yml
index 997651a..fd8cbfc 100644
--- a/keystone/client/service/cinder2.yml
+++ b/keystone/client/service/cinder2.yml
@@ -14,6 +14,7 @@
is_admin: true
password: ${_param:keystone_cinder_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
cinderv2:
type: volumev2
diff --git a/keystone/client/service/cinder3.yml b/keystone/client/service/cinder3.yml
index 870c781..6280a7b 100644
--- a/keystone/client/service/cinder3.yml
+++ b/keystone/client/service/cinder3.yml
@@ -14,6 +14,7 @@
is_admin: true
password: ${_param:keystone_cinder_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
cinderv3:
type: volumev3
diff --git a/keystone/client/service/congress.yml b/keystone/client/service/congress.yml
index 1e1141b..e0a6754 100644
--- a/keystone/client/service/congress.yml
+++ b/keystone/client/service/congress.yml
@@ -14,6 +14,7 @@
is_admin: true
password: ${_param:keystone_congress_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
congress:
type: policy
diff --git a/keystone/client/service/contrail.yml b/keystone/client/service/contrail.yml
index ad2f6e2..6792156 100644
--- a/keystone/client/service/contrail.yml
+++ b/keystone/client/service/contrail.yml
@@ -14,6 +14,7 @@
is_admin: true
password: ${_param:opencontrail_admin_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
opencontrail:
type: contrail
diff --git a/keystone/client/service/designate.yml b/keystone/client/service/designate.yml
index 83bb7ef..80f3761 100644
--- a/keystone/client/service/designate.yml
+++ b/keystone/client/service/designate.yml
@@ -14,6 +14,7 @@
is_admin: true
password: ${_param:keystone_designate_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
designate:
type: dns
diff --git a/keystone/client/service/glance.yml b/keystone/client/service/glance.yml
index 8c6f39d..69b5d8b 100644
--- a/keystone/client/service/glance.yml
+++ b/keystone/client/service/glance.yml
@@ -14,6 +14,7 @@
is_admin: true
password: ${_param:keystone_glance_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
glance:
type: image
diff --git a/keystone/client/service/glare.yml b/keystone/client/service/glare.yml
index 24d827a..22d619f 100644
--- a/keystone/client/service/glare.yml
+++ b/keystone/client/service/glare.yml
@@ -12,6 +12,7 @@
is_admin: true
password: ${_param:keystone_glance_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
glare:
type: artifact
diff --git a/keystone/client/service/gnocchi.yml b/keystone/client/service/gnocchi.yml
index 0b46f36..2336a8c 100644
--- a/keystone/client/service/gnocchi.yml
+++ b/keystone/client/service/gnocchi.yml
@@ -17,6 +17,7 @@
is_admin: true
password: ${_param:keystone_gnocchi_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
gnocchi:
type: metric
diff --git a/keystone/client/service/heat.yml b/keystone/client/service/heat.yml
index e0bae14..9c17b06 100644
--- a/keystone/client/service/heat.yml
+++ b/keystone/client/service/heat.yml
@@ -17,6 +17,7 @@
is_admin: true
password: ${_param:keystone_heat_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
heat:
type: orchestration
diff --git a/keystone/client/service/ironic.yml b/keystone/client/service/ironic.yml
index 1466039..e350284 100644
--- a/keystone/client/service/ironic.yml
+++ b/keystone/client/service/ironic.yml
@@ -15,6 +15,7 @@
is_admin: true
password: ${_param:keystone_ironic_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
ironic:
type: baremetal
diff --git a/keystone/client/service/manila.yml b/keystone/client/service/manila.yml
index 358ed36..5cc66d2 100644
--- a/keystone/client/service/manila.yml
+++ b/keystone/client/service/manila.yml
@@ -14,6 +14,7 @@
is_admin: true
password: ${_param:keystone_manila_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
manila:
type: share
diff --git a/keystone/client/service/manila2.yml b/keystone/client/service/manila2.yml
index 38f2672..8cccc24 100644
--- a/keystone/client/service/manila2.yml
+++ b/keystone/client/service/manila2.yml
@@ -14,6 +14,7 @@
is_admin: true
password: ${_param:keystone_manila_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
manilav2:
type: sharev2
diff --git a/keystone/client/service/murano.yml b/keystone/client/service/murano.yml
index aa3cee3..1652ac2 100644
--- a/keystone/client/service/murano.yml
+++ b/keystone/client/service/murano.yml
@@ -12,6 +12,7 @@
is_admin: true
password: ${_param:keystone_murano_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
murano:
type: application-catalog
diff --git a/keystone/client/service/neutron.yml b/keystone/client/service/neutron.yml
index 33434c1..59e4b33 100644
--- a/keystone/client/service/neutron.yml
+++ b/keystone/client/service/neutron.yml
@@ -14,6 +14,7 @@
is_admin: true
password: ${_param:keystone_neutron_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
neutron:
type: network
diff --git a/keystone/client/service/nova.yml b/keystone/client/service/nova.yml
index 24a1dd5..22bbfc9 100644
--- a/keystone/client/service/nova.yml
+++ b/keystone/client/service/nova.yml
@@ -14,6 +14,7 @@
is_admin: true
password: ${_param:keystone_nova_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
nova:
type: compute
diff --git a/keystone/client/service/nova21.yml b/keystone/client/service/nova21.yml
index 2335f5a..27a0580 100644
--- a/keystone/client/service/nova21.yml
+++ b/keystone/client/service/nova21.yml
@@ -14,6 +14,7 @@
is_admin: true
password: ${_param:keystone_nova_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
nova20:
type: compute_legacy
diff --git a/keystone/client/service/octavia.yml b/keystone/client/service/octavia.yml
index a38d40e..c5ca83f 100644
--- a/keystone/client/service/octavia.yml
+++ b/keystone/client/service/octavia.yml
@@ -18,6 +18,7 @@
is_admin: true
password: ${_param:keystone_octavia_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
octavia:
type: load-balancer
diff --git a/keystone/client/service/panko.yml b/keystone/client/service/panko.yml
index 7ad4397..43897be 100644
--- a/keystone/client/service/panko.yml
+++ b/keystone/client/service/panko.yml
@@ -15,6 +15,7 @@
is_admin: true
password: ${_param:keystone_panko_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
panko:
type: event
diff --git a/keystone/client/service/radosgw-s3.yml b/keystone/client/service/radosgw-s3.yml
index b44d7eb..bcf596f 100644
--- a/keystone/client/service/radosgw-s3.yml
+++ b/keystone/client/service/radosgw-s3.yml
@@ -15,6 +15,7 @@
is_admin: true
password: ${_param:keystone_swift_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
radosgw-s3:
type: s3
diff --git a/keystone/client/service/radosgw-swift.yml b/keystone/client/service/radosgw-swift.yml
index 5dc4c3b..6a0f0e5 100644
--- a/keystone/client/service/radosgw-swift.yml
+++ b/keystone/client/service/radosgw-swift.yml
@@ -15,6 +15,7 @@
is_admin: true
password: ${_param:keystone_swift_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
radosgw-swift:
type: object-store
diff --git a/keystone/client/service/sahara.yml b/keystone/client/service/sahara.yml
index 526649a..8d88168 100644
--- a/keystone/client/service/sahara.yml
+++ b/keystone/client/service/sahara.yml
@@ -12,6 +12,7 @@
is_admin: true
password: ${_param:keystone_sahara_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
sahara:
type: data-processing
diff --git a/keystone/client/service/swift-s3.yml b/keystone/client/service/swift-s3.yml
index d36d279..36050a4 100644
--- a/keystone/client/service/swift-s3.yml
+++ b/keystone/client/service/swift-s3.yml
@@ -12,6 +12,7 @@
is_admin: true
password: ${_param:keystone_swift_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
swift-s3:
type: object-store
diff --git a/keystone/client/service/swift.yml b/keystone/client/service/swift.yml
index b599d97..ddcaf26 100644
--- a/keystone/client/service/swift.yml
+++ b/keystone/client/service/swift.yml
@@ -12,6 +12,7 @@
is_admin: true
password: ${_param:keystone_swift_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
swift:
type: object-store
diff --git a/keystone/client/service/tacker.yml b/keystone/client/service/tacker.yml
index 28eef93..e1c7019 100644
--- a/keystone/client/service/tacker.yml
+++ b/keystone/client/service/tacker.yml
@@ -13,6 +13,7 @@
is_admin: true
password: ${_param:keystone_tacker_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
tacker:
type: nfv-orchestration
diff --git a/keystone/client/single.yml b/keystone/client/single.yml
index 74d3e5b..20b2b91 100644
--- a/keystone/client/single.yml
+++ b/keystone/client/single.yml
@@ -43,6 +43,7 @@
is_admin: true
password: ${_param:keystone_admin_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
admin_identity:
admin:
user: admin
diff --git a/keystone/client/v3/service/aodh.yml b/keystone/client/v3/service/aodh.yml
index eafd92a..a4f217c 100644
--- a/keystone/client/v3/service/aodh.yml
+++ b/keystone/client/v3/service/aodh.yml
@@ -11,6 +11,7 @@
aodh:
password: ${_param:keystone_aodh_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/barbican.yml b/keystone/client/v3/service/barbican.yml
index 93ce204..f008abc 100644
--- a/keystone/client/v3/service/barbican.yml
+++ b/keystone/client/v3/service/barbican.yml
@@ -16,6 +16,7 @@
barbican:
password: ${_param:keystone_barbican_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/billometer.yml b/keystone/client/v3/service/billometer.yml
index 0992519..9e115eb 100644
--- a/keystone/client/v3/service/billometer.yml
+++ b/keystone/client/v3/service/billometer.yml
@@ -5,10 +5,11 @@
client:
resources:
v3:
- user:
+ users:
billometer:
password: ${_param:keystone_billometer_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/ceilometer.yml b/keystone/client/v3/service/ceilometer.yml
index 727171e..9129773 100644
--- a/keystone/client/v3/service/ceilometer.yml
+++ b/keystone/client/v3/service/ceilometer.yml
@@ -10,6 +10,7 @@
ceilometer:
password: ${_param:keystone_ceilometer_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/cinder.yml b/keystone/client/v3/service/cinder.yml
index 4f6c76c..1dd279a 100644
--- a/keystone/client/v3/service/cinder.yml
+++ b/keystone/client/v3/service/cinder.yml
@@ -9,6 +9,7 @@
cinder:
password: ${_param:keystone_cinder_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/cinder2.yml b/keystone/client/v3/service/cinder2.yml
index 886edee..4d49d2b 100644
--- a/keystone/client/v3/service/cinder2.yml
+++ b/keystone/client/v3/service/cinder2.yml
@@ -9,6 +9,7 @@
cinder:
password: ${_param:keystone_cinder_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/cinder3.yml b/keystone/client/v3/service/cinder3.yml
index 9682186..a4465ac 100644
--- a/keystone/client/v3/service/cinder3.yml
+++ b/keystone/client/v3/service/cinder3.yml
@@ -9,6 +9,7 @@
cinder:
password: ${_param:keystone_cinder_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/congress.yml b/keystone/client/v3/service/congress.yml
index 15cce34..0d34181 100644
--- a/keystone/client/v3/service/congress.yml
+++ b/keystone/client/v3/service/congress.yml
@@ -9,6 +9,7 @@
congress:
password: ${_param:keystone_congress_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/contrail.yml b/keystone/client/v3/service/contrail.yml
index e6277d5..930804a 100644
--- a/keystone/client/v3/service/contrail.yml
+++ b/keystone/client/v3/service/contrail.yml
@@ -20,6 +20,7 @@
contrail:
password: ${_param:opencontrail_admin_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
is_admin: true
roles:
admin:
diff --git a/keystone/client/v3/service/designate.yml b/keystone/client/v3/service/designate.yml
index 821f2cb..271ea22 100644
--- a/keystone/client/v3/service/designate.yml
+++ b/keystone/client/v3/service/designate.yml
@@ -9,6 +9,7 @@
designate:
password: ${_param:keystone_designate_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/glance.yml b/keystone/client/v3/service/glance.yml
index a690a73..0e01709 100644
--- a/keystone/client/v3/service/glance.yml
+++ b/keystone/client/v3/service/glance.yml
@@ -9,6 +9,7 @@
glance:
password: ${_param:keystone_glance_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/gnocchi.yml b/keystone/client/v3/service/gnocchi.yml
index 6a11023..63241db 100644
--- a/keystone/client/v3/service/gnocchi.yml
+++ b/keystone/client/v3/service/gnocchi.yml
@@ -10,6 +10,7 @@
gnocchi:
password: ${_param:keystone_gnocchi_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/heat.yml b/keystone/client/v3/service/heat.yml
index a1b248f..54c8f0b 100644
--- a/keystone/client/v3/service/heat.yml
+++ b/keystone/client/v3/service/heat.yml
@@ -16,6 +16,7 @@
heat:
password: ${_param:keystone_heat_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/ironic.yml b/keystone/client/v3/service/ironic.yml
index 216049c..bd2795b 100644
--- a/keystone/client/v3/service/ironic.yml
+++ b/keystone/client/v3/service/ironic.yml
@@ -10,6 +10,7 @@
ironic:
password: ${_param:keystone_ironic_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/keystone.yml b/keystone/client/v3/service/keystone.yml
index ab3b29c..6c005c7 100644
--- a/keystone/client/v3/service/keystone.yml
+++ b/keystone/client/v3/service/keystone.yml
@@ -24,6 +24,7 @@
admin:
password: ${_param:keystone_admin_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/manila.yml b/keystone/client/v3/service/manila.yml
index 9030c98..bb90159 100644
--- a/keystone/client/v3/service/manila.yml
+++ b/keystone/client/v3/service/manila.yml
@@ -9,6 +9,7 @@
manila:
password: ${_param:keystone_manila_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/manila2.yml b/keystone/client/v3/service/manila2.yml
index 06aa44e..f5771ad 100644
--- a/keystone/client/v3/service/manila2.yml
+++ b/keystone/client/v3/service/manila2.yml
@@ -9,6 +9,7 @@
manila:
password: ${_param:keystone_manila_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/neutron.yml b/keystone/client/v3/service/neutron.yml
index 2c1df47..6af16f9 100644
--- a/keystone/client/v3/service/neutron.yml
+++ b/keystone/client/v3/service/neutron.yml
@@ -9,6 +9,7 @@
neutron:
password: ${_param:keystone_neutron_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/nova.yml b/keystone/client/v3/service/nova.yml
index d2f76f6..d0c7366 100644
--- a/keystone/client/v3/service/nova.yml
+++ b/keystone/client/v3/service/nova.yml
@@ -9,6 +9,7 @@
nova:
password: ${_param:keystone_nova_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/nova21.yml b/keystone/client/v3/service/nova21.yml
index 5bccedf..85bd29f 100644
--- a/keystone/client/v3/service/nova21.yml
+++ b/keystone/client/v3/service/nova21.yml
@@ -9,6 +9,7 @@
nova:
password: ${_param:keystone_nova_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/octavia.yml b/keystone/client/v3/service/octavia.yml
index 26940ff..54c8bc9 100644
--- a/keystone/client/v3/service/octavia.yml
+++ b/keystone/client/v3/service/octavia.yml
@@ -26,6 +26,7 @@
octavia:
password: ${_param:keystone_octavia_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/panko.yml b/keystone/client/v3/service/panko.yml
index 5f4c70b..226f601 100644
--- a/keystone/client/v3/service/panko.yml
+++ b/keystone/client/v3/service/panko.yml
@@ -10,6 +10,7 @@
panko:
password: ${_param:keystone_panko_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/radosgw-s3.yml b/keystone/client/v3/service/radosgw-s3.yml
index 7c03f4a..1a7ae3c 100644
--- a/keystone/client/v3/service/radosgw-s3.yml
+++ b/keystone/client/v3/service/radosgw-s3.yml
@@ -4,12 +4,13 @@
radosgw_service_protocol: http
keystone:
client:
- resource:
+ resources:
v3:
users:
swift:
password: ${_param:keystone_swift_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/radosgw-swift.yml b/keystone/client/v3/service/radosgw-swift.yml
index 4452e0f..692c200 100644
--- a/keystone/client/v3/service/radosgw-swift.yml
+++ b/keystone/client/v3/service/radosgw-swift.yml
@@ -10,6 +10,7 @@
swift:
password: ${_param:keystone_swift_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/tacker.yml b/keystone/client/v3/service/tacker.yml
index 8a01280..bddca05 100644
--- a/keystone/client/v3/service/tacker.yml
+++ b/keystone/client/v3/service/tacker.yml
@@ -10,6 +10,7 @@
tacker:
password: ${_param:keystone_tacker_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/kubernetes/common/init.yml b/kubernetes/common/init.yml
index 3b24a01..4f2a763 100644
--- a/kubernetes/common/init.yml
+++ b/kubernetes/common/init.yml
@@ -70,7 +70,7 @@
kubernetes_hyperkube_image: ${_param:mcp_docker_registry}/mirantis/kubernetes/hyperkube-amd64:v1.12.6-5
kubernetes_calico_cni_image: ${_param:mcp_docker_registry}/mirantis/projectcalico/calico/cni:v3.3.2
kubernetes_calico_calicoctl_image: ${_param:mcp_docker_registry}/mirantis/projectcalico/calico/ctl:v3.3.2
- kubernetes_containerd_package: containerd.io=1.2.1+1-1~u16.04+mcp
+ kubernetes_containerd_package: containerd=1.2.4-2~u16.04+mcp
kubernetes_metrics_server_image: ${_param:kubernetes_metrics_server_repo}/metrics-server-amd64:v0.3.1
kubernetes_helm_tiller_image: ${_param:kubernetes_helm_tiller_repo}/tiller:v2.12.2
diff --git a/linux/network/hosts/openstack.yml b/linux/network/hosts/openstack/init.yml
similarity index 100%
rename from linux/network/hosts/openstack.yml
rename to linux/network/hosts/openstack/init.yml
diff --git a/linux/network/hosts/openstack/kmn.yml b/linux/network/hosts/openstack/kmn.yml
new file mode 100644
index 0000000..a6c7663
--- /dev/null
+++ b/linux/network/hosts/openstack/kmn.yml
@@ -0,0 +1,9 @@
+parameters:
+ linux:
+ network:
+ host:
+ openstack_kmn_control_vip:
+ address: ${_param:openstack_barbican_address}
+ names:
+ - ${_param:openstack_kmn_service_hostname}
+ - ${_param:openstack_kmn_service_host}
diff --git a/linux/network/hosts/openstack/share.yml b/linux/network/hosts/openstack/share.yml
new file mode 100644
index 0000000..75a6449
--- /dev/null
+++ b/linux/network/hosts/openstack/share.yml
@@ -0,0 +1,9 @@
+parameters:
+ linux:
+ network:
+ host:
+ openstack_share_control_vip:
+ address: ${_param:openstack_share_address}
+ names:
+ - ${_param:openstack_share_service_hostname}
+ - ${_param:openstack_share_service_host}
diff --git a/linux/network/hosts/openstack/telemetry.yml b/linux/network/hosts/openstack/telemetry.yml
new file mode 100644
index 0000000..77f48b0
--- /dev/null
+++ b/linux/network/hosts/openstack/telemetry.yml
@@ -0,0 +1,9 @@
+parameters:
+ linux:
+ network:
+ host:
+ openstack_telemetry_control_vip:
+ address: ${_param:openstack_telemetry_address}
+ names:
+ - ${_param:openstack_telemetry_service_hostname}
+ - ${_param:openstack_telemetry_service_host}
diff --git a/prometheus/elasticsearch_exporter/container.yml b/prometheus/elasticsearch_exporter/container.yml
new file mode 100644
index 0000000..9f78f4a
--- /dev/null
+++ b/prometheus/elasticsearch_exporter/container.yml
@@ -0,0 +1,2 @@
+classes:
+- service.prometheus.elasticsearch_exporter.container
diff --git a/prometheus/elasticsearch_exporter/init.yml b/prometheus/elasticsearch_exporter/init.yml
new file mode 100644
index 0000000..c0f5bb5
--- /dev/null
+++ b/prometheus/elasticsearch_exporter/init.yml
@@ -0,0 +1,4 @@
+classes:
+- service.prometheus.elasticsearch_exporter.container
+- system.prometheus.elasticsearch_exporter.queries.default
+
diff --git a/prometheus/elasticsearch_exporter/queries/compute.yml b/prometheus/elasticsearch_exporter/queries/compute.yml
new file mode 100644
index 0000000..66904da
--- /dev/null
+++ b/prometheus/elasticsearch_exporter/queries/compute.yml
@@ -0,0 +1,118 @@
+parameters:
+ prometheus:
+ elasticsearch_exporter:
+ queries:
+ compute_instance:
+ # Produces metrics:
+ # - compute_instance_event_doc_count{event="example"}
+ # - compute_instance_event_sum_other_doc_count
+ # - compute_instance_event_doc_count_error_upper_bound
+ # - compute_instance_event_host_doc_count{host="example01",event="example"}
+ # - compute_instance_event_host_sum_other_doc_count{event="example"}
+ # - compute_instance_event_host_doc_count_error_upper_bound{event="example"}
+ #
+ indices: '<notification-{now/d}>'
+ interval: 600
+ json: |
+ {
+ "size": 0,
+ "query": {
+ "match_all": {}
+ },
+ "aggs": {
+ "event": {
+ "terms": {
+ "field": "event_type.keyword"
+ },
+ "aggs": {
+ "host": {
+ "terms": {
+ "field": "Hostname.keyword"
+ }
+ }
+ }
+ }
+ }
+ }
+
+ compute_instance_create_start:
+ # Produces metrics:
+ # - compute_instance_create_start_host_doc_count{host="example01"}
+ # - compute_instance_create_start_host_event_sum_other_doc_count
+ # - compute_instance_create_start_host_doc_count_error_upper_bound
+ # - compute_instance_create_start_hits
+ # - compute_instance_create_start_took_milliseconds
+ #
+ indices: '<notification-{now/d}>'
+ interval: 60
+ json: |
+ {
+ "size": 0,
+ "query": {
+ "term": {
+ "event_type": "compute.instance.create.start"
+ }
+ },
+ "aggs": {
+ "host": {
+ "terms": {
+ "field": "Hostname.keyword"
+ }
+ }
+ }
+ }
+
+ compute_instance_create_end:
+ # Produces metrics:
+ # - compute_instance_create_end_host_doc_count{host="example01"}
+ # - compute_instance_create_end_host_event_sum_other_doc_count
+ # - compute_instance_create_end_host_doc_count_error_upper_bound
+ # - compute_instance_create_end_hits
+ # - compute_instance_create_end_took_milliseconds
+ #
+ indices: '<notification-{now/d}>'
+ interval: 60
+ json: |
+ {
+ "size": 0,
+ "query": {
+ "term": {
+ "event_type": "compute.instance.create.end"
+ }
+ },
+ "aggs": {
+ "host": {
+ "terms": {
+ "field": "Hostname.keyword"
+ }
+ }
+ }
+ }
+
+ compute_instance_create_error:
+ # Produces metrics:
+ # - compute_instance_create_error_host_doc_count{host="example01"}
+ # - compute_instance_create_error_host_event_sum_other_doc_count
+ # - compute_instance_create_error_host_doc_count_error_upper_bound
+ # - compute_instance_create_error_hits
+ # - compute_instance_create_error_took_milliseconds
+ #
+ indices: '<notification-{now/d}>'
+ interval: 60
+ json: |
+ {
+ "size": 0,
+ "query": {
+ "term": {
+ "event_type": "compute.instance.create.error"
+ }
+ },
+ "aggs": {
+ "host": {
+ "terms": {
+ "field": "Hostname.keyword"
+ }
+ }
+ }
+ }
+
diff --git a/prometheus/elasticsearch_exporter/queries/default.yml b/prometheus/elasticsearch_exporter/queries/default.yml
new file mode 100644
index 0000000..eeb013c
--- /dev/null
+++ b/prometheus/elasticsearch_exporter/queries/default.yml
@@ -0,0 +1,40 @@
+parameters:
+ prometheus:
+ elasticsearch_exporter:
+ queries:
+ default:
+ interval: 600
+ json: {}
+
+ logs:
+ # Produces metrics:
+ # - logs_program_doc_count{program="example"}
+ # - logs_program_sum_other_doc_count
+ # - logs_program_doc_count_error_upper_bound
+ # - logs_program_host_doc_count{host="example01",program="example"}
+ # - logs_program_host_sum_other_doc_count{program="example"}
+ # - logs_program_host_doc_count_error_upper_bound{program="example"}
+ #
+ indices: '<log-{now/d}>'
+ interval: 600
+ json: |
+ {
+ "size": 0,
+ "query": {
+ "match_all": {}
+ },
+ "aggs": {
+ "program": {
+ "terms": {
+ "field": "programname.keyword"
+ },
+ "aggs": {
+ "host": {
+ "terms": {
+ "field": "Hostname.keyword"
+ }
+ }
+ }
+ }
+ }
+ }
diff --git a/prometheus/server/target/dns/elasticsearch_exporter.yml b/prometheus/server/target/dns/elasticsearch_exporter.yml
new file mode 100644
index 0000000..3af4960
--- /dev/null
+++ b/prometheus/server/target/dns/elasticsearch_exporter.yml
@@ -0,0 +1,13 @@
+parameters:
+ prometheus:
+ server:
+ target:
+ dns:
+ enabled: true
+ endpoint:
+ - name: 'elasticsearch_exporter'
+ scrape_interval: 60s
+ domain:
+ - 'tasks.monitoring_elasticsearch_exporter'
+ type: A
+ port: 9206
diff --git a/prometheus/server/target/dns/init.yml b/prometheus/server/target/dns/init.yml
index 361d296..7363be1 100644
--- a/prometheus/server/target/dns/init.yml
+++ b/prometheus/server/target/dns/init.yml
@@ -1,5 +1,6 @@
classes:
- system.prometheus.server.target.dns.alertmanager
+- system.prometheus.server.target.dns.elasticsearch_exporter
- system.prometheus.server.target.dns.prometheus
- system.prometheus.server.target.dns.pushgateway
- system.prometheus.server.target.dns.remote_agent
diff --git a/salt/minion/cert/barbican.yml b/salt/minion/cert/barbican.yml
index 8ee4d41..8a44433 100644
--- a/salt/minion/cert/barbican.yml
+++ b/salt/minion/cert/barbican.yml
@@ -1,7 +1,7 @@
parameters:
_param:
salt_minion_ca_authority: salt_master_ca
- barbican_cert_alternative_names: IP:127.0.0.1,IP:${_param:cluster_local_address},IP:${_param:cluster_vip_address},DNS:${linux:system:name},DNS:${linux:network:fqdn},DNS:${_param:cluster_vip_address},DNS:${_param:openstack_service_host}
+ barbican_cert_alternative_names: IP:127.0.0.1,IP:${_param:cluster_local_address},IP:${_param:cluster_vip_address},DNS:${linux:system:name},DNS:${linux:network:fqdn},DNS:${_param:cluster_vip_address},DNS:${_param:openstack_kmn_service_host}
salt:
minion:
cert: