Merge "Add jobs for k8s nginx ingress controller"
diff --git a/apache/server/proxy/init.yml b/apache/server/proxy/init.yml
new file mode 100644
index 0000000..06921f8
--- /dev/null
+++ b/apache/server/proxy/init.yml
@@ -0,0 +1,7 @@
+parameters:
+ apache:
+ server:
+ modules:
+ - proxy
+ - proxy_http
+ - headers
diff --git a/galera/server/database/ssl/ironic.yaml b/galera/server/database/ssl/ironic.yaml
new file mode 100644
index 0000000..eeb9dbb
--- /dev/null
+++ b/galera/server/database/ssl/ironic.yaml
@@ -0,0 +1,4 @@
+parameters:
+ _param:
+ mysql_ironic_ssl_option:
+ - SSL: True
\ No newline at end of file
diff --git a/galera/server/database/x509/ironic.yml b/galera/server/database/x509/ironic.yml
new file mode 100644
index 0000000..85082f5
--- /dev/null
+++ b/galera/server/database/x509/ironic.yml
@@ -0,0 +1,7 @@
+parameters:
+ _param:
+ mysql_ironic_client_ssl_x509_subject: '/C=cz/CN=mysql-ironic-client/L=Prague/O=Mirantis'
+ mysql_ironic_client_ssl_x509_issuer: '/C=cz/CN=Salt Master CA/L=Prague/O=Mirantis'
+ mysql_ironic_ssl_option:
+ - SUBJECT: ${_param:mysql_ironic_client_ssl_x509_subject}
+ - ISSUER: ${_param:mysql_ironic_client_ssl_x509_issuer}
\ No newline at end of file
diff --git a/ironic/api/cluster.yml b/ironic/api/cluster.yml
index b0bb69f..acf635e 100644
--- a/ironic/api/cluster.yml
+++ b/ironic/api/cluster.yml
@@ -1,6 +1,10 @@
classes:
+- system.salt.minion.cert.mysql.clients.openstack.ironic
- service.ironic.api.cluster
parameters:
+ _param:
+ openstack_mysql_x509_enabled: False
+ galera_ssl_enabled: False
linux:
system:
package:
@@ -14,3 +18,11 @@
role: ${_param:openstack_node_role}
bind:
address: ${_param:cluster_baremetal_local_address}
+ database:
+ x509:
+ enabled: ${_param:openstack_mysql_x509_enabled}
+ ca_file: ${_param:mysql_ironic_ssl_ca_file}
+ key_file: ${_param:mysql_ironic_client_ssl_key_file}
+ cert_file: ${_param:mysql_ironic_client_ssl_cert_file}
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
diff --git a/ironic/api/single.yml b/ironic/api/single.yml
index 51c3f9c..0d4ae09 100644
--- a/ironic/api/single.yml
+++ b/ironic/api/single.yml
@@ -1,6 +1,10 @@
classes:
+- system.salt.minion.cert.mysql.clients.openstack.ironic
- service.ironic.api.single
parameters:
+ _param:
+ openstack_mysql_x509_enabled: False
+ galera_ssl_enabled: False
linux:
system:
package:
@@ -12,3 +16,11 @@
role: ${_param:openstack_node_role}
bind:
address: ${_param:single_address}
+ database:
+ x509:
+ enabled: ${_param:openstack_mysql_x509_enabled}
+ ca_file: ${_param:mysql_ironic_ssl_ca_file}
+ key_file: ${_param:mysql_ironic_client_ssl_key_file}
+ cert_file: ${_param:mysql_ironic_client_ssl_cert_file}
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
diff --git a/ironic/conductor/cluster.yml b/ironic/conductor/cluster.yml
index 063719c..c97624b 100644
--- a/ironic/conductor/cluster.yml
+++ b/ironic/conductor/cluster.yml
@@ -1,6 +1,10 @@
classes:
+- system.salt.minion.cert.mysql.clients.openstack.ironic
- service.ironic.conductor.cluster
parameters:
+ _param:
+ openstack_mysql_x509_enabled: False
+ galera_ssl_enabled: False
linux:
system:
package:
@@ -10,3 +14,11 @@
ironic:
conductor:
api_url: 'http://${_param:cluster_baremetal_vip_address}:6385'
+ database:
+ x509:
+ enabled: ${_param:openstack_mysql_x509_enabled}
+ ca_file: ${_param:mysql_ironic_ssl_ca_file}
+ key_file: ${_param:mysql_ironic_client_ssl_key_file}
+ cert_file: ${_param:mysql_ironic_client_ssl_cert_file}
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
diff --git a/ironic/conductor/single.yml b/ironic/conductor/single.yml
index d827129..80215a5 100644
--- a/ironic/conductor/single.yml
+++ b/ironic/conductor/single.yml
@@ -1,6 +1,10 @@
classes:
+- system.salt.minion.cert.mysql.clients.openstack.ironic
- service.ironic.conductor.single
parameters:
+ _param:
+ openstack_mysql_x509_enabled: False
+ galera_ssl_enabled: False
linux:
system:
package:
@@ -11,3 +15,11 @@
conductor:
enabled: true
version: ${_param:ironic_version}
+ database:
+ x509:
+ enabled: ${_param:openstack_mysql_x509_enabled}
+ ca_file: ${_param:mysql_ironic_ssl_ca_file}
+ key_file: ${_param:mysql_ironic_client_ssl_key_file}
+ cert_file: ${_param:mysql_ironic_client_ssl_cert_file}
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
diff --git a/jenkins/client/job/git-mirrors/2way.yml b/jenkins/client/job/git-mirrors/2way.yml
index 742408d..71d8f9a 100644
--- a/jenkins/client/job/git-mirrors/2way.yml
+++ b/jenkins/client/job/git-mirrors/2way.yml
@@ -11,7 +11,7 @@
- name: mcp-common-scripts
source: mcp/mcp-common-scripts
target: Mirantis/mcp-common-scripts
- branches: "master"
+ branches: "master,release/2018.8.1"
- name: mcp-local-repo-model
source: mcp/mcp-local-repo-model
target: Mirantis/mcp-local-repo-model
diff --git a/jenkins/client/job/git-mirrors/downstream/pipelines.yml b/jenkins/client/job/git-mirrors/downstream/pipelines.yml
index 271a725..17611cb 100644
--- a/jenkins/client/job/git-mirrors/downstream/pipelines.yml
+++ b/jenkins/client/job/git-mirrors/downstream/pipelines.yml
@@ -8,8 +8,8 @@
- name: pipeline-library
downstream: mcp-ci/pipeline-library
upstream: "${_param:gerrit_pipeline_library_repo}"
- branches: master
+ branches: "master,release/2018.8.1"
- name: mk-pipelines
downstream: mk/mk-pipelines
upstream: "${_param:gerrit_mk_pipelines_repo}"
- branches: master
+ branches: "master,release/2018.8.1"
diff --git a/jenkins/client/job/oscore/test_upgrades.yml b/jenkins/client/job/oscore/test_upgrades.yml
index a3cf5ae..b97855a 100644
--- a/jenkins/client/job/oscore/test_upgrades.yml
+++ b/jenkins/client/job/oscore/test_upgrades.yml
@@ -19,6 +19,9 @@
credentials: "gerrit"
branch: 'master'
script: test-openstack-upgrade-pipeline.groovy
+ trigger:
+ timer:
+ spec: "H 22 * * *"
param:
CREDENTIALS_ID:
type: string
@@ -36,10 +39,10 @@
description: "Credentials to the OpenStack API"
OPENSTACK_API_PROJECT:
type: string
- default: "mcp-oscore"
+ default: "mcp-oscore-ci"
HEAT_STACK_ZONE:
type: string
- default: "mcp-oscore"
+ default: "mcp-oscore-ci"
FLAVOR_PREFIX:
type: string
default: 'dev'
@@ -50,7 +53,7 @@
TEST_SCHEME:
type: string
description: "Yaml based scheme to be applied in testing"
- default: '{"old": {"context_file_name": "openstack-ovs-core-{{openstack_version_old}}","extra_context": {"default_context": {"openstack_version": "{{openstack_version_old}}"}}}, "new": {"extra_context": {"default_context": {"openstack_version": "{{openstack_version_new}}"}}}}'
+ default: '{"old": {"run_smoke": True, "context_file_name": "openstack-ovs-core-{{openstack_version_old}}","extra_context": {"default_context": {"openstack_version": "{{openstack_version_old}}"}}}, "new": {"run_smoke": True, "extra_context": {"default_context": {"openstack_version": "{{openstack_version_new}}"}}}}'
job:
oscore-test-adjust-cluster-model:
display_name: oscore-test-adjust-cluster-model
diff --git a/jenkins/client/job/salt-formulas/git-mirrors/2way.yml b/jenkins/client/job/salt-formulas/git-mirrors/2way.yml
index 85c9ac8..f2efc67 100644
--- a/jenkins/client/job/salt-formulas/git-mirrors/2way.yml
+++ b/jenkins/client/job/salt-formulas/git-mirrors/2way.yml
@@ -456,7 +456,7 @@
default: "gerrit"
BRANCHES:
type: string
- default: "master"
+ default: "master,release/2018.8.1"
git-mirror-2way-salt-formulas-cookiecutter:
description: ${_param:job_description_2way}
discard:
diff --git a/jenkins/client/job/stacklight/cookiecutter.yml b/jenkins/client/job/stacklight/cookiecutter.yml
index 0a2c6ed..0f40403 100644
--- a/jenkins/client/job/stacklight/cookiecutter.yml
+++ b/jenkins/client/job/stacklight/cookiecutter.yml
@@ -31,6 +31,16 @@
type: string
description: "Context for cookiecutter template specified as filename"
default: 'stacklight-openstack-ovs-core-pike'
+ OPENSTACK_ENVIRONMENT:
+ type: choice
+ description: "Target openstack environment"
+ choices:
+ - devcloud
+ - presales
+ - oscore_devcloud
+ OPENSTACK_API_CREDENTIALS:
+ type: string
+ description: "Credentials to the OpenStack API"
OPENSTACK_API_PROJECT:
type: string
default: "mcp-stacklight"
diff --git a/keystone/client/service/gnocchi.yml b/keystone/client/service/gnocchi.yml
index 27d38b0..1d1b075 100644
--- a/keystone/client/service/gnocchi.yml
+++ b/keystone/client/service/gnocchi.yml
@@ -5,6 +5,8 @@
cluster_public_protocol: https
gnocchi_service_protocol: http
gnocchi_public_host: ${_param:cluster_public_host}
+ gnocchi_public_port: 8041
+ gnocchi_public_path: '/'
keystone:
client:
server:
@@ -24,8 +26,8 @@
- region: ${_param:openstack_region}
public_address: ${_param:gnocchi_public_host}
public_protocol: ${_param:cluster_public_protocol}
- public_port: 8041
- public_path: '/'
+ public_port: ${_param:gnocchi_public_port}
+ public_path: ${_param:gnocchi_public_path}
internal_address: ${_param:gnocchi_service_host}
internal_port: 8041
internal_path: '/'
diff --git a/keystone/client/service/keystone.yml b/keystone/client/service/keystone.yml
index 0cfa963..53e7cd1 100644
--- a/keystone/client/service/keystone.yml
+++ b/keystone/client/service/keystone.yml
@@ -7,6 +7,8 @@
keystone_public_path: "/v2.0"
keystone_internal_path: "/v2.0"
keystone_admin_path: "/v2.0"
+ keystone_public_address: ${_param:cluster_public_host}
+ keystone_public_port: 5000
keystone:
client:
server:
@@ -17,9 +19,9 @@
description: OpenStack Identity Service
endpoints:
- region: ${_param:openstack_region}
- public_address: ${_param:cluster_public_host}
+ public_address: ${_param:keystone_public_address}
public_protocol: ${_param:cluster_public_protocol}
- public_port: 5000
+ public_port: ${_param:keystone_public_port}
public_path: ${_param:keystone_public_path}
internal_address: ${_param:keystone_service_host}
internal_port: 5000
diff --git a/rabbitmq/server/ssl/init.yml b/rabbitmq/server/ssl/init.yml
index 7fefae7..71cc1a7 100644
--- a/rabbitmq/server/ssl/init.yml
+++ b/rabbitmq/server/ssl/init.yml
@@ -4,8 +4,11 @@
parameters:
_param:
rabbitmq_ssl_enabled: true
+ openstack_rabbitmq_x509_enabled: false
rabbitmq_port: 5671 # for non-ssl use 5672 / for ssl 5671
rabbitmq:
server:
ssl:
enabled: ${_param:rabbitmq_ssl_enabled}
+ x509:
+ enabled: ${_param:openstack_rabbitmq_x509_enabled}
diff --git a/salt/minion/cert/mysql/clients/openstack/ironic.yml b/salt/minion/cert/mysql/clients/openstack/ironic.yml
new file mode 100644
index 0000000..fe4aa19
--- /dev/null
+++ b/salt/minion/cert/mysql/clients/openstack/ironic.yml
@@ -0,0 +1,27 @@
+parameters:
+ _param:
+ salt_minion_ca_host: cfg01.${_param:cluster_domain}
+ salt_minion_ca_authority: salt_master_ca
+ mysql_ironic_client_ssl_key_file: /etc/ironic/ssl/mysql/client-key.pem
+ mysql_ironic_client_ssl_cert_file: /etc/ironic/ssl/mysql/client-cert.pem
+ mysql_ironic_ssl_ca_file: /etc/ironic/ssl/mysql/ca-cert.pem
+ salt:
+ minion:
+ cert:
+ mysql-ironic-client:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: mysql-ironic-client
+ signing_policy: cert_client
+ alternative_names: >
+ IP:${_param:cluster_local_address},
+ DNS:${_param:cluster_local_address},
+ DNS:${linux:system:name},
+ DNS:${linux:network:fqdn}
+ key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+ key_file: ${_param:mysql_ironic_client_ssl_key_file}
+ cert_file: ${_param:mysql_ironic_client_ssl_cert_file}
+ ca_file: ${_param:mysql_ironic_ssl_ca_file}
+ user: ironic
+ group: ironic
+ mode: 640