Merge "fix compatibility problem with reclass 1.4.1"
diff --git a/debmirror/mirror_mirantis_com/glusterfs-3.8/xenial.yml b/debmirror/mirror_mirantis_com/glusterfs-3.8/xenial.yml
new file mode 100644
index 0000000..7c93811
--- /dev/null
+++ b/debmirror/mirror_mirantis_com/glusterfs-3.8/xenial.yml
@@ -0,0 +1,23 @@
+parameters:
+ _param:
+ apt_mk_version: 'stable'
+ mirror_mirantis_com_glusterfs_3_8_xenial_force: False
+ debmirror_mirrors_base_target_dir: "/srv/volumes/aptly/public/${_param:apt_mk_version}/"
+ debmirror:
+ client:
+ enabled: true
+ mirrors:
+ mirror_mirantis_com_glusterfs_3_8_xenial:
+ force: ${_param:mirror_mirantis_com_glusterfs_3_8_xenial_force}
+ lock_target: True
+ extra_flags: [ '--verbose', '--progress', '--nosource', '--no-check-gpg', '--rsync-extra=none' ]
+ method: "rsync"
+ arch: [ 'amd64' ]
+ mirror_host: "mirror.mirantis.com"
+ mirror_root: ":mirror/${_param:apt_mk_version}/glusterfs-3.8/xenial/"
+ target_dir: "${_param:debmirror_mirrors_base_target_dir}/glusterfs-3.8/xenial/"
+ log_file: "/var/log/debmirror/mirror_mirantis_com_glusterfs_3_8_xenial.log"
+ dist: [ xenial ]
+ section: [ main ]
+ filter:
+ 001: "--exclude='-dbg_'"
diff --git a/debmirror/mirror_mirantis_com/saltstack/salt_2016_3.yml b/debmirror/mirror_mirantis_com/saltstack-2016.3/xenial.yml
similarity index 100%
rename from debmirror/mirror_mirantis_com/saltstack/salt_2016_3.yml
rename to debmirror/mirror_mirantis_com/saltstack-2016.3/xenial.yml
diff --git a/debmirror/mirror_mirantis_com/saltstack-2017.7/xenial.yml b/debmirror/mirror_mirantis_com/saltstack-2017.7/xenial.yml
new file mode 100644
index 0000000..542afea
--- /dev/null
+++ b/debmirror/mirror_mirantis_com/saltstack-2017.7/xenial.yml
@@ -0,0 +1,21 @@
+parameters:
+ _param:
+ apt_mk_version: 'stable'
+ mirror_mirantis_com_saltstack_2017_7_xenial_force: False
+ debmirror_mirrors_base_target_dir: "/srv/volumes/aptly/public/${_param:apt_mk_version}/"
+ debmirror:
+ client:
+ enabled: true
+ mirrors:
+ mirror_mirantis_com_saltstack_2017_7_xenial:
+ force: ${_param:mirror_mirantis_com_saltstack_2017_7_xenial_force}
+ lock_target: True
+ extra_flags: [ '--verbose', '--progress', '--nosource', '--no-check-gpg', '--rsync-extra=none' ]
+ method: "rsync"
+ arch: [ 'amd64' ]
+ mirror_host: "mirror.mirantis.com"
+ mirror_root: ":mirror/${_param:apt_mk_version}/saltstack-2017.7/xenial/"
+ target_dir: "${_param:debmirror_mirrors_base_target_dir}/saltstack-2017.7/xenial/"
+ log_file: "/var/log/debmirror/mirror_mirantis_com_saltstack_2017_7_xenial.log"
+ dist: [ xenial ]
+ section: [ main ]
diff --git a/docker/swarm/network/keycloak_backend.yml b/docker/swarm/network/keycloak_backend.yml
new file mode 100644
index 0000000..5b1c625
--- /dev/null
+++ b/docker/swarm/network/keycloak_backend.yml
@@ -0,0 +1,11 @@
+parameters:
+ _param:
+ docker_keycloak_network_subnet: 10.70.0.0/24
+ docker:
+ client:
+ network:
+ keycloak_backend:
+ subnet: ${_param:docker_keycloak_network_subnet}
+ driver: overlay
+ attachable: true
+
diff --git a/docker/swarm/stack/keycloak.yml b/docker/swarm/stack/keycloak.yml
new file mode 100644
index 0000000..0187a08
--- /dev/null
+++ b/docker/swarm/stack/keycloak.yml
@@ -0,0 +1,38 @@
+parameters:
+ _param:
+ docker_keycloak_server_replicas: 3
+ docker_keycloak_proxy_replicas: 1
+ docker_image_keycloak_server: jboss/keycloak:3.4.2.Final
+ docker_image_keycloak_proxy: jboss/keycloak-proxy:3.4.2.h
+ keycloak_bind_port: ${_param:haproxy_keycloak_bind_port}
+ keycloak_proxy_bind_port: ${_param:haproxy_keycloak_proxy_bind_port}
+ docker:
+ client:
+ stack:
+ keycloak:
+ service:
+ keycloak-server:
+ image: ${_param:docker_image_keycloak_server}
+ deploy:
+ replicas: ${_param:docker_keycloak_server_replicas}
+ restart_policy:
+ condition: any
+ ports:
+ - ${_param:haproxy_keycloak_exposed_port}:${_param:keycloak_bind_port}
+ volumes:
+ - /srv/volumes/keycloak/server/:/app
+ keycloak-proxy:
+ image: ${_param:docker_image_keycloak_proxy}
+ deploy:
+ replicas: ${_param:docker_keycloak_proxy_replicas}
+ restart_policy:
+ condition: any
+ ports:
+ - ${_param:haproxy_keycloak_proxy_exposed_port}:${_param:keycloak_proxy_bind_port}
+ volumes:
+ - /srv/volumes/keycloak/proxy/proxy.json:/opt/jboss/conf/proxy.json
+ network:
+ default:
+ external:
+ name: keycloak_backend
+
diff --git a/glusterfs/client/volume/keycloak.yml b/glusterfs/client/volume/keycloak.yml
new file mode 100644
index 0000000..06d6134
--- /dev/null
+++ b/glusterfs/client/volume/keycloak.yml
@@ -0,0 +1,16 @@
+parameters:
+ _param:
+ keycloak_glusterfs_service_host: ${_param:glusterfs_service_host}
+ glusterfs_node01_address: ${_param:cluster_node01_address}
+ glusterfs_node02_address: ${_param:cluster_node02_address}
+ glusterfs_node03_address: ${_param:cluster_node03_address}
+ glusterfs:
+ client:
+ volumes:
+ keycloak:
+ path: /srv/volumes/keycloak
+ server: ${_param:keycloak_glusterfs_service_host}
+ opts: "defaults,backup-volfile-servers=${_param:glusterfs_node01_address}:${_param:glusterfs_node02_address}:${_param:glusterfs_node03_address}"
+ user: 1000
+ group: 1000
+
diff --git a/glusterfs/server/volume/keycloak.yml b/glusterfs/server/volume/keycloak.yml
new file mode 100644
index 0000000..c8c71f0
--- /dev/null
+++ b/glusterfs/server/volume/keycloak.yml
@@ -0,0 +1,20 @@
+parameters:
+ glusterfs:
+ server:
+ volumes:
+ keycloak:
+ storage: /srv/glusterfs/keycloak
+ replica: 3
+ bricks:
+ - ${_param:cluster_node01_address}:/srv/glusterfs/keycloak
+ - ${_param:cluster_node02_address}:/srv/glusterfs/keycloak
+ - ${_param:cluster_node03_address}:/srv/glusterfs/keycloak
+ options:
+ cluster.readdir-optimize: On
+ nfs.disable: On
+ network.remote-dio: On
+ diagnostics.client-log-level: WARNING
+ diagnostics.brick-log-level: WARNING
+ cluster.favorite-child-policy: mtime
+
+
diff --git a/haproxy/proxy/listen/keycloak.yml b/haproxy/proxy/listen/keycloak.yml
new file mode 100644
index 0000000..73697a3
--- /dev/null
+++ b/haproxy/proxy/listen/keycloak.yml
@@ -0,0 +1,71 @@
+parameters:
+ _param:
+ haproxy_keycloak_bind_host: ${_param:haproxy_bind_address}
+ haproxy_keycloak_bind_port: 8086
+ haproxy_keycloak_exposed_port: 18086
+ haproxy_keycloak_ssl:
+ enabled: false
+ haproxy_keycloak_proxy_bind_host: ${_param:haproxy_bind_address}
+ haproxy_keycloak_proxy_bind_port: 8180
+ haproxy_keycloak_proxy_exposed_port: 18180
+ haproxy_keycloak_proxy_ssl:
+ enabled: false
+ haproxy:
+ proxy:
+ listen:
+ keycloak:
+ mode: http
+ options:
+ - forwardfor
+ - httpchk
+ - httpclose
+ - httplog
+ balance: source
+ http_request:
+ - action: "add-header X-Forwarded-Proto https"
+ condition: "if { ssl_fc }"
+ binds:
+ - address: ${_param:haproxy_keycloak_bind_host}
+ port: ${_param:haproxy_keycloak_bind_port}
+ ssl: ${_param:haproxy_keycloak_ssl}
+ servers:
+ - name: ${_param:cluster_node01_name}
+ host: ${_param:cluster_node01_address}
+ port: ${_param:haproxy_keycloak_exposed_port}
+ params: check
+ - name: ${_param:cluster_node02_name}
+ host: ${_param:cluster_node02_address}
+ port: ${_param:haproxy_keycloak_exposed_port}
+ params: backup check
+ - name: ${_param:cluster_node03_name}
+ host: ${_param:cluster_node03_address}
+ port: ${_param:haproxy_keycloak_exposed_port}
+ params: backup check
+ keycloak_proxy:
+ mode: http
+ options:
+ - forwardfor
+ - httpchk
+ - httpclose
+ - httplog
+ balance: source
+ http_request:
+ - action: "add-header X-Forwarded-Proto https"
+ condition: "if { ssl_fc }"
+ binds:
+ - address: ${_param:haproxy_keycloak_proxy_bind_host}
+ port: ${_param:haproxy_keycloak_proxy_bind_port}
+ ssl: ${_param:haproxy_keycloak_proxy_ssl}
+ servers:
+ - name: ${_param:cluster_node01_name}
+ host: ${_param:cluster_node01_address}
+ port: ${_param:haproxy_keycloak_proxy_exposed_port}
+ params: check
+ - name: ${_param:cluster_node02_name}
+ host: ${_param:cluster_node02_address}
+ port: ${_param:haproxy_keycloak_proxy_exposed_port}
+ params: backup check
+ - name: ${_param:cluster_node03_name}
+ host: ${_param:cluster_node03_address}
+ port: ${_param:haproxy_keycloak_proxy_exposed_port}
+ params: backup check
diff --git a/keycloak/proxy/application/devops_portal.yml b/keycloak/proxy/application/devops_portal.yml
new file mode 100644
index 0000000..bf09f69
--- /dev/null
+++ b/keycloak/proxy/application/devops_portal.yml
@@ -0,0 +1,13 @@
+parameters:
+ _param:
+ keycloak_proxy_devops_portal_base_path: "/"
+ keycloak:
+ proxy:
+ applications:
+ devops_portal:
+ base_path: "${_param:keycloak_proxy_devops_portal_base_path}"
+ adapter_config:
+ realm: "jaeger"
+ auth_server_url: "http://keycloak/auth"
+ resource: "proxy-jaeger"
+
diff --git a/linux/system/repo_local/mcp/apt_mirantis/saltstack.yml b/linux/system/repo_local/mcp/apt_mirantis/saltstack.yml
index f9c8c50..c2e6db5 100644
--- a/linux/system/repo_local/mcp/apt_mirantis/saltstack.yml
+++ b/linux/system/repo_local/mcp/apt_mirantis/saltstack.yml
@@ -1,3 +1,5 @@
+# DEPRECATED since 2018.7+ release.
+# Please use system/repo/mcp/apt_mirantis
parameters:
_param:
apt_mk_version: stable
diff --git a/openssh/client/root.yml b/openssh/client/root.yml
index 145f5da..66f8f88 100644
--- a/openssh/client/root.yml
+++ b/openssh/client/root.yml
@@ -36,7 +36,9 @@
user:
root:
enabled: true
- private_key:
- type: rsa
- key: ${_param:root_private_key}
user: ${linux:system:user:root}
+ private_key: ${private_keys:root}
+ private_keys:
+ root:
+ type: rsa
+ key: ${_param:root_private_key}