Merge "default sizing VM for CP"
diff --git a/auditd/server/ciscat.yml b/auditd/server/ciscat.yml
new file mode 100644
index 0000000..dc4baa7
--- /dev/null
+++ b/auditd/server/ciscat.yml
@@ -0,0 +1,3 @@
+classes:
+- service.auditd.server
+- service.auditd.rules.ciscat
diff --git a/debmirror/mirror_mirantis_com/ubuntu/xenial.yml b/debmirror/mirror_mirantis_com/ubuntu/xenial.yml
index 3ba7267..d869e94 100644
--- a/debmirror/mirror_mirantis_com/ubuntu/xenial.yml
+++ b/debmirror/mirror_mirantis_com/ubuntu/xenial.yml
@@ -136,6 +136,12 @@
301: "--exclude='(main|universe)/l/linux-*-(.*azure|.*aws|gke|.*azure-edge|.*oem/|.*euclid/)'"
302: "--exclude='/*universe.*(-armel-|-arm-)(?!.*amd64)'"
303: "--exclude='/main/l/linux(.*)/linux-source-*'"
+ # Generic: Old minor version of kernels. Old - if minor less then 3 digits.
+ 304: '--exclude="main/l/(linux|linux-signed)/linux-.*.4\.4\.0-[0-9]{1,2}\."'
+ # Hwe 4.8: Old minor version of kernels. Old - if minor in 30-40.
+ 305: '--exclude="main/l/.*hwe.*/linux-.*.4\.8\.0-((3|4)[0-9])"'
+ # Hwe 4.10: Old minor version of kernels. Old - if minor in 20-30.
+ 306: '--exclude="main/l/.*hwe.*/linux-.*.4\.10\.0-((2|3)[0-9])"'
# List of packages, that should be fetched from fresh ppa or other mirror
# So,removing them from upstream mirror.
500: "--exclude='/main/m/maas/'"
diff --git a/jenkins/client/job/deploy/lab/deploy.yml b/jenkins/client/job/deploy/lab/deploy.yml
index 6c9eb2a..879d7c9 100644
--- a/jenkins/client/job/deploy/lab/deploy.yml
+++ b/jenkins/client/job/deploy/lab/deploy.yml
@@ -167,7 +167,7 @@
default: "http://127.0.0.1:8080"
TEST_K8S_CONFORMANCE_IMAGE:
type: string
- default: "docker-prod-virtual.docker.mirantis.net/mirantis/kubernetes/k8s-conformance:v1.8.13-11"
+ default: "docker-prod-virtual.docker.mirantis.net/mirantis/kubernetes/k8s-conformance:v1.10.4-4"
TEST_TEMPEST_IMAGE:
type: string
diff --git a/jenkins/client/job/oscore/qa.yml b/jenkins/client/job/oscore/qa.yml
index 6d54082..13d0e76 100644
--- a/jenkins/client/job/oscore/qa.yml
+++ b/jenkins/client/job/oscore/qa.yml
@@ -25,6 +25,7 @@
mcp/{{oscore-qa-project}}:
branches:
- master
+ - pike
event:
change:
- merged
@@ -43,7 +44,7 @@
default: "mirantis/oscore/{{oscore-qa-project}}"
IMAGE_TAG:
type: string
- default: "latest"
+ default: ""
DOCKER_REGISTRY:
type: string
default: "docker-prod-local.docker.mirantis.net"
diff --git a/jenkins/client/job/oscore/test_upgrades.yml b/jenkins/client/job/oscore/test_upgrades.yml
index 1ad4583..e513cf7 100644
--- a/jenkins/client/job/oscore/test_upgrades.yml
+++ b/jenkins/client/job/oscore/test_upgrades.yml
@@ -15,7 +15,7 @@
type: workflow-scm
scm:
type: git
- url: "https://github.com/jumpojoy/openstack-pipelines"
+ url: "${_param:jenkins_gerrit_url}/openstack-ci/openstack-pipelines"
credentials: "gerrit"
branch: 'master'
script: test-openstack-upgrade-pipeline.groovy
@@ -59,7 +59,7 @@
SALT_MASTER_CREDENTIALS:
type: string
description: "ID of salt API credentials."
- default: "salt"
+ default: "salt-qa-credentials"
SALT_MASTER_URL:
type: string
description: 'Url for salt API.'
diff --git a/kubernetes/pool/cluster.yml b/kubernetes/pool/cluster.yml
index 335078f..81b2d99 100644
--- a/kubernetes/pool/cluster.yml
+++ b/kubernetes/pool/cluster.yml
@@ -14,11 +14,11 @@
kubernetes_calico_calicoctl_image: ${_param:kubernetes_calico_calicoctl_repo}/ctl:v1.6.4
kubernetes_calico_image: ${_param:kubernetes_calico_repo}/node:v2.6.9
kubernetes_calico_cni_image: ${_param:kubernetes_calico_cni_repo}/cni:v1.11.5
- kubernetes_hyperkube_image: ${_param:kubernetes_hyperkube_repo}/hyperkube-amd64:v1.8.13-11
- kubernetes_pause_image: ${_param:kubernetes_hyperkube_repo}/pause-amd64:v1.8.13-11
+ kubernetes_hyperkube_image: ${_param:kubernetes_hyperkube_repo}/hyperkube-amd64:v1.10.4-4
+ kubernetes_pause_image: ${_param:kubernetes_hyperkube_repo}/pause-amd64:v1.10.4-4
kubernetes_contrail_cni_image: ${_param:kubernetes_contrail_cni_repo}/contrail-cni:v1.2.0
kubernetes_contrail_network_controller_image: ${_param:kubernetes_contrail_network_controller_repo}/contrail-network-controller:v1.2.0
- kubernetes_virtlet_image: mirantis/virtlet:v1.0.3
+ kubernetes_virtlet_image: mirantis/virtlet:v1.1.0
kubernetes_criproxy_version: v0.11.0
kubernetes_criproxy_checksum: md5=115bbb0c27518db6b0b3bc8cdc5fc897
diff --git a/kubernetes/pool/single.yml b/kubernetes/pool/single.yml
index 3f4af34..a442a6b 100644
--- a/kubernetes/pool/single.yml
+++ b/kubernetes/pool/single.yml
@@ -14,11 +14,11 @@
kubernetes_calico_calicoctl_image: ${_param:kubernetes_calico_calicoctl_repo}/ctl:v1.6.4
kubernetes_calico_image: ${_param:kubernetes_calico_repo}/node:v2.6.9
kubernetes_calico_cni_image: ${_param:kubernetes_calico_cni_repo}/cni:v1.11.5
- kubernetes_hyperkube_image: ${_param:kubernetes_hyperkube_repo}/hyperkube-amd64:v1.8.13-11
- kubernetes_pause_image: ${_param:kubernetes_hyperkube_repo}/pause-amd64:v1.8.13-11
+ kubernetes_hyperkube_image: ${_param:kubernetes_hyperkube_repo}/hyperkube-amd64:v1.10.4-4
+ kubernetes_pause_image: ${_param:kubernetes_hyperkube_repo}/pause-amd64:v1.10.4-4
kubernetes_contrail_cni_image: ${_param:kubernetes_contrail_cni_repo}/contrail-cni:v1.2.0
kubernetes_contrail_network_controller_image: ${_param:kubernetes_contrail_network_controller_repo}/contrail-network-controller:v1.2.0
- kubernetes_virtlet_image: mirantis/virtlet:v1.0.3
+ kubernetes_virtlet_image: mirantis/virtlet:v1.1.0
kubernetes_criproxy_version: v0.11.0
kubernetes_criproxy_checksum: md5=115bbb0c27518db6b0b3bc8cdc5fc897
diff --git a/rabbitmq/server/vhost/openstack/ha_for_all_queues.yml b/rabbitmq/server/vhost/openstack/ha_for_all_queues.yml
new file mode 100644
index 0000000..040a8ed
--- /dev/null
+++ b/rabbitmq/server/vhost/openstack/ha_for_all_queues.yml
@@ -0,0 +1,10 @@
+parameters:
+ rabbitmq:
+ server:
+ host:
+ '/openstack':
+ policies:
+ - name: ha-all
+ pattern: '.'
+ definition: '{"ha-mode":"all", "ha-sync-mode":"automatic"}'
+ priority: 0
diff --git a/rabbitmq/server/vhost/openstack/ha_for_all_queues_except_telemetry.yml b/rabbitmq/server/vhost/openstack/ha_for_all_queues_except_telemetry.yml
new file mode 100644
index 0000000..a2eef5b
--- /dev/null
+++ b/rabbitmq/server/vhost/openstack/ha_for_all_queues_except_telemetry.yml
@@ -0,0 +1,10 @@
+parameters:
+ rabbitmq:
+ server:
+ host:
+ '/openstack':
+ policies:
+ - name: ha-all-except-notif
+ pattern: '^((?!(alarm|alarming|event|metering|notifications)\.).)*$'
+ definition: '{"ha-mode":"all", "ha-sync-mode":"automatic"}'
+ priority: 0
diff --git a/rabbitmq/server/vhost/openstack/ha_for_telemetry_queues.yml b/rabbitmq/server/vhost/openstack/ha_for_telemetry_queues.yml
new file mode 100644
index 0000000..d456072
--- /dev/null
+++ b/rabbitmq/server/vhost/openstack/ha_for_telemetry_queues.yml
@@ -0,0 +1,10 @@
+parameters:
+ rabbitmq:
+ server:
+ host:
+ '/openstack':
+ policies:
+ - name: ha-notif
+ pattern: '^(alarm|alarming|event|metering|notifications)\.'
+ definition: '{"ha-mode":"all", "ha-sync-mode":"automatic"}'
+ priority: 0
diff --git a/rabbitmq/server/vhost/openstack/rpc_ha.yml b/rabbitmq/server/vhost/openstack/rpc_ha.yml
new file mode 100644
index 0000000..a3c461d
--- /dev/null
+++ b/rabbitmq/server/vhost/openstack/rpc_ha.yml
@@ -0,0 +1,22 @@
+parameters:
+ rabbitmq:
+ server:
+ host:
+ '/openstack':
+ policies:
+ - name: heat_engine_rpc_expire
+ pattern: '^heat-engine-listener\.'
+ definition: '{"expires":3600000, "ha-mode":"all", "ha-sync-mode":"automatic"}'
+ priority: 1
+ - name: heat_worker_rpc_expire
+ pattern: '^engine_worker\.'
+ definition: '{"expires":3600000, "ha-mode":"all", "ha-sync-mode":"automatic"}'
+ priority: 1
+ - name: results_expire
+ pattern: '^results\.'
+ definition: '{"expires":3600000, "ha-mode":"all", "ha-sync-mode":"automatic"}'
+ priority: 1
+ - name: tasks_expire
+ pattern: '^tasks\.'
+ definition: '{"expires":3600000, "ha-mode":"all", "ha-sync-mode":"automatic"}'
+ priority: 1
diff --git a/rabbitmq/server/vhost/openstack/without_rpc_ha.yml b/rabbitmq/server/vhost/openstack/without_rpc_ha.yml
new file mode 100644
index 0000000..4b35c32
--- /dev/null
+++ b/rabbitmq/server/vhost/openstack/without_rpc_ha.yml
@@ -0,0 +1,22 @@
+parameters:
+ rabbitmq:
+ server:
+ host:
+ '/openstack':
+ policies:
+ - name: heat_engine_rpc_expire
+ pattern: '^heat-engine-listener\.'
+ definition: '{"expires":3600000}'
+ priority: 1
+ - name: heat_worker_rpc_expire
+ pattern: '^engine_worker\.'
+ definition: '{"expires":3600000}'
+ priority: 1
+ - name: results_expire
+ pattern: '^results\.'
+ definition: '{"expires":3600000}'
+ priority: 1
+ - name: tasks_expire
+ pattern: '^tasks\.'
+ definition: '{"expires":3600000}'
+ priority: 1
diff --git a/salt/master/formula/git/auditd.yml b/salt/master/formula/git/auditd.yml
new file mode 100644
index 0000000..f88c0f9
--- /dev/null
+++ b/salt/master/formula/git/auditd.yml
@@ -0,0 +1,10 @@
+parameters:
+ salt:
+ master:
+ environment:
+ dev:
+ formula:
+ auditd:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-auditd.git'
+ revision: ${_param:salt_master_environment_revision}
diff --git a/salt/master/formula/pkg/auditd.yml b/salt/master/formula/pkg/auditd.yml
new file mode 100644
index 0000000..b81c419
--- /dev/null
+++ b/salt/master/formula/pkg/auditd.yml
@@ -0,0 +1,9 @@
+parameters:
+ salt:
+ master:
+ environment:
+ prd:
+ formula:
+ auditd:
+ source: pkg
+ name: salt-formula-auditd