Merge "Drop alerta-web and prometheus_gainsight image defaults from docker swarm"
diff --git a/ceph/radosgw/single.yml b/ceph/radosgw/single.yml
deleted file mode 100644
index 93db9bb..0000000
--- a/ceph/radosgw/single.yml
+++ /dev/null
@@ -1,22 +0,0 @@
-# LEGACY - use rgw.cluster or rgw.single instead
-parameters:
- _param:
- radosgw_keyring_path: /etc/ceph/ceph.client.radosgw.keyring
- ceph:
- radosgw:
- enabled: true
- client:
- config:
- client.radosgw.gateway:
- rgw_keystone_accepted_roles: "_member_, Member, admin, swiftoperator"
- keyring: /etc/ceph/ceph.client.radosgw.keyring
- rgw_socket_path: /tmp/radosgw.sock
- rgw_keystone_revocation_interval: 60
- rgw_keystone_url: ${_param:keystone_service_host}:5000
- rgw_keystone_admin_token: ${_param:keystone_service_token}
- host: ${linux:system:name}
- rgw_dns_name : ${_param:cluster_domain}
- rgw_print_continue: True
- rgw_content_length_compat: true
- rgw_swift_enforce_content_length: true
- user: www-data
diff --git a/defaults/docker_images.yml b/defaults/docker_images.yml
index ca55601..d7c290c 100644
--- a/defaults/docker_images.yml
+++ b/defaults/docker_images.yml
@@ -17,7 +17,9 @@
docker_image_gerrit: "${_param:mcp_docker_registry}/mirantis/cicd/gerrit:${_param:mcp_version}"
# mysql:5.6
docker_image_mysql: "${_param:mcp_docker_registry}/mirantis/cicd/mysql:${_param:mcp_version}"
- docker_image_jenkins_slave: ${_param:mcp_docker_registry}/mirantis/cicd/jnlp-slave:${_param:mcp_version}
+ # jenkins:2.121.3
+ docker_image_jenkins: "${_param:mcp_docker_registry}/mirantis/cicd/jenkins:${_param:mcp_version}"
+ docker_image_jenkins_slave: "${_param:mcp_docker_registry}/mirantis/cicd/jnlp-slave:${_param:mcp_version}"
# model-generator
docker_image_operations_api: "${_param:mcp_docker_registry}/mirantis/model-generator/operations-api:${_param:mcp_version}"
docker_image_operations_ui: "${_param:mcp_docker_registry}/mirantis/model-generator/operations-ui:${_param:mcp_version}"
@@ -32,3 +34,5 @@
docker_image_remote_agent: "${_param:mcp_docker_registry}/openstack-docker/telegraf:${_param:mcp_version}"
docker_image_remote_collector: "${_param:mcp_docker_registry}/openstack-docker/heka:${_param:mcp_version}"
docker_image_remote_storage_adapter: "${_param:mcp_docker_registry}/openstack-docker/remote_storage_adapter:${_param:mcp_version}"
+ ##
+ docker_image_cockroachdb: "${_param:mcp_docker_registry}/mirantis/external/cockroach:v2.1.1"
diff --git a/defaults/init.yml b/defaults/init.yml
index b19f2c8..31218b4 100644
--- a/defaults/init.yml
+++ b/defaults/init.yml
@@ -13,6 +13,7 @@
- system.defaults.debmirror
- system.defaults.docker_images
- system.defaults.gerrit
+- system.defaults.keepalived
parameters:
_param:
mcp_version: stable
@@ -33,5 +34,6 @@
# Other
salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
salt_control_trusty_image_backend: /var/lib/libvirt/images/backends/trusty.qcow2
+ salt_minion_ca_host: cfg01.${_param:cluster_domain}
# Make sure this global variable is defined everywhere, where used it is already set on cluster level
cluster_public_host: '127.0.0.1'
diff --git a/defaults/keepalived/init.yml b/defaults/keepalived/init.yml
new file mode 100644
index 0000000..f39d80e
--- /dev/null
+++ b/defaults/keepalived/init.yml
@@ -0,0 +1,3 @@
+parameters:
+ _param:
+ keepalived_openstack_web_vrrp_script_check_pidof_args: "nginx"
diff --git a/defaults/openstack/init.yml b/defaults/openstack/init.yml
index 334fd43..441e1c1 100644
--- a/defaults/openstack/init.yml
+++ b/defaults/openstack/init.yml
@@ -14,6 +14,7 @@
openstack_rabbitmq_port: 5672
openstack_rabbitmq_x509_enabled: False
# Openstack memcache
+ openstack_memcached_server_bind_address: 0.0.0.0
openstack_memcache_security_enabled: False
openstack_memcache_security_strategy: 'ENCRYPT'
openstack_memcached_proto_tcp_enabled: True
diff --git a/docker/client/compose/service/jenkins.yml b/docker/client/compose/service/jenkins.yml
index 5054909..55aacdc 100644
--- a/docker/client/compose/service/jenkins.yml
+++ b/docker/client/compose/service/jenkins.yml
@@ -2,7 +2,6 @@
- system.docker.client.compose
parameters:
_param:
- docker_image_jenkins: mirantis/jenkins:2.100
jenkins_master_extra_opts: ""
jenkins_master_executors_num: 4
jenkins_master_max_concurent_requests: 40
diff --git a/docker/swarm/stack/jenkins/master.yml b/docker/swarm/stack/jenkins/master.yml
index 890f8da..45c952f 100644
--- a/docker/swarm/stack/jenkins/master.yml
+++ b/docker/swarm/stack/jenkins/master.yml
@@ -2,7 +2,6 @@
- system.docker
parameters:
_param:
- docker_image_jenkins: mirantis/jenkins:2.100
jenkins_master_extra_opts: ""
jenkins_master_executors_num: 4
jenkins_master_max_concurent_requests: 40
diff --git a/docker/swarm/stack/operations_api.yml b/docker/swarm/stack/operations_api.yml
index dd74899..e4f4ebd 100644
--- a/docker/swarm/stack/operations_api.yml
+++ b/docker/swarm/stack/operations_api.yml
@@ -1,8 +1,6 @@
parameters:
_param:
docker_operations_api_replicas: 1
- # FIXME: move cockroach image to defaults once it is uploaded to artifactory with proper tag
- docker_image_cockroachdb: cockroachdb/cockroach:latest
operations_api_sqlalchemy_database_uri: "cockroachdb://oapi@cockroach-ui:26257/oapi"
operations_api_sqlalchemy_echo: "false"
operations_api_flask_debug: "false"
diff --git a/horizon/server/cluster.yml b/horizon/server/cluster.yml
index 0cd20d7..db0c7e5 100644
--- a/horizon/server/cluster.yml
+++ b/horizon/server/cluster.yml
@@ -1,6 +1,7 @@
classes:
- service.keepalived.cluster.single
- service.horizon.server.cluster
+- system.horizon.server.iptables
- service.haproxy.proxy.single
- system.apache.server.single
- system.haproxy.proxy.listen.openstack.horizon
diff --git a/horizon/server/iptables.yml b/horizon/server/iptables.yml
new file mode 100644
index 0000000..4836feb
--- /dev/null
+++ b/horizon/server/iptables.yml
@@ -0,0 +1,94 @@
+parameters:
+ iptables:
+ tables:
+ v4:
+ filter:
+ chains:
+ OUTPUT:
+ ruleset:
+ 100:
+ action: NAME_RESOLUTION
+ 1000:
+ rule: -m owner --uid-owner horizon
+ action: HORIZON_ACCESS_RULES
+ HORIZON_ACCESS_RULES:
+ ruleset:
+ 100:
+ # Allow publicURL endpoint(s)
+ rule: -p tcp --dst ${_param:cluster_public_host}
+ action: HORIZON_OPENSTACK_ENDPOINTS
+ 101:
+ # Allow internalURL endpoint(s)
+ rule: -p tcp --dst ${_param:openstack_control_address}
+ action: HORIZON_OPENSTACK_ENDPOINTS
+ 200:
+ # Allow memcached on localhost
+ rule: -o lo
+ action: HORIZON_MEMCACHED_ENDPOINTS
+ 201:
+ # Allow memchached on other hosts
+ # This rule should be altered (not here) if required to allow
+ # only specific hosts.
+ action: HORIZON_MEMCACHED_ENDPOINTS
+ 500:
+ # Disable any other local traffic
+ rule: -o lo
+ action: REJECT
+ 501:
+ # 501-503 disable private networks
+ rule: --dst 10.0.0.0/16
+ action: REJECT
+ 502:
+ rule: --dst 172.16.0.0/12
+ action: REJECT
+ 503:
+ rule: --dst 192.168.0.0/16
+ action: REJECT
+ 504:
+ # Disable APIPA
+ rule: --dst 169.254.0.0/16
+ action: REJECT
+ 1000:
+ # Accept any other traffic
+ # It should be external traffic only
+ action: ACCEPT
+ HORIZON_OPENSTACK_ENDPOINTS:
+ ruleset:
+ 10:
+ # Identity service (keystone) public endpoint
+ rule: -p tcp --dport 5000
+ action: ACCEPT
+ 20:
+ # Orchestration (heat) endpoint
+ rule: -p tcp --dport 8004
+ action: ACCEPT
+ 30:
+ # Compute (nova) endpoint
+ rule: -p tcp --dport 8774
+ action: ACCEPT
+ 40:
+ # Block Storage (cinder) endpoint
+ rule: -p tcp --dport 8776
+ action: ACCEPT
+ 50:
+ # Image service (glance) endpoint
+ rule: -p tcp --dport 9292
+ action: ACCEPT
+ 60:
+ # Networking (neutron) endpoint
+ rule: -p tcp --dport 9696
+ action: ACCEPT
+ HORIZON_MEMCACHED_ENDPOINTS:
+ ruleset:
+ 10:
+ rule: -p tcp --dport 11211
+ action: ACCEPT
+ 1000:
+ action: RETURN
+ NAME_RESOLUTION:
+ ruleset:
+ 10:
+ rule: -p udp --dport 53
+ action: ACCEPT
+ 1000:
+ action: RETURN
diff --git a/horizon/server/single.yml b/horizon/server/single.yml
index bd2ea7b..0ed0674 100644
--- a/horizon/server/single.yml
+++ b/horizon/server/single.yml
@@ -1,5 +1,6 @@
classes:
- service.horizon.server.single
+- system.horizon.server.iptables
- system.apache.server.single
- system.memcached.server.single
parameters:
diff --git a/jenkins/client/job/stacklight/cookiecutter.yml b/jenkins/client/job/stacklight/cookiecutter.yml
index e057a26..2500254 100644
--- a/jenkins/client/job/stacklight/cookiecutter.yml
+++ b/jenkins/client/job/stacklight/cookiecutter.yml
@@ -1,74 +1,2 @@
-parameters:
- jenkins:
- client:
- job:
- stacklight-test-cookiecutter-model:
- display_name: stacklight-test-cookiecutter-model
- name: stacklight-test-cookiecutter-model
- concurrent: true
- description: Test specified cookiecutter context
- discard:
- build:
- keep_num: 60
- artifact:
- keep_num: 60
- type: workflow-scm
- scm:
- type: git
- url: "${_param:jenkins_gerrit_url}/openstack-ci/openstack-pipelines"
- credentials: "gerrit"
- branch: 'master'
- script: test-cookiecutter-model-pipeline.groovy
- trigger:
- timer:
- spec: "H H(0-3) * * *"
- param:
- CREDENTIALS_ID:
- type: string
- description: "ID of jenkins credentials for connecting to gerrit"
- default: "gerrit"
- COOKIECUTTER_TEMPLATE_CONTEXT_FILE:
- type: string
- description: "Context for cookiecutter template specified as filename"
- default: 'stacklight-openstack-ovs-core-pike'
- OPENSTACK_ENVIRONMENT:
- type: choice
- description: "Target openstack environment"
- choices:
- - devcloud
- - presales
- - oscore_devcloud
- OPENSTACK_API_CREDENTIALS:
- type: string
- description: "Credentials to the OpenStack API"
- OPENSTACK_API_PROJECT:
- type: string
- default: "mcp-stacklight"
- HEAT_STACK_ZONE:
- type: string
- default: "mcp-stacklight"
- FLAVOR_PREFIX:
- type: string
- default: 'dev'
- RUN_SMOKE:
- type: boolean
- description: "Run smoke after deployment or not (bool)"
- default: 'false'
- COOKIECUTTER_EXTRA_CONTEXT:
- type: text
- description: "Extra context items, will be merged to COOKIECUTTER_TEMPLATE_CONTEXT_FILE"
- default: |-
- #Extra context that will be merged with content of COOKIECUTTER_TEMPLATE_CONTEXT_FILE
- default_context:
- openssh_groups: "qa_scale,oscore_devops,networking,tcpcloud,stacklight,k8s_team,drivetrain"
- cookiecutter_template_url: ssh://gerrit.mcp.mirantis.com:29418/mk/cookiecutter-templates.git
- cookiecutter_template_branch: 'master'
- shared_reclass_url: ssh://gerrit.mcp.mirantis.com:29418/salt-models/reclass-system.git
- shared_reclass_branch: 'master'
- STACK_INSTALL:
- type: string
- default: 'core,openstack,ovs,stacklight'
- STACK_DELETE:
- type: boolean
- description: "Delete Heat stack when finished (bool). Don't enable it if you need to use the lab after"
- default: 'true'
+# This file will be removed in Q3
+# jobs was moved into salt-models/infra repo
diff --git a/jenkins/client/job/stacklight/init.yml b/jenkins/client/job/stacklight/init.yml
index 6d8f563..2500254 100644
--- a/jenkins/client/job/stacklight/init.yml
+++ b/jenkins/client/job/stacklight/init.yml
@@ -1,2 +1,2 @@
-classes:
- - system.jenkins.client.job.stacklight.cookiecutter
+# This file will be removed in Q3
+# jobs was moved into salt-models/infra repo
diff --git a/keepalived/cluster/instance/openstack_web_public_vip.yml b/keepalived/cluster/instance/openstack_web_public_vip.yml
index 144ddf2..363f23b 100644
--- a/keepalived/cluster/instance/openstack_web_public_vip.yml
+++ b/keepalived/cluster/instance/openstack_web_public_vip.yml
@@ -11,7 +11,7 @@
cluster:
vrrp_scripts:
check_pidof:
- args: "nginx"
+ args: ${_param:keepalived_openstack_web_vrrp_script_check_pidof_args}
interval: 10
rise: 1
fall: 1
@@ -23,4 +23,4 @@
interface: ${_param:keepalived_openstack_web_public_vip_interface}
virtual_router_id: 132
priority: ${_param:keepalived_vip_priority}
- track_script: check_pidof
\ No newline at end of file
+ track_script: check_pidof
diff --git a/kubernetes/common/init.yml b/kubernetes/common/init.yml
index ded78c7..76c1e9a 100644
--- a/kubernetes/common/init.yml
+++ b/kubernetes/common/init.yml
@@ -116,6 +116,11 @@
kubernetes_telegraf_agent_quiet: false
kubernetes_telegraf_agent_omit_hostname: false
+ linux:
+ system:
+ kernel:
+ sysctl:
+ net.ipv4.ip_forward: 1
docker:
host:
pkgs:
diff --git a/maas/region/single.yml b/maas/region/single.yml
index 74bcea1..eca0ecb 100644
--- a/maas/region/single.yml
+++ b/maas/region/single.yml
@@ -10,8 +10,12 @@
enabled: true
role: master
region:
- host: ${_param:single_address}
- port: 5242
+ host: ${_param:single_address}:5242
+ curtin_vars:
+ amd64:
+ xenial:
+ extra_pkgs: [ "linux-headers-virtual-hwe-16.04", "linux-image-extra-virtual-hwe-16.04" ]
+ kernel_package: 'linux-image-virtual-hwe-16.04'
region:
salt_master_ip: ${_param:infra_config_deploy_address}
theme: mirantis
diff --git a/memcached/server/single.yml b/memcached/server/single.yml
index fabef56..7a164c0 100644
--- a/memcached/server/single.yml
+++ b/memcached/server/single.yml
@@ -4,6 +4,7 @@
memcached:
server:
bind:
+ address: ${_param:openstack_memcached_server_bind_address}
proto:
tcp:
enabled: ${_param:openstack_memcached_proto_tcp_enabled}
diff --git a/salt/minion/cert/barbican.yml b/salt/minion/cert/barbican.yml
index eb38c44..8ee4d41 100644
--- a/salt/minion/cert/barbican.yml
+++ b/salt/minion/cert/barbican.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: kmn01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
barbican_cert_alternative_names: IP:127.0.0.1,IP:${_param:cluster_local_address},IP:${_param:cluster_vip_address},DNS:${linux:system:name},DNS:${linux:network:fqdn},DNS:${_param:cluster_vip_address},DNS:${_param:openstack_service_host}
salt:
diff --git a/salt/minion/cert/libvirtd/init.yml b/salt/minion/cert/libvirtd/init.yml
index 735312e..ae1de7d 100644
--- a/salt/minion/cert/libvirtd/init.yml
+++ b/salt/minion/cert/libvirtd/init.yml
@@ -4,6 +4,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
libvirtd_ssl_ca_file: /etc/pki/CA/cacert.pem
\ No newline at end of file
diff --git a/salt/minion/cert/libvirtd/vnc_server.yml b/salt/minion/cert/libvirtd/vnc_server.yml
index cf60c12..ae35ff2 100644
--- a/salt/minion/cert/libvirtd/vnc_server.yml
+++ b/salt/minion/cert/libvirtd/vnc_server.yml
@@ -3,7 +3,6 @@
qemu_vnc_server_ssl_key_file: /etc/pki/libvirt-vnc/server-key.pem
qemu_vnc_server_ssl_cert_file: /etc/pki/libvirt-vnc/server-cert.pem
qemu_vnc_ssl_ca_file: /etc/pki/libvirt-vnc/ca-cert.pem
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
qemu_vnc_ca_authority: qemu_vnc_ca
salt:
minion:
diff --git a/salt/minion/cert/mysql/clients/openstack/aodh.yml b/salt/minion/cert/mysql/clients/openstack/aodh.yml
index ee1dccc..6febf4d 100644
--- a/salt/minion/cert/mysql/clients/openstack/aodh.yml
+++ b/salt/minion/cert/mysql/clients/openstack/aodh.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
mysql_aodh_client_ssl_key_file: /etc/aodh/ssl/mysql/client-key.pem
mysql_aodh_client_ssl_cert_file: /etc/aodh/ssl/mysql/client-cert.pem
diff --git a/salt/minion/cert/mysql/clients/openstack/barbican.yml b/salt/minion/cert/mysql/clients/openstack/barbican.yml
index c6476d3..75397d5 100644
--- a/salt/minion/cert/mysql/clients/openstack/barbican.yml
+++ b/salt/minion/cert/mysql/clients/openstack/barbican.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
mysql_barbican_client_ssl_key_file: /etc/barbican/ssl/mysql/client-key.pem
mysql_barbican_client_ssl_cert_file: /etc/barbican/ssl/mysql/client-cert.pem
diff --git a/salt/minion/cert/mysql/clients/openstack/cinder.yml b/salt/minion/cert/mysql/clients/openstack/cinder.yml
index 475132a..603b822 100644
--- a/salt/minion/cert/mysql/clients/openstack/cinder.yml
+++ b/salt/minion/cert/mysql/clients/openstack/cinder.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
mysql_cinder_client_ssl_key_file: /etc/cinder/ssl/mysql/client-key.pem
mysql_cinder_client_ssl_cert_file: /etc/cinder/ssl/mysql/client-cert.pem
diff --git a/salt/minion/cert/mysql/clients/openstack/designate.yml b/salt/minion/cert/mysql/clients/openstack/designate.yml
index 7910dfb..8572004 100644
--- a/salt/minion/cert/mysql/clients/openstack/designate.yml
+++ b/salt/minion/cert/mysql/clients/openstack/designate.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
mysql_designate_client_ssl_key_file: /etc/designate/ssl/mysql/client-key.pem
mysql_designate_client_ssl_cert_file: /etc/designate/ssl/mysql/client-cert.pem
diff --git a/salt/minion/cert/mysql/clients/openstack/glance.yml b/salt/minion/cert/mysql/clients/openstack/glance.yml
index 436ac64..56b596d 100644
--- a/salt/minion/cert/mysql/clients/openstack/glance.yml
+++ b/salt/minion/cert/mysql/clients/openstack/glance.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
mysql_glance_client_ssl_key_file: /etc/glance/ssl/mysql/client-key.pem
mysql_glance_client_ssl_cert_file: /etc/glance/ssl/mysql/client-cert.pem
diff --git a/salt/minion/cert/mysql/clients/openstack/gnocchi.yml b/salt/minion/cert/mysql/clients/openstack/gnocchi.yml
index f6f7497..8183a6f 100644
--- a/salt/minion/cert/mysql/clients/openstack/gnocchi.yml
+++ b/salt/minion/cert/mysql/clients/openstack/gnocchi.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
mysql_gnocchi_client_ssl_key_file: /etc/gnocchi/ssl/mysql/client-key.pem
mysql_gnocchi_client_ssl_cert_file: /etc/gnocchi/ssl/mysql/client-cert.pem
diff --git a/salt/minion/cert/mysql/clients/openstack/heat.yml b/salt/minion/cert/mysql/clients/openstack/heat.yml
index f338de7..3e7b3e3 100644
--- a/salt/minion/cert/mysql/clients/openstack/heat.yml
+++ b/salt/minion/cert/mysql/clients/openstack/heat.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
mysql_heat_client_ssl_key_file: /etc/heat/ssl/mysql/client-key.pem
mysql_heat_client_ssl_cert_file: /etc/heat/ssl/mysql/client-cert.pem
diff --git a/salt/minion/cert/mysql/clients/openstack/ironic.yml b/salt/minion/cert/mysql/clients/openstack/ironic.yml
index d43dc86..899739c 100644
--- a/salt/minion/cert/mysql/clients/openstack/ironic.yml
+++ b/salt/minion/cert/mysql/clients/openstack/ironic.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
mysql_ironic_client_ssl_key_file: /etc/ironic/ssl/mysql/client-key.pem
mysql_ironic_client_ssl_cert_file: /etc/ironic/ssl/mysql/client-cert.pem
diff --git a/salt/minion/cert/mysql/clients/openstack/keystone.yml b/salt/minion/cert/mysql/clients/openstack/keystone.yml
index 69b100b..938ac76 100644
--- a/salt/minion/cert/mysql/clients/openstack/keystone.yml
+++ b/salt/minion/cert/mysql/clients/openstack/keystone.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
mysql_keystone_client_ssl_key_file: /etc/keystone/ssl/mysql/client-key.pem
mysql_keystone_client_ssl_cert_file: /etc/keystone/ssl/mysql/client-cert.pem
diff --git a/salt/minion/cert/mysql/clients/openstack/manila.yml b/salt/minion/cert/mysql/clients/openstack/manila.yml
index 700c3cb..600f42d 100644
--- a/salt/minion/cert/mysql/clients/openstack/manila.yml
+++ b/salt/minion/cert/mysql/clients/openstack/manila.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
mysql_manila_client_ssl_key_file: /etc/manila/ssl/mysql/client-key.pem
mysql_manila_client_ssl_cert_file: /etc/manila/ssl/mysql/client-cert.pem
diff --git a/salt/minion/cert/mysql/clients/openstack/neutron.yml b/salt/minion/cert/mysql/clients/openstack/neutron.yml
index 8bca247..40c9a87 100644
--- a/salt/minion/cert/mysql/clients/openstack/neutron.yml
+++ b/salt/minion/cert/mysql/clients/openstack/neutron.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
mysql_neutron_client_ssl_key_file: /etc/neutron/ssl/mysql/client-key.pem
mysql_neutron_client_ssl_cert_file: /etc/neutron/ssl/mysql/client-cert.pem
diff --git a/salt/minion/cert/mysql/clients/openstack/nova.yml b/salt/minion/cert/mysql/clients/openstack/nova.yml
index 7aa67d6..536a406 100644
--- a/salt/minion/cert/mysql/clients/openstack/nova.yml
+++ b/salt/minion/cert/mysql/clients/openstack/nova.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
mysql_nova_client_ssl_key_file: /etc/nova/ssl/mysql/client-key.pem
mysql_nova_client_ssl_cert_file: /etc/nova/ssl/mysql/client-cert.pem
diff --git a/salt/minion/cert/mysql/clients/openstack/panko.yml b/salt/minion/cert/mysql/clients/openstack/panko.yml
index ea7c450..bb1060c 100644
--- a/salt/minion/cert/mysql/clients/openstack/panko.yml
+++ b/salt/minion/cert/mysql/clients/openstack/panko.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
mysql_panko_client_ssl_key_file: /etc/panko/ssl/mysql/client-key.pem
mysql_panko_client_ssl_cert_file: /etc/panko/ssl/mysql/client-cert.pem
diff --git a/salt/minion/cert/mysql/init.yml b/salt/minion/cert/mysql/init.yml
index a1c480f..6198ade 100644
--- a/salt/minion/cert/mysql/init.yml
+++ b/salt/minion/cert/mysql/init.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
salt:
minion:
diff --git a/salt/minion/cert/opencontrail/xmpp.yml b/salt/minion/cert/opencontrail/xmpp.yml
index b142c59..2c3b86e 100644
--- a/salt/minion/cert/opencontrail/xmpp.yml
+++ b/salt/minion/cert/opencontrail/xmpp.yml
@@ -1,7 +1,6 @@
parameters:
_param:
salt_minion_ca_authority: salt_master_ca
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt:
minion:
cert:
diff --git a/salt/minion/cert/openstack_api.yml b/salt/minion/cert/openstack_api.yml
index 3f6af63..0a0a945 100644
--- a/salt/minion/cert/openstack_api.yml
+++ b/salt/minion/cert/openstack_api.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: ${linux:network:fqdn}
salt_minion_ca_authority: salt_master_ca
openstack_api_cert_alternative_names: IP:127.0.0.1,IP:${_param:cluster_local_address},IP:${_param:cluster_vip_address},DNS:${linux:system:name},DNS:${linux:network:fqdn},DNS:${_param:cluster_vip_address},DNS:${_param:openstack_service_host}
openstack_api_cert_key_file: "/etc/ssl/private/openstack_api.key"
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/aodh.yml b/salt/minion/cert/rabbitmq/clients/openstack/aodh.yml
index 4f56674..38e0410 100644
--- a/salt/minion/cert/rabbitmq/clients/openstack/aodh.yml
+++ b/salt/minion/cert/rabbitmq/clients/openstack/aodh.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
rabbitmq_aodh_client_ssl_key_file: /etc/aodh/ssl/rabbitmq/client-key.pem
rabbitmq_aodh_client_ssl_cert_file: /etc/aodh/ssl/rabbitmq/client-cert.pem
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/barbican.yml b/salt/minion/cert/rabbitmq/clients/openstack/barbican.yml
index 11c8b22..b2c81ff 100644
--- a/salt/minion/cert/rabbitmq/clients/openstack/barbican.yml
+++ b/salt/minion/cert/rabbitmq/clients/openstack/barbican.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
rabbitmq_barbican_client_ssl_key_file: /etc/barbican/ssl/rabbitmq/client-key.pem
rabbitmq_barbican_client_ssl_cert_file: /etc/barbican/ssl/rabbitmq/client-cert.pem
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/ceilometer.yml b/salt/minion/cert/rabbitmq/clients/openstack/ceilometer.yml
index 315e9f0..e07695c 100644
--- a/salt/minion/cert/rabbitmq/clients/openstack/ceilometer.yml
+++ b/salt/minion/cert/rabbitmq/clients/openstack/ceilometer.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
rabbitmq_ceilometer_client_ssl_key_file: /etc/ceilometer/ssl/rabbitmq/client-key.pem
rabbitmq_ceilometer_client_ssl_cert_file: /etc/ceilometer/ssl/rabbitmq/client-cert.pem
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/cinder.yml b/salt/minion/cert/rabbitmq/clients/openstack/cinder.yml
index 9129ca8..fe6d86d 100644
--- a/salt/minion/cert/rabbitmq/clients/openstack/cinder.yml
+++ b/salt/minion/cert/rabbitmq/clients/openstack/cinder.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
rabbitmq_cinder_client_ssl_key_file: /etc/cinder/ssl/rabbitmq/client-key.pem
rabbitmq_cinder_client_ssl_cert_file: /etc/cinder/ssl/rabbitmq/client-cert.pem
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/designate.yml b/salt/minion/cert/rabbitmq/clients/openstack/designate.yml
index 973215f..fa5dd47 100644
--- a/salt/minion/cert/rabbitmq/clients/openstack/designate.yml
+++ b/salt/minion/cert/rabbitmq/clients/openstack/designate.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
rabbitmq_designate_client_ssl_key_file: /etc/designate/ssl/rabbitmq/client-key.pem
rabbitmq_designate_client_ssl_cert_file: /etc/designate/ssl/rabbitmq/client-cert.pem
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/glance.yml b/salt/minion/cert/rabbitmq/clients/openstack/glance.yml
index e4ad7d4..44859fc 100644
--- a/salt/minion/cert/rabbitmq/clients/openstack/glance.yml
+++ b/salt/minion/cert/rabbitmq/clients/openstack/glance.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
rabbitmq_glance_client_ssl_key_file: /etc/glance/ssl/rabbitmq/client-key.pem
rabbitmq_glance_client_ssl_cert_file: /etc/glance/ssl/rabbitmq/client-cert.pem
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/heat.yml b/salt/minion/cert/rabbitmq/clients/openstack/heat.yml
index f95f7d2..1a23d11 100644
--- a/salt/minion/cert/rabbitmq/clients/openstack/heat.yml
+++ b/salt/minion/cert/rabbitmq/clients/openstack/heat.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
rabbitmq_heat_client_ssl_key_file: /etc/heat/ssl/rabbitmq/client-key.pem
rabbitmq_heat_client_ssl_cert_file: /etc/heat/ssl/rabbitmq/client-cert.pem
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/ironic.yml b/salt/minion/cert/rabbitmq/clients/openstack/ironic.yml
index 007faf2..387fa13 100644
--- a/salt/minion/cert/rabbitmq/clients/openstack/ironic.yml
+++ b/salt/minion/cert/rabbitmq/clients/openstack/ironic.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
rabbitmq_ironic_client_ssl_key_file: /etc/ironic/ssl/rabbitmq/client-key.pem
rabbitmq_ironic_client_ssl_cert_file: /etc/ironic/ssl/rabbitmq/client-cert.pem
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/keystone.yml b/salt/minion/cert/rabbitmq/clients/openstack/keystone.yml
index 4226118..d79be8f 100644
--- a/salt/minion/cert/rabbitmq/clients/openstack/keystone.yml
+++ b/salt/minion/cert/rabbitmq/clients/openstack/keystone.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
rabbitmq_keystone_client_ssl_key_file: /etc/keystone/ssl/rabbitmq/client-key.pem
rabbitmq_keystone_client_ssl_cert_file: /etc/keystone/ssl/rabbitmq/client-cert.pem
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/manila.yml b/salt/minion/cert/rabbitmq/clients/openstack/manila.yml
index 787273c..498b793 100644
--- a/salt/minion/cert/rabbitmq/clients/openstack/manila.yml
+++ b/salt/minion/cert/rabbitmq/clients/openstack/manila.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
rabbitmq_manila_client_ssl_key_file: /etc/manila/ssl/rabbitmq/client-key.pem
rabbitmq_manila_client_ssl_cert_file: /etc/manila/ssl/rabbitmq/client-cert.pem
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/neutron.yml b/salt/minion/cert/rabbitmq/clients/openstack/neutron.yml
index 955506f..3eec675 100644
--- a/salt/minion/cert/rabbitmq/clients/openstack/neutron.yml
+++ b/salt/minion/cert/rabbitmq/clients/openstack/neutron.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
rabbitmq_neutron_client_ssl_key_file: /etc/neutron/ssl/rabbitmq/client-key.pem
rabbitmq_neutron_client_ssl_cert_file: /etc/neutron/ssl/rabbitmq/client-cert.pem
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/nova.yml b/salt/minion/cert/rabbitmq/clients/openstack/nova.yml
index dfacb00..7936b38 100644
--- a/salt/minion/cert/rabbitmq/clients/openstack/nova.yml
+++ b/salt/minion/cert/rabbitmq/clients/openstack/nova.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
rabbitmq_nova_client_ssl_key_file: /etc/nova/ssl/rabbitmq/client-key.pem
rabbitmq_nova_client_ssl_cert_file: /etc/nova/ssl/rabbitmq/client-cert.pem
diff --git a/salt/minion/cert/rabbitmq_server.yml b/salt/minion/cert/rabbitmq_server.yml
index 78520e2..b0b3cd8 100644
--- a/salt/minion/cert/rabbitmq_server.yml
+++ b/salt/minion/cert/rabbitmq_server.yml
@@ -1,7 +1,6 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
salt:
diff --git a/salt/minion/cert/vnc/init.yml b/salt/minion/cert/vnc/init.yml
index 6f7f6ee..df62302 100644
--- a/salt/minion/cert/vnc/init.yml
+++ b/salt/minion/cert/vnc/init.yml
@@ -1,4 +1,3 @@
parameters:
_param:
- salt_minion_ca_host: cfg01.${_param:cluster_domain}
qemu_vnc_ca_authority: qemu_vnc_ca