Merge "Add octavia-dashboard horizon plugin"
diff --git a/apache/server/proxy/openstack/oadh.yml b/apache/server/proxy/openstack/oadh.yml
new file mode 100644
index 0000000..d8ae2eb
--- /dev/null
+++ b/apache/server/proxy/openstack/oadh.yml
@@ -0,0 +1,25 @@
+parameters:
+ _param:
+ apache_ssl:
+ enabled: false
+ apache_proxy_ssl: ${_param:apache_ssl}
+ apache_proxy_openstack_api_host: ${_param:cluster_public_host}
+ apache_proxy_openstack_api_address: 0.0.0.0
+ apache_proxy_openstack_aodh_host: ${_param:aodh_service_host}
+ apache:
+ server:
+ enabled: true
+ site:
+ apache_proxy_openstack_api_aodh:
+ enabled: true
+ type: proxy
+ name: openstack_api_aodh
+ proxy:
+ host: ${_param:apache_proxy_openstack_aodh_host}
+ port: 8042
+ protocol: http
+ host:
+ name: ${_param:apache_proxy_openstack_api_host}
+ port: 8042
+ address: ${_param:apache_proxy_openstack_api_address}
+ ssl: ${_param:apache_proxy_ssl}
diff --git a/fluentd/label/default_output/elasticsearch.yml b/fluentd/label/default_output/elasticsearch.yml
index aa96b31..398ea8c 100644
--- a/fluentd/label/default_output/elasticsearch.yml
+++ b/fluentd/label/default_output/elasticsearch.yml
@@ -1,5 +1,6 @@
classes:
- service.fluentd.agent.output.elasticsearch
+- system.fluentd.label.default_output.filter.common
parameters:
_param:
fluentd_elasticsearch_host: 127.0.0.1
@@ -9,32 +10,6 @@
config:
label:
default_output:
- filter:
- drop_nested_timestamp_and_sensitive_data:
- tag: "openstack.**"
- type: record_transformer
- enable_ruby: true
- remove_keys: '["_dummy_1", "_dummy_2", "_dummy_3"]'
- record:
- - name: _dummy_1
- value: ${fluentd:dollar}{if record.has_key?("context"); record["context"].delete("timestamp") ; end; nil }
- - name: _dummy_2
- value: ${fluentd:dollar}{if record.has_key?("context"); record["context"].delete("auth_token"); end; nil}
- - name: _dummy_3
- value: ${fluentd:dollar}{if record.has_key?("context"); record["context"].delete("auth_token_info"); end; nil}
- drop_hostname_field:
- tag: "openstack.**"
- type: record_transformer
- enable_ruby: true
- remove_keys: '["hostname"]'
- change_pid_field_value:
- tag: "haproxy.**"
- type: record_transformer
- enable_ruby: true
- record:
- - name: Pid
- value: ${fluentd:dollar}{record["pid"]}
- remove_keys: '["pid"]'
match:
elasticsearch_output:
host: ${_param:fluentd_elasticsearch_host}
diff --git a/fluentd/label/default_output/filter/common.yml b/fluentd/label/default_output/filter/common.yml
new file mode 100644
index 0000000..e9d2a67
--- /dev/null
+++ b/fluentd/label/default_output/filter/common.yml
@@ -0,0 +1,32 @@
+parameters:
+ fluentd:
+ agent:
+ config:
+ label:
+ default_output:
+ filter:
+ drop_nested_timestamp_and_sensitive_data:
+ tag: "openstack.**"
+ type: record_transformer
+ enable_ruby: true
+ remove_keys: '["_dummy_1", "_dummy_2", "_dummy_3"]'
+ record:
+ - name: _dummy_1
+ value: ${fluentd:dollar}{if record.has_key?("context"); record["context"].delete("timestamp") ; end; nil }
+ - name: _dummy_2
+ value: ${fluentd:dollar}{if record.has_key?("context"); record["context"].delete("auth_token"); end; nil}
+ - name: _dummy_3
+ value: ${fluentd:dollar}{if record.has_key?("context"); record["context"].delete("auth_token_info"); end; nil}
+ drop_hostname_field:
+ tag: "openstack.**"
+ type: record_transformer
+ enable_ruby: true
+ remove_keys: '["hostname"]'
+ change_pid_field_value:
+ tag: "haproxy.**"
+ type: record_transformer
+ enable_ruby: true
+ record:
+ - name: Pid
+ value: ${fluentd:dollar}{record["pid"]}
+ remove_keys: '["pid"]'
diff --git a/fluentd/label/default_output/forward.yml b/fluentd/label/default_output/forward.yml
new file mode 100644
index 0000000..50f55fa
--- /dev/null
+++ b/fluentd/label/default_output/forward.yml
@@ -0,0 +1,16 @@
+classes:
+- service.fluentd.agent.output.forward
+- system.fluentd.label.default_output.filter.common
+parameters:
+ _param:
+ fluentd_forward_host: 127.0.0.1
+ fluentd_forward_port: 24224
+ fluentd:
+ agent:
+ config:
+ label:
+ default_output:
+ match:
+ forward_output:
+ host: ${_param:fluentd_forward_host}
+ port: ${_param:fluentd_forward_port}
diff --git a/jenkins/client/approved_scripts.yml b/jenkins/client/approved_scripts.yml
index 498cc62..ed6292e 100644
--- a/jenkins/client/approved_scripts.yml
+++ b/jenkins/client/approved_scripts.yml
@@ -1,6 +1,7 @@
parameters:
jenkins:
client:
+ # Please keep those list sorted
approved_scripts:
- field java.lang.String value
- field java.util.ArrayList size
@@ -12,13 +13,14 @@
- method groovy.json.JsonSlurperClassic parseText java.lang.String
- method groovy.lang.GString getBytes
- method groovy.lang.GroovyObject getProperty java.lang.String
- - method groovy.util.Node get java.lang.String
- method groovy.util.Node attributes
+ - method groovy.util.Node get java.lang.String
- method groovy.util.XmlParser parse java.io.File
- method groovy.util.XmlParser parseText java.lang.String
- method hudson.EnvVars get java.lang.String java.lang.String
- method hudson.PluginManager getPlugins
- method hudson.PluginWrapper getShortName
+ - method hudson.model.Actionable getAction java.lang.Class
- method hudson.model.Hudson getSlaves
- method hudson.model.Item getName
- method hudson.model.ItemGroup getItem java.lang.String
@@ -26,21 +28,27 @@
- method hudson.model.Job getBuildByNumber int
- method hudson.model.Job getBuilds
- method hudson.model.Job getLastBuild
+ - method hudson.model.Job getProperty java.lang.Class
- method hudson.model.Node getLabelString
- method hudson.model.Node getNodeName
+ - method hudson.model.ParameterDefinition getName
+ - method hudson.model.ParametersDefinitionProperty getParameterDefinitions
- method hudson.model.Run getEnvironment
- method hudson.model.Run getId
- method hudson.model.Run getNumber
- method hudson.model.Run getResult
- method hudson.model.Run getTimeInMillis
- method hudson.model.Run isBuilding
+ - method hudson.model.StringParameterDefinition getDefaultValue
- method java.io.File getAbsolutePath
- method java.io.File getName
- method java.io.File getParent
+ - method java.io.File listFiles
- method java.io.Writer write java.lang.String
- method java.lang.AutoCloseable close
- method java.lang.Class isInstance java.lang.Object
- method java.lang.Iterable iterator
+ - method java.lang.String concat java.lang.String
- method java.lang.Throwable printStackTrace
- method java.net.HttpURLConnection getResponseCode
- method java.net.HttpURLConnection setRequestMethod java.lang.String
@@ -52,17 +60,22 @@
- method java.net.URLConnection getOutputStream
- method java.net.URLConnection setDoOutput boolean
- method java.net.URLConnection setRequestProperty java.lang.String java.lang.String
+ - method java.text.DateFormat parse java.lang.String
+ - method java.util.Calendar add int int
+ - method java.util.Calendar getTime
- method java.util.Collection remove java.lang.Object
- method java.util.Collection stream
+ - method java.util.Collection toArray
+ - method java.util.Date before java.util.Date
- method java.util.Date getTime
- method java.util.LinkedHashMap$LinkedHashIterator hasNext
- method java.util.List add int java.lang.Object
- method java.util.List subList int int
- method java.util.Map containsValue java.lang.Object
- method java.util.Map get java.lang.Object
+ - method java.util.Map isEmpty
- method java.util.Map remove java.lang.Object
- method java.util.Map size
- - method java.util.Map isEmpty
- method java.util.regex.MatchResult group int
- method java.util.regex.MatchResult groupCount
- method java.util.regex.Matcher find
@@ -70,16 +83,14 @@
- method java.util.regex.Matcher matches
- method java.util.regex.Pattern matcher java.lang.CharSequence
- method java.util.stream.Stream collect java.util.stream.Collector
- - method java.util.Calendar add int int
- - method java.util.Calendar getTime
- - method java.util.Date before java.util.Date
- - method java.text.DateFormat parse java.lang.String
- method jenkins.model.Jenkins getItemByFullName java.lang.String
- method jenkins.model.Jenkins getPluginManager
- method org.jenkinsci.plugins.workflow.job.WorkflowRun doStop
- method org.jenkinsci.plugins.workflow.job.WorkflowRun finish hudson.model.Result java.lang.Throwable
+ - method org.jenkinsci.plugins.workflow.steps.FlowInterruptedException getCauses
- method org.jenkinsci.plugins.workflow.support.actions.EnvironmentAction getEnvironment
- method org.jenkinsci.plugins.workflow.support.steps.build.RunWrapper build
+ - method org.jenkinsci.plugins.workflow.support.steps.build.RunWrapper getRawBuild
- new groovy.json.JsonBuilder
- new groovy.json.JsonBuilder java.lang.Object
- new groovy.json.JsonSlurperClassic
@@ -94,12 +105,13 @@
- new java.lang.StringBuilder
- new java.lang.StringBuilder int
- new java.net.URI java.lang.String
+ - new java.text.SimpleDateFormat java.lang.String java.util.Locale
- new java.util.ArrayList
- new java.util.Date
- new java.util.HashMap
- - new java.text.SimpleDateFormat java.lang.String java.util.Locale
- staticField groovy.io.FileType FILES
- staticMethod com.cloudbees.plugins.credentials.CredentialsProvider lookupCredentials java.lang.Class hudson.model.ItemGroup
+ - staticMethod hudson.model.Hudson getInstance
- staticMethod java.lang.Double parseDouble java.lang.String
- staticMethod java.lang.Integer valueOf int
- staticMethod java.lang.Integer valueOf java.lang.String
@@ -113,6 +125,7 @@
- staticMethod java.util.regex.Pattern quote java.lang.String
- staticMethod java.util.stream.Collectors joining java.lang.CharSequence
- staticMethod jenkins.model.Jenkins getInstance
+ - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods asBoolean java.lang.CharSequence
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods asBoolean java.util.regex.Matcher
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods collect java.util.Map groovy.lang.Closure
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods eachFile java.io.File groovy.io.FileType groovy.lang.Closure
@@ -120,43 +133,31 @@
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods findAll java.util.List groovy.lang.Closure
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods get java.util.Map java.lang.Object java.lang.Object
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getAt java.lang.Iterable int
+ - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getAt java.lang.Object java.lang.String
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getAt java.lang.String int
+ - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getAt java.util.Collection java.lang.String
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getAt java.util.List groovy.lang.Range
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getBytes java.io.File
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getText java.io.InputStream
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods hasProperty java.lang.Object java.lang.String
+ - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods init java.util.List
+ - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods intersect java.util.List java.lang.Iterable
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods iterator java.lang.Object
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods iterator java.lang.Object[]
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods leftShift java.lang.StringBuffer java.lang.Object
+ - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods minus java.lang.String java.lang.Object
+ - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods multiply java.lang.String java.lang.Number
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods plus java.util.List java.lang.Iterable
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods plus java.util.List java.lang.Object
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods plus java.util.List java.util.Collection
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods println java.lang.Object java.lang.Object
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods putAt java.lang.Object java.lang.String java.lang.Object
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods readLines java.lang.String
+ - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods reverse java.util.List
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods sort java.util.Collection
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods split java.lang.String
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods takeRight java.util.List int
+ - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods toBoolean java.lang.Boolean
+ - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods toSorted java.lang.Iterable
- staticMethod org.codehaus.groovy.runtime.EncodingGroovyMethods encodeBase64 byte[]
- staticMethod org.codehaus.groovy.runtime.ScriptBytecodeAdapter bitwiseNegate java.lang.Object
- - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods toBoolean java.lang.Boolean
- - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getAt java.lang.Object java.lang.String
- - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods multiply java.lang.String java.lang.Number
- - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods minus java.lang.String java.lang.Object
- - method java.io.File listFiles
- - method java.lang.String concat java.lang.String
- - method org.jenkinsci.plugins.workflow.steps.FlowInterruptedException getCauses
- - method org.jenkinsci.plugins.workflow.support.steps.build.RunWrapper getRawBuild
- - method hudson.model.Actionable getAction java.lang.Class
- - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods toSorted java.lang.Iterable
- - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods intersect java.util.List java.lang.Iterable
- - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods reverse java.util.List
- - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getAt java.util.Collection java.lang.String
- - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods init java.util.List
- - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods asBoolean java.lang.CharSequence
- - staticMethod hudson.model.Hudson getInstance
- - method hudson.model.Job getProperty java.lang.Class
- - method hudson.model.ParametersDefinitionProperty getParameterDefinitions
- - method hudson.model.ParameterDefinition getName
- - method hudson.model.StringParameterDefinition getDefaultValue
- - method java.util.Collection toArray
diff --git a/jenkins/client/credential/jenkins.yml b/jenkins/client/credential/jenkins.yml
new file mode 100644
index 0000000..da373db
--- /dev/null
+++ b/jenkins/client/credential/jenkins.yml
@@ -0,0 +1,8 @@
+parameters:
+ jenkins:
+ client:
+ credential:
+ jenkins:
+ desc: Credentials to access this Jenkins instance
+ username: ${_param:jenkins_client_user}
+ password: ${_param:jenkins_client_password}
diff --git a/jenkins/client/job/k8s-test/init.yml b/jenkins/client/job/k8s-test/init.yml
index 59904c2..7a391af 100644
--- a/jenkins/client/job/k8s-test/init.yml
+++ b/jenkins/client/job/k8s-test/init.yml
@@ -1,12 +1,6 @@
classes:
- system.jenkins.client.job.k8s-test.mcp-k8s-test-pipeline
- system.jenkins.client.job.k8s-test.mcp-k8s-merge-pipeline
-- system.jenkins.client.job.k8s-test.mcp-k8s-dashboard-test-pipeline
-- system.jenkins.client.job.k8s-test.mcp-k8s-dashboard-merge-pipeline
-- system.jenkins.client.job.k8s-test.mcp-k8s-nginx-ingress-test-pipeline
-- system.jenkins.client.job.k8s-test.mcp-k8s-nginx-ingress-merge-pipeline
-- system.jenkins.client.job.k8s-test.mcp-k8s-metallb-test-pipeline
-- system.jenkins.client.job.k8s-test.mcp-k8s-metallb-merge-pipeline
-- system.jenkins.client.job.k8s-test.mcp-k8s-coredns-test-pipeline
-- system.jenkins.client.job.k8s-test.mcp-k8s-coredns-merge-pipeline
+- system.jenkins.client.job.k8s-test.mcp-k8s-generic-test-pipeline
+- system.jenkins.client.job.k8s-test.mcp-k8s-generic-merge-pipeline
- system.jenkins.client.job.k8s-test.mcp-k8s-formula-test-pipeline
diff --git a/jenkins/client/job/k8s-test/mcp-k8s-coredns-merge-pipeline.yml b/jenkins/client/job/k8s-test/mcp-k8s-coredns-merge-pipeline.yml
deleted file mode 100644
index 10fe045..0000000
--- a/jenkins/client/job/k8s-test/mcp-k8s-coredns-merge-pipeline.yml
+++ /dev/null
@@ -1,43 +0,0 @@
-parameters:
- _param:
- mcp_docker_registry: 'docker-dev-local.docker.mirantis.net'
- mcp_prod_docker_registry: 'docker-prod-local.docker.mirantis.net'
- jenkins:
- client:
- job:
- mcp_k8s_coredns_merge_pipeline:
- type: workflow-scm
- name: mcp-k8s-coredns-merge-pipeline
- display_name: "CoreDNS merge pipeline"
- discard:
- build:
- keep_num: 20
- concurrent: false
- scm:
- type: git
- url: "${_param:jenkins_gerrit_url}/kubernetes-ci/kubernetes-pipelines"
- credentials: "gerrit"
- script: pipelines/mcp-k8s-coredns-pipeline.groovy
- trigger:
- gerrit:
- project:
- kubernetes/coredns:
- branches:
- - compare_type: "ANT"
- name: "**mcp**"
- message:
- build_successful: "Build successful"
- build_unstable: "Build unstable"
- build_failure: "Build failed"
- event:
- change:
- - merged
- param:
- KUBE_DOCKER_REGISTRY:
- type: string
- default: ${_param:mcp_docker_registry}
- description: 'Docker registry for binaries and images'
- KUBE_PROD_DOCKER_REGISTRY:
- type: string
- default: ${_param:mcp_prod_docker_registry}
- description: 'Prod docker registry for binaries and images'
diff --git a/jenkins/client/job/k8s-test/mcp-k8s-coredns-test-pipeline.yml b/jenkins/client/job/k8s-test/mcp-k8s-coredns-test-pipeline.yml
deleted file mode 100644
index 1f0e190..0000000
--- a/jenkins/client/job/k8s-test/mcp-k8s-coredns-test-pipeline.yml
+++ /dev/null
@@ -1,48 +0,0 @@
-parameters:
- _param:
- mcp_docker_registry: 'docker-dev-local.docker.mirantis.net'
- jenkins:
- client:
- job:
- mcp_k8s_coredns_test_pipeline:
- type: workflow-scm
- name: mcp-k8s-coredns-test-pipeline
- display_name: "CoreDNS tests pipeline"
- discard:
- build:
- keep_num: 50
- concurrent: true
- scm:
- type: git
- url: "${_param:jenkins_gerrit_url}/kubernetes-ci/kubernetes-pipelines"
- credentials: "gerrit"
- script: pipelines/mcp-k8s-coredns-pipeline.groovy
- trigger:
- gerrit:
- project:
- kubernetes/coredns:
- branches:
- - compare_type: "ANT"
- name: "**"
- message:
- build_successful: "Build successful"
- build_unstable: "Build unstable"
- build_failure: "Build failed"
- event:
- patchset:
- - created:
- excludeDrafts: false
- excludeTrivialRebase: false
- excludeNoCodeChange: false
- comment:
- - addedContains:
- commentAddedCommentContains: '(recheck|reverify)'
- override-votes:
- gerritBuildUnstableVerifiedValue: 1
- gerritBuildUnstableCodeReviewValue: 1
- param:
- KUBE_DOCKER_REGISTRY:
- type: string
- default: ${_param:mcp_docker_registry}
- description: 'Docker registry for binaries and images'
-
diff --git a/jenkins/client/job/k8s-test/mcp-k8s-dashboard-merge-pipeline.yml b/jenkins/client/job/k8s-test/mcp-k8s-dashboard-merge-pipeline.yml
deleted file mode 100644
index 8424f6a..0000000
--- a/jenkins/client/job/k8s-test/mcp-k8s-dashboard-merge-pipeline.yml
+++ /dev/null
@@ -1,43 +0,0 @@
-parameters:
- _param:
- mcp_docker_registry: 'docker-dev-local.docker.mirantis.net'
- mcp_prod_docker_registry: 'docker-prod-local.docker.mirantis.net'
- jenkins:
- client:
- job:
- mcp_k8s_dashboard_merge_pipeline:
- type: workflow-scm
- name: mcp-k8s-dashboard-merge-pipeline
- display_name: "Kubernetes dashboard merge pipeline"
- discard:
- build:
- keep_num: 20
- concurrent: false
- scm:
- type: git
- url: "${_param:jenkins_gerrit_url}/kubernetes-ci/kubernetes-pipelines"
- credentials: "gerrit"
- script: pipelines/mcp-k8s-dashboard-pipeline.groovy
- trigger:
- gerrit:
- project:
- kubernetes/dashboard:
- branches:
- - compare_type: "ANT"
- name: "**mcp**"
- message:
- build_successful: "Build successful"
- build_unstable: "Build unstable"
- build_failure: "Build failed"
- event:
- change:
- - merged
- param:
- KUBE_DOCKER_REGISTRY:
- type: string
- default: ${_param:mcp_docker_registry}
- description: 'Docker registry for binaries and images'
- KUBE_PROD_DOCKER_REGISTRY:
- type: string
- default: ${_param:mcp_prod_docker_registry}
- description: 'Prod docker registry for binaries and images'
diff --git a/jenkins/client/job/k8s-test/mcp-k8s-dashboard-test-pipeline.yml b/jenkins/client/job/k8s-test/mcp-k8s-dashboard-test-pipeline.yml
deleted file mode 100644
index ebb4692..0000000
--- a/jenkins/client/job/k8s-test/mcp-k8s-dashboard-test-pipeline.yml
+++ /dev/null
@@ -1,48 +0,0 @@
-parameters:
- _param:
- mcp_docker_registry: 'docker-dev-local.docker.mirantis.net'
- jenkins:
- client:
- job:
- mcp_k8s_dashboard_test_pipeline:
- type: workflow-scm
- name: mcp-k8s-dashboard-test-pipeline
- display_name: "Kubernetes dashboard tests pipeline"
- discard:
- build:
- keep_num: 50
- concurrent: true
- scm:
- type: git
- url: "${_param:jenkins_gerrit_url}/kubernetes-ci/kubernetes-pipelines"
- credentials: "gerrit"
- script: pipelines/mcp-k8s-dashboard-pipeline.groovy
- trigger:
- gerrit:
- project:
- kubernetes/dashboard:
- branches:
- - compare_type: "ANT"
- name: "**"
- message:
- build_successful: "Build successful"
- build_unstable: "Build unstable"
- build_failure: "Build failed"
- event:
- patchset:
- - created:
- excludeDrafts: false
- excludeTrivialRebase: false
- excludeNoCodeChange: false
- comment:
- - addedContains:
- commentAddedCommentContains: '(recheck|reverify)'
- override-votes:
- gerritBuildUnstableVerifiedValue: 1
- gerritBuildUnstableCodeReviewValue: 1
- param:
- KUBE_DOCKER_REGISTRY:
- type: string
- default: ${_param:mcp_docker_registry}
- description: 'Docker registry for binaries and images'
-
diff --git a/jenkins/client/job/k8s-test/mcp-k8s-generic-merge-pipeline.yml b/jenkins/client/job/k8s-test/mcp-k8s-generic-merge-pipeline.yml
new file mode 100644
index 0000000..0c01626
--- /dev/null
+++ b/jenkins/client/job/k8s-test/mcp-k8s-generic-merge-pipeline.yml
@@ -0,0 +1,65 @@
+parameters:
+ _param:
+ mcp_docker_registry: 'docker-dev-local.docker.mirantis.net'
+ mcp_prod_docker_registry: 'docker-prod-local.docker.mirantis.net'
+ jenkins:
+ client:
+ job_template:
+ mcp-k8s-generic-merge-pipeline:
+ name: mcp-k8s-{{name}}-merge-pipeline
+ jobs:
+ - name: coredns
+ display_name: "CoreDNS merge pipeline"
+ pipeline: mcp-k8s-coredns-pipeline.groovy
+ repo: kubernetes/coredns
+ - name: dashboard
+ display_name: "Kubernetes dashboard merge pipeline"
+ pipeline: mcp-k8s-dashboard-pipeline.groovy
+ repo: kubernetes/dashboard
+ - name: external-dns
+ display_name: "External DNS merge pipeline"
+ pipeline: mcp-k8s-ext-dns-pipeline.groovy
+ repo: kubernetes/external-dns
+ - name: metallb
+ display_name: "Metal LB merge pipeline"
+ pipeline: mcp-k8s-metallb-pipeline.groovy
+ repo: kubernetes/metallb
+ - name: nginx-ingress
+ display_name: "NGINX ingress merge pipeline"
+ pipeline: mcp-k8s-ingress-nginx-pipeline.groovy
+ repo: kubernetes/ingress-nginx
+ template:
+ type: workflow-scm
+ display_name: "{{display_name}}"
+ discard:
+ build:
+ keep_num: 20
+ concurrent: false
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/kubernetes-ci/kubernetes-pipelines"
+ credentials: "gerrit"
+ script: "pipelines/{{pipeline}}"
+ trigger:
+ gerrit:
+ project:
+ "{{repo}}":
+ branches:
+ - compare_type: "ANT"
+ name: "**mcp**"
+ message:
+ build_successful: "Build successful"
+ build_unstable: "Build unstable"
+ build_failure: "Build failed"
+ event:
+ change:
+ - merged
+ param:
+ KUBE_DOCKER_REGISTRY:
+ type: string
+ default: ${_param:mcp_docker_registry}
+ description: 'Docker registry for binaries and images'
+ KUBE_PROD_DOCKER_REGISTRY:
+ type: string
+ default: ${_param:mcp_prod_docker_registry}
+ description: 'Prod docker registry for binaries and images'
diff --git a/jenkins/client/job/k8s-test/mcp-k8s-generic-test-pipeline.yml b/jenkins/client/job/k8s-test/mcp-k8s-generic-test-pipeline.yml
new file mode 100644
index 0000000..de5e5a6
--- /dev/null
+++ b/jenkins/client/job/k8s-test/mcp-k8s-generic-test-pipeline.yml
@@ -0,0 +1,69 @@
+parameters:
+ _param:
+ mcp_docker_registry: 'docker-dev-local.docker.mirantis.net'
+ jenkins:
+ client:
+ job_template:
+ mcp-k8s-generic-test-pipeline:
+ name: mcp-k8s-{{name}}-test-pipeline
+ jobs:
+ - name: coredns
+ display_name: "CoreDNS test pipeline"
+ pipeline: mcp-k8s-coredns-pipeline.groovy
+ repo: kubernetes/coredns
+ - name: dashboard
+ display_name: "Kubernetes dashboard test pipeline"
+ pipeline: mcp-k8s-dashboard-pipeline.groovy
+ repo: kubernetes/dashboard
+ - name: external-dns
+ display_name: "External DNS test pipeline"
+ pipeline: mcp-k8s-ext-dns-pipeline.groovy
+ repo: kubernetes/external-dns
+ - name: metallb
+ display_name: "Metal LB test pipeline"
+ pipeline: mcp-k8s-metallb-pipeline.groovy
+ repo: kubernetes/metallb
+ - name: nginx-ingress
+ display_name: "NGINX ingress test pipeline"
+ pipeline: mcp-k8s-ingress-nginx-pipeline.groovy
+ repo: kubernetes/ingress-nginx
+ template:
+ type: workflow-scm
+ display_name: "{{display_name}}"
+ discard:
+ build:
+ keep_num: 50
+ concurrent: true
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/kubernetes-ci/kubernetes-pipelines"
+ credentials: "gerrit"
+ script: "pipelines/{{pipeline}}"
+ trigger:
+ gerrit:
+ project:
+ "{{repo}}":
+ branches:
+ - compare_type: "ANT"
+ name: "**"
+ message:
+ build_successful: "Build successful"
+ build_unstable: "Build unstable"
+ build_failure: "Build failed"
+ event:
+ patchset:
+ - created:
+ excludeDrafts: false
+ excludeTrivialRebase: false
+ excludeNoCodeChange: false
+ comment:
+ - addedContains:
+ commentAddedCommentContains: '(recheck|reverify)'
+ override-votes:
+ gerritBuildUnstableVerifiedValue: 1
+ gerritBuildUnstableCodeReviewValue: 1
+ param:
+ KUBE_DOCKER_REGISTRY:
+ type: string
+ default: ${_param:mcp_docker_registry}
+ description: 'Docker registry for binaries and images'
diff --git a/jenkins/client/job/k8s-test/mcp-k8s-nginx-ingress-merge-pipeline.yml b/jenkins/client/job/k8s-test/mcp-k8s-nginx-ingress-merge-pipeline.yml
deleted file mode 100644
index 8236536..0000000
--- a/jenkins/client/job/k8s-test/mcp-k8s-nginx-ingress-merge-pipeline.yml
+++ /dev/null
@@ -1,43 +0,0 @@
-parameters:
- _param:
- mcp_docker_registry: 'docker-dev-local.docker.mirantis.net'
- mcp_prod_docker_registry: 'docker-prod-local.docker.mirantis.net'
- jenkins:
- client:
- job:
- mcp_k8s_nginx_ingress_merge_pipeline:
- type: workflow-scm
- name: mcp-k8s-nginx-ingress-merge-pipeline
- display_name: "k8s nginx ingress merge pipeline"
- discard:
- build:
- keep_num: 20
- concurrent: false
- scm:
- type: git
- url: "${_param:jenkins_gerrit_url}/kubernetes-ci/kubernetes-pipelines"
- credentials: "gerrit"
- script: pipelines/mcp-k8s-ingress-nginx-pipeline.groovy
- trigger:
- gerrit:
- project:
- kubernetes/ingress-nginx:
- branches:
- - compare_type: "ANT"
- name: "**mcp**"
- message:
- build_successful: "Build successful"
- build_unstable: "Build unstable"
- build_failure: "Build failed"
- event:
- change:
- - merged
- param:
- KUBE_DOCKER_REGISTRY:
- type: string
- default: ${_param:mcp_docker_registry}
- description: 'Docker registry for binaries and images'
- KUBE_PROD_DOCKER_REGISTRY:
- type: string
- default: ${_param:mcp_prod_docker_registry}
- description: 'Prod docker registry for binaries and images'
diff --git a/jenkins/client/job/k8s-test/mcp-k8s-nginx-ingress-test-pipeline.yml b/jenkins/client/job/k8s-test/mcp-k8s-nginx-ingress-test-pipeline.yml
deleted file mode 100644
index 8730f0d..0000000
--- a/jenkins/client/job/k8s-test/mcp-k8s-nginx-ingress-test-pipeline.yml
+++ /dev/null
@@ -1,48 +0,0 @@
-parameters:
- _param:
- mcp_docker_registry: 'docker-dev-local.docker.mirantis.net'
- jenkins:
- client:
- job:
- mcp_k8s_nginx_ingress_test_pipeline:
- type: workflow-scm
- name: mcp-k8s-nginx-ingress-test-pipeline
- display_name: "k8s nginx ingress tests pipeline"
- discard:
- build:
- keep_num: 50
- concurrent: true
- scm:
- type: git
- url: "${_param:jenkins_gerrit_url}/kubernetes-ci/kubernetes-pipelines"
- credentials: "gerrit"
- script: pipelines/mcp-k8s-ingress-nginx-pipeline.groovy
- trigger:
- gerrit:
- project:
- kubernetes/ingress-nginx:
- branches:
- - compare_type: "ANT"
- name: "**"
- message:
- build_successful: "Build successful"
- build_unstable: "Build unstable"
- build_failure: "Build failed"
- event:
- patchset:
- - created:
- excludeDrafts: false
- excludeTrivialRebase: false
- excludeNoCodeChange: false
- comment:
- - addedContains:
- commentAddedCommentContains: '(recheck|reverify)'
- override-votes:
- gerritBuildUnstableVerifiedValue: 1
- gerritBuildUnstableCodeReviewValue: 1
- param:
- KUBE_DOCKER_REGISTRY:
- type: string
- default: ${_param:mcp_docker_registry}
- description: 'Docker registry for binaries and images'
-
diff --git a/jenkins/client/job/oscore/salt_virtual_models.yml b/jenkins/client/job/oscore/salt_virtual_models.yml
index 49ef6df..7bffaf2 100644
--- a/jenkins/client/job/oscore/salt_virtual_models.yml
+++ b/jenkins/client/job/oscore/salt_virtual_models.yml
@@ -101,6 +101,10 @@
type: string
description: How much test threads to run
default: "2"
+ RUN_SECURITY_CHECK:
+ type: boolean
+ description: Whether to run Openscap XCCDF evaluation
+ default: "false"
RUN_SMOKE:
type: boolean
default: "false"
diff --git a/jenkins/client/job/oscore/tests.yml b/jenkins/client/job/oscore/tests.yml
index f4fb7e0..c082306 100644
--- a/jenkins/client/job/oscore/tests.yml
+++ b/jenkins/client/job/oscore/tests.yml
@@ -99,6 +99,11 @@
OPENSTACK_API_VERSION:
type: string
default: "3"
+ # security test
+ RUN_SECURITY_CHECK:
+ type: boolean
+ description: Whether to run Openscap XCCDF evaluation
+ default: 'false'
# test
TEST_CONF:
type: string
@@ -682,7 +687,7 @@
trigger:
gerrit:
project:
- "^salt-formulas/(nova|cinder|glance|keystone|horizon|neutron|designate|heat|ironic|barbican|aodh|ceilometer|gnocchi|panko|manila|salt|linux|reclass|galera|memcached|rabbitmq|bind|apache|runtest|oslo-templates|auditd)$":
+ "^salt-formulas/(nova|cinder|glance|keystone|horizon|neutron|designate|heat|ironic|barbican|aodh|ceilometer|gnocchi|panko|manila|salt|linux|reclass|galera|memcached|rabbitmq|bind|apache|runtest|oslo-templates|auditd|octavia|openscap)$":
compare_type: 'REG_EXP'
branches:
- master
diff --git a/jenkins/client/job/salt-formulas/tests.yml b/jenkins/client/job/salt-formulas/tests.yml
index ca8d0a5..b5b286d 100644
--- a/jenkins/client/job/salt-formulas/tests.yml
+++ b/jenkins/client/job/salt-formulas/tests.yml
@@ -153,6 +153,7 @@
salt-formulas/{{name}}:
branches:
- master
+ - '2018.8.1'
event:
comment:
- addedContains:
diff --git a/jenkins/client/job/salt-models/tests.yml b/jenkins/client/job/salt-models/tests.yml
index a7bdbab..c6c54bb 100644
--- a/jenkins/client/job/salt-models/tests.yml
+++ b/jenkins/client/job/salt-models/tests.yml
@@ -227,6 +227,10 @@
DEFAULT_GIT_REF:
type: string
default: master
+ EXTRA_VARIABLES_YAML:
+ type: text
+ default: ""
+ description: "Extra vars passed as YAML"
PARALLEL_NODE_GROUP_SIZE:
type: string
default: "5"
@@ -294,6 +298,10 @@
CREDENTIALS_ID:
type: string
default: gerrit
+ EXTRA_VARIABLES_YAML:
+ type: text
+ default: ""
+ description: "Extra vars passed as YAML"
job:
test-salt-model-node:
name: test-salt-model-node
diff --git a/jenkins/client/job/security/openscap.yml b/jenkins/client/job/security/openscap.yml
new file mode 100644
index 0000000..fae68ab
--- /dev/null
+++ b/jenkins/client/job/security/openscap.yml
@@ -0,0 +1,57 @@
+#
+# Job to collect oscap results based on input benchmarks
+#
+parameters:
+ jenkins:
+ client:
+ job:
+ run-openscap-xccdf-evaluation:
+ type: workflow-scm
+ concurrent: true
+ discard:
+ build:
+ keep_num: 10
+ artifact:
+ keep_num: 10
+ display_name: "Run openscap xccdf evaluation on given nodes"
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+ branch: "${_param:jenkins_pipelines_branch}"
+ credentials: "gerrit"
+ script: test-openscap-pipeline.groovy
+ param:
+ DASHBOARD_API_URL:
+ type: string
+ default: ""
+ description: "The WORP api base url. Mandatory if UPLOAD_TO_DASHBOARD is true"
+ SALT_MASTER_URL:
+ type: string
+ default: ""
+ SALT_MASTER_CREDENTIALS:
+ type: string
+ default: "salt"
+ TARGET_SERVERS:
+ type: string
+ default: '*'
+ description: "The target Salt nodes"
+ UPLOAD_TO_DASHBOARD:
+ type: boolean
+ default: "false"
+ description: "Upload results to the WORP or not"
+ XCCDF_BENCHMARKS:
+ type: string
+ default: "cis_ubuntu_1604_server_l2/cis_ubuntu_1604_server_l2-xccdf.xml,default"
+ description: "List of pairs XCCDF benchmark filename and corresponding profile, format xccdf_benchmark 1, profile; xccdf_benchmark 2, profile"
+ XCCDF_BENCHMARKS_DIR:
+ type: string
+ default: "/usr/share/xccdf-benchmarks/mirantis/"
+ description: "The XCCDF benchmarks base directory"
+ XCCDF_VERSION:
+ type: string
+ default: "1.2"
+ description: "The XCCDF version"
+ XCCDF_TAILORING_ID:
+ type: string
+ default: "None"
+ description: "The tailoring id"
diff --git a/keystone/server/fernet_rotation/cluster.yml b/keystone/server/fernet_rotation/cluster.yml
index 7da8b5b..c34c4f8 100644
--- a/keystone/server/fernet_rotation/cluster.yml
+++ b/keystone/server/fernet_rotation/cluster.yml
@@ -24,6 +24,9 @@
credential_rotation_driver: ${_param:credential_rotation_driver}
linux:
system:
+ package:
+ rsync:
+ version: latest
cron:
user:
keystone:
diff --git a/keystone/server/fernet_rotation/single.yml b/keystone/server/fernet_rotation/single.yml
index bb6f234..8a3d6fb 100644
--- a/keystone/server/fernet_rotation/single.yml
+++ b/keystone/server/fernet_rotation/single.yml
@@ -10,6 +10,9 @@
credential_rotation_driver: ${_param:credential_rotation_driver}
linux:
system:
+ package:
+ rsync:
+ version: latest
cron:
user:
keystone:
diff --git a/kubernetes/common/addons/fluentd.yml b/kubernetes/common/addons/fluentd.yml
new file mode 100644
index 0000000..16a6874
--- /dev/null
+++ b/kubernetes/common/addons/fluentd.yml
@@ -0,0 +1,36 @@
+parameters:
+ _param:
+ kubernetes_fluentd_aggregator_image: ${_param:mcp_docker_registry}/mirantis/external/fluentd-kubernetes-daemonset:stable
+ kubernetes_fluentd_enabled: false
+ kubernetes_fluentd_namespace: stacklight
+ kubernetes_fluentd_aggregator_resources_limits_memory: 500Mi
+ kubernetes_fluentd_aggregator_resources_requests_memory: 500Mi
+ kubernetes_fluentd_aggregator_bind_port: 24224
+ kubernetes_fluentd_aggregator_bind_host_port: 31950
+ kubernetes_fluentd_aggregator_config_output_es_host: 127.0.0.1
+ kubernetes_fluentd_aggregator_config_output_es_port: 9200
+ kubernetes_fluentd_aggregator_config_output_es_scheme: http
+ kubernetes_fluentd_aggregator_config_dir: /fluentd/etc
+ kubernetes:
+ common:
+ addons:
+ fluentd:
+ enabled: ${_param:kubernetes_fluentd_enabled}
+ namespace: ${_param:kubernetes_fluentd_namespace}
+ aggregator:
+ image: ${_param:kubernetes_fluentd_aggregator_image}
+ resources:
+ limits:
+ memory: ${_param:kubernetes_fluentd_aggregator_resources_limits_memory}
+ requests:
+ memory: ${_param:kubernetes_fluentd_aggregator_resources_requests_memory}
+ bind:
+ port: ${_param:kubernetes_fluentd_aggregator_bind_port}
+ host_port: ${_param:kubernetes_fluentd_aggregator_bind_host_port}
+ config:
+ config_dir: ${_param:kubernetes_fluentd_aggregator_config_dir}
+ output:
+ es:
+ host: ${_param:kubernetes_fluentd_aggregator_config_output_es_host}
+ port: ${_param:kubernetes_fluentd_aggregator_config_output_es_port}
+ scheme: ${_param:kubernetes_fluentd_aggregator_config_output_es_scheme}
diff --git a/kubernetes/common/init.yml b/kubernetes/common/init.yml
index 8e0793b..f21c6f8 100644
--- a/kubernetes/common/init.yml
+++ b/kubernetes/common/init.yml
@@ -12,7 +12,7 @@
kubernetes_netchecker_server_repo: mirantis
kubernetes_virtlet_repo: mirantis
kubernetes_kubedns_repo: gcr.io/google_containers
- kubernetes_externaldns_repo: mirantis
+ kubernetes_externaldns_repo: ${_param:mcp_docker_registry}/mirantis/external-dns
kubernetes_genie_repo: https://docker-prod-local.artifactory.mirantis.com/artifactory/binary-prod-local/mirantis/kubernetes/cni-genie
kubernetes_flannel_repo: quay.io/coreos
kubernetes_metallb_repo: ${_param:mcp_docker_registry}/mirantis/metallb
@@ -31,16 +31,16 @@
kubernetes_pause_image: ${_param:kubernetes_hyperkube_repo}/pause-amd64:v1.11.2-1
kubernetes_contrail_cni_image: ${_param:kubernetes_contrail_cni_repo}/contrail-cni:v1.2.0
kubernetes_contrail_network_controller_image: ${_param:kubernetes_contrail_network_controller_repo}/contrail-network-controller:v1.2.0
- kubernetes_virtlet_image: ${_param:kubernetes_virtlet_repo}/virtlet:v1.3.0
- kubernetes_criproxy_version: v0.11.1
- kubernetes_criproxy_checksum: md5=a3f1f08bdc7a8d6eb73b7c8fa5bae200
+ kubernetes_virtlet_image: ${_param:kubernetes_virtlet_repo}/virtlet:v1.4.0
+ kubernetes_criproxy_version: v0.12.0
+ kubernetes_criproxy_checksum: md5=371cacd3d8568eb88425498b48a649dd
kubernetes_netchecker_agent_image: ${_param:kubernetes_netchecker_agent_repo}/k8s-netchecker-agent:v1.2.2
kubernetes_netchecker_server_image: ${_param:kubernetes_netchecker_server_repo}/k8s-netchecker-server:v1.2.2
kubernetes_kubedns_image: ${_param:kubernetes_kubedns_repo}/k8s-dns-kube-dns-amd64:1.14.5
kubernetes_dnsmasq_image: ${_param:kubernetes_kubedns_repo}/k8s-dns-dnsmasq-amd64:1.14.5
kubernetes_sidecar_image: ${_param:kubernetes_kubedns_repo}/k8s-dns-sidecar-amd64:1.14.5
kubernetes_dns_autoscaler_image: ${_param:kubernetes_kubedns_repo}/cluster-proportional-autoscaler-amd64:1.0.0
- kubernetes_externaldns_image: ${_param:kubernetes_externaldns_repo}/external-dns:v0.5.3
+ kubernetes_externaldns_image: ${_param:kubernetes_externaldns_repo}/external-dns:v0.5.6-1
kubernetes_genie_source: ${_param:kubernetes_genie_repo}/genie_v1.0-138-gbf5dbaa
kubernetes_genie_source_hash: md5=b024052ed4ecb1d5354e0cc8f51afaca
kubernetes_flannel_image: ${_param:kubernetes_flannel_repo}/flannel:v0.10.0-amd64
@@ -51,8 +51,6 @@
kubernetes_cniplugins_source: ${_param:kubernetes_cniplugins_repo}/cni-plugins_v0.7.1-48-g696b1f9.tar.gz
kubernetes_cniplugins_source_hash: md5=5ec1cf5e989097c6127ea5365e277b02
kubernetes_dashboard_image: ${_param:kubernetes_dashboard_repo}/kubernetes-dashboard-amd64:v1.10.0-4
- kubernetes_fluentd_aggregator_image: fluent/fluentd-kubernetes-daemonset:v1.2-debian-elasticsearch
- kubernetes_fluentd_logger_image: fluent/fluentd-kubernetes-daemonset:v1.2-debian-stackdriver
kubernetes_telegraf_image: ${_param:mcp_docker_registry}/openstack-docker/telegraf:2018.8.0
kubernetes_coredns_image: ${_param:kubernetes_coredns_repo}/coredns:v1.2.2-12
@@ -71,48 +69,8 @@
kubernetes_contrail_network_controller_enabled: false
kubernetes_metallb_enabled: false
kubernetes_sriov_enabled: false
- kubernetes_fluentd_enabled: false
kubernetes_telegraf_enabled: false
- # the rest of fluentd related params, the non bools
- kubernetes_fluentd_namespace: stacklight
- kubernetes_fluentd_aggregator_resources_limits_memory: 500Mi
- kubernetes_fluentd_aggregator_resources_requests_memory: 500Mi
- kubernetes_fluentd_aggregator_config_forward_input_bind_port: 24224
- kubernetes_fluentd_aggregator_config_general_time_format: '%Y-%m-%dT%H:%M:%S.%N%z'
- kubernetes_fluentd_aggregator_config_systemd_filter_docker_parse_format: /^time="(?<time>[^)]*)" level=(?<severity>[^ ]*) msg="(?<message>[^"]*)"( err="(?<error>[^"]*)")?( statusCode=($<status_code>\d+))?/
- kubernetes_fluentd_aggregator_config_output_log_level: 'info'
- kubernetes_fluentd_aggregator_config_output_logstash_format: true
- kubernetes_fluentd_aggregator_config_output_logstash_prefix: 'log'
- kubernetes_fluentd_aggregator_config_output_logstash_dateformat: '%Y.%m.%d'
- kubernetes_fluentd_aggregator_config_output_num_threads: 8
- kubernetes_fluentd_aggregator_config_output_max_retry_wait: 30
- kubernetes_fluentd_aggregator_config_output_flush_interval: '10s'
- kubernetes_fluentd_aggregator_config_output_buffer_chunk_limit: '2m'
- kubernetes_fluentd_aggregator_config_output_buffer_queue_limit: 32
- kubernetes_fluentd_aggregator_config_output_request_timeout: '10s'
- kubernetes_fluentd_aggregator_config_output_es_host: 127.0.0.1
- kubernetes_fluentd_aggregator_config_output_es_port: 9200
- kubernetes_fluentd_aggregator_config_output_es_scheme: http
-
- kubernetes_fluentd_logger_resources_limits_memory: 500Mi
- kubernetes_fluentd_logger_resources_requests_memory: 500Mi
- kubernetes_fluentd_logger_config_kubernetes_input_time_format: '%Y-%m-%dT%H:%M:%S.%NZ'
- kubernetes_fluentd_logger_config_forward_output_require_ack_response: true
- kubernetes_fluentd_logger_config_forward_output_ack_response_timeout: 30
- kubernetes_fluentd_logger_config_forward_output_recover_wait: '10s'
- kubernetes_fluentd_logger_config_forward_output_heartbeat_interval: '1s'
- kubernetes_fluentd_logger_config_forward_output_phi_threshold: 16
- kubernetes_fluentd_logger_config_forward_output_send_timeout: '10s'
- kubernetes_fluentd_logger_config_forward_output_hard_timeout: '10s'
- kubernetes_fluentd_logger_config_forward_output_expire_dns_cache: 15
- kubernetes_fluentd_logger_config_forward_output_heartbeat_type: 'tcp'
- kubernetes_fluentd_logger_config_forward_output_buffer_chunk_limit: '2M'
- kubernetes_fluentd_logger_config_forward_output_buffer_queue_limit: 32
- kubernetes_fluentd_logger_config_forward_output_flush_interval: '5s'
- kubernetes_fluentd_logger_config_forward_output_max_retry_wait: 15
- kubernetes_fluentd_logger_config_forward_output_num_threads: 8
-
# telegraf stuff
kubernetes_telegraf_namespace: stacklight
kubernetes_telegraf_resources_limits_memory: 500Mi
@@ -172,64 +130,6 @@
image: ${_param:kubernetes_contrail_network_controller_image}
flannel:
image: ${_param:kubernetes_flannel_image}
- fluentd:
- enabled: ${_param:kubernetes_fluentd_enabled}
- namespace: ${_param:kubernetes_fluentd_namespace}
- aggregator:
- image: ${_param:kubernetes_fluentd_aggregator_image}
- resources:
- limits:
- memory: ${_param:kubernetes_fluentd_aggregator_resources_limits_memory}
- requests:
- memory: ${_param:kubernetes_fluentd_aggregator_resources_requests_memory}
- config:
- forward_input:
- bind:
- port: ${_param:kubernetes_fluentd_aggregator_config_forward_input_bind_port}
- general:
- time_format: ${_param:kubernetes_fluentd_aggregator_config_general_time_format}
- systemd_filter:
- docker_parse_format: ${_param:kubernetes_fluentd_aggregator_config_systemd_filter_docker_parse_format}
- output:
- log_level: ${_param:kubernetes_fluentd_aggregator_config_output_log_level}
- logstash_format: ${_param:kubernetes_fluentd_aggregator_config_output_logstash_format}
- logstash_prefix: ${_param:kubernetes_fluentd_aggregator_config_output_logstash_prefix}
- logstash_dateformat: ${_param:kubernetes_fluentd_aggregator_config_output_logstash_dateformat}
- request_timeout: ${_param:kubernetes_fluentd_aggregator_config_output_request_timeout}
- buffer_chunk_limit: ${_param:kubernetes_fluentd_aggregator_config_output_buffer_chunk_limit}
- buffer_queue_limit: ${_param:kubernetes_fluentd_aggregator_config_output_buffer_queue_limit}
- flush_interval: ${_param:kubernetes_fluentd_aggregator_config_output_flush_interval}
- num_threads: ${_param:kubernetes_fluentd_aggregator_config_output_num_threads}
- max_retry_wait: ${_param:kubernetes_fluentd_aggregator_config_output_max_retry_wait}
- es:
- host: ${_param:kubernetes_fluentd_aggregator_config_output_es_host}
- port: ${_param:kubernetes_fluentd_aggregator_config_output_es_port}
- scheme: ${_param:kubernetes_fluentd_aggregator_config_output_es_scheme}
- logger:
- image: ${_param:kubernetes_fluentd_logger_image}
- resources:
- limits:
- memory: ${_param:kubernetes_fluentd_logger_resources_limits_memory}
- requests:
- memory: ${_param:kubernetes_fluentd_logger_resources_requests_memory}
- config:
- kubernetes_input:
- time_format: ${_param:kubernetes_fluentd_logger_config_kubernetes_input_time_format}
- forward_output:
- require_ack_response: ${_param:kubernetes_fluentd_logger_config_forward_output_require_ack_response}
- ack_response_timeout: ${_param:kubernetes_fluentd_logger_config_forward_output_ack_response_timeout}
- recover_wait: ${_param:kubernetes_fluentd_logger_config_forward_output_recover_wait}
- heartbeat_interval: ${_param:kubernetes_fluentd_logger_config_forward_output_heartbeat_interval}
- phi_threshold: ${_param:kubernetes_fluentd_logger_config_forward_output_phi_threshold}
- send_timeout: ${_param:kubernetes_fluentd_logger_config_forward_output_send_timeout}
- hard_timeout: ${_param:kubernetes_fluentd_logger_config_forward_output_hard_timeout}
- expire_dns_cache: ${_param:kubernetes_fluentd_logger_config_forward_output_expire_dns_cache}
- heartbeat_type: ${_param:kubernetes_fluentd_logger_config_forward_output_heartbeat_type}
- buffer_chunk_limit: ${_param:kubernetes_fluentd_logger_config_forward_output_buffer_chunk_limit}
- buffer_queue_limit: ${_param:kubernetes_fluentd_logger_config_forward_output_buffer_queue_limit}
- flush_interval: ${_param:kubernetes_fluentd_logger_config_forward_output_flush_interval}
- max_retry_wait: ${_param:kubernetes_fluentd_logger_config_forward_output_max_retry_wait}
- num_threads: ${_param:kubernetes_fluentd_logger_config_forward_output_num_threads}
telegraf:
enabled: ${_param:kubernetes_telegraf_enabled}
image: ${_param:kubernetes_telegraf_image}
diff --git a/linux/system/repo/mcp/apt_mirantis/hotfix/ubuntu.yml b/linux/system/repo/mcp/apt_mirantis/hotfix/ubuntu.yml
index a6dabf6..77d5202 100644
--- a/linux/system/repo/mcp/apt_mirantis/hotfix/ubuntu.yml
+++ b/linux/system/repo/mcp/apt_mirantis/hotfix/ubuntu.yml
@@ -5,16 +5,16 @@
linux:
system:
repo:
- ubuntu_hotfix:
- refresh_db: ${_param:linux_repo_refresh_db}
- source: "deb [arch=amd64] ${_param:linux_system_repo_hotfix_ubuntu_url} ${_param:linux_system_codename} main restricted universe"
- architectures: amd64
- default: true
- ubuntu_updates_hotfix:
- refresh_db: ${_param:linux_repo_refresh_db}
- source: "deb [arch=amd64] ${_param:linux_system_repo_hotfix_ubuntu_url} ${_param:linux_system_codename}-updates main restricted universe"
- architectures: amd64
- default: true
+# ubuntu_hotfix:
+# refresh_db: ${_param:linux_repo_refresh_db}
+# source: "deb [arch=amd64] ${_param:linux_system_repo_hotfix_ubuntu_url} ${_param:linux_system_codename} main restricted universe"
+# architectures: amd64
+# default: true
+# ubuntu_updates_hotfix:
+# refresh_db: ${_param:linux_repo_refresh_db}
+# source: "deb [arch=amd64] ${_param:linux_system_repo_hotfix_ubuntu_url} ${_param:linux_system_codename}-updates main restricted universe"
+# architectures: amd64
+# default: true
ubuntu_security_hotfix:
refresh_db: ${_param:linux_repo_refresh_db}
source: "deb [arch=amd64] ${_param:linux_system_repo_hotfix_ubuntu_url} ${_param:linux_system_codename}-security main restricted universe"
diff --git a/linux/system/repo/mcp/apt_mirantis/update/ubuntu.yml b/linux/system/repo/mcp/apt_mirantis/update/ubuntu.yml
index 24a98d1..d58ff85 100644
--- a/linux/system/repo/mcp/apt_mirantis/update/ubuntu.yml
+++ b/linux/system/repo/mcp/apt_mirantis/update/ubuntu.yml
@@ -5,16 +5,16 @@
linux:
system:
repo:
- ubuntu_update:
- refresh_db: ${_param:linux_repo_refresh_db}
- source: "deb [arch=amd64] ${_param:linux_system_repo_update_ubuntu_url} ${_param:linux_system_codename} main restricted universe"
- architectures: amd64
- default: true
- ubuntu_updates_update:
- refresh_db: ${_param:linux_repo_refresh_db}
- source: "deb [arch=amd64] ${_param:linux_system_repo_update_ubuntu_url} ${_param:linux_system_codename}-updates main restricted universe"
- architectures: amd64
- default: true
+# ubuntu_update:
+# refresh_db: ${_param:linux_repo_refresh_db}
+# source: "deb [arch=amd64] ${_param:linux_system_repo_update_ubuntu_url} ${_param:linux_system_codename} main restricted universe"
+# architectures: amd64
+# default: true
+# ubuntu_updates_update:
+# refresh_db: ${_param:linux_repo_refresh_db}
+# source: "deb [arch=amd64] ${_param:linux_system_repo_update_ubuntu_url} ${_param:linux_system_codename}-updates main restricted universe"
+# architectures: amd64
+# default: true
ubuntu_security_update:
refresh_db: ${_param:linux_repo_refresh_db}
source: "deb [arch=amd64] ${_param:linux_system_repo_update_ubuntu_url} ${_param:linux_system_codename}-security main restricted universe"
diff --git a/manila/common/cluster.yml b/manila/common/cluster.yml
index 9ea811e..ad1254b 100644
--- a/manila/common/cluster.yml
+++ b/manila/common/cluster.yml
@@ -1,7 +1,5 @@
classes:
- service.manila.common.cluster
-- service.haproxy.proxy.single
-- system.haproxy.proxy.listen.openstack.manila
- system.salt.minion.cert.mysql.clients.openstack.manila
- system.salt.minion.cert.rabbitmq.clients.openstack.manila
parameters:
@@ -12,6 +10,7 @@
openstack_rabbitmq_x509_enabled: False
rabbitmq_ssl_enabled: False
openstack_rabbitmq_port: 5672
+ cluster_internal_protocol: 'http'
manila:
common:
version: ${_param:openstack_version}
@@ -54,4 +53,4 @@
auth_type: password
user_domain_id: default
project_domain_id: default
- protocol: 'http'
+ protocol: ${_param:cluster_internal_protocol}
diff --git a/manila/common/single.yml b/manila/common/single.yml
index f984ab7..c5a6f97 100644
--- a/manila/common/single.yml
+++ b/manila/common/single.yml
@@ -9,6 +9,7 @@
openstack_rabbitmq_x509_enabled: False
rabbitmq_ssl_enabled: False
openstack_rabbitmq_port: 5672
+ cluster_internal_protocol: 'http'
manila:
common:
version: ${_param:openstack_version}
@@ -51,4 +52,4 @@
auth_type: password
user_domain_id: default
project_domain_id: default
- protocol: 'http'
+ protocol: ${_param:cluster_internal_protocol}
diff --git a/manila/control/cluster.yml b/manila/control/cluster.yml
index 7ea128b..75b6f76 100644
--- a/manila/control/cluster.yml
+++ b/manila/control/cluster.yml
@@ -1,7 +1,8 @@
classes:
- - system.manila.common.cluster
- - system.apache.server.site.manila
- - system.haproxy.proxy.listen.openstack.manila
+ - service.haproxy.proxy.single
+ - system.manila.common.cluster
+ - system.apache.server.site.manila
+ - system.haproxy.proxy.listen.openstack.manila
parameters:
manila:
common:
diff --git a/manila/share/init.yml b/manila/share/init.yml
index 2c6558e..346bfcd 100644
--- a/manila/share/init.yml
+++ b/manila/share/init.yml
@@ -1,5 +1,5 @@
classes:
- - service.manila.common.cluster
+ - system.manila.common.cluster
parameters:
manila:
common:
diff --git a/neutron/client/service/public_v2.yml b/neutron/client/service/public_v2.yml
index 7c14248..1cef167 100644
--- a/neutron/client/service/public_v2.yml
+++ b/neutron/client/service/public_v2.yml
@@ -8,7 +8,7 @@
admin_identity:
network:
public:
- shared: True
+ shared: False
router_external: True
default: True
provider_network_type: flat
diff --git a/neutron/control/ovn/single.yml b/neutron/control/ovn/single.yml
index 92b8258..f3dd749 100644
--- a/neutron/control/ovn/single.yml
+++ b/neutron/control/ovn/single.yml
@@ -9,6 +9,7 @@
neutron_tenant_network_types: "geneve,flat"
neutron_enable_qos: False
neutron_enable_vlan_aware_vms: False
+ neutron_ovn_metadata_enabled: True
neutron:
server:
global_physnet_mtu: ${_param:neutron_global_physnet_mtu}
@@ -23,6 +24,8 @@
mechanism:
ovn:
driver: ovn
+ ovn:
+ metadata_enabled: ${_param:neutron_ovn_metadata_enabled}
compute:
region: ${_param:openstack_region}
database:
diff --git a/nova/compute/libvirt/ssl/init.yml b/nova/compute/libvirt/ssl/init.yml
index 9931cbd..87742e0 100644
--- a/nova/compute/libvirt/ssl/init.yml
+++ b/nova/compute/libvirt/ssl/init.yml
@@ -4,6 +4,7 @@
nova:
compute:
libvirt:
+ uri: qemu+tls://${linux:system:name}.${_param:cluster_domain}/system
tls:
enabled: True
key_file: ${_param:libvirtd_server_ssl_key_file}
diff --git a/openssh/server/team/maintenance.yml b/openssh/server/team/maintenance.yml
index 6f79522..0bceaad 100644
--- a/openssh/server/team/maintenance.yml
+++ b/openssh/server/team/maintenance.yml
@@ -2,7 +2,6 @@
- system.linux.system.sudo
- system.openssh.server.team.members.dmeltsaykin
- system.openssh.server.team.members.omolchanov
-- system.openssh.server.team.members.ibumarskov
- system.openssh.server.team.members.vkhlyunev
- system.openssh.server.team.members.dtsapikov
- system.openssh.server.team.members.rlubianyi
diff --git a/openssh/server/team/members/akiseleva.yml b/openssh/server/team/members/akiseleva.yml
new file mode 100644
index 0000000..d7e8db0
--- /dev/null
+++ b/openssh/server/team/members/akiseleva.yml
@@ -0,0 +1,20 @@
+parameters:
+ linux:
+ system:
+ user:
+ akiseleva:
+ enabled: true
+ name: akiseleva
+ sudo: ${_param:linux_system_user_sudo}
+ full_name: Alena Kiseleva
+ home: /home/akiseleva
+ email: akiseleva@mirantis.com
+ openssh:
+ server:
+ enabled: true
+ user:
+ akiseleva:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyxzlFKlCcfwagnnmCg1r9SUVfAgy/IdPSxsnpELjCRaz3FI66sYa1F1RdZngoXmYxe5qlmkiRQ0rCjIYk12I08du5FJGYQvMttJEgmVeHtFKW0o3uGBIKNJ5nCni3lR8idPTRXqhwdXYeA4A9+COQO4MGcaJZrqHgEviZt4jQrYy90WdqbKTD4meBRy4MC9+TOUs719kTxK54tmMHBq2l/ukmv3FwgtLz2xMeNW7htiS/1rzA9CEerjkvpc0mOxc4DCY4bH8sR2Ts3Y33Rx6aUN8shTij2aX2v8UvUay2JPqQTJicY+IsYl4D8w/XPx00Oj/3b54f6kTLlzzoNDq5 alena@alena-Lenovo-V580c
+ user: ${linux:system:user:akiseleva}
diff --git a/openssh/server/team/networking.yml b/openssh/server/team/networking.yml
index b314c59..d89b227 100644
--- a/openssh/server/team/networking.yml
+++ b/openssh/server/team/networking.yml
@@ -10,6 +10,7 @@
- system.openssh.server.team.members.dpyzhov
- system.openssh.server.team.members.asamoylov
- system.openssh.server.team.members.mrasskazov
+- system.openssh.server.team.members.ibumarskov
parameters:
_param:
linux_system_user_sudo: true
diff --git a/openssh/server/team/stacklight.yml b/openssh/server/team/stacklight.yml
index 032466b..4736b4a 100644
--- a/openssh/server/team/stacklight.yml
+++ b/openssh/server/team/stacklight.yml
@@ -1,3 +1,5 @@
+classes:
+- system.openssh.server.team.members.akiseleva
parameters:
_param:
linux_system_user_sudo: true
@@ -123,6 +125,13 @@
full_name: Michal Kobus
home: /home/mkobus
email: mkobus@mirantis.com
+ akiseleva:
+ enabled: true
+ name: akiseleva
+ sudo: true
+ full_name: Alena Kiseleva
+ home: /home/akiseleva
+ email: akiseleva@mirantis.com
openssh:
client:
enabled: true
@@ -214,6 +223,11 @@
public_keys:
- ${public_keys:mkobus}
user: ${linux:system:user:mkobus}
+ akiseleva:
+ enabled: true
+ public_keys:
+ - ${public_keys:akiseleva}
+ user: ${linux:system:user:akiseleva}
public_keys:
newt:
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3odU+3V2uDA2ptAFL9hrJRPNEEdAyztWOZFQ5Oyd9oerTGOU3p4xmrgWWjfKFKbYGhiiIUcYAol5PkTfKukGEkkjCHYA1t023soCaaAj85wCZCnw2zQNAziwxTYmAzTqgxiSvtZNMMrtJvFHRIRDzJ3M1lV0prWNWkMM1/3FAd4W49y6VT3fkMCo8uqG7CfGdgR2DgBCxf9KaNPfW5eDEPOgmE5lK8tVSEI6T+Cg7hbcTf4lFYnlFBnlQgp/0JstsM4Vbwb4B34LOpOsf2S8rrWk2xQMjwaMHXkc2s/E8iW3F5nVFuyEXYISFQIiAHw8dzC6CHgLcyHUVWwznKawZ newt@newt-dev1
@@ -249,3 +263,5 @@
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDC6TGCQAH3FGNSOhSbovhwODabOAsgVqG71rEDdXvDSShwyNB3RIICefas3mdSLsG7+1K9mZ1jicWzNbotvePwzrM/MESzntzp4QZ5J/9L3BMiqWWKL2u6BQ65LGe0YMzMmdSkqMAj0uxt3+OiFDPDrwqH6qN0hwxAJM+byeUlQW8uWQYm/pmWMD60GUrnjYUfKfEa/S3symaZBHQvjtp26De8D6u/jr4TWi5VJpKqVREqU7Z4IKwn8JvHMmUbRO4endW3cRiv35Qb7s66rO6TD0KlDFnnTxOtFvLhL51j58X4MrV9FHUI6czoqjAgEDe9CW7DzZ1xMj03d6IAipgL
mkobus:
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDCBqe3X+LrneiuieWGjlw5wRtgixBu2Q8LZjH6W+8nsOkB7iN6qRdKom3jac1Cdd5wSJ0NFAhDNcTLK4Etz/3YACglsTxk09TzXlqs1V0Y7U5a2eqn3KTOgMNsJ1aOhFq/LnmUwTdN8NXac6TIkwZZBj5KhHSvIoO+mfsascct5FIVU/+p32d3o/4NqMDDdTg/qxIMKQsh5sw5Y9Tz9h28LGbDh+QF2lW+b5YJhnCG21Uw17xcyxf3/53EpJwTXfElonSR7HMVLxrq7oDzmqKFZ2z8i9do6EgODKlZpSkxiAFOBw5oA2hPtEeqtXqvddu2FcNGuSNhx/6O8ZHIKq3Xh/tTOYnoc+qYDMRCzDwzeyivfr5Ci3n64giUaZl+KUr6D1CKeL2s8j9+kod/1JJDEeoYR+V93MTiTD/39N8eQAGv+6r9HBapXIkvr3iNuTH1+5eN36Vc90jXXRmGMZkF5P9ivNGDZGcy2pBwwPg/bRn2xb0zx1fsxd4qOi+Cd7mBCF4+SfnVCqUd2H9R0O3S7WgfLr+wOXpFq6/WwgjzI9RVhLJ5cZmePJKvYZYYhkAxsVwWSE639zFFuU1zhFXr49wa0njK9DdYWiQEhOki0ki3huABmVbWKg/zP1Rlllmtk0S4mwggJ57JYbuhEV3a1x1KOtWMzODW5cb3HlPTQw==
+ akiseleva:
+ key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCyxzlFKlCcfwagnnmCg1r9SUVfAgy/IdPSxsnpELjCRaz3FI66sYa1F1RdZngoXmYxe5qlmkiRQ0rCjIYk12I08du5FJGYQvMttJEgmVeHtFKW0o3uGBIKNJ5nCni3lR8idPTRXqhwdXYeA4A9+COQO4MGcaJZrqHgEviZt4jQrYy90WdqbKTD4meBRy4MC9+TOUs719kTxK54tmMHBq2l/ukmv3FwgtLz2xMeNW7htiS/1rzA9CEerjkvpc0mOxc4DCY4bH8sR2Ts3Y33Rx6aUN8shTij2aX2v8UvUay2JPqQTJicY+IsYl4D8w/XPx00Oj/3b54f6kTLlzzoNDq5 alena@alena-Lenovo-V580c
diff --git a/prometheus/server/alertmanager/kubernetes.yml b/prometheus/server/alertmanager/kubernetes.yml
new file mode 100644
index 0000000..3b1ff1c
--- /dev/null
+++ b/prometheus/server/alertmanager/kubernetes.yml
@@ -0,0 +1,11 @@
+parameters:
+ prometheus:
+ server:
+ config:
+ alertmanager:
+ kubernetes_alertmanager:
+ enabled: true
+ kubernetes_sd_configs:
+ role: pod
+ namespace: ${_param:kubernetes_alertmanager_namespace}
+ pod_name_regex: ^alertmanager.*
diff --git a/salt/minion/cert/libvirtd/client.yml b/salt/minion/cert/libvirtd/client.yml
index bf0ce83..31c1b32 100644
--- a/salt/minion/cert/libvirtd/client.yml
+++ b/salt/minion/cert/libvirtd/client.yml
@@ -18,4 +18,7 @@
key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
key_file: ${_param:libvirtd_client_ssl_key_file}
cert_file: ${_param:libvirtd_client_ssl_cert_file}
- ca_file: ${_param:libvirtd_ssl_ca_file}
\ No newline at end of file
+ ca_file: ${_param:libvirtd_ssl_ca_file}
+ user: root
+ group: nova
+ mode: 640
diff --git a/salt/minion/cert/libvirtd/server.yml b/salt/minion/cert/libvirtd/server.yml
index 9080672..b091d86 100644
--- a/salt/minion/cert/libvirtd/server.yml
+++ b/salt/minion/cert/libvirtd/server.yml
@@ -18,4 +18,7 @@
key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
key_file: ${_param:libvirtd_server_ssl_key_file}
cert_file: ${_param:libvirtd_server_ssl_cert_file}
- ca_file: ${_param:libvirtd_ssl_ca_file}
\ No newline at end of file
+ ca_file: ${_param:libvirtd_ssl_ca_file}
+ user: root
+ group: nova
+ mode: 640