Merge "Add parameter TEMPEST_VERSION for cvp_func job PROD-21521 Change-Id: I700209e5a48d648a1f781001482781bfc2ecb4ce"
diff --git a/ceilometer/server/telemetry/cluster.yml b/ceilometer/server/telemetry/cluster.yml
index d1c28ef..fdf3e03 100644
--- a/ceilometer/server/telemetry/cluster.yml
+++ b/ceilometer/server/telemetry/cluster.yml
@@ -10,6 +10,7 @@
region: ${_param:openstack_region}
cluster: true
secret: ${_param:ceilometer_secret_key}
+ role: ${_param:openstack_node_role}
ttl: 86400
notification:
workload_partitioning: true
diff --git a/ceilometer/server/telemetry/single.yml b/ceilometer/server/telemetry/single.yml
index 7a98b73..2d8828c 100644
--- a/ceilometer/server/telemetry/single.yml
+++ b/ceilometer/server/telemetry/single.yml
@@ -1,2 +1,6 @@
classes:
- service.ceilometer.server.single.common
+parameters:
+ ceilometer:
+ server:
+ role: ${_param:openstack_node_role}
diff --git a/jenkins/client/job/deploy/lab/component/openstack.yml b/jenkins/client/job/deploy/lab/component/openstack.yml
index 0e526c6..2faa44a 100644
--- a/jenkins/client/job/deploy/lab/component/openstack.yml
+++ b/jenkins/client/job/deploy/lab/component/openstack.yml
@@ -18,7 +18,7 @@
stack_env: devcloud
stack_type: heat
stack_install: core,openstack,contrail
- stack_test: ""
+ stack_test: "opencontrail"
job_timer: "H H(0-6) * * *"
- stack_name: os_ha_contrail_ironic
stack_env: devcloud
diff --git a/jenkins/client/job/salt-formulas/tests.yml b/jenkins/client/job/salt-formulas/tests.yml
index 1c9f4fb..7d659e8 100644
--- a/jenkins/client/job/salt-formulas/tests.yml
+++ b/jenkins/client/job/salt-formulas/tests.yml
@@ -10,6 +10,7 @@
- name: aptcacher
- name: aptly
- name: artifactory
+ - name: auditd
- name: avinetworks
- name: backupninja
- name: barbican
diff --git a/jenkins/client/job/vnf-onboarding/test_metaswitch_vsbc.yml b/jenkins/client/job/vnf-onboarding/test_metaswitch_vsbc.yml
index 8720fb1..e480d46 100644
--- a/jenkins/client/job/vnf-onboarding/test_metaswitch_vsbc.yml
+++ b/jenkins/client/job/vnf-onboarding/test_metaswitch_vsbc.yml
@@ -6,8 +6,8 @@
job:
test_metaswitch_vnf:
type: workflow-scm
- name: test_metaswitch_vnf
- display_name: "Onboarding tests for Metaswitch vSBC VNF"
+ name: test_metaswitch_vnf_ee
+ display_name: "Onboarding tests for Metaswitch vSBC VNF against CFY Enterprise Edition"
discard:
build:
keep_num: 20
@@ -50,7 +50,7 @@
default: "${_param:vnf_openstack_api_credentials}"
OPENSTACK_API_TENANT:
type: string
- default: "test"
+ default: "test-metaswitch"
GERRIT_CREDENTIALS:
type: string
default: "${_param:vnf_gerrit_credentials}"
@@ -79,11 +79,11 @@
default: "${_param:contrail_api_url}"
SETUP_OWN_CLOUDIFY:
type: boolean
- description: "Use temporary private Cloudify instance"
- default: false
+ description: "Use temporary private Cloudify instance. Metaswitch vSBC can work only with its own CFY instance"
+ default: true
CLOUDIFY_MANAGER_IP:
type: string
- description: "IP address of extrenal Cloudify. \"auto\" refers to address of deploy_cloudify job Cloudify instance"
+ description: "IP address of external Cloudify. \"auto\" refers to address of deploy_cloudify_enterprise job Cloudify instance"
default: "auto"
CLOUDIFY_MANAGER_OPTIONS:
type: string
@@ -97,6 +97,13 @@
type: string
description: "Parameters for cloudify agent VMs."
default: "CFY_AGENT_NET=cfm-net-shared CFY_AGENT_FLAVOR=cfy.agent CFY_AGENT_BACKEND_FLAVOR=backend.metaswitch CFY_AGENT_IMAGE=agent_vm CFY_AGENT_BASE_IMAGE=base_agent_vm CFY_AGENT_BACKEND_IMAGE=base_backend_vm"
+ CLOUDIFY_MANAGER_VERSION:
+ type: choice
+ choices:
+ - enterprise
+ - community
+ default: "enterprise"
+ description: "CFY edition version, make sure that it is consistent with CFY Manager image"
VNF_ARTIFACTORY_URL:
type: string
default: "${_param:vnf_artifactory_url}"
@@ -116,14 +123,14 @@
VNF_PLUGINS:
type: string
description: "Plugins to fetch from artifactory and install during build package step"
- default: "vnf_onboarding_tools-0.1-py27-none-linux_x86_64_Ubuntu_xenial"
+ default: "vnf_onboarding_tools-0.2-py27-none-linux_x86_64_CentOS_Core, cloudify_diamond_plugin-1.3.8-py27-none-linux_x86_64-centos-Core, metaswitch_deployment_plugin-2.1.0-py27-none-linux_x86_64-centos-Core"
VNF_OPTIONS:
type: string
- default: ""
+ default: "METASWITCH_VSBS_BPS=mirantis-blueprint-insecure-withoutsas-newlicense.tar DCM_IMAGE_NAME=MSwVA-DCM-V3.3 MDM_IMAGE_NAME=MSwVA-MDM-centos PERIMETA_IMAGE_NAME=MSwVA-Perimeta-V4.3.50_SU42_P252"
VNF_DOCKER_CLI_PLATFORM:
type: string
default: "ubuntu"
- CLOUDIFY_DEPLOYMENT_TIMEOUT:
+ VNF_DEPLOYMENT_TIMEOUT:
type: string
description: "Set up timeout for cloudify deployment (depends on each VNF specific and network throughput)."
default: 7200
diff --git a/nova/client/flavor/vnf_onboarding/metaswitch_vsbc.yml b/nova/client/flavor/vnf_onboarding/metaswitch_vsbc.yml
index 636fc73..831811f 100644
--- a/nova/client/flavor/vnf_onboarding/metaswitch_vsbc.yml
+++ b/nova/client/flavor/vnf_onboarding/metaswitch_vsbc.yml
@@ -20,7 +20,7 @@
vcpus: 1
MetaswitchSSC:
ram: 4096
- disk: 40
+ disk: 80
vcpus: 2
backend.metaswitch:
ram: 2048
diff --git a/nova/control/novncproxy/init.yml b/nova/control/novncproxy/init.yml
deleted file mode 100644
index 3cd04b8..0000000
--- a/nova/control/novncproxy/init.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-classes:
-- system.salt.minion.cert.vnc.novncproxy_client
-parameters:
- nova:
- controller:
- novncproxy:
- tls:
- enabled: True
- key_file: ${_param:novncproxy_client_ssl_key_file}
- cert_file: ${_param:novncproxy_client_ssl_cert_file}
- ca_file: ${_param:novncproxy_ssl_ca_file}
- all_file: ${_param:nova_websocketproxy_ssl_all_file}
-
diff --git a/nova/control/novncproxy/tls/init.yml b/nova/control/novncproxy/tls/init.yml
new file mode 100644
index 0000000..717d55e
--- /dev/null
+++ b/nova/control/novncproxy/tls/init.yml
@@ -0,0 +1,16 @@
+classes:
+- system.salt.minion.cert.vnc.novncproxy_client
+- system.salt.minion.cert.vnc.novncproxy_server
+parameters:
+ _param:
+ nova_vnc_tls_enabled: true
+ nova:
+ controller:
+ # Communication between noVNC proxy and client machine over TLS
+ novncproxy:
+ tls:
+ enabled: ${_param:nova_vnc_tls_enabled}
+ # Only for Queens. Communication between noVNC proxy service and QEMU
+ vencrypt:
+ tls:
+ enabled: ${_param:nova_vnc_tls_enabled}
diff --git a/openssh/server/team/networking.yml b/openssh/server/team/networking.yml
index 7e5f915..e4f5ea7 100644
--- a/openssh/server/team/networking.yml
+++ b/openssh/server/team/networking.yml
@@ -3,6 +3,9 @@
- system.openssh.server.team.members.pjediny
- system.openssh.server.team.members.skreys
- system.openssh.server.team.members.smatov
+- system.openssh.server.team.members.ivasilevskaya
+- system.openssh.server.team.members.jcach
+- system.openssh.server.team.members.psvimbersky
parameters:
_param:
linux_system_user_sudo: true
diff --git a/salt/minion/ca/qemu-vnc_ca.yml b/salt/minion/ca/qemu-vnc_ca.yml
index 53778f1..a4583ad 100644
--- a/salt/minion/ca/qemu-vnc_ca.yml
+++ b/salt/minion/ca/qemu-vnc_ca.yml
@@ -21,7 +21,7 @@
signing_policy:
cert_server:
type: v3_edge_cert_server
- minions: 'cmp*'
+ minions: '*'
cert_client:
type: v3_edge_cert_client
minions: 'ctl*'
diff --git a/salt/minion/cert/vnc/novncproxy_client.yml b/salt/minion/cert/vnc/novncproxy_client.yml
index 7f695eb..9641611 100644
--- a/salt/minion/cert/vnc/novncproxy_client.yml
+++ b/salt/minion/cert/vnc/novncproxy_client.yml
@@ -5,11 +5,10 @@
novncproxy_client_ssl_key_file: /etc/pki/nova-novncproxy/client-key.pem
novncproxy_client_ssl_cert_file: /etc/pki/nova-novncproxy/client-cert.pem
novncproxy_ssl_ca_file: /etc/pki/nova-novncproxy/ca-cert.pem
- nova_websocketproxy_ssl_all_file: /var/lib/nova/self.pem
salt:
minion:
cert:
- libvirt_novnc_client:
+ novncproxy_novnc_client:
host: ${_param:salt_minion_ca_host}
authority: ${_param:qemu_vnc_ca_authority}
common_name: ${linux:system:name}.${_param:cluster_domain}
@@ -23,7 +22,6 @@
key_file: ${_param:novncproxy_client_ssl_key_file}
cert_file: ${_param:novncproxy_client_ssl_cert_file}
ca_file: ${_param:novncproxy_ssl_ca_file}
- all_file: ${_param:nova_websocketproxy_ssl_all_file}
user: nova
group: nova
mode: 640
diff --git a/salt/minion/cert/vnc/novncproxy_server.yml b/salt/minion/cert/vnc/novncproxy_server.yml
new file mode 100644
index 0000000..20c24e2
--- /dev/null
+++ b/salt/minion/cert/vnc/novncproxy_server.yml
@@ -0,0 +1,29 @@
+classes:
+- system.salt.minion.cert.vnc
+parameters:
+ _param:
+ novncproxy_server_ssl_key_file: /etc/pki/nova-novncproxy/server-key.pem
+ novncproxy_server_ssl_cert_file: /etc/pki/nova-novncproxy/server-cert.pem
+ novncproxy_ssl_ca_file: /etc/pki/nova-novncproxy/ca-cert.pem
+ salt:
+ minion:
+ cert:
+ novncproxy_novnc_server:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:qemu_vnc_ca_authority}
+ common_name: ${linux:system:name}.${_param:cluster_domain}
+ signing_policy: cert_server
+ alternative_names: >
+ IP:${_param:cluster_local_address},
+ IP:${_param:cluster_vip_address},
+ DNS:${_param:cluster_local_address},
+ DNS:${linux:system:name},
+ DNS:${_param:cluster_vip_address},
+ DNS:${linux:network:fqdn}
+ key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+ key_file: ${_param:novncproxy_server_ssl_key_file}
+ cert_file: ${_param:novncproxy_server_ssl_cert_file}
+ ca_file: ${_param:novncproxy_ssl_ca_file}
+ user: nova
+ group: nova
+ mode: 640