Merge "Move ashestakov to k8s team."
diff --git a/docker/client.yml b/docker/client/compose/init.yml
similarity index 62%
rename from docker/client.yml
rename to docker/client/compose/init.yml
index b1be1cb..efeeadd 100644
--- a/docker/client.yml
+++ b/docker/client/compose/init.yml
@@ -1,11 +1,10 @@
classes:
- - service.docker.client
+ - system.docker.client
parameters:
_param:
- docker_image_compose: docker/compose:1.17.0
+ docker_image_compose: docker/compose:1.17.1
docker:
client:
- enabled: true
compose:
source:
engine: docker
diff --git a/docker/client/compose/service/gerrit.yml b/docker/client/compose/service/gerrit.yml
new file mode 100644
index 0000000..183f57d
--- /dev/null
+++ b/docker/client/compose/service/gerrit.yml
@@ -0,0 +1,72 @@
+classes:
+ - system.docker.client.compose
+parameters:
+ _param:
+ docker_image_gerrit: tcpcloud/gerrit:2.13.6
+ docker_image_mysql: tcpcloud/mysql:5.6
+ gerrit_ldap_server: ""
+ gerrit_ldap_bind_user: ""
+ gerrit_ldap_bind_password: ""
+ gerrit_ldap_account_base: ""
+ gerrit_ldap_group_base: ""
+ gerrit_http_listen_url: http://*:8080/
+ gerrit_extra_opts: ""
+ docker:
+ client:
+ compose:
+ gerrit:
+ service:
+ server:
+ image: ${_param:docker_image_gerrit}
+ restart: always
+ ports:
+ - 18083:8080
+ - 29417:29418
+ volumes:
+ - /srv/volumes/gerrit:/var/gerrit/review_site
+ depends_on:
+ - db
+ environment:
+ #GERRIT_INIT_ARGS: ""
+ DATABASE_TYPE: "mysql"
+ DB_PORT_3306_TCP_ADDR: ${_param:cluster_vip_address}
+ DB_ENV_MYSQL_USER: gerrit
+ DB_ENV_MYSQL_PASSWORD: ${_param:mysql_gerrit_password}
+ DB_ENV_MYSQL_DB: gerrit
+ AUTH_TYPE: ${_param:gerrit_auth_type}
+ LDAP_SERVER: ${_param:gerrit_ldap_server}
+ LDAP_ACCOUNTPATTERN: 'uid={username}'
+ LDAP_ACCOUNTBASE: ${_param:gerrit_ldap_account_base}
+ LDAP_GROUPBASE: ${_param:gerrit_ldap_group_base}
+ LDAP_USERNAME: ${_param:gerrit_ldap_bind_user}
+ LDAP_PASSWORD: ${_param:gerrit_ldap_bind_password}
+ WEBURL: ${_param:gerrit_public_host}
+ HTTPD_LISTENURL: ${_param:gerrit_http_listen_url}
+ GERRIT_ADMIN_SSH_PUBLIC: ${_param:gerrit_admin_public_key}
+ GERRIT_ADMIN_PWD: ${_param:gerrit_admin_password}
+ GERRIT_ADMIN_EMAIL: ${_param:gerrit_admin_email}
+ CANLOADINIFRAME: "true"
+ JAVA_OPTIONS: ${_param:gerrit_extra_opts}
+ https_proxy: ${_param:docker_https_proxy}
+ http_proxy: ${_param:docker_http_proxy}
+ no_proxy: ${_param:docker_no_proxy}
+ db:
+ environment:
+ MYSQL_USER: gerrit
+ MYSQL_PASSWORD: ${_param:mysql_gerrit_password}
+ MYSQL_DATABASE: gerrit
+ MYSQL_ROOT_PASSWORD: ${_param:mysql_admin_password}
+ MYSQL_START_TIMEOUT: 300
+ deploy:
+ restart_policy:
+ condition: any
+ image: "${_param:docker_image_mysql}"
+ ports:
+ - 13306:3306
+ volumes:
+ - /srv/volumes/mysql:/var/lib/mysql
+ linux:
+ system:
+ directory:
+ /srv/volumes/gerrit:
+ makedirs: true
diff --git a/docker/client/compose/service/jenkins.yml b/docker/client/compose/service/jenkins.yml
new file mode 100644
index 0000000..7d3aec0
--- /dev/null
+++ b/docker/client/compose/service/jenkins.yml
@@ -0,0 +1,41 @@
+classes:
+ - system.docker.client.compose
+parameters:
+ _param:
+ docker_image_jenkins: tcpcloud/jenkins:2.89
+ jenkins_master_extra_opts: ""
+ jenkins_master_executors_num: 4
+ jenkins_master_max_concurent_requests: 40
+ docker:
+ client:
+ compose:
+ jenkins:
+ status: up
+ service:
+ master:
+ environment:
+ JENKINS_HOME: /var/jenkins_home
+ JAVA_OPTS: " -server -XX:+AlwaysPreTouch -Xloggc:$JENKINS_HOME/gc-%t.log -XX:NumberOfGCLogFiles=5 -XX:+UseGCLogFileRotation -XX:GCLogFileSize=20m -XX:+PrintGC -XX:+PrintGCDateStamps -XX:+PrintGCDetails -XX:+PrintHeapAtGC -XX:+PrintGCCause -XX:+PrintTenuringDistribution -XX:+PrintReferenceGC -XX:+PrintAdaptiveSizePolicy -XX:+UseG1GC -XX:+ExplicitGCInvokesConcurrent -XX:+ParallelRefProcEnabled -XX:+UseStringDeduplication -XX:+UnlockExperimentalVMOptions -XX:G1NewSizePercent=20 -XX:+UnlockDiagnosticVMOptions -XX:G1SummarizeRSetStatsPeriod=1 -Djenkins.install.runSetupWizard=false -Dhudson.DNSMultiCast.disabled=true -Dhudson.udp=-1 -Dhudson.footerURL=https://www.mirantis.com ${_param:jenkins_master_extra_opts}"
+ JENKINS_NUM_EXECUTORS: ${_param:jenkins_master_executors_num}
+ JENKINS_OPTS: " --handlerCountMax=${_param:jenkins_master_max_concurent_requests}"
+ https_proxy: ${_param:docker_https_proxy}
+ http_proxy: ${_param:docker_http_proxy}
+ no_proxy: ${_param:docker_no_proxy}
+ image: ${_param:docker_image_jenkins}
+ restart: always
+ ports:
+ - 18081:8080
+ - 50001:50000
+ volumes:
+ - /srv/volumes/jenkins:/var/jenkins_home
+ - /etc/ssl/certs/java/cacerts:/etc/ssl/certs/java/cacerts:ro
+ linux:
+ system:
+ directory:
+ /srv/volumes/jenkins:
+ makedirs: true
+ user: 1000
+ group: 1000
+ package:
+ ca-certificates-java:
+ version: latest
diff --git a/docker/client/init.yml b/docker/client/init.yml
new file mode 100644
index 0000000..610e0a4
--- /dev/null
+++ b/docker/client/init.yml
@@ -0,0 +1,6 @@
+classes:
+ - service.docker.client
+parameters:
+ docker:
+ client:
+ enabled: true
diff --git a/docker/swarm/stack/pushkin.yml b/docker/swarm/stack/pushkin.yml
index d0a3bce..22a921d 100644
--- a/docker/swarm/stack/pushkin.yml
+++ b/docker/swarm/stack/pushkin.yml
@@ -22,6 +22,7 @@
sfdc_consumer_key: example_consumer_key
sfdc_consumer_secret: example_consumer_secret
sfdc_organization_id: example_organization_id
+ sfdc_environment_id: 0
sfdc_sandbox_enabled: true
docker:
client:
@@ -46,6 +47,7 @@
SFDC_CONSUMER_KEY: ${_param:sfdc_consumer_key}
SFDC_CONSUMER_SECRET: ${_param:sfdc_consumer_secret}
SFDC_ORGANIZATION_ID: ${_param:sfdc_organization_id}
+ SFDC_ENVIRONMENT_ID: ${_param:sfdc_environment_id}
SFDC_SANDBOX_ENABLED: ${_param:sfdc_sandbox_enabled}
service:
pushkin-api:
diff --git a/glance/client/image/cirros.yml b/glance/client/image/cirros.yml
index d9f3f33..3a7b213 100644
--- a/glance/client/image/cirros.yml
+++ b/glance/client/image/cirros.yml
@@ -2,7 +2,7 @@
- system.glance.client
parameters:
_param:
- cirros_image_url: "http://apt.mirantis.com/images/cirros-x64-20170828.qcow2"
+ cirros_image_url: "http://images.mirantis.com/cirros-x64-20170828.qcow2"
cirros_image_name: "cirros-0.3.0-x86_64"
glance:
client:
diff --git a/glance/client/image/ubuntu_trusty.yml b/glance/client/image/ubuntu_trusty.yml
index be9effc..2af6458 100644
--- a/glance/client/image/ubuntu_trusty.yml
+++ b/glance/client/image/ubuntu_trusty.yml
@@ -2,7 +2,7 @@
- system.glance.client
parameters:
_param:
- ubuntu_trusty_image_url: "http://apt.mirantis.com/images/ubuntu-14-04-x64-mcp1.1.qcow2"
+ ubuntu_trusty_image_url: "http://images.mirantis.com/ubuntu-14-04-x64-mcp1.1.qcow2"
ubuntu_trusty_image_name: "ubuntu-14-04-x64-mcp1.1"
glance:
client:
diff --git a/glance/client/image/ubuntu_xenial.yml b/glance/client/image/ubuntu_xenial.yml
index 4206584..a08a47d 100644
--- a/glance/client/image/ubuntu_xenial.yml
+++ b/glance/client/image/ubuntu_xenial.yml
@@ -2,7 +2,7 @@
- system.glance.client
parameters:
_param:
- ubuntu_xenial_image_url: "http://apt.mirantis.com/images/ubuntu-16-04-x64-mcp1.1.qcow2"
+ ubuntu_xenial_image_url: "http://images.mirantis.com/ubuntu-16-04-x64-mcp1.1.qcow2"
ubuntu_xenial_image_name: "ubuntu-16-04-amd64-cloudimg"
glance:
client:
diff --git a/jenkins/client/job/aptly.yml b/jenkins/client/job/aptly.yml
index 82e5ac7..83b70cb 100644
--- a/jenkins/client/job/aptly.yml
+++ b/jenkins/client/job/aptly.yml
@@ -1,6 +1,4 @@
parameters:
- _param:
- jenkins_aptly_storages: "local"
jenkins:
client:
view:
diff --git a/jenkins/client/job/deploy/lab/component/ceph.yml b/jenkins/client/job/deploy/lab/component/ceph.yml
index e9e3d64..b927c5d 100644
--- a/jenkins/client/job/deploy/lab/component/ceph.yml
+++ b/jenkins/client/job/deploy/lab/component/ceph.yml
@@ -15,3 +15,10 @@
stack_install: core,ceph
stack_test: "ceph"
job_timer: "H H * * *"
+ - stack_name: os_ha_ovs_ceph
+ stack_env: devcloud
+ stack_type: heat
+ stack_install: core,openstack,ovs,ceph
+ stack_test: ""
+ job_timer: "H H(0-6) * * *"
+
diff --git a/jenkins/client/job/git-mirrors/upstream/oss.yml b/jenkins/client/job/git-mirrors/upstream/oss.yml
index af3f816..57ce1a2 100644
--- a/jenkins/client/job/git-mirrors/upstream/oss.yml
+++ b/jenkins/client/job/git-mirrors/upstream/oss.yml
@@ -7,3 +7,7 @@
downstream: oss/rundeck-cis-jobs
upstream: "git@github.com:Mirantis/rundeck-cis-jobs"
branches: master
+ - name: security-monkey
+ downstream: oss/security-monkey
+ upstream: "git@github.com:Netflix/security_monkey.git"
+ branches: develop
diff --git a/jenkins/client/job/salt-models/tests.yml b/jenkins/client/job/salt-models/tests.yml
index 0440b28..19ed2e0 100644
--- a/jenkins/client/job/salt-models/tests.yml
+++ b/jenkins/client/job/salt-models/tests.yml
@@ -164,7 +164,7 @@
default: "1"
EXTRA_FORMULAS:
type: string
- default: "xtrabackup docker haproxy aptly keepalived gerrit jenkins openldap maas backupninja"
+ default: "aptly artifactory backupninja collectd devops-portal docker elasticsearch freeipa gerrit glusterfs grafana haproxy heka horizon influxdb jenkins keepalived kibana libvirt maas memcached mysql nginx ntp openldap openssh postfix prometheus rsync rsyslog rundeck sensu sphinx telegraf xtrabackup"
job:
test-salt-model-node:
name: test-salt-model-node
diff --git a/jenkins/client/job/validate.yml b/jenkins/client/job/validate.yml
index 6d3ecda..6bf4cac 100644
--- a/jenkins/client/job/validate.yml
+++ b/jenkins/client/job/validate.yml
@@ -126,6 +126,14 @@
type: string
default: ""
description: Git branch which will be used during the checkout
+ RALLY_SCENARIOS:
+ type: string
+ default: ""
+ description: Rally scenarios directory or file with scenarios
+ RALLY_TASK_ARGS_FILE:
+ type: string
+ default: ""
+ description: Rally scenarios arguments file
AVAILABILITY_ZONE:
type: string
default: "nova"
diff --git a/nova/compute/cluster.yml b/nova/compute/cluster.yml
index e8b29cc..5d0e6a1 100644
--- a/nova/compute/cluster.yml
+++ b/nova/compute/cluster.yml
@@ -1,6 +1,5 @@
classes:
- service.nova.compute.kvm
-- service.iptables.server
parameters:
_param:
nova_vncproxy_url: https://${_param:cluster_public_host}:6080
@@ -95,15 +94,3 @@
public_key: ${_param:nova_compute_ssh_public}
private_key: ${_param:nova_compute_ssh_private}
my_ip: ${_param:single_address}
- libvirt:
- uri: qemu+unix:///system?socket=/var/run/libvirt/libvirt-sock
- iptables:
- service:
- enabled: true
- chain:
- INPUT:
- rules:
- # deny any connections to libvirt port
- - destination_port: 16509
- protocol: tcp
- jump: DROP
\ No newline at end of file
diff --git a/nova/compute/single.yml b/nova/compute/single.yml
index d5126df..b915145 100644
--- a/nova/compute/single.yml
+++ b/nova/compute/single.yml
@@ -2,7 +2,6 @@
- nova
classes:
- service.nova.compute.kvm
-- service.iptables.server
parameters:
_param:
nova_vncproxy_url: https://${_param:cluster_public_host}:6080
@@ -91,15 +90,3 @@
public_key: ${_param:nova_compute_ssh_public}
private_key: ${_param:nova_compute_ssh_private}
my_ip: ${_param:single_address}
- libvirt:
- uri: qemu+unix:///system?socket=/var/run/libvirt/libvirt-sock
- iptables:
- service:
- enabled: true
- chain:
- INPUT:
- rules:
- # deny any connections to libvirt port
- - destination_port: 16509
- protocol: tcp
- jump: DROP
\ No newline at end of file
diff --git a/opencontrail/control/analytics4_0.yml b/opencontrail/control/analytics4_0.yml
index 11ad4d3..a426e02 100644
--- a/opencontrail/control/analytics4_0.yml
+++ b/opencontrail/control/analytics4_0.yml
@@ -30,9 +30,9 @@
config_only: true
discovery:
host: None
+ identity:
+ host: ${_param:openstack_control_address}
analytics:
- identity:
- host: ${_param:openstack_control_address}
members:
- host: ${_param:opencontrail_analytics_node01_address}
- host: ${_param:opencontrail_analytics_node02_address}
diff --git a/opencontrail/control/cluster4_0.yml b/opencontrail/control/cluster4_0.yml
index 1ee9ca5..9796930 100644
--- a/opencontrail/control/cluster4_0.yml
+++ b/opencontrail/control/cluster4_0.yml
@@ -83,6 +83,8 @@
host: ${_param:openstack_control_address}
control:
config_only: true
+ identity:
+ host: ${_param:openstack_control_address}
analytics:
members:
- host: ${_param:cluster_node01_address}
diff --git a/opencontrail/control/single4_0.yml b/opencontrail/control/single4_0.yml
index de6f558..ded5289 100644
--- a/opencontrail/control/single4_0.yml
+++ b/opencontrail/control/single4_0.yml
@@ -128,6 +128,8 @@
- host: ${_param:single_address}
collector:
config_only: true
+ identity:
+ host: ${_param:openstack_control_address}
discovery:
host: None
database:
diff --git a/openssh/server/team/maintenance.yml b/openssh/server/team/maintenance.yml
new file mode 100644
index 0000000..44e8639
--- /dev/null
+++ b/openssh/server/team/maintenance.yml
@@ -0,0 +1,9 @@
+classes:
+- system.linux.system.sudo
+- system.openssh.server.team.members.astupnikov
+- system.openssh.server.team.members.dmeltsaykin
+- system.openssh.server.team.members.myatsenko
+- system.openssh.server.team.members.omolchanov
+parameters:
+ _param:
+ linux_system_user_sudo: true
diff --git a/openssh/server/team/members/astupnikov.yml b/openssh/server/team/members/astupnikov.yml
new file mode 100644
index 0000000..d4522f6
--- /dev/null
+++ b/openssh/server/team/members/astupnikov.yml
@@ -0,0 +1,20 @@
+parameters:
+ linux:
+ system:
+ user:
+ astupnikov:
+ enabled: true
+ name: astupnikov
+ sudo: ${_param:linux_system_user_sudo}
+ full_name: Alexey Stupnikov
+ home: /home/astupnikov
+ email: astupnikov@mirantis.com
+ openssh:
+ server:
+ enabled: true
+ user:
+ astupnikov:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDrV6q403BYodTCb8BCsWlkW6AHxvtCH5JxI9gUANsvbQd9n8fd16xqgXVecCRBJOS4PVauLNiQPMaj6ZuFeRZ8ZXvX498eNSNa5WhBbSwk0X/DqdK1LN/MStTAtL60JQV0yQSY+BghVJkREw4MJJBksyP0X+OG5AB+ijh/bjsabYr+EQNK+WJblrsRvNNCbjiWPcjzXVMxUrzphB09CYMwWFgx1An5jS7c1EGvXrzf0aK1KkadhGnXcjPACFaMGPYmu5HNgQcRnzNXDQU6PLGeyqNnZYZjHdQWZR88cQywznqzI8y9P4qSOTVStYoKLlYsdQFRTw8sJrRpPZupgSED astupnikov@astupnikov-srv
+ user: ${linux:system:user:astupnikov}
diff --git a/openssh/server/team/members/dmeltsaykin.yml b/openssh/server/team/members/dmeltsaykin.yml
new file mode 100644
index 0000000..1b5ff2e
--- /dev/null
+++ b/openssh/server/team/members/dmeltsaykin.yml
@@ -0,0 +1,20 @@
+parameters:
+ linux:
+ system:
+ user:
+ dmeltsaykin:
+ enabled: true
+ name: dmeltsaykin
+ sudo: ${_param:linux_system_user_sudo}
+ full_name: Denis Meltsaykin
+ home: /home/dmeltsaykin
+ email: dmeltsaykin@mirantis.com
+ openssh:
+ server:
+ enabled: true
+ user:
+ dmeltsaykin:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqfNIy3WuxzRzOY/GBNGOnP5UrCFWZ8uMzW6hEl4wgIEYYIcv8o+C1/hvrfHimG/I/rAwYRS6Dx0bZ7m49zATNxe+EVer3BV63ru34Hzel/XxxyD34ULmrDgvP3olaAKFI17gVOFQ7hCBzDRp3s4YN3ojQspPyeiO+Jt8OwVomxJWgLauAHhl7Z/XPVHpT/fssJGG/eC4oOz4RZ4jAk0BH3Yl8s63grfwrgB79H/+nr0UvBdTkBn3T5WiC4gxnm+jQQwci7/BLQsg1Z3OykfTuyftIexNyVVy/SmdsGi37RJGFKRMMovoZx+261JgaHWBoHqBJa5UpV2usi9z3Py2z avgoor@MacBook-Pro-Denis.local
+ user: ${linux:system:user:dmeltsaykin}
diff --git a/openssh/server/team/members/myatsenko.yml b/openssh/server/team/members/myatsenko.yml
new file mode 100644
index 0000000..01c2417
--- /dev/null
+++ b/openssh/server/team/members/myatsenko.yml
@@ -0,0 +1,20 @@
+parameters:
+ linux:
+ system:
+ user:
+ myatsenko:
+ enabled: true
+ name: myatsenko
+ sudo: ${_param:linux_system_user_sudo}
+ full_name: Maksym Yatsenko
+ home: /home/myatsenko
+ email: myatsenko@mirantis.com
+ openssh:
+ server:
+ enabled: true
+ user:
+ myatsenko:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3wCjIm2PVzViGp5NFxeDHLVLxSq67gR+mm4jarHyDVb8wz9kfSG6cWGXNZhrqse7NgpDZpurFunFddXQBOgR6LmOfo9sDlcl4oT0+OnWHgyK6RMYcigkVYVYI5W2f5M+3Dz/KjV1S/VmRYlh/tz46PECV+Y93RaUUXS/91Uv19SAzuCd3Rj0l43HY5ROZNK0VZSrIsnhOqLZxF71v0jY/AbFxswooMH0NCM7XFqVBsRjwclfQjIGkV1j4xeWGM1xWkvvHCSEz2JdeAR5w3C7mhCzPpQJXvQGJNuccyZzoNbHPgDdFPx76MGj/VdmeUu5yKnFSnNNoQ1CcbxmaYeJ7 myatsenko@myatsenko-pc
+ user: ${linux:system:user:myatsenko}
diff --git a/openssh/server/team/members/omolchanov.yml b/openssh/server/team/members/omolchanov.yml
new file mode 100644
index 0000000..61289ed
--- /dev/null
+++ b/openssh/server/team/members/omolchanov.yml
@@ -0,0 +1,20 @@
+parameters:
+ linux:
+ system:
+ user:
+ omolchanov:
+ enabled: true
+ name: omolchanov
+ sudo: ${_param:linux_system_user_sudo}
+ full_name: Oleksii Molchanov
+ home: /home/omolchanov
+ email: omolchanov@mirantis.com
+ openssh:
+ server:
+ enabled: true
+ user:
+ myatsenko:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCulNT7qgpJtIoLshljGonHfWk5IYh/MhzO2PEh3GnzrsnI8Mgv2W8TCD4ZB7RbSP6Jt74T7P6F4Mgzag/Nxjwimh7cUJoJZQH54QC4GVBN+YG+CRjEhIDn/OEM9q+6fnAWqBLBf/k0pzeRxWM4mLpcU+6DSPS57qjEKG5OfLCgFbBFg+4EdGP9HNVTLcMBglo7vTWtvzaGjJgH0XFXjx1fXW9JftEmwMzNdoYpQ/a19JYC2x5vu0cGWUjdMWmrzJbnTJ7SwnVYfD2mhUYDi8WGy/nCk67tb6qKCAUN5kvCEWrMPDhVEcBfvyhXU2wVnZHJbOoZxrBiici9q2U7KDYT alex@alex-B85M-DS3H
+ user: ${linux:system:user:omolchanov}