Merge "Added EXTRA_FORMULAS to proper pipeline definitions"
diff --git a/cinder/volume/local.yml b/cinder/volume/local.yml
new file mode 100644
index 0000000..794a33e
--- /dev/null
+++ b/cinder/volume/local.yml
@@ -0,0 +1,14 @@
+classes:
+- service.cinder.volume.local
+parameters:
+ cinder:
+ volume:
+ enabled: True
+ database:
+ host: ${_param:single_address}
+ glance:
+ host: ${_param:single_address}
+ message_queue:
+ host: ${_param:single_address}
+ identity:
+ host: ${_param:single_address}
diff --git a/jenkins/client/job/debian/packages/extra.yml b/jenkins/client/job/debian/packages/extra.yml
index 298452e..243df79 100644
--- a/jenkins/client/job/debian/packages/extra.yml
+++ b/jenkins/client/job/debian/packages/extra.yml
@@ -137,6 +137,10 @@
dist: xenial
build: telegraf
branch: release-1.2
+ - package: libvirt-exporter
+ dist: xenial
+ build: libvirt-exporter
+ branch: master
template:
type: workflow-scm
concurrent: false
diff --git a/jenkins/client/job/deploy/update/upgrade.yml b/jenkins/client/job/deploy/update/upgrade.yml
index 81a7b16..efbd153 100644
--- a/jenkins/client/job/deploy/update/upgrade.yml
+++ b/jenkins/client/job/deploy/update/upgrade.yml
@@ -23,3 +23,15 @@
SALT_MASTER_CREDENTIALS:
type: string
default: "salt"
+ STAGE_TEST_UPGRADE:
+ type: boolean
+ default: 'true'
+ description: "Test if syncdb and APIs succeed"
+ STAGE_REAL_UPGRADE:
+ type: boolean
+ default: 'true'
+ description: "Run real control upgrade"
+ STAGE_ROLLBACK_UPGRADE:
+ type: boolean
+ default: 'true'
+ description: "Rollback if control upgrade fails"
diff --git a/jenkins/client/job/git-mirrors/downstream/debian-packages.yml b/jenkins/client/job/git-mirrors/downstream/debian-packages.yml
index 9708d9f..dde7d9a 100644
--- a/jenkins/client/job/git-mirrors/downstream/debian-packages.yml
+++ b/jenkins/client/job/git-mirrors/downstream/debian-packages.yml
@@ -7,6 +7,10 @@
downstream: debian/telegraf
upstream: "https://github.com/influxdata/telegraf.git"
branches: master
+ - name: libvirt-exporter
+ downstream: debian/libvirt-exporter
+ upstream: "https://github.com/kumina/libvirt_exporter.git"
+ branches: master
- name: debian-gophercloud
downstream: debian/gophercloud
upstream: "https://github.com/gophercloud/gophercloud.git"
diff --git a/jenkins/client/job/test_devops_portal.yml b/jenkins/client/job/test_devops_portal.yml
index 711f42a..41be263 100644
--- a/jenkins/client/job/test_devops_portal.yml
+++ b/jenkins/client/job/test_devops_portal.yml
@@ -32,9 +32,15 @@
- addedContains:
commentAddedCommentContains: '(recheck|reverify)'
param:
+ COMPOSE_PATH:
+ type: string
+ default: "docker/stack/docker-compose.yml"
CREDENTIALS_ID:
type: string
default: "gerrit"
+ JSON_CONFIG:
+ type: string
+ default: '{"services": {"elasticsearch": {"endpoint": "http://elasticsearch:9200"}}}'
NODE_IMAGE:
type: string
default: "docker-sandbox.sandbox.mirantis.net/ikharin/ci/node-firefox:6.10"
diff --git a/linux/system/sudo.yml b/linux/system/sudo.yml
index 1668c12..8f03f7d 100644
--- a/linux/system/sudo.yml
+++ b/linux/system/sudo.yml
@@ -23,7 +23,21 @@
- /usr/sbin/visudo
sudo_coreutils_safe:
- /usr/bin/less
+ - /usr/bin/grep
+ - /usr/bin/fgrep
+ - /usr/bin/egrep
+ - /usr/bin/zgrep
+ - /usr/bin/tail
+ - /usr/bin/socat
+ - /usr/bin/top
+ - /usr/bin/tail
+ - /usr/bin/lsof
+ - /usr/bin/virsh
+ - /bin/ls
+ - /bin/cp
+ - /bin/netstat
sudo_rabbitmq_safe:
+ - /usr/sbin/rabbitmqctl
- /usr/sbin/rabbitmqctl status
- /usr/sbin/rabbitmqctl cluster_status
- /usr/sbin/rabbitmqctl list_queues*
@@ -41,3 +55,42 @@
- /usr/bin/salt-call saltutil*
sudo_salt_trusted:
- /usr/bin/salt*
+ sudo_networking:
+ - /sbin/ip
+ - /sbin/ss
+ - /sbin/ifconfig
+ - /sbin/route
+ - /sbin/ethtool
+ - /sbin/tcpdump
+ sudo_contrail_utilities:
+ - /usr/bin/contrail*
+ - /bin/contrail*
+ - /usr/bin/vif
+ - /usr/bin/flow
+ - /usr/bin/vrfstats
+ - /usr/bin/rt
+ - /usr/bin/dropstats
+ - /usr/bin/mpls
+ - /usr/bin/mirror
+ - /usr/bin/vxlan
+ - /usr/bin/nh
+ sudo_storage_utilities:
+ - /usr/bin/ceph*
+ - /usr/bin/rados*
+ - /usr/bin/rbd
+ - /usr/sbin/gluster
+ sudo_openstack_clients:
+ - /usr/bin/openstack
+ - /usr/bin/heat*
+ - /usr/bin/nova*
+ - /usr/bin/neutron*
+ - /usr/bin/keystone*
+ - /usr/bin/glance*
+ - /usr/bin/cinder*
+ - /usr/bin/swift*
+ - /usr/bin/ironic*
+ - /usr/bin/manila*
+ - /usr/bin/barbican*
+ - /usr/bin/ceilometer*
+ - /usr/bin/trove*
+
diff --git a/opencontrail/control/cluster.yml b/opencontrail/control/cluster.yml
index 4ffe081..7e30779 100644
--- a/opencontrail/control/cluster.yml
+++ b/opencontrail/control/cluster.yml
@@ -13,8 +13,6 @@
version: 0.9.0-0contrail0
python-kafka:
version: 1.0.1-0contrail1
- contrail-api-cli:
- version: latest
opencontrail:
web:
database:
diff --git a/openssh/server/team/k8s_team.yml b/openssh/server/team/k8s_team.yml
index c46a2a0..36f3252 100644
--- a/openssh/server/team/k8s_team.yml
+++ b/openssh/server/team/k8s_team.yml
@@ -72,6 +72,13 @@
full_name: Stan Lagun
home: /home/slagun
email: slagun@mirantis.com
+ psiwczak:
+ enabled: true
+ sudo: true
+ name: psiwczak
+ full_name: Piotr Siwczak
+ home: /home/psiwczak
+ email: psiwczak@mirantis.com
openssh:
server:
enabled: true
@@ -147,3 +154,5 @@
key: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA0IKYIbf05K67En++os8mfi2XYTCHp5ex+KBy4Y7NqAXC3J+hnqgcMry9sHtqVJ+O6do7bCRY7sjgnWosm6TxEupxMCs+euViT3VFvQlszAvj4v/xrAu0IwUUiqA0Pn9TKCJrHtYKYixkGfNw8IdxShH2FRTh52ufBqlLP5qRhdMP/nOohbNwtk0FAX49UB4AXzcLLkHu+P3gjTkR345CH+iciBGL88rp8qpEEA6QdtEjcgk1tGY3uktJ1tTWBv4ozth6EF9A+kG4yd1Fhwv2JVPRNkcL/xKR7f4i67A9KyyNoFLv4rHfXXPOjyproNpz5CZ06V7lJ4jgU/AbyHhLgw== mmosesohn@mattymo1
slagun:
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCfQtpitSDDfwP1TruBs7Nlim1B2PC8NKu1lOifZGOgGaL4G6CTXJunSoU48ovg0AOks6OPb7DSU9ocLTj6q0qNuPvy4yrsKWS+ZsrywLW5qp3OGfE7wmAWj5AGxNUiUaLAFKhriVV541v57OVw322dDuxQ3YE0P5dkKKBc9Xy3Su7PoDkR029fbQFvSlIsUtrICNGKvMtrTIm8V0EQHZnV7Y44+MMJMRxCMrulHJFmtaKE5uPaRz+eVVsbEOl1jfUA/BQ1WyU52Ol3gvm34kwBStQcnqhKC2CP/5ILVhf+Omylw+mcs58vKbc0Tw6dwFEDaTQlkYHLFZij+Y24HGyr slagun@MacLagun2.local
+ psiwczak:
+ key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDFSHwjVOBC3nVVytH3DAaWEcfrca/cnurIn9K2elf8wn2PSet7q1OddfVTAtYdiG8pai9BX3uHswEu+TinAfgPoEnvKR4wSgk4hVf/W9eCf7xOn1X0fdSnfogQEjdP54Qk+mOmrh1vChcOL/NdBNNxJC6LGHRslVfcGu5ULaasT7EGzItMjUl8hKbbsM8tFX1IW7uRm3fZu4/HiMMaMnm+cPwH9LUB+cOaLEain5WNo0j0OKtpF6Kp53fpqCS6v4z/+wMgx0V2BMMrSla6cq4mL7iLvtufkO467j2ksa9sG8/ADD6Wh89hxkKGqF3yDm+olywNEo+WwTRfZf6Py5Uv
diff --git a/openssh/server/team/l1_support.yml b/openssh/server/team/l1_support.yml
index f25149a..266bd15 100644
--- a/openssh/server/team/l1_support.yml
+++ b/openssh/server/team/l1_support.yml
@@ -38,11 +38,19 @@
L1_SUPPORT_SALT_TRUSTED: ${_param:sudo_salt_trusted}
L1_SUPPORT_RESTRICTED_SHELLS: ${_param:sudo_shells}
L1_SUPPORT_RESTRICTED: ${_param:sudo_restricted_su}
+ L1_SUPPORT_NETWORKING: ${_param:sudo_networking}
+ L1_SUPPORT_CONTRAIL: ${_param:sudo_contrail_utilities}
+ L1_SUPPORT_STORAGE: ${_param:sudo_storage_utilities}
+ L1_SUPPORT_OPENSTACK_CLIENTS: ${_param:sudo_openstack_clients}
groups:
support:
commands:
- L1_SUPPORT_SALT
- L1_SUPPORT_COREUTILS
- L1_SUPPORT_RABBITMQ
+ - L1_SUPPORT_NETWORKING
+ - L1_SUPPORT_CONTRAIL
+ - L1_SUPPORT_STORAGE
+ - L1_SUPPORT_OPENSTACK_CLIENTS
- '!L1_SUPPORT_RESTRICTED_SHELLS'
- '!L1_SUPPORT_RESTRICTED'
diff --git a/openssh/server/team/stacklight.yml b/openssh/server/team/stacklight.yml
index ac7fd25..a35e450 100644
--- a/openssh/server/team/stacklight.yml
+++ b/openssh/server/team/stacklight.yml
@@ -79,6 +79,13 @@
full_name: Ildar Svetlov
home: /home/isvetlov
email: isvetlov@mirantis.com
+ akholkin:
+ enabled: true
+ name: akholkin
+ sudo: true
+ full_name: Aleksandr Kholkin
+ home: /home/akholkin
+ email: akholkin@mirantis.com
openssh:
client:
enabled: true
@@ -140,6 +147,11 @@
public_keys:
- ${public_keys:isvetlov}
user: ${linux:system:user:isvetlov}
+ akholkin:
+ enable: true
+ public_keys:
+ - ${public_keys:akholkin}
+ user: ${linux:system:user:akholkin}
public_keys:
newt:
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3odU+3V2uDA2ptAFL9hrJRPNEEdAyztWOZFQ5Oyd9oerTGOU3p4xmrgWWjfKFKbYGhiiIUcYAol5PkTfKukGEkkjCHYA1t023soCaaAj85wCZCnw2zQNAziwxTYmAzTqgxiSvtZNMMrtJvFHRIRDzJ3M1lV0prWNWkMM1/3FAd4W49y6VT3fkMCo8uqG7CfGdgR2DgBCxf9KaNPfW5eDEPOgmE5lK8tVSEI6T+Cg7hbcTf4lFYnlFBnlQgp/0JstsM4Vbwb4B34LOpOsf2S8rrWk2xQMjwaMHXkc2s/E8iW3F5nVFuyEXYISFQIiAHw8dzC6CHgLcyHUVWwznKawZ newt@newt-dev1
@@ -163,3 +175,5 @@
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDLTkl8X9HIJxruAHkmGNQTovy7DCr256pH68xh2DHWinPKUW4ccsCBbqJeF56aEA41OKJlEVOYzD3gQJkDAAbDdy9BlI14oEtzmk3yAtgBwwUzUNMq7oCPrbt4xNg5U26JSb26j69r5vQ4vXA2hf0bCQ68vb3VDqMMaMbneI3rP3qSaq7dauR8sEjx1XAtNen5SygLE46k0pCObJmahGkg39HisoJ/gkjoi/xvQn1JzrYSxWObrBfUbtQN3JbCRozSp/0Env0hMbXj7cS3J/uY68zAWc7GAEFKSmPAol4d/93sRknFUSQKqZjsDaLfiGLte/7oFwLquaz6AJw+mwP ityaptin@ityaptin.local
isvetlov:
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDflz5rJEC6+yKOteNG2uzObQCtV/c/Rnu9Aku1AJWLMMlouID7RaCUrP642xH2z11kZE+sZk/4c3515M5SPQFVKhjGceftbnI9I7DI1KF4OJwMCSfmACDHM3bJcld8eiKTRBxtk32i6YPdNi6m9unHvPultTIBJCxRP/KVyxOOnQparsSSBhBj2t3Kis+3dnDZNBUJJDWyo69FD0RvAOaWZdogwes0nCl+3JJSNWsATqyS+bi4ojqJimHFKiW2sz8qMX3cMzu9uTx1OWvJWJRgOV5/tPsuuNVt75zPAOsfJnIqQJtpkdZAb4SYK+0jLFcLvB6GBgXY3aHk9nHu9MHr isvetlov@ubuntu
+ akholkin:
+ key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDjpy9RI6iEDH/04eOOwreDa+R32USZiWxyFiKHa8zoDAlOfwaZVg6mZWepOxzwxCJPYusPGXCwQ6Zw9tHxVWOCgtzzPpsCCfhUU4v+99Wh08//W8d/s/WFka+5vqyskAO5Z8Ekk+kQU+jpUBG8/gMxAPBjj0fFc5BNeqDY9r9nmMNK6N2RVjvA6wZ8G5hLGxL9bn5Prhf/+avui1NAfy6gsT/mRt1W+eHWTvpijyNGm+m83jU34dQO6gE48n6WdSylLh/fY/p31rzAURaq1V/AZhdbSuZ8aJYDnfHevpK5+hMjoOop3v3hb7WHEmybGujQfW5HVaaWmG7SFlHeKGE/gZ2P9T+bQ+SgO+PmEAw4LayiBkzTPAHdZ2UGZe+3BI5gdM/ayovK2WVO1jS5FNlNGIvEQW+ws9V+ph+S1jL4jobDJEjs358iXrAYpf4JL+LvxFHiuj6EL51tbo8EU22z5mmgRQQ5eFrDzBuVLhcim651A3a5iSlmCeAQ5rTmHX/Op/PbK+3vAtI8vnlK4AhycLvWQ3kK2DRx+Uhzrlk5v6E14SopAhvpGOHqrLgmoHwHp1xt/9M1JgxkOUK5gccFKTQduxLHoTNBaNcP60IOG/MjqUPcOXSBcAN4Y1RDBg+pwXe4PFgOzwKdFoYeuhvtm8y185S0IvvfCHLCD8pNfQ== akholkin@mirantis.com
diff --git a/postgresql/client/security_monkey.yml b/postgresql/client/security_monkey.yml
index 65f1de2..428753d 100644
--- a/postgresql/client/security_monkey.yml
+++ b/postgresql/client/security_monkey.yml
@@ -24,3 +24,9 @@
host: ${_param:secmonkey_db_host}
createdb: true
rights: all privileges
+ init:
+ maintenance_db: pushkin
+ force: true
+ queries:
+ - INSERT INTO login VALUES (11, 1) ON CONFLICT (id) DO UPDATE SET id = excluded.id;
+ - INSERT INTO device VALUES (1, 11, 42, 'security_audit_service', NULL, 1, NULL) ON CONFLICT (id) DO UPDATE SET id = excluded.id;