Merge "[ovn] Open nb/sb remote ports"
diff --git a/.releasenotes/notes/dop-proxy-2427ec3814c4b467.yaml b/.releasenotes/notes/dop-proxy-2427ec3814c4b467.yaml
new file mode 100644
index 0000000..9ce4d3b
--- /dev/null
+++ b/.releasenotes/notes/dop-proxy-2427ec3814c4b467.yaml
@@ -0,0 +1,15 @@
+---
+prelude: >
+ Default proxy configuration for Devops Portal Dasboard and Rundeck Service added
+features:
+ - |
+ In case of using OSS through proxy configurations,
+ need to define following classes for proxy nodes on cluster level 'cluster_name/stacklight/proxy.yml' or 'cluster_name/openstack/proxy.yml':
+
+ .. code-block:: yaml
+ - system.nginx.server.proxy.oss.devops_portal
+ - system.nginx.server.proxy.oss.rundeck
+
+fixes:
+ - |
+ https://mirantis.jira.com/browse/PROD-14376
diff --git a/.releasenotes/notes/prometheus-2.0-2a7b3bc4ad76e118.yaml b/.releasenotes/notes/prometheus-2.0-2a7b3bc4ad76e118.yaml
new file mode 100644
index 0000000..af017f5
--- /dev/null
+++ b/.releasenotes/notes/prometheus-2.0-2a7b3bc4ad76e118.yaml
@@ -0,0 +1,48 @@
+---
+summary: >
+ Updated the StackLight components to newer versions
+
+upgrade:
+ - |
+ Updated the following StackLight components:
+
+ - Prometheus server to version 2.0.0
+ - Alertmanager to version 0.11.0
+ - Pushgateway to version 0.4.0
+
+ .. important::
+
+ The new version of Prometheus is not backward compatible
+ with previous versions. Therefore, you must upgrade the
+ monitoring stack as described in the MCP Operations Guide.
+
+ To continue using Prometheus v1.7, add the following snippet
+ to the Reclass model of your MCP deployment. However, Mirantis
+ recommends that you update your monitoring stack to obtain new
+ features such as performance improvements.
+
+
+ .. code-block:: yaml
+
+ _param:
+ docker_image_alertmanager: docker-prod-virtual.docker.mirantis.net/openstack-docker/alertmanager:20171222124606
+ docker_image_pushgateway: docker-prod-virtual.docker.mirantis.net/openstack-docker/pushgateway:20171222124606
+ docker_image_prometheus: docker-prod-virtual.docker.mirantis.net/openstack-docker/prometheus:20171222124606
+ docker_image_remote_storage_adapter: docker-prod-virtual.docker.mirantis.net/openstack-docker/remote_storage_adapter:20171222124606
+ docker:
+ client:
+ stack:
+ monitoring:
+ service:
+ server:
+ environment:
+ PROMETHEUS_STORAGE_LOCAL_ENGINE: persisted
+ PROMETHEUS_STORAGE_LOCAL_TARGET_HEAP_SIZE: 3221225472
+ PROMETHEUS_STORAGE_LOCAL_NUM_FINGERPRINT_MUTEXES: 4096
+
+ prometheus:
+ server:
+ version: 1.7
+
+
+ .. TODO: Add a link to the upgrade procedure.
diff --git a/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/cassandra.yml b/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/cassandra.yml
index ce120b5..5afbf77 100644
--- a/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/cassandra.yml
+++ b/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/cassandra.yml
@@ -20,4 +20,4 @@
publisher:
component: ${_param:mirror_mirantis_openstack_xenial_cassandra_components}
distributions:
- - ubuntu-xenial/cassandra/${_param:apt_mk_version}/
\ No newline at end of file
+ - ubuntu-xenial/cassandra/${_param:apt_mk_version}
\ No newline at end of file
diff --git a/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/ceph.yml b/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/ceph.yml
index d58dd96..a0b1293 100644
--- a/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/ceph.yml
+++ b/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/ceph.yml
@@ -20,4 +20,4 @@
publisher:
component: ${_param:mirror_mirantis_openstack_xenial_ceph_components}
distributions:
- - ubuntu-xenial/ceph/${_param:apt_mk_version}/
\ No newline at end of file
+ - ubuntu-xenial/ceph/${_param:apt_mk_version}
\ No newline at end of file
diff --git a/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/docker-legacy.yml b/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/docker-legacy.yml
new file mode 100644
index 0000000..c71c543
--- /dev/null
+++ b/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/docker-legacy.yml
@@ -0,0 +1,23 @@
+parameters:
+ _param:
+ apt_mk_version: stable
+ mirror_mirantis_openstack_xenial_docker_legacy_source: http://apt.mirantis.com/xenial/docker/
+ mirror_mirantis_openstack_xenial_docker_legacy_distribution: ${_param:apt_mk_version}
+ mirror_mirantis_openstack_xenial_docker_legacy_components: legacy
+ mirror_mirantis_openstack_xenial_docker_legacy_key_url: "http://apt.mirantis.com/public.gpg"
+ mirror_mirantis_openstack_xenial_docker_legacy_gpgkeys:
+ - A76882D3
+ aptly:
+ server:
+ mirror:
+ mirantis_openstack_xenial_docker_legacy:
+ source: ${_param:mirror_mirantis_openstack_xenial_docker_legacy_source}
+ distribution: ${_param:mirror_mirantis_openstack_xenial_docker_legacy_distribution}
+ components: ${_param:mirror_mirantis_openstack_xenial_docker_legacy_components}
+ architectures: amd64
+ key_url: ${_param:mirror_mirantis_openstack_xenial_docker_legacy_key_url}
+ gpgkeys: ${_param:mirror_mirantis_openstack_xenial_docker_legacy_gpgkeys}
+ publisher:
+ component: ${_param:mirror_mirantis_openstack_xenial_docker_legacy_components}
+ distributions:
+ - ubuntu-xenial/docker/${_param:apt_mk_version}
\ No newline at end of file
diff --git a/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/elastic.yml b/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/elastic.yml
deleted file mode 100644
index b4946e1..0000000
--- a/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/elastic.yml
+++ /dev/null
@@ -1,23 +0,0 @@
-parameters:
- _param:
- apt_mk_version: stable
- mirror_mirantis_openstack_xenial_elastic_source: http://apt.mirantis.com/xenial/elastic/2.x/
- mirror_mirantis_openstack_xenial_elastic_distribution: ${_param:apt_mk_version}
- mirror_mirantis_openstack_xenial_elastic_components: main
- mirror_mirantis_openstack_xenial_elastic_key_url: "http://apt.mirantis.com/public.gpg"
- mirror_mirantis_openstack_xenial_elastic_gpgkeys:
- - A76882D3
- aptly:
- server:
- mirror:
- mirantis_openstack_xenial_elastic:
- source: ${_param:mirror_mirantis_openstack_xenial_elastic_source}
- distribution: ${_param:mirror_mirantis_openstack_xenial_elastic_distribution}
- components: ${_param:mirror_mirantis_openstack_xenial_elastic_components}
- architectures: amd64
- key_url: ${_param:mirror_mirantis_openstack_xenial_elastic_key_url}
- gpgkeys: ${_param:mirror_mirantis_openstack_xenial_elastic_gpgkeys}
- publisher:
- component: ${_param:mirror_mirantis_openstack_xenial_elastic_components}
- distributions:
- - ubuntu-xenial/elastic/2.x/${_param:apt_mk_version}
\ No newline at end of file
diff --git a/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/elastic/2x.yml b/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/elastic/2x.yml
new file mode 100644
index 0000000..6b1c006
--- /dev/null
+++ b/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/elastic/2x.yml
@@ -0,0 +1,23 @@
+parameters:
+ _param:
+ apt_mk_version: stable
+ mirror_mirantis_openstack_xenial_elastic_2x_source: http://apt.mirantis.com/xenial/elastic/2.x/
+ mirror_mirantis_openstack_xenial_elastic_2x_distribution: ${_param:apt_mk_version}
+ mirror_mirantis_openstack_xenial_elastic_2x_components: main
+ mirror_mirantis_openstack_xenial_elastic_2x_key_url: "http://apt.mirantis.com/public.gpg"
+ mirror_mirantis_openstack_xenial_elastic_2x_gpgkeys:
+ - A76882D3
+ aptly:
+ server:
+ mirror:
+ mirantis_openstack_xenial_elastic_2x:
+ source: ${_param:mirror_mirantis_openstack_xenial_elastic_2x_source}
+ distribution: ${_param:mirror_mirantis_openstack_xenial_elastic_2x_distribution}
+ components: ${_param:mirror_mirantis_openstack_xenial_elastic_2x_components}
+ architectures: amd64
+ key_url: ${_param:mirror_mirantis_openstack_xenial_elastic_2x_key_url}
+ gpgkeys: ${_param:mirror_mirantis_openstack_xenial_elastic_2x_gpgkeys}
+ publisher:
+ component: ${_param:mirror_mirantis_openstack_xenial_elastic_2x_components}
+ distributions:
+ - ubuntu-xenial/elastic/2.x/${_param:apt_mk_version}
\ No newline at end of file
diff --git a/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/elastic/5x.yml b/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/elastic/5x.yml
new file mode 100644
index 0000000..d7e92c6
--- /dev/null
+++ b/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/elastic/5x.yml
@@ -0,0 +1,23 @@
+parameters:
+ _param:
+ apt_mk_version: stable
+ mirror_mirantis_openstack_xenial_elastic_5x_source: http://apt.mirantis.com/xenial/elastic/5.x/
+ mirror_mirantis_openstack_xenial_elastic_5x_distribution: ${_param:apt_mk_version}
+ mirror_mirantis_openstack_xenial_elastic_5x_components: main
+ mirror_mirantis_openstack_xenial_elastic_5x_key_url: "http://apt.mirantis.com/public.gpg"
+ mirror_mirantis_openstack_xenial_elastic_5x_gpgkeys:
+ - A76882D3
+ aptly:
+ server:
+ mirror:
+ mirantis_openstack_xenial_elastic_5x:
+ source: ${_param:mirror_mirantis_openstack_xenial_elastic_5x_source}
+ distribution: ${_param:mirror_mirantis_openstack_xenial_elastic_5x_distribution}
+ components: ${_param:mirror_mirantis_openstack_xenial_elastic_5x_components}
+ architectures: amd64
+ key_url: ${_param:mirror_mirantis_openstack_xenial_elastic_5x_key_url}
+ gpgkeys: ${_param:mirror_mirantis_openstack_xenial_elastic_5x_gpgkeys}
+ publisher:
+ component: ${_param:mirror_mirantis_openstack_xenial_elastic_5x_components}
+ distributions:
+ - ubuntu-xenial/elastic/5.x/${_param:apt_mk_version}
diff --git a/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/elastic/init.yml b/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/elastic/init.yml
new file mode 100644
index 0000000..f214330
--- /dev/null
+++ b/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/elastic/init.yml
@@ -0,0 +1,3 @@
+classes:
+- system.aptly.server.mirror.ubuntu.xenial.mcp.apt_mk.elastic.2x
+- system.aptly.server.mirror.ubuntu.xenial.mcp.apt_mk.elastic.5x
\ No newline at end of file
diff --git a/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/glusterfs.yml b/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/glusterfs.yml
index 9b6fe2a..cfec221 100644
--- a/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/glusterfs.yml
+++ b/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/glusterfs.yml
@@ -3,7 +3,7 @@
apt_mk_version: stable
mirror_mirantis_openstack_xenial_glusterfs_source: http://apt.mirantis.com/xenial/glusterfs/
mirror_mirantis_openstack_xenial_glusterfs_distribution: ${_param:apt_mk_version}
- mirror_mirantis_openstack_xenial_glusterfs_components: "3.12"
+ mirror_mirantis_openstack_xenial_glusterfs_components: '"3.12"'
mirror_mirantis_openstack_xenial_glusterfs_key_url: "http://apt.mirantis.com/public.gpg"
mirror_mirantis_openstack_xenial_glusterfs_gpgkeys:
- A76882D3
diff --git a/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/kibana.yml b/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/kibana.yml
deleted file mode 100644
index 40df719..0000000
--- a/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/kibana.yml
+++ /dev/null
@@ -1,23 +0,0 @@
-parameters:
- _param:
- apt_mk_version: stable
- mirror_mirantis_openstack_xenial_kibana_source: http://apt.mirantis.com/xenial/kibana/4.6/
- mirror_mirantis_openstack_xenial_kibana_distribution: ${_param:apt_mk_version}
- mirror_mirantis_openstack_xenial_kibana_components: "kibana-46"
- mirror_mirantis_openstack_xenial_kibana_key_url: "http://apt.mirantis.com/public.gpg"
- mirror_mirantis_openstack_xenial_kibana_gpgkeys:
- - A76882D3
- aptly:
- server:
- mirror:
- mirantis_openstack_xenial_kibana:
- source: ${_param:mirror_mirantis_openstack_xenial_kibana_source}
- distribution: ${_param:mirror_mirantis_openstack_xenial_kibana_distribution}
- components: ${_param:mirror_mirantis_openstack_xenial_kibana_components}
- architectures: amd64
- key_url: ${_param:mirror_mirantis_openstack_xenial_kibana_key_url}
- gpgkeys: ${_param:mirror_mirantis_openstack_xenial_kibana_gpgkeys}
- publisher:
- component: ${_param:mirror_mirantis_openstack_xenial_kibana_components}
- distributions:
- - ubuntu-xenial/kibana/4.6/${_param:apt_mk_version}
\ No newline at end of file
diff --git a/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/kibana/46.yml b/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/kibana/46.yml
new file mode 100644
index 0000000..815185b
--- /dev/null
+++ b/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/kibana/46.yml
@@ -0,0 +1,23 @@
+parameters:
+ _param:
+ apt_mk_version: stable
+ mirror_mirantis_openstack_xenial_kibana_46_source: http://apt.mirantis.com/xenial/kibana/4.6/
+ mirror_mirantis_openstack_xenial_kibana_46_distribution: ${_param:apt_mk_version}
+ mirror_mirantis_openstack_xenial_kibana_46_components: "kibana-46"
+ mirror_mirantis_openstack_xenial_kibana_46_key_url: "http://apt.mirantis.com/public.gpg"
+ mirror_mirantis_openstack_xenial_kibana_46_gpgkeys:
+ - A76882D3
+ aptly:
+ server:
+ mirror:
+ mirantis_openstack_xenial_kibana_46:
+ source: ${_param:mirror_mirantis_openstack_xenial_kibana_46_source}
+ distribution: ${_param:mirror_mirantis_openstack_xenial_kibana_46_distribution}
+ components: ${_param:mirror_mirantis_openstack_xenial_kibana_46_components}
+ architectures: amd64
+ key_url: ${_param:mirror_mirantis_openstack_xenial_kibana_46_key_url}
+ gpgkeys: ${_param:mirror_mirantis_openstack_xenial_kibana_46_gpgkeys}
+ publisher:
+ component: ${_param:mirror_mirantis_openstack_xenial_kibana_46_components}
+ distributions:
+ - ubuntu-xenial/kibana/4.6/${_param:apt_mk_version}
\ No newline at end of file
diff --git a/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/kibana/5x.yml b/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/kibana/5x.yml
new file mode 100644
index 0000000..c1b061e
--- /dev/null
+++ b/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/kibana/5x.yml
@@ -0,0 +1,23 @@
+parameters:
+ _param:
+ apt_mk_version: stable
+ mirror_mirantis_openstack_xenial_kibana_5x_source: http://apt.mirantis.com/xenial/kibana/5.x/
+ mirror_mirantis_openstack_xenial_kibana_5x_distribution: ${_param:apt_mk_version}
+ mirror_mirantis_openstack_xenial_kibana_5x_components: "kibana-5x"
+ mirror_mirantis_openstack_xenial_kibana_5x_key_url: "http://apt.mirantis.com/public.gpg"
+ mirror_mirantis_openstack_xenial_kibana_5x_gpgkeys:
+ - A76882D3
+ aptly:
+ server:
+ mirror:
+ mirantis_openstack_xenial_kibana_5x:
+ source: ${_param:mirror_mirantis_openstack_xenial_kibana_5x_source}
+ distribution: ${_param:mirror_mirantis_openstack_xenial_kibana_5x_distribution}
+ components: ${_param:mirror_mirantis_openstack_xenial_kibana_5x_components}
+ architectures: amd64
+ key_url: ${_param:mirror_mirantis_openstack_xenial_kibana_5x_key_url}
+ gpgkeys: ${_param:mirror_mirantis_openstack_xenial_kibana_5x_gpgkeys}
+ publisher:
+ component: ${_param:mirror_mirantis_openstack_xenial_kibana_5x_components}
+ distributions:
+ - ubuntu-xenial/kibana/5.x/${_param:apt_mk_version}
\ No newline at end of file
diff --git a/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/kibana/init.yml b/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/kibana/init.yml
new file mode 100644
index 0000000..dfd93bb
--- /dev/null
+++ b/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/kibana/init.yml
@@ -0,0 +1,3 @@
+classes:
+- system.aptly.server.mirror.ubuntu.xenial.mcp.apt_mk.kibana.46
+- system.aptly.server.mirror.ubuntu.xenial.mcp.apt_mk.kibana.5x
\ No newline at end of file
diff --git a/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/openstack/pike.yml b/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/openstack/pike.yml
new file mode 100644
index 0000000..971e8fa
--- /dev/null
+++ b/aptly/server/mirror/ubuntu/xenial/mcp/apt_mk/openstack/pike.yml
@@ -0,0 +1,25 @@
+parameters:
+ _param:
+ apt_mk_version: stable
+
+ mirror_mirantis_openstack_pike_xenial_source: http://apt.mirantis.com/xenial/openstack/pike/
+ mirror_mirantis_openstack_pike_xenial_distribution: ${_param:apt_mk_version}
+ mirror_mirantis_openstack_pike_xenial_components: main
+ mirror_mirantis_openstack_pike_xenial_key_url: "http://apt.mirantis.com/public.gpg"
+ mirror_mirantis_openstack_pike_xenial_gpgkeys:
+ - A76882D3
+ aptly:
+ server:
+ mirror:
+ mirantis_openstack_pike_xenial:
+ source: ${_param:mirror_mirantis_openstack_pike_xenial_source}
+ distribution: ${_param:mirror_mirantis_openstack_pike_xenial_distribution}
+ components: ${_param:mirror_mirantis_openstack_pike_xenial_components}
+ architectures: amd64
+ key_url: ${_param:mirror_mirantis_openstack_pike_xenial_key_url}
+ gpgkeys: ${_param:mirror_mirantis_openstack_pike_xenial_gpgkeys}
+ publisher:
+ component: main
+ distributions:
+ - ubuntu-xenial/openstack/pike/${_param:apt_mk_version}
+
diff --git a/docker/client/compose/service/jenkins.yml b/docker/client/compose/service/jenkins.yml
index b2f4213..7db9da5 100644
--- a/docker/client/compose/service/jenkins.yml
+++ b/docker/client/compose/service/jenkins.yml
@@ -2,7 +2,7 @@
- system.docker.client.compose
parameters:
_param:
- docker_image_jenkins: tcpcloud/jenkins:2.93
+ docker_image_jenkins: tcpcloud/jenkins:2.100
jenkins_master_extra_opts: ""
jenkins_master_executors_num: 4
jenkins_master_max_concurent_requests: 40
diff --git a/docker/swarm/stack/janitor_monkey.yml b/docker/swarm/stack/janitor_monkey.yml
index 1152841..2849554 100644
--- a/docker/swarm/stack/janitor_monkey.yml
+++ b/docker/swarm/stack/janitor_monkey.yml
@@ -32,10 +32,11 @@
auth_url: http://yourcloud.com:5000/v3/auth/tokens
username: admin
password: password
- ssl_verify: False
endpoint_type: public
- source_credentials: /srv/volumes/rundeck/storage/content/cis/openstack
- service_credentials: /opt/os_creds
+ ssl_verify: False
+ source_credentials_dir: /srv/volumes/rundeck/storage
+ destination_credentials_dir: /opt/os_creds
+ cacert_path: ${_param:janitor_monkey_openstack:destination_credentials_dir}/content/keys/cis/openstack/cert.pem
docker:
client:
stack:
@@ -63,7 +64,7 @@
simianarmy.client.cloudfire.domain: ${_param:janitor_monkey_openstack:project_domain_name}
simianarmy.client.cloudfire.project: ${_param:janitor_monkey_openstack:project_name}
simianarmy.client.cloudfire.SSLVerify: ${_param:janitor_monkey_openstack:ssl_verify}
- simianarmy.client.cloudfire.cafile: ${_param:janitor_monkey_openstack:service_credentials}/cert.pem
+ simianarmy.client.cloudfire.cafile: ${_param:janitor_monkey_openstack:cacert_path}
simianarmy.janitor.rule.stoppedInstanceRule.instanceAgeThreshold: ${_param:janitor_monkey_instance_age_threshold}
simianarmy.janitor.notification.oss.url: ${_param:janitor_monkey_notification_oss_url}
simianarmy.janitor.notification.oss.login_id: ${_param:janitor_monkey_notification_oss_login_id}
@@ -88,7 +89,7 @@
ports:
- ${_param:haproxy_janitor_monkey_exposed_port}:${_param:janitor_monkey_bind_port}
volumes:
- - ${_param:janitor_monkey_openstack:source_credentials}:${_param:janitor_monkey_openstack:service_credentials}:ro
+ - ${_param:janitor_monkey_openstack:source_credentials_dir}:${_param:janitor_monkey_openstack:destination_credentials_dir}:ro
network:
default:
external:
diff --git a/docker/swarm/stack/jenkins/master.yml b/docker/swarm/stack/jenkins/master.yml
index 73a4b30..d08bf71 100644
--- a/docker/swarm/stack/jenkins/master.yml
+++ b/docker/swarm/stack/jenkins/master.yml
@@ -2,7 +2,7 @@
- system.docker
parameters:
_param:
- docker_image_jenkins: tcpcloud/jenkins:2.93
+ docker_image_jenkins: tcpcloud/jenkins:2.100
jenkins_master_extra_opts: ""
jenkins_master_executors_num: 4
jenkins_master_max_concurent_requests: 40
diff --git a/docker/swarm/stack/monitoring/init.yml b/docker/swarm/stack/monitoring/init.yml
index 6efe125..925a10a 100644
--- a/docker/swarm/stack/monitoring/init.yml
+++ b/docker/swarm/stack/monitoring/init.yml
@@ -116,8 +116,5 @@
PROMETHEUS_DATA_DIR: ${_param:prometheus_server_data_directory}
PROMETHEUS_BIND_PORT: ${prometheus:server:bind:port}
PROMETHEUS_BIND_ADDRESS: ${prometheus:server:bind:address}
- PROMETHEUS_STORAGE_LOCAL_ENGINE: ${prometheus:server:storage:local:engine}
PROMETHEUS_STORAGE_LOCAL_RETENTION: ${prometheus:server:storage:local:retention}
- PROMETHEUS_STORAGE_LOCAL_TARGET_HEAP_SIZE: ${prometheus:server:storage:local:target_heap_size}
- PROMETHEUS_STORAGE_LOCAL_NUM_FINGERPRINT_MUTEXES: ${prometheus:server:storage:local:num_fingerprint_mutexes}
PROMETHEUS_EXTERNAL_URL: "http://${_param:stacklight_monitor_address}:15010"
diff --git a/docker/swarm/stack/rundeck.yml b/docker/swarm/stack/rundeck.yml
index 8ab0554..88693be 100644
--- a/docker/swarm/stack/rundeck.yml
+++ b/docker/swarm/stack/rundeck.yml
@@ -25,6 +25,7 @@
- /srv/volumes/rundeck/etc/realm.properties:/etc/rundeck/realm.properties
- /srv/volumes/rundeck/etc/rundeck-config.properties:/etc/rundeck/rundeck-config.properties
- /srv/volumes/rundeck/rundeck:/var/rundeck
+ - /srv/volumes/rundeck/data:/var/lib/rundeck/data
- /srv/volumes/rundeck/log:/var/log/rundeck
- /srv/volumes/rundeck/logs:/var/lib/rundeck/logs
- /srv/volumes/rundeck/plugins:/opt/rundeck-plugins
diff --git a/docker/swarm/stack/security_monkey.yml b/docker/swarm/stack/security_monkey.yml
index 3b9c272..2f844c0 100644
--- a/docker/swarm/stack/security_monkey.yml
+++ b/docker/swarm/stack/security_monkey.yml
@@ -30,10 +30,11 @@
project_domain_name: Default
project_name: admin
user_domain_name: Default
- source_credentials: /srv/volumes/rundeck/storage/content/cis/openstack
- service_credentials: /opt/os_creds
endpoint_type: public
ssl_verify: False
+ source_credentials_dir: /srv/volumes/rundeck/storage
+ destination_credentials_dir: /opt/os_creds
+ cacert_path: ${_param:security_monkey_openstack:destination_credentials_dir}/content/keys/cis/openstack/cert.pem
docker:
client:
stack:
@@ -62,7 +63,7 @@
OS_PROJECT_NAME: ${_param:security_monkey_openstack:project_name}
OS_SSL_VERIFY: ${_param:security_monkey_openstack:ssl_verify}
OS_ENDPOINT_TYPE: ${_param:security_monkey_openstack:endpoint_type}
- CACERT_PATH: ${_param:security_monkey_openstack:service_credentials}/cert.pem
+ CACERT_PATH: ${_param:security_monkey_openstack:cacert_path}
USER_DOMAIN_NAME: ${_param:security_monkey_openstack:user_domain_name}
SM_WTF_CSRF_ENABLED: ${_param:devops_portal_sm_wtf_csrf_enabled}
SECURITY_MONKEY_SYNC_INTERVAL: ${_param:security_monkey_sync_interval}
@@ -79,7 +80,7 @@
- ${_param:haproxy_security_monkey_exposed_port}:${_param:haproxy_security_monkey_bind_port}
volumes:
- /srv/volumes/security_monkey/logs:/var/log/security_monkey/logs
- - ${_param:security_monkey_openstack:source_credentials}:${_param:security_monkey_openstack:service_credentials}:ro
+ - ${_param:security_monkey_openstack:source_credentials_dir}:${_param:security_monkey_openstack:destination_credentials_dir}:ro
security-audit-scheduler:
image: ${_param:docker_image_security_monkey_scheduler}
deploy:
@@ -88,7 +89,7 @@
condition: any
volumes:
- /srv/volumes/security_monkey/logs:/var/log/security_monkey/logs
- - ${_param:security_monkey_openstack:source_credentials}:${_param:security_monkey_openstack:service_credentials}:ro
+ - ${_param:security_monkey_openstack:source_credentials_dir}:${_param:security_monkey_openstack:destination_credentials_dir}:ro
network:
default:
external:
diff --git a/elasticsearch/client/index/janitor_monkey.yml b/elasticsearch/client/index/cis_openstack.yml
similarity index 92%
rename from elasticsearch/client/index/janitor_monkey.yml
rename to elasticsearch/client/index/cis_openstack.yml
index bef92ae..3136f73 100644
--- a/elasticsearch/client/index/janitor_monkey.yml
+++ b/elasticsearch/client/index/cis_openstack.yml
@@ -7,9 +7,9 @@
index:
cis-openstack:
enabled: true
- force_operation: true
+ force_operation: false
definition:
template: cis-openstack
settings:
number_of_shards: ${_param:janitor_monkey_cis_openstack_shards}
- number_of_replicas: ${_param:janitor_monkey_cis_openstack_replicas}
\ No newline at end of file
+ number_of_replicas: ${_param:janitor_monkey_cis_openstack_replicas}
diff --git a/elasticsearch/client/index/pushkin.yml b/elasticsearch/client/index/pushkin.yml
index 1d17c77..668a770 100644
--- a/elasticsearch/client/index/pushkin.yml
+++ b/elasticsearch/client/index/pushkin.yml
@@ -7,7 +7,7 @@
index:
notifications:
enabled: true
- force_operation: true
+ force_operation: false
definition:
template: notifications
settings:
@@ -39,4 +39,4 @@
fields:
keyword:
type: keyword
- ignore_above: 256
\ No newline at end of file
+ ignore_above: 256
diff --git a/fluentd/init.yml b/fluentd/init.yml
new file mode 100644
index 0000000..ebf469a
--- /dev/null
+++ b/fluentd/init.yml
@@ -0,0 +1,6 @@
+classes:
+- service.fluentd.agent.single
+- system
+parameters:
+ fluentd:
+ dollar: ${_param:dollarsign}
diff --git a/fluentd/label/default_metric/init.yml b/fluentd/label/default_metric/init.yml
new file mode 100644
index 0000000..ef8ecf2
--- /dev/null
+++ b/fluentd/label/default_metric/init.yml
@@ -0,0 +1,20 @@
+parameters:
+ fluentd:
+ agent:
+ config:
+ label:
+ default_metric:
+ filter:
+ add_general_fields:
+ tag: "**"
+ type: record_transformer
+ enable_ruby: true
+ record:
+ - name: environment_label
+ value: ${_param:cluster_domain}
+ - name: Hostname
+ value: ${fluentd:dollar}{ hostname }
+ match:
+ drop_everything:
+ tag: '**'
+ type: 'null'
diff --git a/fluentd/label/default_metric/prometheus.yml b/fluentd/label/default_metric/prometheus.yml
new file mode 100644
index 0000000..9eb3b1b
--- /dev/null
+++ b/fluentd/label/default_metric/prometheus.yml
@@ -0,0 +1,11 @@
+parameters:
+ fluentd:
+ agent:
+ plugin:
+ fluent-plugin-prometheus:
+ gem: ['fluent-plugin-prometheus']
+ config:
+ input:
+ prometheus:
+ metric:
+ type: prometheus
diff --git a/galera/server/database/aodh.yml b/galera/server/database/aodh.yml
index f5095d2..c7cdfdc 100644
--- a/galera/server/database/aodh.yml
+++ b/galera/server/database/aodh.yml
@@ -1,4 +1,6 @@
parameters:
+ _param:
+ mysql_aodh_ssl_option: []
mysql:
server:
database:
@@ -9,7 +11,9 @@
password: ${_param:mysql_aodh_password}
host: '%'
rights: all
+ ssl_option: ${_param:mysql_aodh_ssl_option}
- name: aodh
password: ${_param:mysql_aodh_password}
host: ${_param:cluster_vip_address}
rights: all
+ ssl_option: ${_param:mysql_aodh_ssl_option}
diff --git a/galera/server/database/barbican.yml b/galera/server/database/barbican.yml
index 4759439..a292660 100644
--- a/galera/server/database/barbican.yml
+++ b/galera/server/database/barbican.yml
@@ -1,4 +1,6 @@
parameters:
+ _param:
+ mysql_barbican_ssl_option: []
mysql:
server:
database:
@@ -9,7 +11,9 @@
password: ${_param:mysql_barbican_password}
host: '%'
rights: all
+ ssl_option: ${_param:mysql_barbican_ssl_option}
- name: barbican
password: ${_param:mysql_barbican_password}
host: ${_param:cluster_vip_address}
rights: all
+ ssl_option: ${_param:mysql_barbican_ssl_option}
diff --git a/galera/server/database/ceilometer.yml b/galera/server/database/ceilometer.yml
index b33c8f9..08a7f8b 100644
--- a/galera/server/database/ceilometer.yml
+++ b/galera/server/database/ceilometer.yml
@@ -1,4 +1,6 @@
parameters:
+ _param:
+ mysql_ceilometer_ssl_option: []
mysql:
server:
database:
@@ -9,7 +11,9 @@
password: ${_param:mysql_ceilometer_password}
host: '%'
rights: all
+ ssl_option: ${_param:mysql_ceilometer_ssl_option}
- name: ceilometer
password: ${_param:mysql_ceilometer_password}
host: ${_param:cluster_local_address}
rights: all
+ ssl_option: ${_param:mysql_ceilometer_ssl_option}
diff --git a/galera/server/database/cinder.yml b/galera/server/database/cinder.yml
index 08b6ddb..6478cb8 100644
--- a/galera/server/database/cinder.yml
+++ b/galera/server/database/cinder.yml
@@ -1,4 +1,6 @@
parameters:
+ _param:
+ mysql_cinder_ssl_option: []
mysql:
server:
database:
@@ -9,7 +11,9 @@
password: ${_param:mysql_cinder_password}
host: '%'
rights: all
+ ssl_option: ${_param:mysql_cinder_ssl_option}
- name: cinder
password: ${_param:mysql_cinder_password}
host: ${_param:cluster_local_address}
rights: all
+ ssl_option: ${_param:mysql_cinder_ssl_option}
diff --git a/galera/server/database/designate.yml b/galera/server/database/designate.yml
index 107e3ae..43a76f9 100644
--- a/galera/server/database/designate.yml
+++ b/galera/server/database/designate.yml
@@ -1,4 +1,6 @@
parameters:
+ _param:
+ mysql_designate_ssl_option: []
mysql:
server:
database:
@@ -9,10 +11,12 @@
password: ${_param:mysql_designate_password}
host: '%'
rights: all
+ ssl_option: ${_param:mysql_designate_ssl_option}
- name: designate
password: ${_param:mysql_designate_password}
host: ${_param:cluster_vip_address}
rights: all
+ ssl_option: ${_param:mysql_designate_ssl_option}
designate_pool_manager:
encoding: utf8
users:
@@ -20,7 +24,9 @@
password: ${_param:mysql_designate_password}
host: '%'
rights: all
+ ssl_option: ${_param:mysql_designate_ssl_option}
- name: designate
password: ${_param:mysql_designate_password}
host: ${_param:cluster_vip_address}
rights: all
+ ssl_option: ${_param:mysql_designate_ssl_option}
diff --git a/galera/server/database/glance.yml b/galera/server/database/glance.yml
index 7e5e443..7af81d8 100644
--- a/galera/server/database/glance.yml
+++ b/galera/server/database/glance.yml
@@ -1,4 +1,6 @@
parameters:
+ _param:
+ mysql_glance_ssl_option: []
mysql:
server:
database:
@@ -9,7 +11,9 @@
password: ${_param:mysql_glance_password}
host: '%'
rights: all
+ ssl_option: ${_param:mysql_glance_ssl_option}
- name: glance
password: ${_param:mysql_glance_password}
host: ${_param:cluster_local_address}
rights: all
+ ssl_option: ${_param:mysql_glance_ssl_option}
diff --git a/galera/server/database/grafana.yml b/galera/server/database/grafana.yml
index fa4742e..3bfee87 100644
--- a/galera/server/database/grafana.yml
+++ b/galera/server/database/grafana.yml
@@ -1,4 +1,6 @@
parameters:
+ _param:
+ mysql_grafana_ssl_option: []
mysql:
server:
database:
@@ -9,8 +11,10 @@
password: ${_param:mysql_grafana_password}
host: '%'
rights: all
+ ssl_option: ${_param:mysql_grafana_ssl_option}
- name: grafana
password: ${_param:mysql_grafana_password}
host: ${_param:cluster_local_address}
rights: all
+ ssl_option: ${_param:mysql_grafana_ssl_option}
diff --git a/galera/server/database/graphite.yml b/galera/server/database/graphite.yml
index 8ba6efd..595c16b 100644
--- a/galera/server/database/graphite.yml
+++ b/galera/server/database/graphite.yml
@@ -1,4 +1,6 @@
parameters:
+ _param:
+ mysql_graphite_ssl_option: []
mysql:
server:
database:
@@ -9,3 +11,4 @@
password: '${_param:mysql_graphite_password}'
host: '%'
rights: 'all'
+ ssl_option: ${_param:mysql_graphite_ssl_option}
diff --git a/galera/server/database/heat.yml b/galera/server/database/heat.yml
index 0d716d8..31b3968 100644
--- a/galera/server/database/heat.yml
+++ b/galera/server/database/heat.yml
@@ -1,4 +1,6 @@
parameters:
+ _param:
+ mysql_heat_ssl_option: []
mysql:
server:
database:
@@ -9,7 +11,9 @@
password: ${_param:mysql_heat_password}
host: '%'
rights: all
+ ssl_option: ${_param:mysql_heat_ssl_option}
- name: heat
password: ${_param:mysql_heat_password}
host: ${_param:cluster_local_address}
rights: all
+ ssl_option: ${_param:mysql_heat_ssl_option}
diff --git a/galera/server/database/ironic.yml b/galera/server/database/ironic.yml
index 8cb14a3..a478aeb 100644
--- a/galera/server/database/ironic.yml
+++ b/galera/server/database/ironic.yml
@@ -1,4 +1,6 @@
parameters:
+ _param:
+ mysql_ironic_ssl_option: []
mysql:
server:
database:
@@ -9,7 +11,9 @@
password: ${_param:mysql_ironic_password}
host: '%'
rights: all
+ ssl_option: ${_param:mysql_ironic_ssl_option}
- name: ironic
password: ${_param:mysql_ironic_password}
host: ${_param:cluster_local_address}
rights: all
+ ssl_option: ${_param:mysql_ironic_ssl_option}
diff --git a/galera/server/database/keystone.yml b/galera/server/database/keystone.yml
index fc2c5eb..d6483cd 100644
--- a/galera/server/database/keystone.yml
+++ b/galera/server/database/keystone.yml
@@ -1,4 +1,6 @@
parameters:
+ _param:
+ mysql_keystone_ssl_option: []
mysql:
server:
database:
@@ -9,7 +11,9 @@
password: ${_param:mysql_keystone_password}
host: '%'
rights: all
+ ssl_option: ${_param:mysql_keystone_ssl_option}
- name: keystone
password: ${_param:mysql_keystone_password}
host: ${_param:cluster_local_address}
rights: all
+ ssl_option: ${_param:mysql_keystone_ssl_option}
diff --git a/galera/server/database/neutron.yml b/galera/server/database/neutron.yml
index 58dd012..b5ee606 100644
--- a/galera/server/database/neutron.yml
+++ b/galera/server/database/neutron.yml
@@ -1,4 +1,6 @@
parameters:
+ _param:
+ mysql_neutron_ssl_option: []
mysql:
server:
database:
@@ -9,7 +11,9 @@
password: '${_param:mysql_neutron_password}'
host: '%'
rights: 'all'
+ ssl_option: ${_param:mysql_neutron_ssl_option}
- name: 'neutron'
password: '${_param:mysql_neutron_password}'
host: '${_param:cluster_local_address}'
rights: 'all'
+ ssl_option: ${_param:mysql_neutron_ssl_option}
diff --git a/galera/server/database/nova.yml b/galera/server/database/nova.yml
index 86d4821..d2ffc4a 100644
--- a/galera/server/database/nova.yml
+++ b/galera/server/database/nova.yml
@@ -1,4 +1,6 @@
parameters:
+ _param:
+ mysql_nova_ssl_option: []
mysql:
server:
database:
@@ -9,10 +11,12 @@
password: ${_param:mysql_nova_password}
host: '%'
rights: all
+ ssl_option: ${_param:mysql_nova_ssl_option}
- name: nova
password: ${_param:mysql_nova_password}
host: ${_param:cluster_local_address}
rights: all
+ ssl_option: ${_param:mysql_nova_ssl_option}
nova_api:
encoding: utf8
users:
@@ -20,10 +24,12 @@
password: ${_param:mysql_nova_password}
host: '%'
rights: all
+ ssl_option: ${_param:mysql_nova_ssl_option}
- name: nova
password: ${_param:mysql_nova_password}
host: ${_param:cluster_local_address}
rights: all
+ ssl_option: ${_param:mysql_nova_ssl_option}
nova_cell0:
encoding: utf8
users:
@@ -31,7 +37,9 @@
password: ${_param:mysql_nova_password}
host: '%'
rights: all
+ ssl_option: ${_param:mysql_nova_ssl_option}
- name: nova
password: ${_param:mysql_nova_password}
host: ${_param:cluster_local_address}
rights: all
+ ssl_option: ${_param:mysql_nova_ssl_option}
diff --git a/galera/server/database/octavia.yml b/galera/server/database/octavia.yml
index dfefb9c..7b4eaaf 100644
--- a/galera/server/database/octavia.yml
+++ b/galera/server/database/octavia.yml
@@ -1,4 +1,6 @@
parameters:
+ _param:
+ mysql_octavia_ssl_option: []
mysql:
server:
database:
@@ -9,7 +11,9 @@
password: '${_param:mysql_octavia_password}'
host: '%'
rights: 'all'
+ ssl_option: ${_param:mysql_octavia_ssl_option}
- name: 'octavia'
password: '${_param:mysql_octavia_password}'
host: '${_param:cluster_local_address}'
rights: 'all'
+ ssl_option: ${_param:mysql_octavia_ssl_option}
diff --git a/galera/server/database/panko.yml b/galera/server/database/panko.yml
new file mode 100644
index 0000000..c4c455a
--- /dev/null
+++ b/galera/server/database/panko.yml
@@ -0,0 +1,19 @@
+parameters:
+ _param:
+ mysql_panko_ssl_option: []
+ mysql:
+ server:
+ database:
+ panko:
+ encoding: utf8
+ users:
+ - name: panko
+ password: ${_param:mysql_panko_password}
+ host: '%'
+ rights: all
+ ssl_option: ${_param:mysql_panko_ssl_option}
+ - name: panko
+ password: ${_param:mysql_panko_password}
+ host: ${_param:cluster_local_address}
+ rights: all
+ ssl_option: ${_param:mysql_panko_ssl_option}
diff --git a/gerrit/client/init.yml b/gerrit/client/init.yml
index 5456900..8b097ee 100644
--- a/gerrit/client/init.yml
+++ b/gerrit/client/init.yml
@@ -7,8 +7,6 @@
client:
enabled: True
try_login: ${_param:gerrit_try_login}
- source:
- engine: pip
dir:
git: /srv/volumes/gerrit/git
gerrit_config: /srv/volumes/gerrit/etc/gerrit.config
diff --git a/gerrit/server/single.yml b/gerrit/server/single.yml
index 952e82e..c279f00 100644
--- a/gerrit/server/single.yml
+++ b/gerrit/server/single.yml
@@ -38,6 +38,11 @@
hash: sha256=45786a920a929c6258de6461bcf03ddec8925577bd485905f102ceb6e5e1e47c
# address: https://gerrit-ci.gerritforge.com/job/Gerrit-stable-2.13/20/artifact/buck-out/gen/gerrit.war
# hash: md5=2e17064b8742c4622815593ec496c571
+ receive_timeout: 5min
+ sshd:
+ threads: 64
+ batch_threads: 16
+ max_connections_per_user: 64
database:
engine: postgresql
host: localhost
@@ -45,6 +50,10 @@
name: gerrit
user: gerrit
password: ${_param:postgresql_gerrit_password}
+ pool_limit: 250
+ pool_max_idle: 16
+ change_cleanup:
+ abandon_after: 3months
postgresql:
server:
version: "9.5"
diff --git a/haproxy/proxy/listen/kubernetes/apiserver.yml b/haproxy/proxy/listen/kubernetes/apiserver.yml
index 8dfcb35..950765f 100644
--- a/haproxy/proxy/listen/kubernetes/apiserver.yml
+++ b/haproxy/proxy/listen/kubernetes/apiserver.yml
@@ -4,8 +4,6 @@
listen:
k8s_secure:
type: kubernetes
- options:
- - ssl-hello-chk
binds:
- address: ${_param:cluster_vip_address}
port: 443
@@ -13,15 +11,15 @@
- name: ${_param:cluster_node01_hostname}
host: ${_param:cluster_node01_address}
port: 6443
- params: check
+ params: check check-ssl verify none
- name: ${_param:cluster_node02_hostname}
host: ${_param:cluster_node02_address}
port: 6443
- params: check
+ params: check check-ssl verify none
- name: ${_param:cluster_node03_hostname}
host: ${_param:cluster_node03_address}
port: 6443
- params: check
+ params: check check-ssl verify none
timeout:
server: 10m
client: 10m
diff --git a/helm/analytics_pipeline/hdfs.yml b/helm/analytics_pipeline/hdfs.yml
index 64e0cef..2b1382b 100644
--- a/helm/analytics_pipeline/hdfs.yml
+++ b/helm/analytics_pipeline/hdfs.yml
@@ -1,7 +1,7 @@
parameters:
_param:
analytics_hdfs_release: ${_param:analytics_release_prefix}hdfs
- analytics_hdfs_address: hdfs-namenode-${_param:analytics_hdfs_release}-0.hdfs-namenode-${_param:analytics_hdfs_release}
+ analytics_hdfs_address: hdfs-namenode-${_param:analytics_hdfs_release}-0.hdfs-namenode-${_param:analytics_hdfs_release}:8020
helm:
client:
releases:
diff --git a/helm/analytics_pipeline/kafka.yml b/helm/analytics_pipeline/kafka.yml
index 3c88299..3911bd0 100644
--- a/helm/analytics_pipeline/kafka.yml
+++ b/helm/analytics_pipeline/kafka.yml
@@ -14,4 +14,5 @@
antiAffinity: soft
zookeeper:
deployChart: false
- externalAddress: ${_param:analytics_zookeeper_address}
+ addresses:
+ zookeeper: ${_param:analytics_zookeeper_address}
diff --git a/helm/analytics_pipeline/spark.yml b/helm/analytics_pipeline/spark.yml
index aeb2856..5533df5 100644
--- a/helm/analytics_pipeline/spark.yml
+++ b/helm/analytics_pipeline/spark.yml
@@ -1,7 +1,7 @@
parameters:
_param:
analytics_spark_release: ${_param:analytics_release_prefix}spark
- analytics_spark_address: spark-master-${_param:analytics_spark_release}-0.spark-master-${_param:analytics_spark_release}:7077,spark-master-${_param:analytics_spark_release}-1.spark-master-${_param:analytics_spark_release}:7077
+ analytics_spark_address: spark-master-${_param:analytics_spark_release}-0:7077
helm:
client:
releases:
@@ -17,4 +17,5 @@
replicas: 3
zookeeper:
deployChart: false
- externalAddress: ${_param:analytics_zookeeper_address}
+ addresses:
+ zookeeper: ${_param:analytics_zookeeper_address}
diff --git a/helm/analytics_pipeline/tweepub.yml b/helm/analytics_pipeline/tweepub.yml
index 42678a3..daa62ca 100644
--- a/helm/analytics_pipeline/tweepub.yml
+++ b/helm/analytics_pipeline/tweepub.yml
@@ -19,5 +19,6 @@
locations: -71.4415,41.9860,-70.4747,42.9041,-122.75,36.8,-121.75,37.8,-74,40,-73,41
kafka:
deployChart: false
- externalAddress: ${_param:analytics_kafka_address}
topic: twitter-stream
+ addresses:
+ kafka: ${_param:analytics_kafka_address}
diff --git a/helm/analytics_pipeline/tweetics.yml b/helm/analytics_pipeline/tweetics.yml
index de438bf..0a6bebb 100644
--- a/helm/analytics_pipeline/tweetics.yml
+++ b/helm/analytics_pipeline/tweetics.yml
@@ -12,16 +12,20 @@
minHashtagCounts: 0
zookeeper:
deployChart: false
- externalAddress: ${_param:analytics_zookeeper_address}
+ addresses:
+ zookeeper: ${_param:analytics_zookeeper_address}
kafka:
deployChart: false
- externalAddress: ${_param:analytics_kafka_address}
topic: twitter-stream
+ addresses:
+ kafka: ${_param:analytics_kafka_address}
spark:
deployChart: false
- externalAddress: ${_param:analytics_spark_address}
+ addresses:
+ spark: ${_param:analytics_spark_address}
storage: hdfs
hdfs:
deployChart: false
- externalAddress: ${_param:analytics_hdfs_address}
path: /twitter
+ addresses:
+ namenode: ${_param:analytics_hdfs_address}
diff --git a/helm/analytics_pipeline/tweeviz.yml b/helm/analytics_pipeline/tweeviz.yml
index d8f7aef..e264031 100644
--- a/helm/analytics_pipeline/tweeviz.yml
+++ b/helm/analytics_pipeline/tweeviz.yml
@@ -14,6 +14,6 @@
storage: hdfs
hdfs:
deployChart: false
- externalAddress: ${_param:analytics_hdfs_address}
path: /
- externalPort: 8020
+ addresses:
+ namenode: ${_param:analytics_hdfs_address}
diff --git a/init.yml b/init.yml
new file mode 100644
index 0000000..7d8695f
--- /dev/null
+++ b/init.yml
@@ -0,0 +1,3 @@
+parameters:
+ _param:
+ dollarsign: '$'
diff --git a/jenkins/client/approved_scripts.yml b/jenkins/client/approved_scripts.yml
index 1973906..dfcf9ac 100644
--- a/jenkins/client/approved_scripts.yml
+++ b/jenkins/client/approved_scripts.yml
@@ -54,6 +54,7 @@
- method java.util.Collection stream
- method java.util.Date getTime
- method java.util.LinkedHashMap$LinkedHashIterator hasNext
+ - method java.util.List add int java.lang.Object
- method java.util.List subList int int
- method java.util.Map remove java.lang.Object
- method java.util.Map size
@@ -139,3 +140,4 @@
- method hudson.model.Actionable getAction java.lang.Class
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods toSorted java.lang.Iterable
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods intersect java.util.List java.lang.Iterable
+ - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods reverse java.util.List
diff --git a/jenkins/client/job/debian/packages/extra.yml b/jenkins/client/job/debian/packages/extra.yml
index 383a2d3..61d7ee2 100644
--- a/jenkins/client/job/debian/packages/extra.yml
+++ b/jenkins/client/job/debian/packages/extra.yml
@@ -189,6 +189,22 @@
dist: xenial
build: pipeline
branch: debian/xenial
+ - package: gerritlib
+ dist: xenial
+ build: pipeline
+ branch: debian/xenial
+ - package: python-pygerrit2
+ dist: xenial
+ build: pipeline
+ branch: debian/xenial
+ - package: jeepyb
+ dist: xenial
+ build: pipeline
+ branch: debian/xenial
+ - package: salt-pepper
+ dist: xenial
+ build: pipeline
+ branch: debian/xenial
template:
type: workflow-scm
concurrent: false
diff --git a/jenkins/client/job/debian/packages/salt.yml b/jenkins/client/job/debian/packages/salt.yml
index 6928606..d29fc5e 100644
--- a/jenkins/client/job/debian/packages/salt.yml
+++ b/jenkins/client/job/debian/packages/salt.yml
@@ -170,6 +170,9 @@
- name: magnum
upload_source_package: false
dist: trusty
+ - name: manila
+ upload_source_package: false
+ dist: trusty
- name: memcached
upload_source_package: false
dist: trusty
@@ -266,6 +269,9 @@
- name: rundeck
upload_source_package: false
dist: trusty
+ - name: runtest
+ upload_source_package: false
+ dist: trusty
- name: sahara
upload_source_package: false
dist: trusty
@@ -395,6 +401,9 @@
- name: fluentbit
upload_source_package: true
dist: xenial
+ - name: fluentd
+ upload_source_package: true
+ dist: xenial
- name: foreman
upload_source_package: true
dist: xenial
@@ -482,6 +491,9 @@
- name: magnum
upload_source_package: true
dist: xenial
+ - name: manila
+ upload_source_package: true
+ dist: xenial
- name: memcached
upload_source_package: true
dist: xenial
@@ -581,6 +593,9 @@
- name: rsyslog
upload_source_package: true
dist: xenial
+ - name: runtest
+ upload_source_package: true
+ dist: xenial
- name: sahara
upload_source_package: true
dist: xenial
diff --git a/jenkins/client/job/deploy/k8s_control.yml b/jenkins/client/job/deploy/k8s_control.yml
index f851176..4dba2e7 100644
--- a/jenkins/client/job/deploy/k8s_control.yml
+++ b/jenkins/client/job/deploy/k8s_control.yml
@@ -8,7 +8,7 @@
display_name: "Deploy - k8s control"
discard:
build:
- keep_num: 20
+ keep_num: 50
concurrent: false
scm:
type: git
diff --git a/jenkins/client/job/deploy/kqueen.yml b/jenkins/client/job/deploy/kqueen.yml
new file mode 100644
index 0000000..06b449b
--- /dev/null
+++ b/jenkins/client/job/deploy/kqueen.yml
@@ -0,0 +1,61 @@
+parameters:
+ jenkins:
+ client:
+ job:
+ deploy_aws_k8s_kqueen_job:
+ name: deploy-aws-k8s-kqueen
+ type: workflow-scm
+ discard:
+ build:
+ keep_num: 50
+ concurrent: true
+ display_name: "Deploy AWS K8S using kqueen"
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+ branch: "${_param:jenkins_pipelines_branch}"
+ credentials: "gerrit"
+ script: deploy-aws-k8s-kqueen-pipeline.groovy
+ param:
+ # deployments
+ STACK_NAME:
+ type: string
+ description: "AWS stack name - mandatory param, will be used as is"
+ STACK_COMPUTE_COUNT:
+ type: string
+ default: '2'
+
+ STACK_TEMPLATE:
+ type: string
+ default: "k8s_ha_calico_sm"
+ STACK_TEMPLATE_URL:
+ type: string
+ default: "${_param:jenkins_gerrit_url}/mk/heat-templates"
+ STACK_TEMPLATE_CREDENTIALS:
+ type: string
+ default: "gerrit"
+ STACK_TEMPLATE_BRANCH:
+ type: string
+ default: "master"
+
+ # salt
+ SALT_MASTER_CREDENTIALS:
+ type: string
+ default: "salt-qa-credentials"
+ SALT_MASTER_URL:
+ type: string
+ default: ""
+
+ # aws api
+ AWS_STACK_REGION:
+ type: string
+ default: "eu-central-1"
+ AWS_API_CREDENTIALS:
+ type: string
+ default: "aws-credentials"
+ AWS_SSH_KEY:
+ type: string
+ default: "jenkins-mk"
+ KQUEEN_BUILD_ID:
+ type: string
+
diff --git a/jenkins/client/job/deploy/lab/cleanup.yml b/jenkins/client/job/deploy/lab/cleanup.yml
index 93a0818..0db6463 100644
--- a/jenkins/client/job/deploy/lab/cleanup.yml
+++ b/jenkins/client/job/deploy/lab/cleanup.yml
@@ -8,7 +8,7 @@
display_name: "Deploy - stack cleanup"
discard:
build:
- keep_num: 20
+ keep_num: 50
scm:
type: git
url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
@@ -59,7 +59,7 @@
default: "aws-credentials"
AWS_DEFAULT_REGION:
type: string
- default: "us-west-2"
+ default: "eu-central-1"
delete-failed-stacks:
type: workflow-scm
diff --git a/jenkins/client/job/deploy/lab/deploy.yml b/jenkins/client/job/deploy/lab/deploy.yml
index b6bbc71..9a04876 100644
--- a/jenkins/client/job/deploy/lab/deploy.yml
+++ b/jenkins/client/job/deploy/lab/deploy.yml
@@ -11,7 +11,7 @@
type: workflow-scm
discard:
build:
- keep_num: 20
+ keep_num: 100
concurrent: true
display_name: "Deploy - {{stack_name}} {{stack_type}}"
scm:
@@ -100,7 +100,7 @@
description: "Formulas revision to install on Salt Master bootstrap stage"
EXTRA_FORMULAS:
type: string
- default: "maas memcached ntp nginx collectd sensu heka sphinx mysql grafana libvirt rsyslog glusterfs postfix xtrabackup freeipa prometheus telegraf elasticsearch kibana rundeck devops-portal rsync docker keepalived aptly jenkins gerrit artifactory influxdb horizon ceph"
+ default: ""
STATIC_MGMT_NETWORK:
type: boolean
default: 'false'
@@ -180,3 +180,32 @@
description: "Run tests matched to pattern only"
default: ""
+ # TestRail vars
+ TESTRAIL_REPORT:
+ type: boolean
+ description: "Report test results to TestRail if true"
+ default: "false"
+ TESTRAIL_REPORTER_IMAGE:
+ type: string
+ description: "Testrail reporter docker image"
+ default: "alrem/xunit2testrail"
+ TESTRAIL_QA_CREDENTIALS:
+ type: string
+ description: "Credentials for results upload to testrail"
+ default: "oscore-qa-credentials"
+ TESTRAIL_MILESTONE:
+ type: string
+ description: "TestRail milestone"
+ default: "MCP1.1"
+ TESTRAIL_PLAN:
+ type: string
+ description: "TestRail test plan name. Will be generated if missing."
+ default: ""
+ TESTRAIL_GROUP:
+ type: string
+ description: "TestRail test group name."
+ default: "{{stack_name}}"
+ TESTRAIL_SUITE:
+ type: string
+ description: "TestRail test suite name"
+ default: "Tempest 16.0.0 with designate tests"
diff --git a/jenkins/client/job/deploy/lab/release/mcp11.yml b/jenkins/client/job/deploy/lab/release/mcp11.yml
index 0a3127c..5c0f4d4 100644
--- a/jenkins/client/job/deploy/lab/release/mcp11.yml
+++ b/jenkins/client/job/deploy/lab/release/mcp11.yml
@@ -3,13 +3,13 @@
parameters:
_param:
jenkins_deploy_jobs:
- - stack_name: virtual_mcp11_contrail
- stack_env: devcloud_virtual_mcp11_contrail
+ - stack_name: virtual_mcp_contrail
+ stack_env: devcloud_mcp11_contrail
stack_install: core,openstack,contrail
stack_type: heat
stack_test: ""
job_timer: ""
- - stack_name: virtual_mcp11_ovs_dvr
+ - stack_name: virtual_mcp11_dvr
stack_env: devcloud_virtual_mcp11_dvr
stack_install: core,openstack,dvr
stack_type: heat
diff --git a/jenkins/client/job/deploy/openstack.yml b/jenkins/client/job/deploy/openstack.yml
index 3595e01..c507824 100644
--- a/jenkins/client/job/deploy/openstack.yml
+++ b/jenkins/client/job/deploy/openstack.yml
@@ -8,7 +8,7 @@
display_name: "Deploy - OpenStack"
discard:
build:
- keep_num: 20
+ keep_num: 50
concurrent: true
scm:
type: git
diff --git a/jenkins/client/job/deploy/test.yml b/jenkins/client/job/deploy/test.yml
index c226fbc..acf6fa3 100644
--- a/jenkins/client/job/deploy/test.yml
+++ b/jenkins/client/job/deploy/test.yml
@@ -7,7 +7,7 @@
type: workflow-scm
discard:
build:
- keep_num: 20
+ keep_num: 50
concurrent: true
display_name: "Deploy - Test services in environment"
scm:
diff --git a/jenkins/client/job/deploy/update/init.yml b/jenkins/client/job/deploy/update/init.yml
index db92e3b..4e6f460 100644
--- a/jenkins/client/job/deploy/update/init.yml
+++ b/jenkins/client/job/deploy/update/init.yml
@@ -9,6 +9,7 @@
- system.jenkins.client.job.deploy.update.upgrade_mcp_release
- system.jenkins.client.job.deploy.update.upgrade_ovs_gateway
- system.jenkins.client.job.deploy.update.upgrade_opencontrail
+ - system.jenkins.client.job.deploy.update.upgrade_opencontrail4_0
- system.jenkins.client.job.deploy.update.restore_mysql
- system.jenkins.client.job.deploy.update.restore_cassandra
- system.jenkins.client.job.deploy.update.restore_zookeeper
diff --git a/jenkins/client/job/deploy/update/upgrade_opencontrail4_0.yml b/jenkins/client/job/deploy/update/upgrade_opencontrail4_0.yml
new file mode 100644
index 0000000..f622371
--- /dev/null
+++ b/jenkins/client/job/deploy/update/upgrade_opencontrail4_0.yml
@@ -0,0 +1,50 @@
+#
+# Jobs to update packages on given Salt master environment
+#
+parameters:
+ _param:
+ jenkins_salt_api_url: "http://${_param:salt_master_host}:6969"
+ jenkins:
+ client:
+ job:
+ deploy-upgrade-opencontrail40:
+ type: workflow-scm
+ concurrent: true
+ display_name: "Deploy - upgrade Opencontrail to 4.x"
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+ branch: "${_param:jenkins_pipelines_branch}"
+ credentials: "gerrit"
+ script: opencontrail40-upgrade.groovy
+ param:
+ SALT_MASTER_URL:
+ type: string
+ default: "${_param:jenkins_salt_api_url}"
+ SALT_MASTER_CREDENTIALS:
+ type: string
+ default: "salt"
+ STAGE_CONTROLLERS_UPGRADE:
+ type: boolean
+ default: 'true'
+ description: "Run upgrade on Opencontrail controllers"
+ STAGE_COMPUTES_UPGRADE:
+ type: boolean
+ default: 'true'
+ description: "Run upgrade on Opencontrail compute nodes"
+ COMPUTE_TARGET_SERVERS:
+ type: string
+ default: "cmp*"
+ description: Salt compound target to match nodes to be updated [*, G@osfamily:debian].
+ COMPUTE_TARGET_SUBSET_LIVE:
+ type: string
+ default: '1'
+ description: Number of selected nodes to live apply compute upgrade.
+ STAGE_CONTROLLERS_ROLLBACK:
+ type: boolean
+ default: 'false'
+ description: "Run rollback on Opencontrail controllers"
+ STAGE_COMPUTES_ROLLBACK:
+ type: boolean
+ default: 'false'
+ description: "Run rollback on Opencontrail compute nodes"
diff --git a/jenkins/client/job/docker/init.yml b/jenkins/client/job/docker/init.yml
index c5f7d44..d4c15b6 100644
--- a/jenkins/client/job/docker/init.yml
+++ b/jenkins/client/job/docker/init.yml
@@ -16,7 +16,11 @@
dockerfile: "Dockerfile"
- name: gerrit
branch: "2.13.6"
- tags: "2.13.6 latest"
+ tags: "2.13.6"
+ dockerfile: "Dockerfile"
+ - name: gerrit
+ branch: "2.14.6"
+ tags: "2.14.6 latest"
dockerfile: "Dockerfile"
- name: jenkins
branch: "master"
@@ -28,7 +32,7 @@
dockerfile: "Dockerfile"
- name: jenkins
branch: "2.73"
- tags: "2.73 latest"
+ tags: "2.73"
dockerfile: "Dockerfile"
- name: phpldapadmin
branch: "master"
diff --git a/jenkins/client/job/docker/opencontrail.yml b/jenkins/client/job/docker/opencontrail.yml
index 53a76e0..b5052de 100644
--- a/jenkins/client/job/docker/opencontrail.yml
+++ b/jenkins/client/job/docker/opencontrail.yml
@@ -6,6 +6,7 @@
name: "docker-build-images-opencontrail-{{version}}"
jobs:
- version: oc40
+ - version: oc41
template:
discard:
build:
@@ -30,6 +31,9 @@
comment:
- addedContains:
commentAddedCommentContains: '(buildcontainer|test|recheck|verify|)'
+ reverse:
+ projects:
+ - build-opencontrail-{{version}}-ubuntu-xenial
param:
IMAGE_GIT_URL:
type: string
diff --git a/jenkins/client/job/docker/oss/cis-collectors.yml b/jenkins/client/job/docker/oss/cis-collectors.yml
index 11d8be9..05620cf 100644
--- a/jenkins/client/job/docker/oss/cis-collectors.yml
+++ b/jenkins/client/job/docker/oss/cis-collectors.yml
@@ -22,11 +22,6 @@
"oss/cis-collectors":
branches:
- master
- skip_vote:
- - successful
- - failed
- - unstable
- - not_built
event:
patchset:
- created:
diff --git a/jenkins/client/job/docker/oss/devops-portal.yml b/jenkins/client/job/docker/oss/devops-portal.yml
index 3b831d8..9c3025f 100644
--- a/jenkins/client/job/docker/oss/devops-portal.yml
+++ b/jenkins/client/job/docker/oss/devops-portal.yml
@@ -22,11 +22,6 @@
"oss/devops-portal":
branches:
- master
- skip_vote:
- - successful
- - failed
- - unstable
- - not_built
event:
patchset:
- created:
diff --git a/jenkins/client/job/docker/oss/hce-codebase.yml b/jenkins/client/job/docker/oss/hce-codebase.yml
index 41fe789..747ed77 100644
--- a/jenkins/client/job/docker/oss/hce-codebase.yml
+++ b/jenkins/client/job/docker/oss/hce-codebase.yml
@@ -22,11 +22,6 @@
"oss/hce":
branches:
- master
- skip_vote:
- - successful
- - failed
- - unstable
- - not_built
event:
patchset:
- created:
diff --git a/jenkins/client/job/docker/oss/hce-docker.yml b/jenkins/client/job/docker/oss/hce-docker.yml
index 33372b9..c7c4a7b 100644
--- a/jenkins/client/job/docker/oss/hce-docker.yml
+++ b/jenkins/client/job/docker/oss/hce-docker.yml
@@ -22,11 +22,6 @@
"oss/docker-hce":
branches:
- master
- skip_vote:
- - successful
- - failed
- - unstable
- - not_built
event:
patchset:
- created:
diff --git a/jenkins/client/job/docker/oss/init.yml b/jenkins/client/job/docker/oss/init.yml
index 9b1e49b..94e138c 100644
--- a/jenkins/client/job/docker/oss/init.yml
+++ b/jenkins/client/job/docker/oss/init.yml
@@ -1,13 +1,14 @@
classes:
- system.jenkins.client.job.docker.oss.cis-collectors
- system.jenkins.client.job.docker.oss.devops-portal
+ - system.jenkins.client.job.docker.oss.hce-codebase
+ - system.jenkins.client.job.docker.oss.hce-docker
- system.jenkins.client.job.docker.oss.janitor-monkey-codebase
- system.jenkins.client.job.docker.oss.janitor-monkey-docker
- - system.jenkins.client.job.docker.oss.pushkin-docker
- system.jenkins.client.job.docker.oss.pushkin-codebase
- system.jenkins.client.job.docker.oss.pushkin-codebase-ext
- - system.jenkins.client.job.docker.oss.hce-docker
- - system.jenkins.client.job.docker.oss.hce-codebase
+ - system.jenkins.client.job.docker.oss.pushkin-docker
- system.jenkins.client.job.docker.oss.rundeck
- - system.jenkins.client.job.docker.oss.security-monkey-docker
+ - system.jenkins.client.job.docker.oss.security-monkey-codebase
- system.jenkins.client.job.docker.oss.security-monkey-codebase-openstack
+ - system.jenkins.client.job.docker.oss.security-monkey-docker
diff --git a/jenkins/client/job/docker/oss/janitor-monkey-codebase.yml b/jenkins/client/job/docker/oss/janitor-monkey-codebase.yml
index 95a45f1..d10993e 100644
--- a/jenkins/client/job/docker/oss/janitor-monkey-codebase.yml
+++ b/jenkins/client/job/docker/oss/janitor-monkey-codebase.yml
@@ -22,11 +22,6 @@
"oss/SimianArmy":
branches:
- devel
- skip_vote:
- - successful
- - failed
- - unstable
- - not_built
event:
patchset:
- created:
diff --git a/jenkins/client/job/docker/oss/janitor-monkey-docker.yml b/jenkins/client/job/docker/oss/janitor-monkey-docker.yml
index 78167bd..672e13e 100644
--- a/jenkins/client/job/docker/oss/janitor-monkey-docker.yml
+++ b/jenkins/client/job/docker/oss/janitor-monkey-docker.yml
@@ -22,11 +22,6 @@
"oss/docker-janitor-monkey":
branches:
- master
- skip_vote:
- - successful
- - failed
- - unstable
- - not_built
event:
patchset:
- created:
@@ -58,4 +53,4 @@
default: "Dockerfile"
CONTEXT_PATH:
type: string
- default: "."
\ No newline at end of file
+ default: "."
diff --git a/jenkins/client/job/docker/oss/pushkin-codebase-ext.yml b/jenkins/client/job/docker/oss/pushkin-codebase-ext.yml
index 1a5b5b6..0508d49 100644
--- a/jenkins/client/job/docker/oss/pushkin-codebase-ext.yml
+++ b/jenkins/client/job/docker/oss/pushkin-codebase-ext.yml
@@ -22,11 +22,6 @@
"oss/pushkin-extensions":
branches:
- master
- skip_vote:
- - successful
- - failed
- - unstable
- - not_built
event:
patchset:
- created:
diff --git a/jenkins/client/job/docker/oss/pushkin-codebase.yml b/jenkins/client/job/docker/oss/pushkin-codebase.yml
index f40bde3..a45ea75 100644
--- a/jenkins/client/job/docker/oss/pushkin-codebase.yml
+++ b/jenkins/client/job/docker/oss/pushkin-codebase.yml
@@ -22,11 +22,6 @@
"oss/pushkin":
branches:
- devel
- skip_vote:
- - successful
- - failed
- - unstable
- - not_built
event:
patchset:
- created:
diff --git a/jenkins/client/job/docker/oss/pushkin-docker.yml b/jenkins/client/job/docker/oss/pushkin-docker.yml
index e77e99b..61d959c 100644
--- a/jenkins/client/job/docker/oss/pushkin-docker.yml
+++ b/jenkins/client/job/docker/oss/pushkin-docker.yml
@@ -22,11 +22,6 @@
"oss/docker-pushkin":
branches:
- master
- skip_vote:
- - successful
- - failed
- - unstable
- - not_built
event:
patchset:
- created:
@@ -58,4 +53,4 @@
default: "Dockerfile"
CONTEXT_PATH:
type: string
- default: "."
\ No newline at end of file
+ default: "."
diff --git a/jenkins/client/job/docker/oss/rundeck.yml b/jenkins/client/job/docker/oss/rundeck.yml
index 9b116fe..adbe9f4 100644
--- a/jenkins/client/job/docker/oss/rundeck.yml
+++ b/jenkins/client/job/docker/oss/rundeck.yml
@@ -22,11 +22,6 @@
"oss/docker-rundeck":
branches:
- master
- skip_vote:
- - successful
- - failed
- - unstable
- - not_built
event:
patchset:
- created:
diff --git a/jenkins/client/job/docker/oss/security-monkey-codebase-openstack.yml b/jenkins/client/job/docker/oss/security-monkey-codebase-openstack.yml
index a135df8..0e5a9d4 100644
--- a/jenkins/client/job/docker/oss/security-monkey-codebase-openstack.yml
+++ b/jenkins/client/job/docker/oss/security-monkey-codebase-openstack.yml
@@ -3,7 +3,7 @@
client:
job:
docker-build-images-security-monkey-codebase-openstack:
- name: docker-build-images-security-monkey-codebase-openstack
+ name: docker-build-images-security-monkey-codebase-openstack
discard:
build:
keep_num: 25
@@ -22,11 +22,6 @@
"oss/security-monkey-openstack":
branches:
- master
- skip_vote:
- - successful
- - failed
- - unstable
- - not_built
event:
patchset:
- created:
diff --git a/jenkins/client/job/docker/oss/security-monkey-codebase.yml b/jenkins/client/job/docker/oss/security-monkey-codebase.yml
new file mode 100644
index 0000000..93a79e6
--- /dev/null
+++ b/jenkins/client/job/docker/oss/security-monkey-codebase.yml
@@ -0,0 +1,73 @@
+parameters:
+ jenkins:
+ client:
+ job:
+ docker-build-images-security-monkey-codebase:
+ name: docker-build-images-security-monkey-codebase
+ discard:
+ build:
+ keep_num: 25
+ artifact:
+ keep_num: 25
+ type: workflow-scm
+ concurrent: true
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/oss/jenkins/pipelines"
+ credentials: "gerrit"
+ script: docker-build-image-security-monkey-pipeline.groovy
+ trigger:
+ gerrit:
+ project:
+ "oss/security-monkey":
+ branches:
+ - mirantis_0_9_2
+ skip_vote:
+ - successful
+ - failed
+ - unstable
+ - not_built
+ event:
+ patchset:
+ - created:
+ excludeDrafts: false
+ excludeNoCodeChange: false
+ change:
+ - merged
+ comment:
+ - addedContains:
+ commentAddedCommentContains: 'rebuild'
+ param:
+ IMAGE_NAME:
+ type: string
+ default: "security-monkey"
+ IMAGE_TAGS:
+ type: string
+ default: ""
+ CREDENTIALS_ID:
+ type: string
+ default: "gerrit"
+ DOCKER_REGISTRY:
+ type: string
+ default: "docker-dev-virtual.docker.mirantis.net"
+ PROJECT_NAMESPACE:
+ type: string
+ default: "oss"
+ DOCKERFILE_PATH:
+ type: string
+ default: "security-monkey/Dockerfile"
+ CONTEXT_PATH:
+ type: string
+ default: "."
+ CUSTOM_GERRIT_PROJECT:
+ type: string
+ default: oss/docker-security-monkey
+ CUSTOM_GERRIT_BRANCH:
+ type: string
+ default: master
+ CI_BUILD_ARG_SECURITY_MONKEY_REPO:
+ type: string
+ default: https://gerrit.mcp.mirantis.net/oss/security-monkey
+ CI_BUILD_ARG_SECURITY_MONKEY_BRANCH:
+ type: string
+ default: mirantis_0_9_2
diff --git a/jenkins/client/job/docker/oss/security-monkey-docker.yml b/jenkins/client/job/docker/oss/security-monkey-docker.yml
index b9d4512..613f789 100644
--- a/jenkins/client/job/docker/oss/security-monkey-docker.yml
+++ b/jenkins/client/job/docker/oss/security-monkey-docker.yml
@@ -22,11 +22,6 @@
"oss/docker-security-monkey":
branches:
- master
- skip_vote:
- - successful
- - failed
- - unstable
- - not_built
event:
patchset:
- created:
@@ -58,4 +53,4 @@
default: "security-monkey/Dockerfile"
CONTEXT_PATH:
type: string
- default: "."
\ No newline at end of file
+ default: "."
diff --git a/jenkins/client/job/git-mirrors/2way.yml b/jenkins/client/job/git-mirrors/2way.yml
index 330abc2..3b1a62f 100644
--- a/jenkins/client/job/git-mirrors/2way.yml
+++ b/jenkins/client/job/git-mirrors/2way.yml
@@ -36,6 +36,9 @@
"{{source}}":
branches:
- master
+ event:
+ ref:
+ - updated
param:
SOURCE_URL:
type: string
@@ -49,3 +52,4 @@
BRANCHES:
type: string
default: "{{branches}}"
+ description: "Comma-separated list of branches to mirror"
diff --git a/jenkins/client/job/git-mirrors/downstream/init.yml b/jenkins/client/job/git-mirrors/downstream/init.yml
index 649ccdc..6f5a66d 100644
--- a/jenkins/client/job/git-mirrors/downstream/init.yml
+++ b/jenkins/client/job/git-mirrors/downstream/init.yml
@@ -38,3 +38,4 @@
BRANCHES:
type: string
default: "{{branches}}"
+ description: "Comma-separated list of branches to mirror"
diff --git a/jenkins/client/job/git-mirrors/upstream/init.yml b/jenkins/client/job/git-mirrors/upstream/init.yml
index 8334f23..1707dca 100644
--- a/jenkins/client/job/git-mirrors/upstream/init.yml
+++ b/jenkins/client/job/git-mirrors/upstream/init.yml
@@ -48,3 +48,4 @@
BRANCHES:
type: string
default: "{{branches}}"
+ description: "Comma-separated list of branches to mirror"
diff --git a/jenkins/client/job/k8s-test/mcp-k8s-test-pipeline.yml b/jenkins/client/job/k8s-test/mcp-k8s-test-pipeline.yml
index 8490ee7..36e1dc0 100644
--- a/jenkins/client/job/k8s-test/mcp-k8s-test-pipeline.yml
+++ b/jenkins/client/job/k8s-test/mcp-k8s-test-pipeline.yml
@@ -8,7 +8,7 @@
display_name: "Kubernetes tests pipeline"
discard:
build:
- keep_num: 20
+ keep_num: 50
concurrent: false
scm:
type: git
diff --git a/jenkins/client/job/opencontrail/build/generic.yml b/jenkins/client/job/opencontrail/build/generic.yml
index 699222e..d9be124 100644
--- a/jenkins/client/job/opencontrail/build/generic.yml
+++ b/jenkins/client/job/opencontrail/build/generic.yml
@@ -53,7 +53,7 @@
branch: R3.2
ppa: mirantis-opencontrail/opencontrail-3.2
upload_source_package: true
- dpdk: contrail_dpdk_2_1
+ dpdk: contrail_dpdk_17_02
build_trigger: ""
- buildname: oc32
os: ubuntu
@@ -61,7 +61,7 @@
branch: R3.2
ppa: mirantis-opencontrail/opencontrail-3.2
upload_source_package: true
- dpdk: contrail_dpdk_2_1
+ dpdk: contrail_dpdk_17_02
build_trigger: ""
- buildname: oc323
os: ubuntu
diff --git a/jenkins/client/job/oscore/qa.yml b/jenkins/client/job/oscore/qa.yml
index 1fa2ab3..a8d4fae 100644
--- a/jenkins/client/job/oscore/qa.yml
+++ b/jenkins/client/job/oscore/qa.yml
@@ -46,3 +46,141 @@
DOCKER_REGISTRY:
type: string
default: "docker-prod-local.docker.mirantis.net"
+ oscore-docker-image-systest-template:
+ name: "{{job_prefix}}-{{oscore-qa-project}}-image-systest-{{model}}"
+ template:
+ discard:
+ build:
+ keep_num: 30
+ artifact:
+ keep_num: 30
+ type: workflow-scm
+ concurrent: true
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/openstack-ci/openstack-pipelines.git"
+ credentials: "gerrit"
+ branch: 'master'
+ script: test-tempest-image-pipeline.groovy
+ trigger:
+ gerrit:
+ project:
+ mcp/{{oscore-qa-project}}:
+ branches:
+ - compare_type: "PLAIN"
+ name: "master"
+ skip_vote:
+ - successful
+ - failed
+ - unstable
+ - not_built
+ event:
+ patchset:
+ - created
+ comment:
+ - addedContains:
+ commentAddedCommentContains: '^(?s:Patch Set \d+:.*(test|recheck|reverify)\s*)$'
+ custom_url: '* $JOB_NAME $BUILD_URL'
+ param:
+ # general
+ BOOTSTRAP_EXTRA_REPO_PARAMS:
+ type: string
+ description: Extra repos for bootstrap stage
+ default: ""
+ CREDENTIALS_ID:
+ type: string
+ description: gerrit creds
+ default: "gerrit"
+ GERRIT_PROJECT_URL:
+ type: string
+ description: Url to project with docker image source
+ default: ""
+ GERRIT_BRANCH:
+ type: string
+ description: Branch of project with docker image source
+ default: ""
+ HEAT_STACK_ZONE:
+ type: string
+ description: AZ
+ default: "mcp-oscore-ci"
+ STACK_TEST_JOB:
+ type: string
+ description: Job for environment deployment
+ default: "{{stack_test_job}}"
+ STACK_TYPE:
+ type: string
+ default: "heat"
+ STACK_INSTALL:
+ type: string
+ description: components to install
+ default: 'core,openstack,ovs'
+ STACK_DELETE:
+ type: boolean
+ default: 'true'
+ description: Don't enable it if you need to use the lab after
+ STACK_RECLASS_ADDRESS:
+ type: string
+ default: '{{stack_reclass_address}}'
+ description: 'Url to repository with stack salt models'
+ STACK_RECLASS_BRANCH:
+ type: string
+ default: '{{stack_reclass_branch}}'
+ description: 'Branch of repository with stack salt models'
+ STACK_CLEANUP_JOB:
+ type: string
+ default: "{{stack_cleanup_job}}"
+ # salt
+ FORMULA_PKG_REVISION:
+ type: string
+ description: Version of formulas for salt-master bootstrap
+ default: "{{formula_pkg_revision}}"
+ UPLOAD_CREDENTIALS_ID:
+ type: string
+ description: ID of credentials to connect to target host
+ default: "heat-env-ssh"
+ # openstack api
+ OPENSTACK_API_URL:
+ type: string
+ default: "https://cloud-cz.bud.mirantis.net:5000"
+ OPENSTACK_API_CREDENTIALS:
+ type: string
+ default: "openstack-devcloud-credentials"
+ OPENSTACK_API_PROJECT:
+ type: string
+ default: "mcp-oscore-ci"
+ OPENSTACK_API_PROJECT_DOMAIN:
+ type: string
+ default: "default"
+ OPENSTACK_API_PROJECT_ID:
+ type: string
+ default: ""
+ OPENSTACK_API_USER_DOMAIN:
+ type: string
+ default: "default"
+ OPENSTACK_API_CLIENT:
+ type: string
+ default: ""
+ OPENSTACK_API_VERSION:
+ type: string
+ default: "3"
+ # test
+ TEST_TEMPEST_CONF:
+ type: string
+ description: Tempest configuration file path inside container
+ default: "{{tempest_conf}}"
+ TEST_TEMPEST_TARGET:
+ type: string
+ description: Node to run tests
+ default: "{{tempest_target}}"
+ TEST_MODEL:
+ type: string
+ description: Environment salt model
+ default: "{{model}}"
+ FAIL_ON_TESTS:
+ type: boolean
+ default: 'true'
+ description: Whether to fail build on test results
+ SALT_MASTER_IP:
+ type: string
+ description: Ip of env's salt master
+ default: ""
diff --git a/jenkins/client/job/oscore/security_tests.yml b/jenkins/client/job/oscore/security_tests.yml
index e4f5f6d..36b5441 100644
--- a/jenkins/client/job/oscore/security_tests.yml
+++ b/jenkins/client/job/oscore/security_tests.yml
@@ -62,7 +62,7 @@
SEVERITY:
type: string
description: Bandit args
- default: "3"
+ default: "1"
CONFIDENCE:
type: string
description: confidence
diff --git a/jenkins/client/job/oscore/tests.yml b/jenkins/client/job/oscore/tests.yml
index ae7d44d..fdb7401 100644
--- a/jenkins/client/job/oscore/tests.yml
+++ b/jenkins/client/job/oscore/tests.yml
@@ -2,6 +2,135 @@
jenkins:
client:
job_template:
+ test-openstack-component-formula:
+ name: "{{job_prefix}}-formula-systest-{{model}}-{{openstack_version}}"
+ template:
+ discard:
+ build:
+ keep_num: 30
+ artifact:
+ keep_num: 30
+ type: workflow-scm
+ concurrent: true
+ plugin_properties:
+ throttleconcurrents:
+ enabled: true
+ throttle_option: category
+ categories:
+ - oscore-ci-builds
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/openstack-ci/openstack-pipelines.git"
+ credentials: "gerrit"
+ branch: 'master'
+ script: test-openstack-component-pipeline.groovy
+ param:
+ # general
+ HEAT_STACK_ZONE:
+ type: string
+ description: AZ
+ default: "mcp-oscore-ci"
+ OPENSTACK_VERSION:
+ type: string
+ description: Version of openstack to test
+ default: "{{openstack_version}}"
+ PROJECT:
+ type: string
+ description: Project to test
+ default: "all"
+ STACK_TEST_JOB:
+ type: string
+ description: Job for environment deployment
+ default: "{{stack_test_job}}"
+ STACK_TYPE:
+ type: string
+ default: "{{stack_type}}"
+ STACK_INSTALL:
+ type: string
+ description: components to install
+ default: 'core,openstack,ovs'
+ STACK_DELETE:
+ type: boolean
+ default: 'true'
+ description: Don't enable it if you need to use the lab after
+ STACK_CLEANUP_JOB:
+ type: string
+ default: "{{stack_cleanup_job}}"
+ STACK_RECLASS_ADDRESS:
+ type: string
+ default: '{{stack_reclass_address}}'
+ description: 'Url to repository with stack salt models'
+ STACK_RECLASS_BRANCH:
+ type: string
+ default: '{{stack_reclass_branch}}'
+ description: 'Branch of repository with stack salt models'
+ # salt
+ SALT_OVERRIDES:
+ type: text
+ default: ""
+ description: YAML with overrides for Salt deployment
+ FORMULA_PKG_REVISION:
+ type: string
+ description: Version of formulas for salt-master bootstrap
+ default: "{{formula_pkg_revision}}"
+ # openstack api
+ OPENSTACK_API_URL:
+ type: string
+ default: "https://cloud-cz.bud.mirantis.net:5000"
+ OPENSTACK_API_CREDENTIALS:
+ type: string
+ default: "openstack-devcloud-credentials"
+ OPENSTACK_API_PROJECT:
+ type: string
+ default: "mcp-oscore-ci"
+ OPENSTACK_API_PROJECT_DOMAIN:
+ type: string
+ default: "default"
+ OPENSTACK_API_PROJECT_ID:
+ type: string
+ default: ""
+ OPENSTACK_API_USER_DOMAIN:
+ type: string
+ default: "default"
+ OPENSTACK_API_CLIENT:
+ type: string
+ default: ""
+ OPENSTACK_API_VERSION:
+ type: string
+ default: "3"
+ # test
+ TEST_TEMPEST_CONF:
+ type: string
+ description: Tempest configuration file path inside container
+ default: "{{tempest_conf}}"
+ TEST_TEMPEST_TARGET:
+ type: string
+ description: Node to run tests
+ default: "{{tempest_target}}"
+ TEST_TEMPEST_PATTERN:
+ type: string
+ description: Run tests matched to pattern only
+ default: "tempest"
+ TEST_MODEL:
+ type: string
+ description: Environment salt model
+ default: "{{model}}"
+ TEST_PASS_THRESHOLD:
+ type: string
+ description: Tests pass rate to consider build successful
+ default: "{{test_threshold}}"
+ TESTRAIL:
+ type: boolean
+ default: 'false'
+ description: Whether to upload results to testrail
+ FAIL_ON_TESTS:
+ type: boolean
+ default: 'true'
+ description: Whether to fail build on test results
+ BOOTSTRAP_EXTRA_REPO_PARAMS:
+ type: string
+ default: ""
+ description: "Defines a list of extra repos with parameters, format: repo 1, repo priority 1, repo pin 1; repo 2, repo priority 2, repo pin 2"
test-openstack-component-periodic:
name: "{{job_prefix}}-{{milestone}}-{{model}}-{{openstack_version}}-{{formula_pkg_revision}}"
template:
@@ -191,11 +320,18 @@
description: Salt target to run tests
TEST_TEMPEST_IMAGE:
type: string
- description: Node to run tests
+ description: Url to tempest docker image
default: 'docker-prod-local.artifactory.mirantis.com/mirantis/oscore/rally-tempest'
+ LOCAL_TEMPEST_IMAGE:
+ type: string
+ description: Path to local docker image
+ default: ''
TEST_TEMPEST_PATTERN:
type: string
description: Run tests matched to pattern only
+ TEST_TEMPEST_SET:
+ type: string
+ description: Run tests matched by tempest set only
TEST_TEMPEST_CONCURRENCY:
type: string
description: How much test threads to run
@@ -373,3 +509,213 @@
type: string
description: Environment salt model
default: "{{model}}"
+ oscore-oscc-ci-template:
+ name: "{{job_prefix}}-oscc-ci"
+ template:
+ discard:
+ build:
+ keep_num: 30
+ artifact:
+ keep_num: 30
+ type: workflow-scm
+ concurrent: true
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/openstack-ci/openstack-pipelines.git"
+ credentials: "gerrit"
+ branch: 'master'
+ script: oscc-ci-pipeline.groovy
+ param:
+ # general
+ DEPLOY_JOB_NAME:
+ type: string
+ description: "Job name tp deploy envs are going to be tested"
+ default: "{{job_prefix}}-{{deployJobPrefix}}"
+ DISTRIBUTION:
+ type: string
+ default: "{{distribution}}"
+ description: "Distribution for the published repo"
+ COMPONENTS:
+ type: string
+ default: "{{components}}"
+ description: "Components for repo"
+ TMP_REPO_NODE_NAME:
+ type: string
+ default: "{{tmp_repo_node_name}}"
+ description: "Node name where temp repo will be published"
+ STACK_RECLASS_ADDRESS:
+ type: string
+ default: "{{stack_reclass_address}}"
+ OPENSTACK_RELEASES:
+ type: string
+ default: "{{openstack_releases}}"
+ description: "OpenStack releases with comma delimeter which have to be testes. For example: pike,ocata"
+ SOURCE_REPO_NAME:
+ type: string
+ description: "Name of the repo where packages are stored"
+ default: "{{source_repo_name}}"
+ APTLY_API_URL:
+ type: string
+ description: URL for the aptly API
+ default: "${_param:jenkins_aptly_api_url}"
+ STACK_DELETE:
+ type: boolean
+ default: "{{stack_delete}}"
+ description: Do not enable it if you need to use the lab after
+ OPENSTACK_COMPONENTS_LIST:
+ type: string
+ description: "OpenStack related components list"
+ default: "{{openstack_components_list}}"
+ build-salt-formula-refspec-template:
+ name: "{{job_prefix}}-build-salt-formula-refspec"
+ template:
+ discard:
+ build:
+ keep_num: 30
+ artifact:
+ keep_num: 30
+ type: workflow-scm
+ concurrent: true
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines.git"
+ credentials: "gerrit"
+ branch: 'master'
+ script: build-debian-packages-pipeline.groovy
+ param:
+ SOURCE_URL:
+ type: string
+ default: ""
+ description: Project Git repo URL
+ SOURCE_REFSPEC:
+ type: string
+ default: ""
+ description: Refspec to checkout
+ SOURCE_BRANCH:
+ type: string
+ default: "master"
+ description: Name of local branch name for checked out refspec
+ SOURCE_CREDENTIALS:
+ type: string
+ default: "gerrit"
+ description: Credentials to Git repo
+ DEBIAN_SNAPSHOT:
+ type: boolean
+ default: 'true'
+ description: Whether to make a snapshot build
+ EXTRA_REPO_URL:
+ type: string
+ default: "deb ${_param:jenkins_aptly_url}/{{dist}}/ testing salt salt-latest"
+ description: Extra repo for building process
+ EXTRA_REPO_KEY_URL:
+ type: string
+ default: "${_param:jenkins_aptly_url}/public.gpg"
+ description: Extra repo GPG public key URL
+ OS:
+ type: string
+ default: "ubuntu"
+ description: OS name
+ DIST:
+ type: string
+ default: "{{dist}}"
+ description: OS distributive name
+ UPLOAD_PPA:
+ type: boolean
+ default: 'false'
+ description: Whether to upload to PPA
+ UPLOAD_APTLY:
+ type: boolean
+ default: 'false'
+ description: Whether to upload to Aptly
+ DEBIAN_BRANCH:
+ type: string
+ default: "debian/{{dist}}"
+ description: Source repo branch name with build spec
+ LINTIAN_CHECK:
+ type: boolean
+ default: 'false'
+ description: Whether to perform lintian check
+ test-salt-formula-refspec-template:
+ name: "{{job_prefix}}-test-salt-formula-refspec"
+ template:
+ discard:
+ build:
+ keep_num: 30
+ artifact:
+ keep_num: 30
+ type: workflow-scm
+ concurrent: true
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/openstack-ci/openstack-pipelines.git"
+ credentials: "gerrit"
+ branch: 'master'
+ script: deploy-formula-change-pipeline.groovy
+ trigger:
+ gerrit:
+ project:
+ "^salt-formulas/(nova|cinder|glance|keystone|horizon|neutron|designate|heat|ironic|barbican|salt|linux|reclass|galera)$":
+ compare_type: 'REG_EXP'
+ branches:
+ - master
+ skip_vote:
+ - successful
+ - failed
+ - unstable
+ - not_built
+ event:
+ comment:
+ - addedContains:
+ commentAddedCommentContains: '^(?s:Patch Set \d+:.*(test|recheck|reverify)\s*)$'
+ param:
+ SOURCE_CREDENTIALS:
+ type: string
+ default: "gerrit"
+ UPLOAD_APTLY:
+ type: boolean
+ default: 'true'
+ description: Whether to upload to Aptly
+ APTLY_REPO:
+ type: string
+ default: ""
+ description: Aptly repo name
+ BUILD_PACKAGE:
+ type: boolean
+ default: 'true'
+ description: Whether to build package
+ APTLY_REPO_URL:
+ type: string
+ default: "${_param:jenkins_aptly_url}"
+ description: Aptly url
+ APTLY_API_URL:
+ type: string
+ default: "${_param:jenkins_aptly_api_url}"
+ description: Aptly API url
+ OPENSTACK_RELEASES:
+ type: string
+ default: "{{openstack_releases}}"
+ description: Comma separated list of OpenStack releases to perform deploy and tests.
+ SOURCES:
+ type: text
+ default: ""
+ description: Optional parameter to list Git refspecs to be build
+ STACK_RECLASS_ADDRESS:
+ type: string
+ default: "{{stack_reclass_address}}"
+ description: Git repo URL to reclass
+ PKG_BUILD_JOB_NAME:
+ type: string
+ default: "{{pkg_build_job_name}}"
+ description: Jenkins job name to build package
+ STACK_DELETE:
+ type: boolean
+ default: 'true'
+ description: Whether to delete stacks ater tests
+ APTLY_PREFIX:
+ type: string
+ default: "{{aptly_prefix}}"
+ description: Aptly prefix
+ SYSTEST_JOB_PREFIX:
+ type: string
+ default: "{{systestJobPrefix}}"
+ description: "Systest job prefix. I.e. oscore-formula-systest-virtual_mcp11_aio-"
diff --git a/jenkins/client/job/oss/test_pushkin_codebase.yml b/jenkins/client/job/oss/test_pushkin_codebase.yml
index 245f1d8..baefbc9 100644
--- a/jenkins/client/job/oss/test_pushkin_codebase.yml
+++ b/jenkins/client/job/oss/test_pushkin_codebase.yml
@@ -23,11 +23,6 @@
branches:
- devel
- master
- skip_vote:
- - successful
- - failed
- - unstable
- - not_built
event:
patchset:
- created:
diff --git a/jenkins/client/job/salt-formulas/git-mirrors/2way.yml b/jenkins/client/job/salt-formulas/git-mirrors/2way.yml
index 2f399cc..25a1b84 100644
--- a/jenkins/client/job/salt-formulas/git-mirrors/2way.yml
+++ b/jenkins/client/job/salt-formulas/git-mirrors/2way.yml
@@ -49,6 +49,8 @@
branches: ${_param:salt_formulas_branches}
- name: dekapod
branches: ${_param:salt_formulas_branches}
+ - name: debmirror
+ branches: ${_param:salt_formulas_branches}
- name: devops-portal
branches: ${_param:salt_formulas_branches}
- name: docker
@@ -131,6 +133,8 @@
branches: ${_param:salt_formulas_branches}
- name: magnum
branches: ${_param:salt_formulas_branches}
+ - name: manila
+ branches: ${_param:salt_formulas_branches}
- name: memcached
branches: ${_param:salt_formulas_branches}
- name: midonet
@@ -201,6 +205,8 @@
branches: ${_param:salt_formulas_branches}
- name: rundeck
branches: ${_param:salt_formulas_branches}
+ - name: runtest
+ branches: ${_param:salt_formulas_branches}
- name: sahara
branches: ${_param:salt_formulas_branches}
- name: salt
@@ -256,6 +262,9 @@
salt-formulas/{{name}}:
branches:
- master
+ event:
+ ref:
+ - updated
param:
SOURCE_URL:
type: string
diff --git a/jenkins/client/job/salt-formulas/tests.yml b/jenkins/client/job/salt-formulas/tests.yml
index b5c596b..6425773 100644
--- a/jenkins/client/job/salt-formulas/tests.yml
+++ b/jenkins/client/job/salt-formulas/tests.yml
@@ -70,6 +70,7 @@
- name: logrotate
- name: maas
- name: magnum
+ - name: manila
- name: memcached
- name: midonet
- name: mirascan
@@ -106,6 +107,7 @@
- name: rsync
- name: rsyslog
- name: rundeck
+ - name: runtest
- name: sahara
- name: salt
- name: sensu
@@ -173,7 +175,7 @@
name: test-salt-formulas-env
discard:
build:
- keep_num: 500
+ keep_num: 1000
artifact:
keep_num: 10
type: workflow-scm
diff --git a/jenkins/client/job/salt-models/tests.yml b/jenkins/client/job/salt-models/tests.yml
index ec35f94..6bf8e5a 100644
--- a/jenkins/client/job/salt-models/tests.yml
+++ b/jenkins/client/job/salt-models/tests.yml
@@ -8,6 +8,11 @@
name: test-salt-model-{{name}}
template:
type: workflow-scm
+ discard:
+ build:
+ keep_num: 50
+ artifact:
+ keep_num: 50
scm:
type: git
url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
@@ -81,6 +86,11 @@
name: test-salt-model-{{name}}
template:
type: workflow-scm
+ discard:
+ build:
+ keep_num: 50
+ artifact:
+ keep_num: 50
scm:
type: git
url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
@@ -119,9 +129,9 @@
template:
discard:
build:
- keep_num: 20
+ keep_num: 50
artifact:
- keep_num: 20
+ keep_num: 50
type: workflow-scm
concurrent: true
scm:
@@ -173,7 +183,7 @@
name: test-salt-model-node
discard:
build:
- keep_num: 500
+ keep_num: 1000
artifact:
keep_num: 10
type: workflow-scm
diff --git a/jenkins/client/job/validate.yml b/jenkins/client/job/validate.yml
index cfbd85d..7d2fa9b 100644
--- a/jenkins/client/job/validate.yml
+++ b/jenkins/client/job/validate.yml
@@ -15,9 +15,9 @@
display_name: "Validate - Openstack"
discard:
build:
- keep_num: 20
+ keep_num: 50
artifact:
- keep_num: 20
+ keep_num: 50
concurrent: false
scm:
type: git
@@ -149,7 +149,7 @@
description: If chosen then previous build results will be used in the current build
cvp-sanity:
type: workflow-scm
- name: validate-cvp-sanity
+ name: cvp-sanity
display_name: "CVP - Sanity checks"
discard:
build:
@@ -166,7 +166,7 @@
param:
SALT_MASTER_URL:
type: string
- default: ""
+ default: "${_param:jenkins_salt_api_url}"
description: Full Salt API address [e.g. https://10.10.10.2:6969]
SALT_MASTER_CREDENTIALS:
type: string
@@ -175,6 +175,10 @@
type: string
default: "https://github.com/Mirantis/cvp-sanity-checks"
description: Url for cvp-sanity-checks
+ SANITY_TESTS_SETTINGS:
+ type: string
+ default: ""
+ description: e.g. skipped_nodes=nal01.local.com,ntw01.local.com
SANITY_TESTS_SET:
type: string
default: ""
@@ -183,3 +187,71 @@
type: string
default: ""
description: Proxy address to clone repo and install python requirements
+ cvp-ha:
+ type: workflow-scm
+ name: cvp-ha
+ display_name: "CVP - HA tests"
+ discard:
+ build:
+ keep_num: 20
+ artifact:
+ keep_num: 20
+ concurrent: false
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+ credentials: "gerrit"
+ script: cvp-ha.groovy
+ param:
+ SALT_MASTER_URL:
+ type: string
+ default: "${_param:jenkins_salt_api_url}"
+ description: Full Salt API address [e.g. https://10.10.10.2:6969]
+ SALT_MASTER_CREDENTIALS:
+ type: string
+ default: "salt"
+ description: Credentials to the Salt API
+ TEMPEST_TARGET_NODE:
+ type: string
+ default: ""
+ description: Node where container with tempest will be run
+ TEST_IMAGE:
+ type: string
+ default: "rallyforge/rally"
+ description: Docker image to use for running Rally/Tempest
+ TARGET_NODES:
+ type: string
+ default: "ctl*"
+ description: Nodes to test
+ DEBUG_MODE:
+ type: boolean
+ default: 'false'
+ description: If you need to debug (keep container after test), please enabled this
+ RETRY_CHECK_STATUS:
+ type: string
+ default: "200"
+ description: If you have any problems with timeouts (e.g. while waiting for node to be up/down), please increase this value
+ SKIP_LIST_PATH:
+ type: string
+ default: "/home/rally/cvp-configuration/tempest/skip-list.yaml"
+ description: path to skip-list file inside container
+ PROXY:
+ type: string
+ default: ""
+ description: Proxy address to clone repo and install python requirements
+ TEMPEST_TEST_PATTERN:
+ type: string
+ default: "set=smoke"
+ description: Use set=smoke (or identity,full...] or just test name
+ MANUAL_CONFIRMATION:
+ type: boolean
+ default: 'false'
+ description: Ask for confirmation before doing something destructive (reboot/shutdown node)
+ TEMPEST_REPO:
+ type: string
+ default: "https://github.com/openstack/tempest"
+ description: Can be repo url (local or remote) or path to folder (inside container) with Tempest
+ TOOLS_REPO:
+ type: string
+ default: "${_param:gerrit_public_host}/cvp-configuration"
+ description: URL of repo where testing tools, scenarios, configs are located.
diff --git a/jenkins/slave/debmirror.yml b/jenkins/slave/debmirror.yml
new file mode 100644
index 0000000..6cd7829
--- /dev/null
+++ b/jenkins/slave/debmirror.yml
@@ -0,0 +1,8 @@
+classes:
+ - system.jenkins.slave
+parameters:
+ linux:
+ system:
+ package:
+ debmirror:
+ version: latest
diff --git a/jenkins/slave/salt-pepper.yml b/jenkins/slave/salt-pepper.yml
new file mode 100644
index 0000000..c5baf1f
--- /dev/null
+++ b/jenkins/slave/salt-pepper.yml
@@ -0,0 +1,8 @@
+ classes:
+ - system.jenkins.slave
+ parameters:
+ linux:
+ system:
+ package:
+ salt-pepper:
+ version: latest
diff --git a/keystone/client/core.yml b/keystone/client/core.yml
index 39d28de..f869059 100644
--- a/keystone/client/core.yml
+++ b/keystone/client/core.yml
@@ -1,4 +1,6 @@
parameters:
+ _param:
+ keystone_service_protocol: http
linux:
system:
job:
@@ -16,6 +18,7 @@
host: ${_param:keystone_service_host}
port: 35357
token: ${_param:keystone_service_token}
+ protocol: ${_param:keystone_service_protocol}
roles:
- admin
- Member
@@ -38,3 +41,4 @@
port: 5000
region_name: ${_param:openstack_region}
use_keystoneauth: true
+ protocol: ${_param:keystone_service_protocol}
diff --git a/keystone/client/image_manager.yml b/keystone/client/image_manager.yml
index 024b0c4..becd512 100644
--- a/keystone/client/image_manager.yml
+++ b/keystone/client/image_manager.yml
@@ -1,6 +1,7 @@
parameters:
_param:
keystone_image_manager_email: 'root@localhost'
+ keystone_service_protocol: http
keystone:
client:
enabled: true
@@ -10,6 +11,7 @@
host: ${_param:keystone_service_host}
port: 35357
token: ${_param:keystone_service_token}
+ protocol: ${_param:keystone_service_protocol}
roles:
- image_manager
project:
diff --git a/keystone/client/service/aodh.yml b/keystone/client/service/aodh.yml
index 51de0ca..c4d49b8 100644
--- a/keystone/client/service/aodh.yml
+++ b/keystone/client/service/aodh.yml
@@ -1,6 +1,7 @@
parameters:
_param:
cluster_public_protocol: https
+ aodh_service_protocol: http
keystone:
client:
server:
@@ -25,6 +26,8 @@
internal_address: ${_param:aodh_service_host}
internal_port: 8042
internal_path: '/'
+ internal_protocol: ${_param:aodh_service_protocol}
+ admin_protocol: ${_param:aodh_service_protocol}
admin_address: ${_param:aodh_service_host}
admin_port: 8042
admin_path: '/'
diff --git a/keystone/client/service/barbican.yml b/keystone/client/service/barbican.yml
index 497eb50..d222fb6 100644
--- a/keystone/client/service/barbican.yml
+++ b/keystone/client/service/barbican.yml
@@ -1,6 +1,7 @@
parameters:
_param:
cluster_public_protocol: https
+ barbican_service_protocol: http
keystone:
client:
server:
@@ -31,6 +32,8 @@
internal_address: ${_param:barbican_service_host}
internal_port: 9311
internal_path: '/'
+ internal_protocol: ${_param:barbican_service_protocol}
admin_address: ${_param:barbican_service_host}
admin_port: 9311
admin_path: '/'
+ admin_protocol: ${_param:barbican_service_protocol}
diff --git a/keystone/client/service/billometer.yml b/keystone/client/service/billometer.yml
index 3728aa5..6100dc9 100644
--- a/keystone/client/service/billometer.yml
+++ b/keystone/client/service/billometer.yml
@@ -1,6 +1,7 @@
parameters:
_param:
cluster_public_protocol: https
+ billometer_service_protocol: http
keystone:
client:
server:
@@ -25,6 +26,8 @@
internal_address: ${_param:billometer_service_host}
internal_port: 9753
internal_path: '/v1'
+ internal_protocol: ${_param:billometer_service_protocol}
+ admin_protocol: ${_param:billometer_service_protocol}
admin_address: ${_param:billometer_service_host}
admin_port: 9753
admin_path: '/v1'
diff --git a/keystone/client/service/ceilometer.yml b/keystone/client/service/ceilometer.yml
index 4c59f80..90e0d3e 100644
--- a/keystone/client/service/ceilometer.yml
+++ b/keystone/client/service/ceilometer.yml
@@ -1,6 +1,7 @@
parameters:
_param:
cluster_public_protocol: https
+ ceilometer_service_protocol: http
keystone:
client:
server:
@@ -25,6 +26,8 @@
internal_address: ${_param:ceilometer_service_host}
internal_port: 8777
internal_path: '/'
+ internal_protocol: ${_param:ceilometer_service_protocol}
+ admin_protocol: ${_param:ceilometer_service_protocol}
admin_address: ${_param:ceilometer_service_host}
admin_port: 8777
admin_path: '/'
diff --git a/keystone/client/service/cinder.yml b/keystone/client/service/cinder.yml
index ffb5510..64705e3 100644
--- a/keystone/client/service/cinder.yml
+++ b/keystone/client/service/cinder.yml
@@ -1,6 +1,7 @@
parameters:
_param:
cluster_public_protocol: https
+ cinder_service_protocol: http
keystone:
client:
server:
@@ -25,6 +26,8 @@
internal_address: ${_param:cinder_service_host}
internal_port: 8776
internal_path: '/v1/$(project_id)s'
+ internal_protocol: ${_param:cinder_service_protocol}
+ admin_protocol: ${_param:cinder_service_protocol}
admin_address: ${_param:cinder_service_host}
admin_port: 8776
admin_path: '/v1/$(project_id)s'
diff --git a/keystone/client/service/cinder2.yml b/keystone/client/service/cinder2.yml
index e0e2636..cb289e1 100644
--- a/keystone/client/service/cinder2.yml
+++ b/keystone/client/service/cinder2.yml
@@ -1,6 +1,7 @@
parameters:
_param:
cluster_public_protocol: https
+ cinder_service_protocol: http
keystone:
client:
server:
@@ -25,6 +26,8 @@
internal_address: ${_param:cinder_service_host}
internal_port: 8776
internal_path: '/v2/$(project_id)s'
+ internal_protocol: ${_param:cinder_service_protocol}
+ admin_protocol: ${_param:cinder_service_protocol}
admin_address: ${_param:cinder_service_host}
admin_port: 8776
admin_path: '/v2/$(project_id)s'
diff --git a/keystone/client/service/cinder3.yml b/keystone/client/service/cinder3.yml
index 43a805c..d5e0ae1 100644
--- a/keystone/client/service/cinder3.yml
+++ b/keystone/client/service/cinder3.yml
@@ -1,6 +1,7 @@
parameters:
_param:
cluster_public_protocol: https
+ cinder_service_protocol: http
keystone:
client:
server:
@@ -25,6 +26,8 @@
internal_address: ${_param:cinder_service_host}
internal_port: 8776
internal_path: '/v3/$(project_id)s'
+ internal_protocol: ${_param:cinder_service_protocol}
+ admin_protocol: ${_param:cinder_service_protocol}
admin_address: ${_param:cinder_service_host}
admin_port: 8776
admin_path: '/v3/$(project_id)s'
diff --git a/keystone/client/service/congress.yml b/keystone/client/service/congress.yml
index 529d3ee..49e8337 100644
--- a/keystone/client/service/congress.yml
+++ b/keystone/client/service/congress.yml
@@ -1,6 +1,7 @@
parameters:
_param:
cluster_public_protocol: https
+ congress_service_protocol: http
keystone:
client:
server:
@@ -25,6 +26,8 @@
internal_address: ${_param:congress_service_host}
internal_port: 1789
internal_path: '/'
+ internal_protocol: ${_param:congress_service_protocol}
+ admin_protocol: ${_param:congress_service_protocol}
admin_address: ${_param:congress_service_host}
admin_port: 1789
admin_path: '/'
diff --git a/keystone/client/service/designate.yml b/keystone/client/service/designate.yml
index 4018712..75a588e 100644
--- a/keystone/client/service/designate.yml
+++ b/keystone/client/service/designate.yml
@@ -1,6 +1,7 @@
parameters:
_param:
cluster_public_protocol: https
+ designate_service_protocol: http
keystone:
client:
server:
@@ -25,6 +26,8 @@
internal_address: ${_param:designate_service_host}
internal_port: 9001
internal_path: '/'
+ internal_protocol: ${_param:designate_service_protocol}
+ admin_protocol: ${_param:designate_service_protocol}
admin_address: ${_param:designate_service_host}
admin_port: 9001
admin_path: '/'
diff --git a/keystone/client/service/glance.yml b/keystone/client/service/glance.yml
index 365917b..3c0db9c 100644
--- a/keystone/client/service/glance.yml
+++ b/keystone/client/service/glance.yml
@@ -1,6 +1,7 @@
parameters:
_param:
cluster_public_protocol: https
+ glance_service_protocol: http
keystone:
client:
server:
@@ -25,6 +26,8 @@
internal_address: ${_param:glance_service_host}
internal_port: 9292
internal_path: ''
+ internal_protocol: ${_param:glance_service_protocol}
+ admin_protocol: ${_param:glance_service_protocol}
admin_address: ${_param:glance_service_host}
admin_port: 9292
admin_path: ''
diff --git a/keystone/client/service/glare.yml b/keystone/client/service/glare.yml
index 78c7d1f..4534b0e 100644
--- a/keystone/client/service/glare.yml
+++ b/keystone/client/service/glare.yml
@@ -1,6 +1,7 @@
parameters:
_param:
cluster_public_protocol: https
+ glare_service_protocol: http
keystone:
client:
server:
@@ -25,6 +26,8 @@
internal_address: ${_param:glance_service_host}
internal_port: 9494
internal_path: ''
+ internal_protocol: ${_param:glare_service_protocol}
+ admin_protocol: ${_param:glare_service_protocol}
admin_address: ${_param:glance_service_host}
admin_port: 9494
admin_path: ''
diff --git a/keystone/client/service/heat-cfn.yml b/keystone/client/service/heat-cfn.yml
index 343ff46..1a2486a 100644
--- a/keystone/client/service/heat-cfn.yml
+++ b/keystone/client/service/heat-cfn.yml
@@ -1,6 +1,7 @@
parameters:
_param:
cluster_public_protocol: https
+ heat_service_protocol: http
keystone:
client:
server:
@@ -18,6 +19,8 @@
internal_address: ${_param:heat_service_host}
internal_port: 8000
internal_path: '/v1'
+ internal_protocol: ${_param:heat_service_protocol}
+ admin_protocol: ${_param:heat_service_protocol}
admin_address: ${_param:heat_service_host}
admin_port: 8000
admin_path: '/v1'
diff --git a/keystone/client/service/heat.yml b/keystone/client/service/heat.yml
index d7eadd5..c8882dd 100644
--- a/keystone/client/service/heat.yml
+++ b/keystone/client/service/heat.yml
@@ -1,6 +1,7 @@
parameters:
_param:
cluster_public_protocol: https
+ heat_service_protocol: http
keystone:
client:
server:
@@ -28,6 +29,8 @@
internal_address: ${_param:heat_service_host}
internal_port: 8004
internal_path: '/v1/%(project_id)s'
+ internal_protocol: ${_param:heat_service_protocol}
+ admin_protocol: ${_param:heat_service_protocol}
admin_address: ${_param:heat_service_host}
admin_port: 8004
admin_path: '/v1/%(project_id)s'
diff --git a/keystone/client/service/ironic.yml b/keystone/client/service/ironic.yml
index 1ab9872..e4c384c 100644
--- a/keystone/client/service/ironic.yml
+++ b/keystone/client/service/ironic.yml
@@ -1,6 +1,8 @@
parameters:
_param:
cluster_public_protocol: https
+ keystone_service_protocol: http
+ ironic_service_protocol: http
keystone:
client:
server:
@@ -25,6 +27,8 @@
internal_address: ${_param:ironic_service_host}
internal_port: 6385
internal_path: ''
+ internal_protocol: ${_param:ironic_service_protocol}
+ admin_protocol: ${_param:ironic_service_protocol}
admin_address: ${_param:ironic_service_host}
admin_port: 6385
admin_path: ''
@@ -36,3 +40,4 @@
host: ${_param:keystone_service_host}
port: 5000
region_name: ${_param:openstack_region}
+ protocol: ${_param:keystone_service_protocol}
diff --git a/keystone/client/service/keystone.yml b/keystone/client/service/keystone.yml
index af3acfc..d9092e0 100644
--- a/keystone/client/service/keystone.yml
+++ b/keystone/client/service/keystone.yml
@@ -1,6 +1,7 @@
parameters:
_param:
cluster_public_protocol: https
+ keystone_service_protocol: http
keystone:
client:
server:
@@ -18,6 +19,8 @@
internal_address: ${_param:keystone_service_host}
internal_port: 5000
internal_path: '/v2.0'
+ internal_protocol: ${_param:keystone_service_protocol}
admin_address: ${_param:keystone_service_host}
admin_port: 35357
admin_path: '/v2.0'
+ admin_protocol: ${_param:keystone_service_protocol}
diff --git a/keystone/client/service/keystone3.yml b/keystone/client/service/keystone3.yml
index bd0c63b..5138c4f 100644
--- a/keystone/client/service/keystone3.yml
+++ b/keystone/client/service/keystone3.yml
@@ -1,6 +1,7 @@
parameters:
_param:
cluster_public_protocol: https
+ keystone_service_protocol: http
keystone:
client:
server:
@@ -18,6 +19,8 @@
internal_address: ${_param:keystone_service_host}
internal_port: 5000
internal_path: '/v3'
+ internal_protocol: ${_param:keystone_service_protocol}
admin_address: ${_param:keystone_service_host}
admin_port: 35357
admin_path: '/v2.0'
+ admin_protocol: ${_param:keystone_service_protocol}
diff --git a/keystone/client/service/murano.yml b/keystone/client/service/murano.yml
index 5e65038..e6c70f1 100644
--- a/keystone/client/service/murano.yml
+++ b/keystone/client/service/murano.yml
@@ -1,6 +1,7 @@
parameters:
_param:
cluster_public_protocol: https
+ murano_service_protocol: http
keystone:
client:
server:
@@ -25,6 +26,8 @@
internal_address: ${_param:murano_service_host}
internal_port: 8082
internal_path: ''
+ internal_protocol: ${_param:murano_service_protocol}
+ admin_protocol: ${_param:murano_service_protocol}
admin_address: ${_param:murano_service_host}
admin_port: 8082
admin_path: ''
diff --git a/keystone/client/service/neutron.yml b/keystone/client/service/neutron.yml
index 12fe9fe..8bec7f2 100644
--- a/keystone/client/service/neutron.yml
+++ b/keystone/client/service/neutron.yml
@@ -1,6 +1,7 @@
parameters:
_param:
cluster_public_protocol: https
+ neutron_service_protocol: http
keystone:
client:
server:
@@ -25,6 +26,8 @@
internal_address: ${_param:neutron_service_host}
internal_port: 9696
internal_path: '/'
+ internal_protocol: ${_param:neutron_service_protocol}
+ admin_protocol: ${_param:neutron_service_protocol}
admin_address: ${_param:neutron_service_host}
admin_port: 9696
admin_path: '/'
diff --git a/keystone/client/service/nova-placement.yml b/keystone/client/service/nova-placement.yml
index 61b5455..3ed0654 100644
--- a/keystone/client/service/nova-placement.yml
+++ b/keystone/client/service/nova-placement.yml
@@ -1,6 +1,7 @@
parameters:
_param:
cluster_public_protocol: https
+ nova_service_protocol: http
keystone:
client:
server:
@@ -18,6 +19,8 @@
internal_address: ${_param:nova_service_host}
internal_port: '8778'
internal_path: ''
+ internal_protocol: ${_param:nova_service_protocol}
+ admin_protocol: ${_param:nova_service_protocol}
admin_address: ${_param:nova_service_host}
admin_port: '8778'
admin_path: ''
diff --git a/keystone/client/service/nova.yml b/keystone/client/service/nova.yml
index a0d698b..ca20106 100644
--- a/keystone/client/service/nova.yml
+++ b/keystone/client/service/nova.yml
@@ -1,6 +1,7 @@
parameters:
_param:
cluster_public_protocol: https
+ nova_service_protocol: http
keystone:
client:
server:
@@ -25,6 +26,8 @@
internal_address: ${_param:nova_service_host}
internal_port: 8774
internal_path: '/v2/$(project_id)s'
+ internal_protocol: ${_param:nova_service_protocol}
+ admin_protocol: ${_param:nova_service_protocol}
admin_address: ${_param:nova_service_host}
admin_port: 8774
admin_path: '/v2/$(project_id)s'
diff --git a/keystone/client/service/nova21.yml b/keystone/client/service/nova21.yml
index 328aefd..2782ec2 100644
--- a/keystone/client/service/nova21.yml
+++ b/keystone/client/service/nova21.yml
@@ -1,6 +1,7 @@
parameters:
_param:
cluster_public_protocol: https
+ nova_service_protocol: http
keystone:
client:
server:
@@ -25,6 +26,8 @@
internal_address: ${_param:nova_service_host}
internal_port: 8774
internal_path: '/v2/$(project_id)s'
+ internal_protocol: ${_param:nova_service_protocol}
+ admin_protocol: ${_param:nova_service_protocol}
admin_address: ${_param:nova_service_host}
admin_port: 8774
admin_path: '/v2/$(project_id)s'
@@ -40,6 +43,8 @@
internal_address: ${_param:nova_service_host}
internal_port: 8774
internal_path: '/v2.1/$(project_id)s'
+ internal_protocol: ${_param:nova_service_protocol}
+ admin_protocol: ${_param:nova_service_protocol}
admin_address: ${_param:nova_service_host}
admin_port: 8774
admin_path: '/v2.1/$(project_id)s'
diff --git a/keystone/client/service/octavia.yml b/keystone/client/service/octavia.yml
index 0382345..c08312e 100644
--- a/keystone/client/service/octavia.yml
+++ b/keystone/client/service/octavia.yml
@@ -1,6 +1,8 @@
parameters:
_param:
cluster_public_protocol: https
+ keystone_service_protocol: http
+ octavia_service_protocol: http
keystone:
client:
server:
@@ -25,6 +27,8 @@
internal_address: ${_param:octavia_service_host}
internal_port: 9876
internal_path: '/'
+ internal_protocol: ${_param:octavia_service_protocol}
+ admin_protocol: ${_param:octavia_service_protocol}
admin_address: ${_param:octavia_service_host}
admin_port: 9876
admin_path: '/'
@@ -37,3 +41,4 @@
port: 5000
region_name: ${_param:openstack_region}
use_keystoneauth: true
+ protocol: ${_param:keystone_service_protocol}
diff --git a/keystone/client/service/panko.yml b/keystone/client/service/panko.yml
new file mode 100644
index 0000000..05f9453
--- /dev/null
+++ b/keystone/client/service/panko.yml
@@ -0,0 +1,30 @@
+parameters:
+ _param:
+ cluster_public_protocol: https
+ keystone:
+ client:
+ server:
+ identity:
+ project:
+ service:
+ user:
+ panko:
+ is_admin: true
+ password: ${_param:keystone_panko_password}
+ email: ${_param:admin_email}
+ service:
+ panko:
+ type: event
+ description: OpenStack Event Service
+ endpoints:
+ - region: ${_param:openstack_region}
+ public_address: ${_param:cluster_public_host}
+ public_protocol: ${_param:cluster_public_protocol}
+ public_port: 8977
+ public_path: '/'
+ internal_address: ${_param:panko_service_host}
+ internal_port: 8977
+ internal_path: '/'
+ admin_address: ${_param:panko_service_host}
+ admin_port: 8977
+ admin_path: '/'
diff --git a/keystone/client/service/radosgw-s3.yml b/keystone/client/service/radosgw-s3.yml
index 06d8299..c97c812 100644
--- a/keystone/client/service/radosgw-s3.yml
+++ b/keystone/client/service/radosgw-s3.yml
@@ -2,6 +2,7 @@
_param:
cluster_public_protocol: https
radosgw_s3_cluster_port: 8081
+ radosgw_service_protocol: http
keystone:
client:
server:
@@ -26,6 +27,8 @@
internal_address: ${_param:radosgw_service_host}
internal_port: ${_param:radosgw_s3_cluster_port}
internal_path: '/'
+ internal_protocol: ${_param:radosgw_service_protocol}
+ admin_protocol: ${_param:radosgw_service_protocol}
admin_address: ${_param:radosgw_service_host}
admin_port: ${_param:radosgw_s3_cluster_port}
admin_path: '/'
diff --git a/keystone/client/service/radosgw-swift.yml b/keystone/client/service/radosgw-swift.yml
index 3bf9b27..14a24af 100644
--- a/keystone/client/service/radosgw-swift.yml
+++ b/keystone/client/service/radosgw-swift.yml
@@ -2,6 +2,7 @@
_param:
cluster_public_protocol: https
radosgw_swift_cluster_port: 8081
+ radosgw_service_protocol: http
keystone:
client:
server:
@@ -26,6 +27,8 @@
internal_address: ${_param:radosgw_service_host}
internal_port: ${_param:radosgw_swift_cluster_port}
internal_path: '/swift/v1'
+ internal_protocol: ${_param:radosgw_service_protocol}
+ admin_protocol: ${_param:radosgw_service_protocol}
admin_address: ${_param:radosgw_service_host}
admin_port: ${_param:radosgw_swift_cluster_port}
admin_path: '/swift/v1'
diff --git a/keystone/client/service/sahara.yml b/keystone/client/service/sahara.yml
index 84a0b96..b635137 100644
--- a/keystone/client/service/sahara.yml
+++ b/keystone/client/service/sahara.yml
@@ -1,6 +1,7 @@
parameters:
_param:
cluster_public_protocol: https
+ sahara_internal_protocol: http
keystone:
client:
server:
@@ -25,6 +26,8 @@
internal_address: ${_param:sahara_service_host}
internal_port: 8386
internal_path: '/v1.1/%(project_id)s'
+ internal_protocol: ${_param:sahara_internal_protocol}
+ admin_protocol: ${_param:sahara_internal_protocol}
admin_address: ${_param:sahara_service_host}
admin_port: 8386
admin_path: '/v1.1/%(project_id)s'
diff --git a/keystone/client/service/swift-s3.yml b/keystone/client/service/swift-s3.yml
index 5880487c9..b2769a0 100644
--- a/keystone/client/service/swift-s3.yml
+++ b/keystone/client/service/swift-s3.yml
@@ -1,6 +1,7 @@
parameters:
_param:
cluster_public_protocol: https
+ swift_service_protocol: http
keystone:
client:
server:
@@ -26,6 +27,8 @@
internal_address: ${_param:swift_service_host}
internal_port: 8080
internal_path: '/v1/AUTH_%(project_id)s'
+ internal_protocol: ${_param:swift_service_protocol}
+ admin_protocol: ${_param:swift_service_protocol}
admin_address: ${_param:swift_service_host}
admin_port: 8080
admin_path: '/'
diff --git a/keystone/client/service/swift.yml b/keystone/client/service/swift.yml
index 781fab9..6f558fb 100644
--- a/keystone/client/service/swift.yml
+++ b/keystone/client/service/swift.yml
@@ -1,6 +1,7 @@
parameters:
_param:
cluster_public_protocol: https
+ swift_service_protocol: http
keystone:
client:
server:
@@ -25,6 +26,8 @@
internal_address: ${_param:swift_service_host}
internal_port: 8080
internal_path: '/v1/AUTH_%(project_id)s'
+ internal_protocol: ${_param:swift_service_protocol}
+ admin_protocol: ${_param:swift_service_protocol}
admin_address: ${_param:swift_service_host}
admin_port: 8080
admin_path: '/'
diff --git a/keystone/client/single.yml b/keystone/client/single.yml
index ebf5b5f..a79ed7e 100644
--- a/keystone/client/single.yml
+++ b/keystone/client/single.yml
@@ -7,6 +7,8 @@
- system.keystone.client.service.keystone
- system.keystone.client.service.neutron
parameters:
+ _param:
+ keystone_service_protocol: http
linux:
system:
job:
@@ -24,6 +26,7 @@
host: ${_param:keystone_service_host}
port: 35357
token: ${_param:keystone_service_token}
+ protocol: ${_param:keystone_service_protocol}
roles:
- admin
- Member
@@ -46,3 +49,4 @@
port: 5000
region_name: ${_param:openstack_region}
use_keystoneauth: true
+ protocol: ${_param:keystone_service_protocol}
diff --git a/keystone/server/cluster.yml b/keystone/server/cluster.yml
index cbe89ca..0ae502b 100644
--- a/keystone/server/cluster.yml
+++ b/keystone/server/cluster.yml
@@ -12,6 +12,9 @@
python-pymysql:
fromrepo: ${_param:openstack_version}
version: latest
+ python-cryptography:
+ fromrepo: ${_param:openstack_version}
+ version: latest
keystone:
server:
enabled: true
diff --git a/keystone/server/wsgi.yml b/keystone/server/wsgi.yml
index f62c1cc..333cb76 100644
--- a/keystone/server/wsgi.yml
+++ b/keystone/server/wsgi.yml
@@ -1,6 +1,10 @@
classes:
- system.apache.server.single
parameters:
+ _param:
+ apache_keystone_ssl:
+ enabled: false
+ apache_keystone_api_host: ${linux:network:fqdn}
keystone:
server:
service_name: apache2
@@ -14,7 +18,8 @@
type: keystone
name: wsgi
host:
- name: ${linux:network:fqdn}
+ name: ${_param:apache_keystone_api_host}
+ ssl: ${_param:apache_keystone_ssl}
log:
custom:
format: >-
diff --git a/linux/system/repo/mcp/apt_mirantis/docker_legacy.yml b/linux/system/repo/mcp/apt_mirantis/docker_legacy.yml
new file mode 100644
index 0000000..86c6426
--- /dev/null
+++ b/linux/system/repo/mcp/apt_mirantis/docker_legacy.yml
@@ -0,0 +1,16 @@
+parameters:
+ _param:
+ apt_mk_version: stable
+ linux_system_repo_mcp_docker_legacy_version: ${_param:apt_mk_version}
+ linux:
+ system:
+ repo:
+ mcp_docker_legacy:
+ source: "deb [arch=amd64] http://apt.mirantis.com/${_param:linux_system_codename}/docker/ ${_param:linux_system_repo_mcp_docker_legacy_version} legacy"
+ architectures: amd64
+ key_url: "http://apt.mirantis.com/public.gpg"
+ clean_file: true
+ pin:
+ - pin: 'release a=${_param:linux_system_repo_mcp_docker_legacy_version}'
+ priority: 1100
+ package: '*'
diff --git a/linux/system/repo/mcp/apt_mirantis/elastic.yml b/linux/system/repo/mcp/apt_mirantis/elastic.yml
deleted file mode 100644
index da1b004..0000000
--- a/linux/system/repo/mcp/apt_mirantis/elastic.yml
+++ /dev/null
@@ -1,17 +0,0 @@
-parameters:
- _param:
- apt_mk_version: stable
- linux_system_repo_mcp_elastic_version: ${_param:apt_mk_version}
- linux_system_repo_mcp_elastic_version_number: "2.x"
- linux:
- system:
- repo:
- mcp_elastic:
- source: "deb [arch=amd64] http://apt.mirantis.com/${_param:linux_system_codename}/elastic/${_param:linux_system_repo_mcp_elastic_version_number}/ ${_param:linux_system_repo_mcp_elastic_version} main"
- architectures: amd64
- key_url: "http://apt.mirantis.com/public.gpg"
- clean_file: true
- pin:
- - pin: 'release a=${_param:linux_system_repo_mcp_elastic_version}'
- priority: 1100
- package: '*'
diff --git a/linux/system/repo/mcp/apt_mirantis/elastic/2x.yml b/linux/system/repo/mcp/apt_mirantis/elastic/2x.yml
new file mode 100644
index 0000000..4add81e
--- /dev/null
+++ b/linux/system/repo/mcp/apt_mirantis/elastic/2x.yml
@@ -0,0 +1,16 @@
+parameters:
+ _param:
+ apt_mk_version: stable
+ linux_system_repo_mcp_elastic_2x_version: ${_param:apt_mk_version}
+ linux:
+ system:
+ repo:
+ mcp_elastic_2x:
+ source: "deb [arch=amd64] http://apt.mirantis.com/${_param:linux_system_codename}/elastic/2.x/ ${_param:linux_system_repo_mcp_elastic_2x_version} main"
+ architectures: amd64
+ key_url: "http://apt.mirantis.com/public.gpg"
+ clean_file: true
+ pin:
+ - pin: 'release a=${_param:linux_system_repo_mcp_elastic_2x_version}'
+ priority: 1100
+ package: '*'
diff --git a/linux/system/repo/mcp/apt_mirantis/elastic/5x.yml b/linux/system/repo/mcp/apt_mirantis/elastic/5x.yml
new file mode 100644
index 0000000..8876c51
--- /dev/null
+++ b/linux/system/repo/mcp/apt_mirantis/elastic/5x.yml
@@ -0,0 +1,16 @@
+parameters:
+ _param:
+ apt_mk_version: stable
+ linux_system_repo_mcp_elastic_5x_version: ${_param:apt_mk_version}
+ linux:
+ system:
+ repo:
+ mcp_elastic_5x:
+ source: "deb [arch=amd64] http://apt.mirantis.com/${_param:linux_system_codename}/elastic/5.x/ ${_param:linux_system_repo_mcp_elastic_5x_version} main"
+ architectures: amd64
+ key_url: "http://apt.mirantis.com/public.gpg"
+ clean_file: true
+ pin:
+ - pin: 'release a=${_param:linux_system_repo_mcp_elastic_5x_version}'
+ priority: 1100
+ package: '*'
diff --git a/linux/system/repo/mcp/apt_mirantis/elastic/init.yml b/linux/system/repo/mcp/apt_mirantis/elastic/init.yml
new file mode 100644
index 0000000..a66b757
--- /dev/null
+++ b/linux/system/repo/mcp/apt_mirantis/elastic/init.yml
@@ -0,0 +1,3 @@
+classes:
+- system.linux.system.repo.mcp.apt_mirantis.elastic.2x
+- system.linux.system.repo.mcp.apt_mirantis.elastic.5x
\ No newline at end of file
diff --git a/linux/system/repo/mcp/apt_mirantis/kibana.yml b/linux/system/repo/mcp/apt_mirantis/kibana.yml
deleted file mode 100644
index 078ebd8..0000000
--- a/linux/system/repo/mcp/apt_mirantis/kibana.yml
+++ /dev/null
@@ -1,17 +0,0 @@
-parameters:
- _param:
- apt_mk_version: stable
- linux_system_repo_mcp_kibana_version: ${_param:apt_mk_version}
- linux_system_repo_mcp_kibana_version_number: "4.6"
- linux:
- system:
- repo:
- mcp_kibana:
- source: "deb [arch=amd64] http://apt.mirantis.com/${_param:linux_system_codename}/kibana/${_param:linux_system_repo_mcp_kibana_version_number}/ ${_param:linux_system_repo_mcp_kibana_version} kibana-46"
- architectures: amd64
- key_url: "http://apt.mirantis.com/public.gpg"
- clean_file: true
- pin:
- - pin: 'release a=${_param:linux_system_repo_mcp_kibana_version}'
- priority: 1100
- package: '*'
diff --git a/linux/system/repo/mcp/apt_mirantis/kibana/46.yml b/linux/system/repo/mcp/apt_mirantis/kibana/46.yml
new file mode 100644
index 0000000..f3795ad
--- /dev/null
+++ b/linux/system/repo/mcp/apt_mirantis/kibana/46.yml
@@ -0,0 +1,16 @@
+parameters:
+ _param:
+ apt_mk_version: stable
+ linux_system_repo_mcp_kibana_46_version: ${_param:apt_mk_version}
+ linux:
+ system:
+ repo:
+ mcp_kibana_46:
+ source: "deb [arch=amd64] http://apt.mirantis.com/${_param:linux_system_codename}/kibana/4.6/ ${_param:linux_system_repo_mcp_kibana_46_version} kibana-46"
+ architectures: amd64
+ key_url: "http://apt.mirantis.com/public.gpg"
+ clean_file: true
+ pin:
+ - pin: 'release a=${_param:linux_system_repo_mcp_kibana_46_version}'
+ priority: 1100
+ package: '*'
diff --git a/linux/system/repo/mcp/apt_mirantis/kibana/5x.yml b/linux/system/repo/mcp/apt_mirantis/kibana/5x.yml
new file mode 100644
index 0000000..e2f4795
--- /dev/null
+++ b/linux/system/repo/mcp/apt_mirantis/kibana/5x.yml
@@ -0,0 +1,16 @@
+parameters:
+ _param:
+ apt_mk_version: stable
+ linux_system_repo_mcp_kibana_5x_version: ${_param:apt_mk_version}
+ linux:
+ system:
+ repo:
+ mcp_kibana_5x:
+ source: "deb [arch=amd64] http://apt.mirantis.com/${_param:linux_system_codename}/kibana/5.x/ ${_param:linux_system_repo_mcp_kibana_5x_version} kibana-5x"
+ architectures: amd64
+ key_url: "http://apt.mirantis.com/public.gpg"
+ clean_file: true
+ pin:
+ - pin: 'release a=${_param:linux_system_repo_mcp_kibana_5x_version}'
+ priority: 1100
+ package: '*'
diff --git a/linux/system/repo/mcp/apt_mirantis/kibana/init.yml b/linux/system/repo/mcp/apt_mirantis/kibana/init.yml
new file mode 100644
index 0000000..daaf7ab
--- /dev/null
+++ b/linux/system/repo/mcp/apt_mirantis/kibana/init.yml
@@ -0,0 +1,3 @@
+classes:
+- system.linux.system.repo.mcp.apt_mirantis.kibana.46
+- system.linux.system.repo.mcp.apt_mirantis.kibana.5x
\ No newline at end of file
diff --git a/linux/system/repo_local/mcp/apt_mirantis/docker_legacy.yml b/linux/system/repo_local/mcp/apt_mirantis/docker_legacy.yml
new file mode 100644
index 0000000..9b85ea2
--- /dev/null
+++ b/linux/system/repo_local/mcp/apt_mirantis/docker_legacy.yml
@@ -0,0 +1,16 @@
+parameters:
+ _param:
+ apt_mk_version: stable
+ linux_system_repo_mcp_docker_legacy_version: ${_param:apt_mk_version}
+ linux:
+ system:
+ repo:
+ mcp_docker_legacy:
+ source: "deb [arch=amd64] http://${_param:local_repo_url}/ubuntu-${_param:linux_system_codename}/docker/ ${_param:linux_system_repo_mcp_docker_legacy_version} legacy"
+ architectures: amd64
+ key_url: "http://${_param:local_repo_url}/public.gpg"
+ clean_file: true
+ pin:
+ - pin: 'release a=${_param:linux_system_repo_mcp_docker_legacy_version}'
+ priority: 1100
+ package: '*'
diff --git a/linux/system/repo_local/mcp/apt_mirantis/elastic.yml b/linux/system/repo_local/mcp/apt_mirantis/elastic.yml
deleted file mode 100644
index 2646273..0000000
--- a/linux/system/repo_local/mcp/apt_mirantis/elastic.yml
+++ /dev/null
@@ -1,17 +0,0 @@
-parameters:
- _param:
- apt_mk_version: stable
- linux_system_repo_mcp_elastic_version: ${_param:apt_mk_version}
- linux_system_repo_mcp_elastic_version_number: "2.x"
- linux:
- system:
- repo:
- mcp_elastic:
- source: "deb [arch=amd64] http://${_param:local_repo_url}/ubuntu-${_param:linux_system_codename}/elastic/${_param:linux_system_repo_mcp_elastic_version_number}/ ${_param:linux_system_repo_mcp_elastic_version} main"
- architectures: amd64
- key_url: "http://${_param:local_repo_url}/public.gpg"
- clean_file: true
- pin:
- - pin: 'release a=${_param:linux_system_repo_mcp_elastic_version}'
- priority: 1100
- package: '*'
diff --git a/linux/system/repo_local/mcp/apt_mirantis/elastic/2x.yml b/linux/system/repo_local/mcp/apt_mirantis/elastic/2x.yml
new file mode 100644
index 0000000..3cade96
--- /dev/null
+++ b/linux/system/repo_local/mcp/apt_mirantis/elastic/2x.yml
@@ -0,0 +1,16 @@
+parameters:
+ _param:
+ apt_mk_version: stable
+ linux_system_repo_mcp_elastic_2x_version: ${_param:apt_mk_version}
+ linux:
+ system:
+ repo:
+ mcp_elastic_2x:
+ source: "deb [arch=amd64] http://${_param:local_repo_url}/ubuntu-${_param:linux_system_codename}/elastic/2.x/ ${_param:linux_system_repo_mcp_elastic_2x_version} main"
+ architectures: amd64
+ key_url: "http://${_param:local_repo_url}/public.gpg"
+ clean_file: true
+ pin:
+ - pin: 'release a=${_param:linux_system_repo_mcp_elastic_2x_version}'
+ priority: 1100
+ package: '*'
diff --git a/linux/system/repo_local/mcp/apt_mirantis/elastic/5x.yml b/linux/system/repo_local/mcp/apt_mirantis/elastic/5x.yml
new file mode 100644
index 0000000..7349f72
--- /dev/null
+++ b/linux/system/repo_local/mcp/apt_mirantis/elastic/5x.yml
@@ -0,0 +1,16 @@
+parameters:
+ _param:
+ apt_mk_version: stable
+ linux_system_repo_mcp_elastic_5x_version: ${_param:apt_mk_version}
+ linux:
+ system:
+ repo:
+ mcp_elastic_5x:
+ source: "deb [arch=amd64] http://${_param:local_repo_url}/ubuntu-${_param:linux_system_codename}/elastic/5.x/ ${_param:linux_system_repo_mcp_elastic_5x_version} main"
+ architectures: amd64
+ key_url: "http://${_param:local_repo_url}/public.gpg"
+ clean_file: true
+ pin:
+ - pin: 'release a=${_param:linux_system_repo_mcp_elastic_5x_version}'
+ priority: 1100
+ package: '*'
diff --git a/linux/system/repo_local/mcp/apt_mirantis/elastic/init.yml b/linux/system/repo_local/mcp/apt_mirantis/elastic/init.yml
new file mode 100644
index 0000000..f356aa2
--- /dev/null
+++ b/linux/system/repo_local/mcp/apt_mirantis/elastic/init.yml
@@ -0,0 +1,3 @@
+classes:
+- system.linux.system.repo_local.mcp.apt_mirantis.elastic.2x
+- system.linux.system.repo_local.mcp.apt_mirantis.elastic.5x
\ No newline at end of file
diff --git a/linux/system/repo_local/mcp/apt_mirantis/kibana.yml b/linux/system/repo_local/mcp/apt_mirantis/kibana.yml
deleted file mode 100644
index c0ebe5a..0000000
--- a/linux/system/repo_local/mcp/apt_mirantis/kibana.yml
+++ /dev/null
@@ -1,17 +0,0 @@
-parameters:
- _param:
- apt_mk_version: stable
- linux_system_repo_mcp_kibana_version: ${_param:apt_mk_version}
- linux_system_repo_mcp_kibana_version_number: "4.6"
- linux:
- system:
- repo:
- mcp_kibana:
- source: "deb [arch=amd64] http://${_param:local_repo_url}/ubuntu-${_param:linux_system_codename}/kibana/${_param:linux_system_repo_mcp_kibana_version_number}/ ${_param:linux_system_repo_mcp_kibana_version} kibana-46"
- architectures: amd64
- key_url: "http://${_param:local_repo_url}/public.gpg"
- clean_file: true
- pin:
- - pin: 'release a=${_param:linux_system_repo_mcp_kibana_version}'
- priority: 1100
- package: '*'
diff --git a/linux/system/repo_local/mcp/apt_mirantis/kibana/46.yml b/linux/system/repo_local/mcp/apt_mirantis/kibana/46.yml
new file mode 100644
index 0000000..7fa87a0
--- /dev/null
+++ b/linux/system/repo_local/mcp/apt_mirantis/kibana/46.yml
@@ -0,0 +1,16 @@
+parameters:
+ _param:
+ apt_mk_version: stable
+ linux_system_repo_mcp_kibana_46_version: ${_param:apt_mk_version}
+ linux:
+ system:
+ repo:
+ mcp_kibana_46:
+ source: "deb [arch=amd64] http://${_param:local_repo_url}/ubuntu-${_param:linux_system_codename}/kibana/4.6/ ${_param:linux_system_repo_mcp_kibana_46_version} kibana-46"
+ architectures: amd64
+ key_url: "http://${_param:local_repo_url}/public.gpg"
+ clean_file: true
+ pin:
+ - pin: 'release a=${_param:linux_system_repo_mcp_kibana_46_version}'
+ priority: 1100
+ package: '*'
diff --git a/linux/system/repo_local/mcp/apt_mirantis/kibana/5x.yml b/linux/system/repo_local/mcp/apt_mirantis/kibana/5x.yml
new file mode 100644
index 0000000..2441568
--- /dev/null
+++ b/linux/system/repo_local/mcp/apt_mirantis/kibana/5x.yml
@@ -0,0 +1,16 @@
+parameters:
+ _param:
+ apt_mk_version: stable
+ linux_system_repo_mcp_kibana_5x_version: ${_param:apt_mk_version}
+ linux:
+ system:
+ repo:
+ mcp_kibana_5x:
+ source: "deb [arch=amd64] http://${_param:local_repo_url}/ubuntu-${_param:linux_system_codename}/kibana/5.x/ ${_param:linux_system_repo_mcp_kibana_5x_version} kibana-5x"
+ architectures: amd64
+ key_url: "http://${_param:local_repo_url}/public.gpg"
+ clean_file: true
+ pin:
+ - pin: 'release a=${_param:linux_system_repo_mcp_kibana_5x_version}'
+ priority: 1100
+ package: '*'
diff --git a/linux/system/repo_local/mcp/apt_mirantis/kibana/init.yml b/linux/system/repo_local/mcp/apt_mirantis/kibana/init.yml
new file mode 100644
index 0000000..fe9ec2e
--- /dev/null
+++ b/linux/system/repo_local/mcp/apt_mirantis/kibana/init.yml
@@ -0,0 +1,3 @@
+classes:
+- system.linux.system.repo_local.mcp.apt_mirantis.kibana.46
+- system.linux.system.repo_local.mcp.apt_mirantis.kibana.5x
\ No newline at end of file
diff --git a/mysql/client/database/panko.yml b/mysql/client/database/panko.yml
new file mode 100644
index 0000000..e0463ef
--- /dev/null
+++ b/mysql/client/database/panko.yml
@@ -0,0 +1,17 @@
+parameters:
+ mysql:
+ client:
+ server:
+ database:
+ database:
+ panko:
+ encoding: utf8
+ users:
+ - name: panko
+ password: ${_param:mysql_panko_password}
+ host: '%'
+ rights: all
+ - name: panko
+ password: ${_param:mysql_panko_password}
+ host: ${_param:single_address}
+ rights: all
diff --git a/nginx/server/proxy/openstack/barbican.yml b/nginx/server/proxy/openstack/barbican.yml
index 5f658d1..89e5a9c 100644
--- a/nginx/server/proxy/openstack/barbican.yml
+++ b/nginx/server/proxy/openstack/barbican.yml
@@ -1,6 +1,8 @@
parameters:
_param:
nginx_proxy_openstack_api_host: ${_param:cluster_public_host}
+ nginx_proxy_openstack_api_address: 0.0.0.0
+ nginx_proxy_openstack_barbican_host: ${_param:barbican_service_host}
nginx:
server:
enabled: true
@@ -11,10 +13,11 @@
name: openstack_api_barbican
check: false
proxy:
- host: ${_param:barbican_service_host}
+ host: ${_param:nginx_proxy_openstack_barbican_host}
port: 9311
protocol: http
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 9311
+ address: ${_param:nginx_proxy_openstack_api_address}
ssl: ${_param:nginx_proxy_ssl}
diff --git a/nginx/server/proxy/openstack/designate.yml b/nginx/server/proxy/openstack/designate.yml
index 29bc390..c238775 100644
--- a/nginx/server/proxy/openstack/designate.yml
+++ b/nginx/server/proxy/openstack/designate.yml
@@ -1,6 +1,8 @@
parameters:
_param:
nginx_proxy_openstack_api_host: ${_param:cluster_public_host}
+ nginx_proxy_openstack_api_address: 0.0.0.0
+ nginx_proxy_openstack_designate_host: ${_param:designate_service_host}
nginx:
server:
enabled: true
@@ -10,10 +12,11 @@
type: nginx_proxy
name: openstack_api_designate
proxy:
- host: ${_param:nginx_proxy_openstack_api_proxy_host}
+ host: ${_param:nginx_proxy_openstack_designate_host}
port: 9001
protocol: http
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 9001
+ address: ${_param:nginx_proxy_openstack_api_address}
ssl: ${_param:nginx_proxy_ssl}
diff --git a/nginx/server/proxy/openstack/glare.yml b/nginx/server/proxy/openstack/glare.yml
new file mode 100644
index 0000000..898f622
--- /dev/null
+++ b/nginx/server/proxy/openstack/glare.yml
@@ -0,0 +1,22 @@
+parameters:
+ _param:
+ nginx_proxy_openstack_api_host: ${_param:cluster_public_host}
+ nginx:
+ server:
+ enabled: true
+ site:
+ nginx_proxy_openstack_api_glare:
+ enabled: true
+ type: nginx_proxy
+ name: openstack_api_glare
+ underscores_in_headers: true
+ check: false
+ proxy:
+ host: ${_param:glance_service_host}
+ port: 9494
+ protocol: http
+ size: 30000m
+ host:
+ name: ${_param:nginx_proxy_openstack_api_host}
+ port: 9494
+ ssl: ${_param:nginx_proxy_ssl}
diff --git a/nginx/server/proxy/openstack/horizon.yml b/nginx/server/proxy/openstack/horizon.yml
index 13df5cb..03e3f3c 100644
--- a/nginx/server/proxy/openstack/horizon.yml
+++ b/nginx/server/proxy/openstack/horizon.yml
@@ -1,4 +1,8 @@
parameters:
+ _param:
+ nginx_proxy_openstack_api_host: ${_param:cluster_public_host}
+ nginx_proxy_openstack_api_address: 0.0.0.0
+ nginx_proxy_openstack_horizon_host: ${_param:openstack_proxy_address}
nginx:
server:
enabled: true
@@ -8,11 +12,12 @@
type: nginx_proxy
name: horizon
proxy:
- host: ${_param:openstack_proxy_address}
+ host: ${_param:nginx_proxy_openstack_horizon_host}
port: 443
protocol: https
host:
- name: ${_param:cluster_public_host}
+ name: ${_param:nginx_proxy_openstack_api_host}
port: 443
protocol: https
+ address: ${_param:nginx_proxy_openstack_api_address}
ssl: ${_param:nginx_proxy_ssl}
diff --git a/nginx/server/proxy/openstack/placement.yml b/nginx/server/proxy/openstack/placement.yml
new file mode 100644
index 0000000..eda272c
--- /dev/null
+++ b/nginx/server/proxy/openstack/placement.yml
@@ -0,0 +1,22 @@
+parameters:
+ _param:
+ nginx_proxy_openstack_api_host: ${_param:cluster_public_host}
+ nginx_proxy_openstack_api_address: 0.0.0.0
+ nginx_proxy_openstack_placement_host: ${_param:placement_service_host}
+ nginx:
+ server:
+ enabled: true
+ site:
+ nginx_proxy_openstack_api_placement:
+ enabled: true
+ type: nginx_proxy
+ name: openstack_api_placement
+ proxy:
+ host: ${_param:nginx_proxy_openstack_placement_host}
+ port: 8778
+ protocol: http
+ host:
+ name: ${_param:nginx_proxy_openstack_api_host}
+ port: 8778
+ address: ${_param:nginx_proxy_openstack_api_address}
+ ssl: ${_param:nginx_proxy_ssl}
diff --git a/nginx/server/proxy/openstack_api.yml b/nginx/server/proxy/openstack_api.yml
index 4b0b3f4..4f6073d 100644
--- a/nginx/server/proxy/openstack_api.yml
+++ b/nginx/server/proxy/openstack_api.yml
@@ -1,6 +1,13 @@
parameters:
_param:
nginx_proxy_openstack_api_host: ${_param:cluster_public_host}
+ nginx_proxy_openstack_api_address: 0.0.0.0
+ nginx_proxy_openstack_keystone_host: ${_param:keystone_service_host}
+ nginx_proxy_openstack_nova_host: ${_param:nova_service_host}
+ nginx_proxy_openstack_cinder_host: ${_param:cinder_service_host}
+ nginx_proxy_openstack_glance_host: ${_param:glance_service_host}
+ nginx_proxy_openstack_neutron_host: ${_param:neutron_service_host}
+ nginx_proxy_openstack_heat_host: ${_param:heat_service_host}
nginx:
server:
enabled: true
@@ -11,12 +18,13 @@
name: openstack_api_keystone
check: false
proxy:
- host: ${_param:keystone_service_host}
+ host: ${_param:nginx_proxy_openstack_keystone_host}
port: 5000
protocol: http
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 5000
+ address: ${_param:nginx_proxy_openstack_api_address}
ssl: ${_param:nginx_proxy_ssl}
nginx_proxy_openstack_api_keystone_private:
enabled: true
@@ -24,12 +32,13 @@
name: openstack_api_keystone_private
check: false
proxy:
- host: ${_param:keystone_service_host}
+ host: ${_param:nginx_proxy_openstack_keystone_host}
port: 35357
protocol: http
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 35357
+ address: ${_param:nginx_proxy_openstack_api_address}
ssl: ${_param:nginx_proxy_ssl}
nginx_proxy_openstack_api_nova:
enabled: true
@@ -37,12 +46,13 @@
name: openstack_api_nova
check: false
proxy:
- host: ${_param:nova_service_host}
+ host: ${_param:nginx_proxy_openstack_nova_host}
port: 8774
protocol: http
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 8774
+ address: ${_param:nginx_proxy_openstack_api_address}
ssl: ${_param:nginx_proxy_ssl}
nginx_proxy_openstack_api_cinder:
enabled: true
@@ -50,12 +60,13 @@
name: openstack_api_cinder
check: false
proxy:
- host: ${_param:cinder_service_host}
+ host: ${_param:nginx_proxy_openstack_cinder_host}
port: 8776
protocol: http
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 8776
+ address: ${_param:nginx_proxy_openstack_api_address}
ssl: ${_param:nginx_proxy_ssl}
nginx_proxy_openstack_api_glance:
enabled: true
@@ -64,13 +75,14 @@
check: false
underscores_in_headers: true
proxy:
- host: ${_param:glance_service_host}
+ host: ${_param:nginx_proxy_openstack_glance_host}
port: 9292
protocol: http
size: 30000m
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 9292
+ address: ${_param:nginx_proxy_openstack_api_address}
ssl: ${_param:nginx_proxy_ssl}
nginx_proxy_openstack_api_neutron:
enabled: true
@@ -78,36 +90,39 @@
name: openstack_api_neutron
check: false
proxy:
- host: ${_param:neutron_service_host}
+ host: ${_param:nginx_proxy_openstack_neutron_host}
port: 9696
protocol: http
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 9696
+ address: ${_param:nginx_proxy_openstack_api_address}
ssl: ${_param:nginx_proxy_ssl}
nginx_proxy_openstack_api_heat_cloudwatch:
enabled: true
type: nginx_proxy
name: openstack_api_heat_cloudwatch
proxy:
- host: ${_param:heat_service_host}
+ host: ${_param:nginx_proxy_openstack_heat_host}
port: 8003
protocol: http
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 8003
+ address: ${_param:nginx_proxy_openstack_api_address}
ssl: ${_param:nginx_proxy_ssl}
nginx_proxy_openstack_api_heat_cfn:
enabled: true
type: nginx_proxy
name: openstack_api_heat_cfn
proxy:
- host: ${_param:heat_service_host}
+ host: ${_param:nginx_proxy_openstack_heat_host}
port: 8000
protocol: http
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 8000
+ address: ${_param:nginx_proxy_openstack_api_address}
ssl: ${_param:nginx_proxy_ssl}
nginx_proxy_openstack_api_heat:
enabled: true
@@ -115,12 +130,13 @@
name: openstack_api_heat
check: false
proxy:
- host: ${_param:heat_service_host}
+ host: ${_param:nginx_proxy_openstack_heat_host}
port: 8004
protocol: http
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 8004
+ address: ${_param:nginx_proxy_openstack_api_address}
ssl: ${_param:nginx_proxy_ssl}
nginx_proxy_openstack_api_nova_ec2:
enabled: true
@@ -128,10 +144,11 @@
name: openstack_api_nova_ec2
check: false
proxy:
- host: ${_param:nova_service_host}
+ host: ${_param:nginx_proxy_openstack_nova_host}
port: 8773
protocol: http
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 8773
+ address: ${_param:nginx_proxy_openstack_api_address}
ssl: ${_param:nginx_proxy_ssl}
diff --git a/nginx/server/proxy/oss/devops_portal.yml b/nginx/server/proxy/oss/devops_portal.yml
new file mode 100644
index 0000000..7e313bc
--- /dev/null
+++ b/nginx/server/proxy/oss/devops_portal.yml
@@ -0,0 +1,20 @@
+parameters:
+ nginx:
+ server:
+ enabled: true
+ site:
+ nginx_devops_portal:
+ enabled: true
+ type: nginx_proxy
+ name: devops_portal
+ check: false
+ proxy:
+ host: ${_param:stacklight_monitor_address}
+ port: 8800
+ protocol: http
+ websocket: true
+ host:
+ name: ${_param:cluster_public_host}
+ port: 8800
+ protocol: https
+ ssl: ${_param:nginx_proxy_ssl}
diff --git a/nginx/server/proxy/oss/rundeck.yml b/nginx/server/proxy/oss/rundeck.yml
new file mode 100644
index 0000000..e6a0303
--- /dev/null
+++ b/nginx/server/proxy/oss/rundeck.yml
@@ -0,0 +1,20 @@
+parameters:
+ nginx:
+ server:
+ enabled: true
+ site:
+ nginx_rundeck:
+ enabled: true
+ type: nginx_proxy
+ name: rundeck
+ check: false
+ proxy:
+ host: ${_param:stacklight_monitor_address}
+ port: 4440
+ protocol: http
+ websocket: true
+ host:
+ name: ${_param:cluster_public_host}
+ port: 4440
+ protocol: https
+ ssl: ${_param:nginx_proxy_ssl}
diff --git a/nova/control/cluster.yml b/nova/control/cluster.yml
index dee725d..3b8877d 100644
--- a/nova/control/cluster.yml
+++ b/nova/control/cluster.yml
@@ -29,11 +29,6 @@
ram_allocation_ratio: ${_param:nova_ram_allocation_ratio}
disk_allocation_ratio: ${_param:nova_disk_allocation_ratio}
workers: 8
- logging:
- - engine: syslog
- facility: local0
- heka:
- enabled: true
bind:
private_address: ${_param:cluster_local_address}
public_address: ${_param:cluster_vip_address}
diff --git a/opencontrail/client/resource/llgr.yml b/opencontrail/client/resource/llgr.yml
new file mode 100644
index 0000000..aff3ffb
--- /dev/null
+++ b/opencontrail/client/resource/llgr.yml
@@ -0,0 +1,18 @@
+parameters:
+ _param:
+ opencontrail_gsc_grp_enable: True
+ opencontrail_gsc_grp_restart_time: 60
+ opencontrail_gsc_grp_end_of_rib_timeout: 30
+ opencontrail_gsc_grp_bgp_helper_enable: False
+ opencontrail_gsc_grp_xmpp_helper_enable: False
+ opencontrail_gsc_grp_long_lived_restart_time: 300
+ opencontrail:
+ client:
+ global_system_config:
+ grp:
+ enable: ${_param:opencontrail_gsc_grp_enable}
+ restart_time: ${_param:opencontrail_gsc_grp_restart_time}
+ end_of_rib_timeout: ${_param:opencontrail_gsc_grp_end_of_rib_timeout}
+ bgp_helper_enable: ${_param:opencontrail_gsc_grp_bgp_helper_enable}
+ xmpp_helper_enable: ${_param:opencontrail_gsc_grp_xmpp_helper_enable}
+ long_lived_restart_time: ${_param:opencontrail_gsc_grp_long_lived_restart_time}
diff --git a/opencontrail/compute/upgrade.yml b/opencontrail/compute/upgrade.yml
new file mode 100644
index 0000000..d1e4894
--- /dev/null
+++ b/opencontrail/compute/upgrade.yml
@@ -0,0 +1,14 @@
+parameters:
+ opencontrail:
+ compute:
+ control:
+ members:
+ - host: ${_param:opencontrail_control_node01_address}
+ - host: ${_param:opencontrail_control_node02_address}
+ collector:
+ members:
+ - host: ${_param:opencontrail_analytics_node01_address}
+ - host: ${_param:opencontrail_analytics_node02_address}
+ - host: ${_param:opencontrail_analytics_node03_address}
+ discovery:
+ enabled: False
diff --git a/opencontrail/control/analytics4_0.yml b/opencontrail/control/analytics4_0.yml
index 4ec9b4c..9614d61 100644
--- a/opencontrail/control/analytics4_0.yml
+++ b/opencontrail/control/analytics4_0.yml
@@ -13,8 +13,8 @@
opencontrail_message_queue_node02_address: ${_param:openstack_message_queue_node02_address}
opencontrail_message_queue_node03_address: ${_param:openstack_message_queue_node03_address}
opencontrail_message_queue_address: ${_param:openstack_message_queue_address}
- opencontrail_analytics_image: docker-prod-local.artifactory.mirantis.com/opencontrail/opencontrail-analytics
- opencontrail_analyticsdb_image: docker-prod-local.artifactory.mirantis.com/opencontrail/opencontrail-analyticsdb
+ opencontrail_analytics_image: docker-prod-local.artifactory.mirantis.com/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analytics
+ opencontrail_analyticsdb_image: docker-prod-local.artifactory.mirantis.com/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analyticsdb
opencontrail_analytics_container_name: opencontrail_analytics_1
opencontrail_analyticsdb_container_name: opencontrail_analyticsdb_1
# Temprorary fix for MOS9 packages to pin old version of kafka
@@ -79,6 +79,7 @@
container_name: ${_param:opencontrail_analytics_container_name}
network_mode: "host"
privileged: true
+ restart: always
volumes:
- /etc/contrail:/etc/contrail
- /etc/redis/redis.conf:/etc/redis/redis.conf
@@ -101,3 +102,4 @@
- /etc/zookeeper/conf/log4j.properties:/etc/zookeeper/conf/log4j.properties
network_mode: "host"
privileged: true
+ restart: always
diff --git a/opencontrail/control/cluster4_0.yml b/opencontrail/control/cluster4_0.yml
index 611eb24..60749b3 100644
--- a/opencontrail/control/cluster4_0.yml
+++ b/opencontrail/control/cluster4_0.yml
@@ -14,9 +14,9 @@
opencontrail_message_queue_node02_address: ${_param:openstack_control_node02_address}
opencontrail_message_queue_node03_address: ${_param:openstack_control_node03_address}
opencontrail_message_queue_address: ${_param:openstack_control_address}
- opencontrail_analytics_image: docker-prod-local.artifactory.mirantis.com/opencontrail/opencontrail-analytics
- opencontrail_analyticsdb_image: docker-prod-local.artifactory.mirantis.com/opencontrail/opencontrail-analyticsdb
- opencontrail_controller_image: docker-prod-local.artifactory.mirantis.com/opencontrail/opencontrail-controller
+ opencontrail_analytics_image: docker-prod-local.artifactory.mirantis.com/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analytics
+ opencontrail_analyticsdb_image: docker-prod-local.artifactory.mirantis.com/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analyticsdb
+ opencontrail_controller_image: docker-prod-local.artifactory.mirantis.com/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-controller
opencontrail_controller_container_name: opencontrail_controller_1
opencontrail_analytics_container_name: opencontrail_analytics_1
opencontrail_analyticsdb_container_name: opencontrail_analyticsdb_1
@@ -147,11 +147,13 @@
- /etc/zookeeper/conf/log4j.properties:/etc/zookeeper/conf/log4j.properties
network_mode: "host"
privileged: true
+ restart: always
analytics:
image: ${_param:opencontrail_analytics_image}
container_name: ${_param:opencontrail_analytics_container_name}
network_mode: "host"
privileged: true
+ restart: always
volumes:
- /etc/contrail:/etc/contrail
- /etc/redis/redis.conf:/etc/redis/redis.conf
@@ -174,3 +176,4 @@
- /etc/zookeeper/conf/log4j.properties:/etc/zookeeper/conf/log4j.properties
network_mode: "host"
privileged: true
+ restart: always
diff --git a/opencontrail/control/control.yml b/opencontrail/control/control.yml
index 50c0c77..e846f5d 100644
--- a/opencontrail/control/control.yml
+++ b/opencontrail/control/control.yml
@@ -4,7 +4,7 @@
- system.haproxy.proxy.listen.opencontrail.control
parameters:
_param:
- multi_tenancy: false
+ multi_tenancy: true
opencontrail_message_queue_node01_address: ${_param:openstack_message_queue_node01_address}
opencontrail_message_queue_node02_address: ${_param:openstack_message_queue_node02_address}
opencontrail_message_queue_node03_address: ${_param:openstack_message_queue_node03_address}
diff --git a/opencontrail/control/control4_0.yml b/opencontrail/control/control4_0.yml
index 2fe76e8..02ab75e 100644
--- a/opencontrail/control/control4_0.yml
+++ b/opencontrail/control/control4_0.yml
@@ -9,7 +9,7 @@
opencontrail_message_queue_node01_address: ${_param:openstack_message_queue_node01_address}
opencontrail_message_queue_node02_address: ${_param:openstack_message_queue_node02_address}
opencontrail_message_queue_node03_address: ${_param:openstack_message_queue_node03_address}
- opencontrail_controller_image: docker-prod-local.artifactory.mirantis.com/opencontrail/opencontrail-controller
+ opencontrail_controller_image: docker-prod-local.artifactory.mirantis.com/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-controller
opencontrail_controller_container_name: opencontrail_controller_1
analytics_vip_address: ${_param:opencontrail_analytics_address}
opencontrail:
@@ -107,3 +107,4 @@
- /etc/zookeeper/conf/log4j.properties:/etc/zookeeper/conf/log4j.properties
network_mode: "host"
privileged: true
+ restart: always
diff --git a/opencontrail/control/single4_0.yml b/opencontrail/control/single4_0.yml
index fcbd6af..a4fae18 100644
--- a/opencontrail/control/single4_0.yml
+++ b/opencontrail/control/single4_0.yml
@@ -7,9 +7,9 @@
opencontrail_kafka_log_cleanup_dir: '/usr/share/kafka/logs/'
opencontrail_version: 4.0
linux_repo_contrail_component: oc40
- opencontrail_analytics_image: docker-prod-local.artifactory.mirantis.com/opencontrail/opencontrail-analytics
- opencontrail_analyticsdb_image: docker-prod-local.artifactory.mirantis.com/opencontrail/opencontrail-analyticsdb
- opencontrail_controller_image: docker-prod-local.artifactory.mirantis.com/opencontrail/opencontrail-controller
+ opencontrail_analytics_image: docker-prod-local.artifactory.mirantis.com/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analytics
+ opencontrail_analyticsdb_image: docker-prod-local.artifactory.mirantis.com/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analyticsdb
+ opencontrail_controller_image: docker-prod-local.artifactory.mirantis.com/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-controller
opencontrail_controller_container_name: opencontrail_controller_1
opencontrail_analytics_container_name: opencontrail_analytics_1
opencontrail_analyticsdb_container_name: opencontrail_analyticsdb_1
@@ -178,11 +178,13 @@
- /etc/zookeeper/conf/log4j.properties:/etc/zookeeper/conf/log4j.properties
network_mode: "host"
privileged: true
+ restart: always
analytics:
image: ${_param:opencontrail_analytics_image}
container_name: ${_param:opencontrail_analytics_container_name}
network_mode: "host"
privileged: true
+ restart: always
volumes:
- /etc/contrail:/etc/contrail
- /etc/redis/redis.conf:/etc/redis/redis.conf
@@ -205,3 +207,4 @@
- /etc/zookeeper/conf/log4j.properties:/etc/zookeeper/conf/log4j.properties
network_mode: "host"
privileged: true
+ restart: always
diff --git a/prometheus/server/init.yml b/prometheus/server/init.yml
index 99fdceb..5d115ac 100644
--- a/prometheus/server/init.yml
+++ b/prometheus/server/init.yml
@@ -4,6 +4,7 @@
prometheus_server_data_directory: /data
prometheus:
server:
+ version: 2.0
dir:
data: /srv/volumes/local/prometheus/data
config: /srv/volumes/local/prometheus/config
diff --git a/salt/master/formula/git/monitoring.yml b/salt/master/formula/git/monitoring.yml
index e0cf30d..ab8a8fc 100644
--- a/salt/master/formula/git/monitoring.yml
+++ b/salt/master/formula/git/monitoring.yml
@@ -4,6 +4,10 @@
environment:
dev:
formula:
+ fluentd:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-fluentd.git'
+ revision: ${_param:salt_master_environment_revision}
prometheus:
source: git
address: '${_param:salt_master_environment_repository}/salt-formula-prometheus.git'
diff --git a/salt/master/formula/pkg/monitoring.yml b/salt/master/formula/pkg/monitoring.yml
index 375cbd8..9e2db0b 100644
--- a/salt/master/formula/pkg/monitoring.yml
+++ b/salt/master/formula/pkg/monitoring.yml
@@ -4,6 +4,9 @@
environment:
prd:
formula:
+ fluentd:
+ source: pkg
+ name: salt-formula-fluentd
prometheus:
source: pkg
name: salt-formula-prometheus
diff --git a/salt/minion/cert/k8s_client.yml b/salt/minion/cert/k8s_client.yml
index 06d83c4..be262b5 100644
--- a/salt/minion/cert/k8s_client.yml
+++ b/salt/minion/cert/k8s_client.yml
@@ -8,6 +8,34 @@
key_file: /etc/kubernetes/ssl/kubelet-client.key
cert_file: /etc/kubernetes/ssl/kubelet-client.crt
ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
- common_name: kubelet-client
+ common_name: system:node:${linux:system:name}
+ organization_name: system:nodes
signing_policy: cert_client
- alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
\ No newline at end of file
+ alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
+ k8s_proxy:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kube-proxy-client.key
+ cert_file: /etc/kubernetes/ssl/kube-proxy-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:kube-proxy
+ signing_policy: cert_client
+ alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
+ k8s_scheduler:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kube-scheduler-client.key
+ cert_file: /etc/kubernetes/ssl/kube-scheduler-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:kube-scheduler
+ signing_policy: cert_client
+ alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
+ k8s_controller_manager:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kube-controller-manager-client.key
+ cert_file: /etc/kubernetes/ssl/kube-controller-manager-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:kube-controller-manager
+ signing_policy: cert_client
+ alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
diff --git a/salt/minion/cert/k8s_client_single.yml b/salt/minion/cert/k8s_client_single.yml
index 179d534..e9c7d79 100644
--- a/salt/minion/cert/k8s_client_single.yml
+++ b/salt/minion/cert/k8s_client_single.yml
@@ -8,6 +8,34 @@
key_file: /etc/kubernetes/ssl/kubelet-client.key
cert_file: /etc/kubernetes/ssl/kubelet-client.crt
ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
- common_name: kubelet-client
+ common_name: system:node:${linux:system:name}
+ organization_name: system:nodes
signing_policy: cert_client
- alternative_names: IP:${_param:control_address},IP:${_param:kubernetes_internal_api_address}
\ No newline at end of file
+ alternative_names: IP:${_param:control_address},IP:${_param:kubernetes_internal_api_address}
+ k8s_proxy:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kube-proxy-client.key
+ cert_file: /etc/kubernetes/ssl/kube-proxy-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:kube-proxy
+ signing_policy: cert_client
+ alternative_names: IP:${_param:control_address},IP:${_param:kubernetes_internal_api_address}
+ k8s_scheduler:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kube-scheduler-client.key
+ cert_file: /etc/kubernetes/ssl/kube-scheduler-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:kube-scheduler
+ signing_policy: cert_client
+ alternative_names: IP:${_param:control_address},IP:${_param:kubernetes_internal_api_address}
+ k8s_controller_manager:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kube-controller-manager-client.key
+ cert_file: /etc/kubernetes/ssl/kube-controller-manager-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:kube-controller-manager
+ signing_policy: cert_client
+ alternative_names: IP:${_param:control_address},IP:${_param:kubernetes_internal_api_address}
diff --git a/salt/syndic/cluster.yml b/salt/syndic/cluster.yml
new file mode 100644
index 0000000..55ae6d7
--- /dev/null
+++ b/salt/syndic/cluster.yml
@@ -0,0 +1,11 @@
+classes:
+- service.salt.syndic.cluster
+parameters:
+ _param:
+ salt_syndic_master_address_01: 127.0.0.1
+ salt_syndic_master_address_02: 127.0.0.1
+ salt:
+ syndic:
+ masters:
+ - host: ${_param:salt_syndic_master_address_01}
+ - host: ${_param:salt_syndic_master_address_02}
diff --git a/salt/syndic/single.yml b/salt/syndic/single.yml
new file mode 100644
index 0000000..8c015b7
--- /dev/null
+++ b/salt/syndic/single.yml
@@ -0,0 +1,5 @@
+classes:
+- service.salt.syndic.single
+parameters:
+ _param:
+ salt_syndic_master_address: 127.0.0.1