Merge "Set sf-notifier image tag to 0.2-mcp0" into release/proposed/2019.2.0
diff --git a/ceilometer/server/coordination/redis.yml b/ceilometer/server/coordination/redis.yml
index 46e78ec..7b0edac 100644
--- a/ceilometer/server/coordination/redis.yml
+++ b/ceilometer/server/coordination/redis.yml
@@ -7,3 +7,14 @@
server:
coordination_backend:
url: ${_param:ceilometer_coordination_url}
+ engine: redis
+ redis:
+ password: ${_param:openstack_telemetry_redis_password}
+ user: openstack
+ db: ${_param:ceilometer_redis_db}
+ sentinel:
+ host: ${_param:redis_sentinel_node01_address}
+ master_name: ${_param:ceilometer_redis_sentinel_mastername}
+ fallback:
+ - host: ${_param:redis_sentinel_node02_address}
+ - host: ${_param:redis_sentinel_node03_address}
diff --git a/defaults/docker_images.yml b/defaults/docker_images.yml
index 9a65992..25f61c1 100644
--- a/defaults/docker_images.yml
+++ b/defaults/docker_images.yml
@@ -29,7 +29,7 @@
docker_image_alerta: "${_param:mcp_docker_registry}/mirantis/external/alerta-web:${_param:mcp_version}"
docker_image_alertmanager: "${_param:mcp_docker_registry}/openstack-docker/alertmanager:2019.2.4"
docker_image_grafana: "${_param:mcp_docker_registry}/openstack-docker/grafana:${_param:mcp_version}"
- docker_image_prometheus_es_exporter: "${_param:mcp_docker_registry}/mirantis/external/braedon/prometheus-es-exporter:0.5.1"
+ docker_image_prometheus_es_exporter: "${_param:mcp_docker_registry}/openstack-docker/prometheus-es-exporter:0.5.1-mcp0"
docker_image_prometheus: "${_param:mcp_docker_registry}/openstack-docker/prometheus:${_param:mcp_version}"
docker_image_prometheus_gainsight: "${_param:mcp_docker_registry}/openstack-docker/gainsight:2019.2.3"
docker_image_prometheus_gainsight_elasticsearch: "${_param:mcp_docker_registry}/openstack-docker/gainsight_elasticsearch:${_param:mcp_version}"
diff --git a/defaults/openstack/init.yml b/defaults/openstack/init.yml
index 39ebbce..44b334b 100644
--- a/defaults/openstack/init.yml
+++ b/defaults/openstack/init.yml
@@ -37,7 +37,7 @@
openstack_service_user_options:
ignore_change_password_upon_first_use: True
ignore_password_expiry: True
- ignore_lockout_failure_attempts: False
+ ignore_lockout_failure_attempts: True
lock_password: False
# Cinder
cinder_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
@@ -80,6 +80,8 @@
ceilometer_old_version: ${_param:openstack_old_version}
ceilometer_version: ${_param:openstack_version}
ceilometer_upgrade_enabled: ${_param:openstack_upgrade_enabled}
+ ceilometer_redis_db: ${_param:openstack_telemetry_redis_db}
+ ceilometer_redis_sentinel_mastername: ${_param:openstack_telemetry_redis_sentinel_mastername}
# Gnocchi
gnocchi_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
gnocchi_memcache_secret_key: ''
diff --git a/defaults/salt/init.yml b/defaults/salt/init.yml
index 2e19089..feb27d7 100644
--- a/defaults/salt/init.yml
+++ b/defaults/salt/init.yml
@@ -48,3 +48,11 @@
salt_control_trusty_image: ${_param:mcp_static_images_url}/ubuntu-14-04-x64-mcp${_param:mcp_version}.qcow2
salt_control_xenial_image: ${_param:mcp_static_images_url}/ubuntu-16-04-x64-mcp${_param:mcp_version}.qcow2
+ salt_master_api_permissions:
+ - '.*'
+ - '@local'
+ - '@wheel' # to allow access to all wheel modules
+ - '@runner' # to allow access to all runner modules
+ - '@jobs' # to allow access to the jobs runner and/or wheel mo
+
+ salt_minion_ca_authority: salt_master_ca
diff --git a/docker/host.yml b/docker/host.yml
index a88ff2f..894f6ee 100644
--- a/docker/host.yml
+++ b/docker/host.yml
@@ -14,6 +14,7 @@
- ${_param:cluster_vip_address}:5000
- ${_param:cluster_public_host}:5000
options:
+ bridge: none
ipv6: true
fixed-cidr-v6: fc00::/7
storage-driver: overlay2
diff --git a/docker/swarm/stack/jenkins/slave_base.yml b/docker/swarm/stack/jenkins/slave_base.yml
index 1c2d6f8..91601ab 100644
--- a/docker/swarm/stack/jenkins/slave_base.yml
+++ b/docker/swarm/stack/jenkins/slave_base.yml
@@ -3,7 +3,6 @@
parameters:
_param:
jenkins_master_host: ${_param:control_vip_address}
- jenkins_secret: "7c40abc1a7df2d26dd6b2e4421af17218df75a16fcbd5e3aa6017d9f47eaeabe"
jenkins_master_url: http://${_param:jenkins_master_host}:${_param:jenkins_master_port}
jenkins_slave_user: ${_param:jenkins_client_user}
jenkins_slave_password: ${_param:jenkins_client_password}
diff --git a/docker/swarm/stack/monitoring/prometheus/init.yml b/docker/swarm/stack/monitoring/prometheus/init.yml
index 65dd5b9..d7db52c 100644
--- a/docker/swarm/stack/monitoring/prometheus/init.yml
+++ b/docker/swarm/stack/monitoring/prometheus/init.yml
@@ -32,6 +32,7 @@
volumes:
- ${prometheus:server:dir:config}:${_param:prometheus_server_config_directory}
- ${prometheus:server:dir:data}:${_param:prometheus_server_data_directory}
+ - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro
environment:
PROMETHEUS_CONFIG_DIR: ${_param:prometheus_server_config_directory}
PROMETHEUS_DATA_DIR: ${_param:prometheus_server_data_directory}
diff --git a/docker/swarm/stack/monitoring/sf_notifier.yml b/docker/swarm/stack/monitoring/sf_notifier.yml
index a171ce8..b8b2dd6 100644
--- a/docker/swarm/stack/monitoring/sf_notifier.yml
+++ b/docker/swarm/stack/monitoring/sf_notifier.yml
@@ -29,8 +29,6 @@
image: ${_param:docker_image_sf_notifier}
ports:
- 15018:5000
- volumes:
- - ${prometheus:sf_notifier:dir:logs}:/var/log/sf-notifier
environment:
SF_NOTIFIER_WORKERS: ${_param:sf_notifier_workers}
SF_NOTIFIER_BUFFER_SIZE: ${_param:sf_notifier_buffer_size}
diff --git a/elasticsearch/server/cluster.yml b/elasticsearch/server/cluster.yml
index 76774aa..155cfdf 100644
--- a/elasticsearch/server/cluster.yml
+++ b/elasticsearch/server/cluster.yml
@@ -5,7 +5,7 @@
_param:
java_environment_version: "8"
java_environment_platform: openjdk
- elasticsearch_cluster_name: elasticsearch
+ elasticsearch_cluster_name: ${_param:cluster_name}
linux:
system:
sysctl:
@@ -17,7 +17,6 @@
elasticsearch:
server:
version: ${_param:elasticsearch_version}
- name: ${_param:elasticsearch_cluster_name}
enabled: true
master: true
data: true
@@ -35,6 +34,7 @@
recover_after_nodes: 2
recover_after_time: 5m
cluster:
+ name: ${_param:elasticsearch_cluster_name}
multicast: false
minimum_master_nodes: 2
members:
diff --git a/glance/client/image/octavia.yml b/glance/client/image/octavia.yml
index 3160cdd..2a00375 100644
--- a/glance/client/image/octavia.yml
+++ b/glance/client/image/octavia.yml
@@ -3,6 +3,7 @@
parameters:
glance:
client:
+ cloud_name: admin_identity
identity:
admin_identity:
endpoint_type: internalURL
diff --git a/glance/control/cluster.yml b/glance/control/cluster.yml
index a75f8c5..3eb7866 100644
--- a/glance/control/cluster.yml
+++ b/glance/control/cluster.yml
@@ -82,4 +82,3 @@
storage:
engine: file
images: []
- show_multiple_locations: True
diff --git a/glance/control/single.yml b/glance/control/single.yml
index ee2ae1a..24e9c3f 100644
--- a/glance/control/single.yml
+++ b/glance/control/single.yml
@@ -31,7 +31,6 @@
protocol: ${_param:internal_protocol}
registry:
protocol: ${_param:internal_protocol}
- show_multiple_locations: True
barbican:
enabled: ${_param:barbican_integration_enabled}
message_queue:
diff --git a/haproxy/proxy/listen/openstack/large_setup.yml b/haproxy/proxy/listen/openstack/large_setup.yml
index 947cfce..c517779 100644
--- a/haproxy/proxy/listen/openstack/large_setup.yml
+++ b/haproxy/proxy/listen/openstack/large_setup.yml
@@ -8,4 +8,4 @@
- system.haproxy.proxy.listen.openstack.keystone.large
- system.haproxy.proxy.listen.openstack.neutron_large
- system.haproxy.proxy.listen.openstack.nova_large
-- system.haproxy.proxy.listen.openstack.novanc_large
+- system.haproxy.proxy.listen.openstack.novnc_large
diff --git a/prometheus/elasticsearch_exporter/queries/compute.yml b/prometheus/elasticsearch_exporter/queries/compute.yml
index 66904da..a17cb7f 100644
--- a/prometheus/elasticsearch_exporter/queries/compute.yml
+++ b/prometheus/elasticsearch_exporter/queries/compute.yml
@@ -27,7 +27,8 @@
"aggs": {
"host": {
"terms": {
- "field": "Hostname.keyword"
+ "field": "Hostname.keyword",
+ "min_doc_count": 0
}
}
}
@@ -56,7 +57,8 @@
"aggs": {
"host": {
"terms": {
- "field": "Hostname.keyword"
+ "field": "Hostname.keyword",
+ "min_doc_count": 0
}
}
}
@@ -83,7 +85,8 @@
"aggs": {
"host": {
"terms": {
- "field": "Hostname.keyword"
+ "field": "Hostname.keyword",
+ "min_doc_count": 0
}
}
}
@@ -110,7 +113,8 @@
"aggs": {
"host": {
"terms": {
- "field": "Hostname.keyword"
+ "field": "Hostname.keyword",
+ "min_doc_count": 0
}
}
}
diff --git a/prometheus/gainsight/query/openstack.yml b/prometheus/gainsight/query/openstack.yml
index 40a804b..fc9af46 100644
--- a/prometheus/gainsight/query/openstack.yml
+++ b/prometheus/gainsight/query/openstack.yml
@@ -16,3 +16,6 @@
keystone_api: "'Keystone API','avg(avg_over_time(openstack_api_check_status{name=\"keystone\"}[24h]))'"
glance_api: "'Glance API','avg(avg_over_time(openstack_api_check_status{name=\"glance\"}[24h]))'"
neutron_api: "'Neutron API','avg(avg_over_time(openstack_api_check_status{name=\"neutron\"}[24h]))'"
+ nova_vm_all: "'Total VM number','avg_over_time(total:openstack_nova_instance_all[1d])'"
+ nova_vm_failed: "'Failed VM number','avg_over_time(total:openstack_nova_instance_failed[1d])'"
+ kpi_downtime: "'KPI Downtime','1 - avg_over_time(total:openstack_nova_instance_failed[1d]) / avg_over_time(total:openstack_nova_instance_all[1d])'"
diff --git a/salt/minion/cert/telegraf_agent.yml b/salt/minion/cert/telegraf_agent.yml
new file mode 100644
index 0000000..d54520c
--- /dev/null
+++ b/salt/minion/cert/telegraf_agent.yml
@@ -0,0 +1,14 @@
+parameters:
+ salt:
+ minion:
+ cert:
+ telegraf_agent:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: telegraf_agent
+ signing_policy: cert_server
+ alternative_names: IP:127.0.0.1,IP:${_param:single_address},DNS:${linux:system:name},DNS:${linux:network:fqdn}
+ key_file: ${telegraf:agent:dir:config}/telegraf-agent.key
+ cert_file: ${telegraf:agent:dir:config}/telegraf-agent.crt
+ mode: '0444'
+ enabled: true
diff --git a/telegraf/agent/output/prometheus_client_ssl.yml b/telegraf/agent/output/prometheus_client_ssl.yml
new file mode 100644
index 0000000..f59335f
--- /dev/null
+++ b/telegraf/agent/output/prometheus_client_ssl.yml
@@ -0,0 +1,10 @@
+parameters:
+ telegraf:
+ agent:
+ output:
+ prometheus_client:
+ scheme: https
+ tls_cert: ${telegraf:agent:dir:config}/telegraf-agent.crt
+ tls_key: ${telegraf:agent:dir:config}/telegraf-agent.key
+ tls_config:
+ ca_file: /etc/ssl/certs/ca-certificates.crt