Merge "notes: possibility of defining nginx timeouts on Devops Portal service"
diff --git a/.releasenotes/notes/add-jenkins-and-gerrit-nginx-proxy-support-272f290d7c92480a.yaml b/.releasenotes/notes/add-jenkins-and-gerrit-nginx-proxy-support-272f290d7c92480a.yaml
new file mode 100644
index 0000000..f15497f
--- /dev/null
+++ b/.releasenotes/notes/add-jenkins-and-gerrit-nginx-proxy-support-272f290d7c92480a.yaml
@@ -0,0 +1,30 @@
+---
+features:
+ - |
+ Added system metadata classes to deploy reverse proxy support for
+ Jenkins and Gerrit services. When enabled, these services can be
+ accessed through a public URL or DNS.
+
+ **To apply the change to your deployment:**
+
+ #. Add the following classes to
+ ``cluster.<CLUSTER_NAME>.openstack.proxy.yml``:
+
+ .. code-block:: yaml
+
+ classes:
+ - system.nginx.server.proxy.cicd.gerrit
+ - system.nginx.server.proxy.cicd.jenkins
+
+ #. Set up the following parameters in
+ ``cluster.<CLUSTER_NAME>.cicd.control.init.yml``:
+
+ .. code-block:: yaml
+
+ parameters:
+ _param:
+ nginx_proxy_gerrit_server_site_host: ${_param:openstack_proxy_address}
+ nginx_proxy_gerrit_server_site_port: 8080
+ gerrit_http_listen_url: proxy-https://*:8080/
+ gerrit_public_host: https://${_param:nginx_proxy_gerrit_server_site_host}:${_param:nginx_proxy_gerrit_server_site_port}
+
diff --git a/.releasenotes/notes/add-upstream-proxy-feauture-for-maas-gerrit-jenkins-aptly-53bec821be830377.yaml b/.releasenotes/notes/add-upstream-proxy-feauture-for-maas-gerrit-jenkins-aptly-53bec821be830377.yaml
new file mode 100644
index 0000000..3c408a2
--- /dev/null
+++ b/.releasenotes/notes/add-upstream-proxy-feauture-for-maas-gerrit-jenkins-aptly-53bec821be830377.yaml
@@ -0,0 +1,48 @@
+---
+features:
+ - |
+ Added system metadata to set upstream proxy for the MAAS, Gerrit, Jenkins,
+ and Aptly services.
+
+ **To apply the change to an existing cicd cluster deployment:**
+
+ #. Set the ``http_proxy`` parameter in
+ ``cluster.<CLUSTER_NAME>.cicd.control.init.yml``:
+
+ .. code-block:: yaml
+
+ parameters:
+ _param:
+ http_proxy: 'http://<<upstream_proxy_address>>:<<upstream_proxy_port>>'
+
+ #. Apply the :command:`docker.client` state:
+
+ .. code-block::
+
+ salt -C 'I@docker:client' state.sls docker.client
+
+ **To apply the change to an existing maas deployment:**
+
+ #. Configure ``upstream_proxy`` for MAAS:
+
+ .. code-block:: yaml
+
+ maas:
+ region:
+ upstream_proxy:
+ address: <<upstream_proxy_address>>
+ port: <<upstream_proxy_address>>
+
+ #. On the Salt Master node, update the MaaS Salt formula to latest:
+
+ .. code-block::
+
+ salt-call state.sls salt.master
+
+ #. On the MAAS node, apply the :command:`maas.region` state:
+
+ .. code-block::
+
+ salt-call state.sls maas.region
+ reboot
+
diff --git a/.releasenotes/notes/move-monitoring-and-oss-to-mon-nodes-9711005d184b1f59.yaml b/.releasenotes/notes/move-monitoring-and-oss-to-mon-nodes-9711005d184b1f59.yaml
new file mode 100644
index 0000000..c68faf1
--- /dev/null
+++ b/.releasenotes/notes/move-monitoring-and-oss-to-mon-nodes-9711005d184b1f59.yaml
@@ -0,0 +1,11 @@
+---
+fixes:
+ - |
+ For stability and diversification of resources, Prometheus-based Stacklight
+ and OSS services were moved to monitoring nodes. Now, on spawning new
+ monitoring nodes, different Docker swarm is set up on them to deliver
+ Stacklight and/or OSS services.
+
+ To deploy Stacklight with OSS services on monitoring nodes, generate a new
+ deployment model using the Model Designer UI.
+
diff --git a/.releasenotes/notes/sfdc-support-995867e00a89add0.yaml b/.releasenotes/notes/sfdc-support-995867e00a89add0.yaml
new file mode 100644
index 0000000..0b4bff4
--- /dev/null
+++ b/.releasenotes/notes/sfdc-support-995867e00a89add0.yaml
@@ -0,0 +1,20 @@
+---
+summary: >
+ Added support for the Push Notifications service to Salesforce.
+
+features:
+ - |
+ Added support for the Push Notification service to Salesforce.
+ To configure the Push Notification service for a SalesForce account,
+ define following variables on the cluster level metadata:
+
+ .. code-block:: yaml
+
+ sfdc_auth_url: https://login.salesforce.com/services/oauth2/token
+ sfdc_username: user@example.net
+ sfdc_password: secret
+ sfdc_consumer_key: example_consumer_key
+ sfdc_consumer_secret: example_consumer_secret
+ sfdc_organization_id: example_organization_id
+ sfdc_sandbox_enabled: True/False
+
diff --git a/docker/swarm/stack/monitoring/init.yml b/docker/swarm/stack/monitoring/init.yml
index e274426..6efe125 100644
--- a/docker/swarm/stack/monitoring/init.yml
+++ b/docker/swarm/stack/monitoring/init.yml
@@ -76,6 +76,7 @@
ALERTMANAGER_BIND_PORT: ${prometheus:alertmanager:bind:port}
ALERTMANAGER_BIND_ADDRESS: ${prometheus:alertmanager:bind:address}
ALERTMANAGER_DISCOVERY_DOMAIN: 'monitoring_alertmanager'
+ ALERTMANAGER_EXTERNAL_URL: "http://${_param:stacklight_monitor_address}:15011"
pushgateway:
networks:
- monitoring
@@ -119,3 +120,4 @@
PROMETHEUS_STORAGE_LOCAL_RETENTION: ${prometheus:server:storage:local:retention}
PROMETHEUS_STORAGE_LOCAL_TARGET_HEAP_SIZE: ${prometheus:server:storage:local:target_heap_size}
PROMETHEUS_STORAGE_LOCAL_NUM_FINGERPRINT_MUTEXES: ${prometheus:server:storage:local:num_fingerprint_mutexes}
+ PROMETHEUS_EXTERNAL_URL: "http://${_param:stacklight_monitor_address}:15010"
diff --git a/glusterfs/client/volume/artifactory.yml b/glusterfs/client/volume/artifactory.yml
index 878131f..f8104a1 100644
--- a/glusterfs/client/volume/artifactory.yml
+++ b/glusterfs/client/volume/artifactory.yml
@@ -10,4 +10,4 @@
artifactory:
path: /srv/volumes/artifactory
server: ${_param:artifactory_glusterfs_service_host}
- opts: "defaults,backup-volfile-servers=${_param:glusterfs_node01_address}:${_param:glusterfs_node02_address}:${_param:glusterfs_node03_address}"
+ opts: "defaults,backup-volfile-servers=${_param:glusterfs_node01_address}:${_param:glusterfs_node02_address}:${_param:glusterfs_node03_address},direct-io-mode=disable"
diff --git a/haproxy/proxy/listen/cicd/aptly.yml b/haproxy/proxy/listen/cicd/aptly.yml
index 35ae3d6..682e0d3 100644
--- a/haproxy/proxy/listen/cicd/aptly.yml
+++ b/haproxy/proxy/listen/cicd/aptly.yml
@@ -24,15 +24,7 @@
- name: ${_param:cluster_node01_name}
host: ${_param:cluster_node01_address}
port: 18084
- params: check
- - name: ${_param:cluster_node02_name}
- host: ${_param:cluster_node02_address}
- port: 18084
- params: backup check
- - name: ${_param:cluster_node03_name}
- host: ${_param:cluster_node03_address}
- port: 18084
- params: backup check
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
aptly-public:
mode: http
options:
@@ -45,14 +37,6 @@
port: ${_param:haproxy_aptly_public_bind_port}
servers:
- name: ${_param:cluster_node01_name}
- host: ${_param:cluster_node01_address}
+ host: localhost
port: 18085
- params: check
- - name: ${_param:cluster_node02_name}
- host: ${_param:cluster_node02_address}
- port: 18085
- params: check
- - name: ${_param:cluster_node03_name}
- host: ${_param:cluster_node03_address}
- port: 18085
- params: check
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
diff --git a/haproxy/proxy/listen/cicd/artifactory.yml b/haproxy/proxy/listen/cicd/artifactory.yml
index 349d998..cb6184e 100644
--- a/haproxy/proxy/listen/cicd/artifactory.yml
+++ b/haproxy/proxy/listen/cicd/artifactory.yml
@@ -12,27 +12,25 @@
mode: http
options:
- forwardfor
-# - httpchk
+ - httpchk
- httpclose
- httplog
balance: source
+ acl:
+ is_docker: "path_reg ^/v[12][/.]*"
http_request:
+ - action: "add-header X-Artifactory-Override-Base-Url https://%[req.hdr(host)]/artifactory"
+ condition: "if is_docker"
- action: "add-header X-Forwarded-Proto https"
condition: "if { ssl_fc }"
+ - action: "set-path /artifactory/api/docker/%[req.hdr(host),lower,field(1,'.')]%[path]"
+ condition: "if is_docker "
binds:
- address: ${_param:haproxy_artifactory_bind_host}
port: ${_param:haproxy_artifactory_bind_port}
ssl: ${_param:haproxy_artifactory_ssl}
servers:
- name: ${_param:cluster_node01_name}
- host: ${_param:cluster_node01_address}
+ host: localhost
port: 18082
- params: check
- - name: ${_param:cluster_node02_name}
- host: ${_param:cluster_node02_address}
- port: 18082
- params: backup check
- - name: ${_param:cluster_node03_name}
- host: ${_param:cluster_node03_address}
- port: 18082
- params: backup check
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
\ No newline at end of file
diff --git a/haproxy/proxy/listen/cicd/gerrit.yml b/haproxy/proxy/listen/cicd/gerrit.yml
index 3ee21b1..f6ded20 100644
--- a/haproxy/proxy/listen/cicd/gerrit.yml
+++ b/haproxy/proxy/listen/cicd/gerrit.yml
@@ -13,7 +13,7 @@
mode: http
options:
- forwardfor
-# - httpchk
+ - httpchk
- httpclose
- httplog
balance: source
@@ -26,17 +26,9 @@
ssl: ${_param:haproxy_gerrit_ssl}
servers:
- name: ${_param:cluster_node01_name}
- host: ${_param:cluster_node01_address}
+ host: localhost
port: 18083
- params: check
- - name: ${_param:cluster_node02_name}
- host: ${_param:cluster_node02_address}
- port: 18083
- params: backup check
- - name: ${_param:cluster_node03_name}
- host: ${_param:cluster_node03_address}
- port: 18083
- params: backup check
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
gerrit_ssh:
mode: tcp
balance: source
@@ -45,14 +37,7 @@
port: ${_param:haproxy_gerrit_ssh_bind_port}
servers:
- name: ${_param:cluster_node01_name}
- host: ${_param:cluster_node01_address}
+ host: localhost
port: 29417
- params: check
- - name: ${_param:cluster_node02_name}
- host: ${_param:cluster_node02_address}
- port: 29417
- params: backup check
- - name: ${_param:cluster_node03_name}
- host: ${_param:cluster_node03_address}
- port: 29417
- params: backup check
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+
diff --git a/haproxy/proxy/listen/cicd/jenkins.yml b/haproxy/proxy/listen/cicd/jenkins.yml
index eda12f8..150fac0 100644
--- a/haproxy/proxy/listen/cicd/jenkins.yml
+++ b/haproxy/proxy/listen/cicd/jenkins.yml
@@ -13,7 +13,7 @@
mode: http
options:
- forwardfor
-# - httpchk
+ - httpchk
- httpclose
- httplog
balance: source
@@ -28,17 +28,9 @@
ssl: ${_param:haproxy_jenkins_ssl}
servers:
- name: ${_param:cluster_node01_name}
- host: ${_param:cluster_node01_address}
+ host: localhost
port: 18081
- params: check
- - name: ${_param:cluster_node02_name}
- host: ${_param:cluster_node02_address}
- port: 18081
- params: backup check
- - name: ${_param:cluster_node03_name}
- host: ${_param:cluster_node03_address}
- port: 18081
- params: backup check
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
jenkins_jnlp:
mode: tcp
balance: source
@@ -47,14 +39,6 @@
port: ${_param:haproxy_jenkins_jnlp_bind_port}
servers:
- name: ${_param:cluster_node01_name}
- host: ${_param:cluster_node01_address}
+ host: localhost
port: 50001
- params: check
- - name: ${_param:cluster_node02_name}
- host: ${_param:cluster_node02_address}
- port: 50001
- params: backup check
- - name: ${_param:cluster_node03_name}
- host: ${_param:cluster_node03_address}
- port: 50001
- params: backup check
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
diff --git a/haproxy/proxy/listen/docker/registry.yml b/haproxy/proxy/listen/docker/registry.yml
index 8d45e97..e0f63e8 100644
--- a/haproxy/proxy/listen/docker/registry.yml
+++ b/haproxy/proxy/listen/docker/registry.yml
@@ -23,14 +23,7 @@
ssl: ${_param:haproxy_docker_registry_ssl}
servers:
- name: ${_param:cluster_node01_name}
- host: ${_param:cluster_node01_address}
+ host: localhost
port: 15000
- params: check
- - name: ${_param:cluster_node02_name}
- host: ${_param:cluster_node02_address}
- port: 15000
- params: check
- - name: ${_param:cluster_node03_name}
- host: ${_param:cluster_node03_address}
- port: 15000
- params: check
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+
diff --git a/haproxy/proxy/listen/docker/visualizer.yml b/haproxy/proxy/listen/docker/visualizer.yml
index 6fec3ba..d4e74bb 100644
--- a/haproxy/proxy/listen/docker/visualizer.yml
+++ b/haproxy/proxy/listen/docker/visualizer.yml
@@ -8,7 +8,7 @@
mode: http
options:
- forwardfor
-# - httpchk
+ - httpchk
- httpclose
- httplog
balance: source
@@ -17,14 +17,6 @@
port: ${_param:haproxy_docker_visualizer_listen_port}
servers:
- name: ${_param:cluster_node01_name}
- host: ${_param:cluster_node01_address}
+ host: localhost
port: 18090
- params: check
- - name: ${_param:cluster_node02_name}
- host: ${_param:cluster_node02_address}
- port: 18090
- params: check
- - name: ${_param:cluster_node03_name}
- host: ${_param:cluster_node03_address}
- port: 18090
- params: check
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
\ No newline at end of file
diff --git a/jenkins/client/job/debian/packages/salt.yml b/jenkins/client/job/debian/packages/salt.yml
index 31b8e2a..968c617 100644
--- a/jenkins/client/job/debian/packages/salt.yml
+++ b/jenkins/client/job/debian/packages/salt.yml
@@ -55,6 +55,8 @@
dist: trusty
- name: etcd
dist: trusty
+ - name: fluentbit
+ dist: trusty
- name: foreman
dist: trusty
- name: freeipa
@@ -253,6 +255,8 @@
dist: xenial
- name: etcd
dist: xenial
+ - name: fluentbit
+ dist: xenial
- name: foreman
dist: xenial
- name: freeipa
diff --git a/jenkins/client/job/salt-formulas/git-mirrors/2way.yml b/jenkins/client/job/salt-formulas/git-mirrors/2way.yml
index 331eb59..ffcebd7 100644
--- a/jenkins/client/job/salt-formulas/git-mirrors/2way.yml
+++ b/jenkins/client/job/salt-formulas/git-mirrors/2way.yml
@@ -59,6 +59,8 @@
branches: ${_param:salt_formulas_branches}
- name: etcd
branches: ${_param:salt_formulas_branches}
+ - name: fluentbit
+ branches: ${_param:salt_formulas_branches}
- name: foreman
branches: ${_param:salt_formulas_branches}
- name: freeipa
diff --git a/jenkins/client/job/salt-formulas/tests.yml b/jenkins/client/job/salt-formulas/tests.yml
index 448c421..d35b179 100644
--- a/jenkins/client/job/salt-formulas/tests.yml
+++ b/jenkins/client/job/salt-formulas/tests.yml
@@ -32,6 +32,7 @@
- name: dovecot
- name: elasticsearch
- name: etcd
+ - name: fluentbit
- name: foreman
- name: freeipa
- name: galera
diff --git a/jenkins/client/job/salt-models/tests.yml b/jenkins/client/job/salt-models/tests.yml
index fc1fc5f..13a9881 100644
--- a/jenkins/client/job/salt-models/tests.yml
+++ b/jenkins/client/job/salt-models/tests.yml
@@ -64,6 +64,9 @@
MAX_CPU_PER_JOB:
type: string
default: "2"
+ LEGACY_TEST_MODE:
+ type: boolean
+ default: "{{legacy_test_mode}}"
test_system_reclass:
name: test-salt-model-{{name}}
template:
@@ -196,3 +199,6 @@
MAX_CPU_PER_JOB:
type: string
default: "2"
+ LEGACY_TEST_MODE:
+ type: boolean
+ default: "false"
diff --git a/keystone/server/cluster.yml b/keystone/server/cluster.yml
index 0c79462..cbe89ca 100644
--- a/keystone/server/cluster.yml
+++ b/keystone/server/cluster.yml
@@ -4,6 +4,8 @@
- system.haproxy.proxy.listen.openstack.keystone
- system.haproxy.proxy.listen.openstack.keystone.standalone
parameters:
+ _param:
+ keystone_tokens_expiration: 3600
linux:
system:
package:
@@ -35,7 +37,7 @@
user: keystone
tokens:
engine: fernet
- expiration: 3600
+ expiration: ${_param:keystone_tokens_expiration}
max_active_keys: 3
location: /var/lib/keystone/fernet-keys
credential:
diff --git a/keystone/server/single.yml b/keystone/server/single.yml
index c35ef73..16c26ca 100644
--- a/keystone/server/single.yml
+++ b/keystone/server/single.yml
@@ -7,6 +7,7 @@
mysql_admin_user: root
mysql_admin_password: password
mysql_keystone_password: password
+ keystone_tokens_expiration: 3600
linux:
system:
package:
@@ -38,7 +39,7 @@
user: keystone
tokens:
engine: fernet
- expiration: 3600
+ expiration: ${_param:keystone_tokens_expiration}
max_active_keys: 3
location: /var/lib/keystone/fernet-keys
credential:
diff --git a/salt/master/formula/git/openstack.yml b/salt/master/formula/git/openstack.yml
index 9173a4a..3472f2e 100644
--- a/salt/master/formula/git/openstack.yml
+++ b/salt/master/formula/git/openstack.yml
@@ -12,6 +12,10 @@
# source: git
# address: '${_param:salt_master_environment_repository}/salt-formula-avinetworks.git'
# revision: ${_param:salt_master_environment_revision}
+ barbican:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-barbican.git'
+ revision: ${_param:salt_master_environment_revision}
billometer:
source: git
address: '${_param:salt_master_environment_repository}/salt-formula-billometer.git'
diff --git a/salt/master/formula/pkg/openstack.yml b/salt/master/formula/pkg/openstack.yml
index 827f096..663572b 100644
--- a/salt/master/formula/pkg/openstack.yml
+++ b/salt/master/formula/pkg/openstack.yml
@@ -10,6 +10,9 @@
#avinetworks:
# source: pkg
# name: salt-formula-avinetworks
+ barbican:
+ source: pkg
+ name: salt-formula-barbican
billometer:
source: pkg
name: salt-formula-billometer