Merge "Add possibility to run high state on nodes during upgrade/update, make cleaning data partition optional during removal"
diff --git a/debmirror/mirror_mirantis_com/init.yml b/debmirror/mirror_mirantis_com/init.yml
index 89c1e7f..d520990 100644
--- a/debmirror/mirror_mirantis_com/init.yml
+++ b/debmirror/mirror_mirantis_com/init.yml
@@ -31,6 +31,7 @@
- system.debmirror.mirror_mirantis_com.update.salt-formulas.xenial
- system.debmirror.mirror_mirantis_com.saltstack-2017.7.xenial
- system.debmirror.mirror_mirantis_com.update.saltstack-2017.7.xenial
+- system.debmirror.mirror_mirantis_com.update.salt-2017.7.8.xenial
- system.debmirror.mirror_mirantis_com.td-agent.xenial
- system.debmirror.mirror_mirantis_com.update.td-agent.xenial
- system.debmirror.mirror_mirantis_com.ubuntu.xenial
diff --git a/debmirror/mirror_mirantis_com/ubuntu/xenial.yml b/debmirror/mirror_mirantis_com/ubuntu/xenial.yml
index 5073128..8781811 100644
--- a/debmirror/mirror_mirantis_com/ubuntu/xenial.yml
+++ b/debmirror/mirror_mirantis_com/ubuntu/xenial.yml
@@ -101,8 +101,8 @@
25: "--exclude='/libbluetooth*'"
26: "--exclude='/libandroid*'"
27: "--exclude='/banshee*'"
- 27: "--exclude='/*(.xorg)*joystick'"
- 28: "--exclude='/xserver-xorg-video(.*vivid|.*wily|.*utopic)'"
+ 28: "--exclude='/*(.xorg)*joystick'"
+ 29: "--exclude='/xserver-xorg-video(.*vivid|.*wily|.*utopic)'"
30: --exclude='universe.*bluez.*'
32: --exclude='main/(a/a11y-profile-manager|e/emacs24|i/ispell|br\.ispell)'
33: --exclude='/universe/.*(alsa|ubuntuone|telepathy|debian-multimedia|kodi|mediaplayer|nagios|getfem|gammaray|geotranz|brasero)'
@@ -138,10 +138,12 @@
306: '--exclude="main/l/linux.*/linux-.*4\.10\.0-(([0-3][0-9])|(4[0-1]))"'
# Hwe 4.13: Old - if minor in 0-39, < 44
307: '--exclude="main/l/linux.*/linux-.*4\.13\.0-(([0-3][0-9])|(4[0-4]))"'
- # Hwe 4.15.0: Old - if minor in 0-39, < 43
- 308: --exclude='main/l/linux.*/linux-.*4\.15\.0-(([0-3][0-9])|(4[0-2]))'
+ # Hwe 4.15.0: Old - < 100
+ 308: --exclude='main/l/linux.*/linux-.*4\.15\.0-(\d\d)-'
# Old 4.4.0
309: --exclude='main/l/linux.*/linux-.*4\.4\.0-'
+ # Hwe 4.15.0: include >= 100
+ 310: --include='main/l/linux.*/linux-.*4\.15\.0-(\d\d\d)-'
# List of packages, that should be fetched from fresh ppa or other mirror
# So,removing them from upstream mirror.
500: --exclude='main/m/maas/'
@@ -190,3 +192,6 @@
810: --include='universe/p/plexus-(container-default|interactivity-api)/' # PROD-26807 Req.for DogTag
811: --include='/main/u/update-notifier/' # PROD-30102 Req for ceph
812: --include='/main/k/krb5/' # Req for curl
+ 813: --include='universe/g/glibc/' # PROD-35417 Req for rabbitmq 3.8.2
+ 814: --include='universe/o/opensaml2' # PROD-35464 Req for SAML2/Federation
+ 815: --include='universe/x/xmltooling' # PROD-35464 Req for SAML2/Federation
diff --git a/debmirror/mirror_mirantis_com/update/salt-2017.7.8/xenial.yml b/debmirror/mirror_mirantis_com/update/salt-2017.7.8/xenial.yml
new file mode 100644
index 0000000..ef7aec5
--- /dev/null
+++ b/debmirror/mirror_mirantis_com/update/salt-2017.7.8/xenial.yml
@@ -0,0 +1,20 @@
+classes:
+- system.defaults.debmirror
+parameters:
+ debmirror:
+ client:
+ enabled: true
+ mirrors:
+ mirror_mirantis_com_update_salt_2017_7_8_xenial:
+ force: ${_param:mirror_mirantis_com_salt_2017_7_8_xenial_force}
+ lock_target: True
+ extra_flags: [ '--verbose', '--progress', '--nosource', '--no-check-gpg', '--rsync-extra=none' ]
+ method: "${_param:debmirror_mirrors_sync_method}"
+ arch: [ 'amd64' ]
+ mirror_host: "${_param:debmirror_mirrors_host}"
+ mirror_root: "${_param:debmirror_mirrors_update_root}/salt-2017.7.8/xenial/"
+ target_dir: "${_param:debmirror_mirrors_update_target_dir}/salt-2017.7.8/xenial/"
+ log_file: "/var/log/debmirror/mirror_mirantis_com_update_salt_2017_7_8_xenial.log"
+ dist: [ xenial ]
+ section: [ main ]
+
diff --git a/debmirror/mirror_mirantis_com/update/ubuntu/xenial.yml b/debmirror/mirror_mirantis_com/update/ubuntu/xenial.yml
index ef0ec04..5ed6905 100644
--- a/debmirror/mirror_mirantis_com/update/ubuntu/xenial.yml
+++ b/debmirror/mirror_mirantis_com/update/ubuntu/xenial.yml
@@ -138,10 +138,12 @@
306: '--exclude="main/l/linux.*/linux-.*4\.10\.0-(([0-3][0-9])|(4[0-1]))"'
# Hwe 4.13: Old - if minor in 0-39, < 44
307: '--exclude="main/l/linux.*/linux-.*4\.13\.0-(([0-3][0-9])|(4[0-4]))"'
- # Hwe 4.15.0: Old - if minor in 0-39, < 43
- 308: --exclude='main/l/linux.*/linux-.*4\.15\.0-(([0-3][0-9])|(4[0-2]))'
+ # Hwe 4.15.0: Old - < 100
+ 308: --exclude='main/l/linux.*/linux-.*4\.15\.0-(\d\d)-'
# Old 4.4.0
309: --exclude='main/l/linux.*/linux-.*4\.4\.0-'
+ # Hwe 4.15.0: include >= 100
+ 310: --include='main/l/linux.*/linux-.*4\.15\.0-(\d\d\d)-'
# List of packages, that should be fetched from fresh ppa or other mirror
# So,removing them from upstream mirror.
500: --exclude='main/m/maas/'
@@ -190,3 +192,6 @@
810: --include='universe/p/plexus-(container-default|interactivity-api)/' # PROD-26807 Req.for DogTag
811: --include='/main/u/update-notifier/' # PROD-30102 Req for ceph
812: --include='/main/k/krb5/' # Req for curl
+ 813: --include='universe/g/glibc/' # PROD-35417 Req for rabbitmq 3.8.2
+ 814: --include='universe/o/opensaml2' # PROD-35464 Req for SAML2/Federation
+ 815: --include='universe/x/xmltooling' # PROD-35464 Req for SAML2/Federation
diff --git a/defaults/debmirror.yml b/defaults/debmirror.yml
index cef73b5..c9f7820 100644
--- a/defaults/debmirror.yml
+++ b/defaults/debmirror.yml
@@ -30,5 +30,6 @@
mirror_mirantis_com_salt-formulas_xenial_force: True
mirror_mirantis_com_saltstack_2016_3_xenial_force: False
mirror_mirantis_com_saltstack_2017_7_xenial_force: False
+ mirror_mirantis_com_salt_2017_7_8_xenial_force: False
mirror_mirantis_com_td_agent_xenial_force: False
mirror_mirantis_com_ubuntu_xenial_force: False
diff --git a/defaults/docker_images.yml b/defaults/docker_images.yml
index e112df0..27947ad 100644
--- a/defaults/docker_images.yml
+++ b/defaults/docker_images.yml
@@ -12,9 +12,9 @@
###
# phpldapadmin:0.6.12
docker_image_phpldapadmin: "${_param:mcp_docker_registry}/mirantis/cicd/phpldapadmin:${_param:mcp_version}"
- # gerrit:2.15.17
+ # gerrit:2.15.18
docker_image_gerrit: "${_param:mcp_docker_registry}/mirantis/cicd/gerrit:${_param:mcp_version}"
- # mysql:5.6
+ # mysql:5.6.48
docker_image_mysql: "${_param:mcp_docker_registry}/mirantis/cicd/mysql:${_param:mcp_version}"
# jenkins:2.150.3
docker_image_jenkins: "${_param:mcp_docker_registry}/mirantis/cicd/jenkins:${_param:mcp_version}"
@@ -105,7 +105,7 @@
name: jenkins:2019.2.5
- registry: ${_param:mcp_docker_registry}/mirantis/cicd
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/mirantis/cicd
- name: gerrit:2019.2.7
+ name: gerrit:2019.2.10
# stacklight
- registry: ${_param:mcp_docker_registry}/openstack-docker
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/openstack-docker
diff --git a/defaults/init.yml b/defaults/init.yml
index e1dc984..87decb3 100644
--- a/defaults/init.yml
+++ b/defaults/init.yml
@@ -8,6 +8,7 @@
classes:
- system.defaults.linux_system_repo
- system.defaults.linux_system_file
+- system.defaults.linux_system_package
- system.defaults.backupninja
- system.defaults.git
- system.defaults.glusterfs
diff --git a/defaults/linux_system_package.yml b/defaults/linux_system_package.yml
new file mode 100644
index 0000000..7138e1e
--- /dev/null
+++ b/defaults/linux_system_package.yml
@@ -0,0 +1,6 @@
+parameters:
+ linux:
+ system:
+ package:
+ popularity-contest:
+ version: purged
diff --git a/defaults/linux_system_repo.yml b/defaults/linux_system_repo.yml
index 07e96d2..9e38acf 100644
--- a/defaults/linux_system_repo.yml
+++ b/defaults/linux_system_repo.yml
@@ -39,7 +39,7 @@
linux_system_repo_hotfix_mcp_percona_url: ${_param:linux_system_repo_hotfix_url}/percona/
#
linux_system_repo_mcp_saltstack_url: ${_param:linux_system_repo_url}/saltstack-${_param:linux_system_repo_mcp_saltstack_version_number}/
- linux_system_repo_update_mcp_saltstack_url: ${_param:linux_system_repo_update_url}/saltstack-${_param:linux_system_repo_mcp_saltstack_version_number}/
+ linux_system_repo_update_mcp_saltstack_url: ${_param:linux_system_repo_update_url}/salt-2017.7.8/
linux_system_repo_hotfix_mcp_saltstack_url: ${_param:linux_system_repo_hotfix_url}/saltstack-${_param:linux_system_repo_mcp_saltstack_version_number}/
#
linux_system_repo_mcp_extra_url: ${_param:linux_system_repo_url}/extra/
diff --git a/docker/swarm/stack/monitoring/gainsight.yml b/docker/swarm/stack/monitoring/gainsight.yml
index 472b047..a2935da 100644
--- a/docker/swarm/stack/monitoring/gainsight.yml
+++ b/docker/swarm/stack/monitoring/gainsight.yml
@@ -39,12 +39,12 @@
- ${prometheus:gainsight:dir:config}:${_param:gainsight_config_directory}
- ${prometheus:gainsight:dir:crontab}:${_param:gainsight_crontab_directory}
environment:
- - CLUSTER_ID='${_param:gainsight_cluster_id}'
- - PROMETHEUS_URL='${_param:gainsight_prometheus_url}'
- - CONFIG_PATH='${_param:gainsight_config_path}'
- - SFDC_AUTH_URL='${_param:gainsight_sfdc_auth_url}'
- - SFDC_USERNAME='${_param:gainsight_sfdc_username}'
- - SFDC_PASSWORD='${_param:gainsight_sfdc_password}'
- - SFDC_ORGANIZATION_ID='${_param:gainsight_sfdc_organization_id}'
- - SFDC_ENVIRONMENT_ID='${_param:gainsight_sfdc_environment_id}'
- - SFDC_SANDBOX_ENABLED='${_param:gainsight_sfdc_sandbox_enabled}'
+ CLUSTER_ID: ${_param:gainsight_cluster_id}
+ PROMETHEUS_URL: ${_param:gainsight_prometheus_url}
+ CONFIG_PATH: ${_param:gainsight_config_path}
+ SFDC_AUTH_URL: ${_param:gainsight_sfdc_auth_url}
+ SFDC_USERNAME: ${_param:gainsight_sfdc_username}
+ SFDC_PASSWORD: ${_param:gainsight_sfdc_password}
+ SFDC_ORGANIZATION_ID: ${_param:gainsight_sfdc_organization_id}
+ SFDC_ENVIRONMENT_ID: ${_param:gainsight_sfdc_environment_id}
+ SFDC_SANDBOX_ENABLED: ${_param:gainsight_sfdc_sandbox_enabled}
diff --git a/docker/swarm/stack/monitoring/prometheus/init.yml b/docker/swarm/stack/monitoring/prometheus/init.yml
index d38f5f8..b364259 100644
--- a/docker/swarm/stack/monitoring/prometheus/init.yml
+++ b/docker/swarm/stack/monitoring/prometheus/init.yml
@@ -8,6 +8,8 @@
prometheus_storage_local_engine: "persisted"
prometheus_storage_heap_size: 3221225472
prometheus_storage_num_fingerprint_mutexes: 4096
+ prometheus_cors_origin: '.*'
+ prometheus_alert_resend_delay: "2m"
docker:
client:
stack:
@@ -42,7 +44,9 @@
PROMETHEUS_BIND_ADDRESS: ${prometheus:server:bind:address}
PROMETHEUS_STORAGE_LOCAL_RETENTION: ${prometheus:server:storage:local:retention}
PROMETHEUS_EXTERNAL_URL: "${_param:prometheus_external_proto}://${_param:prometheus_external_url}:15010"
+ PROMETHEUS_ALERT_RESEND_DELAY: "${_param:prometheus_alert_resend_delay}"
# Backward compatibility for Prometheus 1.7
PROMETHEUS_STORAGE_LOCAL_ENGINE: ${_param:prometheus_storage_local_engine}
PROMETHEUS_STORAGE_LOCAL_TARGET_HEAP_SIZE: ${_param:prometheus_storage_heap_size}
PROMETHEUS_STORAGE_LOCAL_NUM_FINGERPRINT_MUTEXES: ${_param:prometheus_storage_num_fingerprint_mutexes}
+ PROMETHEUS_CORS_ORIGIN_REGEX: "${_param:prometheus_cors_origin}"
diff --git a/docker/swarm/stack/monitoring/sf_notifier.yml b/docker/swarm/stack/monitoring/sf_notifier.yml
index a77b457..e2e5435 100644
--- a/docker/swarm/stack/monitoring/sf_notifier.yml
+++ b/docker/swarm/stack/monitoring/sf_notifier.yml
@@ -2,7 +2,7 @@
- system.prometheus.sf_notifier.container
parameters:
_param:
- sf_notifier_workers: 4
+ sf_notifier_workers: 8
sf_notifier_buffer_size: 32768
sf_notifier_alert_id_hash_func: sha256
docker:
@@ -33,10 +33,10 @@
- SF_NOTIFIER_WORKERS=${_param:sf_notifier_workers}
- SF_NOTIFIER_BUFFER_SIZE=${_param:sf_notifier_buffer_size}
- SF_NOTIFIER_APP_PORT=${prometheus:sf_notifier:uwsgi:bind_port}
- - SF_NOTIFIER_ALERT_ID_HASH_FUNC='${_param:sf_notifier_alert_id_hash_func}'
- - SFDC_AUTH_URL='${_param:sf_notifier_sfdc_auth_url}'
- - SFDC_USERNAME='${_param:sf_notifier_sfdc_username}'
- - SFDC_PASSWORD='${_param:sf_notifier_sfdc_password}'
- - SFDC_ORGANIZATION_ID='${_param:sf_notifier_sfdc_organization_id}'
- - SFDC_ENVIRONMENT_ID='${_param:sf_notifier_sfdc_environment_id}'
- - SFDC_SANDBOX_ENABLED='${_param:sf_notifier_sfdc_sandbox_enabled}'
+ - SF_NOTIFIER_ALERT_ID_HASH_FUNC=${_param:sf_notifier_alert_id_hash_func}
+ - SFDC_AUTH_URL=${_param:sf_notifier_sfdc_auth_url}
+ - SFDC_USERNAME=${_param:sf_notifier_sfdc_username}
+ - SFDC_PASSWORD=${_param:sf_notifier_sfdc_password}
+ - SFDC_ORGANIZATION_ID=${_param:sf_notifier_sfdc_organization_id}
+ - SFDC_ENVIRONMENT_ID=${_param:sf_notifier_sfdc_environment_id}
+ - SFDC_SANDBOX_ENABLED=${_param:sf_notifier_sfdc_sandbox_enabled}
diff --git a/jenkins/client/job/deploy/backupninja_backup.yml b/jenkins/client/job/deploy/backupninja_backup.yml
index 690ae0a..1089cfa 100644
--- a/jenkins/client/job/deploy/backupninja_backup.yml
+++ b/jenkins/client/job/deploy/backupninja_backup.yml
@@ -34,5 +34,5 @@
default: 'true'
trigger:
timer:
- enabled: true
+ enabled: false
spec: "${_param:backup_min} ${_param:backup_hour} ${_param:backup_day_of_month} ${_param:backup_month} ${_param:backup_day_of_week}"
diff --git a/jenkins/client/job/deploy/openstack.yml b/jenkins/client/job/deploy/openstack.yml
index 6bbbffa..ae63040 100644
--- a/jenkins/client/job/deploy/openstack.yml
+++ b/jenkins/client/job/deploy/openstack.yml
@@ -33,6 +33,10 @@
type: boolean
default: 'false'
description: 'Whether to run "apt-get dist-upgrade" on all nodes in cluster before deployment'
+ UPGRADE_SALTSTACK:
+ type: boolean
+ default: 'false'
+ description: 'Whether to install recent available saltstack packages'
# salt master
SALT_MASTER_CREDENTIALS:
type: string
diff --git a/jenkins/client/job/deploy/update/upgrade_mcp_release.yml b/jenkins/client/job/deploy/update/upgrade_mcp_release.yml
index 794b526..8afa45f 100644
--- a/jenkins/client/job/deploy/update/upgrade_mcp_release.yml
+++ b/jenkins/client/job/deploy/update/upgrade_mcp_release.yml
@@ -27,7 +27,7 @@
MK_PIPELINES_REFSPEC:
type: string
default: ""
- description: "Version of mk-pipelines git repo to be used. Should be release/TARGET_MCP_VERSION"
+ description: "Version of mk-pipelines git repo to be used. Should be release/TARGET_MCP_VERSION or 2019.2.x for a specific MU"
TARGET_MCP_VERSION:
type: string
default: ""
@@ -35,7 +35,7 @@
GIT_REFSPEC:
type: string
default: ""
- description: "Version of git repos to be used, should be release/TARGET_MCP_VERSION"
+ description: "Version of git repos to be used, should be release/TARGET_MCP_VERSION or 2019.2.x for a specific MU"
DRIVE_TRAIN_PARAMS:
type: text
description: "Yaml based DriveTrain releated params"
diff --git a/linux/system/repo/mcp/apt_mirantis/update/ubuntu.yml b/linux/system/repo/mcp/apt_mirantis/update/ubuntu.yml
index 6635d9b..a345feb 100644
--- a/linux/system/repo/mcp/apt_mirantis/update/ubuntu.yml
+++ b/linux/system/repo/mcp/apt_mirantis/update/ubuntu.yml
@@ -7,11 +7,11 @@
# source: "deb [arch=amd64] ${_param:linux_system_repo_update_ubuntu_url} ${_param:linux_system_codename} main restricted universe"
# architectures: ${_param:linux_system_architecture}
# default: true
-# ubuntu_updates_update:
-# refresh_db: ${_param:linux_repo_refresh_db}
-# source: "deb [arch=amd64] ${_param:linux_system_repo_update_ubuntu_url} ${_param:linux_system_codename}-updates main restricted universe"
-# architectures: ${_param:linux_system_architecture}
-# default: true
+ ubuntu_updates_update:
+ refresh_db: ${_param:linux_repo_refresh_db}
+ source: "deb [arch=amd64] ${_param:linux_system_repo_update_ubuntu_url} ${_param:linux_system_codename}-updates main restricted universe"
+ architectures: ${_param:linux_system_architecture}
+ default: true
ubuntu_security_update:
refresh_db: ${_param:linux_repo_refresh_db}
source: "deb [arch=amd64] ${_param:linux_system_repo_update_ubuntu_url} ${_param:linux_system_codename}-security main restricted universe"