Merge "Add heat stack environment parameter"
diff --git a/apache/server/proxy/openstack/cinder.yml b/apache/server/proxy/openstack/cinder.yml
index 8b3fb4f..832c013 100644
--- a/apache/server/proxy/openstack/cinder.yml
+++ b/apache/server/proxy/openstack/cinder.yml
@@ -1,7 +1,8 @@
parameters:
_param:
- apache_proxy_ssl:
+ apache_ssl:
enabled: false
+ apache_proxy_ssl: ${_param:apache_ssl}
apache_proxy_openstack_api_host: ${_param:cluster_public_host}
apache_proxy_openstack_api_address: 0.0.0.0
apache_proxy_openstack_cinder_host: ${_param:cinder_service_host}
diff --git a/apache/server/proxy/openstack/designate.yml b/apache/server/proxy/openstack/designate.yml
index b681cf7..c39c9a4 100644
--- a/apache/server/proxy/openstack/designate.yml
+++ b/apache/server/proxy/openstack/designate.yml
@@ -1,7 +1,8 @@
parameters:
_param:
- apache_proxy_ssl:
+ apache_ssl:
enabled: false
+ apache_proxy_ssl: ${_param:apache_ssl}
apache_proxy_openstack_api_host: ${_param:cluster_public_host}
apache_proxy_openstack_api_address: 0.0.0.0
apache_proxy_openstack_designate_host: ${_param:designate_service_host}
diff --git a/apache/server/proxy/openstack/glance.yml b/apache/server/proxy/openstack/glance.yml
index 91bedea..f983ab4 100644
--- a/apache/server/proxy/openstack/glance.yml
+++ b/apache/server/proxy/openstack/glance.yml
@@ -1,7 +1,8 @@
parameters:
_param:
- apache_proxy_ssl:
+ apache_ssl:
enabled: false
+ apache_proxy_ssl: ${_param:apache_ssl}
apache_proxy_openstack_api_host: ${_param:cluster_public_host}
apache_proxy_openstack_api_address: 0.0.0.0
apache_proxy_openstack_glance_host: ${_param:glance_service_host}
diff --git a/apache/server/proxy/openstack/heat.yml b/apache/server/proxy/openstack/heat.yml
index b844c45..f3aab22 100644
--- a/apache/server/proxy/openstack/heat.yml
+++ b/apache/server/proxy/openstack/heat.yml
@@ -1,7 +1,8 @@
parameters:
_param:
- apache_proxy_ssl:
+ apache_ssl:
enabled: false
+ apache_proxy_ssl: ${_param:apache_ssl}
apache_proxy_openstack_api_host: ${_param:cluster_public_host}
apache_proxy_openstack_api_address: 0.0.0.0
apache_proxy_openstack_heat_host: ${_param:heat_service_host}
diff --git a/apache/server/proxy/openstack/ironic.yml b/apache/server/proxy/openstack/ironic.yml
index d6bd7d3..b6abf0f 100644
--- a/apache/server/proxy/openstack/ironic.yml
+++ b/apache/server/proxy/openstack/ironic.yml
@@ -1,7 +1,8 @@
parameters:
_param:
- apache_proxy_ssl:
+ apache_ssl:
enabled: false
+ apache_proxy_ssl: ${_param:apache_ssl}
apache_proxy_openstack_api_host: ${_param:cluster_public_host}
apache_proxy_openstack_api_address: 0.0.0.0
apache_proxy_openstack_ironic_host: ${_param:ironic_service_host}
diff --git a/apache/server/proxy/openstack/neutron.yml b/apache/server/proxy/openstack/neutron.yml
index dd18c40..1ed5726 100644
--- a/apache/server/proxy/openstack/neutron.yml
+++ b/apache/server/proxy/openstack/neutron.yml
@@ -1,7 +1,8 @@
parameters:
_param:
- apache_proxy_ssl:
+ apache_ssl:
enabled: false
+ apache_proxy_ssl: ${_param:apache_ssl}
apache_proxy_openstack_api_host: ${_param:cluster_public_host}
apache_proxy_openstack_api_address: 0.0.0.0
apache_proxy_openstack_neutron_host: ${_param:neutron_service_host}
diff --git a/apache/server/proxy/openstack/nova.yml b/apache/server/proxy/openstack/nova.yml
index 66a0107..610c6d5 100644
--- a/apache/server/proxy/openstack/nova.yml
+++ b/apache/server/proxy/openstack/nova.yml
@@ -1,7 +1,8 @@
parameters:
_param:
- apache_proxy_ssl:
+ apache_ssl:
enabled: false
+ apache_proxy_ssl: ${_param:apache_ssl}
apache_proxy_openstack_api_host: ${_param:cluster_public_host}
apache_proxy_openstack_api_address: 0.0.0.0
apache_proxy_openstack_nova_host: ${_param:nova_service_host}
diff --git a/apache/server/proxy/openstack/placement.yml b/apache/server/proxy/openstack/placement.yml
index 9e256b2..6030740 100644
--- a/apache/server/proxy/openstack/placement.yml
+++ b/apache/server/proxy/openstack/placement.yml
@@ -1,7 +1,8 @@
parameters:
_param:
- apache_proxy_ssl:
+ apache_ssl:
enabled: false
+ apache_proxy_ssl: ${_param:apache_ssl}
placement_service_host: ${_param:nova_service_host}
apache_proxy_openstack_api_host: ${_param:cluster_public_host}
apache_proxy_openstack_api_address: 0.0.0.0
diff --git a/apache/server/site/barbican.yml b/apache/server/site/barbican.yml
index 55f5cf5..0e7da2c 100644
--- a/apache/server/site/barbican.yml
+++ b/apache/server/site/barbican.yml
@@ -1,7 +1,8 @@
parameters:
_param:
- apache_barbican_ssl:
+ apache_ssl:
enabled: false
+ apache_barbican_ssl: ${_param:apache_ssl}
apache_barbican_api_address: 0.0.0.0
apache_barbican_api_host: ${linux:network:fqdn}
apache:
diff --git a/apache/server/site/cinder.yml b/apache/server/site/cinder.yml
index 7338b6e..d1e3475 100644
--- a/apache/server/site/cinder.yml
+++ b/apache/server/site/cinder.yml
@@ -1,7 +1,8 @@
parameters:
_param:
- apache_cinder_ssl:
+ apache_ssl:
enabled: false
+ apache_cinder_ssl: ${_param:apache_ssl}
apache_cinder_api_address: 0.0.0.0
apache_cinder_api_host: ${linux:network:fqdn}
cinder:
diff --git a/apache/server/site/gnocchi.yml b/apache/server/site/gnocchi.yml
index a3d6def..12d5f24 100644
--- a/apache/server/site/gnocchi.yml
+++ b/apache/server/site/gnocchi.yml
@@ -1,8 +1,9 @@
parameters:
_param:
gnocchi_api_workers: 2
- apache_gnocchi_ssl:
+ apache_ssl:
enabled: false
+ apache_gnocchi_ssl: ${_param:apache_ssl}
apache_gnocchi_api_host: ${linux:network:fqdn}
apache_gnocchi_api_address: ${_param:single_address}
apache_gnocchi_api_port: 8041
diff --git a/apache/server/site/manila.yml b/apache/server/site/manila.yml
index 2161882..cecf1d4 100644
--- a/apache/server/site/manila.yml
+++ b/apache/server/site/manila.yml
@@ -1,7 +1,8 @@
parameters:
_param:
- apache_manila_ssl:
+ apache_ssl:
enabled: false
+ apache_manila_ssl: ${_param:apache_ssl}
apache_manila_api_address: 0.0.0.0
apache_manila_api_host: ${linux:network:fqdn}
manila:
diff --git a/apache/server/site/nova-placement.yml b/apache/server/site/nova-placement.yml
index 9eeeae4..7c8e8bd 100644
--- a/apache/server/site/nova-placement.yml
+++ b/apache/server/site/nova-placement.yml
@@ -1,7 +1,8 @@
parameters:
_param:
- apache_nova_placement_ssl:
+ apache_ssl:
enabled: false
+ apache_nova_placement_ssl: ${_param:apache_ssl}
apache_nova_placement_api_address: 0.0.0.0
apache_nova_placement_api_host: ${linux:network:fqdn}
nova_placement:
diff --git a/apache/server/site/panko.yml b/apache/server/site/panko.yml
index d052c37..eff49c5 100644
--- a/apache/server/site/panko.yml
+++ b/apache/server/site/panko.yml
@@ -1,7 +1,8 @@
parameters:
_param:
- apache_panko_ssl:
+ apache_ssl:
enabled: false
+ apache_panko_ssl: ${_param:apache_ssl}
panko_api_workers: 2
apache_panko_api_host: ${linux:network:fqdn}
apache_panko_api_address: ${_param:single_address}
diff --git a/apache/server/ssl.yml b/apache/server/ssl.yml
new file mode 100644
index 0000000..b720d5d
--- /dev/null
+++ b/apache/server/ssl.yml
@@ -0,0 +1,112 @@
+parameters:
+ _param:
+ apache_ssl_enabled: false
+ apache_ssl:
+ mode: 'strict'
+ enabled: ${_param:apache_ssl_enabled}
+ engine: salt
+ prefer_server_ciphers: "on"
+ protocols:
+ all:
+ name: 'all'
+ enabled: True
+ excludeSSLv2:
+ name: '-SSLv2'
+ enabled: True
+ excludeSSLv3:
+ name: '-SSLv3'
+ enabled: True
+ ciphers:
+ ECDHE-ECDSA-CHACHA20-POLY1305:
+ name: 'ECDHE-ECDSA-CHACHA20-POLY1305'
+ enabled: True
+ ECDHE-RSA-CHACHA20-POLY1305:
+ name: 'ECDHE-RSA-CHACHA20-POLY1305'
+ enabled: True
+ ECDHE-ECDSA-AES128-GCM-SHA256:
+ name: 'ECDHE-ECDSA-AES128-GCM-SHA256'
+ enabled: True
+ ECDHE-RSA-AES128-GCM-SHA256:
+ name: 'ECDHE-RSA-AES128-GCM-SHA256'
+ enabled: True
+ ECDHE-ECDSA-AES256-GCM-SHA384:
+ name: 'ECDHE-ECDSA-AES256-GCM-SHA384'
+ enabled: True
+ ECDHE-RSA-AES256-GCM-SHA384:
+ name: 'ECDHE-RSA-AES256-GCM-SHA384'
+ enabled: True
+ DHE-RSA-AES128-GCM-SHA256:
+ name: 'DHE-RSA-AES128-GCM-SHA256'
+ enabled: True
+ DHE-RSA-AES256-GCM-SHA384:
+ name: 'DHE-RSA-AES256-GCM-SHA384'
+ enabled: True
+ ECDHE-ECDSA-AES128-SHA256:
+ name: 'ECDHE-ECDSA-AES128-SHA256'
+ enabled: True
+ ECDHE-RSA-AES128-SHA256:
+ name: 'ECDHE-RSA-AES128-SHA256'
+ enabled: True
+ ECDHE-ECDSA-AES128-SHA:
+ name: 'ECDHE-ECDSA-AES128-SHA'
+ enabled: True
+ ECDHE-RSA-AES256-SHA384:
+ name: 'ECDHE-RSA-AES256-SHA384'
+ enabled: True
+ ECDHE-RSA-AES128-SHA:
+ name: 'ECDHE-RSA-AES128-SHA'
+ enabled: True
+ ECDHE-ECDSA-AES256-SHA384:
+ name: 'ECDHE-ECDSA-AES256-SHA384'
+ enabled: True
+ ECDHE-ECDSA-AES256-SHA:
+ name: 'ECDHE-ECDSA-AES256-SHA'
+ enabled: True
+ ECDHE-RSA-AES256-SHA:
+ name: 'ECDHE-RSA-AES256-SHA'
+ enabled: True
+ DHE-RSA-AES128-SHA256:
+ name: 'DHE-RSA-AES128-SHA256'
+ enabled: True
+ DHE-RSA-AES128-SHA:
+ name: 'DHE-RSA-AES128-SHA'
+ enabled: True
+ DHE-RSA-AES256-SHA256:
+ name: 'DHE-RSA-AES256-SHA256'
+ enabled: True
+ DHE-RSA-AES256-SHA:
+ name: 'DHE-RSA-AES256-SHA'
+ enabled: True
+ ECDHE-ECDSA-DES-CBC3-SHA:
+ name: 'ECDHE-ECDSA-DES-CBC3-SHA'
+ enabled: True
+ ECDHE-RSA-DES-CBC3-SHA:
+ name: 'ECDHE-RSA-DES-CBC3-SHA'
+ enabled: True
+ EDH-RSA-DES-CBC3-SHA:
+ name: 'EDH-RSA-DES-CBC3-SHA'
+ enabled: True
+ AES128-GCM-SHA256:
+ name: 'AES128-GCM-SHA256'
+ enabled: True
+ AES256-GCM-SHA384:
+ name: 'AES256-GCM-SHA384'
+ enabled: True
+ AES128-SHA256:
+ name: 'AES128-SHA256'
+ enabled: True
+ AES256-SHA256:
+ name: 'AES256-SHA256'
+ enabled: True
+ AES256-SHA:
+ name: 'AES256-SHA'
+ enabled: True
+ AES128-SHA:
+ name: 'AES128-SHA'
+ enabled: True
+ DES-CBC3-SHA:
+ name: 'DES-CBC3-SHA'
+ enabled: True
+ removeDSS:
+ name: '!DSS'
+ enabled: True
\ No newline at end of file
diff --git a/debmirror/mirror_mirantis_com/ubuntu/xenial.yml b/debmirror/mirror_mirantis_com/ubuntu/xenial.yml
index 7cc4ba2..e8ef745 100644
--- a/debmirror/mirror_mirantis_com/ubuntu/xenial.yml
+++ b/debmirror/mirror_mirantis_com/ubuntu/xenial.yml
@@ -22,69 +22,57 @@
section: [ main , restricted, universe ]
# Don't exclude main/x11 - its required for many pkgs.
exclude_deb_section:
+ - Xfce
+ - comm
+ - doc
+ - electronics
- games
- gnome
- - Xfce
- - sound
- - electronics
- graphics
- hamradio
- - doc
- - localization
- kde
- - video
- - translations
+ - localization
- news
- - multiverse/games
- - multiverse/gnome
- - multiverse/Xfce
- - multiverse/sound
- - multiverse/electronics
- - multiverse/graphics
- - multiverse/hamradio
- - multiverse/doc
- - multiverse/localization
- - multiverse/kde
- - multiverse/video
- - multiverse/translations
- - multiverse/news
- - multiverse/x11
- - universe/games
- - universe/gnome
- - universe/Xfce
- - universe/sound
- - universe/electronics
- - universe/hamradio
- - universe/doc
- - universe/localization
- - universe/kde
- - universe/video
- - universe/translations
- - universe/news
- - universe/x11
- - universe/graphics
+ - science
+ - sound
+ - translations
+ - video
+ - main/debug
+ - main/science
+ - restricted/Xfce
+ - restricted/comm
+ - restricted/debug
+ - restricted/doc
+ - restricted/electronics
- restricted/games
- restricted/gnome
- - restricted/Xfce
- - restricted/sound
- - restricted/electronics
- restricted/graphics
- restricted/hamradio
- - restricted/doc
- - restricted/localization
- restricted/kde
- - restricted/video
- - restricted/translations
+ - restricted/localization
- restricted/news
+ - restricted/science
+ - restricted/sound
+ - restricted/translations
+ - restricted/video
- restricted/x11
- - main/debug
- - multiverse/debug
- - restricted/debug
- - universe/debug
- - comm
- - multiverse/comm
+ - universe/Xfce
- universe/comm
- - restricted/comm
+ - universe/debug
+ - universe/doc
+ - universe/electronics
+ - universe/games
+ - universe/gnome
+ - universe/graphics
+ - universe/hamradio
+ - universe/kde
+ - universe/localization
+ - universe/news
+ - universe/science
+ - universe/sound
+ - universe/translations
+ - universe/video
+ - universe/x11
# Updating filter, please always start from section, aka main|universe|multiverse
filter:
1: "--exclude='android*'"
@@ -134,15 +122,20 @@
97: "--exclude='/universe/.*(metastudent).*'"
# List of unused linux kernels and unsupported arch
300: "--exclude='/.*(arm64|powerpc|s390x|armel|armhf|sparc64|mips64|ppc64el|mipsn32)(?!.*amd64)'"
- 301: "--exclude='(main|universe)/l/linux-*-(.*azure|.*aws|gke|.*azure-edge|.*oem/|.*euclid/)'"
+ 301: "--exclude='(main|universe)/l/linux-*-(.*azure|.*aws|gke|gcp|.*azure-edge|.*oem/|.*euclid/)'"
302: "--exclude='/*universe.*(-armel-|-arm-)(?!.*amd64)'"
303: "--exclude='/main/l/linux(.*)/linux-source-*'"
- # Generic: Old minor version of kernels. Old - if minor less then 3 digits.
- 304: '--exclude="main/l/(linux|linux-signed)/linux-.*.4\.4\.0-[0-9]{1,2}\."'
- # Hwe 4.8: Old minor version of kernels. Old - if minor in 30-40.
- 305: '--exclude="main/l/.*hwe.*/linux-.*.4\.8\.0-((3|4)[0-9])"'
- # Hwe 4.10: Old minor version of kernels. Old - if minor in 20-30.
- 306: '--exclude="main/l/.*hwe.*/linux-.*.4\.10\.0-((2|3)[0-9])"'
+ # Old minor version of kernel|tools|extra|cloud and related.
+ # Generic: Old - if minor less then < 127, but not 4numeric
+ 304: '--exclude="main/l/linux.*/linux-.*4\.4\.0-(([0-9][0-9])|([0-9][0-2][0-6]))(\.|_|-)"'
+ # Hwe 4.8: Old - if minor in 30-49 and < 57.
+ 305: '--exclude="main/l/linux.*/linux-.*4\.8\.0-(([0-4][0-9])|([0-9][0-6]))"'
+ # Hwe 4.10: Old - if minor in 0-39, < 42 .
+ 306: '--exclude="main/l/linux.*/linux-.*4\.10\.0-(([0-3][0-9])|(4[0-1]))"'
+ # Hwe 4.13: Old - if minor in 0-39, < 44
+ 307: '--exclude="main/l/linux.*/linux-.*4\.13\.0-(([0-3][0-9])|(4[0-4]))"'
+ # Hwe 4.15: Old - if minor in 0-19, < 24
+ 308: '--exclude="main/l/linux.*/linux-.*4\.15\.0-(([0-1][0-9])|([0-2][0-3]))"'
# List of packages, that should be fetched from fresh ppa or other mirror
# So,removing them from upstream mirror.
500: "--exclude='/main/m/maas/'"
diff --git a/docker/swarm/stack/monitoring/alerta.yml b/docker/swarm/stack/monitoring/alerta.yml
index 858eb38..5e99286 100644
--- a/docker/swarm/stack/monitoring/alerta.yml
+++ b/docker/swarm/stack/monitoring/alerta.yml
@@ -29,3 +29,4 @@
ADMIN_USERS: ${_param:alerta_admin_username}
ADMIN_PASSWORD: ${_param:alerta_admin_password}
MONGO_URI: ${_param:alerta_mongodb_uri}
+ PLUGINS: ""
diff --git a/haproxy/proxy/listen/openstack/designate.yml b/haproxy/proxy/listen/openstack/designate.yml
index 7a54af2..1310be4 100644
--- a/haproxy/proxy/listen/openstack/designate.yml
+++ b/haproxy/proxy/listen/openstack/designate.yml
@@ -1,4 +1,7 @@
parameters:
+ _param:
+ haproxy_designate_check_params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ haproxy_designate_port: 9001
haproxy:
proxy:
listen:
@@ -7,13 +10,13 @@
service_name: designate
binds:
- address: ${_param:cluster_vip_address}
- port: 9001
+ port: ${_param:haproxy_designate_port}
servers:
- name: ${_param:cluster_node01_hostname}
host: ${_param:cluster_node01_address}
- port: 9001
- params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ port: ${_param:haproxy_designate_port}
+ params: ${_param:haproxy_designate_check_params}
- name: ${_param:cluster_node02_hostname}
host: ${_param:cluster_node02_address}
- port: 9001
- params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ port: ${_param:haproxy_designate_port}
+ params: ${_param:haproxy_designate_check_params}
diff --git a/haproxy/proxy/listen/openstack/neutron.yml b/haproxy/proxy/listen/openstack/neutron.yml
index 29bd548..ebc3f1a 100644
--- a/haproxy/proxy/listen/openstack/neutron.yml
+++ b/haproxy/proxy/listen/openstack/neutron.yml
@@ -1,4 +1,7 @@
parameters:
+ _param:
+ haproxy_neutron_check_params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ haproxy_neutron_port: 9696
haproxy:
proxy:
listen:
@@ -7,17 +10,17 @@
service_name: neutron
binds:
- address: ${_param:cluster_vip_address}
- port: 9696
+ port: ${_param:haproxy_neutron_port}
servers:
- name: ${_param:cluster_node01_hostname}
host: ${_param:cluster_node01_address}
- port: 9696
- params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ port: ${_param:haproxy_neutron_port}
+ params: ${_param:haproxy_neutron_check_params}
- name: ${_param:cluster_node02_hostname}
host: ${_param:cluster_node02_address}
- port: 9696
- params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ port: ${_param:haproxy_neutron_port}
+ params: ${_param:haproxy_neutron_check_params}
- name: ${_param:cluster_node03_hostname}
host: ${_param:cluster_node03_address}
- port: 9696
- params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
\ No newline at end of file
+ port: ${_param:haproxy_neutron_port}
+ params: ${_param:haproxy_neutron_check_params}
diff --git a/haproxy/proxy/listen/openstack/neutron_large.yml b/haproxy/proxy/listen/openstack/neutron_large.yml
index 8df1243..5039586 100644
--- a/haproxy/proxy/listen/openstack/neutron_large.yml
+++ b/haproxy/proxy/listen/openstack/neutron_large.yml
@@ -1,4 +1,7 @@
parameters:
+ _param:
+ haproxy_neutron_check_params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ haproxy_neutron_port: 9696
haproxy:
proxy:
listen:
@@ -7,25 +10,25 @@
service_name: neutron
binds:
- address: ${_param:cluster_vip_address}
- port: 9696
+ port: ${_param:haproxy_neutron_port}
servers:
- name: ${_param:cluster_node01_hostname}
host: ${_param:cluster_node01_address}
- port: 9696
- params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ port: ${_param:haproxy_neutron_port}
+ params: ${_param:haproxy_neutron_check_params}
- name: ${_param:cluster_node02_hostname}
host: ${_param:cluster_node02_address}
- port: 9696
- params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ port: ${_param:haproxy_neutron_port}
+ params: ${_param:haproxy_neutron_check_params}
- name: ${_param:cluster_node03_hostname}
host: ${_param:cluster_node03_address}
- port: 9696
- params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ port: ${_param:haproxy_neutron_port}
+ params: ${_param:haproxy_neutron_check_params}
- name: ${_param:cluster_node04_hostname}
host: ${_param:cluster_node04_address}
- port: 9696
- params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
+ port: ${_param:haproxy_neutron_port}
+ params: ${_param:haproxy_neutron_check_params}
- name: ${_param:cluster_node05_hostname}
host: ${_param:cluster_node05_address}
- port: 9696
- params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
\ No newline at end of file
+ port: ${_param:haproxy_neutron_port}
+ params: ${_param:haproxy_neutron_check_params}
diff --git a/jenkins/client/job/salt-formulas/tests.yml b/jenkins/client/job/salt-formulas/tests.yml
index d1dc00b..f6c19f9 100644
--- a/jenkins/client/job/salt-formulas/tests.yml
+++ b/jenkins/client/job/salt-formulas/tests.yml
@@ -160,7 +160,7 @@
param:
SALT_VERSION:
type: string
- default: ""
+ default: "2017.7"
description: "Version of salt for use in test, empty string means latest (default)"
SALT_OPTS:
type: string
diff --git a/jenkins/client/job/validate.yml b/jenkins/client/job/validate.yml
index 207296b..d1638a6 100644
--- a/jenkins/client/job/validate.yml
+++ b/jenkins/client/job/validate.yml
@@ -246,7 +246,7 @@
description: Docker image to use for running Rally/Tempest
TARGET_NODE:
type: string
- default: "${_param:cicd_control_node03_hostname}.${_param:cluster_domain}"
+ default: ""
description: Node where container with Tempest will be run
PROXY:
type: string
@@ -301,7 +301,7 @@
description: Credentials to the Salt API
TEMPEST_TARGET_NODE:
type: string
- default: "${_param:cicd_control_node03_hostname}.${_param:cluster_domain}"
+ default: ""
description: Node where container with tempest will be run
TEST_IMAGE:
type: string
@@ -381,7 +381,7 @@
description: Credentials to the Salt API
TARGET_NODE:
type: string
- default: "${_param:cicd_control_node03_hostname}.${_param:cluster_domain}"
+ default: ""
description: Node where docker container with Rally will be run
TOOLS_REPO:
type: string
diff --git a/keystone/server/wsgi.yml b/keystone/server/wsgi.yml
index 333cb76..df8af68 100644
--- a/keystone/server/wsgi.yml
+++ b/keystone/server/wsgi.yml
@@ -2,8 +2,9 @@
- system.apache.server.single
parameters:
_param:
- apache_keystone_ssl:
+ apache_ssl:
enabled: false
+ apache_keystone_ssl: ${_param:apache_ssl}
apache_keystone_api_host: ${linux:network:fqdn}
keystone:
server:
diff --git a/nginx/server/proxy/ssl.yml b/nginx/server/proxy/ssl.yml
new file mode 100644
index 0000000..66a1938
--- /dev/null
+++ b/nginx/server/proxy/ssl.yml
@@ -0,0 +1,121 @@
+parameters:
+ _param:
+ nginx_proxy_ssl_enabled: false
+ nginx_proxy_ssl:
+ mode: 'strict'
+ enabled: ${_param:nginx_proxy_ssl_enabled}
+ engine: salt
+ dhparam:
+ enabled: True
+ numbits: 2048
+ ecdh_curve:
+ secp521r1:
+ name: 'secp521r1'
+ enabled: True
+ prefer_server_ciphers: "on"
+ protocols:
+ TLSv1:
+ name: 'TLSv1'
+ enabled: True
+ TLSv1.1:
+ name: 'TLSv1.1'
+ enabled: True
+ TLSv1.2:
+ name: 'TLSv1.2'
+ enabled: True
+ stapling: "on"
+ stapling_verify: "on"
+ ciphers:
+ ECDHE-ECDSA-CHACHA20-POLY1305:
+ name: 'ECDHE-ECDSA-CHACHA20-POLY1305'
+ enabled: True
+ ECDHE-RSA-CHACHA20-POLY1305:
+ name: 'ECDHE-RSA-CHACHA20-POLY1305'
+ enabled: True
+ ECDHE-ECDSA-AES128-GCM-SHA256:
+ name: 'ECDHE-ECDSA-AES128-GCM-SHA256'
+ enabled: True
+ ECDHE-RSA-AES128-GCM-SHA256:
+ name: 'ECDHE-RSA-AES128-GCM-SHA256'
+ enabled: True
+ ECDHE-ECDSA-AES256-GCM-SHA384:
+ name: 'ECDHE-ECDSA-AES256-GCM-SHA384'
+ enabled: True
+ ECDHE-RSA-AES256-GCM-SHA384:
+ name: 'ECDHE-RSA-AES256-GCM-SHA384'
+ enabled: True
+ DHE-RSA-AES128-GCM-SHA256:
+ name: 'DHE-RSA-AES128-GCM-SHA256'
+ enabled: True
+ DHE-RSA-AES256-GCM-SHA384:
+ name: 'DHE-RSA-AES256-GCM-SHA384'
+ enabled: True
+ ECDHE-ECDSA-AES128-SHA256:
+ name: 'ECDHE-ECDSA-AES128-SHA256'
+ enabled: True
+ ECDHE-RSA-AES128-SHA256:
+ name: 'ECDHE-RSA-AES128-SHA256'
+ enabled: True
+ ECDHE-ECDSA-AES128-SHA:
+ name: 'ECDHE-ECDSA-AES128-SHA'
+ enabled: True
+ ECDHE-RSA-AES256-SHA384:
+ name: 'ECDHE-RSA-AES256-SHA384'
+ enabled: True
+ ECDHE-RSA-AES128-SHA:
+ name: 'ECDHE-RSA-AES128-SHA'
+ enabled: True
+ ECDHE-ECDSA-AES256-SHA384:
+ name: 'ECDHE-ECDSA-AES256-SHA384'
+ enabled: True
+ ECDHE-ECDSA-AES256-SHA:
+ name: 'ECDHE-ECDSA-AES256-SHA'
+ enabled: True
+ ECDHE-RSA-AES256-SHA:
+ name: 'ECDHE-RSA-AES256-SHA'
+ enabled: True
+ DHE-RSA-AES128-SHA256:
+ name: 'DHE-RSA-AES128-SHA256'
+ enabled: True
+ DHE-RSA-AES128-SHA:
+ name: 'DHE-RSA-AES128-SHA'
+ enabled: True
+ DHE-RSA-AES256-SHA256:
+ name: 'DHE-RSA-AES256-SHA256'
+ enabled: True
+ DHE-RSA-AES256-SHA:
+ name: 'DHE-RSA-AES256-SHA'
+ enabled: True
+ ECDHE-ECDSA-DES-CBC3-SHA:
+ name: 'ECDHE-ECDSA-DES-CBC3-SHA'
+ enabled: True
+ ECDHE-RSA-DES-CBC3-SHA:
+ name: 'ECDHE-RSA-DES-CBC3-SHA'
+ enabled: True
+ EDH-RSA-DES-CBC3-SHA:
+ name: 'EDH-RSA-DES-CBC3-SHA'
+ enabled: True
+ AES128-GCM-SHA256:
+ name: 'AES128-GCM-SHA256'
+ enabled: True
+ AES256-GCM-SHA384:
+ name: 'AES256-GCM-SHA384'
+ enabled: True
+ AES128-SHA256:
+ name: 'AES128-SHA256'
+ enabled: True
+ AES256-SHA256:
+ name: 'AES256-SHA256'
+ enabled: True
+ AES256-SHA:
+ name: 'AES256-SHA'
+ enabled: True
+ AES128-SHA:
+ name: 'AES128-SHA'
+ enabled: True
+ DES-CBC3-SHA:
+ name: 'DES-CBC3-SHA'
+ enabled: True
+ removeDSS:
+ name: '!DSS'
+ enabled: True
\ No newline at end of file
diff --git a/prometheus/server/alert/alerta_relabel.yml b/prometheus/server/alert/alerta_relabel.yml
index ca0f4b4..df6aca0 100644
--- a/prometheus/server/alert/alerta_relabel.yml
+++ b/prometheus/server/alert/alerta_relabel.yml
@@ -1,6 +1,6 @@
parameters:
_param:
- alerta_environment_label: Development
+ alerta_environment_label: ${_param:cluster_name}
prometheus:
server:
config:
@@ -22,4 +22,4 @@
regex: "(.+;.+)"
- source_labels: ["hostname", "job"]
target_label: "instance"
- regex: "(.+;.+)"
\ No newline at end of file
+ regex: "(.+;.+)"
diff --git a/salt/control/cluster/kubernetes_control_cluster.yml b/salt/control/cluster/kubernetes_control_cluster.yml
new file mode 100644
index 0000000..c3049ec
--- /dev/null
+++ b/salt/control/cluster/kubernetes_control_cluster.yml
@@ -0,0 +1,29 @@
+parameters:
+ salt:
+ control:
+ size:
+ kubernetes.control:
+ cpu: 4
+ ram: 8192
+ disk_profile: small
+ net_profile: default
+ cluster:
+ internal:
+ domain: ${_param:cluster_domain}
+ engine: virt
+ node:
+ ctl01:
+ name: ${_param:kubernetes_control_node01_hostname}
+ provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_xenial_image}
+ size: kubernetes.control
+ ctl02:
+ name: ${_param:kubernetes_control_node02_hostname}
+ provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_xenial_image}
+ size: kubernetes.control
+ ctl03:
+ name: ${_param:kubernetes_control_node03_hostname}
+ provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_xenial_image}
+ size: kubernetes.control
diff --git a/salt/control/cluster/kubernetes_proxy_cluster.yml b/salt/control/cluster/kubernetes_proxy_cluster.yml
index d4251a2..379a333 100644
--- a/salt/control/cluster/kubernetes_proxy_cluster.yml
+++ b/salt/control/cluster/kubernetes_proxy_cluster.yml
@@ -3,8 +3,8 @@
control:
size:
kubernetes.proxy:
- cpu: 32
- ram: 65536
+ cpu: 2
+ ram: 4096
disk_profile: small
net_profile: default
cluster:
@@ -15,11 +15,11 @@
prx01:
name: ${_param:kubernetes_proxy_node01_hostname}
provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
- image: ${_param:salt_control_trusty_image}
+ image: ${_param:salt_control_xenial_image}
size: kubernetes.proxy
prx02:
name: ${_param:kubernetes_proxy_node02_hostname}
provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
- image: ${_param:salt_control_trusty_image}
+ image: ${_param:salt_control_xenial_image}
size: kubernetes.proxy