Merge "Fix certificates creation for image sign"
diff --git a/defaults/docker_images.yml b/defaults/docker_images.yml
index b402031..a52fbc6 100644
--- a/defaults/docker_images.yml
+++ b/defaults/docker_images.yml
@@ -6,7 +6,6 @@
docker_image_visualizer: "${_param:mcp_docker_registry}/mirantis/external/visualizer:${_param:mcp_version}"
# openldap:1.1.8
docker_image_openldap: "${_param:mcp_docker_registry}/mirantis/external/openldap:${_param:mcp_version}"
- # library/postgres:9.6
docker_image_postgresql: "${_param:mcp_docker_registry}/mirantis/external/library/postgres:9.6.10"
# library/mongo:3.4 #G
docker_image_mongodb: "${_param:mcp_docker_registry}/mirantis/external/library/mongo:${_param:mcp_version}"
diff --git a/defaults/openstack/init.yml b/defaults/openstack/init.yml
index b1f814c..23f0332 100644
--- a/defaults/openstack/init.yml
+++ b/defaults/openstack/init.yml
@@ -19,8 +19,8 @@
openstack_memcache_security_strategy: 'ENCRYPT'
openstack_memcached_proto_tcp_enabled: True
openstack_memcached_proto_udp_enabled: False
- openstack_old_version: ocata
openstack_version: ocata
+ openstack_old_version: ${_param:openstack_version}
openstack_upgrade_enabled: False
# Cinder
cinder_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
@@ -61,8 +61,8 @@
# Gnocchi
gnocchi_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
gnocchi_memcache_secret_key: ''
- gnocchi_old_version: 4.0
gnocchi_version: 4.0
+ gnocchi_old_version: ${_param:gnocchi_version}
gnocchi_upgrade_enabled: ${_param:openstack_upgrade_enabled}
# Panko
panko_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
diff --git a/docker/swarm/stack/postgresql.yml b/docker/swarm/stack/postgresql.yml
index 192b82c..b3936c6 100644
--- a/docker/swarm/stack/postgresql.yml
+++ b/docker/swarm/stack/postgresql.yml
@@ -2,7 +2,8 @@
_param:
docker_postgresql_replicas: 1
postgresql_bind_host: postgresql-db
- postgresql_bind_port: ${_param:haproxy_postgresql_bind_port}
+ postgresql_bind_port: 5432
+ postgresql_exposed_port: 5432
postgresql_ssl:
enabled: false
postgresql_admin_user: postgres
@@ -14,6 +15,7 @@
environment:
POSTGRES_USER: ${_param:postgresql_admin_user}
POSTGRES_PASSWORD: ${_param:postgresql_admin_user_password}
+ PGDATA: /var/lib/postgresql/data/pgdata
service:
postgresql-db:
image: ${_param:docker_image_postgresql}
@@ -24,8 +26,4 @@
volumes:
- /srv/volumes/postgresql/data:/var/lib/postgresql/data
ports:
- - ${_param:haproxy_postgresql_exposed_port}:${_param:haproxy_postgresql_bind_port}
- network:
- default:
- external:
- name: oss_backend
+ - ${_param:postgresql_exposed_port}:${_param:postgresql_bind_port}
diff --git a/etcd/server/cluster.yml b/etcd/server/cluster.yml
index 459d492..d9c1c8b 100644
--- a/etcd/server/cluster.yml
+++ b/etcd/server/cluster.yml
@@ -4,10 +4,19 @@
- service.etcd.linux
parameters:
_param:
- docker_image_etcd: quay.io/coreos/etcd:v3.3.8
+ docker_image_etcd: quay.io/coreos/etcd:v3.3.10
+ kubernetes_etcd_repo: https://github.com/etcd-io/etcd/releases/download
+ kubernetes_etcd_source: ${_param:kubernetes_etcd_repo}/v3.3.10/etcd-v3.3.10-linux-amd64.tar.gz
+ kubernetes_etcd_source_hash: md5=dbbe0d021ba497bf9d9cc9963d0c7a4b
etcd:
server:
enabled: true
image: ${_param:docker_image_etcd}
+ source:
+ engine: archive
+ etcd_source: ${_param:kubernetes_etcd_source}
+ etcd_source_hash: ${_param:kubernetes_etcd_source_hash}
bind:
- host: ${_param:cluster_local_address}
\ No newline at end of file
+ host: ${_param:cluster_local_address}
+ ssl:
+ enabled: true
diff --git a/jenkins/client/job/security/openscap.yml b/jenkins/client/job/security/openscap.yml
index aa8dd6c..74bc15a 100644
--- a/jenkins/client/job/security/openscap.yml
+++ b/jenkins/client/job/security/openscap.yml
@@ -63,5 +63,5 @@
description: "The tailoring id"
XCCDF_CPE:
type: string
- default: ''
+ default: '/usr/share/mirantis-scap-content/mirantis/cpe/openscap-cpe-dict.xml'
description: "CPE dictionary or language for applicability checks. (Example: /usr/share/openscap/cpe/openscap-cpe-dict.xml)"
diff --git a/keystone/client/v3/service/contrail.yml b/keystone/client/v3/service/contrail.yml
index 1b5701f..e6277d5 100644
--- a/keystone/client/v3/service/contrail.yml
+++ b/keystone/client/v3/service/contrail.yml
@@ -3,8 +3,28 @@
contrail_service_protocol: http
keystone:
client:
+ server:
+ contrail_identity:
+ admin:
+ user: contrail
+ password: ${_param:opencontrail_admin_password}
+ project: admin
+ host: ${_param:keystone_service_host}
+ port: 5000
+ region_name: ${_param:openstack_region}
+ use_keystoneauth: true
+ protocol: ${_param:keystone_service_protocol}
resources:
v3:
+ users:
+ contrail:
+ password: ${_param:opencontrail_admin_password}
+ email: ${_param:admin_email}
+ is_admin: true
+ roles:
+ admin:
+ name: admin
+ project_id: admin
services:
opencontrail:
type: contrail
diff --git a/kubernetes/common/init.yml b/kubernetes/common/init.yml
index 76c1e9a..d015a80 100644
--- a/kubernetes/common/init.yml
+++ b/kubernetes/common/init.yml
@@ -6,8 +6,6 @@
kubernetes_calico_birdcl_repo: ${_param:mcp_binary_registry}/mirantis/projectcalico/bird
kubernetes_calico_cni_repo: ${_param:mcp_binary_registry}/mirantis/projectcalico/cni-plugin
kubernetes_hyperkube_repo: ${_param:mcp_binary_registry}/mirantis/kubernetes/hyperkube-binaries
- kubernetes_contrail_cni_repo: ${_param:mcp_docker_registry}/mirantis/kubernetes
- kubernetes_contrail_network_controller_repo: ${_param:mcp_docker_registry}/mirantis/kubernetes/contrail-integration
kubernetes_contrail_registry: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}
kubernetes_netchecker_agent_repo: mirantis
kubernetes_netchecker_server_repo: mirantis
@@ -26,7 +24,6 @@
kubernetes_containerd_repo: https://github.com/kubernetes-sigs/cri-tools/releases/download
# component images/binaries
- kubernetes_docker_package: docker-engine=1.13.1-0~ubuntu-xenial
kubernetes_calico_image: ${_param:kubernetes_calico_repo}/node:v3.1.3
kubernetes_calico_kube_controllers_image: ${_param:kubernetes_calico_kube_ctl_repo}/kube-controllers:v3.1.3
kubernetes_calico_calicoctl_source: ${_param:kubernetes_calico_calicoctl_repo}/calicoctl-v3.1.3
@@ -40,8 +37,6 @@
kubernetes_hyperkube_source: ${_param:kubernetes_hyperkube_repo}/hyperkube_v1.11.3-2_1536938897511
kubernetes_hyperkube_source_hash: md5=159910d99c3ccf77d1e0f7b346edaf40
kubernetes_pause_image: ${_param:mcp_docker_registry}/mirantis/kubernetes/pause-amd64:v1.11.3-2
- kubernetes_contrail_cni_image: ${_param:kubernetes_contrail_cni_repo}/contrail-cni:v1.2.0
- kubernetes_contrail_network_controller_image: ${_param:kubernetes_contrail_network_controller_repo}/contrail-network-controller:v1.2.0
kubernetes_virtlet_image: ${_param:kubernetes_virtlet_repo}/virtlet:v1.4.1
kubernetes_criproxy_version: v0.12.0
kubernetes_criproxy_checksum: md5=371cacd3d8568eb88425498b48a649dd
@@ -72,6 +67,7 @@
kubernetes_hyperkube_image: ${_param:mcp_docker_registry}/mirantis/kubernetes/hyperkube-amd64:v1.11.3-2
kubernetes_calico_cni_image: ${_param:mcp_docker_registry}/mirantis/projectcalico/calico/cni:v3.1.3
kubernetes_calico_calicoctl_image: ${_param:mcp_docker_registry}/mirantis/projectcalico/calico/ctl:v3.1.3
+ kubernetes_containerd_package: containerd.io=1.2.0-1
kubernetes_opencontrail_controller_image: ${_param:kubernetes_contrail_registry}/opencontrail-controller:${_param:mcp_version}
kubernetes_opencontrail_analyticsdb_image: ${_param:kubernetes_contrail_registry}/opencontrail-analyticsdb:${_param:mcp_version}
@@ -90,12 +86,11 @@
kubernetes_genie_enabled: false
kubernetes_calico_enabled: false
kubernetes_opencontrail_enabled: false
- kubernetes_contrail_network_controller_enabled: false
kubernetes_metallb_enabled: false
kubernetes_sriov_enabled: false
kubernetes_telegraf_enabled: false
kubernetes_ingressnginx_enabled: false
- kubernetes_containerd_enabled: false
+ kubernetes_containerd_enabled: true
kubernetes_ingressnginx_controller_replicas: 1
@@ -121,19 +116,12 @@
kernel:
sysctl:
net.ipv4.ip_forward: 1
- docker:
- host:
- pkgs:
- - ${_param:kubernetes_docker_package}
- - python-docker
- options:
- bip: 172.31.255.1/24
- storage-driver: overlay2
kubernetes:
common:
containerd:
enabled: ${_param:kubernetes_containerd_enabled}
+ package: ${_param:kubernetes_containerd_package}
crictl:
source: ${_param:kubernetes_containerd_source}
hash: ${_param:kubernetes_containerd_source_hash}
@@ -167,9 +155,6 @@
image: ${_param:kubernetes_coredns_image}
etcd:
operator_image: ${_param:kubernetes_corends_etcd_operator_image}
- contrail_network_controller:
- enabled: ${_param:kubernetes_contrail_network_controller_enabled}
- image: ${_param:kubernetes_contrail_network_controller_image}
opencontrail:
controller:
image: ${_param:kubernetes_opencontrail_controller_image}
@@ -244,7 +229,6 @@
cni_image: ${_param:kubernetes_calico_cni_image}
opencontrail:
enabled: ${_param:kubernetes_opencontrail_enabled}
- cni_image: ${_param:kubernetes_contrail_cni_image}
sriov:
enabled: ${_param:kubernetes_sriov_enabled}
source: ${_param:kubernetes_sriov_source}
diff --git a/kubernetes/master/common.yml b/kubernetes/master/common.yml
index f649b4d..03c0f64 100644
--- a/kubernetes/master/common.yml
+++ b/kubernetes/master/common.yml
@@ -29,7 +29,6 @@
cni_image: ${_param:kubernetes_calico_cni_image}
opencontrail:
enabled: ${_param:kubernetes_opencontrail_enabled}
- cni_image: ${_param:kubernetes_contrail_cni_image}
sriov:
enabled: ${_param:kubernetes_sriov_enabled}
source: ${_param:kubernetes_sriov_source}
diff --git a/kubernetes/pool/cluster.yml b/kubernetes/pool/cluster.yml
index a375748..8fcc6b7 100644
--- a/kubernetes/pool/cluster.yml
+++ b/kubernetes/pool/cluster.yml
@@ -1,6 +1,5 @@
classes:
- service.kubernetes.pool.cluster
-- service.docker.host
- system.kubernetes.common
parameters:
kubernetes:
@@ -12,9 +11,3 @@
enabled: true
policy:
enabled: false
- docker:
- host:
- options:
- iptables: false
- log-opts:
- labels: "io.kubernetes.pod.name"
diff --git a/kubernetes/pool/single.yml b/kubernetes/pool/single.yml
index 06178df..94b9434 100644
--- a/kubernetes/pool/single.yml
+++ b/kubernetes/pool/single.yml
@@ -1,14 +1,7 @@
classes:
- service.kubernetes.pool.single
-- service.docker.host
- system.kubernetes.common
parameters:
kubernetes:
pool:
enabled: true
- docker:
- host:
- options:
- iptables: false
- log-opts:
- labels: "io.kubernetes.pod.name"
diff --git a/maas/region/single.yml b/maas/region/single.yml
index e7c7078..309ef34 100644
--- a/maas/region/single.yml
+++ b/maas/region/single.yml
@@ -16,7 +16,24 @@
xenial:
extra_pkgs:
enabled: true
- pkgs: [ "linux-headers-virtual-hwe-16.04", "linux-image-extra-virtual-hwe-16.04" ]
+ pkgs:
+ - linux-headers-virtual-hwe-16.04
+ - linux-image-extra-virtual-hwe-16.04
+ - acpid
+ - apt-transport-https
+ - bridge-utils
+ - curl
+ - dbus
+ - ethtool
+ - ifenslave
+ - iptables
+ - iputils-ping
+ - lsof
+ - strace
+ - tcpdump
+ - traceroute
+ - vlan
+ - wget
kernel_package:
enabled: true
value: 'linux-image-virtual-hwe-16.04'
diff --git a/neutron/gateway/cluster.yml b/neutron/gateway/cluster.yml
index 6d33684..2a4f4f4 100644
--- a/neutron/gateway/cluster.yml
+++ b/neutron/gateway/cluster.yml
@@ -18,7 +18,7 @@
vlan_aware_vms: ${_param:neutron_enable_vlan_aware_vms}
agent_mode: ${_param:neutron_gateway_agent_mode}
backend:
- tenant_network_types: ${_param:neutron_tenant_network_types}"
+ tenant_network_types: "${_param:neutron_tenant_network_types}"
message_queue:
port: ${_param:openstack_rabbitmq_port}
members:
diff --git a/opencontrail/compute/cluster4_0.yml b/opencontrail/compute/cluster4_0.yml
index 425f897..3cb1514 100644
--- a/opencontrail/compute/cluster4_0.yml
+++ b/opencontrail/compute/cluster4_0.yml
@@ -15,7 +15,7 @@
host: ${_param:openstack_control_address}
port: 35357
token: ${_param:keystone_service_token}
- password: ${_param:keystone_admin_password}
+ password: ${_param:opencontrail_admin_password}
network:
engine: neutron
host: ${_param:openstack_control_address}
diff --git a/opencontrail/compute/single4_0.yml b/opencontrail/compute/single4_0.yml
index b48d1d0..b98522d 100644
--- a/opencontrail/compute/single4_0.yml
+++ b/opencontrail/compute/single4_0.yml
@@ -13,7 +13,7 @@
host: ${_param:control_address}
port: 35357
token: ${_param:keystone_service_token}
- password: ${_param:keystone_admin_password}
+ password: ${_param:opencontrail_admin_password}
network:
engine: neutron
host: ${_param:control_address}
diff --git a/openssh/server/team/members/vnaumov.yml b/openssh/server/team/members/vnaumov.yml
index f46cd1d..2805e2c 100644
--- a/openssh/server/team/members/vnaumov.yml
+++ b/openssh/server/team/members/vnaumov.yml
@@ -15,5 +15,5 @@
vnaumov:
enabled: true
public_keys:
- - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDno7VX9jiveRCF7d1C/FK24WLZwCArdrBBOQ1uHqpkUfUYtG6vrYgt/K2n2FXoX55lbeoJAwuNC9HviaY+vQAekCI4W2s02iD+j/GRUwitpv+lJZXSmt/q2PgLz3OFUIsJV0EwyNl+bexM4+2jYTmHeDMrXAsHL4I2GUv5sFycA11UhxZ/Qm2QMKlRZhje/IJieX9u2BhgYuPYffASVl4AhwtDagYdqquwUXrfu/dQRt/U9w0Di9alApcyPqiW9LbXUgwha1G9+ScQnxmp8WvmaV8YR+nf2OFxQHvOZPYjCzniRnYpaQUMeUAkJKxDwqR1dAKYnaQY5TfXtFwfzsjN vnaumov@vnaumov
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDqP7Tzblm0G34kdnW0rbTc4dqJlFq0bVCwiuCadbVgLU0/u6mo48gmejKU2svr4wSKUsAu8Z6bbxqoHz8bpIhABvJkENgkafDR7MC8BUEdUqjw54QRVZ987pVb5f8cyJsbu2jr0F+5B3q0mAujxjCCWRUg9oPiojduD9XJ7+zGv98oREQOpElqVHe05NoZ+cYN6ld/Ye23NltJAnWnJx/W46UnyPpM+5OA1vW9NLLn2CIs9Dj0bsmIVBbUYMTgQtpwPoXcx/UBt1QhK7CJ7pT8UyIS6eoW6F6WdFw8f0sS+pKYzIvyDjKzyrJtcKyfFg5Ca8vtUNEzQM6ARUq7gBGl vnaumov@mirantis.com
user: ${linux:system:user:vnaumov}