Merge "Bump virtlet to v1.3.0"
diff --git a/docker/host.yml b/docker/host.yml
index aef7a32..bb3dffa 100644
--- a/docker/host.yml
+++ b/docker/host.yml
@@ -1,6 +1,8 @@
classes:
- service.docker.host
parameters:
+ _param:
+ docker_garbage_collection_enabled: false
docker:
host:
pkgs:
@@ -14,3 +16,16 @@
ipv6: true
fixed-cidr-v6: fc00::/7
storage-driver: overlay2
+ linux:
+ system:
+ cron:
+ user:
+ root:
+ enabled: true
+ job:
+ docker_garbage_collection:
+ command: docker system prune -f --filter until=$(date +%s -d "1 week ago")
+ enabled: ${_param:docker_garbage_collection_enabled}
+ user: root
+ hour: 6
+ minute: 0
diff --git a/jenkins/client/job/oscore/cookiecutter.yml b/jenkins/client/job/oscore/cookiecutter.yml
index 3dd9e73..84c96d8 100644
--- a/jenkins/client/job/oscore/cookiecutter.yml
+++ b/jenkins/client/job/oscore/cookiecutter.yml
@@ -72,7 +72,7 @@
default: |-
#Extra context that will be merged with content of COOKIECUTTER_TEMPLATE_CONTEXT_FILE
default_context:
- openssh_groups: "qa_scale,oscore_devops,networking,tcpcloud,stacklight,k8s_team"
+ openssh_groups: "qa_scale,oscore_devops,networking,tcpcloud,stacklight,k8s_team,mcp_qa"
cookiecutter_template_url: https://gerrit.mcp.mirantis.net/mk/cookiecutter-templates.git
cookiecutter_template_branch: 'master'
shared_reclass_url: https://gerrit.mcp.mirantis.net/salt-models/reclass-system.git
diff --git a/jenkins/client/job/salt-models/tests.yml b/jenkins/client/job/salt-models/tests.yml
index c6bd2e1..a7bdbab 100644
--- a/jenkins/client/job/salt-models/tests.yml
+++ b/jenkins/client/job/salt-models/tests.yml
@@ -236,10 +236,10 @@
- cookiecutter_template: cookiecutter-templates
template:
discard:
- build:
- keep_num: 50
- artifact:
- keep_num: 50
+ build:
+ keep_days: 4
+ artifact:
+ keep_days: 4
type: workflow-scm
concurrent: true
scm:
@@ -371,9 +371,9 @@
name: test-mk-cookiecutter-templates-chunk
discard:
build:
- keep_num: 300
+ keep_days: 3
artifact:
- keep_num: 300
+ keep_days: 3
type: workflow-scm
concurrent: true
plugin_properties:
diff --git a/keystone/client/service/octavia.yml b/keystone/client/service/octavia.yml
index 304d70f..fe0125a 100644
--- a/keystone/client/service/octavia.yml
+++ b/keystone/client/service/octavia.yml
@@ -18,7 +18,7 @@
email: ${_param:admin_email}
service:
octavia:
- type: octavia
+ type: load-balancer
description: OpenStack Loadbalancing Service
endpoints:
- region: ${_param:openstack_region}
diff --git a/kubernetes/common/init.yml b/kubernetes/common/init.yml
index 5bb6281..ffa9d35 100644
--- a/kubernetes/common/init.yml
+++ b/kubernetes/common/init.yml
@@ -19,7 +19,7 @@
kubernetes_sriov_repo: https://docker-prod-local.artifactory.mirantis.com/artifactory/binary-prod-local/mirantis/kubernetes/sriov-cni
kubernetes_cniplugins_repo: https://docker-prod-local.artifactory.mirantis.com/artifactory/binary-prod-local/mirantis/kubernetes/containernetworking-plugins
kubernetes_dashboard_repo: ${_param:mcp_docker_registry}/mirantis/kubernetes
- kubernetes_coredns_repo: coredns
+ kubernetes_coredns_repo: ${_param:mcp_docker_registry}/mirantis/coredns
# component docker images
kubernetes_docker_package: docker-engine=1.13.1-0~ubuntu-xenial
@@ -54,7 +54,7 @@
kubernetes_fluentd_aggregator_image: fluent/fluentd-kubernetes-daemonset:v1.2-debian-elasticsearch
kubernetes_fluentd_logger_image: fluent/fluentd-kubernetes-daemonset:v1.2-debian-stackdriver
kubernetes_telegraf_image: ${_param:mcp_docker_registry}/openstack-docker/telegraf:2018.8.0
- kubernetes_coredns_image: ${_param:kubernetes_coredns_repo}/coredns:1.2.0
+ kubernetes_coredns_image: ${_param:kubernetes_coredns_repo}/coredns:v1.2.2-12
kubelet_fail_on_swap: true
kubernetes_dashboard_enabled: true
diff --git a/linux/system/repo/mcp/apt_mirantis/saltstack.yml b/linux/system/repo/mcp/apt_mirantis/saltstack.yml
index 22b3bb8..5ba85c0 100644
--- a/linux/system/repo/mcp/apt_mirantis/saltstack.yml
+++ b/linux/system/repo/mcp/apt_mirantis/saltstack.yml
@@ -13,7 +13,16 @@
source: "deb [arch=amd64] ${_param:linux_system_repo_mcp_saltstack_url}/${_param:linux_system_codename}/ ${_param:linux_system_codename} main"
architectures: amd64
clean_file: true
- pin:
- - pin: 'release o=SaltStack'
- priority: 1100
- package: '*'
+ pinning:
+ 10:
+ enabled: true
+ pin: 'release o=SaltStack'
+ # WA for https://github.com/saltstack/salt/issues/49653
+ # Should be removed with new version\fix in upstream.
+ priority: 50
+ package: 'libsodium18'
+ 20:
+ enabled: true
+ pin: 'release o=SaltStack'
+ priority: 1100
+ package: '*'
diff --git a/openssh/server/team/members/obryndzii.yml b/openssh/server/team/members/obryndzii.yml
index 9f7498c..911bdd8 100644
--- a/openssh/server/team/members/obryndzii.yml
+++ b/openssh/server/team/members/obryndzii.yml
@@ -16,6 +16,5 @@
obryndzii:
enabled: true
public_keys:
- - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCdHeeCZb+4YOBC925Byc0JkdFiNHnxl1DikrJlvza66n+URnfpTvtYhy70oT4jWruWf5dGAh81LK6SJfcLKqDvSNwAU4utQp1t71VllPB482oUhFSBAPOhWHElFakWcgnayOFVtMKhUZ4d5i+C7vXr+JpporBk6le7LuHD0/vNEG6SywexV3/lDZV1kahPSHblBxaED6nNeAODXXRMAOzgV25+UcDINaVTSzzQtCfUHydkVmw+TmxYc5wbdac1AtUkFmFbC6XTsv4VyZsH563jHNRf4UYPN6MP4SWv8axPiGUU5jr4laaIpDQ0TF/b+0Z+QidDxxTIsQxR0r/auUJp obryndzii@obryndzii-pc
- - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDD+5Ykrt46voaBAZ4BnYCB7EjRWNd6R+IqLaoQJzHh0joXVyZj/MsV0LcegxVV21Qnecp3qSw9XQiyJ9cghJbN3/AhEFpx7yZzf7sHez7FxRFefBSCO2IYSDBabO4eyv1X8UXtJrZ88lJBmWQr8nVy3E78za1cq0jRKNlGyvTrRtwY69WDhhc6k8CxIGAUrT6uAFeNCfroRKuw3zDm0FIxoq0eExNwBNw0rIXXUowDoCafTYSVpqSQ+Sby/wfRMc12ISmUnOQ2d9A1+YWoZgdHs+G/OK1ADQu/6edaSOWhX0BGLNRig5lWfgbOmAlzIqNqcLDMaBrcwcpi2LN5pIQf obryndzii@obryndzii-pc
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCHoSxtdURZfgjJbbcKDA4TUUTixKVcRkGfgISYu55IF3scjoFRynaFP4zjBIitcTzxuvo7ZlE5ymxMHC0UNm5HU8tjmVscKcQs73lrjTr7jT24dZ8mr27nEbuTOa73FotPoIH5ao0wSSDc7PDXRUvJNI3xoZAd2KW1NZVRFFJ5jo/byuIfqIJLIAvOBTyUDoIrbL+3/WFIjdZ8MPlfyC8Bi09KfrM4hmzGDja4Mcfm4M7kMcw+B2DCpTtYUFCqjuYgTNC6EbTch21Afe9MCtdVqBBddFKFDU0WZtKfcHTuOVfiSrK47jA0ljU6HdHxFGmh3cz1ajux58T6/RHfXID obryndzii@obryndzii-pc
user: ${linux:system:user:obryndzii}
diff --git a/openssh/server/team/oscore_devops.yml b/openssh/server/team/oscore_devops.yml
index 31830fc..5ba280a 100644
--- a/openssh/server/team/oscore_devops.yml
+++ b/openssh/server/team/oscore_devops.yml
@@ -12,6 +12,7 @@
- system.openssh.server.team.members.sgarbuz
- system.openssh.server.team.members.oshyshko
- system.openssh.server.team.members.pshchelo
+- system.openssh.server.team.members.obryndzii
parameters:
_param:
linux_system_user_sudo: true
diff --git a/reclass/storage/system/kubernetes_contrail_cluster.yml b/reclass/storage/system/kubernetes_contrail_cluster.yml
index 49a70e2..c85f6f0 100644
--- a/reclass/storage/system/kubernetes_contrail_cluster.yml
+++ b/reclass/storage/system/kubernetes_contrail_cluster.yml
@@ -15,7 +15,6 @@
domain: ${_param:cluster_domain}
classes:
- cluster.${_param:cluster_name}.kubernetes.control
- - cluster.${_param:cluster_name}.opencontrail.control
params:
salt_master_host: ${_param:reclass_config_master}
linux_system_codename: ${_param:kubernetes_control_system_codename}
@@ -29,7 +28,6 @@
domain: ${_param:cluster_domain}
classes:
- cluster.${_param:cluster_name}.kubernetes.control
- - cluster.${_param:cluster_name}.opencontrail.control
params:
salt_master_host: ${_param:reclass_config_master}
linux_system_codename: ${_param:kubernetes_control_system_codename}
@@ -43,7 +41,6 @@
domain: ${_param:cluster_domain}
classes:
- cluster.${_param:cluster_name}.kubernetes.control
- - cluster.${_param:cluster_name}.opencontrail.control
params:
salt_master_host: ${_param:reclass_config_master}
linux_system_codename: ${_param:kubernetes_control_system_codename}
diff --git a/salt/minion/cert/openstack_api.yml b/salt/minion/cert/openstack_api.yml
new file mode 100644
index 0000000..1095f7e
--- /dev/null
+++ b/salt/minion/cert/openstack_api.yml
@@ -0,0 +1,22 @@
+parameters:
+ _param:
+ salt_minion_ca_host: ${linux:network:fqdn}
+ salt_minion_ca_authority: salt_master_ca
+ openstack_api_cert_alternative_names: IP:127.0.0.1,IP:${_param:cluster_local_address},IP:${_param:cluster_vip_address},DNS:${linux:system:name},DNS:${linux:network:fqdn}
+ openstack_api_cert_key_file: "/etc/ssl/private/openstack_api.key"
+ openstack_api_cert_cert_file: "/etc/ssl/certs/openstack_api.crt"
+ openstack_api_cert_all_file: "/etc/ssl/certs/openstack_api_with_chain.crt"
+ salt:
+ minion:
+ cert:
+ openstack_api:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: openstack_api
+ signing_policy: cert_server
+ alternative_names: ${_param:openstack_api_cert_alternative_names}
+ key_file: ${_param:openstack_api_cert_key_file}
+ cert_file: ${_param:openstack_api_cert_cert_file}
+ all_file: ${_param:openstack_api_cert_all_file}
+ enabled: true
+ engine: salt