Merge "Add tests and package build for salt-formula-openscap"
diff --git a/.gitignore b/.gitignore
index 485dee6..ae8e990 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
.idea
+.*.swp
diff --git a/docker/swarm/stack/jenkins/slave.yml b/docker/swarm/stack/jenkins/slave.yml
index 42a0031..e6ed298 100644
--- a/docker/swarm/stack/jenkins/slave.yml
+++ b/docker/swarm/stack/jenkins/slave.yml
@@ -35,7 +35,7 @@
image: ${_param:docker_image_jenkins_slave}
volumes:
- /etc/ssl/certs/java/cacerts:/etc/ssl/certs/java/cacerts:ro
- - /etc/aptly-publisher.yaml:/etc/aptly-publisher.yaml:ro
+ - /etc/aptly:/etc/aptly:ro
- /var/run/docker.sock:/var/run/docker.sock
- /usr/bin/docker:/usr/bin/docker:ro
- /var/lib/jenkins:/var/lib/jenkins
@@ -59,7 +59,7 @@
image: ${_param:docker_image_jenkins_slave}
volumes:
- /etc/ssl/certs/java/cacerts:/etc/ssl/certs/java/cacerts:ro
- - /etc/aptly-publisher.yaml:/etc/aptly-publisher.yaml:ro
+ - /etc/aptly:/etc/aptly:ro
- /var/run/docker.sock:/var/run/docker.sock
- /usr/bin/docker:/usr/bin/docker:ro
- /var/lib/jenkins:/var/lib/jenkins
@@ -83,7 +83,7 @@
image: ${_param:docker_image_jenkins_slave}
volumes:
- /etc/ssl/certs/java/cacerts:/etc/ssl/certs/java/cacerts:ro
- - /etc/aptly-publisher.yaml:/etc/aptly-publisher.yaml:ro
+ - /etc/aptly:/etc/aptly:ro
- /var/run/docker.sock:/var/run/docker.sock
- /usr/bin/docker:/usr/bin/docker:ro
- /var/lib/jenkins:/var/lib/jenkins
diff --git a/gerrit/client/init.yml b/gerrit/client/init.yml
index 5d719d4..16e4231 100644
--- a/gerrit/client/init.yml
+++ b/gerrit/client/init.yml
@@ -3,6 +3,7 @@
parameters:
_param:
gerrit_try_login: true
+ gerrit_server_host: ${_param:cluster_vip_address}
gerrit:
client:
enabled: True
@@ -12,7 +13,7 @@
gerrit_config: /srv/volumes/gerrit/etc/gerrit.config
gerrit_secure_config: /srv/volumes/gerrit/etc/secure.config
server:
- host: ${_param:cluster_vip_address}
+ host: ${_param:gerrit_server_host}
user: admin
email: ${_param:gerrit_admin_email}
auth_method: basic
diff --git a/haproxy/proxy/listen/openstack/horizon.yml b/haproxy/proxy/listen/openstack/horizon.yml
index 14f5c2b..d507b96 100644
--- a/haproxy/proxy/listen/openstack/horizon.yml
+++ b/haproxy/proxy/listen/openstack/horizon.yml
@@ -3,7 +3,7 @@
proxy:
listen:
horizon_web:
- type: general-service
+ type: horizon
check: false
binds:
- address: ${_param:cluster_vip_address}
@@ -20,4 +20,4 @@
- name: ${_param:cluster_node03_hostname}
host: ${_param:cluster_node03_address}
port: 8078
- params: check
\ No newline at end of file
+ params: check
diff --git a/jenkins/client/approved_scripts.yml b/jenkins/client/approved_scripts.yml
index 1fb68c9..2b2c6a7 100644
--- a/jenkins/client/approved_scripts.yml
+++ b/jenkins/client/approved_scripts.yml
@@ -151,3 +151,8 @@
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getAt java.util.Collection java.lang.String
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods init java.util.List
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods asBoolean java.lang.CharSequence
+ - staticMethod hudson.model.Hudson getInstance
+ - method hudson.model.Job getProperty java.lang.Class
+ - method hudson.model.ParametersDefinitionProperty getParameterDefinitions
+ - method hudson.model.ParameterDefinition getName
+ - hudson.model.StringParameterDefinition getDefaultValue
diff --git a/jenkins/client/init.yml b/jenkins/client/init.yml
index c1d600c..80724b1 100644
--- a/jenkins/client/init.yml
+++ b/jenkins/client/init.yml
@@ -10,8 +10,12 @@
jenkins_master_port: 8081
jenkins_aptly_storages: "local"
jenkins_pipelines_branch: "master"
+ jenkins_offline_deployment: "false"
jenkins:
client:
+ globalenvprop:
+ OFFLINE_DEPLOYMENT:
+ value: ${_param:jenkins_offline_deployment}
master:
host: ${_param:jenkins_master_host}
port: ${_param:jenkins_master_port}
@@ -63,6 +67,7 @@
enabled: true
url: ${_param:jenkins_gerrit_url}/mcp-ci/pipeline-library
credential_id: gerrit
+ branch: ${_param:jenkins_pipelines_branch}
view:
Mirrors:
enabled: true
diff --git a/jenkins/client/job/debian/packages/salt.yml b/jenkins/client/job/debian/packages/salt.yml
index 1cf7b1b..7a9dd04 100644
--- a/jenkins/client/job/debian/packages/salt.yml
+++ b/jenkins/client/job/debian/packages/salt.yml
@@ -617,6 +617,10 @@
upload_source_package: true
upload_to_aptly: true
dist: xenial
+ - name: hubble
+ upload_source_package: true
+ upload_to_aptly: true
+ dist: xenial
- name: influxdb
upload_source_package: true
upload_to_aptly: true
diff --git a/jenkins/client/job/deploy/update/upgrade_mcp_release.yml b/jenkins/client/job/deploy/update/upgrade_mcp_release.yml
index 8587140..9f18006 100644
--- a/jenkins/client/job/deploy/update/upgrade_mcp_release.yml
+++ b/jenkins/client/job/deploy/update/upgrade_mcp_release.yml
@@ -10,7 +10,7 @@
upgrade-mcp-release:
type: workflow-scm
concurrent: true
- display_name: "Deploy - upgrade MCP Release"
+ display_name: "Deploy - upgrade MCP Drivetrain"
scm:
type: git
url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
@@ -27,7 +27,15 @@
MCP_VERSION:
type: string
default: ""
+ UPDATE_CLUSTER_MODEL:
+ type: boolean
+ default: 'false'
+ description: "Replace `apt_mk_version` parameter in cluster level Reclass model."
+ UPDATE_PIPELINES:
+ type: boolean
+ default: 'false'
+ description: "Mirror pipelines from upstream/local mirror to Gerrit."
UPDATE_LOCAL_REPOS:
type: boolean
default: 'false'
- description: "Use only when local repositories are present"
\ No newline at end of file
+ description: "Use only when local repositories are present."
\ No newline at end of file
diff --git a/jenkins/client/job/oscore/cookiecutter.yml b/jenkins/client/job/oscore/cookiecutter.yml
index 04a805a..f38609a 100644
--- a/jenkins/client/job/oscore/cookiecutter.yml
+++ b/jenkins/client/job/oscore/cookiecutter.yml
@@ -28,6 +28,7 @@
type: choice
description: "Context for coockiecutter template specified as filename."
choices:
+ - openstack-ovs-core-ocata
- openstack-ovs-core-pike
- openstack-ovs-core-ssl-pike
- openstack-ovs-core-barbican-pike
diff --git a/jenkins/client/job/oscore/tests.yml b/jenkins/client/job/oscore/tests.yml
index a85342d..6e4b65f 100644
--- a/jenkins/client/job/oscore/tests.yml
+++ b/jenkins/client/job/oscore/tests.yml
@@ -708,7 +708,7 @@
trigger:
gerrit:
project:
- "^salt-formulas/(nova|cinder|glance|keystone|horizon|neutron|designate|heat|ironic|barbican|aodh|ceilometer|gnocchi|panko|manila|salt|linux|reclass|galera|memcached|rabbitmq|bind|apache|runtest)$":
+ "^salt-formulas/(nova|cinder|glance|keystone|horizon|neutron|designate|heat|ironic|barbican|aodh|ceilometer|gnocchi|panko|manila|salt|linux|reclass|galera|memcached|rabbitmq|bind|apache|runtest|oslo-templates)$":
compare_type: 'REG_EXP'
branches:
- master
diff --git a/keepalived/cluster/instance/kube_api_server_vip.yml b/keepalived/cluster/instance/kube_api_server_vip.yml
index 7e03d25..f7fbce8 100644
--- a/keepalived/cluster/instance/kube_api_server_vip.yml
+++ b/keepalived/cluster/instance/kube_api_server_vip.yml
@@ -6,6 +6,9 @@
_param:
keepalived_vip_priority: 101
keepalived_kube_apiserver_vrrp_script_content: "pidof haproxy && systemctl status kube-apiserver.service --quiet --no-pager"
+ keepalived_k8s_apiserver_vip_interface: ens3
+ keepalived_k8s_apiserver_vip_address: ${_param:kubernetes_control_address}
+ keepalived_k8s_apiserver_vip_password: password
keepalived:
cluster:
vrrp_scripts:
diff --git a/keystone/client/core.yml b/keystone/client/core.yml
index f869059..899f4aa 100644
--- a/keystone/client/core.yml
+++ b/keystone/client/core.yml
@@ -1,3 +1,5 @@
+classes:
+- system.keystone.client.os_client_config.admin_identity
parameters:
_param:
keystone_service_protocol: http
diff --git a/kubernetes/master/auth/rbac.yml b/kubernetes/master/auth/rbac.yml
new file mode 100644
index 0000000..be0577b
--- /dev/null
+++ b/kubernetes/master/auth/rbac.yml
@@ -0,0 +1,5 @@
+parameters:
+ kubernetes:
+ master:
+ auth:
+ mode: Node,RBAC
diff --git a/kubernetes/master/cluster.yml b/kubernetes/master/cluster.yml
index 1295f3a..78ff659 100644
--- a/kubernetes/master/cluster.yml
+++ b/kubernetes/master/cluster.yml
@@ -1,8 +1,8 @@
classes:
- service.kubernetes.master.cluster
-- service.keepalived.cluster.single
- service.haproxy.proxy.single
- system.haproxy.proxy.listen.kubernetes.apiserver
+- system.keepalived.cluster.instance.kube_api_server_vip
parameters:
_param:
kubernetes_netchecker_agent_repo: mirantis
diff --git a/linux/system/repo/mcp/apt_mirantis/jenkins.yml b/linux/system/repo/mcp/apt_mirantis/jenkins.yml
index b967e4a..0c256b6 100644
--- a/linux/system/repo/mcp/apt_mirantis/jenkins.yml
+++ b/linux/system/repo/mcp/apt_mirantis/jenkins.yml
@@ -9,8 +9,8 @@
system:
repo:
mcp_jenkins:
- # FIXME
- source: "deb [arch=amd64] ${_param:linux_system_repo_mcp_jenkins_url}/${_param:linux_system_codename}/ binary main"
+ # FIXME PROD-20733
+ source: "deb [arch=amd64 trusted=yes] ${_param:linux_system_repo_mcp_jenkins_url}/${_param:linux_system_codename}/ binary main"
architectures: amd64
clean_file: true
pin:
diff --git a/nova/compute/libvirt/ssl/init.yml b/nova/compute/libvirt/ssl/init.yml
new file mode 100644
index 0000000..9931cbd
--- /dev/null
+++ b/nova/compute/libvirt/ssl/init.yml
@@ -0,0 +1,14 @@
+classes:
+- system.salt.minion.cert.libvirtd
+parameters:
+ nova:
+ compute:
+ libvirt:
+ tls:
+ enabled: True
+ key_file: ${_param:libvirtd_server_ssl_key_file}
+ cert_file: ${_param:libvirtd_server_ssl_cert_file}
+ ca_file: ${_param:libvirtd_ssl_ca_file}
+ client:
+ key_file: ${_param:libvirtd_client_ssl_key_file}
+ cert_file: ${_param:libvirtd_client_ssl_cert_file}
diff --git a/openssh/server/team/members/kkushaev.yml b/openssh/server/team/members/kkushaev.yml
new file mode 100644
index 0000000..978c6f1
--- /dev/null
+++ b/openssh/server/team/members/kkushaev.yml
@@ -0,0 +1,20 @@
+parameters:
+ linux:
+ system:
+ user:
+ kkushaev:
+ enabled: true
+ name: kkushaev
+ sudo: ${_param:linux_system_user_sudo}
+ full_name: Kairat Kushaev
+ home: /home/kkushaev
+ email: kkushaev@mirantis.com
+ openssh:
+ server:
+ enabled: true
+ user:
+ kkushaev:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqsPMcXdObuEZCBqw3t+AutfjA6mxNJ9o4jZb+ov4Tatw0mlGZtpQXyOnn1kkvIW0TAmMdT8dXeSHusc/Ujd8MHFBDSnvGid/jtSpA7q4Op0VNo4cOFx1fw5KqnsZyymhafiVQywgj6UQOEYNpX7VHgPOMLL2Ymm3i9RF986jLpLqXJHWbJuy+0rOHzjFh127QuTV01AYONOaiDdcwZlHyFZgWShL5NSJCMhmREPLn118JTEsN8w+r10a51plzrrV3Tqcz6q7znfftBKlzKrPACVmbMdOzOQ+XBMuN3VmsFxtS//qcqd7y+YAgG1CJ+E+nk4JUYU5fxeiUWntvqFKl
+ user: ${linux:system:user:kkushaev}
diff --git a/openssh/server/team/oscore_devops.yml b/openssh/server/team/oscore_devops.yml
index 1fb9731..2404c31 100644
--- a/openssh/server/team/oscore_devops.yml
+++ b/openssh/server/team/oscore_devops.yml
@@ -8,6 +8,7 @@
- system.openssh.server.team.members.ikolodyazhny
- system.openssh.server.team.members.ohryhorov
- system.openssh.server.team.members.ogrudev
+- system.openssh.server.team.members.kkushaev
parameters:
_param:
linux_system_user_sudo: true
diff --git a/prometheus/server/alert/alerta_relabel.yml b/prometheus/server/alert/alerta_relabel.yml
index a81c59a..ca0f4b4 100644
--- a/prometheus/server/alert/alerta_relabel.yml
+++ b/prometheus/server/alert/alerta_relabel.yml
@@ -11,9 +11,15 @@
- replacement: "aggregated"
source_labels: "instance"
target_label: "instance"
+ - source_labels: "host"
+ target_label: "instance"
+ regex: "(.+)"
+ - source_labels: "job"
+ target_label: "instance"
+ regex: "(.+)"
- source_labels: ["host", "job"]
target_label: "instance"
- regex: "([a-zA-Z0-9]+;[a-zA-Z0-9_]+)"
+ regex: "(.+;.+)"
- source_labels: ["hostname", "job"]
target_label: "instance"
- regex: "([a-zA-Z0-9]+;[a-zA-Z0-9_]+)"
+ regex: "(.+;.+)"
\ No newline at end of file
diff --git a/salt/minion/cert/libvirtd/client.yml b/salt/minion/cert/libvirtd/client.yml
new file mode 100644
index 0000000..bf0ce83
--- /dev/null
+++ b/salt/minion/cert/libvirtd/client.yml
@@ -0,0 +1,21 @@
+parameters:
+ _param:
+ libvirtd_client_ssl_key_file: /etc/pki/libvirt/private/clientkey.pem
+ libvirtd_client_ssl_cert_file: /etc/pki/libvirt/clientcert.pem
+ salt:
+ minion:
+ cert:
+ libvirtd_client:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: ${linux:system:name}.${_param:cluster_domain}
+ signing_policy: cert_client
+ alternative_names: >
+ IP:${_param:cluster_local_address},
+ DNS:${_param:cluster_local_address},
+ DNS:${linux:system:name},
+ DNS:${linux:network:fqdn}
+ key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+ key_file: ${_param:libvirtd_client_ssl_key_file}
+ cert_file: ${_param:libvirtd_client_ssl_cert_file}
+ ca_file: ${_param:libvirtd_ssl_ca_file}
\ No newline at end of file
diff --git a/salt/minion/cert/libvirtd/init.yml b/salt/minion/cert/libvirtd/init.yml
new file mode 100644
index 0000000..735312e
--- /dev/null
+++ b/salt/minion/cert/libvirtd/init.yml
@@ -0,0 +1,9 @@
+classes:
+- system.salt.minion.cert.libvirtd.server
+- system.salt.minion.cert.libvirtd.client
+
+parameters:
+ _param:
+ salt_minion_ca_host: cfg01.${_param:cluster_domain}
+ salt_minion_ca_authority: salt_master_ca
+ libvirtd_ssl_ca_file: /etc/pki/CA/cacert.pem
\ No newline at end of file
diff --git a/salt/minion/cert/libvirtd/server.yml b/salt/minion/cert/libvirtd/server.yml
new file mode 100644
index 0000000..9080672
--- /dev/null
+++ b/salt/minion/cert/libvirtd/server.yml
@@ -0,0 +1,21 @@
+parameters:
+ _param:
+ libvirtd_server_ssl_key_file: /etc/pki/libvirt/private/serverkey.pem
+ libvirtd_server_ssl_cert_file: /etc/pki/libvirt/servercert.pem
+ salt:
+ minion:
+ cert:
+ libvirtd_server:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: ${linux:system:name}.${_param:cluster_domain}
+ signing_policy: cert_server
+ alternative_names: >
+ IP:${_param:cluster_local_address},
+ DNS:${_param:cluster_local_address},
+ DNS:${linux:system:name},
+ DNS:${linux:network:fqdn}
+ key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+ key_file: ${_param:libvirtd_server_ssl_key_file}
+ cert_file: ${_param:libvirtd_server_ssl_cert_file}
+ ca_file: ${_param:libvirtd_ssl_ca_file}
\ No newline at end of file