Merge "Update sudo access/team groups"
diff --git a/.releasenotes/config.yaml b/.releasenotes/config.yaml
new file mode 100644
index 0000000..28db76e
--- /dev/null
+++ b/.releasenotes/config.yaml
@@ -0,0 +1,58 @@
+---
+# Usage:
+#
+# reno -qd .releasenotes list
+# reno -qd .releasenotes new slug-title --edit
+# reno -qd .releasenotes report --no-show-source
+
+# Change prelude_section_name to 'summary' from default value prelude
+prelude_section_name: summary
+show_source: False
+sections:
+ - [features, New Features]
+ - [upgrade, Upgrade Notes]
+ - [fixes, Bug Fixes]
+ - [other, Other Notes]
+template: |
+ ---
+ # Author the following sections or remove the section if it is not related.
+ # Use one release note per a feature.
+ #
+ # If you miss a section from the list below, please first submit a review
+ # adding it to .releasenotes/config.yaml.
+ #
+ summary: >
+ This section is not mandatory. Use it to highlight the change.
+
+ features:
+ - Use list to record summary of features.
+ - |
+ Provide detailed description with examples.
+ Format with reStructuredText.
+
+ .. code-block:: text
+
+ provide model/formula pillar snippets
+
+ upgrade:
+ - |
+ Document how to use a feature and related upgrade instructions.
+
+ fixes:
+ - Use list to record summary of fixes.
+ Quick and dirty `git log --oneline`.
+
+ other:
+ - Author additional notes for the release.
+ - Format with reStructuredText.
+ - |
+ Use this section if note is not related to one of the common sections:
+ features, issues, upgrade, deprecations, security, fixes, api, cli
+
+ * list item 1
+ * list item 2
+
+ .. code-block:: yaml
+
+ classes:
+ - system.class.to.load
diff --git a/.releasenotes/notes/add-releasenotes-20cce0cea873f011.yaml b/.releasenotes/notes/add-releasenotes-20cce0cea873f011.yaml
new file mode 100644
index 0000000..733776f
--- /dev/null
+++ b/.releasenotes/notes/add-releasenotes-20cce0cea873f011.yaml
@@ -0,0 +1,18 @@
+---
+summary: >
+ Use "reno", an releasenotes configuration tool to record release notes.
+ Documentation: https://docs.openstack.org/reno/latest
+
+ Example usage:
+
+ .. code-block:: shell
+
+ # to list/create/show release notes, run following commands
+ reno -qd .releasenotes list
+ reno -qd .releasenotes new releasenote-slug-title --edit
+ reno -qd .releasenotes report --no-show-source
+
+other:
+ - |
+ Added `reno <https://docs.openstack.org/reno/latest>_` configuration to track release notes
+ within the reclass-system git repository.
diff --git a/artifactory/client/init.yml b/artifactory/client/init.yml
index 9aea48b..0148879 100644
--- a/artifactory/client/init.yml
+++ b/artifactory/client/init.yml
@@ -9,6 +9,10 @@
port: ${_param:artifactory_server_port}
user: ${_param:artifactory_client_user}
password: ${_param:artifactory_client_password}
+ license_key: ${_param:artifactory_license_key}
+ ldap_server: ${_param:artifactory_security_ldap_server}
+ ldap_account_base: ${_param:artifactory_security_ldap_root_dn}
+ ldap_searchFilter: ${_param:artifactory_security_ldap_searchFilter}
ssl_verify: False
repo:
local_artifactory_repo:
diff --git a/haproxy/proxy/listen/openstack/keystone.yml b/haproxy/proxy/listen/openstack/keystone/init.yml
similarity index 90%
rename from haproxy/proxy/listen/openstack/keystone.yml
rename to haproxy/proxy/listen/openstack/keystone/init.yml
index 17e537e..4359f60 100644
--- a/haproxy/proxy/listen/openstack/keystone.yml
+++ b/haproxy/proxy/listen/openstack/keystone/init.yml
@@ -3,8 +3,6 @@
proxy:
listen:
keystone_public_api:
- type: openstack-service
- service_name: keystone
binds:
- address: ${_param:cluster_vip_address}
port: 5000
@@ -22,8 +20,6 @@
port: 5000
params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
keystone_admin_api:
- type: openstack-service
- service_name: keystone
binds:
- address: ${_param:cluster_vip_address}
port: 35357
@@ -39,4 +35,4 @@
- name: ctl03
host: ${_param:cluster_node03_address}
port: 35357
- params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
\ No newline at end of file
+ params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
diff --git a/haproxy/proxy/listen/openstack/keystone/standalone.yml b/haproxy/proxy/listen/openstack/keystone/standalone.yml
new file mode 100644
index 0000000..c454583
--- /dev/null
+++ b/haproxy/proxy/listen/openstack/keystone/standalone.yml
@@ -0,0 +1,12 @@
+classes:
+- system.haproxy.proxy.listen.openstack.keystone
+parameters:
+ haproxy:
+ proxy:
+ listen:
+ keystone_public_api:
+ type: openstack-service
+ service_name: keystone
+ keystone_admin_api:
+ type: openstack-service
+ service_name: keystone
diff --git a/haproxy/proxy/listen/openstack/keystone/wsgi.yml b/haproxy/proxy/listen/openstack/keystone/wsgi.yml
new file mode 100644
index 0000000..efefe8b
--- /dev/null
+++ b/haproxy/proxy/listen/openstack/keystone/wsgi.yml
@@ -0,0 +1,29 @@
+classes:
+- system.haproxy.proxy.listen.openstack.keystone
+parameters:
+ haproxy:
+ proxy:
+ listen:
+ keystone_public_api:
+ mode: http
+ options:
+ - httpchk
+ - httpclose
+ - httplog
+ sticks:
+ - stick on src
+ - stick-table type ip size 200k expire 2m
+ keystone_admin_api:
+ mode: http
+ options:
+ - httpchk
+ - httpclose
+ - httplog
+ sticks:
+ - stick on src
+ - stick-table type ip size 200k expire 2m
+ binds:
+ - address: ${_param:cluster_vip_address}
+ port: 35357
+ ssl:
+ enabled: false
diff --git a/jenkins/client/approved_scripts.yml b/jenkins/client/approved_scripts.yml
index 367a800..5d9a140 100644
--- a/jenkins/client/approved_scripts.yml
+++ b/jenkins/client/approved_scripts.yml
@@ -56,6 +56,9 @@
- method java.util.regex.Matcher matches
- method java.util.regex.Pattern matcher java.lang.CharSequence
- method java.util.stream.Stream collect java.util.stream.Collector
+ - method java.util.Calendar add int int
+ - method java.util.Calendar getTime
+ - method java.util.Date before java.util.Date
- method jenkins.model.Jenkins getItemByFullName java.lang.String
- method jenkins.model.Jenkins getPluginManager
- method org.jenkinsci.plugins.workflow.job.WorkflowRun doStop
diff --git a/jenkins/client/job/deploy/lab/cicd.yml b/jenkins/client/job/deploy/lab/cicd.yml
index 9002c9c..260e7b1 100644
--- a/jenkins/client/job/deploy/lab/cicd.yml
+++ b/jenkins/client/job/deploy/lab/cicd.yml
@@ -63,6 +63,10 @@
OPENSTACK_API_URL:
type: string
default: "https://cloud-cz.bud.mirantis.net:5000"
+ TARGET_OPENSTACK_IP:
+ type: string
+ default: "${_param:oss_target_openstack_ip}"
+ description: "IP address of the OpenStack deployment, managed by OSS tooling"
OPENSTACK_API_CREDENTIALS:
type: string
default: "openstack-devcloud-credentials"
diff --git a/keystone/server/cluster.yml b/keystone/server/cluster.yml
index a8f7069..9b13788 100644
--- a/keystone/server/cluster.yml
+++ b/keystone/server/cluster.yml
@@ -2,6 +2,7 @@
- service.keystone.server.cluster
- service.keepalived.cluster.single
- system.haproxy.proxy.listen.openstack.keystone
+- system.haproxy.proxy.listen.openstack.keystone.standalone
parameters:
keystone:
server:
diff --git a/prometheus/server/init.yml b/prometheus/server/init.yml
index 0ecea17..2c241bd 100644
--- a/prometheus/server/init.yml
+++ b/prometheus/server/init.yml
@@ -2,3 +2,7 @@
_param:
prometheus_server_config_directory: /srv/prometheus
prometheus_server_data_directory: /data
+ prometheus:
+ server:
+ dir:
+ config_in_container: ${_param:prometheus_server_config_directory}
diff --git a/prometheus/server/target/etcd.yml b/prometheus/server/target/etcd.yml
deleted file mode 100644
index 0ac3310..0000000
--- a/prometheus/server/target/etcd.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-parameters:
- prometheus:
- server:
- target:
- static:
- etcd:
- enabled: true
- scheme: https
- tls_config:
- skip_verify: true
- ssl_dir: ${_param:prometheus_server_config_directory}
- cert_name: prometheus-server.crt
- key_name: prometheus-server.key
diff --git a/prometheus/server/target/kubernetes.yml b/prometheus/server/target/kubernetes.yml
index 60ca1e0..919c916 100644
--- a/prometheus/server/target/kubernetes.yml
+++ b/prometheus/server/target/kubernetes.yml
@@ -5,6 +5,5 @@
kubernetes:
enabled: true
api_ip: ${_param:kubernetes_control_address}
- ssl_dir: ${_param:prometheus_server_config_directory}
cert_name: prometheus-server.crt
key_name: prometheus-server.key