Merge "[Octavia] octavia_identity v3 updates"
diff --git a/defaults/gerrit/init.yml b/defaults/gerrit/init.yml
new file mode 100644
index 0000000..7fbdd67
--- /dev/null
+++ b/defaults/gerrit/init.yml
@@ -0,0 +1,6 @@
+parameters:
+ _param:
+ gerrit_pipeline_library_repo: https://github.com/Mirantis/pipeline-library
+ gerrit_mk_pipelines_repo: https://github.com/Mirantis/mk-pipelines
+ gerrit_decapod_pipelines_repo: https://github.com/mateuszlos/decapod-pipelines
+ gerrit_mcp_common_scripts_repo: https://github.com/Mirantis/mcp-common-scripts
\ No newline at end of file
diff --git a/defaults/init.yml b/defaults/init.yml
index 5679cf9..803df1f 100644
--- a/defaults/init.yml
+++ b/defaults/init.yml
@@ -12,6 +12,7 @@
- system.defaults.rabbitmq
- system.defaults.debmirror
- system.defaults.docker_images
+- system.defaults.gerrit
parameters:
_param:
apt_mk_version: stable
@@ -29,3 +30,5 @@
# Other
salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
salt_control_trusty_image_backend: /var/lib/libvirt/images/backends/trusty.qcow2
+ # Make sure this global variable is defined everywhere, where used it is already set on cluster level
+ cluster_public_host: '127.0.0.1'
diff --git a/defaults/openstack/init.yml b/defaults/openstack/init.yml
index 1c864e5..eedc587 100644
--- a/defaults/openstack/init.yml
+++ b/defaults/openstack/init.yml
@@ -18,6 +18,8 @@
# Glance
glance_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
glance_memcache_secret_key: ''
+ # Allow CORS from horizon, needed for direct upload
+ glance_cors_allowed_origin: '${_param:horizon_public_protocol}://${_param:horizon_public_host}'
# Heat
heat_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
heat_memcache_secret_key: ''
@@ -44,4 +46,8 @@
apache_mods_status_status: 'disabled'
# Horizon
# 'direct' mode will require cors on glance side to be enabled.
- horizon_images_upload_mode: 'legacy'
+ horizon_images_upload_mode: 'direct'
+ # TODO (vsaineko): switch to openstack_cluster_public_host
+ horizon_public_host: ${_param:cluster_public_host}
+ horizon_public_port: 443
+ horizon_public_protocol: https
diff --git a/docker/swarm/stack/jenkins/slave.yml b/docker/swarm/stack/jenkins/slave.yml
index 1585058..204b29d 100644
--- a/docker/swarm/stack/jenkins/slave.yml
+++ b/docker/swarm/stack/jenkins/slave.yml
@@ -1,85 +1,5 @@
classes:
- system.docker
-parameters:
- _param:
- jenkins_master_host: ${_param:control_vip_address}
- jenkins_master_port: 8081
- jenkins_secret: "7c40abc1a7df2d26dd6b2e4421af17218df75a16fcbd5e3aa6017d9f47eaeabe"
- jenkins_master_url: http://${_param:jenkins_master_host}:${_param:jenkins_master_port}
- jenkins_slave_user: ${_param:jenkins_client_user}
- jenkins_slave_password: ${_param:jenkins_client_password}
- jenkins_slave_extra_opts: ""
- docker:
- client:
- stack:
- jenkins:
- service:
- slave01:
- environment:
- JENKINS_URL: ${_param:jenkins_master_url}
- JENKINS_AGENT_NAME: slave01
- JENKINS_UPDATE_SLAVE: 'true'
- JENKINS_LOGIN: ${_param:jenkins_slave_user}
- JENKINS_PASSWORD: ${_param:jenkins_slave_password}
- JAVA_OPTS: ${_param:jenkins_slave_extra_opts}
- https_proxy: ${_param:docker_https_proxy}
- http_proxy: ${_param:docker_http_proxy}
- no_proxy: ${_param:docker_no_proxy}
- deploy:
- restart_policy:
- condition: any
- placement:
- constraints:
- - "node.hostname == ${_param:cluster_node01_name}"
- image: ${_param:docker_image_jenkins_slave}
- volumes:
- - /etc/ssl/certs/java/cacerts:/etc/ssl/certs/java/cacerts:ro
- - /var/run/docker.sock:/var/run/docker.sock
- - /usr/bin/docker:/usr/bin/docker:ro
- - /var/lib/jenkins:/var/lib/jenkins
- slave02:
- environment:
- JENKINS_URL: ${_param:jenkins_master_url}
- JENKINS_AGENT_NAME: slave02
- JENKINS_UPDATE_SLAVE: 'true'
- JENKINS_LOGIN: ${_param:jenkins_slave_user}
- JENKINS_PASSWORD: ${_param:jenkins_slave_password}
- JAVA_OPTS: ${_param:jenkins_slave_extra_opts}
- https_proxy: ${_param:docker_https_proxy}
- http_proxy: ${_param:docker_http_proxy}
- no_proxy: ${_param:docker_no_proxy}
- deploy:
- restart_policy:
- condition: any
- placement:
- constraints:
- - "node.hostname == ${_param:cluster_node02_name}"
- image: ${_param:docker_image_jenkins_slave}
- volumes:
- - /etc/ssl/certs/java/cacerts:/etc/ssl/certs/java/cacerts:ro
- - /var/run/docker.sock:/var/run/docker.sock
- - /usr/bin/docker:/usr/bin/docker:ro
- - /var/lib/jenkins:/var/lib/jenkins
- slave03:
- environment:
- JENKINS_URL: ${_param:jenkins_master_url}
- JENKINS_AGENT_NAME: slave03
- JENKINS_UPDATE_SLAVE: 'true'
- JENKINS_LOGIN: ${_param:jenkins_slave_user}
- JENKINS_PASSWORD: ${_param:jenkins_slave_password}
- JAVA_OPTS: ${_param:jenkins_slave_extra_opts}
- https_proxy: ${_param:docker_https_proxy}
- http_proxy: ${_param:docker_http_proxy}
- no_proxy: ${_param:docker_no_proxy}
- deploy:
- restart_policy:
- condition: any
- placement:
- constraints:
- - "node.hostname == ${_param:cluster_node03_name}"
- image: ${_param:docker_image_jenkins_slave}
- volumes:
- - /etc/ssl/certs/java/cacerts:/etc/ssl/certs/java/cacerts:ro
- - /var/run/docker.sock:/var/run/docker.sock
- - /usr/bin/docker:/usr/bin/docker:ro
- - /var/lib/jenkins:/var/lib/jenkins
+- system.docker.swarm.stack.jenkins.slave01
+- system.docker.swarm.stack.jenkins.slave02
+- system.docker.swarm.stack.jenkins.slave03
diff --git a/docker/swarm/stack/jenkins/slave01.yml b/docker/swarm/stack/jenkins/slave01.yml
new file mode 100644
index 0000000..f616d89
--- /dev/null
+++ b/docker/swarm/stack/jenkins/slave01.yml
@@ -0,0 +1,34 @@
+classes:
+- system.docker
+- system.docker.swarm.stack.jenkins.slave_base
+parameters:
+ _param:
+ jenkins_slave01_node_name: ${_param:cluster_node01_name}
+ docker:
+ client:
+ stack:
+ jenkins:
+ service:
+ slave01:
+ environment:
+ JENKINS_URL: ${_param:jenkins_master_url}
+ JENKINS_AGENT_NAME: slave01
+ JENKINS_UPDATE_SLAVE: 'true'
+ JENKINS_LOGIN: ${_param:jenkins_slave_user}
+ JENKINS_PASSWORD: ${_param:jenkins_slave_password}
+ JAVA_OPTS: ${_param:jenkins_slave_extra_opts}
+ https_proxy: ${_param:docker_https_proxy}
+ http_proxy: ${_param:docker_http_proxy}
+ no_proxy: ${_param:docker_no_proxy}
+ deploy:
+ restart_policy:
+ condition: any
+ placement:
+ constraints:
+ - "node.hostname == ${_param:jenkins_slave01_node_name}"
+ image: ${_param:docker_image_jenkins_slave}
+ volumes:
+ - /etc/ssl/certs/java/cacerts:/etc/ssl/certs/java/cacerts:ro
+ - /var/run/docker.sock:/var/run/docker.sock
+ - /usr/bin/docker:/usr/bin/docker:ro
+ - /var/lib/jenkins:/var/lib/jenkins
diff --git a/docker/swarm/stack/jenkins/slave02.yml b/docker/swarm/stack/jenkins/slave02.yml
new file mode 100644
index 0000000..cbece06
--- /dev/null
+++ b/docker/swarm/stack/jenkins/slave02.yml
@@ -0,0 +1,34 @@
+classes:
+- system.docker
+- system.docker.swarm.stack.jenkins.slave_base
+parameters:
+ _param:
+ jenkins_slave02_node_name: ${_param:cluster_node02_name}
+ docker:
+ client:
+ stack:
+ jenkins:
+ service:
+ slave02:
+ environment:
+ JENKINS_URL: ${_param:jenkins_master_url}
+ JENKINS_AGENT_NAME: slave02
+ JENKINS_UPDATE_SLAVE: 'true'
+ JENKINS_LOGIN: ${_param:jenkins_slave_user}
+ JENKINS_PASSWORD: ${_param:jenkins_slave_password}
+ JAVA_OPTS: ${_param:jenkins_slave_extra_opts}
+ https_proxy: ${_param:docker_https_proxy}
+ http_proxy: ${_param:docker_http_proxy}
+ no_proxy: ${_param:docker_no_proxy}
+ deploy:
+ restart_policy:
+ condition: any
+ placement:
+ constraints:
+ - "node.hostname == ${_param:jenkins_slave02_node_name}"
+ image: ${_param:docker_image_jenkins_slave}
+ volumes:
+ - /etc/ssl/certs/java/cacerts:/etc/ssl/certs/java/cacerts:ro
+ - /var/run/docker.sock:/var/run/docker.sock
+ - /usr/bin/docker:/usr/bin/docker:ro
+ - /var/lib/jenkins:/var/lib/jenkins
diff --git a/docker/swarm/stack/jenkins/slave03.yml b/docker/swarm/stack/jenkins/slave03.yml
new file mode 100644
index 0000000..6ff900c
--- /dev/null
+++ b/docker/swarm/stack/jenkins/slave03.yml
@@ -0,0 +1,34 @@
+classes:
+- system.docker
+- system.docker.swarm.stack.jenkins.slave_base
+parameters:
+ _param:
+ jenkins_slave03_node_name: ${_param:cluster_node03_name}
+ docker:
+ client:
+ stack:
+ jenkins:
+ service:
+ slave03:
+ environment:
+ JENKINS_URL: ${_param:jenkins_master_url}
+ JENKINS_AGENT_NAME: slave03
+ JENKINS_UPDATE_SLAVE: 'true'
+ JENKINS_LOGIN: ${_param:jenkins_slave_user}
+ JENKINS_PASSWORD: ${_param:jenkins_slave_password}
+ JAVA_OPTS: ${_param:jenkins_slave_extra_opts}
+ https_proxy: ${_param:docker_https_proxy}
+ http_proxy: ${_param:docker_http_proxy}
+ no_proxy: ${_param:docker_no_proxy}
+ deploy:
+ restart_policy:
+ condition: any
+ placement:
+ constraints:
+ - "node.hostname == ${_param:jenkins_slave03_node_name}"
+ image: ${_param:docker_image_jenkins_slave}
+ volumes:
+ - /etc/ssl/certs/java/cacerts:/etc/ssl/certs/java/cacerts:ro
+ - /var/run/docker.sock:/var/run/docker.sock
+ - /usr/bin/docker:/usr/bin/docker:ro
+ - /var/lib/jenkins:/var/lib/jenkins
diff --git a/docker/swarm/stack/jenkins/slave_base.yml b/docker/swarm/stack/jenkins/slave_base.yml
new file mode 100644
index 0000000..630dd14
--- /dev/null
+++ b/docker/swarm/stack/jenkins/slave_base.yml
@@ -0,0 +1,9 @@
+parameters:
+ _param:
+ jenkins_master_host: ${_param:control_vip_address}
+ jenkins_master_port: 8081
+ jenkins_secret: "7c40abc1a7df2d26dd6b2e4421af17218df75a16fcbd5e3aa6017d9f47eaeabe"
+ jenkins_master_url: http://${_param:jenkins_master_host}:${_param:jenkins_master_port}
+ jenkins_slave_user: ${_param:jenkins_client_user}
+ jenkins_slave_password: ${_param:jenkins_client_password}
+ jenkins_slave_extra_opts: ""
diff --git a/docker/swarm/stack/jenkins/slave_single.yml b/docker/swarm/stack/jenkins/slave_single.yml
new file mode 100644
index 0000000..31406d1
--- /dev/null
+++ b/docker/swarm/stack/jenkins/slave_single.yml
@@ -0,0 +1,3 @@
+classes:
+- system.docker
+- system.docker.swarm.stack.jenkins.slave01
diff --git a/gerrit/client/project/ci.yml b/gerrit/client/project/ci.yml
index 3e36556..e0c7112 100644
--- a/gerrit/client/project/ci.yml
+++ b/gerrit/client/project/ci.yml
@@ -1,8 +1,4 @@
parameters:
- _param:
- gerrit_pipeline_library_repo: https://github.com/Mirantis/pipeline-library
- gerrit_mk_pipelines_repo: https://github.com/Mirantis/mk-pipelines
- gerrit_decapod_pipelines_repo: https://github.com/mateuszlos/decapod-pipelines
gerrit:
client:
project:
diff --git a/gerrit/client/project/mirantis/mcp-common-scripts.yml b/gerrit/client/project/mirantis/mcp-common-scripts.yml
new file mode 100644
index 0000000..8064219
--- /dev/null
+++ b/gerrit/client/project/mirantis/mcp-common-scripts.yml
@@ -0,0 +1,12 @@
+parameters:
+ gerrit:
+ client:
+ project:
+ mcp/mcp-common-scripts:
+ enabled: true
+ description: MCP common scripts
+ upstream: ${_param:gerrit_mcp_common_scripts_repo}
+ access: ${gerrit:client:default_access}
+ require_change_id: true
+ require_agreement: false
+ merge_content: true
diff --git a/glance/control/cluster.yml b/glance/control/cluster.yml
index 0c17ac8..8b4f40c 100644
--- a/glance/control/cluster.yml
+++ b/glance/control/cluster.yml
@@ -36,6 +36,8 @@
cert_file: ${_param:mysql_glance_client_ssl_cert_file}
ssl:
enabled: ${_param:galera_ssl_enabled}
+ cors:
+ allowed_origin: ${_param:glance_cors_allowed_origin}
registry:
host: ${_param:cluster_vip_address}
port: 9191
diff --git a/jenkins/client/approved_scripts.yml b/jenkins/client/approved_scripts.yml
index ed6292e..72aa415 100644
--- a/jenkins/client/approved_scripts.yml
+++ b/jenkins/client/approved_scripts.yml
@@ -109,6 +109,7 @@
- new java.util.ArrayList
- new java.util.Date
- new java.util.HashMap
+ - new java.util.LinkedHashMap java.util.Map
- staticField groovy.io.FileType FILES
- staticMethod com.cloudbees.plugins.credentials.CredentialsProvider lookupCredentials java.lang.Class hudson.model.ItemGroup
- staticMethod hudson.model.Hudson getInstance
diff --git a/jenkins/client/credential/lab.yml b/jenkins/client/credential/lab.yml
new file mode 100644
index 0000000..68375e3
--- /dev/null
+++ b/jenkins/client/credential/lab.yml
@@ -0,0 +1,9 @@
+parameters:
+ _param:
+ lab_ssh_user: root
+ jenkins:
+ client:
+ credential:
+ lab:
+ username: ${_param:lab_ssh_user}
+ key: ${_param:cluster_private_key}
diff --git a/nginx/server/proxy/openstack/glance.yml b/nginx/server/proxy/openstack/glance.yml
index 9cdd702..d8ef4a5 100644
--- a/nginx/server/proxy/openstack/glance.yml
+++ b/nginx/server/proxy/openstack/glance.yml
@@ -20,6 +20,8 @@
port: 9292
protocol: ${_param:nginx_proxy_openstack_glance_protocol}
size: ${_param:nginx_proxy_openstack_glance_image_size}
+ # Prevent nginx from caching request body
+ request_buffer: false
host:
name: ${_param:nginx_proxy_openstack_api_host}
port: 9292
diff --git a/nginx/server/proxy/openstack_web.yml b/nginx/server/proxy/openstack_web.yml
index b85527f..a9a4894 100644
--- a/nginx/server/proxy/openstack_web.yml
+++ b/nginx/server/proxy/openstack_web.yml
@@ -25,9 +25,9 @@
buffer:
${_param:nginx_proxy_openstack_web_buffer_size}
host:
- name: ${_param:nginx_proxy_openstack_web_host}
- port: 443
- protocol: https
+ name: ${_param:horizon_public_host}
+ port: ${_param:horizon_public_port}
+ protocol: ${_param:horizon_public_protocol}
ssl: ${_param:nginx_proxy_ssl}
nginx_ssl_redirect_openstack_web:
enabled: true