Merge "Configure default security limits in systemd."
diff --git a/docker/swarm/stack/monitoring.yml b/docker/swarm/stack/monitoring.yml
index 091add5..4371367 100644
--- a/docker/swarm/stack/monitoring.yml
+++ b/docker/swarm/stack/monitoring.yml
@@ -77,10 +77,7 @@
data_dir: ${_param:prometheus_server_data_directory}
bind_port: ${prometheus:server:bind:port}
bind_address: ${prometheus:server:bind:address}
- alertmanager_port: ${prometheus:alertmanager:bind:port}
storage_local_engine: ${prometheus:server:storage:local:engine}
storage_local_retention: ${prometheus:server:storage:local:retention}
- storage_local_memory_chunks: ${prometheus:server:storage:local:memory_chunks}
- storage_local_max_chunks_to_persist: ${prometheus:server:storage:local:max_chunks_to_persist}
+ storage_local_target_heap_size: ${prometheus:server:storage:local:target_heap_size}
storage_local_num_fingerprint_mutexes: ${prometheus:server:storage:local:num_fingerprint_mutexes}
- discovery_domain: 'monitoring_alertmanager'
diff --git a/docker/swarm/stack/rundeck.yml b/docker/swarm/stack/rundeck.yml
index f89619a..a4ec24b 100644
--- a/docker/swarm/stack/rundeck.yml
+++ b/docker/swarm/stack/rundeck.yml
@@ -1,7 +1,7 @@
parameters:
_param:
docker_rundeck_replicas: 1
- docker_image_rundeck: docker-sandbox.sandbox.mirantis.net/ikharin/oss/rundeck:devel
+ docker_image_rundeck: docker-sandbox.sandbox.mirantis.net/ikharin/oss/rundeck:2.7.3-1
docker:
client:
stack:
diff --git a/freeipa/client/cluster.yml b/freeipa/client/cluster.yml
new file mode 100644
index 0000000..2276530
--- /dev/null
+++ b/freeipa/client/cluster.yml
@@ -0,0 +1,14 @@
+classes:
+- service.freeipa.client
+parameters:
+ freeipa:
+ client:
+ enabled: true
+ hostname: ${linux:system:name}
+ servers:
+ - ${_param:freeipa_node01_hostname}
+ - ${_param:freeipa_node02_hostname}
+ - ${_param:freeipa_node03_hostname}
+ domain: ${_param:cluster_domain}
+ realm: ${_param:freeipa_realm}
+ otp: ${_param:freeipa_otp}
\ No newline at end of file
diff --git a/freeipa/client/single.yml b/freeipa/client/single.yml
new file mode 100644
index 0000000..7804bd1
--- /dev/null
+++ b/freeipa/client/single.yml
@@ -0,0 +1,12 @@
+classes:
+- service.freeipa.client
+parameters:
+ freeipa:
+ client:
+ enabled: true
+ hostname: ${linux:system:name}
+ servers:
+ - ${_param:freeipa_node01_hostname}
+ domain: ${_param:cluster_domain}
+ realm: ${_param:freeipa_realm}
+ otp: ${_param:freeipa_otp}
\ No newline at end of file
diff --git a/jenkins/client/job/debian/packages/extra.yml b/jenkins/client/job/debian/packages/extra.yml
index b7de941..c902f32 100644
--- a/jenkins/client/job/debian/packages/extra.yml
+++ b/jenkins/client/job/debian/packages/extra.yml
@@ -105,6 +105,10 @@
dist: xenial
build: pipeline
branch: debian/xenial
+ - package: python-pydbus
+ dist: xenial
+ build: pipeline
+ branch: debian/xenial
- package: python-docker
dist: xenial
build: pipeline
diff --git a/jenkins/client/job/debian/packages/horizon/modules.yml b/jenkins/client/job/debian/packages/horizon/modules.yml
index 4297071..0df27ad 100644
--- a/jenkins/client/job/debian/packages/horizon/modules.yml
+++ b/jenkins/client/job/debian/packages/horizon/modules.yml
@@ -42,6 +42,18 @@
os_version: ocata
branch: master
# Trusty
+ - name: horizon-contrib
+ os: ubuntu
+ dist: trusty
+ os_version: ocata
+ branch: master
+ # Xenial
+ - name: horizon-contrib
+ os: ubuntu
+ dist: xenial
+ os_version: ocata
+ branch: master
+ # Trusty
- name: horizon-contrail-panels
os: ubuntu
dist: trusty
diff --git a/jenkins/client/job/deploy/lab/cicd.yml b/jenkins/client/job/deploy/lab/cicd.yml
index 4fcc6d5..7f53d29 100644
--- a/jenkins/client/job/deploy/lab/cicd.yml
+++ b/jenkins/client/job/deploy/lab/cicd.yml
@@ -18,33 +18,21 @@
script: cicd-lab-pipeline.groovy
param:
# heat
- STACK_TEMPLATE_URL:
+ HEAT_TEMPLATE_URL:
type: string
default: "git@github.com:Mirantis/mk-lab-heat-templates.git"
- STACK_TEMPLATE_CREDENTIALS:
+ HEAT_TEMPLATE_CREDENTIALS:
type: string
default: "gerrit"
- STACK_TEMPLATE_BRANCH:
+ HEAT_TEMPLATE_BRANCH:
type: string
default: "master"
- STACK_NAME:
+ HEAT_STACK_NAME:
type: string
description: Heat stack name. Will be generated if missing.
- STACK_TEMPLATE:
+ HEAT_STACK_TEMPLATE:
type: string
default: "{{lab}}"
- STACK_DELETE:
- type: boolean
- default: 'true'
- description: "Delete heat stack at the end of job"
- STACK_REUSE:
- type: boolean
- default: 'false'
- description: "Reuse existing stack and only orchestrate deployment"
- STACK_CLEANUP_JOB:
- type: string
- default: 'deploy-heat-cleanup'
-
HEAT_STACK_ENVIRONMENT:
type: string
default: "tcpisek"
@@ -54,6 +42,14 @@
HEAT_STACK_PUBLIC_NET:
type: string
default: "mirantis-private"
+ HEAT_STACK_DELETE:
+ type: boolean
+ default: 'true'
+ description: "Delete heat stack at the end of job"
+ HEAT_STACK_REUSE:
+ type: boolean
+ default: 'false'
+ description: "Reuse existing stack and only orchestrate deployment"
# salt master
SALT_MASTER_CREDENTIALS:
diff --git a/jenkins/client/job/deploy/lab/mk/cloud.yml b/jenkins/client/job/deploy/lab/mk/cloud.yml
index 80d7c58..6bffea0 100644
--- a/jenkins/client/job/deploy/lab/mk/cloud.yml
+++ b/jenkins/client/job/deploy/lab/mk/cloud.yml
@@ -13,7 +13,7 @@
client:
job_template:
cloud_deploy_heat_template:
- name: cloud-deploy-{{stack_type}}-{{stack_name}}
+ name: deploy-{{stack_type}}-{{stack_name}}
jobs: ${_param:jenkins_cloud_deploy_pipelines}
template:
type: workflow-scm
@@ -76,13 +76,17 @@
type: string
default: ""
- # openstack api
+ # aws api
AWS_STACK_REGION:
type: string
default: "us-west-2"
AWS_API_CREDENTIALS:
type: string
- default: "aws-qa-credentials"
+ default: "aws-credentials"
+ AWS_SSH_KEY:
+ type: string
+ default: "jenkins-mk"
+
# openstack api
OPENSTACK_API_URL:
diff --git a/jenkins/client/job/test_devops_portal.yml b/jenkins/client/job/test_devops_portal.yml
index 41be263..5cf4c79 100644
--- a/jenkins/client/job/test_devops_portal.yml
+++ b/jenkins/client/job/test_devops_portal.yml
@@ -41,15 +41,11 @@
JSON_CONFIG:
type: string
default: '{"services": {"elasticsearch": {"endpoint": "http://elasticsearch:9200"}}}'
- NODE_IMAGE:
- type: string
- default: "docker-sandbox.sandbox.mirantis.net/ikharin/ci/node-firefox:6.10"
COMMANDS:
type: text
default: |
npm run lint
npm run test:unit
- npm run test:functional
DEFAULT_GIT_URL:
type: string
default: "${_param:jenkins_gerrit_url}/oss/devops-portal"
diff --git a/postgresql/client/init.yml b/postgresql/client/init.yml
new file mode 100644
index 0000000..95fdcdb
--- /dev/null
+++ b/postgresql/client/init.yml
@@ -0,0 +1,15 @@
+parameters:
+ _param:
+ postgresql_client_user: none
+ postgresql_client_password: none
+ postgresql_client_host: ${_param:control_vip_address}
+ postgresql_client_port: 5432
+ postgresql:
+ client:
+ server:
+ server01:
+ admin:
+ host: ${_param:postgresql_client_host}
+ port: ${_param:postgresql_client_port}
+ user: ${_param:postgresql_client_user}
+ password: ${_param:postgresql_client_password}
diff --git a/postgresql/client/pushkin.yml b/postgresql/client/pushkin.yml
index 12b5906..d768464 100644
--- a/postgresql/client/pushkin.yml
+++ b/postgresql/client/pushkin.yml
@@ -1,18 +1,14 @@
+classes:
+ - system.postgresql.client
parameters:
_param:
pushkin_db_host: ${_param:haproxy_postgresql_bind_host}
- pushkin_db_port: ${_param:haproxy_postgresql_bind_port}
pushkin_db_user: pushkin
pushkin_db_user_password: pushkin
postgresql:
client:
server:
server01:
- admin:
- host: ${_param:pushkin_db_host}
- port: ${_param:pushkin_db_port}
- user: ${_param:postgresql_admin_user}
- password: ${_param:postgresql_admin_user_password}
database:
pushkin:
enabled: true
diff --git a/postgresql/client/rundeck.yml b/postgresql/client/rundeck.yml
new file mode 100644
index 0000000..0c1102d
--- /dev/null
+++ b/postgresql/client/rundeck.yml
@@ -0,0 +1,22 @@
+classes:
+ - system.postgresql.client
+parameters:
+ _param:
+ rundeck_db_host: ${_param:haproxy_postgresql_bind_host}
+ rundeck_db_user: rundeck
+ rundeck_db_user_password: password
+ postgresql:
+ client:
+ server:
+ server01:
+ database:
+ rundeck:
+ enabled: true
+ encoding: 'UTF8'
+ locale: 'en_US'
+ users:
+ - name: ${_param:rundeck_db_user}
+ password: ${_param:rundeck_db_user_password}
+ host: ${_param:rundeck_db_host}
+ createdb: true
+ rights: all privileges
diff --git a/postgresql/client/security_monkey.yml b/postgresql/client/security_monkey.yml
index 428753d..43e48d2 100644
--- a/postgresql/client/security_monkey.yml
+++ b/postgresql/client/security_monkey.yml
@@ -1,18 +1,14 @@
+classes:
+ - system.postgresql.client
parameters:
_param:
secmonkey_db_host: ${_param:haproxy_postgresql_bind_host}
- secmonkey_db_port: ${_param:haproxy_postgresql_bind_port}
secmonkey_db_user: secmonkey
secmonkey_db_user_password: secmonkey
postgresql:
client:
server:
server01:
- admin:
- host: ${_param:secmonkey_db_host}
- port: ${_param:secmonkey_db_port}
- user: ${_param:postgresql_admin_user}
- password: ${_param:postgresql_admin_user_password}
database:
secmonkey:
enabled: true
diff --git a/prometheus/server/alertmanager/dns.yml b/prometheus/server/alertmanager/dns.yml
new file mode 100644
index 0000000..99fd4db
--- /dev/null
+++ b/prometheus/server/alertmanager/dns.yml
@@ -0,0 +1,12 @@
+parameters:
+ prometheus:
+ server:
+ config:
+ alertmanager:
+ docker_swarm_alertmanager:
+ enabled: true
+ dns_sd_configs:
+ domain:
+ - tasks.monitoring_alertmanager
+ type: A
+ port: ${prometheus:alertmanager:bind:port}