Merge "Add kubernetes proxy classes"
diff --git a/.gitignore b/.gitignore
index 485dee6..ae8e990 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
.idea
+.*.swp
diff --git a/aodh/server/cluster.yml b/aodh/server/cluster.yml
index 00a8263..2ff4ea9 100644
--- a/aodh/server/cluster.yml
+++ b/aodh/server/cluster.yml
@@ -4,6 +4,8 @@
- system.haproxy.proxy.listen.openstack.aodh
- system.keepalived.cluster.instance.openstack_telemetry_vip
parameters:
+ _param:
+ openstack_event_alarm_topic: alarm.all
aodh:
server:
enabled: true
@@ -13,8 +15,9 @@
debug: false
verbose: true
region: ${_param:openstack_region}
+ event_alarm_topic: ${_param:openstack_event_alarm_topic}
database:
- engine: "mysql+pymysql"
+ engine: "mysql"
host: ${_param:openstack_database_address}
port: 3306
name: aodh
diff --git a/aodh/server/single.yml b/aodh/server/single.yml
index eba3fc1..df4be81 100644
--- a/aodh/server/single.yml
+++ b/aodh/server/single.yml
@@ -1,2 +1,8 @@
classes:
- service.aodh.server.single
+parameters:
+ _param:
+ openstack_event_alarm_topic: alarm.all
+ aodh:
+ server:
+ event_alarm_topic: ${_param:openstack_event_alarm_topic}
diff --git a/ceilometer/server/backend/default.yml b/ceilometer/server/backend/default.yml
index 542314c..071e4a1 100644
--- a/ceilometer/server/backend/default.yml
+++ b/ceilometer/server/backend/default.yml
@@ -2,6 +2,8 @@
- service.ceilometer.server.publisher.gnocchi
- service.ceilometer.server.publisher.panko
parameters:
+ _param:
+ openstack_event_alarm_topic: alarm.all
# gnocchi and panko are default backends for Ceilometer since Pike
# they are incompatible with any legacy database publisher backends
ceilometer:
@@ -12,3 +14,7 @@
publisher:
default:
enabled: false
+ event_alarm_notifier:
+ enabled: true
+ url: "notifier://?topic=${_param:openstack_event_alarm_topic}"
+ publish_event: true
diff --git a/cinder/volume/single.yml b/cinder/volume/single.yml
index 1b9948d..b959d32 100644
--- a/cinder/volume/single.yml
+++ b/cinder/volume/single.yml
@@ -16,6 +16,7 @@
host: ${_param:openstack_database_address}
glance:
host: ${_param:openstack_control_address}
+ protocol: ${_param:cluster_internal_protocol}
message_queue:
members:
- host: ${_param:openstack_message_queue_node01_address}
diff --git a/debmirror/mirror_mirantis_com/maas/xenial.yml b/debmirror/mirror_mirantis_com/maas/xenial.yml
new file mode 100644
index 0000000..3204fd0
--- /dev/null
+++ b/debmirror/mirror_mirantis_com/maas/xenial.yml
@@ -0,0 +1,21 @@
+parameters:
+ _param:
+ apt_mk_version: 'stable'
+ mirror_mirantis_com_maas_xenial_force: False
+ debmirror_mirrors_base_target_dir: "/srv/volumes/aptly/public/${_param:apt_mk_version}/"
+ debmirror:
+ client:
+ enabled: true
+ mirrors:
+ mirror_mirantis_com_maas_xenial:
+ force: ${_param:mirror_mirantis_com_maas_xenial_force}
+ lock_target: True
+ extra_flags: [ '--verbose', '--progress', '--nosource', '--no-check-gpg', '--rsync-extra=none' ]
+ method: "rsync"
+ arch: [ 'amd64' ]
+ mirror_host: "mirror.mirantis.com"
+ mirror_root: ":mirror/${_param:apt_mk_version}/maas/xenial/"
+ target_dir: "${_param:debmirror_mirrors_base_target_dir}/maas/xenial/"
+ log_file: "/var/log/debmirror/mirror_mirantis_com_maas_xenial.log"
+ dist: [ xenial ]
+ section: [ main ]
diff --git a/debmirror/mirror_mirantis_com/ubuntu/xenial.yml b/debmirror/mirror_mirantis_com/ubuntu/xenial.yml
index 6a38787..3ba7267 100644
--- a/debmirror/mirror_mirantis_com/ubuntu/xenial.yml
+++ b/debmirror/mirror_mirantis_com/ubuntu/xenial.yml
@@ -2,6 +2,7 @@
_param:
apt_mk_version: 'stable'
mirror_mirantis_com_ubuntu_xenial_force: False
+ debmirror_mirrors_base_target_dir: "/srv/volumes/aptly/public/${_param:apt_mk_version}/"
debmirror:
client:
enabled: true
@@ -15,10 +16,10 @@
arch: [ 'amd64' ]
mirror_host: "mirror.mirantis.com"
mirror_root: ":mirror/${_param:apt_mk_version}/ubuntu/"
- target_dir: "/srv/volumes/aptly/public/ubuntu/"
+ target_dir: "${_param:debmirror_mirrors_base_target_dir}/ubuntu/"
log_file: "/var/log/debmirror/mirror_mirantis_com_ubuntu_xenial.log"
dist: [ xenial , xenial-security, xenial-updates ]
- section: [ main , multiverse, restricted, universe ]
+ section: [ main , restricted, universe ]
# Don't exclude main/x11 - its required for many pkgs.
exclude_deb_section:
- games
diff --git a/docker/swarm/stack/jenkins/slave.yml b/docker/swarm/stack/jenkins/slave.yml
index 42a0031..e6ed298 100644
--- a/docker/swarm/stack/jenkins/slave.yml
+++ b/docker/swarm/stack/jenkins/slave.yml
@@ -35,7 +35,7 @@
image: ${_param:docker_image_jenkins_slave}
volumes:
- /etc/ssl/certs/java/cacerts:/etc/ssl/certs/java/cacerts:ro
- - /etc/aptly-publisher.yaml:/etc/aptly-publisher.yaml:ro
+ - /etc/aptly:/etc/aptly:ro
- /var/run/docker.sock:/var/run/docker.sock
- /usr/bin/docker:/usr/bin/docker:ro
- /var/lib/jenkins:/var/lib/jenkins
@@ -59,7 +59,7 @@
image: ${_param:docker_image_jenkins_slave}
volumes:
- /etc/ssl/certs/java/cacerts:/etc/ssl/certs/java/cacerts:ro
- - /etc/aptly-publisher.yaml:/etc/aptly-publisher.yaml:ro
+ - /etc/aptly:/etc/aptly:ro
- /var/run/docker.sock:/var/run/docker.sock
- /usr/bin/docker:/usr/bin/docker:ro
- /var/lib/jenkins:/var/lib/jenkins
@@ -83,7 +83,7 @@
image: ${_param:docker_image_jenkins_slave}
volumes:
- /etc/ssl/certs/java/cacerts:/etc/ssl/certs/java/cacerts:ro
- - /etc/aptly-publisher.yaml:/etc/aptly-publisher.yaml:ro
+ - /etc/aptly:/etc/aptly:ro
- /var/run/docker.sock:/var/run/docker.sock
- /usr/bin/docker:/usr/bin/docker:ro
- /var/lib/jenkins:/var/lib/jenkins
diff --git a/gerrit/client/init.yml b/gerrit/client/init.yml
index 5d719d4..16e4231 100644
--- a/gerrit/client/init.yml
+++ b/gerrit/client/init.yml
@@ -3,6 +3,7 @@
parameters:
_param:
gerrit_try_login: true
+ gerrit_server_host: ${_param:cluster_vip_address}
gerrit:
client:
enabled: True
@@ -12,7 +13,7 @@
gerrit_config: /srv/volumes/gerrit/etc/gerrit.config
gerrit_secure_config: /srv/volumes/gerrit/etc/secure.config
server:
- host: ${_param:cluster_vip_address}
+ host: ${_param:gerrit_server_host}
user: admin
email: ${_param:gerrit_admin_email}
auth_method: basic
diff --git a/glusterfs/client/volume/keystone.yml b/glusterfs/client/volume/keystone.yml
index 39c5619..a93c0c1 100644
--- a/glusterfs/client/volume/keystone.yml
+++ b/glusterfs/client/volume/keystone.yml
@@ -12,6 +12,7 @@
server: ${_param:keystone_glusterfs_service_host}
user: keystone
group: keystone
+ mode: 750
opts: "defaults,backup-volfile-servers=${_param:glusterfs_node01_address}:${_param:glusterfs_node02_address}:${_param:glusterfs_node03_address}"
keystone-credential-keys:
path: /var/lib/keystone/credential-keys
diff --git a/haproxy/proxy/listen/openstack/galera/init.yml b/haproxy/proxy/listen/openstack/galera/init.yml
index c9bd41c..1dd1a1c 100644
--- a/haproxy/proxy/listen/openstack/galera/init.yml
+++ b/haproxy/proxy/listen/openstack/galera/init.yml
@@ -3,12 +3,6 @@
haproxy_params_check: 'check'
haproxy:
proxy:
- timeout:
- queue: '10s'
- connect: '10s'
- client: '10s'
- server: '10s'
- check: '10s'
listen:
mysql_cluster:
type: mysql
diff --git a/haproxy/proxy/listen/openstack/horizon.yml b/haproxy/proxy/listen/openstack/horizon.yml
index 14f5c2b..d507b96 100644
--- a/haproxy/proxy/listen/openstack/horizon.yml
+++ b/haproxy/proxy/listen/openstack/horizon.yml
@@ -3,7 +3,7 @@
proxy:
listen:
horizon_web:
- type: general-service
+ type: horizon
check: false
binds:
- address: ${_param:cluster_vip_address}
@@ -20,4 +20,4 @@
- name: ${_param:cluster_node03_hostname}
host: ${_param:cluster_node03_address}
port: 8078
- params: check
\ No newline at end of file
+ params: check
diff --git a/horizon/server/plugin/contrail.yml b/horizon/server/plugin/contrail.yml
index 03da87e..9166bce 100644
--- a/horizon/server/plugin/contrail.yml
+++ b/horizon/server/plugin/contrail.yml
@@ -1,4 +1,6 @@
parameters:
+ _param:
+ opencontrail_version: 3.2
horizon:
server:
plugin:
@@ -6,8 +8,9 @@
source:
engine: pkg
name: openstack-dashboard-contrail-panels
+ opencontrail_version: ${_param:opencontrail_version}
horizon_overrides:
overrides:
- contrail_openstack_dashboard
openstack_neutron_network:
- enable_fip_topology_check: False
\ No newline at end of file
+ enable_fip_topology_check: False
diff --git a/jenkins/client/approved_scripts.yml b/jenkins/client/approved_scripts.yml
index 1fb68c9..2b2c6a7 100644
--- a/jenkins/client/approved_scripts.yml
+++ b/jenkins/client/approved_scripts.yml
@@ -151,3 +151,8 @@
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getAt java.util.Collection java.lang.String
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods init java.util.List
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods asBoolean java.lang.CharSequence
+ - staticMethod hudson.model.Hudson getInstance
+ - method hudson.model.Job getProperty java.lang.Class
+ - method hudson.model.ParametersDefinitionProperty getParameterDefinitions
+ - method hudson.model.ParameterDefinition getName
+ - hudson.model.StringParameterDefinition getDefaultValue
diff --git a/jenkins/client/init.yml b/jenkins/client/init.yml
index 856eec5..80724b1 100644
--- a/jenkins/client/init.yml
+++ b/jenkins/client/init.yml
@@ -10,8 +10,12 @@
jenkins_master_port: 8081
jenkins_aptly_storages: "local"
jenkins_pipelines_branch: "master"
+ jenkins_offline_deployment: "false"
jenkins:
client:
+ globalenvprop:
+ OFFLINE_DEPLOYMENT:
+ value: ${_param:jenkins_offline_deployment}
master:
host: ${_param:jenkins_master_host}
port: ${_param:jenkins_master_port}
@@ -19,30 +23,41 @@
password: ${_param:jenkins_client_password}
plugin:
artifactory: {}
+ blueocean: {}
build-blocker-plugin: {}
build-monitor-plugin: {}
+ build-timeout: {}
build-user-vars-plugin: {}
categorized-view: {}
+ copyartifact: {}
description-setter: {}
discard-old-build: {}
docker-workflow: {}
email-ext: {}
+ envinject: {}
extended-choice-parameter: {}
extensible-choice-parameter: {}
gerrit-trigger: {}
git: {}
+ github: {}
heavy-job: {}
jobConfigHistory: {}
jira: {}
ldap: {}
+ lockable-resources: {}
matrix-auth: {}
monitoring: {}
+ multiple-scms: {}
performance: {}
+ permissive-script-security: {}
pipeline-utility-steps: {}
+ prometheus: {}
rebuild: {}
simple-theme-plugin: {}
slack: {}
+ ssh-agent: {}
test-stability: {}
+ throttle-concurrents: {}
workflow-cps: {}
workflow-remote-loader: {}
workflow-scm-step:
@@ -52,6 +67,7 @@
enabled: true
url: ${_param:jenkins_gerrit_url}/mcp-ci/pipeline-library
credential_id: gerrit
+ branch: ${_param:jenkins_pipelines_branch}
view:
Mirrors:
enabled: true
diff --git a/jenkins/client/job/aptly.yml b/jenkins/client/job/aptly.yml
index 2ac90bb..55c7f88 100644
--- a/jenkins/client/job/aptly.yml
+++ b/jenkins/client/job/aptly.yml
@@ -97,7 +97,6 @@
type: string
default: "${_param:jenkins_aptly_storages}"
description: "Comma separated list of storage"
- job_template:
aptly-all:
name: aptly-{{operation}}-all-{{source}}-{{target}}
jobs:
diff --git a/jenkins/client/job/debian/packages/horizon/modules.yml b/jenkins/client/job/debian/packages/horizon/modules.yml
index c908e5c..357be6e 100644
--- a/jenkins/client/job/debian/packages/horizon/modules.yml
+++ b/jenkins/client/job/debian/packages/horizon/modules.yml
@@ -126,6 +126,18 @@
os_version: pike
branch: stable/pike
# Trusty
+ - name: horizon-contrail-panels
+ os: ubuntu
+ dist: trusty
+ os_version: queens
+ branch: stable/queens
+ # Xenial
+ - name: horizon-contrail-panels
+ os: ubuntu
+ dist: xenial
+ os_version: queens
+ branch: stable/queens
+ # Trusty
- name: horizon-jenkins-dashboard
os: ubuntu
dist: trusty
diff --git a/jenkins/client/job/debian/packages/salt.yml b/jenkins/client/job/debian/packages/salt.yml
index ad35faa..7a9dd04 100644
--- a/jenkins/client/job/debian/packages/salt.yml
+++ b/jenkins/client/job/debian/packages/salt.yml
@@ -617,6 +617,10 @@
upload_source_package: true
upload_to_aptly: true
dist: xenial
+ - name: hubble
+ upload_source_package: true
+ upload_to_aptly: true
+ dist: xenial
- name: influxdb
upload_source_package: true
upload_to_aptly: true
@@ -749,6 +753,10 @@
upload_source_package: true
upload_to_aptly: true
dist: xenial
+ - name: openscap
+ upload_source_package: true
+ upload_to_aptly: true
+ dist: xenial
- name: openssh
upload_source_package: true
upload_to_aptly: true
diff --git a/jenkins/client/job/deploy/update/upgrade_mcp_release.yml b/jenkins/client/job/deploy/update/upgrade_mcp_release.yml
index 8587140..9f18006 100644
--- a/jenkins/client/job/deploy/update/upgrade_mcp_release.yml
+++ b/jenkins/client/job/deploy/update/upgrade_mcp_release.yml
@@ -10,7 +10,7 @@
upgrade-mcp-release:
type: workflow-scm
concurrent: true
- display_name: "Deploy - upgrade MCP Release"
+ display_name: "Deploy - upgrade MCP Drivetrain"
scm:
type: git
url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
@@ -27,7 +27,15 @@
MCP_VERSION:
type: string
default: ""
+ UPDATE_CLUSTER_MODEL:
+ type: boolean
+ default: 'false'
+ description: "Replace `apt_mk_version` parameter in cluster level Reclass model."
+ UPDATE_PIPELINES:
+ type: boolean
+ default: 'false'
+ description: "Mirror pipelines from upstream/local mirror to Gerrit."
UPDATE_LOCAL_REPOS:
type: boolean
default: 'false'
- description: "Use only when local repositories are present"
\ No newline at end of file
+ description: "Use only when local repositories are present."
\ No newline at end of file
diff --git a/jenkins/client/job/docker/cicd/tempest.yml b/jenkins/client/job/docker/cicd/tempest.yml
index 7b68403..38cc667 100644
--- a/jenkins/client/job/docker/cicd/tempest.yml
+++ b/jenkins/client/job/docker/cicd/tempest.yml
@@ -22,6 +22,7 @@
"mcp/docker-ci-tempest":
branches:
- master
+ - pike
event:
patchset:
- created:
diff --git a/jenkins/client/job/opencontrail/git-mirrors/downstream.yml b/jenkins/client/job/opencontrail/git-mirrors/downstream.yml
index f92d1a7..306866b 100644
--- a/jenkins/client/job/opencontrail/git-mirrors/downstream.yml
+++ b/jenkins/client/job/opencontrail/git-mirrors/downstream.yml
@@ -16,7 +16,7 @@
- name: contrail-third-party
branches: ${_param:contrail_branches}
- name: contrail-generateDS
- branches: ${_param:contrail_branches}
+ branches: ${_param:contrail_branches_generateDS}
- name: contrail-sandesh
branches: ${_param:contrail_branches}
- name: contrail-packages
diff --git a/jenkins/client/job/opencontrail/init.yml b/jenkins/client/job/opencontrail/init.yml
index c6d1ca6..997d885 100644
--- a/jenkins/client/job/opencontrail/init.yml
+++ b/jenkins/client/job/opencontrail/init.yml
@@ -4,6 +4,8 @@
parameters:
_param:
contrail_branches: "R3.0.2.x,R3.0.3.x,R3.1,R3.1.1.x,R3.2,R3.2.3.x,R4.0,R4.1,R5.0,master"
+ # generateDS does not have 5.0 branch
+ contrail_branches_generateDS: "R3.0.2.x,R3.0.3.x,R3.1,R3.1.1.x,R3.2,R3.2.3.x,R4.0,R4.1,master"
contrail_kubernetes_branches: "master,release-1.2"
contrail_dpdk_extra_branches: "mitaka,mitaka_dpdk_17_02,mitaka_dpdk_17_05,kilo,liberty-multiqueue,newton,ocata"
contrail_ceilometer_plugin_branches: "master,R4.0,R4.1"
diff --git a/jenkins/client/job/oscore/cookiecutter.yml b/jenkins/client/job/oscore/cookiecutter.yml
new file mode 100644
index 0000000..bc180b4
--- /dev/null
+++ b/jenkins/client/job/oscore/cookiecutter.yml
@@ -0,0 +1,129 @@
+parameters:
+ jenkins:
+ client:
+ job:
+ oscore-test-cookiecutter-model:
+ display_name: oscore-test-cookiecutter-model
+ name: oscore-test-cookiecutter-model
+ concurrent: true
+ description: Test specified cookiecutter context
+ discard:
+ build:
+ keep_num: 60
+ artifact:
+ keep_num: 60
+ type: workflow-scm
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/openstack-ci/openstack-pipelines"
+ credentials: "gerrit"
+ branch: 'master'
+ script: test-cookiecutter-model-pipeline.groovy
+ param:
+ CREDENTIALS_ID:
+ type: string
+ description: "ID of jenkins credentials to be used when connecting to gerrit."
+ default: "gerrit"
+ COOKIECUTTER_TEMPLATE_CONTEXT_FILE:
+ type: choice
+ description: "Context for coockiecutter template specified as filename."
+ choices:
+ - openstack-ovs-core-ocata
+ - openstack-ovs-core-pike
+ - openstack-ovs-core-ssl-pike
+ - openstack-ovs-core-barbican-pike
+ - openstack-ovs-core-manila-pike
+ - openstack-ovs-core-telemetry-pike
+ - openstack-ovs-core-queens
+ STACK_INSTALL:
+ type: string
+ default: 'core,openstack,ovs'
+ STACK_DELETE:
+ type: boolean
+ description: "Delete Heat stack when finished (bool)"
+ default: 'false'
+ OPENSTACK_API_PROJECT:
+ type: string
+ default: "mcp-oscore"
+ HEAT_STACK_ZONE:
+ type: string
+ default: "mcp-oscore"
+ FLAVOR_PREFIX:
+ type: string
+ default: 'dev'
+ RUN_SMOKE:
+ type: boolean
+ description: "Run smoke after deployment or not. (bool)"
+ default: 'false'
+ COOKIECUTTER_EXTRA_CONTEXT:
+ type: text
+ description: "Extra context items, will be merged to COOKIECUTTER_TEMPLATE_CONTEXT_FILE"
+ default: |-
+ #Extra context that will be merged with content of COOKIECUTTER_TEMPLATE_CONTEXT_FILE
+ default_context:
+ openssh_groups: "qa_scale,oscore_devops,networking,tcpcloud,stacklight,k8s_team"
+ cookiecutter_template_url: https://gerrit.mcp.mirantis.net/mk/cookiecutter-templates.git
+ cookiecutter_template_branch: 'master'
+ shared_reclass_url: https://gerrit.mcp.mirantis.net/salt-models/reclass-system.git
+ shared_reclass_branch: 'master'
+ STACK_INSTALL:
+ type: string
+ default: 'core,openstack,ovs'
+ STACK_DELETE:
+ type: boolean
+ description: "Delete Heat stack when finished (bool)"
+ default: 'false'
+ oscore-test-cookiecutter-models:
+ display_name: oscore-test-cookiecutter-models
+ name: oscore-test-cookiecutter-models
+ concurrent: true
+ discard:
+ build:
+ keep_num: 30
+ artifact:
+ keep_num: 30
+ type: workflow-scm
+ concurrent: true
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/openstack-ci/openstack-pipelines.git"
+ credentials: "gerrit"
+ branch: 'master'
+ script: test-cookiecutter-models-pipeline.groovy
+ trigger:
+ gerrit:
+ project:
+ "^mk/cookiecutter-templates$":
+ compare_type: 'REG_EXP'
+ branches:
+ - master
+ skip_vote:
+ - successful
+ - failed
+ - unstable
+ - not_built
+ event:
+ comment:
+ - addedContains:
+ commentAddedCommentContains: '^(?s:Patch Set \d+:.*(test|recheck|reverify)\s*)$'
+ param:
+ CREDENTIALS_ID:
+ type: string
+ default: "gerrit"
+ description: "ID of jenkins credentials to be used when connecting to gerrit."
+ OPENSTACK_API_PROJECT:
+ type: string
+ default: "mcp-oscore-ci"
+ HEAT_STACK_ZONE:
+ type: string
+ default: "mcp-oscore-ci"
+ FLAVOR_PREFIX:
+ type: string
+ default: 'dev'
+ TEST_SCHEME:
+ type: text
+ description: "Yaml based scheme to test specific models."
+ default: |-
+ openstack-ovs-core-pike:
+ run_smoke: true
+ stack_install: 'core,openstack,ovs'
diff --git a/jenkins/client/job/oscore/init.yml b/jenkins/client/job/oscore/init.yml
index 2f45ef8..61dbda8 100644
--- a/jenkins/client/job/oscore/init.yml
+++ b/jenkins/client/job/oscore/init.yml
@@ -3,6 +3,8 @@
- system.jenkins.client.job.oscore.tests
- system.jenkins.client.job.oscore.qa
- system.jenkins.client.job.oscore.salt_virtual_models
+ - system.jenkins.client.job.oscore.cookiecutter
+ - system.jenkins.client.job.oscore.release
parameters:
_param:
job_description_oscore: <br>Deploy and test OpenStack.<br>
diff --git a/jenkins/client/job/oscore/release.yml b/jenkins/client/job/oscore/release.yml
new file mode 100644
index 0000000..f73bd22
--- /dev/null
+++ b/jenkins/client/job/oscore/release.yml
@@ -0,0 +1,69 @@
+parameters:
+ jenkins:
+ client:
+ job_template:
+ promote-release-component:
+ name: "{{job_prefix}}-promote-{{component}}-{{version}}-{{distribution}}"
+ template:
+ discard:
+ build:
+ keep_num: 30
+ artifact:
+ keep_num: 30
+ type: workflow-scm
+ concurrent: true
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/openstack-ci/openstack-pipelines.git"
+ credentials: "gerrit"
+ branch: 'master'
+ script: promote-release-component.groovy
+ trigger:
+ timer:
+ spec: "{{timer_spec}}"
+ param:
+ # general
+ AIO_JOB:
+ type: string
+ description: "Job name to deploy all-ini-one envs are going to be tested"
+ default: "{{job_prefix}}-{{aioJobPrefix}}"
+ MULTINODE_JOB:
+ type: string
+ description: "Job name to deploy multinode envs are going to be tested"
+ default: "{{job_prefix}}-{{multinodeJobPrefix}}"
+ SYSTEM_DISTRIBUTION:
+ type: string
+ default: "{{distribution}}"
+ description: "Distribution of operating system"
+ COMPONENT:
+ type: string
+ default: "{{component}}"
+ description: "Tested MCP Component"
+ VERSION:
+ type: string
+ default: "{{version}}"
+ description: "Tested MCP Component"
+ SRC_REVISION:
+ type: string
+ default: "nightly"
+ description: "Tested revision of component - e.g. nightly"
+ SNAPSHOT_ID:
+ type: string
+ default: ""
+ description: "Tested snapshot id of component"
+ TARGET_REVISION:
+ type: string
+ default: "testing"
+ description: "Revision to promote SRC_REVISION to, e.g. testing"
+ TEST_SCHEME:
+ type: string
+ default: "{{test_scheme}}"
+ description: "Structure which defines parameters of deployment jobs"
+ MIRROR_HOST:
+ type: string
+ default: "mirror.mirantis.com"
+ description: "mirror with snapshots and packages"
+ AUTO_PROMOTE:
+ type: boolean
+ default: "{{auto_promote}}"
+ description: Enable to autopromote repo
diff --git a/jenkins/client/job/oscore/tests.yml b/jenkins/client/job/oscore/tests.yml
index a85342d..6e4b65f 100644
--- a/jenkins/client/job/oscore/tests.yml
+++ b/jenkins/client/job/oscore/tests.yml
@@ -708,7 +708,7 @@
trigger:
gerrit:
project:
- "^salt-formulas/(nova|cinder|glance|keystone|horizon|neutron|designate|heat|ironic|barbican|aodh|ceilometer|gnocchi|panko|manila|salt|linux|reclass|galera|memcached|rabbitmq|bind|apache|runtest)$":
+ "^salt-formulas/(nova|cinder|glance|keystone|horizon|neutron|designate|heat|ironic|barbican|aodh|ceilometer|gnocchi|panko|manila|salt|linux|reclass|galera|memcached|rabbitmq|bind|apache|runtest|oslo-templates)$":
compare_type: 'REG_EXP'
branches:
- master
diff --git a/jenkins/client/job/salt-formulas/tests.yml b/jenkins/client/job/salt-formulas/tests.yml
index d2f1199..1c9f4fb 100644
--- a/jenkins/client/job/salt-formulas/tests.yml
+++ b/jenkins/client/job/salt-formulas/tests.yml
@@ -54,6 +54,7 @@
- name: heketi
- name: helm
- name: horizon
+ - name: hubble
- name: influxdb
- name: iptables
- name: ironic
@@ -91,6 +92,7 @@
- name: octavia
- name: opencontrail
- name: openldap
+ - name: openscap
- name: openssh
- name: openvpn
- name: openvstorage
diff --git a/keepalived/cluster/instance/kube_api_server_vip.yml b/keepalived/cluster/instance/kube_api_server_vip.yml
new file mode 100644
index 0000000..f7fbce8
--- /dev/null
+++ b/keepalived/cluster/instance/kube_api_server_vip.yml
@@ -0,0 +1,28 @@
+applications:
+- keepalived
+classes:
+- service.keepalived.support
+parameters:
+ _param:
+ keepalived_vip_priority: 101
+ keepalived_kube_apiserver_vrrp_script_content: "pidof haproxy && systemctl status kube-apiserver.service --quiet --no-pager"
+ keepalived_k8s_apiserver_vip_interface: ens3
+ keepalived_k8s_apiserver_vip_address: ${_param:kubernetes_control_address}
+ keepalived_k8s_apiserver_vip_password: password
+ keepalived:
+ cluster:
+ vrrp_scripts:
+ k8s_vip:
+ content: ${_param:keepalived_kube_apiserver_vrrp_script_content}
+ interval: 10
+ rise: 1
+ fall: 1
+ enabled: true
+ instance:
+ kube_apiserver_vip:
+ address: ${_param:keepalived_k8s_apiserver_vip_address}
+ password: ${_param:keepalived_k8s_apiserver_vip_password}
+ interface: ${_param:keepalived_k8s_apiserver_vip_interface}
+ virtual_router_id: 60
+ priority: ${_param:keepalived_vip_priority}
+ track_script: k8s_vip
\ No newline at end of file
diff --git a/keystone/client/core.yml b/keystone/client/core.yml
index f869059..899f4aa 100644
--- a/keystone/client/core.yml
+++ b/keystone/client/core.yml
@@ -1,3 +1,5 @@
+classes:
+- system.keystone.client.os_client_config.admin_identity
parameters:
_param:
keystone_service_protocol: http
diff --git a/keystone/client/v3/init.yml b/keystone/client/v3/init.yml
new file mode 100644
index 0000000..148da41
--- /dev/null
+++ b/keystone/client/v3/init.yml
@@ -0,0 +1,15 @@
+parameters:
+ keystone:
+ client:
+ resources:
+ v3:
+ enabled: true
+ server:
+ identity:
+ admin:
+ api_version: 3
+ admin_identity:
+ admin:
+ api_version: ''
+ user_domain_name: 'Default'
+ project_domain_name: 'Default'
diff --git a/keystone/client/v3/service/panko.yml b/keystone/client/v3/service/panko.yml
index ee94697..cf09f34 100644
--- a/keystone/client/v3/service/panko.yml
+++ b/keystone/client/v3/service/panko.yml
@@ -15,7 +15,7 @@
service_admin:
name: admin
project_id: service
- service:
+ services:
panko:
type: event
description: OpenStack Event Service
diff --git a/kubernetes/master/auth/rbac.yml b/kubernetes/master/auth/rbac.yml
new file mode 100644
index 0000000..be0577b
--- /dev/null
+++ b/kubernetes/master/auth/rbac.yml
@@ -0,0 +1,5 @@
+parameters:
+ kubernetes:
+ master:
+ auth:
+ mode: Node,RBAC
diff --git a/kubernetes/master/cluster.yml b/kubernetes/master/cluster.yml
index 1295f3a..6d6b404 100644
--- a/kubernetes/master/cluster.yml
+++ b/kubernetes/master/cluster.yml
@@ -1,16 +1,21 @@
classes:
- service.kubernetes.master.cluster
-- service.keepalived.cluster.single
- service.haproxy.proxy.single
- system.haproxy.proxy.listen.kubernetes.apiserver
+- system.keepalived.cluster.instance.kube_api_server_vip
parameters:
_param:
kubernetes_netchecker_agent_repo: mirantis
kubernetes_netchecker_server_repo: mirantis
kubernetes_netchecker_agent_image: ${_param:kubernetes_netchecker_agent_repo}/k8s-netchecker-agent:v1.2.2
kubernetes_netchecker_server_image: ${_param:kubernetes_netchecker_server_repo}/k8s-netchecker-server:v1.2.2
+
+ kubelet_fail_on_swap: true
+
kubernetes:
master:
+ kubelet:
+ fail_on_swap: ${_param:kubelet_fail_on_swap}
container: false
network:
calico:
diff --git a/kubernetes/master/single.yml b/kubernetes/master/single.yml
index 7fada57..b4f20b0 100644
--- a/kubernetes/master/single.yml
+++ b/kubernetes/master/single.yml
@@ -6,6 +6,11 @@
kubernetes_netchecker_server_repo: mirantis
kubernetes_netchecker_agent_image: ${_param:kubernetes_netchecker_agent_repo}/k8s-netchecker-agent:v1.2.2
kubernetes_netchecker_server_image: ${_param:kubernetes_netchecker_server_repo}/k8s-netchecker-server:v1.2.2
+
+ kubelet_fail_on_swap: true
+
kubernetes:
master:
+ kubelet:
+ fail_on_swap: ${_param:kubelet_fail_on_swap}
container: false
diff --git a/kubernetes/pool/cluster.yml b/kubernetes/pool/cluster.yml
index 40cc135..335078f 100644
--- a/kubernetes/pool/cluster.yml
+++ b/kubernetes/pool/cluster.yml
@@ -18,9 +18,20 @@
kubernetes_pause_image: ${_param:kubernetes_hyperkube_repo}/pause-amd64:v1.8.13-11
kubernetes_contrail_cni_image: ${_param:kubernetes_contrail_cni_repo}/contrail-cni:v1.2.0
kubernetes_contrail_network_controller_image: ${_param:kubernetes_contrail_network_controller_repo}/contrail-network-controller:v1.2.0
+ kubernetes_virtlet_image: mirantis/virtlet:v1.0.3
+ kubernetes_criproxy_version: v0.11.0
+ kubernetes_criproxy_checksum: md5=115bbb0c27518db6b0b3bc8cdc5fc897
+
+ kubelet_fail_on_swap: true
kubernetes:
+ common:
+ hyperkube:
+ image: ${_param:kubernetes_hyperkube_image}
+ pause_image: ${_param:kubernetes_pause_image}
pool:
+ kubelet:
+ fail_on_swap: ${_param:kubelet_fail_on_swap}
container: false
network:
calico:
diff --git a/kubernetes/pool/single.yml b/kubernetes/pool/single.yml
index cf334df..3f4af34 100644
--- a/kubernetes/pool/single.yml
+++ b/kubernetes/pool/single.yml
@@ -18,9 +18,20 @@
kubernetes_pause_image: ${_param:kubernetes_hyperkube_repo}/pause-amd64:v1.8.13-11
kubernetes_contrail_cni_image: ${_param:kubernetes_contrail_cni_repo}/contrail-cni:v1.2.0
kubernetes_contrail_network_controller_image: ${_param:kubernetes_contrail_network_controller_repo}/contrail-network-controller:v1.2.0
+ kubernetes_virtlet_image: mirantis/virtlet:v1.0.3
+ kubernetes_criproxy_version: v0.11.0
+ kubernetes_criproxy_checksum: md5=115bbb0c27518db6b0b3bc8cdc5fc897
+
+ kubelet_fail_on_swap: true
kubernetes:
+ common:
+ hyperkube:
+ image: ${_param:kubernetes_hyperkube_image}
+ pause_image: ${_param:kubernetes_pause_image}
pool:
+ kubelet:
+ fail_on_swap: ${_param:kubelet_fail_on_swap}
container: false
docker:
host:
diff --git a/linux/system/repo/keystorage/jenkins.yml b/linux/system/repo/keystorage/jenkins.yml
new file mode 100644
index 0000000..f50851a
--- /dev/null
+++ b/linux/system/repo/keystorage/jenkins.yml
@@ -0,0 +1,151 @@
+parameters:
+ linux:
+ system:
+ repo:
+ mcp_jenkins:
+ # pub 1024D/D50582E6 2009-02-01
+ key: |
+ -----BEGIN PGP PUBLIC KEY BLOCK-----
+ Version: GnuPG v1
+
+ mQGiBEmFQG0RBACXScOxb6BTV6rQE/tcJopAEWsdvmE0jNIRWjDDzB7HovX6Anrq
+ n7+Vq4spAReSFbBVaYiiOx2cGDymj2dyx2i9NAI/9/cQXJOU+RPdDzHVlO1Edksp
+ 5rKn0cGPWY5sLxRf8s/tO5oyKgwCVgTaB5a8gBHaoGms3nNC4YYf+lqlpwCgjbti
+ 3u1iMIx6Rs+dG0+xw1oi5FUD/2tLJMx7vCUQHhPRupeYFPoD8vWpcbGb5nHfHi4U
+ 8/x4qZspAIwvXtGw0UBHildGpqe9onp22Syadn/7JgMWhHoFw5Ke/rTMlxREL7pa
+ TiXuagD2G84tjJ66oJP1FigslJzrnG61y85V7THL61OFqDg6IOP4onbsdqHby4VD
+ zZj9A/9uQxIn5250AGLNpARStAcNPJNJbHOQuv0iF3vnG8uO7/oscB0TYb8/juxr
+ hs9GdSN0U0BxENR+8KWy5lttpqLMKlKRknQYy34UstQiyFgAQ9Epncu9uIbVDgWt
+ y7utnqXN033EyYkcWx5EhLAgHkC7wSzeSWABV3JSXN7CeeOif7QiS29oc3VrZSBL
+ YXdhZ3VjaGkgPGtrQGtvaHN1a2Uub3JnPohjBBMRAgAjAhsDBgsJCAcDAgQVAggD
+ BBYCAwECHgECF4AFAko/7vYCGQEACgkQm30y8tUFguabhgCgi54IQR4rpJZ/uUHe
+ ZB879zUWTQwAniQDBO+Zly7Fsvm0Mcvqvl02UzxCiGAEExECACAFAkmFQG0CGwMG
+ CwkIBwMCBBUCCAMEFgIDAQIeAQIXgAAKCRCbfTLy1QWC5qtXAJ9hPRisOhkexWXJ
+ nXQMl9cOTvm4LgCdGint1TONoZ2I4JtOiFzOmeP3ju3RzcvNyQEQAAEBAAAAAAAA
+ AAAAAAAA/9j/4AAQSkZJRgABAQEAYABgAAD/4QBgRXhpZgAASUkqAAgAAAAEADEB
+ AgAZAAAAPgAAABBRAQABAAAAAUOQABFRBAABAAAAEgsAABJRBAABAAAAEgsAAAAA
+ AABNYWNyb21lZGlhIEZpcmV3b3JrcyA0LjAAAP/bAEMACAYGBwYFCAcHBwkJCAoM
+ FA0MCwsMGRITDxQdGh8eHRocHCAkLicgIiwjHBwoNyksMDE0NDQfJzk9ODI8LjM0
+ Mv/bAEMBCQkJDAsMGA0NGDIhHCEyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIyMjIy
+ MjIyMjIyMjIyMjIyMjIyMjIyMjIyMv/AABEIAK4AlgMBIgACEQEDEQH/xAAfAAAB
+ BQEBAQEBAQAAAAAAAAAAAQIDBAUGBwgJCgv/xAC1EAACAQMDAgQDBQUEBAAAAX0B
+ AgMABBEFEiExQQYTUWEHInEUMoGRoQgjQrHBFVLR8CQzYnKCCQoWFxgZGiUmJygp
+ KjQ1Njc4OTpDREVGR0hJSlNUVVZXWFlaY2RlZmdoaWpzdHV2d3h5eoOEhYaHiImK
+ kpOUlZaXmJmaoqOkpaanqKmqsrO0tba3uLm6wsPExcbHyMnK0tPU1dbX2Nna4eLj
+ 5OXm5+jp6vHy8/T19vf4+fr/xAAfAQADAQEBAQEBAQEBAAAAAAAAAQIDBAUGBwgJ
+ Cgv/xAC1EQACAQIEBAMEBwUEBAABAncAAQIDEQQFITEGEkFRB2FxEyIygQgUQpGh
+ scEJIzNS8BVictEKFiQ04SXxFxgZGiYnKCkqNTY3ODk6Q0RFRkdISUpTVFVWV1hZ
+ WmNkZWZnaGlqc3R1dnd4eXqCg4SFhoeIiYqSk5SVlpeYmZqio6Slpqeoqaqys7S1
+ tre4ubrCw8TFxsfIycrS09TV1tfY2dri4+Tl5ufo6ery8/T19vf4+fr/2gAMAwEA
+ AhEDEQA/APcBI/8Afb86XzH/AL7fnUYpwqRknmN/fP50u9v7x/OmCgUASb2/vH86
+ Xe394/nTBS0AP3t/eP50u4+p/OmUopgO3H1NO3H1NR5xThQA7cfWlyfU0ylFMQ/J
+ 9aXPvTKdQAuaM0lLQAtJmiigAzRSdqKAKApwpopc1mUOpRSUopgKKWkFLQAueKzr
+ zXbCwk2Tzxq3cFwK8v8Aih8V30aaTQ9DKtegYnuTyIvZR3b+VfP1/q17fzvLc3Ms
+ sjHJZ2JJNGr2HZdT6j8U/FbR/DcKsM3VxLkpGh6AetcI37Ql4Zcx6LAYx2aUgmvD
+ 1ju7obgJHA7nmmmG4TqjDHtS+ZXL1sfVPhT4yeH/ABFNHaXYbS71zhVnYGNz6B+n
+ 4HFejK2RmvhJJSDiTj6ivYvht8XptE8rSPEEklxpxwkFyTue39j6p+op3a3Javsf
+ RuacDVaC4juIUmhkWSKRQyspyGB7ipgasgfmlpoNLmgBaKSigBaKM0UAUBS0lKKz
+ KFFLSUooAdWR4o1qLw/4bvtSmZVEMRK57t2H51rCvJPj7etD4WsbQMQJ7jkDuFBN
+ D2GlqfP13dS3k89zM5eaZy7sTySTWvovhw3JWWdcqeQtUNGsWvtQRMfIvJr0u0t1
+ hjUKOnpXFi8Q6a5Y7npYLDqfvyILXQolRVWMdOwp1x4cjYH5QPwrftQcDippFavM
+ UpvW569ktLHnOp+FFaNiijcOlcfcW8tlN5UgI+tezXEeSeM5rmtf0OK/tSVUCVOV
+ Irsw+KlF8s9jhxWFjNc0dzpfgh49MV1/wimozExyndYOx+6/eP6HqPcEd697Vq+I
+ baWbTb+G5hJWe3lWVCDj5lOf6V9naTqUeraRZ6jEMR3UKTKM9NwzivXj2PDmrM1A
+ 1PqBTUoNMlDqKSloAKKOpopAUacKbS1mWOFKKbS0xC14p+0Gw+z6Ihb+ORsfgK9r
+ rxT9oO3X7Ho1zn5vMePHrxn+lJjW55t4QgZbOe7CbmJ2IPU10sltriIDaSW7ORlg
+ 44HsKz/BCbtFyBysjVdvo9bcTNDMyEFfKCEDdzzknpx04NeVUles9vme3Rjairdu
+ hoaXqOqwt5Wo2cSjoHRuv4VuTXKCAuBzjoa5myW9SKJLmVpH25lLEEBs9sVuTgGw
+ BGN3f3rOU7SaOqEW43Me7l1a8l225SCL+9tyajfT7lHS4SdmkH+sVujj+lQakuo3
+ ELC0uGjkBwqh9qlceuM5z/L3q1p9nfwyqzzs8WxQVkOTuxycjsT2q7+7e6MXH3mr
+ M898QWgtNbmVeEcbwK+l/hdK7/DXQjI+4iAgH0AY4FfO/jWMx6+oxx5QP619B/Cx
+ Wj+G2i7twzExww7bzj8K9bDO8UeJitJv1O5U1Mp4qshqdTW7RzpklLmmg0tSULmi
+ kopAU6WkFFZlDqWm0tMQteX/ABe8MXPiBLCSN1SODcq5H8bY5+mB+teoVi+KbQ3e
+ gXAU4dPnB9MVFS/I+Xc0pNKa5tjw/wAJ2L6fpbWsw2zRzOsg9wa6RIlk6Diszy5L
+ a5kYksJTuyfWrUN2xbArxpyUpczPoKS5VyiXKQwHoBk/mamID2AIFZ89w6SlvKSV
+ ugDNjFK2p3It/L8uIAc//WpRhd3RtKaSs2WLNIpQeAcGrjosYIFZVvcPLIr7Fibo
+ Qpzmp5rp/N24prTQmT0uYOv6LDrWt2avIIkSJjI3qMjAHuTmveNEsU0rRbGwjPyW
+ 0CRr9AK8k0y0S81yMMAzllQL3xnnAr2cdfavXwLbT8jwcwsmrbssoamU8VXQ1Otd
+ jOBEoNOBqMGnA1BY6ikHNFAypS0lLWRQtFFApgLTJoknheKQZRwVYe1OopiPO/GP
+ hq202xgu7RX+VishZs9a4pmaMtsGSRkAV7Xq9gupaXPasPvr8v17V4jKHt7qS3k4
+ kjYqa8vF0lCSaWh6uDrOSab1KAuLia9a2CJCQu7zLhgoI9q2f+Ecv2h877XZbTuB
+ Ikz0x/jVK4RZVAdckDg1QfEY8kW6EeoYgH6jOKwi0z0emkrfK5LcyXNpex2YEVyz
+ ruEkD5Cj1NX1Lbt0hyVHP1qpbxiFCyqN5HYYAq/pcH2/WbSyLcSyAMfbqaduaSij
+ KpJRTdz03w3p0dpo1m7RL57JvLFRuG7nr16YrdWolAHAGB2qVa+hjFRioo+YlJyk
+ 5MnSp1NQpUopMESCnA+tMFOBqS0Oz6UUlFIZWopKXNZFi0UlFMQuaM0maM0wOU8Z
+ /ELRfA8UQ1Ayz3kw3RWkABcrnG4k8KPr17CvIbjWR4lSXXbW2Nv5srHyS+4gA9Cc
+ DNYfxfl+1fEbVCsm8xFI+T0wo4/CrHg9kt9OFm88TyffwrA43DOPw71y4xfuk13O
+ zBfxGn2NWDU4ZFXLbXHDKamN7a7cfLn3qCWyt2nKyxAj3FLJo9hFGH8sNu5HJrzo
+ 2PTbkupHPqcafLHlnPCqKu6VqMfhy4h1nUEkdIDvdIwC2MYwM455rMW502wlzLLD
+ Cq+p5P4dax9e8S2N5aSWtuXcOMFsYH61vSpzlNOKMKs4qLUme6+EvHWk+MRcLp6X
+ EUtuAzxzqAcHjIwTmuqQ185/CTXo9J8XRW0iqsF+v2bcxxtbOVOfcjH419EqcHBr
+ 3FqeDJWZbQ1KDVeNqmBqWCJRTs1GDTgakseKKQc0UgK1LTaq6lqljo9g99qV3Fa2
+ qfellbAz6DuT7DmsjQuU15FiiaWR1SNBlndgFUe5PSvGfEfx02s8HhzTwR0F3eDr
+ 7rGP/Zj+FeU674u1zxE5bVtUuLlc5ETNiNfogwo/KrUWFj37xF8YfC+hiSK1mfVb
+ tePLtf8AVg+8h4/LNeSa/wDGHxRrcjpb3Q0u3OcRWZ2nHu5+Y/p9K89Z9x5ppOM8
+ 1SihXHTTyO7NIzO7MWZmOSxPUk+tQrKyNuUkEdwcGnFs8EVGV9Kom5YGoXqtuW7n
+ B9fMNPOrag67Wvbgr6eYap4OelA5qeSPYrnl3Jg7McsxJ9SakTrzUCg+1SgqgyTm
+ rJLkbjII6e9dfp/xR8VaciLFqjTxxAKI7pFkBHuTz+tcL5xI9AeAKcpGSSe1Az37
+ wx8adPv3S3122FjKeBPES8R+o6r+tepWl7b3tulxazxTwvyskbBlP4ivjASAnA4r
+ Z0DxVrHh2787TL+WDP3kzlG+qng0XFyo+wlfIp4NeN+FfjbaXs0dp4gt1tGPH2uH
+ Jjz/ALS9R9RmvWra6huoEnt5o5oXGUkjYMrD2IpE2aLgoqMOMUUWC5ka/rVv4e0K
+ 71W5G6O3QsEBwXboFH1OK+WPE3irVfE2pNeapcM7ZPlxA4jhX+6i9h+p71698dNZ
+ +z6Np+ko3zXMpmkH+yvA/U/pXgcz7k9x/KogtDR6DXmJ71EXOKYTzSE5qybi7uaU
+ mmd6UcimITPNKDmmnrQKAJM8Ck3egpuaQUAPBJ6k4ozknjimk9qB0oGO3E04NUYp
+ aQEu/wBqXOFAPeohyQKV25NMCdJDng103hjxnq/hm7WTTrp1jJy8LHMb/Vf8muU+
+ 6g9TThIUGB1Pf0osNM+wPCnie18U6HHqNspjbOyaInJjcdR7jnINFeY/APUUJ1jS
+ pZVQER3K7jjn7rf+y0U1YiWj0OW+NmoG68dvbhsrawIgHoTyf515qzbth9eDXQ+P
+ NQOo+NNUus5DzED6Dj+lc0DnI9DmohsXLcaTQOaG6n60CqJEpVpM0A80ADDmkpzd
+ RSUALRRRQACiijvQAtFJRmgY9B3po5b605DhGNN70CHu2CT+ApEwX5+ppG5AP1pM
+ 4GB1PWmBraZez2rvJBM8TMMEocHFFVLViFOKKm1y0xb9zNI0pJLFiT+PNUlPz5NW
+ Jm+/9RVYjGPenYlisMufrSE05vu5qOgQtA60dqB1oAe3QU2nN0plAC0tJSjrQAlL
+ miigAptL0pO9AEi8RfU0mM8560H/AFaikzx+NMBxx0H40zOeaU8KffikHSgCxC+y
+ LPqaKYeAq+gooHc//9mIYAQTEQIAIAUCSj/3IAIbAwYLCQgHAwIEFQIIAwQWAgMB
+ Ah4BAheAAAoJEJt9MvLVBYLmt2sAnRUJQoS4J/5+LW+Iy3tUYMTsR8aLAJ9gp9qD
+ YbGfdcFG+HeSbh/PEwrqbLQzS29oc3VrZSBLYXdhZ3VjaGkgPGtvaHN1a2Uua2F3
+ YWd1Y2hpQGNsb3VkYmVlcy5jb20+iGIEExECACIFAk0GnroCGwMGCwkIBwMCBhUI
+ AgkKCwQWAgMBAh4BAheAAAoJEJt9MvLVBYLmfugAnRb1qac6CqRaNUhHbzd1m/5S
+ niNzAJ9NJUC2Fjk7uEyvQ5bDJ+hAFbkQVLQpS29oc3VrZSBLYXdhZ3VjaGkgPGtv
+ aHN1a2VAY2xvdWRiZWVzLmNvbT6IYgQTEQIAIgUCVh045AIbAwYLCQgHAwIGFQgC
+ CQoLBBYCAwECHgECF4AACgkQm30y8tUFguZVLgCdElQ2ydLBp33/9SFyVEz3cFMk
+ 0DkAn2qWsQlPT549lAqeSnkhCOcGJAx0tCxLb2hzdWtlIEthd2FndWNoaSA8a2th
+ d2FndWNoaUBjbG91ZGJlZXMuY29tPohiBBMRAgAiBQJWHTjzAhsDBgsJCAcDAgYV
+ CAIJCgsEFgIDAQIeAQIXgAAKCRCbfTLy1QWC5sMTAKCA5kH0uH0x0HoTuxjrU740
+ pU/53gCfaFWE6s7nBFMkJ3RyxjtZBGnY2Jm5Ag0ESYVAbRAIAOoBdaCKKzjKL3qi
+ zdBmYrnzT2iONNOeUgKBvO2tPnlwxVMMFz1Kd7JFCULRxL4zXPgOjqWPzWw0l0mI
+ E+pNhgDX57FMW+znMLE8icM/eG+pfEdM/XjZc3WF3O3ndHuyafw7TDI75EIFRvjh
+ 702S6y8F3lQ/cl7jj2GelcnhY7dxUwWbiCHGzsRGWkCLk1MSxVV0zx2odtkm2TyB
+ vN0AcfTJuIBeZbIsUZkO64qIUCSqb9aV53uJ3o35w/HXTt3AFyXA/HN8RgoSonVg
+ MMegOXJ/HjTXbLXnd7mwbJqH8g8Fiussx8b5aaLCvmcJfS2bA5zK6S4T3iFvMkJf
+ bAF1tYsAAwYIALOXdy4ziUa3/CvmWIziCi1elkCilj4SdssgG44cVddHsefICBJP
+ WMf8BRtp+8+PIOESQUPJQ/Xhe0c0gCqw3VSm7Jhsz3Rsw8BZcnGtrMyxIX5O/nIj
+ EeLLhxzWmOiocDaTCogYeZPFjM485LX1lZAC16+hMTqkIBGmFjR3OmxwJZpcaz9m
+ o0CGMv3pYthXU6hS372ZOc5yzpW7FrGnbA3ZLkMrVL2B0jFYRzzAxQ+JB7wJiTQ7
+ JJ05EhuUyzdsaoMWgzkdwEBk/ViVeK08fachG/QO05AYxA4KSpRaZC5ABSApX5g7
+ zqU7hLsSFMRP8Y+xBvo/t5+b8KzzBur/DIiISQQYEQIACQUCSYVAbQIbDAAKCRCb
+ fTLy1QWC5raYAJ4k0FbiycMLg7OMpTpBPfzr8YD2ywCfe8vNLCfw3XG/kyKFYavm
+ RXO9oTa5Ag0EWBjgRgEQALze0WQartDG4x1DaOpqKLAol9pfxSX+O88Nafw9dDdV
+ v80CD7Q66p6X5o1TOOqEAqsI/dUFzDoZzW/EBN5TVKdNhV55WsIbvFJnJ9ccQ1yk
+ fCYVQAH/eCIdM8dujAOZLjKSapz/wBdFbbOffvz7GLmsjn1wCruZfIOcaIcfaUfY
+ QWsafzwU9VsRLSDrbwpylQJkvblfeb+ohQ/AYlVJmD1HcKF81AajgxbTUDCBxslY
+ 4kL6FmqqfLJDWXyg0aG7UEbP3ye7/61qrsKR0g84BHYgkLzQkdgsAGAMo3HvQzss
+ BAqhZy2QSWKZCe6OQuIEzL01oTWJOWJYAoak9pSkjuFDsRbFRHC4YiaCIvwFHA8C
+ 3nCaa/jAXQ/NrBFyc1TsrDdxiXi6cEgER9WichpQaD/NCKGGHbEzzHow1Ni+pABq
+ 1leoVAfAEw8OwRYEftfoAQ5O8VdWe754xK2I5wFWjGKM0IHruEqnRgbWXL9Vy6Cv
+ NTrQIoJbVuO/kQWH4jZ63TzsBnxHzdnRSuCNGXnuneIju8+wr33y+r914cNziCHm
+ Tt0UsyTcf7xfzVB++obS0sCyklDIy+1EEzLePkUYl7Ebkst5tKgbVRNyH1niKRwX
+ xoyowmIRznO79l46u9JMdlt9VO9oo+yR9DqMgNqUnc9Z+rt8EyUam87838FfF+OF
+ ABEBAAGJAmgEGBECAAkFAlgY4EYCGwICKQkQm30y8tUFgubBXSAEGQECAAYFAlgY
+ 4EYACgkQlHo/RMJzQlXPTg//UpZd7vx0wNm6dPSUc9Agw5tQU5oCR4BUaDOBFDfb
+ nKPNa8JQPVdH6lrt1Zaqc9Uka+l1eVK8SZiujohr3bCyal+5ParAdVbTt08pvh5d
+ 3YllLIKKad82Qy6WsUlAQmUpba+Fn5naXdd8WDN03J7LVOqYCQUWZu65r5oqmv8B
+ eh+vcZO5ozEt/Huy+ruCsdb0WavbgI5+Pj6sKJtKBo5WwZzbDpbPUEUd3/T5zFbJ
+ G/XDk77qfBP4DKC96tphzGp6EaEtrZ9Qto8AisCYGvhDptYqXqZm4J1mJj/SI+4C
+ /1kVY0EEf4ySLy4/8f91h/jzcEliQNnmNZWgUTmP/nyUS+iLqUa4NmhdO45NYBfJ
+ PZyviHsFxJhYppiPt32n5FpGrXM8fWaQsA+aKOL2D+AWeC8W/pPmDurLbYA1yRk7
+ T7E1llz4wDf53CumQGtT4gKwmUdGbwp0TNZKggv+/6auOMoBVjvWCRM0erxR+fAL
+ FKruuoXjQ69I2bTiZfoSHtDxqa+YMnNqqFOZdyJsH13Fx/Ma3k0EVI4uOuX5RoJ8
+ BN3SAkBSiZu/yRf9XF/ikKvrb3YcaPaUgRPVP3EweJJx98whWxPmgSbv/GvQCQa7
+ GyvwvqvWuiw+kgl4RlCGvL354zQwSoD+li+ZgnuhzRlSnj962O2cobvY+UzW1fiO
+ vTrGzQCgg7/WrciTjK8wtd8e/E26mU1agOMAniYHo/aFmpsSFfNp4n419EI+mCXU
+ =fBn8
+ -----END PGP PUBLIC KEY BLOCK-----
diff --git a/linux/system/repo/keystorage/maas.yml b/linux/system/repo/keystorage/maas.yml
new file mode 100644
index 0000000..cac2c27
--- /dev/null
+++ b/linux/system/repo/keystorage/maas.yml
@@ -0,0 +1,36 @@
+parameters:
+ linux:
+ system:
+ repo:
+ mcp_maas:
+ # pub 4096R/684D4A1C 2015-08-20
+ key: |
+ -----BEGIN PGP PUBLIC KEY BLOCK-----
+ Version: GnuPG v1
+
+ mQINBFXVlyMBEACqM3iz2EGJE0iE3/AAbNCnbBB25m3AWaSxJk+GJfkAAYWGqAKi
+ uWceCcetdNKNTKd8frSZFsRB7IceZr0u5sWpSYur6uoMNHzS8Y5cGdyAVrnEZtbd
+ ak652x13jlX7nrcE9g//lD0w254XW1Loyy5YOGWfUmJkGImndFWtkqd1J7SCVMMW
+ 5l/nS4LwsOx/wTxL5m/cFQLi67JyJGqszKXS88oHT1YFBWPyl1VcXifFwecH/32f
+ Rr6WGpEAaxGF4dO45WGvJIQs2yiT5f9ha3tuJCbzI58t9BxiR1MMZ9AAPjdNO6JZ
+ kX2q+/uqgJg9IWNcJ4E+fCgl/hvoB3AURXHmaagH7nMb/6OA/QFSbiR3eciSJ89c
+ EkK+7d0br+p2+shO/dOV6lUrbidVVjiiTdmYlyXzuPcvPWVYmXjDzsOi0sSZZNMq
+ 8G3/pAavjyGUvZtb781V1j9/8l3o5ScAPzzamT2W4rF+nCh1iHYz7+wP2XDNifE/
+ oK7fLNb0ig1G5S4PCqZHUp95LUaJrFczYCPwlERUxIC3B9a+UC3SdZmRuuSENWNs
+ YxKUlbU07GCrjxtcDhQHGQDVJDUGbqqkA4B/iKrwW3reA5fHo3yocQMX7YR6C2/Q
+ n+wn/EoEPIB1wkzAQvarnNCCdwjD5AB1VhANEFwUKMWHDEsofKOSTBYvgQARAQAB
+ tBZMYXVuY2hwYWQgUFBBIGZvciBNQUFTiQI4BBMBAgAiBQJV1ZcjAhsDBgsJCAcD
+ AgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAE5/3FaE1KHDH8D/9Mdc+4tw8foj6lILCg
+ fBRi9S37tOyV2m5YvD+qRzefUYgFKXYxleO+H9cjFH2XyHIBwa15dD/Yg+DkcAKb
+ 9f/a1llHNTzLkHiNVQl4tl8qeJPj2Obm53HsjhazIgh0L208GRGJxO4HSBbrBTo8
+ FNF00Cl52josZdG1mPCSDuJm1AkeY9q4WeAOnekquz2qjUa+L8J8z+HVPC9rUryE
+ NXdwCyh3TE0G0occjUAsb5oOu3bcKSbVraq+trhjp9sz7o7O4lc4+cT2gFIWl1Rp
+ 1djzXH8flU/s3U1vl0RcIFEZbuqsuDWukpxozq4M5y7VKq4y5dq7Y0PbMuJ0Dvgn
+ Bn4fbboMji4LYfgn++vosZv/MXkPIg6wubxdejVdrEoFRFxCcYqW4wObY8vxrvDr
+ Mjp4HrQ2guN8OJDUYnLdVv9P1MMKDAMrDjRdy3NsBpd7GuA9hXRXBPZ8y74nIwCR
+ jEDnIz5jsws9PxZIVabieoCI6RibJMw8qpuicM97Ss2Uq5vURvTBQ3f6wYjCMsdt
+ yqjz6TVJ3zwK9NPfMhXGVrrsxBOxO382r6XXuUbTcXZTDjAkoMsBqfjidlGDGTb3
+ Un0LkZJfpXrmZehyvO/GlsoYiFDhGf+EXJzKwRUEuJlIkVEZ72OtuoUMoBrjuADR
+ lJQUW0ZbcmpOxjK1c6w08nhSvA==
+ =QeWQ
+ -----END PGP PUBLIC KEY BLOCK-----
diff --git a/linux/system/repo/keystorage/ubuntu.yml b/linux/system/repo/keystorage/ubuntu.yml
new file mode 100644
index 0000000..aaa6f88
--- /dev/null
+++ b/linux/system/repo/keystorage/ubuntu.yml
@@ -0,0 +1,86 @@
+parameters:
+ linux:
+ system:
+ repo:
+ ubuntu:
+ key: |
+ -----BEGIN PGP PUBLIC KEY BLOCK-----
+ Version: GnuPG v1
+
+ mQGiBEFEnz8RBAC7LstGsKD7McXZgd58oN68KquARLBl6rjA2vdhwl77KkPPOr3O
+ YeSBH/voUsqausJfDNuTNivOfwceDe50lbhq52ODj4Mx9Jg+4aHn9fmRkIk41i2J
+ 3hZiIGPACY/FsSlRq1AhBH2wZG1lQ45W/p77AeARRehYKJP9HY+1h/uihwCgrVE2
+ VzACJLuZWHbDsPoJaNQjiFcEAKbUF1rMyjd1xJM7bZeXbs8c+ohUo/ywSI/OIr8n
+ OfUswy08tsCof1KU0JBGLBCn0lHAYkAAcSr2pQ+k/odwdLQSjgm/JcUbi2ll16Wy
+ 7qFbUAUJ5xO+iP61vL3z4pJGcK1pMH6kBLA4CPBchJU/hh3f7vtX2oFdWw8tWqvm
+ m/W7BACE7h0p86OP2G3ZJBjNYNQTK1LFYa+3G0spsVi9wl+Ih49ImPbSsUc2CSMA
+ fDlGpYU8FuUKCgQnS3UZz6e0NwrHbZTHBy0ksRwT9jf7qSAEKEN2ECxfwR5i1dU+
+ Yi4owkqGPhTLAbwkYdZZMcqfGgTXbiU4uy8DzMH/VhqP5wxdwbQ7VWJ1bnR1IEFy
+ Y2hpdmUgQXV0b21hdGljIFNpZ25pbmcgS2V5IDxmdHBtYXN0ZXJAdWJ1bnR1LmNv
+ bT6IXgQTEQIAHgUCQUSfPwIbAwYLCQgHAwIDFQIDAxYCAQIeAQIXgAAKCRBAl26v
+ Q30FtSTNAJ9TwRBI9/dXHqsyx5LkWrPxyO2H7wCfXDY77HnwSK3tTqJzC4m6KuDd
+ RheJAhwEEwECAAYFAkFRZ98ACgkQ18PxMasqkfV9whAAj5sSzTHDIdYCmbZcumTH
+ limqS88m+0He6jkG5j6DjQq/xGWg7B/svG+mPCE4K/zYG3CA0G0lTgJJKQg6gcUg
+ oQpaiK22gLG5tjVOQRRaExu+FNKF9kvSYFbEwpn0OESsRPjrdS2RYpGjY+DLHPaB
+ 06Y/hQvMSCh67ZeDmLLTwQFzF0RAUHtwU+tU/gnvrk7kk/yPDqtj53J6zuAf86ZX
+ GRlmJCTDYJ/yXoYlm4sz0E1XANrdwtUGic0PF1gJIe7ZAnqMVvRGCxArNT1th83w
+ uppjI4/rGrFttbQUPb0cXyXhSmNauRMiiX/lrjqjouk9DX8CyVQG/mTgjrKLAMBZ
+ OJ/Im3D33jOdEWIaaVAVOmOej3S8s33zcWAUYbpqg+10i3O4SfVYH88tmEnmX3mq
+ Y21B7fkHHOVXF/4/sCzft6Ek6E57vIh0i7PjnrTWBO2/dl7zJyZZo7ty4f69B1xU
+ ZNClBZPXgYWmh68z5SgyfY5/N/CmfnsH6u5vHSRpm039Nr4IFNREkamkXl2GCPbA
+ rkZIkqdGdrX1EfWw/fsndHqHKwrPGHXIWWboZT1ZDx48P+825fVMg4N2cr87Mv1K
+ 7E/hgHjxJ6eeciJFic4GT199DZha+1Gs7FRXvCa+sOGP/9JuZ+/S+Tv71sIPmRqD
+ rr6bSBH/E6yBKz7jv42GO8iIRgQQEQIABgUCQ76shgAKCRDohqckZfvHogOmAKCQ
+ SaKL15jq0TvjWWrcjvQvODdgMgCfdkb3Jbsg5liM0edJohWfyhzfGIGIRgQQEQIA
+ BgUCQ/tL4QAKCRDk7WqA+zgH23hVAJ9WpyWCnJIHNQVHH4/V8kqaptbLQwCfQN5/
+ kutAyXprjtU+W2stn2HV4pKIRgQQEQIABgUCRMoo7AAKCRD+VG3tGS5BXGKuAJ9c
+ XxY6TqxwIt6kTIShyykHuia7KgCdHYYlu+akh8PYBAlF4RvGlIkqmyiIRgQQEQIA
+ BgUCRQfC6gAKCRBbGMCBbDPfCDsGAKCO313nAlhu/FggyId7IG8yXtCa2QCguWI6
+ WCp0v4jyAIA2LK/zKbNlDcCIRgQQEQIABgUCRRvO4AAKCRDgL5ttNArtqI0LAJ4i
+ vwtgU9g6hn6TsbejzabpS7JLAACeLKBkLfPymJXlbpCjzsav9qJdZhGIRgQQEQIA
+ BgUCRRvPMAAKCRCRA7V5h+SGXz8OAJ0aus80uJDxtlflUDD1B1iEcO9EMQCglMfy
+ ys5abo/h6ZicTp2WIhp9IBCIRgQQEQIABgUCRRvPQgAKCRALOQhgy6dmGRaTAJwJ
+ FCgDskBzIeqCEORLAtLaBJCLngCeJzjzf4A8G1ZhS39Y/Yk7LQYB3aGIRgQQEQIA
+ BgUCRRvPYAAKCRAurJaQpVDnhKIiAKDaziS1x3SZIOS8p4iVGVY43KYO7ACfdevW
+ FB3BLbmLKB9xsrH00safNJWIRgQQEQIABgUCRWfafAAKCRCV4getfktcl1R8AJ4x
+ 8HI/GPIcpHNuJ8PUlJKvjSOY1QCeN8glquCHP7d9XyBe4p41o0WdbAqIRgQQEQIA
+ BgUCRaABKQAKCRBZgbnSh0vryCoKAJ9/KYHPBGwGuR4WR8ZWujLqIue92ACfVk5G
+ hTCj8sjkC2835BOmWdPia3yIRgQQEQIABgUCRbQdHQAKCRB9RtY87eO1ZT4AAJ9q
+ OBuspkVxj9ewlJtFPZfzKkRypACeM/WVpw+2rz7UHVAGXYZpWnqjmwaIRgQQEQIA
+ BgUCRfkxvwAKCRA+O+Dt/wMVgO5fAKDEdUwaGl6sd8pS2N5f+Fdm25EWQQCdE8p9
+ Fsq+Q2lA2m3sbEgH3ga+zPGIRgQQEQIABgUCRq72nQAKCRD23TMCEPpM0XyeAJ9C
+ GZ1MNHUYsJv2ZdpzPqdc23EW6ACdEDfk5MnkAYX2i9eoEParoMRNcx+IRgQTEQIA
+ BgUCQp2FvgAKCRAwa1VExpE89g4LAJ9TY9lyD3u8eXXiVE11zw20lvIongCfUfLh
+ OE+oLMmUAwoCsCpVTxNhnRuIRgQTEQIABgUCQp2cvwAKCRBQ1yY84R14E1z9AKCG
+ 2I2enXp7roBiIosVi76hx4Dd9gCgs21hGpvQqouLs6Oz9TbQ4COqrT+ISQQQEQIA
+ CQUCRZtwwAIHAAAKCRAHjSWNsiCtxiKBAJ9KL7LtkZiVNcj8kJJ9u4+QX00LsACg
+ hJVJpjXC5Q4EeGfyzm4MICf2MVqJAhwEEAECAAYFAkc0xpUACgkQC/uEfz8nL1sU
+ rBAAsLGXDeZ/QHyYfWHPrph+ALC94xmblfSu8Q/BRD09VyPimnoRtSNHZwwbTp38
+ ysVU9G9mo3lgQ07HQP6XxoEDrw42sLUpnECUMptr1e66hlyvk4urMVjGEs4FCpA3
+ wRuDUYuI4McpB1mRzYqJEYZ2bGl9MWN+FGEE6oFHCvJUUAEDVj7enCN1+ouKw+Wf
+ giki1BqPWGofTrj2G/st8hn2LhBgomCDtnb14gRSFHvINO+dDr96QjVXGg9+WSr2
+ iIVeIHS8QWWOpYwgit16DK0SgXxlIMXMkcNpDosak639DF6wwRTvVoMGcr5OEbtU
+ I23GOdyX9RTrWCECmUctat9vprdx6e0nbYbt9jYheVBzTCMGCtc1pVSuNcsPBU3F
+ KZlMq6yH9D7POQPHamKcZdRhGKtR0vQadKt3bMZQP231pUMdCp9ayIMjLjjX7EDo
+ FO6iCqeuuqBa0quiz7Z6nAvTWkGHHXjd555iIrkTz1fgses05P9BHkfPmnOH55b3
+ 3vyopz53A74Vz6SutOUTQi0MaXAYNsX0A55bjNb3fm6LuuLAkOZAR1wfSM1Ecb5r
+ yZP+9kF6o9zSGcQ2sjG3b7pGFtQztwzXKNUCOI4Iv932IeD9O95w5omXZVahTGQ8
+ NesFHdmEwq69aEGOq3E3q7Qz1pAgZsj2N+6LmE3Ln2rudKW5Ag0EQUSfRxAIAMgl
+ vR9L60xR65i2QG4k2CnqZhmRUaTySxwOlNqKWtokUpzf8WmqA383uRLO8W9Tee1a
+ F7KEMEUXgFiP7nns0kroKGLlcLbC+nEzkv51ao6Lcr5dWr0817LmlvCl2N1KeQDk
+ pHIAiS0LTjuEFY1yosi2ECiOan6sgcLaVqJVbEUeIaYJOiZ8O1INTAGGdpVoSPvg
+ kuZVKhP2uMIhYq3qgs6sB5SshEaKAGYIiH3lZ6UJUIVEuyumxpNPqkJ1Jkpo4SxI
+ wy8KYiQ9Uo1NPP8bmvyGGaeWbRObLPHCO+iqxHxMiE4xX08sVizxA1YLw9iwtdNP
+ OWkQsM9rn8W/gieH0SsAAwYIAMLzDICy2IA1wcmf5XPpg4JBFuMjeg8pIuaQZMf/
+ MO2u+RlOVrIXPVFtYOpxQR9C1gCg+Blg2qQXBNw19cNT2EtSGi0HtycTww2xnIOn
+ aLOzq/eI/LnakdAMclaTVbNltraepkoRFE4Exvuq/tCdzssotnmAha1tzGf+O3Qy
+ xkIBJ6zHFTNCREGBPYi/Pe9iviWqNAIr3SPhlw7STFrVDgpne9VdpOZb3nVYYQHG
+ 6iwvVwzrE23+84RMFENq4Dhyx9L8R6+PMt347uT8dB03PXMovOpwXX06zMgfGwF6
+ 0TZsmHqun/E3gE46YiME26rmUX5KSNTm9N2IZA8jz/sFXz2ISQQYEQIACQUCQUSf
+ RwIbDAAKCRBAl26vQ30FtdxYAJsFjU+xbex7gevyGQ2/mhqidES4MwCggqQyo+w1
+ Twx6DKLF+3rF5nf1F3Q=
+ =PBAe
+ ubuntu_updates:
+ key: ${linux:system:repo:ubuntu:key}
+ ubuntu_security:
+ key: ${linux:system:repo:ubuntu:key}
diff --git a/linux/system/repo/mcp/apt_mirantis/jenkins.yml b/linux/system/repo/mcp/apt_mirantis/jenkins.yml
new file mode 100644
index 0000000..0c256b6
--- /dev/null
+++ b/linux/system/repo/mcp/apt_mirantis/jenkins.yml
@@ -0,0 +1,19 @@
+classes:
+- system.linux.system.repo.keystorage.jenkins
+parameters:
+ _param:
+ apt_mk_version: stable
+ linux_system_repo_url: http://mirror.mirantis.com/${_param:apt_mk_version}/
+ linux_system_repo_mcp_jenkins_url: ${_param:linux_system_repo_url}/jenkins/
+ linux:
+ system:
+ repo:
+ mcp_jenkins:
+ # FIXME PROD-20733
+ source: "deb [arch=amd64 trusted=yes] ${_param:linux_system_repo_mcp_jenkins_url}/${_param:linux_system_codename}/ binary main"
+ architectures: amd64
+ clean_file: true
+ pin:
+ - pin: 'release o=jenkins.io'
+ priority: 1100
+ package: '*'
diff --git a/linux/system/repo/mcp/apt_mirantis/maas.yml b/linux/system/repo/mcp/apt_mirantis/maas.yml
index 7ee3537..c89e3fe 100644
--- a/linux/system/repo/mcp/apt_mirantis/maas.yml
+++ b/linux/system/repo/mcp/apt_mirantis/maas.yml
@@ -1,13 +1,18 @@
+classes:
+- system.linux.system.repo.keystorage.maas
parameters:
_param:
apt_mk_version: stable
- linux_system_repo_mcp_maas_version: ${_param:apt_mk_version}
+ linux_system_repo_url: http://mirror.mirantis.com/${_param:apt_mk_version}/
+ linux_system_repo_mcp_maas_url: ${_param:linux_system_repo_url}/maas/
linux:
system:
repo:
mcp_maas:
- source: "deb [arch=amd64] http://mirror.mirantis.com/${_param:linux_system_repo_mcp_maas_version}/maas/${_param:linux_system_codename}/ ${_param:linux_system_codename} main"
+ source: "deb [arch=amd64] ${_param:linux_system_repo_mcp_maas_url}/${_param:linux_system_codename} ${_param:linux_system_codename} main"
architectures: amd64
- key_id: 684D4A1C
- key_server: keyserver.ubuntu.com
clean_file: true
+ pin:
+ - pin: 'release o=LP-PPA-maas-stable'
+ priority: 1100
+ package: '*'
diff --git a/linux/system/repo/mcp/apt_mirantis/ubuntu.yml b/linux/system/repo/mcp/apt_mirantis/ubuntu.yml
index e254ed6..55f6387 100644
--- a/linux/system/repo/mcp/apt_mirantis/ubuntu.yml
+++ b/linux/system/repo/mcp/apt_mirantis/ubuntu.yml
@@ -1,24 +1,26 @@
+classes:
+- system.linux.system.repo.keystorage.ubuntu
parameters:
_param:
- apt_mk_version: stable
+ apt_mk_version: 'stable'
+ linux_repo_refresh_db: true
+ linux_system_repo_url: http://mirror.mirantis.com/${_param:apt_mk_version}/
+ linux_system_repo_ubuntu_url: ${_param:linux_system_repo_url}/ubuntu/
linux:
system:
repo:
ubuntu:
- source: "deb [arch=amd64] http://mirror.mirantis.com/${_param:apt_mk_version}/ubuntu/ ${_param:linux_system_codename} main restricted universe"
+ refresh_db: ${_param:linux_repo_refresh_db}
+ source: "deb [arch=amd64] ${_param:linux_system_repo_ubuntu_url} ${_param:linux_system_codename} main restricted universe"
architectures: amd64
default: true
- key_id: 437D05B5
- key_server: keyserver.ubuntu.com
ubuntu_updates:
- source: "deb [arch=amd64] http://mirror.mirantis.com/${_param:apt_mk_version}/ubuntu/ ${_param:linux_system_codename}-updates main restricted universe"
+ refresh_db: ${_param:linux_repo_refresh_db}
+ source: "deb [arch=amd64] ${_param:linux_system_repo_ubuntu_url} ${_param:linux_system_codename}-updates main restricted universe"
architectures: amd64
default: true
- key_id: 437D05B5
- key_server: keyserver.ubuntu.com
ubuntu_security:
- source: "deb [arch=amd64] http://mirror.mirantis.com/${_param:apt_mk_version}/ubuntu/ ${_param:linux_system_codename}-security main restricted universe"
+ refresh_db: ${_param:linux_repo_refresh_db}
+ source: "deb [arch=amd64] ${_param:linux_system_repo_ubuntu_url} ${_param:linux_system_codename}-security main restricted universe"
architectures: amd64
default: true
- key_id: 437D05B5
- key_server: keyserver.ubuntu.com
\ No newline at end of file
diff --git a/linux/system/repo/mcp/mirror/v1/openstack.yml b/linux/system/repo/mcp/mirror/v1/openstack.yml
new file mode 100644
index 0000000..a4a369b
--- /dev/null
+++ b/linux/system/repo/mcp/mirror/v1/openstack.yml
@@ -0,0 +1,16 @@
+parameters:
+ _param:
+ apt_mk_version: stable
+ linux_system_architecture: 'amd64'
+ linux:
+ system:
+ repo:
+ mirantis_openstack:
+ source: "deb http://mirror.mirantis.com/${_param:apt_mk_version}/openstack-${_param:openstack_version}/${_param:linux_system_codename} ${_param:linux_system_codename} main"
+ architectures: ${_param:linux_system_architecture}
+ clean_file: true
+ key_url: https://mirror.mirantis.com/${_param:apt_mk_version}/openstack-${_param:openstack_version}/${_param:linux_system_codename}/archive-${_param:openstack_version}.key
+ pin:
+ - pin: 'release o=Mirantis'
+ priority: 1100
+ package: '*'
diff --git a/linux/system/repo_local/mcp/apt_mirantis/ubuntu.yml b/linux/system/repo_local/mcp/apt_mirantis/ubuntu.yml
index d510183..79c002f 100644
--- a/linux/system/repo_local/mcp/apt_mirantis/ubuntu.yml
+++ b/linux/system/repo_local/mcp/apt_mirantis/ubuntu.yml
@@ -1,23 +1,24 @@
+classes:
+- system.linux.system.repo.keystorage.ubuntu
parameters:
+ _param:
+ apt_mk_version: 'stable'
+ linux_repo_refresh_db: true
linux:
system:
repo:
ubuntu:
refresh_db: ${_param:linux_repo_refresh_db}
- source: "deb [arch=amd64] http://${_param:local_repo_url}/ubuntu ${_param:linux_system_codename} main universe restricted"
+ source: "deb [arch=amd64] http://${_param:local_repo_url}/${_param:apt_mk_version}/ubuntu ${_param:linux_system_codename} main universe restricted"
architectures: amd64
default: true
- key_url: "http://${_param:local_repo_url}/public.gpg"
- ubuntu-updates:
+ ubuntu_updates:
refresh_db: ${_param:linux_repo_refresh_db}
- source: "deb [arch=amd64] http://${_param:local_repo_url}/ubuntu ${_param:linux_system_codename}-updates main universe restricted"
+ source: "deb [arch=amd64] http://${_param:local_repo_url}/${_param:apt_mk_version}/ubuntu ${_param:linux_system_codename}-updates main universe restricted"
architectures: amd64
default: true
- key_url: "http://${_param:local_repo_url}/public.gpg"
- ubuntu-security:
+ ubuntu_security:
refresh_db: ${_param:linux_repo_refresh_db}
- source: "deb [arch=amd64] http://${_param:local_repo_url}/ubuntu ${_param:linux_system_codename}-security main universe restricted"
+ source: "deb [arch=amd64] http://${_param:local_repo_url}/${_param:apt_mk_version}/ubuntu ${_param:linux_system_codename}-security main universe restricted"
architectures: amd64
default: true
- key_url: "http://${_param:local_repo_url}/public.gpg"
-
diff --git a/linux/system/repo_local/ubuntu.yml b/linux/system/repo_local/ubuntu.yml
index 46994ee..e93a4b3 100644
--- a/linux/system/repo_local/ubuntu.yml
+++ b/linux/system/repo_local/ubuntu.yml
@@ -8,13 +8,13 @@
architectures: amd64
default: true
key_url: "http://${_param:local_repo_url}/public.gpg"
- ubuntu-updates:
+ ubuntu_updates:
refresh_db: ${_param:linux_repo_refresh_db}
source: "deb [arch=amd64] http://${_param:local_repo_url}/ubuntu ${_param:linux_system_codename}-updates main universe restricted"
architectures: amd64
default: true
key_url: "http://${_param:local_repo_url}/public.gpg"
- ubuntu-security:
+ ubuntu_security:
refresh_db: ${_param:linux_repo_refresh_db}
source: "deb [arch=amd64] http://${_param:local_repo_url}/ubuntu ${_param:linux_system_codename}-security main universe restricted"
architectures: amd64
diff --git a/maas/region/boot_sources/maas_ephemeral_v3/bss_xenial.yml b/maas/region/boot_sources/maas_ephemeral_v3/bss_xenial.yml
new file mode 100644
index 0000000..ad54efa
--- /dev/null
+++ b/maas/region/boot_sources/maas_ephemeral_v3/bss_xenial.yml
@@ -0,0 +1,13 @@
+parameters:
+ _param:
+ apt_mk_version: stable
+ maas:
+ region:
+ boot_sources_selections:
+ mcp_xenial:
+ url: ${maas:region:boot_sources:mcp_resources_mirror:url}
+ os: "ubuntu"
+ release: "xenial"
+ arches: "amd64"
+ subarches: '"*"'
+ labels: '"*"'
diff --git a/maas/region/boot_sources/maas_ephemeral_v3/init.yml b/maas/region/boot_sources/maas_ephemeral_v3/init.yml
new file mode 100644
index 0000000..9d0abf2
--- /dev/null
+++ b/maas/region/boot_sources/maas_ephemeral_v3/init.yml
@@ -0,0 +1,11 @@
+parameters:
+ _param:
+ apt_mk_version: stable
+ maas_region_boot_sources_maas_ephemeral_v3_bs_url: http://mirror.mirantis.com/${_param:apt_mk_version}/maas-ephemeral-v3/
+ maas:
+ region:
+ boot_sources_delete_all_others: true
+ boot_sources:
+ mcp_resources_mirror:
+ url: ${_param:maas_region_boot_sources_maas_ephemeral_v3_bs_url}
+ keyring_file: /usr/share/keyrings/ubuntu-cloudimage-keyring.gpg
diff --git a/nova/compute/libvirt/ssl/init.yml b/nova/compute/libvirt/ssl/init.yml
new file mode 100644
index 0000000..9931cbd
--- /dev/null
+++ b/nova/compute/libvirt/ssl/init.yml
@@ -0,0 +1,14 @@
+classes:
+- system.salt.minion.cert.libvirtd
+parameters:
+ nova:
+ compute:
+ libvirt:
+ tls:
+ enabled: True
+ key_file: ${_param:libvirtd_server_ssl_key_file}
+ cert_file: ${_param:libvirtd_server_ssl_cert_file}
+ ca_file: ${_param:libvirtd_ssl_ca_file}
+ client:
+ key_file: ${_param:libvirtd_client_ssl_key_file}
+ cert_file: ${_param:libvirtd_client_ssl_cert_file}
diff --git a/opencontrail/control/analytics4_0.yml b/opencontrail/control/analytics4_0.yml
index 9614d61..ee8462a 100644
--- a/opencontrail/control/analytics4_0.yml
+++ b/opencontrail/control/analytics4_0.yml
@@ -1,4 +1,5 @@
classes:
+- service.docker.host
- service.haproxy.proxy.single
- service.keepalived.cluster.single
- service.opencontrail.control.analytics
diff --git a/opencontrail/control/control4_0.yml b/opencontrail/control/control4_0.yml
index 02ab75e..10c72ee 100644
--- a/opencontrail/control/control4_0.yml
+++ b/opencontrail/control/control4_0.yml
@@ -1,4 +1,5 @@
classes:
+- service.docker.host
- service.keepalived.cluster.single
- service.opencontrail.control.control
- system.haproxy.proxy.listen.opencontrail.control
diff --git a/opencontrail/control/single4_0.yml b/opencontrail/control/single4_0.yml
index a4fae18..df551ef 100644
--- a/opencontrail/control/single4_0.yml
+++ b/opencontrail/control/single4_0.yml
@@ -1,4 +1,5 @@
classes:
+- service.docker.host
- service.opencontrail.control.single
- service.haproxy.proxy.single
parameters:
diff --git a/openssh/server/team/members/dstremkouski.yml b/openssh/server/team/members/dstremkouski.yml
new file mode 100644
index 0000000..ba3233b
--- /dev/null
+++ b/openssh/server/team/members/dstremkouski.yml
@@ -0,0 +1,20 @@
+parameters:
+ linux:
+ system:
+ user:
+ dstremkouski:
+ enabled: true
+ name: dstremkouski
+ sudo: true
+ full_name: Dzmitry Stremkouski
+ home: /home/dstremkouski
+ email: dstremkouski@mirantis.com
+ openssh:
+ server:
+ enabled: true
+ user:
+ dstremkouski:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDlvA0GjsFF4p0oRF/49/k0YYqkCpsmKHoMtM2b/ZgRAbUzuobEqOZILkGkbvWTKQrq1BbMjGk/11EvCA07f+N8Z2Rj9lw9+tlqPy4K/90BNPvLcjBlKXruZFZWtQmbBWsA150PjvrqSD1pju+qkpC3tavgC4S0HxT9Gl9F+IuqCEfvRSNhRJrl2UWPHTolTfE7NOlX3745OEXTH4AFp/lgy+wyvGJBujfGZOjjuiGyPl71cS9t7yJBxTXdZxDDrjmaFmsftpK0Q+JccNHLzlj2hrkrWTPnrP70hbzgyoxw+JwOXmsnE8Q8WHxEgYyPfA4dxkZsktQbE51zGvU/yIxGJ5zV9AF2Y7pxzOXHq9sPXwgoJneW9JHCkH7BSw56+EHagEDeYeKD/1aIaRJbeyfltTTbK05J8nhyrdKFGENazEHoDYmhWk7Jdd7X/E2nEYWmYTje4YacHVOM1P9Guqs8n8VrUnYXreogJ9tOZs/Ydl/+I52ITvuK7w+SsVcl5wuxuoclg6dsa1RrDpKm9emN2OKS3RqJBNjnfSUaeGLrDSYENm/+PUEhvhKAd+DTpjnYb+oKsf4QegGFJtoHoZNNIlSvnjpjO2VC+g0Ci11JTaq/LwfNb7OJMYURzFwlW8BRmJWZ8BnnhNhw+vZG6fa7yyeIW9OVpVtqQBPpA5Qumw== argentina
+ user: ${linux:system:user:dstremkouski}
diff --git a/openssh/server/team/members/kkushaev.yml b/openssh/server/team/members/kkushaev.yml
new file mode 100644
index 0000000..978c6f1
--- /dev/null
+++ b/openssh/server/team/members/kkushaev.yml
@@ -0,0 +1,20 @@
+parameters:
+ linux:
+ system:
+ user:
+ kkushaev:
+ enabled: true
+ name: kkushaev
+ sudo: ${_param:linux_system_user_sudo}
+ full_name: Kairat Kushaev
+ home: /home/kkushaev
+ email: kkushaev@mirantis.com
+ openssh:
+ server:
+ enabled: true
+ user:
+ kkushaev:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqsPMcXdObuEZCBqw3t+AutfjA6mxNJ9o4jZb+ov4Tatw0mlGZtpQXyOnn1kkvIW0TAmMdT8dXeSHusc/Ujd8MHFBDSnvGid/jtSpA7q4Op0VNo4cOFx1fw5KqnsZyymhafiVQywgj6UQOEYNpX7VHgPOMLL2Ymm3i9RF986jLpLqXJHWbJuy+0rOHzjFh127QuTV01AYONOaiDdcwZlHyFZgWShL5NSJCMhmREPLn118JTEsN8w+r10a51plzrrV3Tqcz6q7znfftBKlzKrPACVmbMdOzOQ+XBMuN3VmsFxtS//qcqd7y+YAgG1CJ+E+nk4JUYU5fxeiUWntvqFKl
+ user: ${linux:system:user:kkushaev}
diff --git a/openssh/server/team/members/ogrudev.yml b/openssh/server/team/members/ogrudev.yml
new file mode 100644
index 0000000..71964a6
--- /dev/null
+++ b/openssh/server/team/members/ogrudev.yml
@@ -0,0 +1,20 @@
+parameters:
+ linux:
+ system:
+ user:
+ ogrudev:
+ enabled: true
+ name: ogrudev
+ sudo: ${_param:linux_system_user_sudo}
+ full_name: Oleksii Grudev
+ home: /home/ogrudev
+ email: ogrudev@mirantis.com
+ openssh:
+ server:
+ enabled: true
+ user:
+ ogrudev:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDilSKhVkANZQLOY6zhLBxhKD0OabfORbuxL3H1o+Q0TfL223/I2A8FAqpZzu9RdX0FoOcP3S85S51IX1p4odipTAA9Wyp4jEtMNUUWvRkXWTvVR99+QNCq4QiB78c0JhtydKPu29DJNQr3/UHG877BCrLvOyiXFNrVZI+EBC+Md2SEqSN8e1P/DlORUrjgQKAxuKhMhDyoBbyBvnfK32IYbs8bKlYZRusj1dlL3Jv/nR4VvN4YT+CzNOPCBTljFdcxuqdPZvqdAyMBIYDxaCxx2id96L98kYavKlqUZJn0x6mJ8ndtHtfn+Fwjom/+8cPFUjuhULWsQiPRjfqA6p8r agrudev@agrudev-pc
+ user: ${linux:system:user:ogrudev}
diff --git a/openssh/server/team/members/ohryhorov.yml b/openssh/server/team/members/ohryhorov.yml
new file mode 100644
index 0000000..c58076e
--- /dev/null
+++ b/openssh/server/team/members/ohryhorov.yml
@@ -0,0 +1,20 @@
+parameters:
+ linux:
+ system:
+ user:
+ ohryhorov:
+ enabled: true
+ name: ohryhorov
+ sudo: ${_param:linux_system_user_sudo}
+ full_name: Oleh Hryhorov
+ home: /home/ohryhorov
+ email: ohryhorov@mirantis.com
+ openssh:
+ server:
+ enabled: true
+ user:
+ ohryhorov:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDURrVLvo44rOSe/2GBh69SPS06Jam21dJrunM9TzuxcHkw7u/rVLMA+pDMMwu/x2n8fFkW7wrd3/6QH7cLOGt1Xw4PDfFA17ZGmV7HwZ1XOeoux2+47TFkGeHyeHOqf7xKMW4o35tKDXd5uipW9opl7+Zm/l7ucd6TKnGjh9vA3nD9xqF8Gxb6qvY7W35EFMPAwU9sK9lMwM/LkuUJirEP11sIK38OoEC2aysNtXZyKdQ9LgmBWZGbaCod0LzgAJd29zQOxWOHHWOE7PK4zHVWYN3AxfiIWSg2mxqARMnqZpPulqbgwVETxLsJJSnPOvvTwoVggimxXh1HPUI7wUnb ohryhorov@ohryhorov-pc
+ user: ${linux:system:user:ohryhorov}
diff --git a/openssh/server/team/members/vblokhin.yml b/openssh/server/team/members/vblokhin.yml
new file mode 100644
index 0000000..74ae49c
--- /dev/null
+++ b/openssh/server/team/members/vblokhin.yml
@@ -0,0 +1,21 @@
+parameters:
+ linux:
+ system:
+ user:
+ vblokhin:
+ enabled: true
+ name: vblokhin
+ sudo: ${_param:linux_system_user_sudo}
+ full_name: Volodymyr Blokhin
+ home: /home/vblokhin
+ email: vblokhin@mirantis.com
+ openssh:
+ server:
+ enabled: true
+ user:
+ vblokhin:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDY5F0bDcbiCtO5HkwIVgjwAwCHcTRDZwEIE5cwuGlXNKWk9JtlDKh724Dp8f/Yny1e30Kt9oqs23bv6xfMh4pU4vrajjSv9f+s3hCSs1X9JrlEw92CD7r+jpq2R0vz3ufeHZWSWmeMsRR62BodtYy4EkoyPKvq16guq745KHTYgATm/qJgCkjQ5lxca280i0z14Fv+JOtVxrk52xMTxHS+N6wzVOjuEjBbW2vyktsV/RidT/SoJAVMHoPISjJTR+q5usVuKb6J5U83Y2vbmUCnygAnPX6l9k8atsAvwl1v54QxWE6Qz61kMPpwZZ56BNGhCZ458HqqXiybx4lU4PN6eg/zPA9Eq+xj5ZoXaUK1hg2UpJrmrtCh8H4T+/dPySZ+HMDBp221DCuH43x9No6V0QWhifhHPaGWyeK+mGsznbaSnlZ0QxRun5qWgjG7xHu97zgxjlyxmQII8FWGaOSuv/w6jg894A4jcsDfH5oxDbgVTbqqZG9o7TszIXKTImt1f2fmKKr/CT7ixwIKO3MioUNu3PoQ/GhmKajqugV+TIRe4vJ2FD5hl11ythzLlZCchzlEoymap4P6Y5dMh60YErCtYftn7jATJKSq9EHiLEeTIQDBVqhJzdS9/QWAXBV97mNX7mib1dO0H9TBZu1mYMZio7udbx9oursrVPq3fw== vblokhin@mirantis.com
+ user: ${linux:system:user:vblokhin}
+
diff --git a/openssh/server/team/oscore_devops.yml b/openssh/server/team/oscore_devops.yml
index 89870b0..2404c31 100644
--- a/openssh/server/team/oscore_devops.yml
+++ b/openssh/server/team/oscore_devops.yml
@@ -6,6 +6,9 @@
- system.openssh.server.team.members.iudovichenko
- system.openssh.server.team.members.vdrok
- system.openssh.server.team.members.ikolodyazhny
+- system.openssh.server.team.members.ohryhorov
+- system.openssh.server.team.members.ogrudev
+- system.openssh.server.team.members.kkushaev
parameters:
_param:
linux_system_user_sudo: true
diff --git a/openssh/server/team/services.yml b/openssh/server/team/services.yml
index a704e04..be901d8 100644
--- a/openssh/server/team/services.yml
+++ b/openssh/server/team/services.yml
@@ -15,6 +15,8 @@
- system.openssh.server.team.members.tjaroszyk
- system.openssh.server.team.members.sburns
- system.openssh.server.team.members.yisakov
+- system.openssh.server.team.members.vblokhin
+- system.openssh.server.team.members.dstremkouski
parameters:
_param:
linux_system_user_sudo: true
diff --git a/prometheus/relay/init.yml b/prometheus/relay/init.yml
index a240458..2841850 100644
--- a/prometheus/relay/init.yml
+++ b/prometheus/relay/init.yml
@@ -1,3 +1,11 @@
classes:
- service.prometheus.relay
- service.prometheus.relay.cluster
+parameters:
+ _param:
+ prometheus_relay_bind_port: 9094
+ prometheus:
+ relay:
+ enabled: true
+ bind:
+ port: ${_param:prometheus_relay_bind_port}
diff --git a/prometheus/server/alert/alerta_relabel.yml b/prometheus/server/alert/alerta_relabel.yml
index a81c59a..ca0f4b4 100644
--- a/prometheus/server/alert/alerta_relabel.yml
+++ b/prometheus/server/alert/alerta_relabel.yml
@@ -11,9 +11,15 @@
- replacement: "aggregated"
source_labels: "instance"
target_label: "instance"
+ - source_labels: "host"
+ target_label: "instance"
+ regex: "(.+)"
+ - source_labels: "job"
+ target_label: "instance"
+ regex: "(.+)"
- source_labels: ["host", "job"]
target_label: "instance"
- regex: "([a-zA-Z0-9]+;[a-zA-Z0-9_]+)"
+ regex: "(.+;.+)"
- source_labels: ["hostname", "job"]
target_label: "instance"
- regex: "([a-zA-Z0-9]+;[a-zA-Z0-9_]+)"
+ regex: "(.+;.+)"
\ No newline at end of file
diff --git a/salt/master/formula/git/openstack.yml b/salt/master/formula/git/openstack.yml
index cd9df0a..093279a 100644
--- a/salt/master/formula/git/openstack.yml
+++ b/salt/master/formula/git/openstack.yml
@@ -104,6 +104,10 @@
source: git
address: '${_param:salt_master_environment_repository}/salt-formula-opencontrail.git'
revision: ${_param:salt_master_environment_revision}
+ oslo_templates:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-oslo-templates.git'
+ revision: ${_param:salt_master_environment_revision}
python:
source: git
address: '${_param:salt_master_environment_repository}/salt-formula-python.git'
diff --git a/salt/master/formula/pkg/openstack.yml b/salt/master/formula/pkg/openstack.yml
index 3d22c41..381ae1a 100644
--- a/salt/master/formula/pkg/openstack.yml
+++ b/salt/master/formula/pkg/openstack.yml
@@ -76,6 +76,9 @@
octavia:
source: pkg
name: salt-formula-octavia
+ oslo_templates:
+ source: pkg
+ name: salt-formula-oslo-templates
opencontrail:
source: pkg
name: salt-formula-opencontrail
diff --git a/salt/minion/cert/libvirtd/client.yml b/salt/minion/cert/libvirtd/client.yml
new file mode 100644
index 0000000..bf0ce83
--- /dev/null
+++ b/salt/minion/cert/libvirtd/client.yml
@@ -0,0 +1,21 @@
+parameters:
+ _param:
+ libvirtd_client_ssl_key_file: /etc/pki/libvirt/private/clientkey.pem
+ libvirtd_client_ssl_cert_file: /etc/pki/libvirt/clientcert.pem
+ salt:
+ minion:
+ cert:
+ libvirtd_client:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: ${linux:system:name}.${_param:cluster_domain}
+ signing_policy: cert_client
+ alternative_names: >
+ IP:${_param:cluster_local_address},
+ DNS:${_param:cluster_local_address},
+ DNS:${linux:system:name},
+ DNS:${linux:network:fqdn}
+ key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+ key_file: ${_param:libvirtd_client_ssl_key_file}
+ cert_file: ${_param:libvirtd_client_ssl_cert_file}
+ ca_file: ${_param:libvirtd_ssl_ca_file}
\ No newline at end of file
diff --git a/salt/minion/cert/libvirtd/init.yml b/salt/minion/cert/libvirtd/init.yml
new file mode 100644
index 0000000..735312e
--- /dev/null
+++ b/salt/minion/cert/libvirtd/init.yml
@@ -0,0 +1,9 @@
+classes:
+- system.salt.minion.cert.libvirtd.server
+- system.salt.minion.cert.libvirtd.client
+
+parameters:
+ _param:
+ salt_minion_ca_host: cfg01.${_param:cluster_domain}
+ salt_minion_ca_authority: salt_master_ca
+ libvirtd_ssl_ca_file: /etc/pki/CA/cacert.pem
\ No newline at end of file
diff --git a/salt/minion/cert/libvirtd/server.yml b/salt/minion/cert/libvirtd/server.yml
new file mode 100644
index 0000000..9080672
--- /dev/null
+++ b/salt/minion/cert/libvirtd/server.yml
@@ -0,0 +1,21 @@
+parameters:
+ _param:
+ libvirtd_server_ssl_key_file: /etc/pki/libvirt/private/serverkey.pem
+ libvirtd_server_ssl_cert_file: /etc/pki/libvirt/servercert.pem
+ salt:
+ minion:
+ cert:
+ libvirtd_server:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: ${linux:system:name}.${_param:cluster_domain}
+ signing_policy: cert_server
+ alternative_names: >
+ IP:${_param:cluster_local_address},
+ DNS:${_param:cluster_local_address},
+ DNS:${linux:system:name},
+ DNS:${linux:network:fqdn}
+ key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+ key_file: ${_param:libvirtd_server_ssl_key_file}
+ cert_file: ${_param:libvirtd_server_ssl_cert_file}
+ ca_file: ${_param:libvirtd_ssl_ca_file}
\ No newline at end of file