Merge "Freeipa client configurations"
diff --git a/devops_portal/service/janitor_monkey.yml b/devops_portal/service/janitor_monkey.yml
new file mode 100644
index 0000000..73f2e7c
--- /dev/null
+++ b/devops_portal/service/janitor_monkey.yml
@@ -0,0 +1,10 @@
+parameters:
+ devops_portal:
+ config:
+ service:
+ janitormonkey:
+ configure_proxy: true
+ endpoint:
+ address: ${_param:haproxy_janitor_monkey_bind_host}
+ port: ${_param:haproxy_janitor_monkey_bind_port}
+ https: ${_param:haproxy_janitor_monkey_ssl:enabled}
diff --git a/docker/swarm/stack/janitor_monkey.yml b/docker/swarm/stack/janitor_monkey.yml
index 2d5f4a7..426a75c 100644
--- a/docker/swarm/stack/janitor_monkey.yml
+++ b/docker/swarm/stack/janitor_monkey.yml
@@ -4,6 +4,21 @@
docker_image_mongodb: library/mongo:3.4
docker_mongodb_admin_username: admin
docker_mongodb_admin_password: password
+ docker_image_janitor_monkey: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/janitor_monkey:6040
+ janitor_monkey_enabled: true
+ janitor_monkey_dryrun_mode: false
+ janitor_monkey_base_url: http://${_param:haproxy_janitor_monkey_bind_host}:${_param:haproxy_janitor_monkey_bind_port}
+ janitor_monkey_mongodb_host: ${_param:haproxy_mongodb_bind_host}
+ janitor_monkey_mongodb_port: ${_param:haproxy_mongodb_bind_port}
+ janitor_monkey_mongodb_db: mcp_cloud
+ janitor_monkey_mongodb_username: janitor
+ janitor_monkey_mongodb_password: password
+ janitor_monkey_elasticsearch: ${_param:haproxy_elasticsearch_bind_host}:${_param:haproxy_elasticsearch_binary_bind_port}
+ janitor_monkey_cloudfire_region: RegionOne
+ janitor_monkey_cis_clustername: ${_param:elasticsearch_cluster_name}
+ janitor_monkey_openstack:
+ project_domain_name: default
+ project_name: admin
docker:
client:
stack:
@@ -11,6 +26,24 @@
environment:
MONGO_INITDB_ROOT_USERNAME: ${_param:docker_mongodb_admin_username}
MONGO_INITDB_ROOT_PASSWORD: ${_param:docker_mongodb_admin_password}
+ simianarmy.recorder.mongodb.host: ${_param:janitor_monkey_mongodb_host}
+ simianarmy.recorder.mongodb.port: ${_param:janitor_monkey_mongodb_port}
+ simianarmy.recorder.mongodb.database: ${_param:janitor_monkey_mongodb_db}
+ simianarmy.recorder.mongodb.user: ${_param:janitor_monkey_mongodb_username}
+ simianarmy.recorder.mongodb.password: ${_param:janitor_monkey_mongodb_password}
+ simianarmy.base.url: ${_param:janitor_monkey_base_url}
+ simianarmy.janitor.enabled: ${_param:janitor_monkey_enabled}
+ simianarmy.janitor.leashed: ${_param:janitor_monkey_dryrun_mode}
+ simianarmy.calendar.isMonkeyTime: true
+ simianarmy.janitor.resources.sdb.domain: ${_param:janitor_monkey_mongodb_db}
+ simianarmy.client.cloudfire.cis.hosts: ${_param:janitor_monkey_elasticsearch}
+ simianarmy.client.cloudfire.region: ${_param:janitor_monkey_cloudfire_region}
+ simianarmy.client.cloudfire.cis.clustername: ${_param:janitor_monkey_cis_clustername}
+ simianarmy.client.cloudfire.identityEndpoint: ${_param:janitor_monkey_openstack:auth_url}
+ simianarmy.client.cloudfire.accountKey: ${_param:janitor_monkey_openstack:username}
+ simianarmy.client.cloudfire.secretKey: ${_param:janitor_monkey_openstack:password}
+ simianarmy.client.cloudfire.domain: ${_param:janitor_monkey_openstack:project_domain_name}
+ simianarmy.client.cloudfire.project: ${_param:janitor_monkey_openstack:project_name}
service:
mongodb:
image: ${_param:docker_image_mongodb}
@@ -21,4 +54,12 @@
ports:
- ${_param:haproxy_mongodb_exposed_port}:${_param:haproxy_mongodb_bind_port}
volumes:
- - /srv/volumes/mongodb:/data
+ - /srv/volumes/mongodb:/data/db
+ api:
+ image: ${_param:docker_image_janitor_monkey}
+ deploy:
+ replicas: ${_param:docker_janitor_monkey_replicas}
+ restart_policy:
+ condition: any
+ ports:
+ - ${_param:haproxy_janitor_monkey_exposed_port}:8080
diff --git a/docker/swarm/stack/postgresql.yml b/docker/swarm/stack/postgresql.yml
index 73435fb..7ae4052 100644
--- a/docker/swarm/stack/postgresql.yml
+++ b/docker/swarm/stack/postgresql.yml
@@ -11,7 +11,6 @@
environment:
POSTGRES_USER: ${_param:postgresql_admin_user}
POSTGRES_PASSWORD: ${_param:postgresql_admin_user_password}
- SQLALCHEMY_POOL_RECYCLE: 14400
service:
db:
image: ${_param:docker_image_postgresql}
diff --git a/docker/swarm/stack/security_monkey.yml b/docker/swarm/stack/security_monkey.yml
index a83f2a0..2d06a42 100644
--- a/docker/swarm/stack/security_monkey.yml
+++ b/docker/swarm/stack/security_monkey.yml
@@ -14,7 +14,6 @@
security_monkey_api_port: ${_param:haproxy_security_monkey_bind_port}
security_monkey_nginx_port: ${_param:haproxy_security_monkey_bind_port}
devops_portal_sm_wtf_csrf_enabled: False
- security_monkey_sync_interval: 15
security_monkey_openstack:
os_account_id: mcp_cloud
os_account_name: mcp_cloud
@@ -50,7 +49,8 @@
OS_PROJECT_NAME: ${_param:security_monkey_openstack:project_name}
USER_DOMAIN_NAME: ${_param:security_monkey_openstack:user_domain_name}
SM_WTF_CSRF_ENABLED: ${_param:devops_portal_sm_wtf_csrf_enabled}
- SECURITY_MONKEY_SYNC_INTERVAL: ${_param:security_monkey_sync_interval}
+ SQLALCHEMY_DATABASE_URI: postgresql://${_param:secmonkey_db_user}:${_param:secmonkey_db_user_password}@${_param:secmonkey_db_host}:${_param:haproxy_postgresql_bind_port}/${_param:security_monkey_db}
+ SQLALCHEMY_POOL_RECYCLE: 14400
service:
api:
image: ${_param:docker_image_security_monkey_api}
diff --git a/elasticsearch/client/index/janitor_monkey.yml b/elasticsearch/client/index/janitor_monkey.yml
new file mode 100644
index 0000000..bef92ae
--- /dev/null
+++ b/elasticsearch/client/index/janitor_monkey.yml
@@ -0,0 +1,15 @@
+parameters:
+ _param:
+ janitor_monkey_cis_openstack_shards: 5
+ janitor_monkey_cis_openstack_replicas: 1
+ elasticsearch:
+ client:
+ index:
+ cis-openstack:
+ enabled: true
+ force_operation: true
+ definition:
+ template: cis-openstack
+ settings:
+ number_of_shards: ${_param:janitor_monkey_cis_openstack_shards}
+ number_of_replicas: ${_param:janitor_monkey_cis_openstack_replicas}
\ No newline at end of file
diff --git a/elasticsearch/client/pushkin/notifications.yml b/elasticsearch/client/index/pushkin.yml
similarity index 100%
rename from elasticsearch/client/pushkin/notifications.yml
rename to elasticsearch/client/index/pushkin.yml
diff --git a/elasticsearch/client/init.yml b/elasticsearch/client/init.yml
new file mode 100644
index 0000000..d0710ca
--- /dev/null
+++ b/elasticsearch/client/init.yml
@@ -0,0 +1,10 @@
+parameters:
+ _param:
+ elasticsearch_client_host: ${_param:haproxy_elasticsearch_bind_host}
+ elasticsearch_client_port: ${_param:haproxy_elasticsearch_http_bind_port}
+ elasticsearch:
+ client:
+ enabled: true
+ server:
+ host: ${_param:elasticsearch_client_host}
+ port: ${_param:elasticsearch_client_port}
\ No newline at end of file
diff --git a/elasticsearch/client/pushkin/init.yml b/elasticsearch/client/pushkin/init.yml
deleted file mode 100644
index 9f37847..0000000
--- a/elasticsearch/client/pushkin/init.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-parameters:
- _param:
- pushkin_elasticsearch_host: ${_param:haproxy_elasticsearch_bind_host}
- pushkin_elasticsearch_port: ${_param:haproxy_elasticsearch_http_bind_port}
- elasticsearch:
- client:
- enabled: true
- server:
- host: ${_param:pushkin_elasticsearch_host}
- port: ${_param:pushkin_elasticsearch_port}
\ No newline at end of file
diff --git a/haproxy/proxy/listen/oss/janitor_monkey.yml b/haproxy/proxy/listen/oss/janitor_monkey.yml
new file mode 100644
index 0000000..c2ff760
--- /dev/null
+++ b/haproxy/proxy/listen/oss/janitor_monkey.yml
@@ -0,0 +1,40 @@
+parameters:
+ _param:
+ haproxy_janitor_monkey_bind_host: ${_param:haproxy_bind_address}
+ haproxy_janitor_monkey_bind_port: 8088
+ haproxy_janitor_monkey_exposed_port: 18088
+ haproxy_janitor_monkey_ssl:
+ enabled: false
+ haproxy:
+ proxy:
+ listen:
+ janitor_monkey:
+ mode: http
+ options:
+ - httpchk get /simianarmy/api/v1/janitor
+ balance: source
+ http_request:
+ - action: "add-header X-Forwarded-Proto https"
+ condition: "if { ssl_fc }"
+ health-check:
+ http:
+ enabled: true
+ options:
+ - expect status 200
+ binds:
+ - address: ${_param:haproxy_janitor_monkey_bind_host}
+ port: ${_param:haproxy_janitor_monkey_bind_port}
+ ssl: ${_param:haproxy_janitor_monkey_ssl}
+ servers:
+ - name: ${_param:cluster_node01_name}
+ host: ${_param:cluster_node01_address}
+ port: ${_param:haproxy_janitor_monkey_exposed_port}
+ params: check
+ - name: ${_param:cluster_node02_name}
+ host: ${_param:cluster_node02_address}
+ port: ${_param:haproxy_janitor_monkey_exposed_port}
+ params: backup check
+ - name: ${_param:cluster_node03_name}
+ host: ${_param:cluster_node03_address}
+ port: ${_param:haproxy_janitor_monkey_exposed_port}
+ params: backup check
diff --git a/jenkins/client/job/deploy/lab/mk/virtual.yml b/jenkins/client/job/deploy/lab/mk/virtual.yml
index 4e1fd97..da807df 100644
--- a/jenkins/client/job/deploy/lab/mk/virtual.yml
+++ b/jenkins/client/job/deploy/lab/mk/virtual.yml
@@ -104,3 +104,10 @@
test: openstack
timer: "H H(0-6) * * *"
extra_formulas: ""
+ # Identity AAA
+ - lab: virtual_aaa_freeipa
+ install: core,aaa
+ stack_type: heat
+ test: ""
+ timer: ""
+ extra_formulas: ""
diff --git a/jenkins/client/job/salt-models/tests.yml b/jenkins/client/job/salt-models/tests.yml
index e59ae6a..7c2b369 100644
--- a/jenkins/client/job/salt-models/tests.yml
+++ b/jenkins/client/job/salt-models/tests.yml
@@ -68,16 +68,6 @@
credentials: "gerrit"
script: test-system-reclass-pipeline.groovy
concurrent: true
- trigger:
- gerrit:
- project:
- salt-models/{{name}}:
- branches:
- - master
- event:
- comment:
- - addedContains:
- commentAddedCommentContains: '(recheck|reverify)'
param:
TEST_MODELS:
type: string
@@ -102,8 +92,6 @@
credentials: "jenkins-mk"
script: test-cookiecutter-reclass.groovy
trigger:
- pollscm:
- spec: ${_param:jenkins_pollscm_spec}
gerrit:
project:
mk/{{cookiecutter_template}}:
diff --git a/keystone/client/service/ironic.yml b/keystone/client/service/ironic.yml
index beb99a1..1ab9872 100644
--- a/keystone/client/service/ironic.yml
+++ b/keystone/client/service/ironic.yml
@@ -12,14 +12,6 @@
is_admin: true
password: ${_param:keystone_ironic_password}
email: ${_param:admin_email}
- admin_identity:
- admin:
- user: admin
- password: ${_param:keystone_admin_password}
- project: admin
- host: ${_param:keystone_service_host}
- port: 5000
- region_name: ${_param:openstack_region}
service:
ironic:
type: baremetal
@@ -36,3 +28,11 @@
admin_address: ${_param:ironic_service_host}
admin_port: 6385
admin_path: ''
+ admin_identity:
+ admin:
+ user: admin
+ password: ${_param:keystone_admin_password}
+ project: admin
+ host: ${_param:keystone_service_host}
+ port: 5000
+ region_name: ${_param:openstack_region}