Merge "configure rundeck datasource using"
diff --git a/.releasenotes/notes/rundeck-iframe-7b50b9185b0b27a5.yaml b/.releasenotes/notes/rundeck-iframe-7b50b9185b0b27a5.yaml
new file mode 100644
index 0000000..6cac0a7
--- /dev/null
+++ b/.releasenotes/notes/rundeck-iframe-7b50b9185b0b27a5.yaml
@@ -0,0 +1,18 @@
+---
+summary:
+ - |
+ Forward Rundeck main page through Proxy configurations. Default Rundeck service configuration does not allow to get access through external-proxy-address and exposed rundeck port (by default: 14440).
+ In case of using Devops Portal through external proxy networks, need to define additional configuration, otherwise Rundeck tab will be unavailable.
+
+features:
+ - |
+ * Need to define following configuration on cluster level, then follow instructions in OPS guide:
+
+ .. code-block:: yaml
+ rundeck_forward_iframe: True
+ rundeck_iframe_host: "external-proxy-endpoint"
+ rundeck_iframe_port: "external-proxy-port"
+ rundeck_iframe_ssl: False
+
+fixes:
+ - https://mirantis.jira.com/browse/PROD-16157
diff --git a/devops_portal/service/hce.yml b/devops_portal/service/hce.yml
new file mode 100644
index 0000000..274541c
--- /dev/null
+++ b/devops_portal/service/hce.yml
@@ -0,0 +1,15 @@
+parameters:
+ devops_portal:
+ config:
+ service:
+ hardware-correlation:
+ configure_proxy: true
+ resolve_hostname: true
+ proxy_connect_timeout: 300
+ proxy_send_timeout: 300
+ proxy_read_timeout: 300
+ send_timeout: 300
+ endpoint:
+ address: ${_param:hce_bind_host}
+ port: ${_param:hce_bind_port}
+ https: ${_param:hce_ssl:enabled}
diff --git a/docker/swarm/stack/hce.yml b/docker/swarm/stack/hce.yml
new file mode 100644
index 0000000..f059602
--- /dev/null
+++ b/docker/swarm/stack/hce.yml
@@ -0,0 +1,34 @@
+parameters:
+ _param:
+ docker_hce_replicas: 1
+ docker_image_hce: docker-prod-local.artifactory.mirantis.com/mirantis/oss/hce
+ hce_bind_host: hce-api
+ hce_bind_port: ${_param:haproxy_hce_bind_port}
+ hce_elasticsearch_host: elastic-endpoint-ip
+ hce_elasticsearch_port: elastic-endpoint-port
+ hce_prometheus_host: prometheus-endpoint-ip
+ hce_prometheus_port: prometheus-endpoint-port
+ hce_ssl:
+ enabled: false
+ docker:
+ client:
+ stack:
+ hce:
+ environment:
+ HCEELASTICHOST: ${_param:hce_elasticsearch_host}
+ HCEELASTICPORT: ${_param:hce_elasticsearch_port}
+ HCEPROMETHEUSHOST: ${_param:hce_prometheus_host}
+ HCEPROMETHEUSPORT: ${_param:hce_prometheus_port}
+ service:
+ hce-api:
+ image: ${_param:docker_image_hce}
+ deploy:
+ replicas: ${_param:docker_hce_replicas}
+ restart_policy:
+ condition: any
+ ports:
+ - ${_param:haproxy_hce_exposed_port}:${_param:haproxy_hce_bind_port}
+ network:
+ default:
+ external:
+ name: oss_backend
diff --git a/haproxy/proxy/listen/oss/hce.yml b/haproxy/proxy/listen/oss/hce.yml
new file mode 100644
index 0000000..499674c
--- /dev/null
+++ b/haproxy/proxy/listen/oss/hce.yml
@@ -0,0 +1,33 @@
+parameters:
+ _param:
+ haproxy_hce_bind_host: ${_param:haproxy_bind_address}
+ haproxy_hce_bind_port: 8886
+ haproxy_hce_exposed_port: 18886
+ haproxy_hce_ssl:
+ enabled: false
+ haproxy:
+ proxy:
+ listen:
+ hce:
+ mode: http
+ balance: source
+ http_request:
+ - action: "add-header X-Forwarded-Proto https"
+ condition: "if { ssl_fc }"
+ binds:
+ - address: ${_param:haproxy_hce_bind_host}
+ port: ${_param:haproxy_hce_bind_port}
+ ssl: ${_param:haproxy_hce_ssl}
+ servers:
+ - name: ${_param:cluster_node01_name}
+ host: ${_param:cluster_node01_address}
+ port: ${_param:haproxy_hce_exposed_port}
+ params: check
+ - name: ${_param:cluster_node02_name}
+ host: ${_param:cluster_node02_address}
+ port: ${_param:haproxy_hce_exposed_port}
+ params: backup check
+ - name: ${_param:cluster_node03_name}
+ host: ${_param:cluster_node03_address}
+ port: ${_param:haproxy_hce_exposed_port}
+ params: backup check
diff --git a/jenkins/client/approved_scripts.yml b/jenkins/client/approved_scripts.yml
index 4f12bd6..1973906 100644
--- a/jenkins/client/approved_scripts.yml
+++ b/jenkins/client/approved_scripts.yml
@@ -131,6 +131,7 @@
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods toBoolean java.lang.Boolean
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getAt java.lang.Object java.lang.String
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods multiply java.lang.String java.lang.Number
+ - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods minus java.lang.String java.lang.Object
- method java.io.File listFiles
- method java.lang.String concat java.lang.String
- method org.jenkinsci.plugins.workflow.steps.FlowInterruptedException getCauses
diff --git a/jenkins/client/job/deploy/update/update_mirror_image.yml b/jenkins/client/job/deploy/update/update_mirror_image.yml
index 75363db..3b34d12 100644
--- a/jenkins/client/job/deploy/update/update_mirror_image.yml
+++ b/jenkins/client/job/deploy/update/update_mirror_image.yml
@@ -22,4 +22,37 @@
default: "${_param:jenkins_salt_api_url}"
SALT_MASTER_CREDENTIALS:
type: string
- default: "salt"
\ No newline at end of file
+ default: "salt"
+ UPDATE_APTLY:
+ type: boolean
+ default: 'true'
+ UPDATE_APTLY_MIRRORS:
+ type: string
+ default: ""
+ PUBLISH_APTLY:
+ type: boolean
+ default: 'true'
+ RECREATE_APTLY_PUBLISHES:
+ type: boolean
+ default: 'false'
+ FORCE_OVERWRITE_APTLY_PUBLISHES:
+ type: boolean
+ default: 'false'
+ CLEANUP_APTLY:
+ type: boolean
+ default: 'false'
+ UPDATE_DOCKER_REGISTRY:
+ type: boolean
+ default: 'true'
+ CLEANUP_DOCKER_CACHE:
+ type: boolean
+ default: 'false'
+ UPDATE_PYPI:
+ type: boolean
+ default: 'true'
+ UPDATE_GIT:
+ type: boolean
+ default: 'true'
+ UPDATE_IMAGES:
+ type: boolean
+ default: 'true'
\ No newline at end of file
diff --git a/jenkins/client/job/docker/oss/hce-codebase.yml b/jenkins/client/job/docker/oss/hce-codebase.yml
new file mode 100644
index 0000000..41fe789
--- /dev/null
+++ b/jenkins/client/job/docker/oss/hce-codebase.yml
@@ -0,0 +1,73 @@
+parameters:
+ jenkins:
+ client:
+ job:
+ docker-build-images-hce-codebase:
+ name: docker-build-images-hce-codebase
+ discard:
+ build:
+ keep_num: 25
+ artifact:
+ keep_num: 25
+ type: workflow-scm
+ concurrent: true
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/oss/jenkins/pipelines"
+ credentials: "gerrit"
+ script: docker-build-image-pipeline.groovy
+ trigger:
+ gerrit:
+ project:
+ "oss/hce":
+ branches:
+ - master
+ skip_vote:
+ - successful
+ - failed
+ - unstable
+ - not_built
+ event:
+ patchset:
+ - created:
+ excludeDrafts: false
+ excludeNoCodeChange: false
+ change:
+ - merged
+ comment:
+ - addedContains:
+ commentAddedCommentContains: 'rebuild'
+ param:
+ IMAGE_NAME:
+ type: string
+ default: "hce"
+ IMAGE_TAGS:
+ type: string
+ default: ""
+ CREDENTIALS_ID:
+ type: string
+ default: "gerrit"
+ DOCKER_REGISTRY:
+ type: string
+ default: "docker-dev-virtual.docker.mirantis.net"
+ PROJECT_NAMESPACE:
+ type: string
+ default: "oss"
+ DOCKERFILE_PATH:
+ type: string
+ default: "Dockerfile"
+ CONTEXT_PATH:
+ type: string
+ default: "."
+ CUSTOM_GERRIT_PROJECT:
+ type: string
+ default: oss/docker-hce
+ CUSTOM_GERRIT_BRANCH:
+ type: string
+ default: master
+ CI_BUILD_ARG_HCE_REPO:
+ type: string
+ default: ""
+ CI_BUILD_ARG_HCE_REF:
+ type: string
+ default: ""
diff --git a/jenkins/client/job/docker/oss/hce-docker.yml b/jenkins/client/job/docker/oss/hce-docker.yml
new file mode 100644
index 0000000..33372b9
--- /dev/null
+++ b/jenkins/client/job/docker/oss/hce-docker.yml
@@ -0,0 +1,61 @@
+parameters:
+ jenkins:
+ client:
+ job:
+ docker-build-images-hce-docker:
+ name: docker-build-images-hce-docker
+ discard:
+ build:
+ keep_num: 25
+ artifact:
+ keep_num: 25
+ type: workflow-scm
+ concurrent: true
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/oss/jenkins/pipelines"
+ credentials: "gerrit"
+ script: docker-build-image-pipeline.groovy
+ trigger:
+ gerrit:
+ project:
+ "oss/docker-hce":
+ branches:
+ - master
+ skip_vote:
+ - successful
+ - failed
+ - unstable
+ - not_built
+ event:
+ patchset:
+ - created:
+ excludeDrafts: false
+ excludeNoCodeChange: false
+ change:
+ - merged
+ comment:
+ - addedContains:
+ commentAddedCommentContains: 'rebuild'
+ param:
+ IMAGE_NAME:
+ type: string
+ default: "hce"
+ IMAGE_TAGS:
+ type: string
+ default: ""
+ CREDENTIALS_ID:
+ type: string
+ default: "gerrit"
+ DOCKER_REGISTRY:
+ type: string
+ default: "docker-dev-virtual.docker.mirantis.net"
+ PROJECT_NAMESPACE:
+ type: string
+ default: "oss"
+ DOCKERFILE_PATH:
+ type: string
+ default: "Dockerfile"
+ CONTEXT_PATH:
+ type: string
+ default: "."
diff --git a/jenkins/client/job/docker/oss/init.yml b/jenkins/client/job/docker/oss/init.yml
index 386ea75..9b1e49b 100644
--- a/jenkins/client/job/docker/oss/init.yml
+++ b/jenkins/client/job/docker/oss/init.yml
@@ -6,6 +6,8 @@
- system.jenkins.client.job.docker.oss.pushkin-docker
- system.jenkins.client.job.docker.oss.pushkin-codebase
- system.jenkins.client.job.docker.oss.pushkin-codebase-ext
+ - system.jenkins.client.job.docker.oss.hce-docker
+ - system.jenkins.client.job.docker.oss.hce-codebase
- system.jenkins.client.job.docker.oss.rundeck
- system.jenkins.client.job.docker.oss.security-monkey-docker
- system.jenkins.client.job.docker.oss.security-monkey-codebase-openstack
diff --git a/openssh/server/team/members/korlowska.yml b/openssh/server/team/members/korlowska.yml
index f175273..cde10d1 100644
--- a/openssh/server/team/members/korlowska.yml
+++ b/openssh/server/team/members/korlowska.yml
@@ -11,7 +11,6 @@
email: korlowska@mirantis.com
openssh:
server:
- enabled: true
user:
korlowska:
enabled: true
diff --git a/openssh/server/team/members/miwinski.yml b/openssh/server/team/members/miwinski.yml
index 5dc9d80..676fd3c 100644
--- a/openssh/server/team/members/miwinski.yml
+++ b/openssh/server/team/members/miwinski.yml
@@ -11,7 +11,6 @@
email: miwinski@mirantis.com
openssh:
server:
- enabled: true
user:
miwinski:
enabled: true
diff --git a/openssh/server/team/members/mlos.yml b/openssh/server/team/members/mlos.yml
index 6b30817..fe7b8f4 100644
--- a/openssh/server/team/members/mlos.yml
+++ b/openssh/server/team/members/mlos.yml
@@ -11,7 +11,6 @@
email: mlos@mirantis.com
openssh:
server:
- enabled: true
user:
mlos:
enabled: true
diff --git a/openssh/server/team/members/mniedbala.yml b/openssh/server/team/members/mniedbala.yml
index 30f7f30..a4ca5c8 100644
--- a/openssh/server/team/members/mniedbala.yml
+++ b/openssh/server/team/members/mniedbala.yml
@@ -11,7 +11,6 @@
email: mniedbala@mirantis.com
openssh:
server:
- enabled: true
user:
mniedbala:
enabled: true
diff --git a/openssh/server/team/members/pruzicka.yml b/openssh/server/team/members/pruzicka.yml
index 93aca1f..d56d3d6 100644
--- a/openssh/server/team/members/pruzicka.yml
+++ b/openssh/server/team/members/pruzicka.yml
@@ -11,7 +11,6 @@
email: pruzicka@mirantis.com
openssh:
server:
- enabled: true
user:
pruzicka:
enabled: true
diff --git a/rundeck/client/init.yml b/rundeck/client/init.yml
index 31b7ee9..f97b8da 100644
--- a/rundeck/client/init.yml
+++ b/rundeck/client/init.yml
@@ -17,3 +17,4 @@
credentials:
username: ${_param:rundeck_client_username}
password: ${_param:rundeck_client_password}
+ api_token: ${_param:rundeck_client_password}
diff --git a/rundeck/server/docker.yml b/rundeck/server/docker.yml
index e43a03f..d7f1a18 100644
--- a/rundeck/server/docker.yml
+++ b/rundeck/server/docker.yml
@@ -4,6 +4,10 @@
parameters:
_param:
rundeck_server_ssh_timeout: 300000
+ rundeck_forward_iframe: False
+ rundeck_iframe_host: "external-proxy-endpoint"
+ rundeck_iframe_port: ${_param:haproxy_rundeck_exposed_port}
+ rundeck_iframe_ssl: False
rundeck:
server:
user:
@@ -15,6 +19,11 @@
host: ${_param:haproxy_rundeck_bind_host}
port: ${_param:haproxy_rundeck_bind_port}
https: ${_param:haproxy_rundeck_ssl:enabled}
+ iframe:
+ external_forward: ${_param:rundeck_forward_iframe}
+ host: ${_param:rundeck_iframe_host}
+ port: ${_param:rundeck_iframe_port}
+ https: ${_param:rundeck_iframe_ssl}
ssh:
user: ${_param:rundeck_runbook_user}
private_key: ${_param:rundeck_runbook_private_key}
diff --git a/salt/master/pillar/composite/init.yml b/salt/master/pillar/composite/init.yml
new file mode 100644
index 0000000..c095d59
--- /dev/null
+++ b/salt/master/pillar/composite/init.yml
@@ -0,0 +1,2 @@
+classes:
+- service.salt.master.pillar.composite
diff --git a/salt/master/pillar/composite/nacl.yml b/salt/master/pillar/composite/nacl.yml
new file mode 100644
index 0000000..a2d382b
--- /dev/null
+++ b/salt/master/pillar/composite/nacl.yml
@@ -0,0 +1,2 @@
+classes:
+- service.salt.master.pillar.composite.nacl
diff --git a/salt/master/pillar/composite/reclass.yml b/salt/master/pillar/composite/reclass.yml
new file mode 100644
index 0000000..0b5443b
--- /dev/null
+++ b/salt/master/pillar/composite/reclass.yml
@@ -0,0 +1,2 @@
+classes:
+- service.salt.master.pillar.composite.reclass
diff --git a/salt/master/pillar/composite/saltclass.yml b/salt/master/pillar/composite/saltclass.yml
new file mode 100644
index 0000000..8ff5e0b
--- /dev/null
+++ b/salt/master/pillar/composite/saltclass.yml
@@ -0,0 +1,2 @@
+classes:
+- service.salt.master.pillar.composite.saltclass
diff --git a/salt/master/pillar/reclass.yml b/salt/master/pillar/reclass.yml
new file mode 100644
index 0000000..cfeca33
--- /dev/null
+++ b/salt/master/pillar/reclass.yml
@@ -0,0 +1,2 @@
+classes:
+- service.salt.master.pillar.reclass