Merge "Switch to upstream postgres docker image for OSS tooling"
diff --git a/docker/swarm/stack/monitoring.yml b/docker/swarm/stack/monitoring.yml
index 091add5..4371367 100644
--- a/docker/swarm/stack/monitoring.yml
+++ b/docker/swarm/stack/monitoring.yml
@@ -77,10 +77,7 @@
data_dir: ${_param:prometheus_server_data_directory}
bind_port: ${prometheus:server:bind:port}
bind_address: ${prometheus:server:bind:address}
- alertmanager_port: ${prometheus:alertmanager:bind:port}
storage_local_engine: ${prometheus:server:storage:local:engine}
storage_local_retention: ${prometheus:server:storage:local:retention}
- storage_local_memory_chunks: ${prometheus:server:storage:local:memory_chunks}
- storage_local_max_chunks_to_persist: ${prometheus:server:storage:local:max_chunks_to_persist}
+ storage_local_target_heap_size: ${prometheus:server:storage:local:target_heap_size}
storage_local_num_fingerprint_mutexes: ${prometheus:server:storage:local:num_fingerprint_mutexes}
- discovery_domain: 'monitoring_alertmanager'
diff --git a/docker/swarm/stack/rundeck.yml b/docker/swarm/stack/rundeck.yml
index f89619a..a4ec24b 100644
--- a/docker/swarm/stack/rundeck.yml
+++ b/docker/swarm/stack/rundeck.yml
@@ -1,7 +1,7 @@
parameters:
_param:
docker_rundeck_replicas: 1
- docker_image_rundeck: docker-sandbox.sandbox.mirantis.net/ikharin/oss/rundeck:devel
+ docker_image_rundeck: docker-sandbox.sandbox.mirantis.net/ikharin/oss/rundeck:2.7.3-1
docker:
client:
stack:
diff --git a/freeipa/client/cluster.yml b/freeipa/client/cluster.yml
new file mode 100644
index 0000000..2276530
--- /dev/null
+++ b/freeipa/client/cluster.yml
@@ -0,0 +1,14 @@
+classes:
+- service.freeipa.client
+parameters:
+ freeipa:
+ client:
+ enabled: true
+ hostname: ${linux:system:name}
+ servers:
+ - ${_param:freeipa_node01_hostname}
+ - ${_param:freeipa_node02_hostname}
+ - ${_param:freeipa_node03_hostname}
+ domain: ${_param:cluster_domain}
+ realm: ${_param:freeipa_realm}
+ otp: ${_param:freeipa_otp}
\ No newline at end of file
diff --git a/freeipa/client/single.yml b/freeipa/client/single.yml
new file mode 100644
index 0000000..7804bd1
--- /dev/null
+++ b/freeipa/client/single.yml
@@ -0,0 +1,12 @@
+classes:
+- service.freeipa.client
+parameters:
+ freeipa:
+ client:
+ enabled: true
+ hostname: ${linux:system:name}
+ servers:
+ - ${_param:freeipa_node01_hostname}
+ domain: ${_param:cluster_domain}
+ realm: ${_param:freeipa_realm}
+ otp: ${_param:freeipa_otp}
\ No newline at end of file
diff --git a/jenkins/client/job/debian/packages/extra.yml b/jenkins/client/job/debian/packages/extra.yml
index b7de941..c902f32 100644
--- a/jenkins/client/job/debian/packages/extra.yml
+++ b/jenkins/client/job/debian/packages/extra.yml
@@ -105,6 +105,10 @@
dist: xenial
build: pipeline
branch: debian/xenial
+ - package: python-pydbus
+ dist: xenial
+ build: pipeline
+ branch: debian/xenial
- package: python-docker
dist: xenial
build: pipeline
diff --git a/jenkins/client/job/debian/packages/horizon/modules.yml b/jenkins/client/job/debian/packages/horizon/modules.yml
index 235c84c..0df27ad 100644
--- a/jenkins/client/job/debian/packages/horizon/modules.yml
+++ b/jenkins/client/job/debian/packages/horizon/modules.yml
@@ -6,6 +6,18 @@
name: build-debian-horizon-module-{{name}}-{{os_version}}-{{os}}-{{dist}}
jobs:
# Trusty
+ - name: horizon-neutron-lbaasv2-panel
+ os: ubuntu
+ dist: trusty
+ os_version: ocata
+ branch: stable/ocata
+ # Xenial
+ - name: horizon-neutron-lbaasv2-panel
+ os: ubuntu
+ dist: xenial
+ os_version: ocata
+ branch: stable/ocata
+ # Trusty
- name: horizon-overrides-plugin
os: ubuntu
dist: trusty
@@ -18,6 +30,30 @@
os_version: mitaka
branch: master
# Trusty
+ - name: horizon-overrides-plugin
+ os: ubuntu
+ dist: trusty
+ os_version: ocata
+ branch: master
+ # Xenial
+ - name: horizon-overrides-plugin
+ os: ubuntu
+ dist: xenial
+ os_version: ocata
+ branch: master
+ # Trusty
+ - name: horizon-contrib
+ os: ubuntu
+ dist: trusty
+ os_version: ocata
+ branch: master
+ # Xenial
+ - name: horizon-contrib
+ os: ubuntu
+ dist: xenial
+ os_version: ocata
+ branch: master
+ # Trusty
- name: horizon-contrail-panels
os: ubuntu
dist: trusty
diff --git a/jenkins/client/job/debian/packages/horizon/themes.yml b/jenkins/client/job/debian/packages/horizon/themes.yml
index a5ad56a..a26977f 100644
--- a/jenkins/client/job/debian/packages/horizon/themes.yml
+++ b/jenkins/client/job/debian/packages/horizon/themes.yml
@@ -10,13 +10,25 @@
os: ubuntu
dist: trusty
os_version: mitaka
- branch: master
+ branch: stable/mitaka
# Xenial
- name: horizon-mirantis-theme
os: ubuntu
dist: xenial
os_version: mitaka
- branch: master
+ branch: stable/mitaka
+ # Trusty
+ - name: horizon-mirantis-theme
+ os: ubuntu
+ dist: trusty
+ os_version: ocata
+ branch: stable/ocata
+ # Xenial
+ - name: horizon-mirantis-theme
+ os: ubuntu
+ dist: xenial
+ os_version: ocata
+ branch: stable/ocata
template:
discard:
build:
diff --git a/jenkins/client/job/deploy/lab/mk/cloud.yml b/jenkins/client/job/deploy/lab/mk/cloud.yml
index cbbcd34..6bffea0 100644
--- a/jenkins/client/job/deploy/lab/mk/cloud.yml
+++ b/jenkins/client/job/deploy/lab/mk/cloud.yml
@@ -13,7 +13,7 @@
client:
job_template:
cloud_deploy_heat_template:
- name: cloud-deploy-{{stack_type}}-{{stack_name}}
+ name: deploy-{{stack_type}}-{{stack_name}}
jobs: ${_param:jenkins_cloud_deploy_pipelines}
template:
type: workflow-scm
@@ -64,6 +64,9 @@
STACK_TEMPLATE_BRANCH:
type: string
default: "master"
+ STACK_CLEANUP_JOB:
+ type: string
+ default: ''
# salt master
SALT_MASTER_CREDENTIALS:
@@ -73,13 +76,17 @@
type: string
default: ""
- # openstack api
+ # aws api
AWS_STACK_REGION:
type: string
default: "us-west-2"
AWS_API_CREDENTIALS:
type: string
- default: "aws-qa-credentials"
+ default: "aws-credentials"
+ AWS_SSH_KEY:
+ type: string
+ default: "jenkins-mk"
+
# openstack api
OPENSTACK_API_URL:
diff --git a/jenkins/client/job/deploy/lab/mk/init.yml b/jenkins/client/job/deploy/lab/mk/init.yml
index fba15ef..9e988ba 100644
--- a/jenkins/client/job/deploy/lab/mk/init.yml
+++ b/jenkins/client/job/deploy/lab/mk/init.yml
@@ -27,29 +27,39 @@
STACK_TYPE:
type: string
default: "{{stack_type}}"
- INSTALL:
+ STACK_INSTALL:
type: string
default: "{{install}}"
- TEST:
+ STACK_TEST:
type: string
default: "{{test}}"
- # heat
- HEAT_TEMPLATE_URL:
+ STACK_TEMPLATE_URL:
type: string
default: "${_param:jenkins_gerrit_url}/mk/heat-templates"
- HEAT_TEMPLATE_CREDENTIALS:
+ STACK_TEMPLATE_CREDENTIALS:
type: string
default: "gerrit"
- HEAT_TEMPLATE_BRANCH:
+ STACK_TEMPLATE_BRANCH:
type: string
default: "master"
- HEAT_STACK_NAME:
+ STACK_NAME:
type: string
description: Heat stack name. Will be generated if missing.
- HEAT_STACK_TEMPLATE:
+ STACK_TEMPLATE:
type: string
default: "{{lab}}"
+ STACK_DELETE:
+ type: boolean
+ default: 'true'
+ description: "Don't enable it if you need to use the lab after"
+ STACK_REUSE:
+ type: boolean
+ default: 'false'
+ STACK_CLEANUP_JOB:
+ type: string
+ default: 'deploy-heat-cleanup'
+ # heat
HEAT_STACK_ENVIRONMENT:
type: string
default: "tcpisek"
@@ -59,13 +69,6 @@
HEAT_STACK_PUBLIC_NET:
type: string
default: "mirantis-private"
- HEAT_STACK_DELETE:
- type: boolean
- default: 'true'
- description: "Don't enable it if you need to use the lab after"
- HEAT_STACK_REUSE:
- type: boolean
- default: 'false'
# salt master
SALT_MASTER_CREDENTIALS:
diff --git a/jenkins/client/job/deploy/openstack.yml b/jenkins/client/job/deploy/openstack.yml
index 644b16b..cad1182 100644
--- a/jenkins/client/job/deploy/openstack.yml
+++ b/jenkins/client/job/deploy/openstack.yml
@@ -20,7 +20,7 @@
STACK_TYPE:
type: string
default: "physical"
- INSTALL:
+ STACK_INSTALL:
type: string
default: "core,kvm,openstack,stacklight"
diff --git a/jenkins/client/job/docker/build-images.yml b/jenkins/client/job/docker/build-images.yml
index 1cc3709..e9e7447 100644
--- a/jenkins/client/job/docker/build-images.yml
+++ b/jenkins/client/job/docker/build-images.yml
@@ -1,7 +1,7 @@
parameters:
jenkins:
client:
- job:
+ job_template:
docker-build-images:
name: "docker-build-images-{{name}}"
jobs:
diff --git a/jenkins/client/job/salt-formulas/tests.yml b/jenkins/client/job/salt-formulas/tests.yml
index 69a0f9b..0f3b405 100644
--- a/jenkins/client/job/salt-formulas/tests.yml
+++ b/jenkins/client/job/salt-formulas/tests.yml
@@ -153,3 +153,6 @@
DEFAULT_GIT_REF:
type: string
default: master
+ KITCHEN_TESTS_PARALLEL:
+ type: boolean
+ default: 'false'
diff --git a/jenkins/client/job/salt-models/generate.yml b/jenkins/client/job/salt-models/generate.yml
index 697ab51..f88c54d 100644
--- a/jenkins/client/job/salt-models/generate.yml
+++ b/jenkins/client/job/salt-models/generate.yml
@@ -44,3 +44,6 @@
default: false
EMAIL_ADDRESS:
type: string
+ TEST_MODEL:
+ type: boolean
+ default: true
diff --git a/jenkins/client/job/test_devops_portal.yml b/jenkins/client/job/test_devops_portal.yml
index 41be263..5cf4c79 100644
--- a/jenkins/client/job/test_devops_portal.yml
+++ b/jenkins/client/job/test_devops_portal.yml
@@ -41,15 +41,11 @@
JSON_CONFIG:
type: string
default: '{"services": {"elasticsearch": {"endpoint": "http://elasticsearch:9200"}}}'
- NODE_IMAGE:
- type: string
- default: "docker-sandbox.sandbox.mirantis.net/ikharin/ci/node-firefox:6.10"
COMMANDS:
type: text
default: |
npm run lint
npm run test:unit
- npm run test:functional
DEFAULT_GIT_URL:
type: string
default: "${_param:jenkins_gerrit_url}/oss/devops-portal"
diff --git a/jenkins/slave/docker.yml b/jenkins/slave/docker.yml
index ea3639b..ddf997b 100644
--- a/jenkins/slave/docker.yml
+++ b/jenkins/slave/docker.yml
@@ -15,4 +15,13 @@
hosts:
- ALL
commands:
- - /usr/bin/docker
\ No newline at end of file
+ - /usr/bin/docker
+ docker:
+ client:
+ network:
+ docker_gwbridge:
+ subnet: 10.20.0.0/16
+ opt:
+ com.docker.network.bridge.name: docker_gwbridge
+ com.docker.network.bridge.enable_icc: false
+ com.docker.network.bridge.enable_ip_masquerade: true
\ No newline at end of file
diff --git a/keystone/server/cluster.yml b/keystone/server/cluster.yml
index 6db4f7a..f077faf 100644
--- a/keystone/server/cluster.yml
+++ b/keystone/server/cluster.yml
@@ -41,3 +41,6 @@
password: ${_param:rabbitmq_openstack_password}
virtual_host: '/openstack'
ha_queues: true
+ auth_methods:
+ - password
+ - token
diff --git a/keystone/server/single.yml b/keystone/server/single.yml
index 26c7d2b..aae179f 100644
--- a/keystone/server/single.yml
+++ b/keystone/server/single.yml
@@ -41,4 +41,13 @@
user: openstack
password: ${_param:rabbitmq_openstack_password}
virtual_host: '/openstack'
- ha_queues: true
\ No newline at end of file
+ ha_queues: true
+ roles:
+ - admin
+ - Member
+ - image_manager
+ auth_methods:
+ - password
+ - token
+ database:
+ host: 127.0.0.1
diff --git a/keystone/server/websso.yml b/keystone/server/websso.yml
new file mode 100644
index 0000000..0960ccb
--- /dev/null
+++ b/keystone/server/websso.yml
@@ -0,0 +1,15 @@
+classes:
+- service.shibboleth.server.cluster
+parameters:
+ keystone:
+ server:
+ websso:
+ protocol: saml2
+ remote_id_attribute: Shib-Identity-Provider
+ federation_driver: keystone.contrib.federation.backends.sql.Federation
+ trusted_dashboard:
+ - https://${_param:cluster_public_host}/auth/websso/
+ - https://${_param:proxy_vip_host}/auth/websso/
+ auth_methods:
+ - saml2
+ - external
diff --git a/linux/system/repo/mcp/contrail.yml b/linux/system/repo/mcp/contrail.yml
index c0ecc92..0d9d68e 100644
--- a/linux/system/repo/mcp/contrail.yml
+++ b/linux/system/repo/mcp/contrail.yml
@@ -1,15 +1,16 @@
parameters:
_param:
- linux_repo_contrail_component: oc311
apt_mk_version: stable
+ linux_repo_contrail_component: oc311
+ linux_system_repo_mcp_contrail_version: ${_param:apt_mk_version}
linux:
system:
repo:
mcp_opencontrail:
- source: "deb [arch=amd64] http://apt-mk.mirantis.com/${_param:linux_system_codename}/ ${_param:apt_mk_version} ${_param:openstack_version} ${_param:linux_repo_contrail_component} extra"
+ source: "deb [arch=amd64] http://apt-mk.mirantis.com/${_param:linux_system_codename}/ ${_param:linux_system_repo_mcp_contrail_version} ${_param:openstack_version} ${_param:linux_repo_contrail_component} extra"
architectures: amd64
key_url: "http://apt-mk.mirantis.com/public.gpg"
pin:
- - pin: 'release a=${_param:apt_mk_version}'
+ - pin: 'release a=${_param:linux_system_repo_mcp_contrail_version}'
priority: 1100
package: '*'
diff --git a/linux/system/repo/mcp/extra.yml b/linux/system/repo/mcp/extra.yml
index 00de9ea..826969b 100644
--- a/linux/system/repo/mcp/extra.yml
+++ b/linux/system/repo/mcp/extra.yml
@@ -1,15 +1,16 @@
parameters:
_param:
apt_mk_version: stable
+ linux_system_repo_mcp_extra_version: ${_param:apt_mk_version}
linux:
system:
repo:
mcp_extra:
- source: "deb [arch=amd64] http://apt-mk.mirantis.com/${_param:linux_system_codename}/ ${_param:apt_mk_version} extra"
+ source: "deb [arch=amd64] http://apt-mk.mirantis.com/${_param:linux_system_codename}/ ${_param:linux_system_repo_mcp_extra_version} extra"
architectures: amd64
key_url: "http://apt-mk.mirantis.com/public.gpg"
clean_file: true
pin:
- - pin: 'release a=${_param:apt_mk_version}'
+ - pin: 'release a=${_param:linux_system_repo_mcp_extra_version}'
priority: 1100
package: '*'
diff --git a/linux/system/repo/mcp/openstack.yml b/linux/system/repo/mcp/openstack.yml
index 9f26821..249f5b2 100644
--- a/linux/system/repo/mcp/openstack.yml
+++ b/linux/system/repo/mcp/openstack.yml
@@ -1,6 +1,7 @@
parameters:
_param:
apt_mk_version: stable
+ linux_system_repo_mk_openstack_version: ${_param:apt_mk_version}
linux:
system:
repo:
@@ -45,10 +46,10 @@
priority: 1100
package: '*'
mk_openstack:
- source: "deb [arch=amd64] http://apt-mk.mirantis.com/${_param:linux_system_codename}/ ${_param:apt_mk_version} ${_param:openstack_version}"
+ source: "deb [arch=amd64] http://apt-mk.mirantis.com/${_param:linux_system_codename}/ ${_param:linux_system_repo_mk_openstack_version} ${_param:openstack_version}"
architectures: amd64
key_url: "http://apt-mk.mirantis.com/public.gpg"
pin:
- - pin: 'release a=${_param:apt_mk_version}'
+ - pin: 'release a=${_param:linux_system_repo_mk_openstack_version}'
priority: 1100
package: '*'
diff --git a/linux/system/repo/mcp/salt.yml b/linux/system/repo/mcp/salt.yml
index d40cc5f..6d79919 100644
--- a/linux/system/repo/mcp/salt.yml
+++ b/linux/system/repo/mcp/salt.yml
@@ -1,15 +1,16 @@
parameters:
_param:
apt_mk_version: stable
+ linux_system_repo_mcp_salt_version: ${_param:apt_mk_version}
linux:
system:
repo:
mcp_salt:
- source: "deb [arch=amd64] http://apt-mk.mirantis.com/${_param:linux_system_codename}/ ${_param:apt_mk_version} salt"
+ source: "deb [arch=amd64] http://apt-mk.mirantis.com/${_param:linux_system_codename}/ ${_param:linux_system_repo_mcp_salt_version} salt"
architectures: amd64
key_url: "http://apt-mk.mirantis.com/public.gpg"
clean_file: true
pin:
- - pin: 'release a=${_param:apt_mk_version}'
+ - pin: 'release a=${_param:linux_system_repo_mcp_salt_version}'
priority: 1100
package: '*'
diff --git a/linux/system/repo_local/mcp/contrail.yml b/linux/system/repo_local/mcp/contrail.yml
index 89a7236..3d02acf 100644
--- a/linux/system/repo_local/mcp/contrail.yml
+++ b/linux/system/repo_local/mcp/contrail.yml
@@ -1,13 +1,14 @@
parameters:
_param:
+ apt_mk_version: stable
linux_repo_contrail_component: oc311
contrail_repo_pin_priority: 200
- apt_mk_version: stable
+ linux_system_repo_mcp_contrail_version: ${_param:apt_mk_version}
linux:
system:
repo:
mcp_opencontrail:
refresh_db: ${_param:linux_repo_refresh_db}
- source: "deb [arch=amd64] http://${_param:local_repo_url}/ubuntu-${_param:linux_system_codename}/ ${_param:apt_mk_version} ${_param:linux_repo_contrail_component}"
+ source: "deb [arch=amd64] http://${_param:local_repo_url}/ubuntu-${_param:linux_system_codename}/ ${_param:linux_system_repo_mcp_contrail_version} ${_param:linux_repo_contrail_component}"
architectures: amd64
key_url: "http://${_param:local_repo_url}/public.gpg"
diff --git a/linux/system/repo_local/mcp/extra.yml b/linux/system/repo_local/mcp/extra.yml
index a0c54d6..b7ae91a 100644
--- a/linux/system/repo_local/mcp/extra.yml
+++ b/linux/system/repo_local/mcp/extra.yml
@@ -1,11 +1,12 @@
parameters:
_param:
apt_mk_version: stable
+ linux_system_repo_mcp_extra_version: ${_param:apt_mk_version}
linux:
system:
repo:
mcp_extra:
refresh_db: ${_param:linux_repo_refresh_db}
- source: "deb [arch=amd64] http://${_param:local_repo_url}/ubuntu-${_param:linux_system_codename}/ ${_param:apt_mk_version} extra"
+ source: "deb [arch=amd64] http://${_param:local_repo_url}/ubuntu-${_param:linux_system_codename}/ ${_param:linux_system_repo_mcp_extra_version} extra"
architectures: amd64
key_url: "http://${_param:local_repo_url}/public.gpg"
diff --git a/linux/system/repo_local/mcp/salt.yml b/linux/system/repo_local/mcp/salt.yml
index 3abbf92..dafa8e7 100644
--- a/linux/system/repo_local/mcp/salt.yml
+++ b/linux/system/repo_local/mcp/salt.yml
@@ -1,11 +1,12 @@
parameters:
_param:
apt_mk_version: stable
+ linux_system_repo_mcp_salt_version: ${_param:apt_mk_version}
linux:
system:
repo:
mcp_salt:
refresh_db: ${_param:linux_repo_refresh_db}
- source: "deb [arch=amd64] http://${_param:local_repo_url}/ubuntu-${_param:linux_system_codename}/ ${_param:apt_mk_version} salt"
+ source: "deb [arch=amd64] http://${_param:local_repo_url}/ubuntu-${_param:linux_system_codename}/ ${_param:linux_system_repo_mcp_salt_version} salt"
architectures: amd64
- key_url: "http://${_param:local_repo_url}/public.gpg"
\ No newline at end of file
+ key_url: "http://${_param:local_repo_url}/public.gpg"
diff --git a/linux/system/single.yml b/linux/system/single.yml
index 2c538f5..ef23a39 100644
--- a/linux/system/single.yml
+++ b/linux/system/single.yml
@@ -57,3 +57,8 @@
- type: hard
item: nproc
value: 307200
+ systemd:
+ system:
+ Manager:
+ DefaultLimitNOFILE: 307200
+ DefaultLimitNPROC: 307200
diff --git a/openssh/server/team/stacklight.yml b/openssh/server/team/stacklight.yml
index a35e450..6d55bee 100644
--- a/openssh/server/team/stacklight.yml
+++ b/openssh/server/team/stacklight.yml
@@ -86,6 +86,13 @@
full_name: Aleksandr Kholkin
home: /home/akholkin
email: akholkin@mirantis.com
+ kszukielojc:
+ enabled: true
+ name: kszukielojc
+ sudo: true
+ full_name: Krzysztof Szukiełojć
+ home: /home/kszukielojc
+ email: kszukielojc@mirantis.com
openssh:
client:
enabled: true
@@ -152,6 +159,11 @@
public_keys:
- ${public_keys:akholkin}
user: ${linux:system:user:akholkin}
+ kszukielojc:
+ enable: true
+ public_keys:
+ - ${public_keys:kszukielojc}
+ user: ${linux:system:user:kszukielojc}
public_keys:
newt:
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3odU+3V2uDA2ptAFL9hrJRPNEEdAyztWOZFQ5Oyd9oerTGOU3p4xmrgWWjfKFKbYGhiiIUcYAol5PkTfKukGEkkjCHYA1t023soCaaAj85wCZCnw2zQNAziwxTYmAzTqgxiSvtZNMMrtJvFHRIRDzJ3M1lV0prWNWkMM1/3FAd4W49y6VT3fkMCo8uqG7CfGdgR2DgBCxf9KaNPfW5eDEPOgmE5lK8tVSEI6T+Cg7hbcTf4lFYnlFBnlQgp/0JstsM4Vbwb4B34LOpOsf2S8rrWk2xQMjwaMHXkc2s/E8iW3F5nVFuyEXYISFQIiAHw8dzC6CHgLcyHUVWwznKawZ newt@newt-dev1
@@ -177,3 +189,5 @@
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDflz5rJEC6+yKOteNG2uzObQCtV/c/Rnu9Aku1AJWLMMlouID7RaCUrP642xH2z11kZE+sZk/4c3515M5SPQFVKhjGceftbnI9I7DI1KF4OJwMCSfmACDHM3bJcld8eiKTRBxtk32i6YPdNi6m9unHvPultTIBJCxRP/KVyxOOnQparsSSBhBj2t3Kis+3dnDZNBUJJDWyo69FD0RvAOaWZdogwes0nCl+3JJSNWsATqyS+bi4ojqJimHFKiW2sz8qMX3cMzu9uTx1OWvJWJRgOV5/tPsuuNVt75zPAOsfJnIqQJtpkdZAb4SYK+0jLFcLvB6GBgXY3aHk9nHu9MHr isvetlov@ubuntu
akholkin:
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDjpy9RI6iEDH/04eOOwreDa+R32USZiWxyFiKHa8zoDAlOfwaZVg6mZWepOxzwxCJPYusPGXCwQ6Zw9tHxVWOCgtzzPpsCCfhUU4v+99Wh08//W8d/s/WFka+5vqyskAO5Z8Ekk+kQU+jpUBG8/gMxAPBjj0fFc5BNeqDY9r9nmMNK6N2RVjvA6wZ8G5hLGxL9bn5Prhf/+avui1NAfy6gsT/mRt1W+eHWTvpijyNGm+m83jU34dQO6gE48n6WdSylLh/fY/p31rzAURaq1V/AZhdbSuZ8aJYDnfHevpK5+hMjoOop3v3hb7WHEmybGujQfW5HVaaWmG7SFlHeKGE/gZ2P9T+bQ+SgO+PmEAw4LayiBkzTPAHdZ2UGZe+3BI5gdM/ayovK2WVO1jS5FNlNGIvEQW+ws9V+ph+S1jL4jobDJEjs358iXrAYpf4JL+LvxFHiuj6EL51tbo8EU22z5mmgRQQ5eFrDzBuVLhcim651A3a5iSlmCeAQ5rTmHX/Op/PbK+3vAtI8vnlK4AhycLvWQ3kK2DRx+Uhzrlk5v6E14SopAhvpGOHqrLgmoHwHp1xt/9M1JgxkOUK5gccFKTQduxLHoTNBaNcP60IOG/MjqUPcOXSBcAN4Y1RDBg+pwXe4PFgOzwKdFoYeuhvtm8y185S0IvvfCHLCD8pNfQ== akholkin@mirantis.com
+ kszukielojc:
+ key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCiUm3Z3W3t4v7oe143rCNM/hbg9NU2bYUmQXek8DJPA4c3Xm6u0q+RL9kEXME+3zcj2HKqMxKsCBLXXdFIsgdUbOBV8AYiuySE220FTnEKRmdxsEnfSaBhXxFyIBNoew4gI7URSqAOclt5WuPJTqRM7K4VhbtzwEgeWVd/NUhxMCCtgkdJCYTSmycxmxs7R6V8vMr9Mb8DOqKkSpOu6f3JkR0lwnFN9zGGC4V/60FlJSDzvvI5Tn40ANPHITivs8xME0znsx7t0bF4vQUimvhYn1mumQCY1NwIaxJ/QqasD6Ag9Sn5dxSg9b3SeLn0JM6qKoIqZtfPYVuCp9gmlH0fyzJUdqu4lKKb2wBw/H5lK6icH4+owMawkav55rbvinHQOqmVCr/Bg/rTfc35ycVqjTXH/5J7OhzioKjU0yFkXFS2X/s8gpyxp3beJ+Ea4faoX+kcs0gyhMYzqC7/DOamrau7aVyEAjKYJNy60xRfjCQzjqiurbxVFh+3Fi64UUn7Bl1QV8VEiU3ztJ118psEI7zA+x2VROLZ1jrtaBYZTYB118JZicaFDycEVgg3+BHX3pFH/QSOjLsA4SK+HJjSz8CFKvWwaO6QJv1/3KHpcGEacMvmqKxwpQK0E4WpjWhglZRMPObQ0dBaGClOujgoOIHXtFGILEpWy2SdzDQkHw== kszukielojc@w541
diff --git a/postgresql/client/init.yml b/postgresql/client/init.yml
new file mode 100644
index 0000000..95fdcdb
--- /dev/null
+++ b/postgresql/client/init.yml
@@ -0,0 +1,15 @@
+parameters:
+ _param:
+ postgresql_client_user: none
+ postgresql_client_password: none
+ postgresql_client_host: ${_param:control_vip_address}
+ postgresql_client_port: 5432
+ postgresql:
+ client:
+ server:
+ server01:
+ admin:
+ host: ${_param:postgresql_client_host}
+ port: ${_param:postgresql_client_port}
+ user: ${_param:postgresql_client_user}
+ password: ${_param:postgresql_client_password}
diff --git a/postgresql/client/pushkin.yml b/postgresql/client/pushkin.yml
index 14bd649..c6ec567 100644
--- a/postgresql/client/pushkin.yml
+++ b/postgresql/client/pushkin.yml
@@ -1,18 +1,14 @@
+classes:
+ - system.postgresql.client
parameters:
_param:
pushkin_db_host: ${_param:haproxy_postgresql_bind_host}
- pushkin_db_port: ${_param:haproxy_postgresql_bind_port}
pushkin_db_user: pushkin
pushkin_db_user_password: pushkin
postgresql:
client:
server:
server01:
- admin:
- host: ${_param:pushkin_db_host}
- port: ${_param:pushkin_db_port}
- user: ${_param:postgresql_admin_user}
- password: ${_param:postgresql_admin_user_password}
database:
pushkin:
enabled: true
diff --git a/postgresql/client/rundeck.yml b/postgresql/client/rundeck.yml
new file mode 100644
index 0000000..0c1102d
--- /dev/null
+++ b/postgresql/client/rundeck.yml
@@ -0,0 +1,22 @@
+classes:
+ - system.postgresql.client
+parameters:
+ _param:
+ rundeck_db_host: ${_param:haproxy_postgresql_bind_host}
+ rundeck_db_user: rundeck
+ rundeck_db_user_password: password
+ postgresql:
+ client:
+ server:
+ server01:
+ database:
+ rundeck:
+ enabled: true
+ encoding: 'UTF8'
+ locale: 'en_US'
+ users:
+ - name: ${_param:rundeck_db_user}
+ password: ${_param:rundeck_db_user_password}
+ host: ${_param:rundeck_db_host}
+ createdb: true
+ rights: all privileges
diff --git a/postgresql/client/security_monkey.yml b/postgresql/client/security_monkey.yml
index 428753d..43e48d2 100644
--- a/postgresql/client/security_monkey.yml
+++ b/postgresql/client/security_monkey.yml
@@ -1,18 +1,14 @@
+classes:
+ - system.postgresql.client
parameters:
_param:
secmonkey_db_host: ${_param:haproxy_postgresql_bind_host}
- secmonkey_db_port: ${_param:haproxy_postgresql_bind_port}
secmonkey_db_user: secmonkey
secmonkey_db_user_password: secmonkey
postgresql:
client:
server:
server01:
- admin:
- host: ${_param:secmonkey_db_host}
- port: ${_param:secmonkey_db_port}
- user: ${_param:postgresql_admin_user}
- password: ${_param:postgresql_admin_user_password}
database:
secmonkey:
enabled: true
diff --git a/prometheus/server/alertmanager/dns.yml b/prometheus/server/alertmanager/dns.yml
new file mode 100644
index 0000000..99fd4db
--- /dev/null
+++ b/prometheus/server/alertmanager/dns.yml
@@ -0,0 +1,12 @@
+parameters:
+ prometheus:
+ server:
+ config:
+ alertmanager:
+ docker_swarm_alertmanager:
+ enabled: true
+ dns_sd_configs:
+ domain:
+ - tasks.monitoring_alertmanager
+ type: A
+ port: ${prometheus:alertmanager:bind:port}
diff --git a/swift/proxy/cluster.yml b/swift/proxy/cluster.yml
new file mode 100644
index 0000000..994eb1e
--- /dev/null
+++ b/swift/proxy/cluster.yml
@@ -0,0 +1,52 @@
+classes:
+- service.memcached.server.single
+- service.keepalived.cluster.single
+- service.haproxy.proxy.single
+- service.swift.proxy.cluster
+parameters:
+ _param:
+ cluster_node01_address: ${_param:swift_proxy_node01_address}
+ cluster_node02_address: ${_param:swift_proxy_node02_address}
+ keepalived:
+ cluster:
+ instance:
+ VIP:
+ virtual_router_id: ${_param:keepalived_vip_virtual_router_id}
+ haproxy:
+ proxy:
+ listen:
+ swift_admin:
+ type: stats
+ check: false
+ binds:
+ - address: ${_param:swift_proxy_vip_address}
+ port: 8080
+ swift_proxy_cluster:
+ type: general-service
+ check: false
+ binds:
+ - address: ${_param:swift_proxy_vip_address}
+ port: 8080
+ servers:
+ - name: ${_param:swift_proxy_node01_hostname}
+ host: ${_param:swift_proxy_node01_address}
+ port: 8080
+ params: check
+ - name: ${_param:swift_proxy_node02_hostname}
+ host: ${_param:swift_proxy_node02_address}
+ port: 8080
+ params: check
+ swift:
+ proxy:
+ bind:
+ address: ${_param:single_address}
+ identity:
+ host: ${_param:control_vip_address}
+ common:
+ cache:
+ engine: memcached
+ members:
+ - host: ${_param:swift_proxy_node01_address}
+ port: 11211
+ - host: ${_param:swift_proxy_node02_address}
+ port: 11211
diff --git a/swift/rings/default.yml b/swift/rings/default.yml
new file mode 100644
index 0000000..c0e06d6
--- /dev/null
+++ b/swift/rings/default.yml
@@ -0,0 +1,16 @@
+parameters:
+ swift:
+ ring_builder:
+ enabled: true
+ rings:
+ - partition_power: 9
+ replicas: 3
+ hours: 1
+ region: 1
+ devices:
+ - address: ${_param:swift_storage_node01_address}
+ device: ${_param:swift_device0}
+ - address: ${_param:swift_storage_node02_address}
+ device: ${_param:swift_device0}
+ - address: ${_param:swift_storage_node03_address}
+ device: ${_param:swift_device0}
\ No newline at end of file
diff --git a/swift/rings/init.yml b/swift/rings/init.yml
new file mode 100644
index 0000000..f157aff
--- /dev/null
+++ b/swift/rings/init.yml
@@ -0,0 +1,5 @@
+parameters:
+ swift:
+ ring_builder:
+ enabled: true
+ rings: []
diff --git a/swift/storage/cluster.yml b/swift/storage/cluster.yml
new file mode 100644
index 0000000..9f0fa8f
--- /dev/null
+++ b/swift/storage/cluster.yml
@@ -0,0 +1,38 @@
+classes:
+- service.swift.storage.cluster
+- service.rsync.server.single
+parameters:
+ rsync:
+ server:
+ module:
+ account:
+ max_connections: 100
+ path: /srv/node/
+ read_only: False
+ uid: swift
+ gid: swift
+ #write_only: False
+ #list: yes
+ #incoming_chmod = 0644
+ #outgoing_chmod = 0644
+ container:
+ max_connections: 100
+ path: /srv/node/
+ read_only: False
+ uid: swift
+ gid: swift
+ object:
+ max_connections: 100
+ path: /srv/node/
+ read_only: False
+ uid: swift
+ gid: swift
+ swift:
+ common:
+ cache:
+ engine: memcached
+ members:
+ - host: ${_param:swift_proxy_node01_address}
+ port: 11211
+ - host: ${_param:swift_proxy_node02_address}
+ port: 11211