Merge "Rename Prometheus env variables"
diff --git a/docker/swarm/stack/janitor_monkey.yml b/docker/swarm/stack/janitor_monkey.yml
index 95095e4..de7a218 100644
--- a/docker/swarm/stack/janitor_monkey.yml
+++ b/docker/swarm/stack/janitor_monkey.yml
@@ -4,7 +4,7 @@
docker_image_mongodb: library/mongo:3.4
docker_mongodb_admin_username: admin
docker_mongodb_admin_password: password
- docker_image_janitor_monkey: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/janitor_monkey:6040
+ docker_image_janitor_monkey: docker-prod-local.artifactory.mirantis.com/mirantis/oss/janitor-monkey
janitor_monkey_enabled: true
janitor_monkey_dryrun_mode: false
janitor_monkey_base_url: http://${_param:haproxy_janitor_monkey_bind_host}:${_param:haproxy_janitor_monkey_bind_port}
diff --git a/docker/swarm/stack/pushkin.yml b/docker/swarm/stack/pushkin.yml
index dde8541..106d544 100644
--- a/docker/swarm/stack/pushkin.yml
+++ b/docker/swarm/stack/pushkin.yml
@@ -1,7 +1,7 @@
parameters:
_param:
docker_pushkin_replicas: 1
- docker_image_pushkin: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/pushkin:latest
+ docker_image_pushkin: docker-prod-local.artifactory.mirantis.com/mirantis/oss/pushkin
pushkin_db: pushkin
docker:
client:
diff --git a/docker/swarm/stack/security_monkey.yml b/docker/swarm/stack/security_monkey.yml
index a2249c6..2e1c813 100644
--- a/docker/swarm/stack/security_monkey.yml
+++ b/docker/swarm/stack/security_monkey.yml
@@ -2,8 +2,8 @@
_param:
docker_security_monkey_api_replicas: 1
docker_security_monkey_scheduler_replicas: 1
- docker_image_security_monkey_api: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/security-monkey-api:6700
- docker_image_security_monkey_scheduler: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/security-monkey-scheduler:6700
+ docker_image_security_monkey_api: docker-prod-local.artifactory.mirantis.com/mirantis/oss/security-monkey-api
+ docker_image_security_monkey_scheduler: docker-prod-local.artifactory.mirantis.com/mirantis/oss/security-monkey-scheduler
security_monkey_db: secmonkey
notification_service_url: http://${_param:haproxy_pushkin_bind_host}:${_param:haproxy_pushkin_bind_port}/post_notification_json
security_monkey_user: devopsportal@devopsportal.local
diff --git a/haproxy/proxy/listen/opencontrail/tor.yml b/haproxy/proxy/listen/opencontrail/tor.yml
new file mode 100644
index 0000000..0595ccd
--- /dev/null
+++ b/haproxy/proxy/listen/opencontrail/tor.yml
@@ -0,0 +1,19 @@
+parameters:
+ haproxy:
+ proxy:
+ listen:
+ contrail_tor01:
+ type: contrail-tor
+ service_name: contrail
+ binds:
+ - address: ${_param:cluster_vip_address}
+ port: 6631
+ servers:
+ - name: sw01
+ host: ${_param:cluster_node01_address}
+ port: 6632
+ params: check
+ - name: sw02
+ host: ${_param:cluster_node02_address}
+ port: 6632
+ params: check backup
diff --git a/jenkins/client/init.yml b/jenkins/client/init.yml
index b37c48f..7d87ffe 100644
--- a/jenkins/client/init.yml
+++ b/jenkins/client/init.yml
@@ -16,7 +16,6 @@
username: ${_param:jenkins_client_user}
password: ${_param:jenkins_client_password}
plugin:
- ansicolor: {}
artifactory: {}
build-blocker-plugin: {}
build-monitor-plugin: {}
@@ -39,7 +38,6 @@
simple-theme-plugin: {}
slack: {}
test-stability: {}
- timestamper: {}
workflow-cps: {}
workflow-remote-loader: {}
workflow-scm-step:
diff --git a/jenkins/client/job/ceph/init.yml b/jenkins/client/job/ceph/init.yml
index e4f2ba4..06dc5eb 100644
--- a/jenkins/client/job/ceph/init.yml
+++ b/jenkins/client/job/ceph/init.yml
@@ -1,2 +1,3 @@
classes:
- system.jenkins.client.job.ceph.remove-osd
+- system.jenkins.client.job.ceph.weights
diff --git a/jenkins/client/job/ceph/remove-osd.yml b/jenkins/client/job/ceph/remove-osd.yml
index 10b9028..448318a 100644
--- a/jenkins/client/job/ceph/remove-osd.yml
+++ b/jenkins/client/job/ceph/remove-osd.yml
@@ -28,8 +28,9 @@
type: string
description: OSDs on this HOST will be removed from cluster
OSD:
- type: all
+ type: string
description: These OSDs at HOST will be removed (comma-separated list)
+ default: '*'
ADMIN_HOST:
type: string
description: Host with admin keyring and access to cluster management
diff --git a/jenkins/client/job/ceph/weights.yml b/jenkins/client/job/ceph/weights.yml
new file mode 100644
index 0000000..776e16f
--- /dev/null
+++ b/jenkins/client/job/ceph/weights.yml
@@ -0,0 +1,29 @@
+parameters:
+ jenkins:
+ client:
+ job:
+ ceph-enforce-weights:
+ type: workflow-scm
+ concurrent: true
+ display_name: "Ceph - enforce OSD weights"
+ discard:
+ build:
+ keep_num: 50
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+ credentials: "gerrit"
+ script: ceph-enforce-weights.groovy
+ param:
+ # general parameters
+ SALT_MASTER_URL:
+ type: string
+ description: URL of Salt master
+ default: "http://${_param:salt_master_host}:6969"
+ SALT_MASTER_CREDENTIALS:
+ type: string
+ description: Credentials for login to Salt API
+ default: salt
+ ADMIN_HOST:
+ type: string
+ description: Host with admin keyring and access to cluster management
diff --git a/jenkins/client/job/deploy/lab/release/mcp05.yml b/jenkins/client/job/deploy/lab/release/mcp05.yml
index 5ec2787..05e74d9 100644
--- a/jenkins/client/job/deploy/lab/release/mcp05.yml
+++ b/jenkins/client/job/deploy/lab/release/mcp05.yml
@@ -4,13 +4,13 @@
_param:
jenkins_deploy_jobs:
- stack_name: virtual_mcp05_dvr
- stack_env: virtual_mcp05_dvr/devcloud
+ stack_env: devcloud
stack_install: core,openstack,dvr
stack_type: heat
stack_test: ""
job_timer: ""
- stack_name: virtual_mcp05_ovs
- stack_env: virtual_mcp05_ovs/devcloud
+ stack_env: devcloud
stack_install: core,openstack,ovs
stack_type: heat
stack_test: ""
diff --git a/jenkins/client/job/deploy/lab/release/mcp10.yml b/jenkins/client/job/deploy/lab/release/mcp10.yml
index 516d533..a692378 100644
--- a/jenkins/client/job/deploy/lab/release/mcp10.yml
+++ b/jenkins/client/job/deploy/lab/release/mcp10.yml
@@ -5,25 +5,25 @@
jenkins_deploy_jobs:
# physical
- stack_name: mcp10_contrail
- stack_env: mcp10_contrail/devcloud
+ stack_env: devcloud
stack_install: core,kvm,openstack,contrail
stack_type: physical
stack_test: openstack
job_timer: ""
- stack_name: mcp10_opencontrail_nfv
- stack_env: mcp10_opencontrail_nfv/devcloud
+ stack_env: devcloud
stack_install: core,kvm,openstack,nfv
stack_type: physical
stack_test: openstack
job_timer: ""
- stack_name: mcp10_dvr
- stack_env: mcp10_dvr/devcloud
+ stack_env: devcloud
stack_install: core,kvm,openstack,dvr
stack_type: physical
stack_test: openstack
job_timer: ""
- stack_name: mcp10_non_dvr
- stack_env: mcp10_non_dvr/devcloud
+ stack_env: devcloud
stack_install: core,kvm,openstack
stack_type: physical
stack_test: openstack
@@ -31,19 +31,19 @@
# virtual
- stack_name: virtual_mcp10_contrail
- stack_env: virtual_mcp10_contrail/devcloud
+ stack_env: devcloud
stack_install: core,openstack,contrail
stack_type: heat
stack_test: ""
job_timer: "H H(0-6) * * *"
- stack_name: virtual_mcp10_dvr
- stack_env: virtual_mcp10_dvr/devcloud
+ stack_env: devcloud
stack_install: core,openstack,dvr
stack_type: heat
stack_test: ""
job_timer: "H H(0-6) * * *"
- stack_name: virtual_mcp10_ovs
- stack_env: virtual_mcp10_ovs/devcloud
+ stack_env: devcloud
stack_install: core,openstack,ovs
stack_type: heat
stack_test: ""
diff --git a/jenkins/client/job/deploy/lab/release/mcp11.yml b/jenkins/client/job/deploy/lab/release/mcp11.yml
index c8fc663..b147427 100644
--- a/jenkins/client/job/deploy/lab/release/mcp11.yml
+++ b/jenkins/client/job/deploy/lab/release/mcp11.yml
@@ -4,25 +4,25 @@
_param:
jenkins_deploy_jobs:
- stack_name: virtual_mcp11_contrail
- stack_env: virtual_mcp11_contrail/devcloud
+ stack_env: devcloud
stack_install: core,openstack,contrail
stack_type: heat
stack_test: ""
job_timer: ""
- stack_name: virtual_mcp11_dvr
- stack_env: virtual_mcp11_dvr/devcloud
+ stack_env: devcloud
stack_install: core,openstack,dvr
stack_type: heat
stack_test: ""
job_timer: ""
- stack_name: virtual_mcp11_ovs
- stack_env: virtual_mcp11_ovs/devcloud
+ stack_env: devcloud
stack_install: core,openstack,ovs
stack_type: heat
stack_test: ""
job_timer: ""
- stack_name: virtual_mcp11_ironic_small
- stack_env: virtual_mcp11_ironic_small/devcloud
+ stack_env: devcloud
stack_install: core,openstack
stack_type: heat
stack_test: ""
@@ -34,25 +34,25 @@
stack_test: ""
job_timer: ""
- stack_name: virtual_mcp11_k8s_calico
- stack_env: virtual_mcp11_k8s_calico/devcloud
+ stack_env: devcloud
stack_install: core,k8s,calico
stack_type: heat
stack_test: k8s
job_timer: "H H(0-6) * * *"
- stack_name: virtual_mcp11_k8s_contrail
- stack_env: virtual_mcp11_k8s_contrail/devcloud
+ stack_env: devcloud
stack_install: core,k8s,contrail
stack_type: heat
stack_test: k8s
job_timer: "H H(0-6) * * *"
- stack_name: virtual_mcp11_contrail_nfv
- stack_env: virtual_mcp11_contrail_nfv/devcloud
+ stack_env: devcloud
stack_install: core,openstack,contrail
stack_type: heat
stack_test: ""
job_timer: "H H(0-6) * * *"
- stack_name: virtual_mcp11_ovs_dpdk
- stack_env: virtual_mcp11_ovs_dpdk/devcloud
+ stack_env: devcloud
stack_install: core,openstack,ovs
stack_type: heat
stack_test: ""
diff --git a/jenkins/client/job/deploy/lab/release/mk.yml b/jenkins/client/job/deploy/lab/release/mk.yml
index 1be1057..4968285 100644
--- a/jenkins/client/job/deploy/lab/release/mk.yml
+++ b/jenkins/client/job/deploy/lab/release/mk.yml
@@ -5,26 +5,26 @@
jenkins_deploy_jobs:
# mk20
- stack_name: virtual_mk20_advanced
- stack_env: virtual_mk20_advanced/devcloud
+ stack_env: devcloud
stack_install: core,openstack
stack_type: heat
stack_test: ""
job_timer: ""
- stack_name: virtual_mk20_basic
- stack_env: virtual_mk20_basic/devcloud
+ stack_env: devcloud
stack_install: core,openstack
stack_type: heat
stack_test: ""
job_timer: ""
# mk22
- stack_name: virtual_mk22_advanced
- stack_env: virtual_mk22_advanced/devcloud
+ stack_env: devcloud
stack_install: core,openstack
stack_type: heat
stack_test: ""
job_timer: ""
- stack_name: virtual_mk22_basic
- stack_env: virtual_mk22_basic/devcloud
+ stack_env: devcloud
stack_install: core,openstack
stack_type: heat
stack_test: ""
diff --git a/jenkins/client/job/deploy/rollout.yml b/jenkins/client/job/deploy/rollout.yml
new file mode 100644
index 0000000..3f2f835
--- /dev/null
+++ b/jenkins/client/job/deploy/rollout.yml
@@ -0,0 +1,92 @@
+parameters:
+ jenkins:
+ client:
+ job:
+ deploy_rollout_config_change:
+ name: deploy-rollout-config-change
+ type: workflow-scm
+ discard:
+ build:
+ keep_num: 20
+ concurrent: true
+ display_name: "Deploy - Rollout change"
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+ credentials: "gerrit"
+ script: rollout-config-change.groovy
+ param:
+ TST_SALT_MASTER_CREDENTIALS:
+ type: string
+ TST_SALT_MASTER_URL:
+ type: string
+ PRD_SALT_MASTER_CREDENTIALS:
+ type: string
+ PRD_SALT_MASTER_URL:
+ type: string
+ MODEL_REPO_URL:
+ type: string
+ MODEL_REPO_CREDENTIALS:
+ type: string
+ default: "gerrit"
+ MODEL_REPO_SOURCE_BRANCH:
+ type: string
+ MODEL_REPO_TARGET_BRANCH:
+ type: string
+ TARGET_SERVERS:
+ type: string
+ TARGET_STATES:
+ type: string
+ TARGET_SUBSET_TEST:
+ type: string
+ TARGET_SUBSET_LIVE:
+ type: string
+ TARGET_BATCH_LIVE:
+ type: string
+ # test
+ TEST_SERVICE:
+ type: string
+ TEST_K8S_API_SERVER:
+ type: string
+ default: "http://127.0.0.1:8080"
+ TEST_K8S_CONFORMANCE_IMAGE:
+ type: string
+ default: "docker-dev-virtual.docker.mirantis.net/mirantis/kubernetes/k8s-conformance:v1.5.1-3_1482332392819"
+ TEST_TEMPEST_IMAGE:
+ type: string
+ description: "Tempest docker image"
+ default: "sandbox-docker-prod-local.docker.mirantis.net/mirantis/rally_tempest:0.1"
+ TEST_TEMPEST_TARGET:
+ type: string
+ description: "Node to run tests"
+ default: ""
+ TEST_DOCKER_INSTALL:
+ type: boolean
+ description: "Install docker on the target if true"
+ default: "true"
+ TEST_TEMPEST_PATTERN:
+ type: string
+ description: "Run tests matched to pattern only"
+ git_merge_branches:
+ name: git-merge-branches
+ type: workflow-scm
+ discard:
+ build:
+ keep_num: 20
+ concurrent: true
+ display_name: "Git - Merge branches"
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+ credentials: "gerrit"
+ script: git-merge-branches-pipeline.groovy
+ param:
+ REPO_URL:
+ type: string
+ CREDENTIALS_ID:
+ type: string
+ default: "gerrit"
+ SOURCE_BRANCH:
+ type: string
+ TARGET_BRANCH:
+ type: string
diff --git a/jenkins/client/job/opencontrail/git-mirrors/upstream.yml b/jenkins/client/job/opencontrail/git-mirrors/upstream.yml
index e40ac0f..fa9bc5b 100644
--- a/jenkins/client/job/opencontrail/git-mirrors/upstream.yml
+++ b/jenkins/client/job/opencontrail/git-mirrors/upstream.yml
@@ -67,7 +67,7 @@
contrail/{{name}}:
branches:
- compare_type: "REG_EXP"
- name: "*"
+ name: ".*"
message:
build_successful: "Build successful"
build_unstable: "Build unstable"
diff --git a/jenkins/client/job/salt-models/tests.yml b/jenkins/client/job/salt-models/tests.yml
index 7849adc..50d1cc8 100644
--- a/jenkins/client/job/salt-models/tests.yml
+++ b/jenkins/client/job/salt-models/tests.yml
@@ -161,6 +161,9 @@
NODE_TARGET:
type: string
default: ""
+ CLUSTER_NAME:
+ type: string
+ default: ""
DEFAULT_GIT_URL:
type: string
default: "${_param:jenkins_gerrit_url}/salt-models/{{name}}"
diff --git a/jenkins/client/job/validate.yml b/jenkins/client/job/validate.yml
index f8ebcc7..6f22a0c 100644
--- a/jenkins/client/job/validate.yml
+++ b/jenkins/client/job/validate.yml
@@ -42,8 +42,17 @@
RUN_TEMPEST_TESTS:
type: boolean
default: 'true'
+ RUN_K8S_TESTS:
+ type: boolean
+ default: 'true'
TEMPEST_TEST_SET:
type: choice
choices:
- smoke
- full
+ TEST_K8S_API_SERVER:
+ type: string
+ default: "http://127.0.0.1:8080"
+ TEST_K8S_CONFORMANCE_IMAGE:
+ type: string
+ default: "docker-dev-virtual.docker.mirantis.net/mirantis/kubernetes/k8s-conformance:v1.5.1-3_1482332392819"
diff --git a/linux/network/hosts.yml b/linux/network/hosts.yml
new file mode 100644
index 0000000..1b29324
--- /dev/null
+++ b/linux/network/hosts.yml
@@ -0,0 +1,9 @@
+parameters:
+ linux:
+ network:
+ host:
+ localhost_hostname:
+ address: ${_param:single_address}
+ names:
+ - ${linux:network:fqdn}
+ - ${linux:network:hostname}
diff --git a/linux/system/single.yml b/linux/system/single.yml
index e2a8502..928efda 100644
--- a/linux/system/single.yml
+++ b/linux/system/single.yml
@@ -35,6 +35,8 @@
net.ipv4.neigh.default.gc_thresh2: 8192
net.ipv4.neigh.default.gc_thresh3: 16384
net.core.netdev_max_backlog: 261144
+ net.ipv4.tcp_tw_recycle: 1
+ net.ipv4.tcp_tw_reuse: 1
kernel.panic: 60
cpu:
governor: performance
diff --git a/neutron/compute/cluster.yml b/neutron/compute/cluster.yml
index fc87e84..13ee31c 100644
--- a/neutron/compute/cluster.yml
+++ b/neutron/compute/cluster.yml
@@ -3,6 +3,7 @@
parameters:
_param:
neutron_enable_qos: False
+ neutron_enable_vlan_aware_vms: False
linux:
system:
package:
@@ -13,6 +14,7 @@
compute:
dvr: ${_param:neutron_compute_dvr}
qos: ${_param:neutron_enable_qos}
+ vlan_aware_vms: ${_param:neutron_enable_vlan_aware_vms}
agent_mode: ${_param:neutron_compute_agent_mode}
external_access: ${_param:neutron_compute_external_access}
backend:
diff --git a/neutron/control/openvswitch/cluster.yml b/neutron/control/openvswitch/cluster.yml
index 0587342..c840e9a 100644
--- a/neutron/control/openvswitch/cluster.yml
+++ b/neutron/control/openvswitch/cluster.yml
@@ -10,6 +10,7 @@
neutron_external_mtu: 1500
neutron_tenant_network_types: "flat,vxlan"
neutron_enable_qos: False
+ neutron_enable_vlan_aware_vms: False
neutron:
server:
plugin: ml2
@@ -17,6 +18,7 @@
l3_ha: ${_param:neutron_l3_ha}
dvr: ${_param:neutron_control_dvr}
qos: ${_param:neutron_enable_qos}
+ vlan_aware_vms: ${_param:neutron_enable_vlan_aware_vms}
backend:
engine: ml2
tenant_network_types: "${_param:neutron_tenant_network_types}"
diff --git a/neutron/control/openvswitch/single.yml b/neutron/control/openvswitch/single.yml
index 91db484..1b830f6 100644
--- a/neutron/control/openvswitch/single.yml
+++ b/neutron/control/openvswitch/single.yml
@@ -8,6 +8,7 @@
neutron_external_mtu: 1500
neutron_tenant_network_types: "flat,vxlan"
neutron_enable_qos: False
+ neutron_enable_vlan_aware_vms: False
neutron:
server:
plugin: ml2
@@ -15,6 +16,7 @@
l3_ha: ${_param:neutron_l3_ha}
dvr: ${_param:neutron_control_dvr}
qos: ${_param:neutron_enable_qos}
+ vlan_aware_vms: ${_param:neutron_enable_vlan_aware_vms}
backend:
engine: ml2
tenant_network_types: "${_param:neutron_tenant_network_types}"
diff --git a/neutron/gateway/cluster.yml b/neutron/gateway/cluster.yml
index a4f37b1..c96c6bb 100644
--- a/neutron/gateway/cluster.yml
+++ b/neutron/gateway/cluster.yml
@@ -3,10 +3,12 @@
parameters:
_param:
neutron_enable_qos: False
+ neutron_enable_vlan_aware_vms: False
neutron:
gateway:
dvr: ${_param:neutron_gateway_dvr}
qos: ${_param:neutron_enable_qos}
+ vlan_aware_vms: ${_param:neutron_enable_vlan_aware_vms}
agent_mode: ${_param:neutron_gateway_agent_mode}
backend:
tenant_network_types: ${_param:neutron_tenant_network_types}"
diff --git a/opencontrail/compute/tor/cluster.yml b/opencontrail/compute/tor/cluster.yml
new file mode 100644
index 0000000..662de03
--- /dev/null
+++ b/opencontrail/compute/tor/cluster.yml
@@ -0,0 +1,4 @@
+classes:
+- service.haproxy.proxy.single
+- service.keepalived.cluster.single
+- service.opencontrail.compute.tor.cluster
diff --git a/openssh/server/team/members/chnyda.yml b/openssh/server/team/members/chnyda.yml
new file mode 100644
index 0000000..2bcecaf
--- /dev/null
+++ b/openssh/server/team/members/chnyda.yml
@@ -0,0 +1,20 @@
+parameters:
+ linux:
+ system:
+ user:
+ chnyda:
+ enabled: true
+ name: chnyda
+ sudo: true
+ full_name: Cedric Hnyda
+ home: /home/chnyda
+ email: chnyda@mirantis.com
+ openssh:
+ server:
+ enabled: true
+ user:
+ chnyda:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDHmLTwDSFslOUVo4ViT0bqVLhSaweuLt0QNWhnIaSPgqWhHOSkdqt3+Tg4l8Vd4O4Z44Yv/rXqhmO5X1AIytNccA6+nJe4Km3JC6QzG6npS3ghtHWDU3DOGgWd5RrULviEDSIj1w1oG8oHxdycGkbfjApAkiDR/xr7NHhTcPhEuvn/q7i1raj4vpNdIrR+cr6XA3l+I4cmaizpjuWaFrag1q24RS7PVEUmcPRSODrkdwFREsrLkIlIgtIoMIIjtEDdk1RU/loiXrNwuVRI3KTLqhheFlHedQd13uzpn66KF6UVlZAm+k2y2jLdEi5IFKD3g6mmWsNH6xSZYVn6d84/XvLjMsS/UL+WHr5xetHNSi3RtQOkCPYphq1KcRAXLwH0dgtDwfyg2F+5ezG3wMsZAqD3KiaGNmDcA6R19Fpjm0S4SXa+QnX5eZcO9DS5cYTjs8F2T9Vsaspvwc0U80M6+JvOlV1PBNJYQhSxdX1Plf2p1MrrRnYhlgMdzCiPSQHsKp3tei8I+bqCvV9iScLAbLxKaW/yWdeuh74oGitTfI4R0h0HMJ1lqK+rT5wtMXyJSvFMK6Zph0GqJf3QHBhzCfs5PIto1pyNdXbI8KzfgTgyo+3gpIPAQ2VD/pf8mOD218UPNQglYWP6wniTq/hVtC2tl3DW53qx5qv10osGmw== chnyda@mirantis.com
+ user: ${linux:system:user:chnyda}
diff --git a/openssh/server/team/tcpcloud.yml b/openssh/server/team/tcpcloud.yml
index c7b465a..bcd9327 100644
--- a/openssh/server/team/tcpcloud.yml
+++ b/openssh/server/team/tcpcloud.yml
@@ -20,6 +20,7 @@
- system.openssh.server.team.members.tkukral
- system.openssh.server.team.members.vmikes
- system.openssh.server.team.members.psvimbersky
+- system.openssh.server.team.members.chnyda
parameters:
_param:
diff --git a/reclass/storage/system/kubernetes_control_cluster.yml b/reclass/storage/system/kubernetes_control_cluster.yml
index 5180ab6..de6a135 100644
--- a/reclass/storage/system/kubernetes_control_cluster.yml
+++ b/reclass/storage/system/kubernetes_control_cluster.yml
@@ -3,6 +3,9 @@
kubernetes_control_node01_hostname: ctl01
kubernetes_control_node02_hostname: ctl02
kubernetes_control_node03_hostname: ctl03
+ kubernetes_control_node01_deploy_address: ${_param:kubernetes_control_node01_address}
+ kubernetes_control_node02_deploy_address: ${_param:kubernetes_control_node02_address}
+ kubernetes_control_node03_deploy_address: ${_param:kubernetes_control_node03_address}
reclass:
storage:
node:
@@ -15,6 +18,7 @@
salt_master_host: ${_param:reclass_config_master}
linux_system_codename: xenial
single_address: ${_param:kubernetes_control_node01_address}
+ deploy_address: ${_param:kubernetes_control_node01_deploy_address}
keepalived_vip_priority: 103
kubernetes_control_node02:
name: ${_param:kubernetes_control_node02_hostname}
@@ -25,6 +29,7 @@
salt_master_host: ${_param:reclass_config_master}
linux_system_codename: xenial
single_address: ${_param:kubernetes_control_node02_address}
+ deploy_address: ${_param:kubernetes_control_node02_deploy_address}
keepalived_vip_priority: 102
kubernetes_control_node03:
name: ${_param:kubernetes_control_node03_hostname}
@@ -35,4 +40,5 @@
salt_master_host: ${_param:reclass_config_master}
linux_system_codename: xenial
single_address: ${_param:kubernetes_control_node03_address}
+ deploy_address: ${_param:kubernetes_control_node03_deploy_address}
keepalived_vip_priority: 101
\ No newline at end of file
diff --git a/reclass/storage/system/opencontrail_tor_cluster.yml b/reclass/storage/system/opencontrail_tor_cluster.yml
new file mode 100644
index 0000000..81d7314
--- /dev/null
+++ b/reclass/storage/system/opencontrail_tor_cluster.yml
@@ -0,0 +1,31 @@
+parameters:
+ _param:
+ opencontrail_tor01_node01_hostname: tor01
+ opencontrail_tor01_node02_hostname: tor02
+ opencontrail_tor01_node01_tenant_address: ${_param:opencontrail_tor01_node01_address}
+ opencontrail_tor01_node02_tenant_address: ${_param:opencontrail_tor01_node02_address}
+ reclass:
+ storage:
+ node:
+ opencontrail_tor01_node01:
+ name: ${_param:opencontrail_tor01_node01_hostname}
+ domain: ${_param:cluster_domain}
+ classes:
+ - cluster.${_param:cluster_name}.opencontrail.tor
+ params:
+ salt_master_host: ${_param:reclass_config_master}
+ linux_system_codename: xenial
+ single_address: ${_param:opencontrail_tor01_node01_address}
+ tenant_address: ${_param:opencontrail_tor01_node01_tenant_address}
+ keepalived_vip_priority: 103
+ opencontrail_tor01_node02:
+ name: ${_param:opencontrail_tor01_node02_hostname}
+ domain: ${_param:cluster_domain}
+ classes:
+ - cluster.${_param:cluster_name}.opencontrail.tor
+ params:
+ salt_master_host: ${_param:reclass_config_master}
+ linux_system_codename: xenial
+ single_address: ${_param:opencontrail_tor01_node02_address}
+ tenant_address: ${_param:opencontrail_tor01_node02_tenant_address}
+ keepalived_vip_priority: 102
diff --git a/reclass/storage/system/openstack_baremetal_cluster.yml b/reclass/storage/system/openstack_baremetal_cluster.yml
index 8cab119..71f6034 100644
--- a/reclass/storage/system/openstack_baremetal_cluster.yml
+++ b/reclass/storage/system/openstack_baremetal_cluster.yml
@@ -19,6 +19,7 @@
salt_master_host: ${_param:reclass_config_master}
linux_system_codename: ${_param:linux_system_codename}
single_address: ${_param:openstack_baremetal_node01_address}
+ keepalived_vip_priority: 101
baremetal_address: ${_param:openstack_baremetal_node01_baremetal_address}
openstack_baremetal_node02:
name: ${_param:openstack_baremetal_node02_hostname}
@@ -29,6 +30,7 @@
salt_master_host: ${_param:reclass_config_master}
linux_system_codename: ${_param:linux_system_codename}
single_address: ${_param:openstack_baremetal_node02_address}
+ keepalived_vip_priority: 102
baremetal_address: ${_param:openstack_baremetal_node02_baremetal_address}
openstack_baremetal_node03:
name: ${_param:openstack_baremetal_node03_hostname}
@@ -39,6 +41,7 @@
salt_master_host: ${_param:reclass_config_master}
linux_system_codename: ${_param:linux_system_codename}
single_address: ${_param:openstack_baremetal_node03_address}
+ keepalived_vip_priority: 103
baremetal_address: ${_param:openstack_baremetal_node03_baremetal_address}
diff --git a/salt/master/formula/git/helm.yml b/salt/master/formula/git/helm.yml
new file mode 100644
index 0000000..c25358f
--- /dev/null
+++ b/salt/master/formula/git/helm.yml
@@ -0,0 +1,16 @@
+parameters:
+ salt:
+ master:
+ environment:
+ prd:
+ formula:
+ helm:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-helm.git'
+ revision: ${_param:salt_master_environment_revision}
+ module:
+ helm.py:
+ enabled: true
+ state:
+ helm_release.py:
+ enabled: true
diff --git a/salt/master/formula/pkg/helm.yml b/salt/master/formula/pkg/helm.yml
new file mode 100644
index 0000000..8b68bfe
--- /dev/null
+++ b/salt/master/formula/pkg/helm.yml
@@ -0,0 +1,9 @@
+parameters:
+ salt:
+ master:
+ environment:
+ prd:
+ formula:
+ helm:
+ source: pkg
+ name: salt-formula-helm
diff --git a/salt/master/git.yml b/salt/master/git.yml
index 267bdb1..4562a74 100644
--- a/salt/master/git.yml
+++ b/salt/master/git.yml
@@ -8,6 +8,7 @@
- system.salt.master.formula.git.saltstack
- system.salt.master.formula.git.stacklight
- system.salt.master.formula.git.monitoring
+- system.salt.master.formula.git.helm
parameters:
_param:
salt_master_environment_repository: "https://github.com/salt-formulas"
diff --git a/salt/master/pkg.yml b/salt/master/pkg.yml
index 1001d49..62854f1 100644
--- a/salt/master/pkg.yml
+++ b/salt/master/pkg.yml
@@ -8,4 +8,5 @@
- system.salt.master.formula.pkg.saltstack
- system.salt.master.formula.pkg.stacklight
- system.salt.master.formula.pkg.monitoring
+- system.salt.master.formula.pkg.helm
- system.linux.system.repo.mcp.salt
diff --git a/salt/minion/cert/etcd_client_single.yml b/salt/minion/cert/etcd_client_single.yml
new file mode 100644
index 0000000..a14e106
--- /dev/null
+++ b/salt/minion/cert/etcd_client_single.yml
@@ -0,0 +1,18 @@
+parameters:
+ salt:
+ minion:
+ cert:
+ etcd_client:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: ${linux:system:name}
+ signing_policy: cert_open
+ alternative_names: DNS:${linux:system:name},DNS:${linux:network:fqdn}
+ extended_key_usage: clientAuth
+ key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+ key_file: /var/lib/etcd/etcd-client.key
+ cert_file: /var/lib/etcd/etcd-client.crt
+ all_file: /var/lib/etcd/etcd-client.pem
+ ca_file: /var/lib/etcd/ca.pem
+ user: etcd
+ group: etcd
diff --git a/salt/minion/cert/etcd_server_single.yml b/salt/minion/cert/etcd_server_single.yml
new file mode 100644
index 0000000..f9fc585
--- /dev/null
+++ b/salt/minion/cert/etcd_server_single.yml
@@ -0,0 +1,18 @@
+parameters:
+ salt:
+ minion:
+ cert:
+ etcd_server:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: ${linux:system:name}
+ signing_policy: cert_open
+ alternative_names: IP:127.0.0.1,DNS:${linux:system:name},DNS:${linux:network:fqdn}
+ extended_key_usage: serverAuth,clientAuth
+ key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+ key_file: /var/lib/etcd/etcd-server.key
+ cert_file: /var/lib/etcd/etcd-server.crt
+ all_file: /var/lib/etcd/etcd-server.pem
+ ca_file: /var/lib/etcd/ca.pem
+ user: etcd
+ group: etcd
diff --git a/salt/minion/cert/opencontrail/tor.yml b/salt/minion/cert/opencontrail/tor.yml
new file mode 100644
index 0000000..eb9c704
--- /dev/null
+++ b/salt/minion/cert/opencontrail/tor.yml
@@ -0,0 +1,14 @@
+parameters:
+ _param:
+ salt_minion_ca_authority: salt_master_ca
+ salt:
+ minion:
+ cert:
+ opencontrail_tor:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: opencontrail_tor
+ key_file: /etc/contrail/ssl/certs/tor.key
+ cert_file: /etc/contrail/ssl/certs/tor.crt
+ ca_file: /etc/contrail/ssl/certs/ca.crt
+ signing_policy: cert_open