Merge "haproxy/keepalive for radosgw on ceph monitors"
diff --git a/.travis.yml b/.travis.yml
deleted file mode 100644
index 1cc95a8..0000000
--- a/.travis.yml
+++ /dev/null
@@ -1,91 +0,0 @@
-dist: trusty
-sudo: required
-
-addons:
- apt:
- sources:
- - sourceline: 'deb http://apt-mk.mirantis.com/trusty nightly salt'
- - key_url: 'http://apt-mk.mirantis.com/public.gpg'
- packages:
- - curl
- - subversion
- - git
- - salt-master
- - salt-minion
- - reclass
- - python-pip
- - tree
-
-
-#git:
-# submodules: false
-#
-before_install:
- - sudo pip install cookiecutter
-# - test ! -e .gitmodules || sed -i 's,https://\([.a-z0-9_-]*\)/\(.*\),git@\1:\2,' .gitmodules
-# - test ! -e .gitmodules || git submodule update --init --recursive --remote
-
-env:
- global:
- - ENV_DOMAIN=ci.local
- matrix:
- - CLUSTER_NAME=openstack_mk_contrail
- - CLUSTER_NAME=openstack_mk_ovs
- - CLUSTER_NAME=kubernetes_mk
-
-install:
- - export RECLASS_SYSTEM=file://$PWD
- - mkdir ../$CLUSTER_NAME; cd ../$CLUSTER_NAME
- - export RECLASS_REPO_PATH=$PWD
- - export RECLASS_REPOSITORY=file://$RECLASS_REPO_PATH
- - git clone git@github.com:Mirantis/mk2x-cookiecutter-reclass-model.git ../cookiecutter_models; cd ../cookiecutter_models
- - export COOKIECUTTER_BASE=$PWD
- - export ENV_DOMAIN=ci.local
- - COOKIECUTTER_JSON=$COOKIECUTTER_BASE/cluster/$CLUSTER_NAME/cookiecutter.json
- #- export ENV_DOMAIN=${CLUSTER_NAME//_/-}.$ENV_DOMAIN
- - export MASTER_HOSTNAME=cfg01.$ENV_DOMAIN
- - cd $RECLASS_REPO_PATH
- - git init .
-# CI WORKAROUNDS
- - export FORMULAS_SOURCE=pkg
- - sed -i "s/deployment_name/$CLUSTER_NAME/g" $COOKIECUTTER_JSON
- - sed -i "s/deploy-name.local/$ENV_DOMAIN/g" $COOKIECUTTER_JSON
- - sed -i 's%.*reclass_repository.*%"reclass_repository":"'$RECLASS_REPOSITORY'",%g' $COOKIECUTTER_JSON
- - cookiecutter $COOKIECUTTER_BASE/cluster/$CLUSTER_NAME --output-dir ./classes/cluster --no-input
- - git add ./*
- - git commit -am "Init, add cluster level"
- - git submodule add $RECLASS_SYSTEM ./classes/system
- - |
- mkdir -p nodes;
- git branch -a
- tree -lL 3
- cat <<-EOF > nodes/cfg01.$ENV_DOMAIN.yml
- classes:
- - cluster.$CLUSTER_NAME.infra.config
- parameters:
- _param:
- linux_system_codename: trusty
- reclass_data_revision: master
- linux:
- system:
- name: cfg01
- domain: $ENV_DOMAIN
- # #######################
-
- - git add ./*
- - git commit -am "Add system level and salt-master node"
-# CI WORKAROUNDS
- - export RECLASS_BRANCH=master
- #- sed -ie "s#\(reclass_data_revision.\).*#\1 $RECLASS_BRANCH#" $(find nodes -name ${MASTER_HOSTNAME}.yml|tail -n1)
- #- git commit -am "Fake branch update" || true
-# PREREQUSITES
- - sudo mkdir /srv/salt; sudo cp -a $PWD /srv/salt/reclass
- - sudo svn export --force https://github.com/salt-formulas/salt-formulas/trunk/deploy/scripts /srv/salt/scripts
-
-script:
- - cd /srv/salt/scripts
- - sudo ./salt-master-init.sh || exit 1
-
-after_failure:
- - tree -lL 3 $RECLASS_REPO_PATH
- - for i in ls -lta "/tmp/*verify*"; do echo -e "\n\n$i:";tail -n20 $i; done
diff --git a/README.rst b/README.rst
index 1f1c8f4..b418f37 100644
--- a/README.rst
+++ b/README.rst
@@ -79,6 +79,45 @@
echo 7 > /sys/class/net/eth4/device/sriov_numvfs; sleep 2; ip link set eth4 up
exit 0
+Grafana
+=======
+
+Configure Grafana client
+------------------------
+
+The grafana.client talks to Grafana server to create datasource(s) and install
+Grafana plugin(s).
+
+User models must first include this class and define corresponding parameters:
+
+- grafana.client
+ - grafana_protocol (default: http)
+ - grafana_address
+ - grafana_port (default: 3000)
+ - grafana_user
+ - grafana_password
+
+Then include datasource(s) and define corresponding parameters:
+
+- grafana.client.datasource.influxdb
+ - grafana_influxdb_address
+ - grafana_influxdb_port
+ - grafana_influxdb_user
+ - grafana_influxdb_password
+ - grafana_influxdb_database
+ - grafana_influxdb_is_default (default true)
+
+- grafana.client.datasource.prometheus
+ - grafana_prometheus_address
+ - grafana_prometheus_port
+ - grafana_prometheus_is_default (default true)
+
+Backwark compatiblity
+---------------------
+
+The class **grafana.client.single** configures grafana client and an InfluxDB
+datasource. This is the legacy of LMA (aka StackLight) integration with Grafana
+and InfluxDB.
Nagios Monitoring
=================
diff --git a/aodh/server/coordination/redis.yml b/aodh/server/coordination/redis.yml
new file mode 100644
index 0000000..e013e0f
--- /dev/null
+++ b/aodh/server/coordination/redis.yml
@@ -0,0 +1,7 @@
+classes:
+- service.redis.server.single
+parameters:
+ aodh:
+ server:
+ coordination_backend:
+ url: redis://${_param:single_address}:6379/${_param:cluster_node01_address}
diff --git a/aptly/server/mirror/ubuntu/trusty/mcp/apt_mk.yml b/aptly/server/mirror/ubuntu/trusty/mcp/apt_mk/init.yml
similarity index 100%
rename from aptly/server/mirror/ubuntu/trusty/mcp/apt_mk.yml
rename to aptly/server/mirror/ubuntu/trusty/mcp/apt_mk/init.yml
diff --git a/aptly/server/mirror/ubuntu/trusty/mcp/apt_mk/stable.yml b/aptly/server/mirror/ubuntu/trusty/mcp/apt_mk/stable.yml
new file mode 100644
index 0000000..227427e
--- /dev/null
+++ b/aptly/server/mirror/ubuntu/trusty/mcp/apt_mk/stable.yml
@@ -0,0 +1,5 @@
+classes:
+- system.aptly.server.mirror.ubuntu.trusty.mcp.apt_mk
+parameters:
+ _param:
+ apt_mk_version: stable
\ No newline at end of file
diff --git a/aptly/server/mirror/ubuntu/trusty/mcp/apt_mk/testing.yml b/aptly/server/mirror/ubuntu/trusty/mcp/apt_mk/testing.yml
new file mode 100644
index 0000000..c81963f
--- /dev/null
+++ b/aptly/server/mirror/ubuntu/trusty/mcp/apt_mk/testing.yml
@@ -0,0 +1,5 @@
+classes:
+- system.aptly.server.mirror.ubuntu.trusty.mcp.apt_mk
+parameters:
+ _param:
+ apt_mk_version: testing
\ No newline at end of file
diff --git a/aptly/server/mirror/ubuntu/trusty/mcp/openstack.yml b/aptly/server/mirror/ubuntu/trusty/mcp/openstack.yml
deleted file mode 100644
index 32e3b90..0000000
--- a/aptly/server/mirror/ubuntu/trusty/mcp/openstack.yml
+++ /dev/null
@@ -1,73 +0,0 @@
-parameters:
- _param:
- mcp_repo_version: 1.0
- aptly:
- server:
- mirror:
- mirantis_openstack_trusty:
- source: http://mirror.fuel-infra.org/mcp-repos/${_param:mcp_repo_version}/trusty
- distribution: mitaka
- components: main restricted
- architectures: amd64
- key_url: "http://mirror.fuel-infra.org/mcp-repos/${_param:mcp_repo_version}/trusty/archive-mcp${_param:mcp_repo_version}.key"
- gpgkeys:
- - 1FA22B08
- publisher:
- component: main
- distributions:
- - ubuntu-trusty/mitaka
-
- mirantis_openstack_hotfix_trusty:
- source: http://mirror.fuel-infra.org/mcp-repos/${_param:mcp_repo_version}/trusty
- distribution: mitaka-hotfix
- components: main restricted
- architectures: amd64
- key_url: "http://mirror.fuel-infra.org/mcp-repos/${_param:mcp_repo_version}/trusty/archive-mcp${_param:mcp_repo_version}.key"
- gpgkeys:
- - 1FA22B08
- publisher:
- component: main
- distributions:
- - ubuntu-trusty/mitaka-hotfix
-
- mirantis_openstack_security_trusty:
- source: http://mirror.fuel-infra.org/mcp-repos/${_param:mcp_repo_version}/trusty
- distribution: mitaka-security
- components: main restricted
- architectures: amd64
- key_url: "http://mirror.fuel-infra.org/mcp-repos/${_param:mcp_repo_version}/trusty/archive-mcp${_param:mcp_repo_version}.key"
- gpgkeys:
- - 1FA22B08
- publisher:
- component: main
- distributions:
- - ubuntu-trusty/mitaka-security
-
- # required for alternative horizon plugins/etc..
- mirantis_openstack_updates_trusty:
- source: http://mirror.fuel-infra.org/mcp-repos/${_param:mcp_repo_version}/trusty
- distribution: mitaka-updates
- components: main restricted
- architectures: amd64
- key_url: "http://mirror.fuel-infra.org/mcp-repos/${_param:mcp_repo_version}/trusty/archive-mcp${_param:mcp_repo_version}.key"
- gpgkeys:
- - 1FA22B08
- publisher:
- component: main
- distributions:
- - ubuntu-trusty/mitaka-updates
-
- # required for salt formulas
- mirantis_openstack_holdback_trusty:
- source: http://mirror.fuel-infra.org/mcp-repos/${_param:mcp_repo_version}/trusty
- distribution: mitaka-holdback
- components: main restricted
- architectures: amd64
- key_url: "http://mirror.fuel-infra.org/mcp-repos/${_param:mcp_repo_version}/trusty/archive-mcp${_param:mcp_repo_version}.key"
- gpgkeys:
- - 1FA22B08
- publisher:
- component: main
- distributions:
- - ubuntu-trusty/mitaka-holdback
-
diff --git a/aptly/server/mirror/ubuntu/trusty/mcp/openstack_mitaka.yml b/aptly/server/mirror/ubuntu/trusty/mcp/openstack_mitaka.yml
new file mode 100644
index 0000000..d9e54e5
--- /dev/null
+++ b/aptly/server/mirror/ubuntu/trusty/mcp/openstack_mitaka.yml
@@ -0,0 +1,71 @@
+parameters:
+ aptly:
+ server:
+ mirror:
+ mirantis_openstack_mitaka_trusty:
+ source: http://mirror.fuel-infra.org/mcp-repos/mitaka/trusty
+ distribution: mitaka
+ components: main restricted
+ architectures: amd64
+ key_url: "http://mirror.fuel-infra.org/mcp-repos/mitaka/trusty/archive-mcpmitaka.key"
+ gpgkeys:
+ - 1FA22B08
+ publisher:
+ component: main
+ distributions:
+ - ubuntu-trusty/mitaka
+
+ mirantis_openstack_mitaka_hotfix_trusty:
+ source: http://mirror.fuel-infra.org/mcp-repos/mitaka/trusty
+ distribution: mitaka-hotfix
+ components: main restricted
+ architectures: amd64
+ key_url: "http://mirror.fuel-infra.org/mcp-repos/mitaka/trusty/archive-mcpmitaka.key"
+ gpgkeys:
+ - 1FA22B08
+ publisher:
+ component: main
+ distributions:
+ - ubuntu-trusty/mitaka-hotfix
+
+ mirantis_openstack_mitaka_security_trusty:
+ source: http://mirror.fuel-infra.org/mcp-repos/mitaka/trusty
+ distribution: mitaka-security
+ components: main restricted
+ architectures: amd64
+ key_url: "http://mirror.fuel-infra.org/mcp-repos/mitaka/trusty/archive-mcpmitaka.key"
+ gpgkeys:
+ - 1FA22B08
+ publisher:
+ component: main
+ distributions:
+ - ubuntu-trusty/mitaka-security
+
+ # required for alternative horizon plugins/etc..
+ mirantis_openstack_mitaka_updates_trusty:
+ source: http://mirror.fuel-infra.org/mcp-repos/mitaka/trusty
+ distribution: mitaka-updates
+ components: main restricted
+ architectures: amd64
+ key_url: "http://mirror.fuel-infra.org/mcp-repos/mitaka/trusty/archive-mcpmitaka.key"
+ gpgkeys:
+ - 1FA22B08
+ publisher:
+ component: main
+ distributions:
+ - ubuntu-trusty/mitaka-updates
+
+ # required for salt formulas
+ mirantis_openstack_mitaka_holdback_trusty:
+ source: http://mirror.fuel-infra.org/mcp-repos/mitaka/trusty
+ distribution: mitaka-holdback
+ components: main restricted
+ architectures: amd64
+ key_url: "http://mirror.fuel-infra.org/mcp-repos/mitaka/trusty/archive-mcpmitaka.key"
+ gpgkeys:
+ - 1FA22B08
+ publisher:
+ component: main
+ distributions:
+ - ubuntu-trusty/mitaka-holdback
+
diff --git a/aptly/server/mirror/ubuntu/xenial/mcp/openstack.yml b/aptly/server/mirror/ubuntu/xenial/mcp/openstack.yml
deleted file mode 100644
index a23ece8..0000000
--- a/aptly/server/mirror/ubuntu/xenial/mcp/openstack.yml
+++ /dev/null
@@ -1,73 +0,0 @@
-parameters:
- _param:
- mcp_repo_version: 1.0
- aptly:
- server:
- mirror:
- mirantis_openstack_xenial:
- source: http://mirror.fuel-infra.org/mcp-repos/${_param:mcp_repo_version}/xenial
- distribution: mitaka
- components: main restricted
- architectures: amd64
- key_url: "http://mirror.fuel-infra.org/mcp-repos/${_param:mcp_repo_version}/xenial/archive-mcp${_param:mcp_repo_version}.key"
- gpgkeys:
- - 1FA22B08
- publisher:
- component: main
- distributions:
- - ubuntu-xenial/mitaka
-
- mirantis_openstack_hotfix_xenial:
- source: http://mirror.fuel-infra.org/mcp-repos/${_param:mcp_repo_version}/xenial
- distribution: mitaka-hotfix
- components: main restricted
- architectures: amd64
- key_url: "http://mirror.fuel-infra.org/mcp-repos/${_param:mcp_repo_version}/xenial/archive-mcp${_param:mcp_repo_version}.key"
- gpgkeys:
- - 1FA22B08
- publisher:
- component: main
- distributions:
- - ubuntu-xenial/mitaka-hotfix
-
- mirantis_openstack_security_xenial:
- source: http://mirror.fuel-infra.org/mcp-repos/${_param:mcp_repo_version}/xenial
- distribution: mitaka-security
- components: main restricted
- architectures: amd64
- key_url: "http://mirror.fuel-infra.org/mcp-repos/${_param:mcp_repo_version}/xenial/archive-mcp${_param:mcp_repo_version}.key"
- gpgkeys:
- - 1FA22B08
- publisher:
- component: main
- distributions:
- - ubuntu-xenial/mitaka-security
-
- # required for alternative horizon plugins/etc..
- mirantis_openstack_updates_xenial:
- source: http://mirror.fuel-infra.org/mcp-repos/${_param:mcp_repo_version}/xenial
- distribution: mitaka-updates
- components: main restricted
- architectures: amd64
- key_url: "http://mirror.fuel-infra.org/mcp-repos/${_param:mcp_repo_version}/xenial/archive-mcp${_param:mcp_repo_version}.key"
- gpgkeys:
- - 1FA22B08
- publisher:
- component: main
- distributions:
- - ubuntu-xenial/mitaka-updates
-
- # required for salt formulas
- mirantis_openstack_holdback_xenial:
- source: http://mirror.fuel-infra.org/mcp-repos/${_param:mcp_repo_version}/xenial
- distribution: mitaka-holdback
- components: main restricted
- architectures: amd64
- key_url: "http://mirror.fuel-infra.org/mcp-repos/${_param:mcp_repo_version}/xenial/archive-mcp${_param:mcp_repo_version}.key"
- gpgkeys:
- - 1FA22B08
- publisher:
- component: main
- distributions:
- - ubuntu-xenial/mitaka-holdback
-
diff --git a/aptly/server/mirror/ubuntu/xenial/mcp/openstack_mitaka.yml b/aptly/server/mirror/ubuntu/xenial/mcp/openstack_mitaka.yml
new file mode 100644
index 0000000..32254d5
--- /dev/null
+++ b/aptly/server/mirror/ubuntu/xenial/mcp/openstack_mitaka.yml
@@ -0,0 +1,71 @@
+parameters:
+ aptly:
+ server:
+ mirror:
+ mirantis_openstack_mitaka_xenial:
+ source: http://mirror.fuel-infra.org/mcp-repos/mitaka/xenial
+ distribution: mitaka
+ components: main restricted
+ architectures: amd64
+ key_url: "http://mirror.fuel-infra.org/mcp-repos/mitaka/xenial/archive-mcpmitaka.key"
+ gpgkeys:
+ - 1FA22B08
+ publisher:
+ component: main
+ distributions:
+ - ubuntu-xenial/mitaka
+
+ mirantis_openstack_mitaka_hotfix_xenial:
+ source: http://mirror.fuel-infra.org/mcp-repos/mitaka/xenial
+ distribution: mitaka-hotfix
+ components: main restricted
+ architectures: amd64
+ key_url: "http://mirror.fuel-infra.org/mcp-repos/mitaka/xenial/archive-mcpmitaka.key"
+ gpgkeys:
+ - 1FA22B08
+ publisher:
+ component: main
+ distributions:
+ - ubuntu-xenial/mitaka-hotfix
+
+ mirantis_openstack_mitaka_security_xenial:
+ source: http://mirror.fuel-infra.org/mcp-repos/mitaka/xenial
+ distribution: mitaka-security
+ components: main restricted
+ architectures: amd64
+ key_url: "http://mirror.fuel-infra.org/mcp-repos/mitaka/xenial/archive-mcpmitaka.key"
+ gpgkeys:
+ - 1FA22B08
+ publisher:
+ component: main
+ distributions:
+ - ubuntu-xenial/mitaka-security
+
+ # required for alternative horizon plugins/etc..
+ mirantis_openstack_mitaka_updates_xenial:
+ source: http://mirror.fuel-infra.org/mcp-repos/mitaka/xenial
+ distribution: mitaka-updates
+ components: main restricted
+ architectures: amd64
+ key_url: "http://mirror.fuel-infra.org/mcp-repos/mitaka/xenial/archive-mcpmitaka.key"
+ gpgkeys:
+ - 1FA22B08
+ publisher:
+ component: main
+ distributions:
+ - ubuntu-xenial/mitaka-updates
+
+ # required for salt formulas
+ mirantis_openstack_mitaka_holdback_xenial:
+ source: http://mirror.fuel-infra.org/mcp-repos/mitaka/xenial
+ distribution: mitaka-holdback
+ components: main restricted
+ architectures: amd64
+ key_url: "http://mirror.fuel-infra.org/mcp-repos/mitaka/xenial/archive-mcpmitaka.key"
+ gpgkeys:
+ - 1FA22B08
+ publisher:
+ component: main
+ distributions:
+ - ubuntu-xenial/mitaka-holdback
+
diff --git a/aptly/server/mirror/ubuntu/xenial/mcp/openstack_newton.yml b/aptly/server/mirror/ubuntu/xenial/mcp/openstack_newton.yml
new file mode 100644
index 0000000..2f08b2c
--- /dev/null
+++ b/aptly/server/mirror/ubuntu/xenial/mcp/openstack_newton.yml
@@ -0,0 +1,71 @@
+parameters:
+ aptly:
+ server:
+ mirror:
+ mirantis_openstack_newton_xenial:
+ source: http://mirror.fuel-infra.org/mcp-repos/newton/xenial
+ distribution: newton
+ components: main restricted
+ architectures: amd64
+ key_url: "http://mirror.fuel-infra.org/mcp-repos/newton/xenial/archive-mcpnewton.key"
+ gpgkeys:
+ - 1FA22B08
+ publisher:
+ component: main
+ distributions:
+ - ubuntu-xenial/newton
+
+ mirantis_openstack_newton_hotfix_xenial:
+ source: http://mirror.fuel-infra.org/mcp-repos/newton/xenial
+ distribution: newton-hotfix
+ components: main restricted
+ architectures: amd64
+ key_url: "http://mirror.fuel-infra.org/mcp-repos/newton/xenial/archive-mcpnewton.key"
+ gpgkeys:
+ - 1FA22B08
+ publisher:
+ component: main
+ distributions:
+ - ubuntu-xenial/newton-hotfix
+
+ mirantis_openstack_newton_security_xenial:
+ source: http://mirror.fuel-infra.org/mcp-repos/newton/xenial
+ distribution: newton-security
+ components: main restricted
+ architectures: amd64
+ key_url: "http://mirror.fuel-infra.org/mcp-repos/newton/xenial/archive-mcpnewton.key"
+ gpgkeys:
+ - 1FA22B08
+ publisher:
+ component: main
+ distributions:
+ - ubuntu-xenial/newton-security
+
+ # required for alternative horizon plugins/etc..
+ mirantis_openstack_newton_updates_xenial:
+ source: http://mirror.fuel-infra.org/mcp-repos/newton/xenial
+ distribution: newton-updates
+ components: main restricted
+ architectures: amd64
+ key_url: "http://mirror.fuel-infra.org/mcp-repos/newton/xenial/archive-mcpnewton.key"
+ gpgkeys:
+ - 1FA22B08
+ publisher:
+ component: main
+ distributions:
+ - ubuntu-xenial/newton-updates
+
+ # required for salt formulas
+ mirantis_openstack_newton_holdback_xenial:
+ source: http://mirror.fuel-infra.org/mcp-repos/newton/xenial
+ distribution: newton-holdback
+ components: main restricted
+ architectures: amd64
+ key_url: "http://mirror.fuel-infra.org/mcp-repos/newton/xenial/archive-mcpnewton.key"
+ gpgkeys:
+ - 1FA22B08
+ publisher:
+ component: main
+ distributions:
+ - ubuntu-xenial/newton-holdback
+
diff --git a/aptly/server/mirror/ubuntu/xenial/mcp/openstack_ocata.yml b/aptly/server/mirror/ubuntu/xenial/mcp/openstack_ocata.yml
new file mode 100644
index 0000000..8c12ddc
--- /dev/null
+++ b/aptly/server/mirror/ubuntu/xenial/mcp/openstack_ocata.yml
@@ -0,0 +1,71 @@
+parameters:
+ aptly:
+ server:
+ mirror:
+ mirantis_openstack_ocata_xenial:
+ source: http://mirror.fuel-infra.org/mcp-repos/ocata/xenial
+ distribution: ocata
+ components: main restricted
+ architectures: amd64
+ key_url: "http://mirror.fuel-infra.org/mcp-repos/ocata/xenial/archive-mcpocata.key"
+ gpgkeys:
+ - 1FA22B08
+ publisher:
+ component: main
+ distributions:
+ - ubuntu-xenial/ocata
+
+ mirantis_openstack_ocata_hotfix_xenial:
+ source: http://mirror.fuel-infra.org/mcp-repos/ocata/xenial
+ distribution: ocata-hotfix
+ components: main restricted
+ architectures: amd64
+ key_url: "http://mirror.fuel-infra.org/mcp-repos/ocata/xenial/archive-mcpocata.key"
+ gpgkeys:
+ - 1FA22B08
+ publisher:
+ component: main
+ distributions:
+ - ubuntu-xenial/ocata-hotfix
+
+ mirantis_openstack_ocata_security_xenial:
+ source: http://mirror.fuel-infra.org/mcp-repos/ocata/xenial
+ distribution: ocata-security
+ components: main restricted
+ architectures: amd64
+ key_url: "http://mirror.fuel-infra.org/mcp-repos/ocata/xenial/archive-mcpocata.key"
+ gpgkeys:
+ - 1FA22B08
+ publisher:
+ component: main
+ distributions:
+ - ubuntu-xenial/ocata-security
+
+ # required for alternative horizon plugins/etc..
+ mirantis_openstack_ocata_updates_xenial:
+ source: http://mirror.fuel-infra.org/mcp-repos/ocata/xenial
+ distribution: ocata-updates
+ components: main restricted
+ architectures: amd64
+ key_url: "http://mirror.fuel-infra.org/mcp-repos/ocata/xenial/archive-mcpocata.key"
+ gpgkeys:
+ - 1FA22B08
+ publisher:
+ component: main
+ distributions:
+ - ubuntu-xenial/ocata-updates
+
+ # required for salt formulas
+ mirantis_openstack_ocata_holdback_xenial:
+ source: http://mirror.fuel-infra.org/mcp-repos/ocata/xenial
+ distribution: ocata-holdback
+ components: main restricted
+ architectures: amd64
+ key_url: "http://mirror.fuel-infra.org/mcp-repos/ocata/xenial/archive-mcpocata.key"
+ gpgkeys:
+ - 1FA22B08
+ publisher:
+ component: main
+ distributions:
+ - ubuntu-xenial/ocata-holdback
+
diff --git a/backupninja/client/single.yml b/backupninja/client/single.yml
new file mode 100644
index 0000000..6eecc33
--- /dev/null
+++ b/backupninja/client/single.yml
@@ -0,0 +1,2 @@
+classes:
+- service.backupninja.client.single
diff --git a/backupninja/server/single.yml b/backupninja/server/single.yml
new file mode 100644
index 0000000..9897a6c
--- /dev/null
+++ b/backupninja/server/single.yml
@@ -0,0 +1,2 @@
+classes:
+- service.backupninja.server.single
diff --git a/ceilometer/server/coordination/redis.yml b/ceilometer/server/coordination/redis.yml
new file mode 100644
index 0000000..e013e0f
--- /dev/null
+++ b/ceilometer/server/coordination/redis.yml
@@ -0,0 +1,7 @@
+classes:
+- service.redis.server.single
+parameters:
+ aodh:
+ server:
+ coordination_backend:
+ url: redis://${_param:single_address}:6379/${_param:cluster_node01_address}
diff --git a/ceilometer/server/single.yml b/ceilometer/server/single.yml
index a8b1f90..9758af2 100644
--- a/ceilometer/server/single.yml
+++ b/ceilometer/server/single.yml
@@ -1,7 +1,7 @@
classes:
- service.ceilometer.server.single
parameters:
- ceilometer:
+ ceilometer:
server:
database:
influxdb:
diff --git a/devops_portal/service/security_monkey.yml b/devops_portal/service/security_monkey.yml
new file mode 100644
index 0000000..3638e56
--- /dev/null
+++ b/devops_portal/service/security_monkey.yml
@@ -0,0 +1,10 @@
+parameters:
+ devops_portal:
+ config:
+ service:
+ securitymonkey:
+ configure_proxy: true
+ endpoint:
+ address: ${_param:haproxy_security_monkey_bind_host}
+ port: ${_param:haproxy_security_monkey_bind_port}
+ https: ${_param:haproxy_security_monkey_ssl:enabled}
diff --git a/docker/swarm/service/dashboard/grafana_server.yml b/docker/swarm/service/dashboard/grafana_server.yml
index 4ed587e..9da7aa5 100644
--- a/docker/swarm/service/dashboard/grafana_server.yml
+++ b/docker/swarm/service/dashboard/grafana_server.yml
@@ -1,10 +1,21 @@
parameters:
+ _param:
+ docker_grafana_replicas: 1
+ grafana_database_type: sqlite3
+ grafana_database_host: localhost
+ grafana_database_port: 3306
+ grafana_database_password: password
docker:
client:
service:
grafana_server:
- replica: 1
+ replicas: ${_param:docker_grafana_replicas}
environment:
+ GF_DATABASE_TYPE: ${_param:grafana_database_type}
+ GF_DATABASE_NAME: grafana
+ GF_DATABASE_USER: grafana
+ GF_DATABASE_PASSWORD: ${_param:grafana_database_password}
+ GF_DATABASE_HOST: "${_param:grafana_database_host}:${_param:grafana_database_port}"
GF_SECURITY_ADMIN_PASSWORD: ${_param:grafana_admin_password}
restart:
condition: any
diff --git a/docker/swarm/stack/dashboard.yml b/docker/swarm/stack/dashboard.yml
index 5621d8a..2ee123b 100644
--- a/docker/swarm/stack/dashboard.yml
+++ b/docker/swarm/stack/dashboard.yml
@@ -1,4 +1,10 @@
parameters:
+ _param:
+ docker_grafana_replicas: 1
+ grafana_database_type: sqlite3
+ grafana_database_host: localhost
+ grafana_database_port: 3306
+ grafana_database_password: password
docker:
client:
stack:
@@ -6,11 +12,16 @@
service:
grafana:
deploy:
- replicas: 1
+ replicas: ${_param:docker_grafana_replicas}
restart_policy:
condition: any
image: ${_param:docker_image_grafana}
ports:
- 15013:3000
environment:
+ GF_DATABASE_TYPE: ${_param:grafana_database_type}
+ GF_DATABASE_NAME: grafana
+ GF_DATABASE_USER: grafana
+ GF_DATABASE_PASSWORD: ${_param:grafana_database_password}
+ GF_DATABASE_HOST: "${_param:grafana_database_host}:${_param:grafana_database_port}"
GF_SECURITY_ADMIN_PASSWORD: ${_param:grafana_admin_password}
diff --git a/docker/swarm/stack/elasticsearch.yml b/docker/swarm/stack/elasticsearch.yml
new file mode 100644
index 0000000..083388c
--- /dev/null
+++ b/docker/swarm/stack/elasticsearch.yml
@@ -0,0 +1,19 @@
+parameters:
+ _param:
+ elasticsearch_replicas: 1
+ docker_image_oss_elasticsearch: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/elasticsearch:latest
+ docker:
+ client:
+ stack:
+ elasticsearch:
+ service:
+ cluster:
+ image: ${_param:docker_image_oss_elasticsearch}
+ deploy:
+ replicas: ${_param:elasticsearch_replicas}
+ restart_policy:
+ condition: any
+ ports:
+ - ${_param:haproxy_elasticsearch_exposed_port}:${_param:haproxy_elasticsearch_bind_port}
+ volumes:
+ - /srv/volumes/elasticsearch:/usr/share/elasticsearch/data
diff --git a/docker/swarm/stack/gerrit.yml b/docker/swarm/stack/gerrit.yml
index 788d97e..48466ef 100644
--- a/docker/swarm/stack/gerrit.yml
+++ b/docker/swarm/stack/gerrit.yml
@@ -39,7 +39,7 @@
LDAP_GROUPBASE: ${_param:gerrit_ldap_group_base}
LDAP_USERNAME: ${_param:gerrit_ldap_bind_user}
LDAP_PASSWORD: ${_param:gerrit_ldap_bind_password}
- WEBURL: ${_param:gerrit_public_host}
+ WEBURL: http://${_param:gerrit_public_host}:8080
GERRIT_ADMIN_SSH_PUBLIC: ${_param:gerrit_admin_public_key}
GERRIT_ADMIN_PWD: ${_param:gerrit_admin_password}
GERRIT_ADMIN_EMAIL: ${_param:gerrit_admin_email}
@@ -50,6 +50,7 @@
MYSQL_PASSWORD: ${_param:mysql_gerrit_password}
MYSQL_DATABASE: gerrit
MYSQL_ROOT_PASSWORD: ${_param:mysql_admin_password}
+ MYSQL_START_TIMEOUT: 300
deploy:
restart_policy:
condition: any
diff --git a/docker/swarm/stack/ldap.yml b/docker/swarm/stack/ldap.yml
index 6e94695..a5fe135 100644
--- a/docker/swarm/stack/ldap.yml
+++ b/docker/swarm/stack/ldap.yml
@@ -8,6 +8,8 @@
ldap:
service:
server:
+ networks:
+ - ldap
deploy:
restart_policy:
condition: any
@@ -28,6 +30,8 @@
LDAP_CONFIG_PASSWORD: ${_param:openldap_config_password}
LDAP_TLS: "false"
admin:
+ networks:
+ - ldap
deploy:
restart_policy:
condition: any
@@ -35,12 +39,16 @@
depends_on:
- server
hostname: ldap
- domainname: ${_param:openldap_domain}
environment:
- PHPLDAPADMIN_LDAP_HOSTS: "#PYTHON2BASH:[{'ldap.${_param:openldap_domain}': [{'server': [{'tls': False}]},{'login': [{'bind_id': 'cn=admin,${_param:openldap_dn}'},{'bind_pass': '${_param:openldap_admin_password}'}]}]}]"
+ PHPLDAPADMIN_LDAP_HOSTS: "#PYTHON2BASH:[{'server': [{'server': [{'tls': False}]},{'login': [{'bind_id': 'cn=admin,${_param:openldap_dn}'},{'bind_pass': '${_param:openldap_admin_password}'}]}]}]"
PHPLDAPADMIN_HTTPS: "false"
PHPLDAPADMIN_TRUST_PROXY_SSL: "true"
PHPLDAPADMIN_SERVER_ADMIN: ${_param:admin_email}
PHPLDAPADMIN_THEME: mirantis
ports:
- 18089:80
+ network:
+ ldap:
+ driver: overlay
+ driver_opts:
+ encrypted: 1
diff --git a/docker/swarm/stack/postgresql.yml b/docker/swarm/stack/postgresql.yml
new file mode 100644
index 0000000..bdad6fb
--- /dev/null
+++ b/docker/swarm/stack/postgresql.yml
@@ -0,0 +1,24 @@
+parameters:
+ _param:
+ docker_postgresql_replicas: 1
+ docker_image_postgresql: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/postgresql:latest
+ postgresql_admin_user: postgres
+ postgresql_admin_user_password: postgrespassword
+ docker:
+ client:
+ stack:
+ postgresql:
+ environment:
+ POSTGRES_USER: ${_param:postgresql_admin_user}
+ POSTGRES_PASSWORD: ${_param:postgresql_admin_user_password}
+ service:
+ db:
+ image: ${_param:docker_image_postgresql}
+ deploy:
+ replicas: ${_param:docker_postgresql_replicas}
+ restart_policy:
+ condition: any
+ ports:
+ - ${_param:haproxy_postgresql_exposed_port}:${_param:haproxy_postgresql_bind_port}
+ volumes:
+ - /srv/volumes/postgresql/data:/var/lib/postgresql/data
diff --git a/docker/swarm/stack/pushkin.yml b/docker/swarm/stack/pushkin.yml
index b28b1e9..3232301 100644
--- a/docker/swarm/stack/pushkin.yml
+++ b/docker/swarm/stack/pushkin.yml
@@ -1,36 +1,20 @@
parameters:
_param:
- docker_pushkin_db_replicas: 1
- docker_image_pushkin_db: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/pushkindb:latest
- pushkin_db_password: pushkin
- pushkin_db_user: pushkin
- pushkin_db: pushkin
docker_pushkin_replicas: 1
docker_image_pushkin: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/pushkin:latest
- elasticsearch_replicas: 1
- docker_image_oss_elasticsearch: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/elasticsearch:latest
+ pushkin_db: pushkin
docker:
client:
stack:
pushkin:
environment:
POSTGRES_USER: ${_param:pushkin_db_user}
- POSTGRES_PASSWORD: ${_param:pushkin_db_password}
+ POSTGRES_PASSWORD: ${_param:pushkin_db_user_password}
POSTGRES_DB: ${_param:pushkin_db}
- PUSHKINDBHOST: ${_param:haproxy_pushkin_db_bind_host}
+ PUSHKINDBHOST: ${_param:pushkin_db_host}
PUSHKINELASTICHOST: ${_param:haproxy_elasticsearch_bind_host}
service:
- db:
- image: ${_param:docker_image_pushkin_db}
- deploy:
- replicas: ${_param:docker_pushkin_db_replicas}
- restart_policy:
- condition: any
- ports:
- - ${_param:haproxy_pushkin_db_exposed_port}:${_param:haproxy_pushkin_db_bind_port}
- volumes:
- - /srv/volumes/pushkin/data:/var/lib/postgresql/data
- backend:
+ api:
image: ${_param:docker_image_pushkin}
deploy:
replicas: ${_param:docker_pushkin_replicas}
@@ -39,14 +23,4 @@
ports:
- ${_param:haproxy_pushkin_exposed_port}:${_param:haproxy_pushkin_bind_port}
volumes:
- - /srv/volumes/pushkin/logs:/var/log/pushkin
- elasticsearch:
- image: ${_param:docker_image_oss_elasticsearch}
- deploy:
- replicas: ${_param:elasticsearch_replicas}
- restart_policy:
- condition: any
- ports:
- - ${_param:haproxy_elasticsearch_exposed_port}:${_param:haproxy_elasticsearch_bind_port}
- volumes:
- - /srv/volumes/elasticsearch:/usr/share/elasticsearch/data
+ - /srv/volumes/pushkin/api:/var/log/pushkin
\ No newline at end of file
diff --git a/docker/swarm/stack/security_monkey.yml b/docker/swarm/stack/security_monkey.yml
new file mode 100644
index 0000000..479b028
--- /dev/null
+++ b/docker/swarm/stack/security_monkey.yml
@@ -0,0 +1,35 @@
+parameters:
+ _param:
+ docker_security_monkey_api_replicas: 1
+ docker_security_monkey_scheduler_replicas: 1
+ docker_image_security_monkey_api: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/security-monkey-api:3842.6
+ docker_image_security_monkey_scheduler: docker-sandbox.sandbox.mirantis.net/vstoiko/oss/security-monkey-scheduler:3842.6
+ security_monkey_db: secmonkey
+ docker:
+ client:
+ stack:
+ security_monkey:
+ environment:
+ SECURITY_MONKEY_POSTGRES_USER: ${_param:secmonkey_db_user}
+ SECURITY_MONKEY_POSTGRES_PASSWORD: ${_param:secmonkey_db_user_password}
+ SECURITY_MONKEY_POSTGRES_HOST: ${_param:secmonkey_db_host}
+ SECURITY_MONKEY_POSTGRES_PORT: ${_param:haproxy_postgresql_bind_port}
+ service:
+ api:
+ image: ${_param:docker_image_security_monkey_api}
+ deploy:
+ replicas: ${_param:docker_security_monkey_api_replicas}
+ restart_policy:
+ condition: any
+ ports:
+ - ${_param:haproxy_security_monkey_exposed_port}:${_param:haproxy_security_monkey_bind_port}
+ volumes:
+ - /srv/volumes/security_monkey:/var/log/security_monkey
+ scheduler:
+ image: ${_param:docker_image_security_monkey_scheduler}
+ deploy:
+ replicas: ${_param:docker_security_monkey_scheduler_replicas}
+ restart_policy:
+ condition: any
+ volumes:
+ - /srv/volumes/security_monkey:/var/log/security_monkey
\ No newline at end of file
diff --git a/glusterfs/client/volume/security_monkey.yml b/glusterfs/client/volume/security_monkey.yml
new file mode 100644
index 0000000..b008669
--- /dev/null
+++ b/glusterfs/client/volume/security_monkey.yml
@@ -0,0 +1,13 @@
+parameters:
+ _param:
+ security_monkey_glusterfs_service_host: ${_param:glusterfs_service_host}
+ glusterfs_node01_address: ${_param:cluster_node01_address}
+ glusterfs_node02_address: ${_param:cluster_node02_address}
+ glusterfs_node03_address: ${_param:cluster_node03_address}
+ glusterfs:
+ client:
+ volumes:
+ security_monkey:
+ path: /srv/volumes/security_monkey
+ server: ${_param:security_monkey_glusterfs_service_host}
+ opts: "defaults,backup-volfile-servers=${_param:glusterfs_node01_address}:${_param:glusterfs_node02_address}:${_param:glusterfs_node03_address}"
diff --git a/glusterfs/cluster.yml b/glusterfs/cluster.yml
index e69de29..8a5c595 100644
--- a/glusterfs/cluster.yml
+++ b/glusterfs/cluster.yml
@@ -0,0 +1,2 @@
+classes:
+- service.glusterfs.server
diff --git a/glusterfs/server/volume/security_monkey.yml b/glusterfs/server/volume/security_monkey.yml
new file mode 100644
index 0000000..478aec3
--- /dev/null
+++ b/glusterfs/server/volume/security_monkey.yml
@@ -0,0 +1,17 @@
+parameters:
+ glusterfs:
+ server:
+ volumes:
+ security_monkey:
+ storage: /srv/glusterfs/security_monkey
+ replica: 3
+ bricks:
+ - ${_param:cluster_node01_address}:/srv/glusterfs/security_monkey
+ - ${_param:cluster_node02_address}:/srv/glusterfs/security_monkey
+ - ${_param:cluster_node03_address}:/srv/glusterfs/security_monkey
+ options:
+ cluster.readdir-optimize: On
+ nfs.disable: On
+ network.remote-dio: On
+ diagnostics.client-log-level: WARNING
+ diagnostics.brick-log-level: WARNING
diff --git a/grafana/client/datasource/influxdb.yml b/grafana/client/datasource/influxdb.yml
new file mode 100644
index 0000000..7abe22f
--- /dev/null
+++ b/grafana/client/datasource/influxdb.yml
@@ -0,0 +1,17 @@
+parameters:
+ _param:
+ grafana_influxdb_is_default: true
+ grafana_influxdb_ds_name: influxdb
+ grafana:
+ client:
+ datasource:
+ influxdb:
+ type: influxdb
+ name: ${_param:grafana_influxdb_ds_name}
+ host: ${_param:grafana_influxdb_address}
+ port: ${_param:grafana_influxdb_port}
+ user: ${_param:grafana_influxdb_user}
+ password: ${_param:grafana_influxdb_password}
+ database: ${_param:grafana_influxdb_database}
+ is_default: ${_param:grafana_influxdb_is_default}
+
diff --git a/grafana/client/datasource/prometheus.yml b/grafana/client/datasource/prometheus.yml
new file mode 100644
index 0000000..c4835ef
--- /dev/null
+++ b/grafana/client/datasource/prometheus.yml
@@ -0,0 +1,14 @@
+parameters:
+ _param:
+ grafana_prometheus_is_default: true
+ grafana_prometheus_ds_name: prometheus
+ grafana:
+ client:
+ datasource:
+ prometheus:
+ type: prometheus
+ name: ${_param:grafana_prometheus_ds_name}
+ host: ${_param:grafana_prometheus_address}
+ port: ${_param:grafana_prometheus_port}
+ is_default: ${_param:grafana_prometheus_is_default}
+
diff --git a/grafana/client/init.yml b/grafana/client/init.yml
new file mode 100644
index 0000000..08a9be8
--- /dev/null
+++ b/grafana/client/init.yml
@@ -0,0 +1,17 @@
+classes:
+- service.grafana.client.single
+parameters:
+ _param:
+ grafana_protocol: http
+ grafana_port: 3000
+ grafana:
+ client:
+ enabled: true
+ server:
+ protocol: ${_param:grafana_protocol}
+ host: ${_param:grafana_address}
+ port: ${_param:grafana_port}
+ user: ${_param:grafana_user}
+ password: ${_param:grafana_password}
+ remote_data:
+ engine: 'salt_mine'
diff --git a/grafana/client/single.yml b/grafana/client/single.yml
index 49ac876..87992a7 100644
--- a/grafana/client/single.yml
+++ b/grafana/client/single.yml
@@ -1,23 +1,12 @@
classes:
-- service.grafana.client.single
+- system.grafana.client
+- system.grafana.client.datasource.influxdb
parameters:
- grafana:
- client:
- enabled: true
- server:
- protocol: http
- host: ${_param:stacklight_monitor_address}
- port: 3000
- user: ${_param:grafana_user}
- password: ${_param:grafana_password}
- remote_data:
- engine: 'salt_mine'
- datasource:
- lma:
- type: influxdb
- host: ${_param:grafana_influxdb_host}
- port: ${_param:influxdb_port}
- user: lma
- password: ${_param:influxdb_stacklight_password}
- database: lma
- is_default: true
+ _param:
+ grafana_address: ${_param:stacklight_monitor_address}
+ grafana_influxdb_address: ${_param:grafana_influxdb_host}
+ grafana_influxdb_port: ${_param:influxdb_port}
+ grafana_influxdb_user: lma
+ grafana_influxdb_password: ${_param:influxdb_stacklight_password}
+ grafana_influxdb_database: lma
+ grafana_influxdb_ds_name: lma
diff --git a/haproxy/proxy/listen/oss/postgresql.yml b/haproxy/proxy/listen/oss/postgresql.yml
new file mode 100644
index 0000000..1bc1f44
--- /dev/null
+++ b/haproxy/proxy/listen/oss/postgresql.yml
@@ -0,0 +1,32 @@
+parameters:
+ _param:
+ haproxy_postgresql_bind_host: ${_param:haproxy_bind_address}
+ haproxy_postgresql_bind_port: 5432
+ haproxy_postgresql_exposed_port: 15432
+ haproxy_postgresql_ssl:
+ enabled: false
+ haproxy:
+ proxy:
+ listen:
+ postgresql:
+ mode: tcp
+ balance: source
+ options:
+ - tcp-check
+ binds:
+ - address: ${_param:haproxy_postgresql_bind_host}
+ port: ${_param:haproxy_postgresql_bind_port}
+ ssl: ${_param:haproxy_postgresql_ssl}
+ servers:
+ - name: ${_param:cluster_node01_name}
+ host: ${_param:cluster_node01_address}
+ port: ${_param:haproxy_postgresql_exposed_port}
+ params: check port ${_param:haproxy_postgresql_exposed_port}
+ - name: ${_param:cluster_node02_name}
+ host: ${_param:cluster_node02_address}
+ port: ${_param:haproxy_postgresql_exposed_port}
+ params: backup check port ${_param:haproxy_postgresql_exposed_port}
+ - name: ${_param:cluster_node03_name}
+ host: ${_param:cluster_node03_address}
+ port: ${_param:haproxy_postgresql_exposed_port}
+ params: backup check port ${_param:haproxy_postgresql_exposed_port}
diff --git a/haproxy/proxy/listen/oss/pushkin_db.yml b/haproxy/proxy/listen/oss/pushkin_db.yml
deleted file mode 100644
index c67c591..0000000
--- a/haproxy/proxy/listen/oss/pushkin_db.yml
+++ /dev/null
@@ -1,32 +0,0 @@
-parameters:
- _param:
- haproxy_pushkin_db_bind_host: ${_param:haproxy_bind_address}
- haproxy_pushkin_db_bind_port: 5432
- haproxy_pushkin_db_exposed_port: 15432
- haproxy_pushkin_db_ssl:
- enabled: false
- haproxy:
- proxy:
- listen:
- pushkin_db:
- mode: tcp
- balance: source
- options:
- - tcp-check
- binds:
- - address: ${_param:haproxy_pushkin_db_bind_host}
- port: ${_param:haproxy_pushkin_db_bind_port}
- ssl: ${_param:haproxy_pushkin_db_ssl}
- servers:
- - name: ${_param:cluster_node01_name}
- host: ${_param:cluster_node01_address}
- port: ${_param:haproxy_pushkin_db_exposed_port}
- params: check port ${_param:haproxy_pushkin_db_exposed_port}
- - name: ${_param:cluster_node02_name}
- host: ${_param:cluster_node02_address}
- port: ${_param:haproxy_pushkin_db_exposed_port}
- params: backup check port ${_param:haproxy_pushkin_db_exposed_port}
- - name: ${_param:cluster_node03_name}
- host: ${_param:cluster_node03_address}
- port: ${_param:haproxy_pushkin_db_exposed_port}
- params: backup check port ${_param:haproxy_pushkin_db_exposed_port}
diff --git a/haproxy/proxy/listen/oss/security_monkey.yml b/haproxy/proxy/listen/oss/security_monkey.yml
new file mode 100644
index 0000000..5498699
--- /dev/null
+++ b/haproxy/proxy/listen/oss/security_monkey.yml
@@ -0,0 +1,37 @@
+parameters:
+ _param:
+ haproxy_security_monkey_bind_host: ${_param:haproxy_bind_address}
+ haproxy_security_monkey_bind_port: 5001
+ haproxy_security_monkey_exposed_port: 15001
+ haproxy_security_monkey_ssl:
+ enabled: false
+ haproxy:
+ proxy:
+ listen:
+ security_monkey:
+ mode: http
+ options:
+ - httpchk GET /
+ balance: source
+ http_request:
+ - action: "add-header X-Forwarded-Proto https"
+ condition: "if { ssl_fc }"
+ sticks:
+ - http-check expect status 404
+ binds:
+ - address: ${_param:haproxy_security_monkey_bind_host}
+ port: ${_param:haproxy_security_monkey_bind_port}
+ ssl: ${_param:haproxy_security_monkey_ssl}
+ servers:
+ - name: ${_param:cluster_node01_name}
+ host: ${_param:cluster_node01_address}
+ port: ${_param:haproxy_security_monkey_exposed_port}
+ params: check
+ - name: ${_param:cluster_node02_name}
+ host: ${_param:cluster_node02_address}
+ port: ${_param:haproxy_security_monkey_exposed_port}
+ params: backup check
+ - name: ${_param:cluster_node03_name}
+ host: ${_param:cluster_node03_address}
+ port: ${_param:haproxy_security_monkey_exposed_port}
+ params: backup check
diff --git a/horizon/server/cluster.yml b/horizon/server/cluster.yml
index fbe8df4..8ee48a3 100644
--- a/horizon/server/cluster.yml
+++ b/horizon/server/cluster.yml
@@ -1,5 +1,16 @@
classes:
- service.keepalived.cluster.single
-- service.horizon.server.single
+- service.horizon.server.cluster
- service.haproxy.proxy.single
- system.haproxy.proxy.listen.openstack.horizon
+- system.memcached.server.single
+parameters:
+ _param:
+ horizon_site_branding: "OpenStack Dashboard"
+ horizon:
+ server:
+ branding: ${_param:horizon_site_branding}
+ plugin: {}
+ session:
+ engine: "cache"
+
diff --git a/horizon/server/single.yml b/horizon/server/single.yml
index c20de5a..2b59f52 100644
--- a/horizon/server/single.yml
+++ b/horizon/server/single.yml
@@ -1,8 +1,9 @@
classes:
- service.horizon.server.single
+- system.memcached.server.single
parameters:
_param:
- horizon_site_branding: OpenStack Dashboard
+ horizon_site_branding: "OpenStack Dashboard"
horizon:
server:
branding: ${_param:horizon_site_branding}
@@ -10,3 +11,6 @@
address: 0.0.0.0
port: 8078
plugin: {}
+ session:
+ engine: "cache"
+
diff --git a/jenkins/client/init.yml b/jenkins/client/init.yml
index 07720fa..ef0241d 100644
--- a/jenkins/client/init.yml
+++ b/jenkins/client/init.yml
@@ -17,6 +17,7 @@
password: ${_param:jenkins_client_password}
plugin:
ansicolor: {}
+ artifactory: {}
build-blocker-plugin: {}
build-monitor-plugin: {}
build-user-vars-plugin: {}
diff --git a/jenkins/client/job/debian/packages/heat/resources.yml b/jenkins/client/job/debian/packages/heat/resources.yml
new file mode 100644
index 0000000..01033ad
--- /dev/null
+++ b/jenkins/client/job/debian/packages/heat/resources.yml
@@ -0,0 +1,85 @@
+parameters:
+ jenkins:
+ client:
+ job_template:
+ build-debian-heat-resources:
+ name: build-debian-{{name}}-{{os}}-{{dist}}
+ jobs:
+ # Trusty
+ - name: heat-resource-salt
+ os: ubuntu
+ dist: trusty
+ branch: master
+ # Xenial
+ - name: heat-resource-salt
+ os: ubuntu
+ dist: xenial
+ branch: master
+ template:
+ discard:
+ build:
+ keep_num: 10
+ artifact:
+ keep_num: 10
+ type: workflow-scm
+ concurrent: false
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+ credentials: "gerrit"
+ script: build-debian-packages-pipeline.groovy
+ trigger:
+ gerrit:
+ project:
+ salt-formulas/{{name}}:
+ branches:
+ - "{{branch}}"
+ message:
+ build_successful: "Build successful"
+ build_unstable: "Build unstable"
+ build_failure: "Build failed"
+ event:
+ ref:
+ - updated
+ param:
+ SOURCE_URL:
+ type: string
+ default: "git@github.com:salt-formulas/heat-resource-salt.git"
+ SOURCE_BRANCH:
+ type: string
+ default: "{{branch}}"
+ SOURCE_CREDENTIALS:
+ type: string
+ default: "github-credentials"
+ DEBIAN_SNAPSHOT:
+ type: boolean
+ default: 'true'
+ REVISION_POSTFIX:
+ type: string
+ default: '~{{dist}}1'
+ EXTRA_REPO_URL:
+ type: string
+ default: "deb ${_param:jenkins_aptly_url}/{{dist}}/ testing extra"
+ EXTRA_REPO_KEY_URL:
+ type: string
+ default: "${_param:jenkins_aptly_url}/public.gpg"
+ APTLY_URL:
+ type: string
+ default: "${_param:jenkins_aptly_api_url}"
+ APTLY_REPO:
+ type: string
+ default: "{{os}}-{{dist}}-extra"
+ OS:
+ type: string
+ default: "{{os}}"
+ DIST:
+ type: string
+ default: "{{dist}}"
+ ARCH:
+ type: string
+ default: "amd64"
+ UPLOAD_APTLY:
+ type: boolean
+ default: 'true'
+ PRE_BUILD_SCRIPT:
+ type: text
diff --git a/jenkins/client/job/debian/packages/horizon/modules.yml b/jenkins/client/job/debian/packages/horizon/modules.yml
index 2b6477b..235c84c 100644
--- a/jenkins/client/job/debian/packages/horizon/modules.yml
+++ b/jenkins/client/job/debian/packages/horizon/modules.yml
@@ -29,6 +29,66 @@
dist: xenial
os_version: mitaka
branch: stable/mitaka
+ # Trusty
+ - name: horizon-contrail-panels
+ os: ubuntu
+ dist: trusty
+ os_version: newton
+ branch: stable/newton
+ # Xenial
+ - name: horizon-contrail-panels
+ os: ubuntu
+ dist: xenial
+ os_version: newton
+ branch: stable/newton
+ # Trusty
+ - name: horizon-contrail-panels
+ os: ubuntu
+ dist: trusty
+ os_version: ocata
+ branch: stable/ocata
+ # Xenial
+ - name: horizon-contrail-panels
+ os: ubuntu
+ dist: xenial
+ os_version: ocata
+ branch: stable/ocata
+ # Trusty
+ - name: horizon-jenkins-dashboard
+ os: ubuntu
+ dist: trusty
+ os_version: liberty
+ branch: stable/liberty
+ # Xenial
+ - name: horizon-jenkins-dashboard
+ os: ubuntu
+ dist: xenial
+ os_version: liberty
+ branch: stable/liberty
+ # Trusty
+ - name: horizon-telemetry-dashboard
+ os: ubuntu
+ dist: trusty
+ os_version: liberty
+ branch: stable/liberty
+ # Xenial
+ - name: horizon-telemetry-dashboard
+ os: ubuntu
+ dist: xenial
+ os_version: liberty
+ branch: stable/liberty
+ # Trusty
+ - name: horizon-telemetry-dashboard
+ os: ubuntu
+ dist: trusty
+ os_version: mitaka
+ branch: stable/mitaka
+ # Xenial
+ - name: horizon-telemetry-dashboard
+ os: ubuntu
+ dist: xenial
+ os_version: mitaka
+ branch: stable/mitaka
template:
discard:
build:
@@ -45,7 +105,7 @@
trigger:
gerrit:
project:
- salt-formulas/{{name}}:
+ horizon-modules/{{name}}:
branches:
- "{{branch}}"
message:
diff --git a/jenkins/client/job/debian/packages/horizon/themes.yml b/jenkins/client/job/debian/packages/horizon/themes.yml
index b96a0c6..a5ad56a 100644
--- a/jenkins/client/job/debian/packages/horizon/themes.yml
+++ b/jenkins/client/job/debian/packages/horizon/themes.yml
@@ -33,7 +33,7 @@
trigger:
gerrit:
project:
- salt-formulas/{{name}}:
+ horizon-themes/{{name}}:
branches:
- "{{branch}}"
message:
diff --git a/jenkins/client/job/debian/packages/init.yml b/jenkins/client/job/debian/packages/init.yml
index cb4c245..2fff22c 100644
--- a/jenkins/client/job/debian/packages/init.yml
+++ b/jenkins/client/job/debian/packages/init.yml
@@ -3,6 +3,7 @@
- system.jenkins.client.job.debian.packages.salt
- system.jenkins.client.job.debian.packages.salt-multi
- system.jenkins.client.job.debian.packages.horizon
+ - system.jenkins.client.job.debian.packages.heat.resources
parameters:
jenkins:
client:
diff --git a/jenkins/client/job/deploy/update/init.yml b/jenkins/client/job/deploy/update/init.yml
index af87dcf..a65d440 100644
--- a/jenkins/client/job/deploy/update/init.yml
+++ b/jenkins/client/job/deploy/update/init.yml
@@ -2,3 +2,4 @@
- system.jenkins.client.job.deploy.update.package
- system.jenkins.client.job.deploy.update.config
- system.jenkins.client.job.deploy.update.saltenv
+ - system.jenkins.client.job.deploy.update.upgrade
diff --git a/jenkins/client/job/deploy/update/upgrade.yml b/jenkins/client/job/deploy/update/upgrade.yml
new file mode 100644
index 0000000..81a7b16
--- /dev/null
+++ b/jenkins/client/job/deploy/update/upgrade.yml
@@ -0,0 +1,25 @@
+#
+# Jobs to update packages on given Salt master environment
+#
+parameters:
+ _param:
+ jenkins_salt_api_url: "http://${_param:salt_master_host}:6969"
+ jenkins:
+ client:
+ job:
+ deploy-upgrade-control:
+ type: workflow-scm
+ concurrent: true
+ display_name: "Deploy - upgrade control VMs"
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+ credentials: "gerrit"
+ script: openstack-control-upgrade.groovy
+ param:
+ SALT_MASTER_URL:
+ type: string
+ default: "${_param:jenkins_salt_api_url}"
+ SALT_MASTER_CREDENTIALS:
+ type: string
+ default: "salt"
diff --git a/jenkins/client/job/docker/devops-portal.yml b/jenkins/client/job/docker/devops-portal.yml
new file mode 100644
index 0000000..14735b6
--- /dev/null
+++ b/jenkins/client/job/docker/devops-portal.yml
@@ -0,0 +1,56 @@
+parameters:
+ jenkins:
+ client:
+ job:
+ docker-build-images-devops-portal:
+ name: docker-build-images-devops-portal
+ discard:
+ build:
+ keep_num: 25
+ artifact:
+ keep_num: 25
+ type: workflow-scm
+ concurrent: false
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+ credentials: "gerrit"
+ script: docker-build-to-jfrog.groovy
+ trigger:
+ gerrit:
+ project:
+ "oss/devops-portal":
+ branches:
+ - master
+ skip_vote:
+ - successful
+ - failed
+ - unstable
+ - not_built
+ event:
+ patchset:
+ - created:
+ excludeDrafts: false
+ excludeNoCodeChange: false
+ comment:
+ - addedContains:
+ commentAddedCommentContains: 'rebuild'
+ param:
+ IMAGE_NAME:
+ type: string
+ default: "devops-portal"
+ IMAGE_TAGS:
+ type: string
+ default: "latest"
+ CREDENTIALS_ID:
+ type: string
+ default: "gerrit"
+ DOCKERFILE_PATH:
+ type: string
+ default: "docker/devops-portal"
+ DOCKER_REGISTRY:
+ type: string
+ default: "docker-dev-virtual.docker.mirantis.net"
+ PROJECT_NAMESPACE:
+ type: string
+ default: "oss"
diff --git a/jenkins/client/job/git-mirrors/downstream/debian-packages.yml b/jenkins/client/job/git-mirrors/downstream/debian-packages.yml
index 8ccd3bc..9708d9f 100644
--- a/jenkins/client/job/git-mirrors/downstream/debian-packages.yml
+++ b/jenkins/client/job/git-mirrors/downstream/debian-packages.yml
@@ -7,3 +7,7 @@
downstream: debian/telegraf
upstream: "https://github.com/influxdata/telegraf.git"
branches: master
+ - name: debian-gophercloud
+ downstream: debian/gophercloud
+ upstream: "https://github.com/gophercloud/gophercloud.git"
+ branches: master
diff --git a/jenkins/client/job/opencontrail/build/generic.yml b/jenkins/client/job/opencontrail/build/generic.yml
index a26472b..cd8a132 100644
--- a/jenkins/client/job/opencontrail/build/generic.yml
+++ b/jenkins/client/job/opencontrail/build/generic.yml
@@ -49,6 +49,18 @@
branch: R3.2
ppa: mirantis-opencontrail/opencontrail-3.2
upload_source_package: true
+ - buildname: oc40
+ os: ubuntu
+ dist: trusty
+ branch: R4.0
+ ppa: mirantis-opencontrail/opencontrail-4.0
+ upload_source_package: false
+ - buildname: oc40
+ os: ubuntu
+ dist: xenial
+ branch: R4.0
+ ppa: mirantis-opencontrail/opencontrail-4.0
+ upload_source_package: false
- buildname: oc666
os: ubuntu
dist: trusty
diff --git a/jenkins/client/job/opencontrail/init.yml b/jenkins/client/job/opencontrail/init.yml
index df8f51b..2d38d5a 100644
--- a/jenkins/client/job/opencontrail/init.yml
+++ b/jenkins/client/job/opencontrail/init.yml
@@ -3,12 +3,12 @@
- system.jenkins.client.job.opencontrail.git-mirrors
parameters:
_param:
- contrail_branches: "R3.0.2.x,R3.0.3.x,R3.1,R3.1.1.x,R3.2,master"
+ contrail_branches: "R3.0.2.x,R3.0.3.x,R3.1,R3.1.1.x,R3.2,R4.0,master"
contrail_kubernetes_branches: "master,release-1.2"
contrail_dpdk_extra_branches: "mitaka,kilo,liberty-multiqueue"
- contrail_ceilometer_plugin_branches: "master"
+ contrail_ceilometer_plugin_branches: "master,R4.0"
contrail_kubernetes_branches: "master,origin-1.1,origin-1.1.3,release-1.1,release-1.2"
- contrail_dpdk_branches: "master,R3.0.2.x,R3.0.3.x,R3.1,R3.1.1.x,R3.2,contrail_dpdk_17_02,contrail_dpdk_1_7,contrail_dpdk_2_0,contrail_dpdk_2_1"
+ contrail_dpdk_branches: "master,R3.0.2.x,R3.0.3.x,R3.1,R3.1.1.x,R3.2,R4.0,contrail_dpdk_17_02,contrail_dpdk_1_7,contrail_dpdk_2_0,contrail_dpdk_2_1"
jenkins:
client:
view:
@@ -27,5 +27,7 @@
naming_rule: "R3.1.1.x"
- group_regex: "build-opencontrail-oc32-.*"
naming_rule: "R3.2"
+ - group_regex: "build-opencontrail-oc40-.*"
+ naming_rule: "R4.0"
- group_regex: "build-opencontrail-oc666-.*"
naming_rule: "oc-666"
diff --git a/jenkins/client/job/salt-models/generate.yml b/jenkins/client/job/salt-models/generate.yml
index 967de8c..697ab51 100644
--- a/jenkins/client/job/salt-models/generate.yml
+++ b/jenkins/client/job/salt-models/generate.yml
@@ -29,21 +29,6 @@
COOKIECUTTER_TEMPLATE_PATH:
type: string
default: "./"
- COOKIECUTTER_INSTALL_CICD:
- type: boolean
- default: false
- COOKIECUTTER_INSTALL_CONTRAIL:
- type: boolean
- default: false
- COOKIECUTTER_INSTALL_KUBERNETES:
- type: boolean
- default: false
- COOKIECUTTER_INSTALL_OPENSTACK:
- type: boolean
- default: false
- COOKIECUTTER_INSTALL_STACKLIGHT:
- type: boolean
- default: false
COOKIECUTTER_TEMPLATE_CONTEXT:
type: text
RECLASS_MODEL_URL:
@@ -57,3 +42,5 @@
COMMIT_CHANGES:
type: boolean
default: false
+ EMAIL_ADDRESS:
+ type: string
diff --git a/jenkins/master/config.yml b/jenkins/master/config.yml
index 41e3ffb..795b748 100644
--- a/jenkins/master/config.yml
+++ b/jenkins/master/config.yml
@@ -8,4 +8,11 @@
pillar:
jenkins:
master:
- home: /srv/volumes/jenkins
\ No newline at end of file
+ home: /srv/volumes/jenkins
+ sudo:
+ users:
+ jenkins:
+ hosts:
+ - ALL
+ commands:
+ - docker
\ No newline at end of file
diff --git a/jenkins/master/single.yml b/jenkins/master/single.yml
index e69de29..9d5a611 100644
--- a/jenkins/master/single.yml
+++ b/jenkins/master/single.yml
@@ -0,0 +1,2 @@
+classes:
+- service.jenkins.master.single
diff --git a/keystone/server/single.yml b/keystone/server/single.yml
index 38be60f..26c7d2b 100644
--- a/keystone/server/single.yml
+++ b/keystone/server/single.yml
@@ -9,9 +9,36 @@
mysql_keystone_password: password
keystone:
server:
- roles:
- - admin
- - Member
- - image_manager
- database:
- host: 127.0.0.1
+ enabled: true
+ version: ${_param:keystone_version}
+ service_token: ${_param:keystone_service_token}
+ service_tenant: service
+ admin_tenant: admin
+ admin_name: admin
+ admin_password: ${_param:keystone_admin_password}
+ admin_email: ${_param:admin_email}
+ bind:
+ address: ${_param:single_address}
+ private_address: ${_param:single_address}
+ private_port: 35357
+ public_address: ${_param:single_address}
+ public_port: 5000
+ region: ${_param:openstack_region}
+ database:
+ engine: mysql
+ host: ${_param:single_address}
+ name: keystone
+ password: ${_param:mysql_keystone_password}
+ user: keystone
+ tokens:
+ engine: fernet
+ expiration: 3600
+ max_active_keys: 3
+ location: /var/lib/keystone/fernet-keys
+ message_queue:
+ engine: rabbitmq
+ host: ${_param:single_address}
+ user: openstack
+ password: ${_param:rabbitmq_openstack_password}
+ virtual_host: '/openstack'
+ ha_queues: true
\ No newline at end of file
diff --git a/kubernetes/master/cluster.yml b/kubernetes/master/cluster.yml
index 0539331..ab283d0 100644
--- a/kubernetes/master/cluster.yml
+++ b/kubernetes/master/cluster.yml
@@ -9,4 +9,6 @@
container: false
network:
engine: calico
- private_ip_range: ${_param:calico_private_network}/${_param:calico_private_netmask}
\ No newline at end of file
+ private_ip_range: ${_param:calico_private_network}/${_param:calico_private_netmask}
+ prometheus:
+ enabled: true
diff --git a/kubernetes/pool/cluster.yml b/kubernetes/pool/cluster.yml
index b38cf07..8295d97 100644
--- a/kubernetes/pool/cluster.yml
+++ b/kubernetes/pool/cluster.yml
@@ -6,4 +6,6 @@
pool:
container: false
network:
- engine: calico
\ No newline at end of file
+ engine: calico
+ prometheus:
+ enabled: true
diff --git a/linux/network/interface/bond_ovs_dvr.yml b/linux/network/interface/bond_ovs_dvr.yml
deleted file mode 100644
index e69de29..0000000
--- a/linux/network/interface/bond_ovs_dvr.yml
+++ /dev/null
diff --git a/linux/network/interface/bond_vlan_dvr.yml b/linux/network/interface/bond_vlan_dvr.yml
deleted file mode 100644
index e69de29..0000000
--- a/linux/network/interface/bond_vlan_dvr.yml
+++ /dev/null
diff --git a/linux/system/repo_local/mcp/openstack.yml b/linux/system/repo_local/mcp/openstack.yml
index 29329d1..83bb29b 100644
--- a/linux/system/repo_local/mcp/openstack.yml
+++ b/linux/system/repo_local/mcp/openstack.yml
@@ -15,7 +15,7 @@
architectures: amd64
key_url: "http://${_param:local_repo_url}/public.gpg"
pin:
- - pin: 'release a=m${_param:openstack_version}-hotfix'
+ - pin: 'release a=${_param:openstack_version}-hotfix'
priority: 1100
package: '*'
mirantis_openstack_security:
diff --git a/linux/system/single.yml b/linux/system/single.yml
index 89782ea..2c538f5 100644
--- a/linux/system/single.yml
+++ b/linux/system/single.yml
@@ -57,4 +57,3 @@
- type: hard
item: nproc
value: 307200
-
diff --git a/linux/system/sudo.yml b/linux/system/sudo.yml
index a2c7822..1668c12 100644
--- a/linux/system/sudo.yml
+++ b/linux/system/sudo.yml
@@ -23,12 +23,17 @@
- /usr/sbin/visudo
sudo_coreutils_safe:
- /usr/bin/less
+ sudo_rabbitmq_safe:
+ - /usr/sbin/rabbitmqctl status
+ - /usr/sbin/rabbitmqctl cluster_status
+ - /usr/sbin/rabbitmqctl list_queues*
sudo_salt_safe:
- /usr/bin/salt * state*
- /usr/bin/salt * service*
- /usr/bin/salt * pillar*
- /usr/bin/salt * grains*
- /usr/bin/salt * saltutil*
+ - /usr/bin/salt * test.ping
- /usr/bin/salt-call state*
- /usr/bin/salt-call service*
- /usr/bin/salt-call pillar*
diff --git a/mongodb/server/cluster.yml b/mongodb/server/cluster.yml
index 7053d87..f3c16d6 100644
--- a/mongodb/server/cluster.yml
+++ b/mongodb/server/cluster.yml
@@ -1,5 +1,4 @@
classes:
-- service.keepalived.cluster.single
- service.mongodb.server.cluster
parameters:
_param:
diff --git a/mysql/client/database/aodh.yml b/mysql/client/database/aodh.yml
new file mode 100644
index 0000000..92a2b29
--- /dev/null
+++ b/mysql/client/database/aodh.yml
@@ -0,0 +1,17 @@
+parameters:
+ mysql:
+ client:
+ server:
+ database:
+ database:
+ aodh:
+ encoding: utf8
+ users:
+ - name: aodh
+ password: ${_param:mysql_aodh_password}
+ host: '%'
+ rights: all
+ - name: aodh
+ password: ${_param:mysql_aodh_password}
+ host: ${_param:single_address}
+ rights: all
\ No newline at end of file
diff --git a/mysql/client/database_init/aodh.yml b/mysql/client/database_init/aodh.yml
new file mode 100644
index 0000000..5a88169
--- /dev/null
+++ b/mysql/client/database_init/aodh.yml
@@ -0,0 +1,15 @@
+classes:
+- system.mysql.client.database.aodh
+parameters:
+ mysql:
+ client:
+ enabled: true
+ server:
+ database:
+ database:
+ aodh:
+ initial_data:
+ engine: backupninja
+ source: ${_param:backupninja_backup_host}
+ host: ${linux:network:fqdn}
+ database: aodh
diff --git a/mysql/client/database_init/ceilometer.yml b/mysql/client/database_init/ceilometer.yml
new file mode 100644
index 0000000..7f13c6d
--- /dev/null
+++ b/mysql/client/database_init/ceilometer.yml
@@ -0,0 +1,15 @@
+classes:
+- system.mysql.client.database.ceilometer
+parameters:
+ mysql:
+ client:
+ enabled: true
+ server:
+ database:
+ database:
+ ceilometer:
+ initial_data:
+ engine: backupninja
+ source: ${_param:backupninja_backup_host}
+ host: ${linux:network:fqdn}
+ database: ceilometer
diff --git a/mysql/client/database_init/cinder.yml b/mysql/client/database_init/cinder.yml
new file mode 100644
index 0000000..9614aad
--- /dev/null
+++ b/mysql/client/database_init/cinder.yml
@@ -0,0 +1,15 @@
+classes:
+- system.mysql.client.database.cinder
+parameters:
+ mysql:
+ client:
+ enabled: true
+ server:
+ database:
+ database:
+ cinder:
+ initial_data:
+ engine: backupninja
+ source: ${_param:backupninja_backup_host}
+ host: ${linux:network:fqdn}
+ database: cinder
diff --git a/mysql/client/database_init/designate.yml b/mysql/client/database_init/designate.yml
new file mode 100644
index 0000000..99d0036
--- /dev/null
+++ b/mysql/client/database_init/designate.yml
@@ -0,0 +1,15 @@
+classes:
+- system.mysql.client.database.designate
+parameters:
+ mysql:
+ client:
+ enabled: true
+ server:
+ database:
+ database:
+ designate:
+ initial_data:
+ engine: backupninja
+ source: ${_param:backupninja_backup_host}
+ host: ${linux:network:fqdn}
+ database: designate
diff --git a/mysql/client/database_init/designate_pool_manager.yml b/mysql/client/database_init/designate_pool_manager.yml
new file mode 100644
index 0000000..6a5b385
--- /dev/null
+++ b/mysql/client/database_init/designate_pool_manager.yml
@@ -0,0 +1,15 @@
+classes:
+- system.mysql.client.database.designate_pool_manager
+parameters:
+ mysql:
+ client:
+ enabled: true
+ server:
+ database:
+ database:
+ designate_pool_manager:
+ initial_data:
+ engine: backupninja
+ source: ${_param:backupninja_backup_host}
+ host: ${linux:network:fqdn}
+ database: designate_pool_manager
diff --git a/mysql/client/database_init/glance.yml b/mysql/client/database_init/glance.yml
new file mode 100644
index 0000000..703c603
--- /dev/null
+++ b/mysql/client/database_init/glance.yml
@@ -0,0 +1,15 @@
+classes:
+- system.mysql.client.database.glance
+parameters:
+ mysql:
+ client:
+ enabled: true
+ server:
+ database:
+ database:
+ glance:
+ initial_data:
+ engine: backupninja
+ source: ${_param:backupninja_backup_host}
+ host: ${linux:network:fqdn}
+ database: glance
diff --git a/mysql/client/database_init/grafana.yml b/mysql/client/database_init/grafana.yml
new file mode 100644
index 0000000..aeb2e26
--- /dev/null
+++ b/mysql/client/database_init/grafana.yml
@@ -0,0 +1,15 @@
+classes:
+- system.mysql.client.database.grafana
+parameters:
+ mysql:
+ client:
+ enabled: true
+ server:
+ database:
+ database:
+ grafana:
+ initial_data:
+ engine: backupninja
+ source: ${_param:backupninja_backup_host}
+ host: ${linux:network:fqdn}
+ database: grafana
diff --git a/mysql/client/database_init/heat.yml b/mysql/client/database_init/heat.yml
new file mode 100644
index 0000000..c7a0f00
--- /dev/null
+++ b/mysql/client/database_init/heat.yml
@@ -0,0 +1,15 @@
+classes:
+- system.mysql.client.database.heat
+parameters:
+ mysql:
+ client:
+ enabled: true
+ server:
+ database:
+ database:
+ heat:
+ initial_data:
+ engine: backupninja
+ source: ${_param:backupninja_backup_host}
+ host: ${linux:network:fqdn}
+ database: heat
diff --git a/mysql/client/database_init/keystone.yml b/mysql/client/database_init/keystone.yml
new file mode 100644
index 0000000..555cae6
--- /dev/null
+++ b/mysql/client/database_init/keystone.yml
@@ -0,0 +1,15 @@
+classes:
+- system.mysql.client.database.keystone
+parameters:
+ mysql:
+ client:
+ enabled: true
+ server:
+ database:
+ database:
+ keystone:
+ initial_data:
+ engine: backupninja
+ source: ${_param:backupninja_backup_host}
+ host: ${linux:network:fqdn}
+ database: keystone
diff --git a/mysql/client/database_init/murano.yml b/mysql/client/database_init/murano.yml
new file mode 100644
index 0000000..13515e7
--- /dev/null
+++ b/mysql/client/database_init/murano.yml
@@ -0,0 +1,15 @@
+classes:
+- system.mysql.client.database.murano
+parameters:
+ mysql:
+ client:
+ enabled: true
+ server:
+ database:
+ database:
+ murano:
+ initial_data:
+ engine: backupninja
+ source: ${_param:backupninja_backup_host}
+ host: ${linux:network:fqdn}
+ database: murano
diff --git a/mysql/client/database_init/neutron.yml b/mysql/client/database_init/neutron.yml
new file mode 100644
index 0000000..405f3e6
--- /dev/null
+++ b/mysql/client/database_init/neutron.yml
@@ -0,0 +1,15 @@
+classes:
+- system.mysql.client.database.neutron
+parameters:
+ mysql:
+ client:
+ enabled: true
+ server:
+ database:
+ database:
+ neutron:
+ initial_data:
+ engine: backupninja
+ source: ${_param:backupninja_backup_host}
+ host: ${linux:network:fqdn}
+ database: neutron
diff --git a/mysql/client/database_init/nova.yml b/mysql/client/database_init/nova.yml
new file mode 100644
index 0000000..f1ee6cf
--- /dev/null
+++ b/mysql/client/database_init/nova.yml
@@ -0,0 +1,15 @@
+classes:
+- system.mysql.client.database.nova
+parameters:
+ mysql:
+ client:
+ enabled: true
+ server:
+ database:
+ database:
+ nova:
+ initial_data:
+ engine: backupninja
+ source: ${_param:backupninja_backup_host}
+ host: ${linux:network:fqdn}
+ database: nova
diff --git a/mysql/client/database_init/nova_api.yml b/mysql/client/database_init/nova_api.yml
new file mode 100644
index 0000000..2fa8630
--- /dev/null
+++ b/mysql/client/database_init/nova_api.yml
@@ -0,0 +1,21 @@
+classes:
+- system.mysql.client.database.nova_api
+parameters:
+ mysql:
+ client:
+ enabled: true
+ server:
+ database:
+ database:
+ nova_api:
+ initial_data:
+ engine: backupninja
+ source: ${_param:backupninja_backup_host}
+ host: ${linux:network:fqdn}
+ database: nova_api
+ nova_cell0:
+ initial_data:
+ engine: backupninja
+ source: ${_param:backupninja_backup_host}
+ host: ${linux:network:fqdn}
+ database: nova_cell0
diff --git a/mysql/client/database_init/sahara.yml b/mysql/client/database_init/sahara.yml
new file mode 100644
index 0000000..ef3d981
--- /dev/null
+++ b/mysql/client/database_init/sahara.yml
@@ -0,0 +1,15 @@
+classes:
+- system.mysql.client.database.sahara
+parameters:
+ mysql:
+ client:
+ enabled: true
+ server:
+ database:
+ database:
+ sahara:
+ initial_data:
+ engine: backupninja
+ source: ${_param:backupninja_backup_host}
+ host: ${linux:network:fqdn}
+ database: sahara
diff --git a/mysql/client/database_upgrade/aodh.yml b/mysql/client/database_upgrade/aodh.yml
new file mode 100644
index 0000000..d363161
--- /dev/null
+++ b/mysql/client/database_upgrade/aodh.yml
@@ -0,0 +1,23 @@
+parameters:
+ mysql:
+ client:
+ server:
+ database:
+ database:
+ aodh_upgrade:
+ encoding: utf8
+ users:
+ - name: aodh
+ password: ${_param:mysql_aodh_password}
+ host: '%'
+ rights: all
+ - name: aodh
+ password: ${_param:mysql_aodh_password}
+ host: ${_param:single_address}
+ rights: all
+ initial_data:
+ engine: backupninja
+ source: ${_param:backupninja_backup_host}
+ host: ${linux:network:fqdn}
+ database: aodh
+
diff --git a/mysql/client/database_upgrade/ceilometer.yml b/mysql/client/database_upgrade/ceilometer.yml
new file mode 100644
index 0000000..5344b4b
--- /dev/null
+++ b/mysql/client/database_upgrade/ceilometer.yml
@@ -0,0 +1,23 @@
+parameters:
+ mysql:
+ client:
+ server:
+ database:
+ database:
+ ceilometer_upgrade:
+ encoding: utf8
+ users:
+ - name: ceilometer
+ password: ${_param:mysql_ceilometer_password}
+ host: '%'
+ rights: all
+ - name: ceilometer
+ password: ${_param:mysql_ceilometer_password}
+ host: ${_param:single_address}
+ rights: all
+ initial_data:
+ engine: backupninja
+ source: ${_param:backupninja_backup_host}
+ host: ${linux:network:fqdn}
+ database: ceilometer
+
diff --git a/mysql/client/database_upgrade/cinder.yml b/mysql/client/database_upgrade/cinder.yml
new file mode 100644
index 0000000..bafc70d
--- /dev/null
+++ b/mysql/client/database_upgrade/cinder.yml
@@ -0,0 +1,22 @@
+parameters:
+ mysql:
+ client:
+ server:
+ database:
+ database:
+ cinder_upgrade:
+ encoding: utf8
+ users:
+ - name: cinder
+ password: ${_param:mysql_cinder_password}
+ host: '%'
+ rights: all
+ - name: cinder
+ password: ${_param:mysql_cinder_password}
+ host: ${_param:single_address}
+ rights: all
+ initial_data:
+ engine: backupninja
+ source: ${_param:backupninja_backup_host}
+ host: ${linux:network:fqdn}
+ database: cinder
\ No newline at end of file
diff --git a/mysql/client/database_upgrade/designate.yml b/mysql/client/database_upgrade/designate.yml
new file mode 100644
index 0000000..48b7fce
--- /dev/null
+++ b/mysql/client/database_upgrade/designate.yml
@@ -0,0 +1,22 @@
+parameters:
+ mysql:
+ client:
+ server:
+ database:
+ database:
+ designate_upgrade:
+ encoding: utf8
+ users:
+ - name: designate
+ password: ${_param:mysql_designate_password}
+ host: '%'
+ rights: all
+ - name: designate
+ password: ${_param:mysql_designate_password}
+ host: ${_param:single_address}
+ rights: all
+ initial_data:
+ engine: backupninja
+ source: ${_param:backupninja_backup_host}
+ host: ${linux:network:fqdn}
+ database: designate
\ No newline at end of file
diff --git a/mysql/client/database_upgrade/designate_pool_manager.yml b/mysql/client/database_upgrade/designate_pool_manager.yml
new file mode 100644
index 0000000..26dd975
--- /dev/null
+++ b/mysql/client/database_upgrade/designate_pool_manager.yml
@@ -0,0 +1,22 @@
+parameters:
+ mysql:
+ client:
+ server:
+ database:
+ database:
+ designate_pool_manager_upgrade:
+ encoding: utf8
+ users:
+ - name: designate
+ password: ${_param:mysql_designate_password}
+ host: '%'
+ rights: all
+ - name: designate
+ password: ${_param:mysql_designate_password}
+ host: ${_param:single_address}
+ rights: all
+ initial_data:
+ engine: backupninja
+ source: ${_param:backupninja_backup_host}
+ host: ${linux:network:fqdn}
+ database: designate_pool_manager
\ No newline at end of file
diff --git a/mysql/client/database_upgrade/glance.yml b/mysql/client/database_upgrade/glance.yml
new file mode 100644
index 0000000..bebe604
--- /dev/null
+++ b/mysql/client/database_upgrade/glance.yml
@@ -0,0 +1,22 @@
+parameters:
+ mysql:
+ client:
+ server:
+ database:
+ database:
+ glance_upgrade:
+ encoding: utf8
+ users:
+ - name: glance
+ password: ${_param:mysql_glance_password}
+ host: '%'
+ rights: all
+ - name: glance
+ password: ${_param:mysql_glance_password}
+ host: ${_param:single_address}
+ rights: all
+ initial_data:
+ engine: backupninja
+ source: ${_param:backupninja_backup_host}
+ host: ${linux:network:fqdn}
+ database: glance
diff --git a/mysql/client/database_upgrade/grafana.yml b/mysql/client/database_upgrade/grafana.yml
new file mode 100644
index 0000000..7759a66
--- /dev/null
+++ b/mysql/client/database_upgrade/grafana.yml
@@ -0,0 +1,22 @@
+parameters:
+ mysql:
+ client:
+ server:
+ database:
+ database:
+ grafana_upgrade:
+ encoding: utf8
+ users:
+ - name: grafana
+ password: ${_param:mysql_grafana_password}
+ host: '%'
+ rights: all
+ - name: grafana
+ password: ${_param:mysql_grafana_password}
+ host: ${_param:single_address}
+ rights: all
+ initial_data:
+ engine: backupninja
+ source: ${_param:backupninja_backup_host}
+ host: ${linux:network:fqdn}
+ database: grafana
\ No newline at end of file
diff --git a/mysql/client/database_upgrade/heat.yml b/mysql/client/database_upgrade/heat.yml
new file mode 100644
index 0000000..24e4cb1
--- /dev/null
+++ b/mysql/client/database_upgrade/heat.yml
@@ -0,0 +1,22 @@
+parameters:
+ mysql:
+ client:
+ server:
+ database:
+ database:
+ heat_upgrade:
+ encoding: utf8
+ users:
+ - name: heat
+ password: ${_param:mysql_heat_password}
+ host: '%'
+ rights: all
+ - name: heat
+ password: ${_param:mysql_heat_password}
+ host: ${_param:single_address}
+ rights: all
+ initial_data:
+ engine: backupninja
+ source: ${_param:backupninja_backup_host}
+ host: ${linux:network:fqdn}
+ database: heat
\ No newline at end of file
diff --git a/mysql/client/database_upgrade/keystone.yml b/mysql/client/database_upgrade/keystone.yml
new file mode 100644
index 0000000..8265662
--- /dev/null
+++ b/mysql/client/database_upgrade/keystone.yml
@@ -0,0 +1,22 @@
+parameters:
+ mysql:
+ client:
+ server:
+ database:
+ database:
+ keystone_upgrade:
+ encoding: utf8
+ users:
+ - name: keystone
+ password: ${_param:mysql_keystone_password}
+ host: '%'
+ rights: all
+ - name: keystone
+ password: ${_param:mysql_keystone_password}
+ host: ${_param:single_address}
+ rights: all
+ initial_data:
+ engine: backupninja
+ source: ${_param:backupninja_backup_host}
+ host: ${linux:network:fqdn}
+ database: keystone
\ No newline at end of file
diff --git a/mysql/client/database_upgrade/murano.yml b/mysql/client/database_upgrade/murano.yml
new file mode 100644
index 0000000..2223ce6
--- /dev/null
+++ b/mysql/client/database_upgrade/murano.yml
@@ -0,0 +1,22 @@
+parameters:
+ mysql:
+ client:
+ server:
+ database:
+ database:
+ murano_upgrade:
+ encoding: utf8
+ users:
+ - name: murano
+ password: ${_param:mysql_murano_password}
+ host: '%'
+ rights: all
+ - name: murano
+ password: ${_param:mysql_murano_password}
+ host: ${_param:single_address}
+ rights: all
+ initial_data:
+ engine: backupninja
+ source: ${_param:backupninja_backup_host}
+ host: ${linux:network:fqdn}
+ database: murano
\ No newline at end of file
diff --git a/mysql/client/database_upgrade/neutron.yml b/mysql/client/database_upgrade/neutron.yml
new file mode 100644
index 0000000..7dd723c
--- /dev/null
+++ b/mysql/client/database_upgrade/neutron.yml
@@ -0,0 +1,22 @@
+parameters:
+ mysql:
+ client:
+ server:
+ database:
+ database:
+ neutron_upgrade:
+ encoding: utf8
+ users:
+ - name: neutron
+ password: ${_param:mysql_neutron_password}
+ host: '%'
+ rights: all
+ - name: neutron
+ password: ${_param:mysql_neutron_password}
+ host: ${_param:single_address}
+ rights: all
+ initial_data:
+ engine: backupninja
+ source: ${_param:backupninja_backup_host}
+ host: ${linux:network:fqdn}
+ database: neutron
\ No newline at end of file
diff --git a/mysql/client/database_upgrade/nova.yml b/mysql/client/database_upgrade/nova.yml
new file mode 100644
index 0000000..699c9c3
--- /dev/null
+++ b/mysql/client/database_upgrade/nova.yml
@@ -0,0 +1,22 @@
+parameters:
+ mysql:
+ client:
+ server:
+ database:
+ database:
+ nova_upgrade:
+ encoding: utf8
+ users:
+ - name: nova
+ password: ${_param:mysql_nova_password}
+ host: '%'
+ rights: all
+ - name: nova
+ password: ${_param:mysql_nova_password}
+ host: ${_param:single_address}
+ rights: all
+ initial_data:
+ engine: backupninja
+ source: ${_param:backupninja_backup_host}
+ host: ${linux:network:fqdn}
+ database: nova
\ No newline at end of file
diff --git a/mysql/client/database_upgrade/nova_api.yml b/mysql/client/database_upgrade/nova_api.yml
new file mode 100644
index 0000000..8bb33c8
--- /dev/null
+++ b/mysql/client/database_upgrade/nova_api.yml
@@ -0,0 +1,38 @@
+parameters:
+ mysql:
+ client:
+ server:
+ database:
+ database:
+ nova_upgrade_api:
+ encoding: utf8
+ users:
+ - name: nova
+ password: ${_param:mysql_nova_password}
+ host: '%'
+ rights: all
+ - name: nova
+ password: ${_param:mysql_nova_password}
+ host: ${_param:single_address}
+ rights: all
+ initial_data:
+ engine: backupninja
+ source: ${_param:backupninja_backup_host}
+ host: ${linux:network:fqdn}
+ database: nova_api
+ nova_upgrade_cell0:
+ encoding: utf8
+ users:
+ - name: nova
+ password: ${_param:mysql_nova_password}
+ host: '%'
+ rights: all
+ - name: nova
+ password: ${_param:mysql_nova_password}
+ host: ${_param:single_address}
+ rights: all
+ initial_data:
+ engine: backupninja
+ source: ${_param:backupninja_backup_host}
+ host: ${linux:network:fqdn}
+ database: nova_cell0
\ No newline at end of file
diff --git a/mysql/client/database_upgrade/sahara.yml b/mysql/client/database_upgrade/sahara.yml
new file mode 100644
index 0000000..73618d0
--- /dev/null
+++ b/mysql/client/database_upgrade/sahara.yml
@@ -0,0 +1,22 @@
+parameters:
+ mysql:
+ client:
+ server:
+ database:
+ database:
+ sahara_upgrade:
+ encoding: utf8
+ users:
+ - name: sahara
+ password: ${_param:mysql_sahara_password}
+ host: '%'
+ rights: all
+ - name: sahara
+ password: ${_param:mysql_sahara_password}
+ host: ${_param:single_address}
+ rights: all
+ initial_data:
+ engine: backupninja
+ source: ${_param:backupninja_backup_host}
+ host: ${linux:network:fqdn}
+ database: sahara
\ No newline at end of file
diff --git a/mysql/client/init.yml b/mysql/client/init.yml
new file mode 100644
index 0000000..4cea41a
--- /dev/null
+++ b/mysql/client/init.yml
@@ -0,0 +1,14 @@
+parameters:
+ _param:
+ mysql_client_host: localhost
+ mysql:
+ client:
+ enabled: true
+ server:
+ database:
+ admin:
+ host: ${_param:mysql_client_host}
+ port: 3306
+ user: ${_param:mysql_admin_user}
+ password: ${_param:mysql_admin_password}
+ encoding: utf8
diff --git a/mysql/client/single.yml b/mysql/client/single.yml
index e273e2f..f518a87 100644
--- a/mysql/client/single.yml
+++ b/mysql/client/single.yml
@@ -1,4 +1,6 @@
classes:
+- system.mysql.client
+- system.mysql.client.database.aodh
- system.mysql.client.database.ceilometer
- system.mysql.client.database.cinder
- system.mysql.client.database.glance
@@ -7,17 +9,3 @@
- system.mysql.client.database.nova
- system.mysql.client.database.nova_api
- system.mysql.client.database.neutron
-parameters:
- _param:
- mysql_client_host: localhost
- mysql:
- client:
- enabled: true
- server:
- database:
- admin:
- host: ${_param:mysql_client_host}
- port: 3306
- user: ${_param:mysql_admin_user}
- password: ${_param:mysql_admin_password}
- encoding: utf8
diff --git a/mysql/client/single_init.yml b/mysql/client/single_init.yml
new file mode 100644
index 0000000..0c20049
--- /dev/null
+++ b/mysql/client/single_init.yml
@@ -0,0 +1,24 @@
+classes:
+- system.mysql.client.database_init.aodh
+- system.mysql.client.database_init.ceilometer
+- system.mysql.client.database_init.cinder
+- system.mysql.client.database_init.glance
+- system.mysql.client.database_init.heat
+- system.mysql.client.database_init.keystone
+- system.mysql.client.database_init.nova
+- system.mysql.client.database_init.nova_api
+- system.mysql.client.database_init.neutron
+parameters:
+ _param:
+ mysql_client_host: localhost
+ mysql:
+ client:
+ enabled: true
+ server:
+ database:
+ admin:
+ host: ${_param:mysql_client_host}
+ port: 3306
+ user: ${_param:mysql_admin_user}
+ password: ${_param:mysql_admin_password}
+ encoding: utf8
diff --git a/mysql/client/single_upgrade.yml b/mysql/client/single_upgrade.yml
new file mode 100644
index 0000000..595d3f7
--- /dev/null
+++ b/mysql/client/single_upgrade.yml
@@ -0,0 +1,25 @@
+classes:
+- system.mysql.client.database_upgrade.aodh
+- system.mysql.client.database_upgrade.ceilometer
+- system.mysql.client.database_upgrade.cinder
+- system.mysql.client.database_upgrade.glance
+- system.mysql.client.database_upgrade.heat
+- system.mysql.client.database_upgrade.keystone
+- system.mysql.client.database_upgrade.nova
+- system.mysql.client.database_upgrade.nova_api
+- system.mysql.client.database_upgrade.neutron
+- service.mysql.client.single
+parameters:
+ _param:
+ mysql_client_host: localhost
+ mysql:
+ client:
+ enabled: true
+ server:
+ database:
+ admin:
+ host: ${_param:mysql_client_host}
+ port: 3306
+ user: ${_param:mysql_admin_user}
+ password: ${_param:mysql_admin_password}
+ encoding: utf8
diff --git a/neutron/control/openvswitch/single.yml b/neutron/control/openvswitch/single.yml
new file mode 100644
index 0000000..6601db1
--- /dev/null
+++ b/neutron/control/openvswitch/single.yml
@@ -0,0 +1,45 @@
+classes:
+- service.neutron.control.single
+parameters:
+ _param:
+ neutron_control_dvr: True
+ neutron_l3_ha: False
+ neutron_global_physnet_mtu: 1500
+ neutron_external_mtu: 1500
+ neutron_tenant_network_types: "flat,vxlan"
+ neutron:
+ server:
+ plugin: ml2
+ global_physnet_mtu: ${_param:neutron_global_physnet_mtu}
+ l3_ha: ${_param:neutron_l3_ha}
+ dvr: ${_param:neutron_control_dvr}
+ backend:
+ engine: ml2
+ tenant_network_types: "${_param:neutron_tenant_network_types}"
+ external_mtu: ${_param:neutron_external_mtu}
+ mechanism:
+ ovs:
+ driver: openvswitch
+ compute:
+ region: ${_param:openstack_region}
+ database:
+ host: ${_param:openstack_database_address}
+ identity:
+ region: ${_param:openstack_region}
+ message_queue:
+ members:
+ - host: ${_param:openstack_message_queue_node01_address}
+ mysql:
+ server:
+ database:
+ neutron:
+ encoding: utf8
+ users:
+ - name: neutron
+ password: ${_param:mysql_neutron_password}
+ host: '%'
+ rights: all
+ - name: neutron
+ password: ${_param:mysql_neutron_password}
+ host: ${_param:cluster_local_address}
+ rights: all
\ No newline at end of file
diff --git a/nginx/server/proxy/openstack/designate.yml b/nginx/server/proxy/openstack/designate.yml
index 2b8ffce..29bc390 100644
--- a/nginx/server/proxy/openstack/designate.yml
+++ b/nginx/server/proxy/openstack/designate.yml
@@ -1,4 +1,4 @@
- parameters:
+parameters:
_param:
nginx_proxy_openstack_api_host: ${_param:cluster_public_host}
nginx:
diff --git a/nginx/server/proxy/openstack/murano.yml b/nginx/server/proxy/openstack/murano.yml
index a93b07e..06b8c1a 100644
--- a/nginx/server/proxy/openstack/murano.yml
+++ b/nginx/server/proxy/openstack/murano.yml
@@ -1,4 +1,4 @@
- parameters:
+parameters:
_param:
nginx_proxy_openstack_api_host: ${_param:cluster_public_host}
nginx:
diff --git a/nova/control/cluster.yml b/nova/control/cluster.yml
index 1bcc8b9..d47c5e1 100644
--- a/nova/control/cluster.yml
+++ b/nova/control/cluster.yml
@@ -10,6 +10,7 @@
nova_cpu_allocation_ratio: 16.0
nova_ram_allocation_ratio: 1.5
nova_disk_allocation_ratio: 1.0
+ metadata_password: metadataPass
nova:
controller:
enabled: true
diff --git a/openssh/client/root.yml b/openssh/client/root.yml
new file mode 100644
index 0000000..145f5da
--- /dev/null
+++ b/openssh/client/root.yml
@@ -0,0 +1,42 @@
+applications:
+- openssh
+parameters:
+ _param:
+ root_private_key: |
+ -----BEGIN RSA PRIVATE KEY-----
+ MIIEpQIBAAKCAQEAsy1IhygI3xV4md37IMd+blxelYr3wuVhWn7uEDGpcZo+lvrN
+ u+6An3VgPA7uX9cLUFzO91UOZx5F4TNlCH1DGq7MoVyvgcSla3IBATR3SpQ8rWnn
+ FD8rjsUw3RloTfwz7+f7y/DWFsHhGAWzWy4FNE3e0b5udk1Fyk4SA43he1w8V+Eo
+ V1oqQUsFOG6DlAbUfCln4GvH7KngTfnmnLgEBUdzK6zn1bwLllugbH9OO3Jnflek
+ L9K2qFu9zbuDP2QHU7GkeZOtmtHB7EkaIt4QpjUasPgmWkIvKa0FOrdunljxLc54
+ 6eRJDxfiy4fC8VKAn1qlk/i8XvEEME9Z8fywjQIDAQABAoIBAQCdMsuBGNS/tDy8
+ 8g5TsfLwrEWneebprQl+tgHzXz7EFol3OM+rZBKg0//8cTUeDLM2bFaAlLUwL1Ur
+ wUWQ7yUikd2ibIjmlzpyS/Ept3g5jFi35EQCdXGnrsWyFYp3cR+4CZXWVZPfH3Z2
+ 9vlms7eJLhChgCu1yxHB7kDLsXz0Fn5jaWPd2TDY+3Y3t3LCFxNgfIQ+Mljzj/6f
+ +MG7bp/5UuEA76oZnPfp2fj1vqWYCI6ftk4Wam1AkHVUNP3jjl48cao7EKeH5v4E
+ 0PL+AY3av4SoUQWf1ZlkkJrhIyRRdVDavX86t17NXmrQvaz3brz8yI2Hh08ho413
+ AH8C0zyZAoGBANcea55n9vBoA4FQRX2HEA9ljdPWIFdvkKXvxb7R/UxhzublicBm
+ 3JwcDCwbiGhEzYhMlDmt0hZ4YPA3fL7WwP2EXkrYyqn1tSGSS2CkfhpuB2xgPTSr
+ cxbJj5iuKM0eS9GdPqae2k4ME3sC5pi+eiiWuUuvzhqid8EMAGFvYdcXAoGBANU6
+ R4OLghz2FaTSeFFHfHCoAym03qMe9pRCugnM2Np0vEZ650G2xez8OtYim8nttkTE
+ xCWppxBtHIjN6mm4pOHsGxr0LqrKtHgMxkawyBx9hZTZSNudAMupPXBRHlPm/+hL
+ EXt4xUiBd4GVkWw2esEKINi83dXHnECugknJN7v7AoGBAJHy4bEneDLDXx1tCLiR
+ 2iOYExGWRXsNBmaOtuswLVqVQXsGYN9Y6nQ/00JZq8KSa5/91NMNS2xTX/Gas9gG
+ fAmEtTSywU1uluWgC+QVtjjYTdEJunzxlbPwLKy5/JSt6WLd/JOvUw2Aw/bBkRIw
+ qVDAchcXwA3yDK29JsT0fL0hAoGBAMqu0zufaNbOtFQwHF5mbUtI6XjDjL3RuOHF
+ a8HVDmzZef4k5Z35drqGKAdUbnHLm+5Se4CxezSKAw2nbqN/+HsoS7ubUKDYfiN/
+ QRoBALbUOh37TN40p4TwIo6ZDRMECU1tzfhoHF+HcWmkGs+aGaVVU1Oyc8u6KjTx
+ rLcmpevxAoGAFz4bvKyBt/wq8TPTVzU/iJtwBLq8WdZpKJcuVkF7/DWY3A3maOFs
+ P9IMHeDD+tlfIu0Y3qmPmEaLzXsMfRh+3Eb6itrgDRFEuE/HyPIWxHvDt1jjfIFu
+ O87TLcnZIoW99nyY0RixwuK6ZeCmmyktX0iO7dNDIOyBReCs6ZwXSSc=
+ -----END RSA PRIVATE KEY-----
+ openssh:
+ client:
+ enabled: true
+ user:
+ root:
+ enabled: true
+ private_key:
+ type: rsa
+ key: ${_param:root_private_key}
+ user: ${linux:system:user:root}
diff --git a/openssh/server/team/k8s_team.yml b/openssh/server/team/k8s_team.yml
new file mode 100644
index 0000000..ed85ae0
--- /dev/null
+++ b/openssh/server/team/k8s_team.yml
@@ -0,0 +1,23 @@
+parameters:
+ linux:
+ system:
+ user:
+ dshulyak:
+ enabled: true
+ name: dshulyak
+ sudo: true
+ full_name: Dmitry Shulyak
+ home: /home/dshulyak
+ email: dshulyak@mirantis.com
+ openssh:
+ server:
+ enabled: true
+ user:
+ dshulyak:
+ enabled: true
+ public_keys:
+ - ${public_keys:dshulyak}
+ user: ${linux:system:user:dshulyak}
+ public_keys:
+ kproskurin:
+ key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCvkecSoZQDlJ3rfnxzYYkKVOwZG/oGVNYykey07pJXzcc4RDnP+OSPSD57Ovc3f9DgGpDqi5EaSTK9wPT3Z4Xlq/0IN9mJjSqkMKahlQutozNeathqghM3mkiBrqV8Y9H+L+5V743ttWMxp+oEpYMVz6QlP152mDwhRESEoU6dm1UjPDOPmiqIBrjkc0glqrBGkvj6Rd7cyVrbVG//mOoemT0S+l9KHjVzIDF3sd9m1MWCtslO0ixCrIXh90wRYTUVJLe4g95Bo3f3k2/DIeqyLns2zjYaYBc54+VMwPllbc4KTNQnW+oZLGmh7fJRouJvNRmL9JrmVFBZ79tMKpLKq55U9RxAbtkO4wPUQxVXQRairYT6XVOis7eOQzojSyT8+jW1HK1ftexITn1nZnAgivzJYg9YugE5brS1pchJeptGQJDQSNeoAGR5rRc0A4uJIc9EzUjURVpa13ZWWKeenhQ3sfRUrP4+rCe4c0yeZS03jk54bNf3hqD7EEGH96L1ojAXyoVV/TgGgFJC3a3T7qciOMIJpWJVyKBVEgU9mSgWUL0lzEp/IrtEObNQQKwTb7LBM6wrSJd/57ePlTzXzSAZEed+7QV0LW+SBD7rwQyKM93i1P+do+4dmGO0fGr9AhMp2J4gsaFuAtCYZXV/b2zmuGnYGhbq3vacLIJYqQ== ds@ds-X10SAE
diff --git a/openssh/server/team/l1_support.yml b/openssh/server/team/l1_support.yml
index 85e096a..f25149a 100644
--- a/openssh/server/team/l1_support.yml
+++ b/openssh/server/team/l1_support.yml
@@ -5,6 +5,7 @@
- system.openssh.server.team.members.aleksandrrubtsov
- system.openssh.server.team.members.anatoliineliubin
- system.openssh.server.team.members.antonrodionov
+- system.openssh.server.team.members.collinmay
- system.openssh.server.team.members.daniillapshin
- system.openssh.server.team.members.danilakhmetov
- system.openssh.server.team.members.deniskostriukov
@@ -18,7 +19,6 @@
- system.openssh.server.team.members.mikhailkraynov
- system.openssh.server.team.members.nadezhdakabanova
- system.openssh.server.team.members.renesoto
-- system.openssh.server.team.members.rudymccomb
- system.openssh.server.team.members.scottmachtmes
- system.openssh.server.team.members.zahedkhurasani
parameters:
@@ -34,6 +34,7 @@
command:
L1_SUPPORT_SALT: ${_param:sudo_salt_safe}
L1_SUPPORT_COREUTILS: ${_param:sudo_coreutils_safe}
+ L1_SUPPORT_RABBITMQ: ${_param:sudo_rabbitmq_safe}
L1_SUPPORT_SALT_TRUSTED: ${_param:sudo_salt_trusted}
L1_SUPPORT_RESTRICTED_SHELLS: ${_param:sudo_shells}
L1_SUPPORT_RESTRICTED: ${_param:sudo_restricted_su}
@@ -42,5 +43,6 @@
commands:
- L1_SUPPORT_SALT
- L1_SUPPORT_COREUTILS
+ - L1_SUPPORT_RABBITMQ
- '!L1_SUPPORT_RESTRICTED_SHELLS'
- '!L1_SUPPORT_RESTRICTED'
diff --git a/openssh/server/team/mcp_ci.yml b/openssh/server/team/mcp_ci.yml
index 837ee90..cd931a6 100644
--- a/openssh/server/team/mcp_ci.yml
+++ b/openssh/server/team/mcp_ci.yml
@@ -9,34 +9,20 @@
full_name: Ruslan Kamaldinov
home: /home/rkamaldinov
email: rkamaldinov@mirantis.com
- iberezovskiy:
+ dburmistrov:
enabled: true
- name: iberezovskiy
+ name: dburmistrov
sudo: true
- full_name: Ivan Berezovskiy
- home: /home/iberezovskiy
- email: iberezovskiy@mirantis.com
- skolekonov:
+ full_name: Dmitrii Burmistrov
+ home: /home/dburmistrov
+ email: dburmistrov@mirantis.com
+ dkaiharodsev:
enabled: true
- name: skolekonov
+ name: dkaiharodsev
sudo: true
- full_name: Sergey Kolekonov
- home: /home/skolekonov
- email: skolekonov@mirantis.com
- mmatuszkowiak:
- enabled: true
- name: mmatuszkowiak
- sudo: true
- full_name: Mateusz Matuszkowiak
- home: /home/mmatuszkowiak
- email: mmatuszkowiak@mirantis.com
- akaszuba:
- enabled: true
- name: akaszuba
- sudo: true
- full_name: Artur Kaszuba
- home: /home/akaszuba
- email: akaszuba@mirantis.com
+ full_name: Dmytro Kaiharodtsev
+ home: /home/dkaiharodsev
+ email: dkaiharodsev@mirantis.com
openssh:
server:
enabled: true
@@ -46,34 +32,20 @@
public_keys:
- ${public_keys:rkamaldinov}
user: ${linux:system:user:rkamaldinov}
- iberezovskiy:
+ dburmistrov:
enabled: true
public_keys:
- - ${public_keys:iberezovskiy}
- user: ${linux:system:user:iberezovskiy}
- skolekonov:
+ - ${public_keys:dburmistrov}
+ user: ${linux:system:user:dburmistrov}
+ dkaiharodsev:
enabled: true
public_keys:
- - ${public_keys:skolekonov}
- user: ${linux:system:user:skolekonov}
- mmatuszkowiak:
- enabled: true
- public_keys:
- - ${public_keys:mmatuszkowiak}
- user: ${linux:system:user:mmatuszkowiak}
- akaszuba:
- enabled: true
- public_keys:
- - ${public_keys:akaszuba}
- user: ${linux:system:user:akaszuba}
+ - ${public_keys:dkaiharodsev}
+ user: ${linux:system:user:dkaiharodsev}
public_keys:
rkamaldinov:
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCzeIFxatNuXWuaTomcGDTMlpqiF6KlK47BSO5yIpfWHTL7o0OFsQArB4UeZ9AC7JHQg1bpxzscJxz8Xj3tA1f8yOCrepR8LbWh7L6a1hMhSCJPK9QLUHPCLV4PW0ghq46Um8ekxMbEqGM/rrKP+GeYxNFUxJMHCkKbZAsV+BV8amuJHQkYt29GP/hgYyZEoWKErqoQ/uGQ0qWEMVQsnus6M3p3c/v1J4JtbbrmRBjyrPx/Tjinw6K2sgocgBZT7vVb4PYwbONi1IAclkPJIyrSNEavZ4MbK93ZXNQCV7rkUbKmHT71Qle34/ks9zyERJ3RgB+pWgQqCjtmJeV51V1 rkamaldinov@mirantis.com
- iberezovskiy:
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDJT1d+2zKca28nFykpizh7z1yPLzK5fpMUH/zKaupINKqZxyMNbKiIQsYHSRXESRj6dpkCI2VQGO99fosPF7/XYCNVRcMLZ3lefi6aUaoBGhGTlj/Lbfwln9sN+o3m9oWgrwX/1+IkY9KlUPS4skVsiExHaGRLmCkMbF+dryB5oWKnOcf27z/fpXIFU06opYzxWZ1wR98vSlazqe+m1nDB4ZHYsvP2ztP2wn6+6xTeLj9tzWDRFmHluW7KJrN5PuX+KExPQx6IidDL92UX2E8ua5S+f6bGttT37wS0smKQTw3dnnM79sJnbd1hc4UtyDBQcFFqFq/L+ohpmM7EKY/f iberezovskiy@IvanBerezovskiy
- skolekonov:
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDmj9no4dGs67f3KPlson/IMWo4FVAiC83euE01MvwkMY0oWfkHgwPy600PYZANDbXg1Qmza7W56ePQosPBZYtdOmk/Dr0jrviGN2faSawpiFb2K+KHx+hi08gOYHWaooA/IoB7nXBdYjIdfoCrWVR23nB7gcPKRwB31/ozySb+Q5u3wnVdGf3CJGWtRsfzjAyGcwPj7+9K3RuuyzAnRL/oaf9tcBzCHo1jd1o+rqZBVkBazfZSYiO3Kv1/xyw5MREqsu12i8M/77Yiim2nhEre1nB3INj+TAvFYxTJs33SUxUjtcdCSdBQpHLTeODZR8Ra7MTfCoFCllKGx5IDO1Fd skolekonov@SK
- mmatuszkowiak:
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC63QhWE96IF/SRCFWyKJyzOyprc7WlD6RdCClw7BxKum7BDlXfV+fhQupWUdsPVnOaCMwndjG+ZrZXg5okGui4GuL7nucUFYfUhZh252IBM8TM7BkuVd7fmbZ6OD2/4uGTOJRBhO+Jrol9Z2450vaiGZwWrbvWHNPtI+bhx3/4WWxjgZ59NGll220c1cTjGQamvNgtWBWNnsEilmZxinl501EgvDPJ8uewCAS3YA3T9ut11RRJiWKfoMr4H9sFeUTiu1j6ByYlINXMJTNadPzEcV6EW06k1K9oNfJ42F6gYFfjBQK5db83iNTkyA/j4TjfqJ9tlg2cWTp+x2vy8YNV mmatuszkowiak@Mateuszs-MacBook-Pro-2.local
- akaszuba:
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDM8RI+GX+gh8KXQGIHlfePeplOk9aGSjbbDpb3KG2n3J4RftzNThtkaEKBCwKyOSuUh0qHW3pYu17M1eIXHI53PnEQLHE1VoJ2/GI7CHWOjBk0Hgf+/NFCKogetlMjXIrOPRYKtUDcS4ejgb8X+mGCUoJOBIM2qLPO5TLAYvkkEnWaeQQn7Nrn+t8f6hZmfJLBY36jUngXW13ucEj5BcoXpaMV5JPesw9Wg27mHfEPW1Rybizy0R0I3dC4B/1QygntlZW0OTivB35La99h/iHSVVhZQv9A/T+DeR5dMIpMPl+OPKGkZ1pE+4zFIbrGuEDUppxczxaDjJ+9dqzG3pn akaszuba@mirantis.com
+ dburmistrov:
+ key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDPKldN0BL6C/pmjkKyaSUw9OTUQAumWLCgNPyLVGZIuYPyFs9GqvKgHVm0QChm1OLhnQuA1wxGW5piBtqaDCTyLbKb/ANR3nhO1rqX5LTwZS2W2I0ImP47HUpnxqsBl15/y9hY2JDHZ7qrd7zNqCD+uCkf9l9qA9BmN1aMSKm07fqaaUfhnl3AocxsPX4X4eHfzy7hPJdzrHEcHbGoLLEd8ahJLkHKieWF1lAI++fIhETPF41+ZbH7MBBG4qw/UhhYAgLP3YAEWwvm/J3DtRqGkpSvH2U21hmAlgJHwxtoCD9Q1jKpH5+BDTvqJIXu0K7Gcl00xbeNYyHrwTVsldFX dburmistrov@mirantis.com
+ dkaiharodsev:
+ key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSz9eH08GDUOSEDReJAIdjDCoYaoTwg1SSzYNwPRO/evJBeqYwRvZmxzITKq+1qy4jXnpa3ZpuBdaUebqKri2VtvMGmBrWtP8Ojbg3kNPjKOfvrW4cCyJE0yrnW03TULnRgrnf4/WXLK0dnHxL39AmlVjQTVS4pbx73XjyPoVjJbk4PXq37F5cLyyLj4aeWmCcPWn7MLsEC4RUkDwHy3DsDNdgKOlUSHmmOfVy9GBwVbXwVyYbq732Qm0Qqf/2zlJi84LgXOH2irv5HRTMDQ2Wey5Amcl7VpK8OMvtN4R8Sb7c3mgsmM/b/h+gefl0Y/vQfsSSi8GCPhmBoNT4FBgZ dkaiharodsev@dkaiharodsev-pc
diff --git a/openssh/server/team/members/collinmay.yml b/openssh/server/team/members/collinmay.yml
new file mode 100644
index 0000000..cf55e05
--- /dev/null
+++ b/openssh/server/team/members/collinmay.yml
@@ -0,0 +1,26 @@
+parameters:
+ linux:
+ system:
+ user:
+ cmay:
+ enabled: true
+ name: cmay
+ sudo: false
+ full_name: Collin May
+ home: /home/cmay
+ email: cmay@mirantis.com
+ groups:
+ - support
+ openssh:
+ server:
+ enabled: true
+ user:
+ cmay:
+ enabled: true
+ public_keys: ${public_keys:cmay}
+ user: ${linux:system:user:cmay}
+ public_keys:
+ cmay:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDjJ7z4adgi3Ha/eoLV/f/Q9eKN3lXaOE/WWvLIDC4KhGzJLjrrOAC/Qbmd+rD/k2VFPg/7m9KiyRJiRpBeda58CAKIP2I+DDpKpaRAKblrTvuDRPaTPgoo52viF8KsILGp2l5IEwmI5DceCzyEZaZh4X8qa4sXgASa8XFLcVpK0JJDZ7uxYuJ8u5KRGqXFI16dO2NuB1AY1E3XPaQA3vqFEnv+PyRvYDSmmZ2Ey5nLI5x1UeszLM5OvNojYUYH6N1BovoH08p4YIzPK0vQj40AneDehldskKu1JUC7VBFeOvFjSclWjgieqavFNKQrcyj5NO3bqSUmRW0cnS8MMv00whzb/r6NHcubKkSW7zgUP6WCdyr6BK/HYCNxkKV1P/vizBAwa4cN7w9MxDHXnfSmxujjHEZ3TJaKM0RCpMs4Ss1U6dwftLptKRs/0u5ma2FAaWFp1tYLccE2joe1knwjJdlZVFY2jJu2RMt4KfAs6Dp7FiuzWBMiZV3oLsGM8oORbYaHUVtLGaoFu0doIcqogdQ02RrQLrF89HLDSGmUJph195OmauATbkejPxAwLkf9jLcGVesvPByIldENoCAhaxlE3y0Lxdm+DOlg1Sg2iqo06O9hAtEye6G0+zfv0bEdw1CYlBJWAPIRAIvuiFarx1eTH7wfT3zWgXdRlTp5eQ== cmay@Collin.May.Workstation
+
+
diff --git a/openssh/server/team/members/rudymccomb.yml b/openssh/server/team/members/rudymccomb.yml
deleted file mode 100644
index 6c6c0b8..0000000
--- a/openssh/server/team/members/rudymccomb.yml
+++ /dev/null
@@ -1,25 +0,0 @@
-parameters:
- linux:
- system:
- user:
- rmccomb:
- enabled: true
- name: rmccomb
- sudo: false
- full_name: Rudy McComb
- home: /home/rmccomb
- email: rmccomb@mirantis.com
- groups:
- - support
- openssh:
- server:
- enabled: true
- user:
- rmccomb:
- enabled: true
- public_keys: ${public_keys:rmccomb}
- user: ${linux:system:user:rmccomb}
- public_keys:
- rmccomb:
- - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYhqXhsWyb1VwGKjCeu0jmocrYMQODBxt2qIDjmvt/Qc6Ou78e3EIvZarjNiGczl6fKX3pOUxtZEcqHMZpPciQhyS5TB0hh+7XuBAZy+I0KAT3rM+mHpJ3WRK84hhx/gCHN52qEdiNaS5ofmmrxTk+AcZF9HElPgwi9IC79SKKyIFa2SQxLwNMmrjNab2FQbCcXx34HqsCFi9Sahadpk8Zpk8YKgrH06P+K//lR5mpa8z0svubaLsU+Qde/frjB9xVFeYvm5YcYTJg9GYXubVGqgELFgCqpAGPDCHOIu1T2oQLpTMc4pxqs1EZ6EC9gEE2fMGRfPoSuwacs0WxLzXp
-
diff --git a/openssh/server/team/stacklight.yml b/openssh/server/team/stacklight.yml
index 3eafce1..118a16e 100644
--- a/openssh/server/team/stacklight.yml
+++ b/openssh/server/team/stacklight.yml
@@ -58,6 +58,13 @@
full_name: Vitaly Gusev
home: /home/vgusev
email: vgusev@mirantis.com
+ mpolreich:
+ enabled: true
+ name: mpolreich
+ sudo: true
+ full_name: Martin Polreich
+ home: /home/mpolreich
+ email: mpolreich@mirantis.com
openssh:
client:
enabled: true
@@ -104,6 +111,11 @@
public_keys:
- ${public_keys:vgusev}
user: ${linux:system:user:vgusev}
+ mpolreich:
+ enable: true
+ public_keys:
+ - ${public_keys:mpolreich}
+ user: ${linux:system:user:mpolreich}
public_keys:
newt:
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3odU+3V2uDA2ptAFL9hrJRPNEEdAyztWOZFQ5Oyd9oerTGOU3p4xmrgWWjfKFKbYGhiiIUcYAol5PkTfKukGEkkjCHYA1t023soCaaAj85wCZCnw2zQNAziwxTYmAzTqgxiSvtZNMMrtJvFHRIRDzJ3M1lV0prWNWkMM1/3FAd4W49y6VT3fkMCo8uqG7CfGdgR2DgBCxf9KaNPfW5eDEPOgmE5lK8tVSEI6T+Cg7hbcTf4lFYnlFBnlQgp/0JstsM4Vbwb4B34LOpOsf2S8rrWk2xQMjwaMHXkc2s/E8iW3F5nVFuyEXYISFQIiAHw8dzC6CHgLcyHUVWwznKawZ newt@newt-dev1
@@ -121,3 +133,5 @@
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC3dCFNCYVxHQQD+/X1JJ9auAzpj15AkEl6yO4lJ1XL43ljxJbzWXXl3RN9vAjiBE1tvxEfuPEIxF7kO2sc1xPKtkw40RIwXrDIGfjlVCaBLtnxCPnCQX349UMSJl/AXpkHqKGVeAW+AO4zbeI8XnS9aDNMuX6ncgrLRMxWCxETL3J/IIE1LZ5v0QvyQBHuJc5jbyODVb4onff296SbjzYm96elJZcRFo4FzFaIcKtis+Sm4+6OAGCNDIXxfB9e5TK579x+L+ci/W1k83Fcz6NpQU/OM1R1CZVMap/Xet424aRMFPmA8sTF4hdYvWd6adBihco2isaW51b1Gkc+K9N9wELiEBMpdKQtqkPOvm98UhoRk7Wp+8+zSamj1uEs/7m6VCGFebq8V3xqTexWH2dCUznxZ5+KS6WLBh+3f4P6wG8VuWfgFjIUf7jjYKjidBXfSXFDxRkhf/LV8V0jLv+Ma1mjKBUX+rk7IFxm0X/PkjqNhVFlg3rH4Wre0+9WdsTCyzWS0HEaTxIKdPtwwULLEiwClO1LLebdlVjx9yhen0czXxMAHONbZeTvxN8ULfei+b7c07oYm16T8T9JAdiWn5nGxiT8TAUrCPBJMpbE4xQJLztYhAbMpfhFSdkKfTotFxTK9AKpTg4TZFY0NYOktFtV2R9ZnzP7hHZDSIg2Bw== rpromyshlennikov@mirantis.com
vgusev:
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCrCyaZjs8hiwx38LfpeQ2z9n9ptwQ7gFrhq2z5sK9q/LQMCubbnp5xhyF0SMY1jmQUewBOKXhnq3QSX+DmtNsnhitnZBw2BE5PBXllCBWMMiWULfAYvB0of728Q3EEjrtyfHkt7o2E+CvreVJcVI4kBwjKh5WpVBZ8mmkW/sexLGMuYu0bUWjCddu6ZlhUa+y14VZKOKp44auemza1VL/UzqOVZkBAfR2gPV2pBG3Im+SlnOlDRxKPEXQbsn3u/sNeZq0wSY++khY86AU7jAKfL2NiNsoA7CyB0jTEKwYO3vOWOhECifZuHwY/TNWyRFWM2ImW3mT9aO7nE4w4jXXJ vgusev@vgusev
+ mpolreich:
+ key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC0N+ds8BGTR+ZQo9NSRGRbjv3T8AbPmtSw2nClXxetRdmHpM/mU7/5iD7qfkCXtNptKeCG/Qk44wlijnAtjztJK1qfvyphHe3etZxLnqhYMm73Yy++yKPE/ywFPFb+7kd0BDy2iZqohZpX3gUi5iDnvXUInHNqqtTv3xFe2kmn3lq5bSRuUMtr61nZ7z/fkX8kNfoGxKrm7bhSo5zq4sjTrj3lk1LKZc1HYji3RwrzBM0z4eyed1BaJyDNtG+eFN4nOnvVn59452AR8SmKJXRErk37rEoQn80xszypzybooFPN5dpdB6u9b4xquFCOD83usb8kEjKY9VIYGuXxEEts1KIF20J+xd8UnZU8d4JL50G8JY8zdNgurR3ZyMD2okuord4cpHF8SVecsAyRV6nuhDxVtF2Xn/RriY02jrLoRPsS+3nIrKt9H8vpQZMYJ+jgEpekZhhVfz4AP3pATzOrWENzNXj5G1bLJs1C9aTtwE27EnKW73XekX/GLsehCwsQ21JvDX8PMxJwLVfqvkRlrc5GILEIVgjZ82Cj6Eens1QobymRAEWuEpZxkPx6u0kGO62ri8zFx8+NYwYDz3mwhHDRT34T/Rvzy/9V9xVjkUQOj9cZ3eYBnC1MffJjx8heHDmSQmUd+99zKa9Hzr74z3AvR3AIgFqmu7kx5fIMew== ubuntu@thinkpad-x1
diff --git a/postgresql/client/pushkin.yml b/postgresql/client/pushkin.yml
new file mode 100644
index 0000000..12b5906
--- /dev/null
+++ b/postgresql/client/pushkin.yml
@@ -0,0 +1,27 @@
+parameters:
+ _param:
+ pushkin_db_host: ${_param:haproxy_postgresql_bind_host}
+ pushkin_db_port: ${_param:haproxy_postgresql_bind_port}
+ pushkin_db_user: pushkin
+ pushkin_db_user_password: pushkin
+ postgresql:
+ client:
+ server:
+ server01:
+ admin:
+ host: ${_param:pushkin_db_host}
+ port: ${_param:pushkin_db_port}
+ user: ${_param:postgresql_admin_user}
+ password: ${_param:postgresql_admin_user_password}
+ database:
+ pushkin:
+ enabled: true
+ encoding: 'UTF8'
+ locale: 'en_US'
+ template: 'hstore_enabled'
+ users:
+ - name: ${_param:pushkin_db_user}
+ password: ${_param:pushkin_db_user_password}
+ host: ${_param:pushkin_db_host}
+ createdb: true
+ rights: all privileges
diff --git a/postgresql/client/security_monkey.yml b/postgresql/client/security_monkey.yml
new file mode 100644
index 0000000..65f1de2
--- /dev/null
+++ b/postgresql/client/security_monkey.yml
@@ -0,0 +1,26 @@
+parameters:
+ _param:
+ secmonkey_db_host: ${_param:haproxy_postgresql_bind_host}
+ secmonkey_db_port: ${_param:haproxy_postgresql_bind_port}
+ secmonkey_db_user: secmonkey
+ secmonkey_db_user_password: secmonkey
+ postgresql:
+ client:
+ server:
+ server01:
+ admin:
+ host: ${_param:secmonkey_db_host}
+ port: ${_param:secmonkey_db_port}
+ user: ${_param:postgresql_admin_user}
+ password: ${_param:postgresql_admin_user_password}
+ database:
+ secmonkey:
+ enabled: true
+ encoding: 'UTF8'
+ locale: 'en_US'
+ users:
+ - name: ${_param:secmonkey_db_user}
+ password: ${_param:secmonkey_db_user_password}
+ host: ${_param:secmonkey_db_host}
+ createdb: true
+ rights: all privileges
diff --git a/prometheus/collector/init.yml b/prometheus/collector/init.yml
new file mode 100644
index 0000000..47b9ff9
--- /dev/null
+++ b/prometheus/collector/init.yml
@@ -0,0 +1,2 @@
+classes:
+- service.prometheus.collector
diff --git a/reclass/storage/system/openstack_control_upgrade_single.yml b/reclass/storage/system/openstack_control_upgrade_single.yml
new file mode 100644
index 0000000..964e064
--- /dev/null
+++ b/reclass/storage/system/openstack_control_upgrade_single.yml
@@ -0,0 +1,15 @@
+parameters:
+ _param:
+ openstack_upgrade_node01_hostname: upg01
+ reclass:
+ storage:
+ node:
+ openstack_control_upgrade_node01:
+ name: ${_param:openstack_upgrade_node01_hostname}
+ domain: ${_param:cluster_domain}
+ classes:
+ - cluster.${_param:cluster_name}.openstack.upgrade
+ params:
+ salt_master_host: ${_param:reclass_config_master}
+ linux_system_codename: xenial
+ single_address: ${_param:openstack_upgrade_node01_address}
diff --git a/salt/control/cluster/openstack_gateway_cluster.yml b/salt/control/cluster/openstack_gateway_cluster.yml
new file mode 100644
index 0000000..5d2a20a
--- /dev/null
+++ b/salt/control/cluster/openstack_gateway_cluster.yml
@@ -0,0 +1,26 @@
+parameters:
+ salt:
+ control:
+ size:
+ openstack.gateway:
+ cpu: 32
+ ram: 65536
+ disk_profile: small
+ net_profile: default
+ cluster:
+ internal:
+ domain: ${_param:cluster_domain}
+ engine: virt
+ node:
+ gtw01:
+ provider: kvm01.${_param:cluster_domain}
+ image: ${_param:salt_control_xenial_image}
+ size: openstack.gateway
+ gtw02:
+ provider: kvm01.${_param:cluster_domain}
+ image: ${_param:salt_control_xenial_image}
+ size: openstack.gateway
+ gtw03:
+ provider: kvm01.${_param:cluster_domain}
+ image: ${_param:salt_control_xenial_image}
+ size: openstack.gateway
diff --git a/salt/control/cluster/openstack_gateway_single.yml b/salt/control/cluster/openstack_gateway_single.yml
index c1a4588..1b30b6c 100644
--- a/salt/control/cluster/openstack_gateway_single.yml
+++ b/salt/control/cluster/openstack_gateway_single.yml
@@ -14,5 +14,5 @@
node:
gtw01:
provider: kvm01.${_param:cluster_domain}
- image: ${_param:salt_control_trusty_image}
+ image: ${_param:salt_control_xenial_image}
size: openstack.gateway
diff --git a/salt/control/cluster/openstack_upgrade_single.yml b/salt/control/cluster/openstack_upgrade_single.yml
new file mode 100644
index 0000000..fd6e4f0
--- /dev/null
+++ b/salt/control/cluster/openstack_upgrade_single.yml
@@ -0,0 +1,18 @@
+parameters:
+ salt:
+ control:
+ size:
+ openstack.upgrade:
+ cpu: 32
+ ram: 65536
+ disk_profile: medium
+ net_profile: default
+ cluster:
+ internal:
+ domain: ${_param:cluster_domain}
+ engine: virt
+ node:
+ upg01:
+ provider: kvm02.${_param:cluster_domain}
+ image: ${_param:salt_control_xenial_image}
+ size: openstack.upgrade
\ No newline at end of file
diff --git a/salt/minion/cert/ceph/pki.yml b/salt/minion/cert/ceph/pki.yml
index 259fc38..37e4fc5 100644
--- a/salt/minion/cert/ceph/pki.yml
+++ b/salt/minion/cert/ceph/pki.yml
@@ -3,6 +3,6 @@
minion:
cert:
ceph:
- key_file: /srv/salt/pki/${_param:cluster_name}/ceph.${_param:cluster_public_host}.key
- cert_file: /srv/salt/pki/${_param:cluster_name}/ceph.${_param:cluster_public_host}.crt
- all_file: /srv/salt/pki/${_param:cluster_name}/ceph-with-key.${_param:cluster_public_host}.pem
+ key_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:ceph:common_name}.key
+ cert_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:ceph:common_name}.crt
+ all_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:ceph:common_name}-chain-with-key.pem
diff --git a/salt/minion/cert/proxy/pki.yml b/salt/minion/cert/proxy/pki.yml
index 9a93bbf..731aea6 100644
--- a/salt/minion/cert/proxy/pki.yml
+++ b/salt/minion/cert/proxy/pki.yml
@@ -3,6 +3,6 @@
minion:
cert:
proxy:
- key_file: /srv/salt/pki/${_param:cluster_name}/proxy.${_param:cluster_public_host}.key
- cert_file: /srv/salt/pki/${_param:cluster_name}/proxy.${_param:cluster_public_host}.crt
- all_file: /srv/salt/pki/${_param:cluster_name}/proxy-with-key.${_param:cluster_public_host}.pem
+ key_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:proxy:common_name}.key
+ cert_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:proxy:common_name}.crt
+ all_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:proxy:common_name}-chain-with-key.pem
diff --git a/salt/minion/cert/swift/pki.yml b/salt/minion/cert/swift/pki.yml
index dd24060..3195e48 100644
--- a/salt/minion/cert/swift/pki.yml
+++ b/salt/minion/cert/swift/pki.yml
@@ -3,6 +3,6 @@
minion:
cert:
swift:
- key_file: /srv/salt/pki/${_param:cluster_name}/swift.${_param:cluster_public_host}.key
- cert_file: /srv/salt/pki/${_param:cluster_name}/swift.${_param:cluster_public_host}.crt
- all_file: /srv/salt/pki/${_param:cluster_name}/swift-with-key.${_param:cluster_public_host}.pem
+ key_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:swift:common_name}.key
+ cert_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:swift:common_name}.crt
+ all_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:swift:common_name}-chain-with-key.pem
diff --git a/salt/minion/cert/wildcard/init.yml b/salt/minion/cert/wildcard/init.yml
index 3bc2d52..2974895 100644
--- a/salt/minion/cert/wildcard/init.yml
+++ b/salt/minion/cert/wildcard/init.yml
@@ -11,6 +11,6 @@
authority: ${_param:salt_minion_ca_authority}
common_name: wildcard
alternative_names: IP:127.0.0.1,${_param:salt_pki_wildcard_alt_names}
- key_file: /srv/salt/pki/${_param:cluster_name}/wildcard.${_param:cluster_public_host}.key
- cert_file: /srv/salt/pki/${_param:cluster_name}/wildcard.${_param:cluster_public_host}.crt
- all_file: /srv/salt/pki/${_param:cluster_name}/wildcard-with-key.${_param:cluster_public_host}.pem
+ key_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:wildcard:common_name}.key
+ cert_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:wildcard:common_name}.crt
+ all_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:wildcard:common_name}-chain-with-key.pem
diff --git a/salt/minion/masters.yml b/salt/minion/masters.yml
new file mode 100644
index 0000000..829474a
--- /dev/null
+++ b/salt/minion/masters.yml
@@ -0,0 +1,7 @@
+parameters:
+ salt:
+ minion:
+ master_type: failover
+ masters:
+ - host: ${_param:infra_config_deploy_address}
+ - host: ${_param:infra_config_address}
diff --git a/telegraf/agent/init.yml b/telegraf/agent/init.yml
index 1faea32..0e836e8 100644
--- a/telegraf/agent/init.yml
+++ b/telegraf/agent/init.yml
@@ -1,4 +1,6 @@
-paramaters:
+classes:
+- service.telegraf.agent
+parameters:
telegraf:
agent:
output: