Merge "Do not mount volume to sf-notfier container"
diff --git a/defaults/openstack/init.yml b/defaults/openstack/init.yml
index 5adb1a7..0bce371 100644
--- a/defaults/openstack/init.yml
+++ b/defaults/openstack/init.yml
@@ -89,6 +89,7 @@
# Ironic
ironic_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
ironic_memcache_secret_key: ''
+ ironic_console_enabled: true
# Keystone
keystone_old_version: ${_param:openstack_old_version}
keystone_version: ${_param:openstack_version}
diff --git a/elasticsearch/server/cluster.yml b/elasticsearch/server/cluster.yml
index 76774aa..155cfdf 100644
--- a/elasticsearch/server/cluster.yml
+++ b/elasticsearch/server/cluster.yml
@@ -5,7 +5,7 @@
_param:
java_environment_version: "8"
java_environment_platform: openjdk
- elasticsearch_cluster_name: elasticsearch
+ elasticsearch_cluster_name: ${_param:cluster_name}
linux:
system:
sysctl:
@@ -17,7 +17,6 @@
elasticsearch:
server:
version: ${_param:elasticsearch_version}
- name: ${_param:elasticsearch_cluster_name}
enabled: true
master: true
data: true
@@ -35,6 +34,7 @@
recover_after_nodes: 2
recover_after_time: 5m
cluster:
+ name: ${_param:elasticsearch_cluster_name}
multicast: false
minimum_master_nodes: 2
members:
diff --git a/haproxy/proxy/listen/openstack/placement.yml b/haproxy/proxy/listen/openstack/placement.yml
index b2e37bb..78776ca 100644
--- a/haproxy/proxy/listen/openstack/placement.yml
+++ b/haproxy/proxy/listen/openstack/placement.yml
@@ -1,5 +1,6 @@
# Starting with Nova (17.0.0) Queens - accessing to / of placement service
# returns 200 with version data instead of 401 as it was before.
+# Also OPTIONS default haproxy check method is no longer allowed starting from Queens.
# This file should be included for nova/placement higher than Queens.
parameters:
_param:
@@ -7,9 +8,19 @@
haproxy:
proxy:
listen:
+ # Nova placement API returns 401 when doing GET to root URL, while
+ # other services normally returns 200 and API versions data.
placement_api:
- type: openstack-service
service_name: placement
+ mode: http
+ options:
+ - httpclose
+ - httplog
+ - httpchk GET /
+ health-check:
+ http:
+ options:
+ - expect rstatus (401|200)
binds:
- address: ${_param:cluster_vip_address}
port: 8778
diff --git a/haproxy/proxy/listen/openstack/placement_large.yml b/haproxy/proxy/listen/openstack/placement_large.yml
index d559572..95711d2 100644
--- a/haproxy/proxy/listen/openstack/placement_large.yml
+++ b/haproxy/proxy/listen/openstack/placement_large.yml
@@ -1,5 +1,6 @@
# Starting with Nova (17.0.0) Queens - accessing to / of placement service
# returns 200 with version data instead of 401 as it was before.
+# Also OPTIONS default haproxy check method is no longer allowed starting from Queens.
# This file should be included for nova/placement higher than Queens.
parameters:
_param:
@@ -7,9 +8,19 @@
haproxy:
proxy:
listen:
+ # Nova placement API returns 401 when doing GET to root URL, while
+ # other services normally returns 200 and API versions data.
placement_api:
- type: openstack-service
service_name: placement
+ mode: http
+ options:
+ - httpclose
+ - httplog
+ - httpchk GET /
+ health-check:
+ http:
+ options:
+ - expect rstatus (401|200)
binds:
- address: ${_param:cluster_vip_address}
port: 8778
diff --git a/heat/server/cluster.yml b/heat/server/cluster.yml
index 1edf790..be2f211 100644
--- a/heat/server/cluster.yml
+++ b/heat/server/cluster.yml
@@ -18,7 +18,6 @@
stack_domain_admin:
name: heat_domain_admin
password: ${_param:heat_domain_admin_password}
- domain: heat
enabled: true
region: ${_param:openstack_region}
version: ${_param:heat_version}
diff --git a/heat/server/single.yml b/heat/server/single.yml
index 24db595..4ce11fa 100644
--- a/heat/server/single.yml
+++ b/heat/server/single.yml
@@ -17,7 +17,6 @@
stack_domain_admin:
name: heat_domain_admin
password: ${_param:heat_domain_admin_password}
- domain: heat
metadata:
protocol: ${_param:cluster_public_protocol}
waitcondition:
diff --git a/ironic/conductor/cluster.yml b/ironic/conductor/cluster.yml
index 09548b7..2394a29 100644
--- a/ironic/conductor/cluster.yml
+++ b/ironic/conductor/cluster.yml
@@ -39,3 +39,9 @@
automated_clean: true
erase_devices_priority: 0
erase_devices_metadata_priority: 1
+ console:
+ enabled: ${_param:ironic_console_enabled}
+ enabled_console_interfaces:
+ - ipmitool-shellinabox
+ - ipmitool-socat
+ - no-console
diff --git a/ironic/conductor/single.yml b/ironic/conductor/single.yml
index 4bbdfa9..e5005da 100644
--- a/ironic/conductor/single.yml
+++ b/ironic/conductor/single.yml
@@ -40,3 +40,9 @@
automated_clean: true
erase_devices_priority: 0
erase_devices_metadata_priority: 1
+ console:
+ enabled: ${_param:ironic_console_enabled}
+ enabled_console_interfaces:
+ - ipmitool-shellinabox
+ - ipmitool-socat
+ - no-console
diff --git a/jenkins/client/init.yml b/jenkins/client/init.yml
index a64c76f..4f0b3f4 100644
--- a/jenkins/client/init.yml
+++ b/jenkins/client/init.yml
@@ -11,12 +11,8 @@
jenkins_master_port: 8081
jenkins_aptly_storages: "local"
jenkins_pipelines_branch: "master"
- jenkins_offline_deployment: "false"
jenkins:
client:
- globalenvprop:
- OFFLINE_DEPLOYMENT:
- value: ${_param:jenkins_offline_deployment}
master:
host: ${_param:jenkins_master_host}
port: ${_param:jenkins_master_port}
diff --git a/jenkins/client/job/deploy/galera_verify_restore.yml b/jenkins/client/job/deploy/galera_verify_restore.yml
index 3b9127e..492d76f 100644
--- a/jenkins/client/job/deploy/galera_verify_restore.yml
+++ b/jenkins/client/job/deploy/galera_verify_restore.yml
@@ -25,3 +25,12 @@
SALT_MASTER_URL:
type: string
default: "${_param:jenkins_salt_api_url}"
+ ASK_CONFIRMATION:
+ type: boolean
+ default: 'true'
+ CHECK_TIME_SYNC:
+ type: boolean
+ default: 'true'
+ VERIFICATION_RETRIES:
+ type: string
+ default: 5
diff --git a/jenkins/client/job/deploy/update/init.yml b/jenkins/client/job/deploy/update/init.yml
index a05b1ad..5a26020 100644
--- a/jenkins/client/job/deploy/update/init.yml
+++ b/jenkins/client/job/deploy/update/init.yml
@@ -12,9 +12,9 @@
- system.jenkins.client.job.deploy.update.upgrade_opencontrail4_0
- system.jenkins.client.job.deploy.update.update_opencontrail4
- system.jenkins.client.job.deploy.update.upgrade_stacklight
- - system.jenkins.client.job.deploy.update.restore_mysql
- system.jenkins.client.job.deploy.update.restore_cassandra
- system.jenkins.client.job.deploy.update.restore_zookeeper
- system.jenkins.client.job.deploy.update.virt_snapshot
- system.jenkins.client.job.deploy.update.cloud_update
- system.jenkins.client.job.deploy.update.kubernetes_update
+ - system.jenkins.client.job.deploy.galera_verify_restore
diff --git a/jenkins/client/job/deploy/update/restore_mysql.yml b/jenkins/client/job/deploy/update/restore_mysql.yml
deleted file mode 100644
index aaf4552..0000000
--- a/jenkins/client/job/deploy/update/restore_mysql.yml
+++ /dev/null
@@ -1,32 +0,0 @@
-#
-# Jobs to update packages on given Salt master environment
-#
-parameters:
- _param:
- jenkins_salt_api_url: "http://${_param:salt_master_host}:6969"
- jenkins:
- client:
- job:
- deploy-mysql-db-restore:
- type: workflow-scm
- concurrent: true
- discard:
- build:
- keep_num: 10
- artifact:
- keep_num: 10
- display_name: "Xtrabackup - restore mysql db"
- scm:
- type: git
- url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
- branch: "${_param:jenkins_pipelines_branch}"
- credentials: "gerrit"
- script: xtrabackup-restore-mysql-db.groovy
- param:
- SALT_MASTER_URL:
- type: string
- default: "${_param:jenkins_salt_api_url}"
- SALT_MASTER_CREDENTIALS:
- type: string
- default: "salt"
-
diff --git a/keystone/client/v3/service/neutron.yml b/keystone/client/v3/service/neutron.yml
index 8f3c47e..2c1df47 100644
--- a/keystone/client/v3/service/neutron.yml
+++ b/keystone/client/v3/service/neutron.yml
@@ -22,7 +22,7 @@
interface: 'public'
url: ${_param:cluster_public_protocol}://${_param:cluster_public_host}:9696/
region: ${_param:openstack_region}
- neutron_interna;:
+ neutron_internal:
interface: 'internal'
url: ${_param:neutron_service_protocol}://${_param:neutron_service_host}:9696/
region: ${_param:openstack_region}
diff --git a/kubernetes/common/init.yml b/kubernetes/common/init.yml
index c9f83c8..3bba699 100644
--- a/kubernetes/common/init.yml
+++ b/kubernetes/common/init.yml
@@ -25,6 +25,7 @@
kubernetes_openstack_provider_repo: ${_param:mcp_binary_registry}/mirantis/kubernetes/cloud-provider-openstack
kubernetes_metrics_server_repo: k8s.gcr.io
kubernetes_helm_tiller_repo: gcr.io/kubernetes-helm
+ kubernetes_helm_client_repo: https://storage.googleapis.com/kubernetes-helm
# component images/binaries
kubernetes_calico_image: ${_param:kubernetes_calico_repo}/node:v3.3.2
@@ -73,6 +74,8 @@
kubernetes_containerd_package: containerd.io=1.2.1-1~u16.04+mcp
kubernetes_metrics_server_image: ${_param:kubernetes_metrics_server_repo}/metrics-server-amd64:v0.3.1
kubernetes_helm_tiller_image: ${_param:kubernetes_helm_tiller_repo}/tiller:v2.12.2
+ kubernetes_helm_client_source: ${_param:kubernetes_helm_client_repo}/helm-v2.12.2-linux-amd64.tar.gz
+ kubernetes_helm_client_hash: sha256=edad6d5e594408b996b8d758a04948f89dab15fa6c6ea6daee3709f8c099df6d
kubernetes_opencontrail_controller_image: ${_param:kubernetes_contrail_registry}/opencontrail-controller:${_param:mcp_version}
kubernetes_opencontrail_analyticsdb_image: ${_param:kubernetes_contrail_registry}/opencontrail-analyticsdb:${_param:mcp_version}
@@ -248,6 +251,9 @@
helm:
enabled: ${_param:kubernetes_helm_tiller_enabled}
tiller_image: ${_param:kubernetes_helm_tiller_image}
+ client:
+ source: ${_param:kubernetes_helm_client_source}
+ hash: ${_param:kubernetes_helm_client_hash}
pool:
enabled: false
kubelet:
diff --git a/neutron/control/cluster.yml b/neutron/control/cluster.yml
index 63e4faf..91b410b 100644
--- a/neutron/control/cluster.yml
+++ b/neutron/control/cluster.yml
@@ -37,5 +37,5 @@
ssl:
enabled: ${_param:galera_ssl_enabled}
role: ${_param:openstack_node_role}
- identity:
- protocol: ${_param:cluster_internal_protocol}
+ identity:
+ protocol: ${_param:cluster_internal_protocol}
diff --git a/neutron/gateway/cluster.yml b/neutron/gateway/cluster.yml
index 2a4f4f4..a159a6d 100644
--- a/neutron/gateway/cluster.yml
+++ b/neutron/gateway/cluster.yml
@@ -11,6 +11,18 @@
kernel:
sysctl:
fs.inotify.max_user_instances: 4096
+# Old keepalived version has been pinned due to
+# workaround for PROD-26273 and should be removed
+# once keepalived deb package is available higher
+# 1.3.9 version
+ repo:
+ ubuntu:
+ pinning:
+ 10:
+ enabled: true
+ pin: 'version 1:1.2.19-1'
+ priority: 1100
+ package: 'keepalived'
neutron:
gateway:
dvr: ${_param:neutron_gateway_dvr}
diff --git a/nginx/server/proxy/openstack/placement.yml b/nginx/server/proxy/openstack/placement.yml
index a54966e..cb88a6d 100644
--- a/nginx/server/proxy/openstack/placement.yml
+++ b/nginx/server/proxy/openstack/placement.yml
@@ -1,5 +1,6 @@
parameters:
_param:
+ placement_service_host: ${_param:nova_service_host}
nginx_proxy_openstack_api_host: ${_param:cluster_public_host}
nginx_proxy_openstack_api_address: 0.0.0.0
nginx_proxy_openstack_placement_host: ${_param:placement_service_host}
diff --git a/opencontrail/control/cluster4_0.yml b/opencontrail/control/cluster4_0.yml
index 95b0d90..12a344e 100644
--- a/opencontrail/control/cluster4_0.yml
+++ b/opencontrail/control/cluster4_0.yml
@@ -27,7 +27,7 @@
opencontrail_controller_container_name: opencontrail_controller_1
opencontrail_analytics_container_name: opencontrail_analytics_1
opencontrail_analyticsdb_container_name: opencontrail_analyticsdb_1
- opencontrail_api_workers_count: 6
+ opencontrail_api_workers_count: 1
analytics_vip_address: ${_param:opencontrail_analytics_address}
# Temprorary fix for MOS9 packages to pin old version of kafka
linux:
diff --git a/opencontrail/control/cluster4_0_k8s.yml b/opencontrail/control/cluster4_0_k8s.yml
index cf9a8e7..6e24ac3 100644
--- a/opencontrail/control/cluster4_0_k8s.yml
+++ b/opencontrail/control/cluster4_0_k8s.yml
@@ -21,7 +21,7 @@
opencontrail_controller_container_name: opencontrail_controller_1
opencontrail_analytics_container_name: opencontrail_analytics_1
opencontrail_analyticsdb_container_name: opencontrail_analyticsdb_1
- opencontrail_api_workers_count: 6
+ opencontrail_api_workers_count: 1
analytics_vip_address: ${_param:opencontrail_analytics_address}
# Temprorary fix for MOS9 packages to pin old version of kafka
linux:
diff --git a/opencontrail/control/control4_0.yml b/opencontrail/control/control4_0.yml
index ba47959..fb751ca 100644
--- a/opencontrail/control/control4_0.yml
+++ b/opencontrail/control/control4_0.yml
@@ -17,7 +17,7 @@
opencontrail_message_queue_password: guest
opencontrail_controller_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-controller:${_param:opencontrail_image_tag}
opencontrail_controller_container_name: opencontrail_controller_1
- opencontrail_api_workers_count: 6
+ opencontrail_api_workers_count: 1
analytics_vip_address: ${_param:opencontrail_analytics_address}
opencontrail:
common:
diff --git a/openssh/server/team/services.yml b/openssh/server/team/services.yml
index 18f7a76..b735090 100644
--- a/openssh/server/team/services.yml
+++ b/openssh/server/team/services.yml
@@ -1,7 +1,7 @@
classes:
- system.linux.system.sudo
- system.openssh.server.team.members.mniedbala
-- system.openssh.server.team.members.deprecated.michalec
+- system.openssh.server.team.members.deprecated.pmichalec
- system.openssh.server.team.members.pcizinsky
- system.openssh.server.team.members.lmercl
- system.openssh.server.team.members.pruzicka