Merge "Added necessary params for upload docker images to artifactory"
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..485dee6
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.idea
diff --git a/artifactory/client/init.yml b/artifactory/client/init.yml
index ec5da44..7eab16e 100644
--- a/artifactory/client/init.yml
+++ b/artifactory/client/init.yml
@@ -45,6 +45,8 @@
rclass: remote
packageType: generic
url: http://dl-cdn.alpinelinux.org/alpine/
+ unusedArtifactsCleanupEnabled: true
+ unusedArtifactsCleanupPeriodHours: 720
apk-virtual:
rclass: virtual
@@ -57,16 +59,22 @@
rclass: remote
packageType: debian
url: https://apt.dockerproject.org/repo
+ unusedArtifactsCleanupEnabled: true
+ unusedArtifactsCleanupPeriodHours: 720
artifactory-pro-debian:
rclass: remote
packageType: debian
url: https://jfrog.bintray.com/artifactory-pro-debs
+ unusedArtifactsCleanupEnabled: true
+ unusedArtifactsCleanupPeriodHours: 720
artifactory-pro-rpm:
rclass: remote
packageType: yum
url: http://jfrog.bintray.com/artifactory-pro-rpms
+ unusedArtifactsCleanupEnabled: true
+ unusedArtifactsCleanupPeriodHours: 720
binary-dev-local:
rclass: local
@@ -98,6 +106,8 @@
rclass: remote
packageType: generic
url: https://artifactory.mcp.mirantis.net/artifactory/binary-prod-virtual
+ unusedArtifactsCleanupEnabled: true
+ unusedArtifactsCleanupPeriodHours: 720
centos:
rclass: virtual
@@ -115,6 +125,8 @@
rclass: remote
packageType: yum
url: http://mirror.centos.org/centos/
+ unusedArtifactsCleanupEnabled: true
+ unusedArtifactsCleanupPeriodHours: 720
centos-virtual:
rclass: virtual
@@ -132,31 +144,43 @@
rclass: remote
packageType: debian
url: http://sfo1.mirrors.digitalocean.com/mariadb/repo/10.1/debian/
+ unusedArtifactsCleanupEnabled: true
+ unusedArtifactsCleanupPeriodHours: 720
debian-nginx:
rclass: remote
packageType: debian
url: http://nginx.org/packages/debian/
+ unusedArtifactsCleanupEnabled: true
+ unusedArtifactsCleanupPeriodHours: 720
debian-percona-remote:
rclass: remote
packageType: debian
url: http://repo.percona.com/apt
+ unusedArtifactsCleanupEnabled: true
+ unusedArtifactsCleanupPeriodHours: 720
debian-rabbitmq-remote:
rclass: remote
packageType: debian
url: http://www.rabbitmq.com/debian/
+ unusedArtifactsCleanupEnabled: true
+ unusedArtifactsCleanupPeriodHours: 720
debian-remote:
rclass: remote
packageType: debian
url: http://ftp.us.debian.org/debian
+ unusedArtifactsCleanupEnabled: true
+ unusedArtifactsCleanupPeriodHours: 720
debian-security-remote:
rclass: remote
packageType: debian
url: http://security.debian.org/
+ unusedArtifactsCleanupEnabled: true
+ unusedArtifactsCleanupPeriodHours: 720
debian-virtual:
rclass: virtual
@@ -197,18 +221,24 @@
packageType: docker
url: https://registry-1.docker.io/
description: "Remote repository for DockerHub"
+ unusedArtifactsCleanupEnabled: true
+ unusedArtifactsCleanupPeriodHours: 720
gcs-remote:
rclass: remote
packageType: generic
url: https://storage.googleapis.com
description: "Has zero downloads. Can be removed."
+ unusedArtifactsCleanupEnabled: true
+ unusedArtifactsCleanupPeriodHours: 720
gerrit-plugins:
rclass: remote
packageType: generic
url: http://builds.quelltextlich.at/gerrit/nightly
description: "Overlaps with maven-local. We should resolve overlap and remove this repo."
+ unusedArtifactsCleanupEnabled: true
+ unusedArtifactsCleanupPeriodHours: 720
helm-local:
rclass: local
@@ -231,26 +261,36 @@
rclass: remote
packageType: maven
url: https://jcenter.bintray.com
+ unusedArtifactsCleanupEnabled: true
+ unusedArtifactsCleanupPeriodHours: 720
jenkins-deb-pkgs:
rclass: remote
packageType: generic
url: https://pkg.jenkins.io/debian-stable/binary
+ unusedArtifactsCleanupEnabled: true
+ unusedArtifactsCleanupPeriodHours: 720
jenkins-plugins:
rclass: remote
packageType: generic
url: http://mirrors.jenkins-ci.org/plugins
+ unusedArtifactsCleanupEnabled: true
+ unusedArtifactsCleanupPeriodHours: 720
jenkins-plugins-jars:
rclass: remote
packageType: maven
url: https://repo.jenkins-ci.org/releases/org/jenkins-ci/plugins/
+ unusedArtifactsCleanupEnabled: true
+ unusedArtifactsCleanupPeriodHours: 720
jenkins-updates:
rclass: remote
packageType: generic
url: https://updates.jenkins.io/
+ unusedArtifactsCleanupEnabled: true
+ unusedArtifactsCleanupPeriodHours: 720
k8s-tests-images:
rclass: local
@@ -279,6 +319,8 @@
rclass: remote
packageType: maven
url: http://repo.jfrog.org/artifactory/remote-repos/mysql/mysql-connector-java/
+ unusedArtifactsCleanupEnabled: true
+ unusedArtifactsCleanupPeriodHours: 720
pypi-local:
rclass: local
@@ -288,6 +330,8 @@
rclass: remote
packageType: pypi
url: https://pypi.python.org
+ unusedArtifactsCleanupEnabled: true
+ unusedArtifactsCleanupPeriodHours: 720
pypi-virtual:
rclass: virtual
@@ -305,6 +349,8 @@
rclass: remote
packageType: debian
url: http://us.archive.ubuntu.com/ubuntu/
+ unusedArtifactsCleanupEnabled: true
+ unusedArtifactsCleanupPeriodHours: 720
ubuntu-virtual:
rclass: virtual
diff --git a/ceilometer/client/nova_control.yml b/ceilometer/client/nova_control.yml
index 252c67e..7ac8f89 100644
--- a/ceilometer/client/nova_control.yml
+++ b/ceilometer/client/nova_control.yml
@@ -3,3 +3,5 @@
controller:
notification:
driver: messagingv2
+ notify_on:
+ state_change: vm_and_task_state
diff --git a/debmirror/mirror_mirantis_com/ubuntu/xenial.yml b/debmirror/mirror_mirantis_com/ubuntu/xenial.yml
index 4a199bf..6a38787 100644
--- a/debmirror/mirror_mirantis_com/ubuntu/xenial.yml
+++ b/debmirror/mirror_mirantis_com/ubuntu/xenial.yml
@@ -80,6 +80,10 @@
- multiverse/debug
- restricted/debug
- universe/debug
+ - comm
+ - multiverse/comm
+ - universe/comm
+ - restricted/comm
# Updating filter, please always start from section, aka main|universe|multiverse
filter:
1: "--exclude='android*'"
@@ -171,6 +175,4 @@
803: "--include='/main(.*)unittest2'" # openstack* pkgs
804: "--include='/main(.*)libbluetooth3'" # python-guestfs
805: "--include='/main(.*)llvm-toolchain-5.0'" # pki-ca: < 389-ds-base < dogtag
-
-
-
+ 806: "--include='/main(.*)man-db'" # include man tool
diff --git a/docker/swarm/stack/jenkins/slave_ssl.yml b/docker/swarm/stack/jenkins/slave_ssl.yml
new file mode 100644
index 0000000..6099cd7
--- /dev/null
+++ b/docker/swarm/stack/jenkins/slave_ssl.yml
@@ -0,0 +1,17 @@
+docker:
+ client:
+ stack:
+ jenkins:
+ service:
+ slave01:
+ volumes:
+ - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro
+ - /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:proxy:common_name}-with-chain.crt:/etc/ssl/certs/proxy-with-chain.crt:ro
+ slave02:
+ volumes:
+ - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro
+ - /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:proxy:common_name}-with-chain.crt:/etc/ssl/certs/proxy-with-chain.crt:ro
+ slave03:
+ volumes:
+ - /etc/ssl/certs/ca-certificates.crt:/etc/ssl/certs/ca-certificates.crt:ro
+ - /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:proxy:common_name}-with-chain.crt:/etc/ssl/certs/proxy-with-chain.crt:ro
\ No newline at end of file
diff --git a/docker/swarm/stack/kqueen.yml b/docker/swarm/stack/kqueen.yml
index c6b608d..430a344 100644
--- a/docker/swarm/stack/kqueen.yml
+++ b/docker/swarm/stack/kqueen.yml
@@ -9,6 +9,8 @@
kqueen_api_debug: True
kqueen_api_prometheus_whitelist: '172.16.10.0/24' ##REcheck with network
kqueen_api_ldap_uri: 'ldap://ldap'
+ kqueen_api_ldap_dn: 'cn=admin,dc=example,dc=org'
+ kqueen_api_ldap_password: 'password'
kqueen_api_auth_modules: 'local'
docker_kqueen_ui_replicas: 1
kqueen_ui_bind_port: ${_param:haproxy_kqueen_ui_bind_port}
@@ -38,6 +40,8 @@
KQUEEN_DEBUG: ${_param:kqueen_api_debug}
KQUEEN_CONFIG_FILE: config/prod.py
KQUEEN_LDAP_URI: ${_param:kqueen_api_ldap_uri}
+ KQUEEN_LDAP_DN: ${_param:kqueen_api_ldap_dn}
+ KQUEEN_LDAP_PASSWORD: ${_param:kqueen_api_ldap_password}
KQUEEN_AUTH_MODULES: ${_param:kqueen_api_auth_modules}
KQUEEN_ETCD_HOST: ${_param:kqueen_api_db_host}
KQUEEN_PROMETHEUS_WHITELIST: ${_param:kqueen_api_prometheus_whitelist}
diff --git a/fluentd/label/default_output/elasticsearch.yml b/fluentd/label/default_output/elasticsearch.yml
index 5960c49..aa96b31 100644
--- a/fluentd/label/default_output/elasticsearch.yml
+++ b/fluentd/label/default_output/elasticsearch.yml
@@ -1,7 +1,7 @@
classes:
- service.fluentd.agent.output.elasticsearch
parameters:
- _params:
+ _param:
fluentd_elasticsearch_host: 127.0.0.1
elasticsearch_port: 9200
fluentd:
diff --git a/haproxy/proxy/listen/radosgw.yml b/haproxy/proxy/listen/radosgw.yml
index 434555d..350abbf 100644
--- a/haproxy/proxy/listen/radosgw.yml
+++ b/haproxy/proxy/listen/radosgw.yml
@@ -2,12 +2,12 @@
_param:
haproxy_radosgw_bind_port: 8080
haproxy_radosgw_source_port: 8080
- ceph_rgw_node01_hostname: ${_param:cluster_node01_hostname}
- ceph_rgw_node02_hostname: ${_param:cluster_node02_hostname}
- ceph_rgw_node03_hostname: ${_param:cluster_node03_hostname}
- ceph_rgw_node01_address: ${_param:cluster_node01_address}
- ceph_rgw_node02_address: ${_param:cluster_node02_address}
- ceph_rgw_node03_address: ${_param:cluster_node03_address}
+ haproxy_ceph_rgw_node01_hostname: ${_param:cluster_node01_hostname}
+ haproxy_ceph_rgw_node02_hostname: ${_param:cluster_node02_hostname}
+ haproxy_ceph_rgw_node03_hostname: ${_param:cluster_node03_hostname}
+ haproxy_ceph_rgw_node01_address: ${_param:cluster_node01_address}
+ haproxy_ceph_rgw_node02_address: ${_param:cluster_node02_address}
+ haproxy_ceph_rgw_node03_address: ${_param:cluster_node03_address}
haproxy:
proxy:
listen:
@@ -18,15 +18,15 @@
- address: ${_param:cluster_vip_address}
port: ${_param:haproxy_radosgw_bind_port}
servers:
- - name: ${_param:ceph_rgw_node01_hostname}
- host: ${_param:ceph_rgw_node01_address}
+ - name: ${_param:haproxy_ceph_rgw_node01_hostname}
+ host: ${_param:haproxy_ceph_rgw_node01_address}
port: ${_param:haproxy_radosgw_source_port}
params: check
- - name: ${_param:ceph_rgw_node02_hostname}
- host: ${_param:ceph_rgw_node02_address}
+ - name: ${_param:haproxy_ceph_rgw_node02_hostname}
+ host: ${_param:haproxy_ceph_rgw_node02_address}
port: ${_param:haproxy_radosgw_source_port}
params: check
- - name: ${_param:ceph_rgw_node03_hostname}
- host: ${_param:ceph_rgw_node03_address}
+ - name: ${_param:haproxy_ceph_rgw_node03_hostname}
+ host: ${_param:haproxy_ceph_rgw_node03_address}
port: ${_param:haproxy_radosgw_source_port}
params: check
diff --git a/jenkins/client/approved_scripts.yml b/jenkins/client/approved_scripts.yml
index 190d9cb..1fb68c9 100644
--- a/jenkins/client/approved_scripts.yml
+++ b/jenkins/client/approved_scripts.yml
@@ -12,6 +12,7 @@
- method groovy.json.JsonSlurperClassic parseText java.lang.String
- method groovy.lang.GString getBytes
- method groovy.lang.GroovyObject getProperty java.lang.String
+ - method groovy.util.Node get java.lang.String
- method groovy.util.Node attributes
- method groovy.util.XmlParser parse java.io.File
- method groovy.util.XmlParser parseText java.lang.String
@@ -71,6 +72,7 @@
- method java.util.Calendar add int int
- method java.util.Calendar getTime
- method java.util.Date before java.util.Date
+ - method java.text.DateFormat parse java.lang.String
- method jenkins.model.Jenkins getItemByFullName java.lang.String
- method jenkins.model.Jenkins getPluginManager
- method org.jenkinsci.plugins.workflow.job.WorkflowRun doStop
@@ -93,6 +95,7 @@
- new java.util.ArrayList
- new java.util.Date
- new java.util.HashMap
+ - new java.text.SimpleDateFormat java.lang.String java.util.Locale
- staticField groovy.io.FileType FILES
- staticMethod com.cloudbees.plugins.credentials.CredentialsProvider lookupCredentials java.lang.Class hudson.model.ItemGroup
- staticMethod java.lang.Double parseDouble java.lang.String
@@ -147,3 +150,4 @@
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods reverse java.util.List
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getAt java.util.Collection java.lang.String
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods init java.util.List
+ - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods asBoolean java.lang.CharSequence
diff --git a/jenkins/client/init.yml b/jenkins/client/init.yml
index e4a3fcd..856eec5 100644
--- a/jenkins/client/init.yml
+++ b/jenkins/client/init.yml
@@ -37,6 +37,7 @@
ldap: {}
matrix-auth: {}
monitoring: {}
+ performance: {}
pipeline-utility-steps: {}
rebuild: {}
simple-theme-plugin: {}
diff --git a/jenkins/client/job/deploy/lab/component/kubernetes.yml b/jenkins/client/job/deploy/lab/component/kubernetes.yml
index 8cbf766..995acb5 100644
--- a/jenkins/client/job/deploy/lab/component/kubernetes.yml
+++ b/jenkins/client/job/deploy/lab/component/kubernetes.yml
@@ -39,3 +39,9 @@
stack_install: core,k8s,calico
stack_test: ""
job_timer: "H H(0-6) * * *"
+ - stack_name: k8s_ha_calico_flannel_virtlet
+ stack_env: devcloud
+ stack_type: heat
+ stack_install: core,k8s
+ stack_test: "k8s"
+ job_timer: "H H(0-6) * * *"
diff --git a/jenkins/client/job/oscore/qa.yml b/jenkins/client/job/oscore/qa.yml
index eb565a2..6d54082 100644
--- a/jenkins/client/job/oscore/qa.yml
+++ b/jenkins/client/job/oscore/qa.yml
@@ -71,11 +71,6 @@
branches:
- compare_type: "PLAIN"
name: "master"
- skip_vote:
- - successful
- - failed
- - unstable
- - not_built
event:
patchset:
- created
diff --git a/jenkins/client/job/oscore/salt_virtual_models.yml b/jenkins/client/job/oscore/salt_virtual_models.yml
index 17c4aa8..d8a2d9d 100644
--- a/jenkins/client/job/oscore/salt_virtual_models.yml
+++ b/jenkins/client/job/oscore/salt_virtual_models.yml
@@ -19,10 +19,18 @@
display_name: oscore-test-virtual-model
name: oscore-test-virtual-model
param:
+ SALT_MASTER_CREDENTIALS:
+ type: string
+ default: "salt-qa-credentials"
+ description: Jenkins credential ID for Salt master
CREDENTIALS_ID:
default: gerrit
type: string
description: "Name of creadentials to use when connecting to gerrit"
+ ARTIFACTORY_CREDENTIALS:
+ type: string
+ default: "artifactory"
+ description: Jenkins credential ID for Artifactory
HEAT_STACK_ZONE:
type: string
description: "Heat stack zone where build stack"
diff --git a/jenkins/client/job/oscore/tests.yml b/jenkins/client/job/oscore/tests.yml
index 56ecfe2..4453dae 100644
--- a/jenkins/client/job/oscore/tests.yml
+++ b/jenkins/client/job/oscore/tests.yml
@@ -378,6 +378,10 @@
type: boolean
description: Whether to use pepper to connect to salt master
default: 'false'
+ USE_RALLY:
+ type: boolean
+ description: Whether to use container with rally
+ default: 'true'
results-checker-template:
name: "{{job_prefix}}-{{test_type}}-results-checker"
template:
@@ -574,10 +578,6 @@
STACK_RECLASS_ADDRESS:
type: string
default: "{{stack_reclass_address}}"
- OPENSTACK_RELEASES:
- type: string
- default: "{{openstack_releases}}"
- description: "OpenStack releases with comma delimeter which have to be testes. For example: pike,ocata"
SOURCE_REPO_NAME:
type: string
description: "Name of the repo where packages are stored"
@@ -598,14 +598,10 @@
type: boolean
default: "{{auto_promote}}"
description: Enable to autopromote repo
- TEST_MULTINODE:
- type: boolean
- default: "{{test_multinode}}"
- description: Whether to test nightly snapshot against multi-node virtual models
- STACK_CLUSTER_NAMES:
+ TEST_SCHEMAS:
type: string
- default: "{{stack_cluster_names}}"
- description: "Cluster name to use from reclass to deploy multi-node"
+ default: "{{test_schemas}}"
+ description: "Defines structure to pass aio:cluster-name1:branch1,branch2|multinode:cluster-name2:branch1,branch2"
build-salt-formula-refspec-template:
name: "{{job_prefix}}-build-salt-formula-refspec"
template:
diff --git a/linux/system/motd/static.yml b/linux/system/motd/static.yml
index 774abc6..c0e23c0 100644
--- a/linux/system/motd/static.yml
+++ b/linux/system/motd/static.yml
@@ -1,12 +1,20 @@
parameters:
+ _param:
+ motd_company_name: COMPANY_NAME
linux:
system:
motd: |
- WARNING: This is private network
- Unauthorized access is strictly prohibited
+ =================================== WARNING ====================================
+ You have accessed a computer managed by ${_param:motd_company_name}.
+ You are required to have authorisation from ${_param:motd_company_name}
+ before you proceed and you are strictly limited to use set out within that
+ authorisation. Unauthorised access to or misuse of this system is prohibited
+ and constitutes an offence under the Computer Misuse Act 1990.
+ If you disclose any information obtained through this system without
+ authority ${_param:motd_company_name} may take legal action against you.
+ ================================================================================
------------------------------------------------------
Hostname | ${linux:system:name}
Domain | ${linux:system:domain}
------------------------------------------------------
-
diff --git a/linux/system/repo/mcp/apt_mirantis/saltstack.yml b/linux/system/repo/mcp/apt_mirantis/saltstack.yml
new file mode 100644
index 0000000..6fcd5a1
--- /dev/null
+++ b/linux/system/repo/mcp/apt_mirantis/saltstack.yml
@@ -0,0 +1,14 @@
+parameters:
+ _param:
+ apt_mk_version: stable
+ salt_version: 2016.3
+ linux_system_repo_mcp_saltstack_version: ${_param:apt_mk_version}
+ linux:
+ system:
+ repo:
+ mcp_saltstack:
+ source: "deb [arch=amd64] http://mirror.mirantis.com/${_param:linux_system_repo_mcp_saltstack_version}/saltstack-${_param:salt_version}/${_param:linux_system_codename}/ ${_param:linux_system_codename} main"
+ architectures: amd64
+ key_id: 0E08A149DE57BFBE
+ key_server: keyserver.ubuntu.com
+ clean_file: true
diff --git a/linux/system/repo_local/mcp/apt_mirantis/saltstack.yml b/linux/system/repo_local/mcp/apt_mirantis/saltstack.yml
new file mode 100644
index 0000000..5b2a904
--- /dev/null
+++ b/linux/system/repo_local/mcp/apt_mirantis/saltstack.yml
@@ -0,0 +1,17 @@
+parameters:
+ _param:
+ apt_mk_version: stable
+ salt_version: 2016.3
+ linux_system_repo_mcp_saltstack_version: ${_param:apt_mk_version}
+ linux:
+ system:
+ repo:
+ mcp_saltstack:
+ source: "deb [arch=amd64] http://${_param:local_repo_url}/ubuntu-${_param:linux_system_codename}/salt/${_param:salt_version}/ ${_param:linux_system_repo_mcp_saltstack_version} main"
+ architectures: amd64
+ key_url: "http://${_param:local_repo_url}/public.gpg"
+ clean_file: true
+ pin:
+ - pin: 'release a=${_param:linux_system_repo_mcp_saltstack_version}'
+ priority: 1100
+ package: '*'
\ No newline at end of file
diff --git a/neutron/client/service/public.yml b/neutron/client/service/public.yml
index c3e2ca3..532a8cf 100644
--- a/neutron/client/service/public.yml
+++ b/neutron/client/service/public.yml
@@ -21,5 +21,5 @@
allocation_pools:
- start: ${_param:openstack_public_neutron_subnet_allocation_start}
end: ${_param:openstack_public_neutron_subnet_allocation_end}
- gateway: ${_param:openstack_public_neutron_subnet_gateway}
+ gateway_ip: ${_param:openstack_public_neutron_subnet_gateway}
enable_dhcp: False
diff --git a/nginx/server/proxy/openstack_api.yml b/nginx/server/proxy/openstack_api.yml
index f9f363d..9492c56 100644
--- a/nginx/server/proxy/openstack_api.yml
+++ b/nginx/server/proxy/openstack_api.yml
@@ -8,4 +8,3 @@
- system.nginx.server.proxy.openstack.keystone_private
- system.nginx.server.proxy.openstack.neutron
- system.nginx.server.proxy.openstack.nova
-- system.nginx.server.proxy.openstack.nova_ec2
diff --git a/nova/compute/cluster.yml b/nova/compute/cluster.yml
index f32fffd..c88dcc7 100644
--- a/nova/compute/cluster.yml
+++ b/nova/compute/cluster.yml
@@ -97,4 +97,9 @@
user:
public_key: ${_param:nova_compute_ssh_public}
private_key: ${_param:nova_compute_ssh_private}
+ # Due to bug in qemu, migration will not work when fqdn is higher than 64 chars.
+ # https://bugzilla.redhat.com/show_bug.cgi?id=1568939
+ # Set migration address explicitly to avoid such problems.
+ libvirt:
+ migration_inbound_addr: ${_param:single_address}
my_ip: ${_param:single_address}
diff --git a/nova/compute/single.yml b/nova/compute/single.yml
index 483a1d3..786e792 100644
--- a/nova/compute/single.yml
+++ b/nova/compute/single.yml
@@ -93,4 +93,9 @@
user:
public_key: ${_param:nova_compute_ssh_public}
private_key: ${_param:nova_compute_ssh_private}
+ # Due to bug in qemu, migration will not work when fqdn is higher than 64 chars.
+ # https://bugzilla.redhat.com/show_bug.cgi?id=1568939
+ # Set migration address explicitly to avoid such problems.
+ libvirt:
+ migration_inbound_addr: ${_param:single_address}
my_ip: ${_param:single_address}
diff --git a/openssh/server/team/maintenance.yml b/openssh/server/team/maintenance.yml
index 44e8639..33cc697 100644
--- a/openssh/server/team/maintenance.yml
+++ b/openssh/server/team/maintenance.yml
@@ -1,9 +1,11 @@
classes:
- system.linux.system.sudo
-- system.openssh.server.team.members.astupnikov
- system.openssh.server.team.members.dmeltsaykin
-- system.openssh.server.team.members.myatsenko
- system.openssh.server.team.members.omolchanov
+- system.openssh.server.team.members.ibumarskov
+- system.openssh.server.team.members.vkhlyunev
+- system.openssh.server.team.members.vjigulin
+- system.openssh.server.team.members.dtsapikov
parameters:
_param:
linux_system_user_sudo: true
diff --git a/openssh/server/team/members/dtsapikov.yml b/openssh/server/team/members/dtsapikov.yml
new file mode 100644
index 0000000..82b3526
--- /dev/null
+++ b/openssh/server/team/members/dtsapikov.yml
@@ -0,0 +1,20 @@
+parameters:
+ linux:
+ system:
+ user:
+ dtsapikov:
+ enabled: true
+ name: dtsapikov
+ sudo: ${_param:linux_system_user_sudo}
+ full_name: Dmitry Tsapikov
+ home: /home/dtsapikov
+ email: dtsapikov@mirantis.com
+ openssh:
+ server:
+ enabled: true
+ user:
+ dtsapikov:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDqcQyBOTEtVB82WmUSOpFN2e3/38BxaX3+Gq0lIsBatGK4WlTeSlrnquq9ANenAUzf6yphPy5sQFiegf8mVJ2jD7a8N7MH2K1zVsQUIM2d84SA4f8YxUOyBsAL32nesmxrsFvGQiV2U1XRIuuNqTqjrX5gsTUznkVqYZWvmvoEVT/GsoFKH7aPb7w88/3EAXysSkfJBTEINjWV14+jpv5u/hWv/K/UU/gptx9aEUw9bYUaH5rW8lW9nyIp+BPT0z5BvHTtk+KIDjqS2SEAYVnV/qWoHIU1rGDXbAXcNgN0iFVdOfLhvenxhkyXV/9+UFoAibLBzBTrXxbnoK5AkTyF dtsapikov@Dmitrys-MacBook-Pro.local
+ user: ${linux:system:user:dtsapikov}
diff --git a/openssh/server/team/members/ibumarskov.yml b/openssh/server/team/members/ibumarskov.yml
new file mode 100644
index 0000000..ba87f1e
--- /dev/null
+++ b/openssh/server/team/members/ibumarskov.yml
@@ -0,0 +1,20 @@
+parameters:
+ linux:
+ system:
+ user:
+ ibumarskov:
+ enabled: true
+ name: ibumarskov
+ sudo: ${_param:linux_system_user_sudo}
+ full_name: Ilya Bumarskov
+ home: /home/ibumarskov
+ email: ibumarskov@mirantis.com
+ openssh:
+ server:
+ enabled: true
+ user:
+ ibumarskov:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDay30C5s6TWCxj2DFgAvSITpuou2bsHQbbtRVVo5vbVWzZExsVr6v9mfqqWIbBwqnoGLDehEf58pczlvSb7np+/uVheFeIoocPoL0hgvK5PveS6Hb5niTBXVUk1pgtbDXWmlLmpUCMQUiX5zEE47x04/orrkqaLkWsZoGyXD9aFEjfZNmFWP38JDUDqv/r1awmi6L2UonDegN5L4PrQTlRk0ZoNUKeGYndHHY2Waop50ZsLtiS7JorIzMvicOtdOnZjZmTvrg9EYoHwS2ZWtPOjvwOtSRziOFdltCjxhHgh7jmETdTLLuvJHVKr8UXMO8tWmqet+LaJOzJNpBfSTKR ibumarskov@ubuntu
+ user: ${linux:system:user:ibumarskov}
diff --git a/openssh/server/team/members/mcp-scale-jenkins.yml b/openssh/server/team/members/mcp-scale-jenkins.yml
new file mode 100644
index 0000000..3ec3a1c
--- /dev/null
+++ b/openssh/server/team/members/mcp-scale-jenkins.yml
@@ -0,0 +1,23 @@
+parameters:
+ linux:
+ system:
+ user:
+ mcp-scale-jenkins:
+ enabled: true
+ name: mcp-scale-jenkins
+ sudo: ${_param:linux_system_user_sudo}
+ full_name: MCP Scale team
+ home: /home/mcp-scale-jenkins
+ email: mos-scale-jenkins@mirantis.com
+ openssh:
+ server:
+ enabled: true
+ user:
+ mcp-scale-jenkins:
+ enabled: true
+ public_keys: ${public_keys:mcp-scale-jenkins}
+ user: ${linux:system:user:mcp-scale-jenkins}
+ public_keys:
+ mcp-scale-jenkins:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDnaV3xTY8bzK9zdsgNgnQMFyMuuM3sjMaC10Lv5nM0Zl4+4r76XMNMN/Vd1FbI3U5StlHo1CHr0Byrufrnzg4YjoqPED4vlyPwwr5oWeqVHWt7pFitu7HB1xyUPdADR4PSqxUsGV6VWvj+mv18jRZj2w006NJvTSN7N2T7F99lUqUIm9FlfliIH9gNepyX4jaN+/aUppAtFMqomUNjWDbdCxedWQRO2f7H+ZbuRq23jhSbnNTrvhCzg+E6yroarkSKv5lASuBS8nOAw233PZzBi7E1boRF9B9yTDYBX1yFjR9iZyFTq+WXQzvxN2HTInSiL6VFnpz2My5fa3J2ZiTZ
+
diff --git a/openssh/server/team/members/vdrok.yml b/openssh/server/team/members/vdrok.yml
new file mode 100644
index 0000000..44611fb
--- /dev/null
+++ b/openssh/server/team/members/vdrok.yml
@@ -0,0 +1,20 @@
+parameters:
+ linux:
+ system:
+ user:
+ vdrok:
+ enabled: true
+ name: vdrok
+ sudo: ${_param:linux_system_user_sudo}
+ full_name: Vladyslav Drok
+ home: /home/vdrok
+ email: vdrok@mirantis.com
+ openssh:
+ server:
+ enabled: true
+ user:
+ vdrok:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCpnn6IyistbIGnzeV3DOWR+u/QLl1cuQspwuvcl1FxeZljkdIgLXcNVzFaFHSX+rOgrOLpcFf3X+dwnB55EoUDj85IOwKz1tVoD5Df42xZMnmjnvOaAScVTStrdcWxzpB6bWt/+GWpt1br3pLpTjqZxa1YipT7tz6bs7cNKplvQuBaoYeG/x9ycRhLIhYXFYOtHD/lxwTRqHnvpwdNKRYPtfakR/kaeZEaYQoJlVcAq0AKzws8l87InoWnjGo/NrBJTvgiLQPYw6uJ9mf17p2GVv1JGCbEpPKnRLyIitdwCFjYEwAKoSsisf2TdH9iY1DWwJEuPzsvjM2ZCPcc7baV vlad@carbon
+ user: ${linux:system:user:vdrok}
diff --git a/openssh/server/team/members/vjigulin.yml b/openssh/server/team/members/vjigulin.yml
new file mode 100644
index 0000000..58e3a00
--- /dev/null
+++ b/openssh/server/team/members/vjigulin.yml
@@ -0,0 +1,20 @@
+parameters:
+ linux:
+ system:
+ user:
+ vjigulin:
+ enabled: true
+ name: vjigulin
+ sudo: ${_param:linux_system_user_sudo}
+ full_name: Vladimir Jigulin
+ home: /home/vjigulin
+ email: vjigulin@mirantis.com
+ openssh:
+ server:
+ enabled: true
+ user:
+ vjigulin:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDI+OmVDWql8hAOtHIN03zmd0vOj6lzgRwgT5/atyJHbkcl9y5CuB5+DdlXplMcPnm7lH+2u9LnWr21dcal3DuoHYSavnRKvyZZfTDDyvWB1FGYwM8igrdrrSGGuhl5yLlRbuXdQzlfo889s0LYtymKDdXIdo+WDdC/jDnVgUXA6J4TWQ/D2U9GLXRoT10J0duN664bbbdmJhSq7Qehq94k2as7Jy9R3HtvT+DIITrCVua3yPg0Zm+SxCA8xT8g3VKtdKTJdTlDG6o6PXWHR3W9jfNbO6CayLTBaiAFXqbKAol31yCaRbcDZfnoWfmFVu6rsQ90WZv4L9gK05uNBH1z mogaika@mogaika
+ user: ${linux:system:user:vjigulin}
diff --git a/openssh/server/team/members/vkhlyunev.yml b/openssh/server/team/members/vkhlyunev.yml
new file mode 100644
index 0000000..9779831
--- /dev/null
+++ b/openssh/server/team/members/vkhlyunev.yml
@@ -0,0 +1,20 @@
+parameters:
+ linux:
+ system:
+ user:
+ vkhlyunev:
+ enabled: true
+ name: vkhlyunev
+ sudo: ${_param:linux_system_user_sudo}
+ full_name: Vladimir Khlyunev
+ home: /home/vkhlyunev
+ email: vkhlyunev@mirantis.com
+ openssh:
+ server:
+ enabled: true
+ user:
+ vkhlyunev:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1v5pWSan9H2Wl64C8bKWmbULp0QgJUi9FqPyuw1bfS5GfHLxejPxaDzec0uSx0PXWzS9afwIO7aGA1dg+dvdl1iPy9jfpkQbGGsusmSsbLvf6+WLVsPk90Bvoc4anmEsG2DWT1SGR65d/imjlwsnlbHTQIm0YucjDjV/p2MmYlbaFLm+ynfo9mt1mP954GDPKQHvyBpxvAIEHL3xAcnNXcpSXm2jhCNsNGUSpY+R7gin2q8MtrpzQNeZZ8degUMpgba7CTXN1sws2dc3UayJ8KZkyRVJNk6mpt2jey03izJzXzt3ux3hg5lToELvEIMDdHOPHT0b0U7f2H+eBCfH/ vkhlyunev@cz7317
+ user: ${linux:system:user:vkhlyunev}
diff --git a/openssh/server/team/oscore_devops.yml b/openssh/server/team/oscore_devops.yml
index 49207eb..12ef0c6 100644
--- a/openssh/server/team/oscore_devops.yml
+++ b/openssh/server/team/oscore_devops.yml
@@ -4,6 +4,7 @@
- system.openssh.server.team.members.vnogin
- system.openssh.server.team.members.mkarpin
- system.openssh.server.team.members.iudovichenko
+- system.openssh.server.team.members.vdrok
parameters:
_param:
linux_system_user_sudo: true
diff --git a/openssh/server/team/qa_scale.yml b/openssh/server/team/qa_scale.yml
index 0414e35..9415496 100644
--- a/openssh/server/team/qa_scale.yml
+++ b/openssh/server/team/qa_scale.yml
@@ -3,6 +3,7 @@
- system.openssh.server.team.members.sgalkin
- system.openssh.server.team.members.obasov
- system.openssh.server.team.members.mikhailkraynov
+- system.openssh.server.team.members.mcp-scale-jenkins
parameters:
_param:
diff --git a/openssh/server/team/services_qa.yml b/openssh/server/team/services_qa.yml
index 3e64bd3..682dd8a 100644
--- a/openssh/server/team/services_qa.yml
+++ b/openssh/server/team/services_qa.yml
@@ -16,6 +16,12 @@
sudo: true
full_name: Mikhail Chernik
home: /home/mchernik
+ ozhurba:
+ enabled: true
+ name: ozhurba
+ sudo: true
+ full_name: Oleksii Zhurba
+ home: /home/ozhurba
openssh:
server:
enabled: true
@@ -30,8 +36,15 @@
public_keys:
- ${public_keys:mchernik}
user: ${linux:system:user:mchernik}
+ ozhurba:
+ enabled: true
+ public_keys:
+ - ${public_keys:ozhurba}
+ user: ${linux:system:user:ozhurba}
public_keys:
npliashechnikov:
key: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxy9ZNE+36U1W3vPxzMx++AujS8Ay9ZgJrfaa6YsWl1FeN87VuGucslHjLqFfiIYJLQl3m7tSLiAujQ/izBKDbfA5hd5z7JaCRB1LE+CehmCL0UVwsHflAi0tPn1tDrTcVGf/BRH0FsoZJo+KpOwohYGN8BMOpUIAP2SkGrE7cGbPrd9NbRqPW80iyIzsNIqzVKTcsh0CcJcr05V5n3or0GvteDMxl+mjAi6hpfx06a/bEfPLV10Ftl4+nIkbXr0KWA68uy7XmTlH+qgVUCMGwRP4mFaU63+uX45WboLKQ0aacPX833qvZJTIPe2FhAygoVoBwgOKBzrbnicBa9U+AQ== dkth1p3@lxf01p581
mchernik:
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiYzcWNIP1K3DnSfztIZdMTl6zSr133eixsHDWWqI71Fj5UOny4kMH2P/qYk0WHhm7P9kwBNDgmJBY/eO5jb00D2w9BGHyvsOnkpAgzw5neL4ivRT7qLWkRdbcLo8AAFQN7VW+bgMb8gFfYWfttHyfkbJOQlU2xmi8fvhQ+2IM/12S0f0lP2uIYgVn8g9f+1OmtXKOWi/cKx0+6NYsuFjM2oVRlBhwlhPD2mI00rSL6zYjz/8GapPPkylQnds09NueNmrScjsPmJl6lPzU8maxHABZ/KctIZW/0ucMolv/3Ybm5FJIsj6YGUdz7AWzdE9o4tSfugFR3P7Ng/scxXpZ migel@mungo
+ ozhurba:
+ key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUwubPT8GWUeuPCdPeYlIuN8OaD0umc0JuyKWf5ViVhX3VqB6CwS6/ddm9fpbAedV/8J5l/Sl/usK/WuCPVBgKEuGtidRcrABxRt49q+aum5WRd6bsYv4UxFZmaDHKgg6g8LR7Ii26GPM/HdM1CdqnxpVicz7QRj3pgLDYLippg7RAktKkp4Jw7gkBFNR7UXGHr/5qX08VoUadbgWQP7OdHdgSxysqkSiN1Rr9URWEpwZ5wfblkbEzR1JBg6kYJAP3sTJvOQguFvFCVu6++/UX2wbrrc0+0eAO31lFUAIjboYLpWDj5Sj/ER3uwTX0dJw0wpSsa9lHn/LSZrJhrA5v ozhurba@zhurba-mac
diff --git a/postgresql/client/pushkin.yml b/postgresql/client/pushkin.yml
deleted file mode 100644
index c6ec567..0000000
--- a/postgresql/client/pushkin.yml
+++ /dev/null
@@ -1,26 +0,0 @@
-classes:
- - system.postgresql.client
-parameters:
- _param:
- pushkin_db_host: ${_param:haproxy_postgresql_bind_host}
- pushkin_db_user: pushkin
- pushkin_db_user_password: pushkin
- postgresql:
- client:
- server:
- server01:
- database:
- pushkin:
- enabled: true
- encoding: 'UTF8'
- locale: 'en_US'
- users:
- - name: ${_param:pushkin_db_user}
- password: ${_param:pushkin_db_user_password}
- host: ${_param:pushkin_db_host}
- createdb: true
- rights: all privileges
- extension:
- hstore:
- enabled: true
-
diff --git a/postgresql/client/alertmanager.yml b/postgresql/client/pushkin/alertmanager.yml
similarity index 68%
rename from postgresql/client/alertmanager.yml
rename to postgresql/client/pushkin/alertmanager.yml
index 8bd272a..8e413da 100644
--- a/postgresql/client/alertmanager.yml
+++ b/postgresql/client/pushkin/alertmanager.yml
@@ -12,16 +12,7 @@
server:
server01:
database:
- alertmanager:
- enabled: true
- encoding: 'UTF8'
- locale: 'en_US'
- users:
- - name: ${_param:alertmanager_db_user}
- password: ${_param:alertmanager_db_user_password}
- host: ${_param:alertmanager_db_host}
- createdb: true
- rights: all privileges
+ pushkin:
init:
maintenance_db: pushkin
force: true
diff --git a/postgresql/client/pushkin/init.yml b/postgresql/client/pushkin/init.yml
new file mode 100644
index 0000000..5677646
--- /dev/null
+++ b/postgresql/client/pushkin/init.yml
@@ -0,0 +1,54 @@
+classes:
+ - system.postgresql.client
+parameters:
+ _param:
+ pushkin_db_host: ${_param:haproxy_postgresql_bind_host}
+ pushkin_db_user: pushkin
+ pushkin_db_user_password: pushkin
+ postgresql:
+ client:
+ server:
+ server01:
+ database:
+ pushkin:
+ enabled: true
+ encoding: 'UTF8'
+ locale: 'en_US'
+ users:
+ - name: ${_param:pushkin_db_user}
+ password: ${_param:pushkin_db_user_password}
+ host: ${_param:pushkin_db_host}
+ createdb: true
+ rights: all privileges
+ init:
+ maintenance_db: pushkin
+ queries:
+ - ALTER DEFAULT PRIVILEGES IN SCHEMA public GRANT SELECT ON TABLES TO public;
+ - CREATE TABLE IF NOT EXISTS login (id int8 NOT NULL, language_id int2, PRIMARY KEY (id));
+ - CREATE TABLE IF NOT EXISTS device (id serial NOT NULL, login_id int8 NOT NULL, platform_id int2 NOT NULL, device_token text NOT NULL, device_token_new text, application_version int4, unregistered_ts timestamp, device_id text, PRIMARY KEY(id));
+ - CREATE INDEX IF NOT EXISTS idx_device_login_id ON device (login_id);
+ - ALTER TABLE device DROP CONSTRAINT IF EXISTS Ref_device_to_login;
+ - ALTER TABLE device ADD CONSTRAINT Ref_device_to_login FOREIGN KEY (login_id) REFERENCES login(id) MATCH SIMPLE ON DELETE CASCADE ON UPDATE NO ACTION NOT DEFERRABLE;
+ - CREATE TABLE IF NOT EXISTS message (id serial NOT NULL, name text NOT NULL, cooldown_ts int8, trigger_event_id int4, screen text NOT NULL DEFAULT '', PRIMARY KEY (id), CONSTRAINT c_message_unique_name UNIQUE(name));
+ - CREATE TABLE IF NOT EXISTS message_localization (id serial NOT NULL, message_id int4 NOT NULL, language_id int2 NOT NULL, message_title text NOT NULL, message_text text NOT NULL, PRIMARY KEY(id), CONSTRAINT c_message_loc_unique_message_language UNIQUE(message_id, language_id));
+ - ALTER TABLE message_localization DROP CONSTRAINT IF EXISTS ref_message_id_to_message;
+ - ALTER TABLE message_localization ADD CONSTRAINT ref_message_id_to_message FOREIGN KEY (message_id) REFERENCES message(id) MATCH SIMPLE ON DELETE CASCADE ON UPDATE NO ACTION NOT DEFERRABLE;
+ - CREATE TABLE IF NOT EXISTS user_message_last_time_sent (id serial NOT NULL, login_id int8 NOT NULL, message_id int4 NOT NULL, last_time_sent_ts_bigint int8 NOT NULL, PRIMARY KEY (id), CONSTRAINT c_user_unique_message UNIQUE(login_id, message_id));
+ - ALTER TABLE user_message_last_time_sent DROP CONSTRAINT IF EXISTS ref_login_id_to_login
+ - ALTER TABLE user_message_last_time_sent ADD CONSTRAINT ref_login_id_to_login FOREIGN KEY (login_id) REFERENCES login(id) MATCH SIMPLE ON DELETE CASCADE ON UPDATE NO ACTION NOT DEFERRABLE;
+ - ALTER TABLE user_message_last_time_sent DROP CONSTRAINT IF EXISTS ref_message_id_to_message
+ - ALTER TABLE user_message_last_time_sent ADD CONSTRAINT ref_message_id_to_message FOREIGN KEY (message_id) REFERENCES message(id) MATCH SIMPLE ON DELETE CASCADE ON UPDATE NO ACTION NOT DEFERRABLE;
+ - ALTER TABLE login OWNER TO ${_param:pushkin_db_user};
+ - ALTER TABLE device OWNER TO ${_param:pushkin_db_user};
+ - ALTER TABLE message OWNER TO ${_param:pushkin_db_user};
+ - ALTER TABLE message_localization OWNER TO ${_param:pushkin_db_user};
+ - ALTER TABLE user_message_last_time_sent OWNER TO ${_param:pushkin_db_user};
+ - GRANT ALL PRIVILEGES ON TABLE login TO ${_param:pushkin_db_user};
+ - GRANT ALL PRIVILEGES ON TABLE device TO ${_param:pushkin_db_user};
+ - GRANT ALL PRIVILEGES ON TABLE message TO ${_param:pushkin_db_user};
+ - GRANT ALL PRIVILEGES ON TABLE message_localization TO ${_param:pushkin_db_user};
+ - GRANT ALL PRIVILEGES ON TABLE user_message_last_time_sent TO ${_param:pushkin_db_user};
+ extension:
+ hstore:
+ enabled: true
+
diff --git a/postgresql/client/janitor_monkey.yml b/postgresql/client/pushkin/janitor_monkey.yml
similarity index 68%
rename from postgresql/client/janitor_monkey.yml
rename to postgresql/client/pushkin/janitor_monkey.yml
index def9a06..b56d098 100644
--- a/postgresql/client/janitor_monkey.yml
+++ b/postgresql/client/pushkin/janitor_monkey.yml
@@ -12,16 +12,7 @@
server:
server01:
database:
- janmonkey:
- enabled: true
- encoding: 'UTF8'
- locale: 'en_US'
- users:
- - name: ${_param:janmonkey_db_user}
- password: ${_param:janmonkey_db_user_password}
- host: ${_param:janmonkey_db_host}
- createdb: true
- rights: all privileges
+ pushkin:
init:
maintenance_db: pushkin
force: true
diff --git a/postgresql/client/pushkin/security_monkey.yml b/postgresql/client/pushkin/security_monkey.yml
new file mode 100644
index 0000000..18154cd
--- /dev/null
+++ b/postgresql/client/pushkin/security_monkey.yml
@@ -0,0 +1,19 @@
+classes:
+ - system.postgresql.client
+parameters:
+ _param:
+ secmonkey_db_host: ${_param:haproxy_postgresql_bind_host}
+ secmonkey_db_user: secmonkey
+ secmonkey_db_user_password: secmonkey
+ postgresql:
+ client:
+ server:
+ server01:
+ database:
+ pushkin:
+ init:
+ maintenance_db: pushkin
+ force: true
+ queries:
+ - INSERT INTO login VALUES (${_param:secmonkey_login_id}, ${_param:secmonkey_application_id}) ON CONFLICT (id) DO UPDATE SET id = excluded.id;
+ - INSERT INTO device VALUES (${_param:secmonkey_application_id}, ${_param:secmonkey_login_id}, 42, 'security_audit_service', NULL, 1, NULL) ON CONFLICT (id) DO UPDATE SET id = excluded.id;
diff --git a/postgresql/client/sfdc.yml b/postgresql/client/pushkin/sfdc.yml
similarity index 68%
rename from postgresql/client/sfdc.yml
rename to postgresql/client/pushkin/sfdc.yml
index bafd9c9..57af7fe 100644
--- a/postgresql/client/sfdc.yml
+++ b/postgresql/client/pushkin/sfdc.yml
@@ -12,16 +12,7 @@
server:
server01:
database:
- sfdc:
- enabled: true
- encoding: 'UTF8'
- locale: 'en_US'
- users:
- - name: ${_param:sfdc_db_user}
- password: ${_param:sfdc_db_user_password}
- host: ${_param:sfdc_db_host}
- createdb: true
- rights: all privileges
+ pushkin:
init:
maintenance_db: pushkin
force: true
diff --git a/postgresql/client/security_monkey.yml b/postgresql/client/security_monkey.yml
index c47e241..ab7a4c8 100644
--- a/postgresql/client/security_monkey.yml
+++ b/postgresql/client/security_monkey.yml
@@ -20,9 +20,3 @@
host: ${_param:secmonkey_db_host}
createdb: true
rights: all privileges
- init:
- maintenance_db: pushkin
- force: true
- queries:
- - INSERT INTO login VALUES (${_param:secmonkey_login_id}, ${_param:secmonkey_application_id}) ON CONFLICT (id) DO UPDATE SET id = excluded.id;
- - INSERT INTO device VALUES (${_param:secmonkey_application_id}, ${_param:secmonkey_login_id}, 42, 'security_audit_service', NULL, 1, NULL) ON CONFLICT (id) DO UPDATE SET id = excluded.id;
diff --git a/prometheus/alertmanager/notification/email.yml b/prometheus/alertmanager/notification/email.yml
index 4daec23..fdbc05e 100644
--- a/prometheus/alertmanager/notification/email.yml
+++ b/prometheus/alertmanager/notification/email.yml
@@ -9,7 +9,7 @@
receiver: SMTP
match_re:
- label: route
- value: email
+ value: '(.*email.*)'
continue: true
receiver:
SMTP:
diff --git a/prometheus/alertmanager/notification/pushkin.yml b/prometheus/alertmanager/notification/pushkin.yml
index 151801b..ec749d7 100644
--- a/prometheus/alertmanager/notification/pushkin.yml
+++ b/prometheus/alertmanager/notification/pushkin.yml
@@ -10,6 +10,9 @@
routes:
pushkin:
receiver: HTTP-pushkin
+ match_re:
+ - label: route
+ value: '(.*pushkin.*)'
continue: true
receiver:
HTTP-pushkin:
diff --git a/prometheus/alertmanager/notification/slack.yml b/prometheus/alertmanager/notification/slack.yml
index 412e91f..a86c403 100644
--- a/prometheus/alertmanager/notification/slack.yml
+++ b/prometheus/alertmanager/notification/slack.yml
@@ -7,6 +7,9 @@
routes:
slack:
receiver: HTTP-slack
+ match_re:
+ - label: route
+ value: '(.*slack.*)'
continue: true
receiver:
HTTP-slack: