Merge "Add ability to override gerrit publish ports"
diff --git a/defaults/openstack/init.yml b/defaults/openstack/init.yml
index f8949e9..d80c7d0 100644
--- a/defaults/openstack/init.yml
+++ b/defaults/openstack/init.yml
@@ -12,3 +12,9 @@
# Cinder
cinder_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
cinder_memcache_secret_key: ''
+ # Nova
+ nova_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
+ nova_memcache_secret_key: ''
+ # Glance
+ glance_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
+ glance_memcache_secret_key: ''
diff --git a/docker/swarm/stack/operations_api.yml b/docker/swarm/stack/operations_api.yml
index 8d7aef7..74426ad 100644
--- a/docker/swarm/stack/operations_api.yml
+++ b/docker/swarm/stack/operations_api.yml
@@ -2,6 +2,7 @@
_param:
docker_operations_api_replicas: 1
docker_image_operations_api: mirantis/python-operations-api:latest
+ docker_image_operations_ui: mirantis/operations-ui:latest
operations_api_sqlalchemy_database_uri: "cockroachdb://oapi@cockroach-ui:26257/oapi"
operations_api_sqlalchemy_echo: "false"
operations_api_flask_debug: "false"
@@ -55,6 +56,15 @@
- cockroach-ui
volumes:
- /srv/volumes/cockroachdb/cockroach-db-1:/cockroach/cockroach-data
+ operations-ui:
+ environment:
+ REACT_APP_OPERATIONS_API_URL: 'http://${_param:cluster_public_host}:${_param:haproxy_operations_api_bind_port}'
+ REACT_APP_KEYCLOAK_AUTH_URL: 'http://${_param:cluster_public_host}:${_param:haproxy_keycloak_proxy_exposed_port}/auth'
+ REACT_APP_KEYCLOAK_REALM: 'drivetrain-realm'
+ REACT_APP_KEYCLOAK_CLIENT_ID: 'operations-ui'
+ image: ${_param:docker_image_operations_ui}
+ ports:
+ - ${_param:haproxy_operations_ui_exposed_port}:${_param:haproxy_operations_ui_bind_port}
cockroach-init:
environment:
COCKROACH_HOST: cockroach-ui
diff --git a/glance/control/cluster.yml b/glance/control/cluster.yml
index de8e9ae..0c17ac8 100644
--- a/glance/control/cluster.yml
+++ b/glance/control/cluster.yml
@@ -6,9 +6,6 @@
- system.salt.minion.cert.mysql.clients.openstack.glance
- system.salt.minion.cert.rabbitmq.clients.openstack.glance
parameters:
- _param:
- glance_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
- glance_memcache_secret_key: ''
linux:
system:
cron:
diff --git a/glance/control/single.yml b/glance/control/single.yml
index ad6e1cb..c9b818d 100644
--- a/glance/control/single.yml
+++ b/glance/control/single.yml
@@ -3,9 +3,6 @@
- system.salt.minion.cert.mysql.clients.openstack.glance
- system.salt.minion.cert.rabbitmq.clients.openstack.glance
parameters:
- _param:
- glance_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
- glance_memcache_secret_key: ''
linux:
system:
cron:
diff --git a/jenkins/client/job/k8s-test/init.yml b/jenkins/client/job/k8s-test/init.yml
index 7a391af..2500254 100644
--- a/jenkins/client/job/k8s-test/init.yml
+++ b/jenkins/client/job/k8s-test/init.yml
@@ -1,6 +1,2 @@
-classes:
-- system.jenkins.client.job.k8s-test.mcp-k8s-test-pipeline
-- system.jenkins.client.job.k8s-test.mcp-k8s-merge-pipeline
-- system.jenkins.client.job.k8s-test.mcp-k8s-generic-test-pipeline
-- system.jenkins.client.job.k8s-test.mcp-k8s-generic-merge-pipeline
-- system.jenkins.client.job.k8s-test.mcp-k8s-formula-test-pipeline
+# This file will be removed in Q3
+# jobs was moved into salt-models/infra repo
diff --git a/jenkins/client/job/k8s-test/mcp-k8s-formula-test-pipeline.yml b/jenkins/client/job/k8s-test/mcp-k8s-formula-test-pipeline.yml
index d07fedd..2500254 100644
--- a/jenkins/client/job/k8s-test/mcp-k8s-formula-test-pipeline.yml
+++ b/jenkins/client/job/k8s-test/mcp-k8s-formula-test-pipeline.yml
@@ -1,88 +1,2 @@
-parameters:
- jenkins:
- client:
- job:
- mcp_k8s_formula_test_pipeline:
- type: workflow-scm
- name: mcp-k8s-formula-test-pipeline
- display_name: "Kubernetes formula test pipeline"
- description: "Run k8s conformance against gerrit commit"
- discard:
- build:
- keep_num: 30
- artifact:
- keep_num: 30
- concurrent: true
- scm:
- type: git
- url: "${_param:jenkins_gerrit_url}/kubernetes-ci/kubernetes-pipelines"
- credentials: "gerrit"
- script: pipelines/mcp-formula-change-test-pipeline.groovy
- trigger:
- gerrit:
- project:
- salt-formulas/kubernetes:
- branches:
- - compare_type: "ANT"
- name: "**"
- skip_vote:
- - successful
- - failed
- - unstable
- - not_built
- event:
- patchset:
- - created:
- excludeDrafts: false
- excludeTrivialRebase: false
- excludeNoCodeChange: false
- comment:
- - addedContains:
- commentAddedCommentContains: '^(?s:Patch Set \d+:.*(test|recheck|reverify)\s*)$'
- param:
- SOURCE_CREDENTIALS:
- type: string
- default: "gerrit"
- UPLOAD_APTLY:
- type: boolean
- default: 'true'
- description: Whether to upload to Aptly
- APTLY_REPO:
- type: string
- default: ""
- description: Aptly repo name
- BUILD_PACKAGE:
- type: boolean
- default: 'true'
- description: Whether to build package
- APTLY_REPO_URL:
- type: string
- default: "${_param:jenkins_aptly_url}"
- description: Aptly url
- APTLY_API_URL:
- type: string
- default: "${_param:jenkins_aptly_api_url}"
- description: Aptly API url
- SOURCES:
- type: text
- default: ""
- description: Optional parameter to list Git refspecs to be build
- PKG_BUILD_JOB_NAME:
- type: string
- default: "oscore-build-salt-formula-refspec"
- description: Jenkins job name to build package
- STACK_DELETE:
- type: boolean
- default: 'true'
- description: Whether to delete stacks ater tests
- APTLY_PREFIX:
- type: string
- default: "oscc-dev"
- description: Aptly prefix
- SOURCE_REPO_NAME:
- type: string
- description: "Name of the repo where packages are stored"
- default: "ubuntu-xenial-salt"
- DEPLOY_JOB:
- type: string
- default: "deploy-heat-k8s_ha_calico"
+# This file will be removed in Q3
+# jobs was moved into salt-models/infra repo
diff --git a/jenkins/client/job/k8s-test/mcp-k8s-generic-merge-pipeline.yml b/jenkins/client/job/k8s-test/mcp-k8s-generic-merge-pipeline.yml
index ad66033..2500254 100644
--- a/jenkins/client/job/k8s-test/mcp-k8s-generic-merge-pipeline.yml
+++ b/jenkins/client/job/k8s-test/mcp-k8s-generic-merge-pipeline.yml
@@ -1,62 +1,2 @@
-parameters:
- jenkins:
- client:
- job_template:
- mcp-k8s-generic-merge-pipeline:
- name: mcp-k8s-{{name}}-merge-pipeline
- jobs:
- - name: coredns
- display_name: "CoreDNS merge pipeline"
- pipeline: mcp-k8s-coredns-pipeline.groovy
- repo: kubernetes/coredns
- - name: dashboard
- display_name: "Kubernetes dashboard merge pipeline"
- pipeline: mcp-k8s-dashboard-pipeline.groovy
- repo: kubernetes/dashboard
- - name: external-dns
- display_name: "External DNS merge pipeline"
- pipeline: mcp-k8s-ext-dns-pipeline.groovy
- repo: kubernetes/external-dns
- - name: metallb
- display_name: "Metal LB merge pipeline"
- pipeline: mcp-k8s-metallb-pipeline.groovy
- repo: kubernetes/metallb
- - name: nginx-ingress
- display_name: "NGINX ingress merge pipeline"
- pipeline: mcp-k8s-ingress-nginx-pipeline.groovy
- repo: kubernetes/ingress-nginx
- template:
- type: workflow-scm
- display_name: "{{display_name}}"
- discard:
- build:
- keep_num: 20
- concurrent: false
- scm:
- type: git
- url: "${_param:jenkins_gerrit_url}/kubernetes-ci/kubernetes-pipelines"
- credentials: "gerrit"
- script: "pipelines/{{pipeline}}"
- trigger:
- gerrit:
- project:
- "{{repo}}":
- branches:
- - compare_type: "ANT"
- name: "**mcp**"
- message:
- build_successful: "Build successful"
- build_unstable: "Build unstable"
- build_failure: "Build failed"
- event:
- change:
- - merged
- param:
- KUBE_DOCKER_REGISTRY:
- type: string
- default: docker-dev-local.docker.mirantis.net
- description: 'Docker registry for binaries and images'
- KUBE_PROD_DOCKER_REGISTRY:
- type: string
- default: ${_param:mcp_docker_registry}
- description: 'Prod docker registry for binaries and images'
+# This file will be removed in Q3
+# jobs was moved into salt-models/infra repo
diff --git a/jenkins/client/job/k8s-test/mcp-k8s-generic-test-pipeline.yml b/jenkins/client/job/k8s-test/mcp-k8s-generic-test-pipeline.yml
index 3bf77cb..2500254 100644
--- a/jenkins/client/job/k8s-test/mcp-k8s-generic-test-pipeline.yml
+++ b/jenkins/client/job/k8s-test/mcp-k8s-generic-test-pipeline.yml
@@ -1,67 +1,2 @@
-parameters:
- jenkins:
- client:
- job_template:
- mcp-k8s-generic-test-pipeline:
- name: mcp-k8s-{{name}}-test-pipeline
- jobs:
- - name: coredns
- display_name: "CoreDNS test pipeline"
- pipeline: mcp-k8s-coredns-pipeline.groovy
- repo: kubernetes/coredns
- - name: dashboard
- display_name: "Kubernetes dashboard test pipeline"
- pipeline: mcp-k8s-dashboard-pipeline.groovy
- repo: kubernetes/dashboard
- - name: external-dns
- display_name: "External DNS test pipeline"
- pipeline: mcp-k8s-ext-dns-pipeline.groovy
- repo: kubernetes/external-dns
- - name: metallb
- display_name: "Metal LB test pipeline"
- pipeline: mcp-k8s-metallb-pipeline.groovy
- repo: kubernetes/metallb
- - name: nginx-ingress
- display_name: "NGINX ingress test pipeline"
- pipeline: mcp-k8s-ingress-nginx-pipeline.groovy
- repo: kubernetes/ingress-nginx
- template:
- type: workflow-scm
- display_name: "{{display_name}}"
- discard:
- build:
- keep_num: 50
- concurrent: true
- scm:
- type: git
- url: "${_param:jenkins_gerrit_url}/kubernetes-ci/kubernetes-pipelines"
- credentials: "gerrit"
- script: "pipelines/{{pipeline}}"
- trigger:
- gerrit:
- project:
- "{{repo}}":
- branches:
- - compare_type: "ANT"
- name: "**"
- message:
- build_successful: "Build successful"
- build_unstable: "Build unstable"
- build_failure: "Build failed"
- event:
- patchset:
- - created:
- excludeDrafts: false
- excludeTrivialRebase: false
- excludeNoCodeChange: false
- comment:
- - addedContains:
- commentAddedCommentContains: '(recheck|reverify)'
- override-votes:
- gerritBuildUnstableVerifiedValue: 1
- gerritBuildUnstableCodeReviewValue: 1
- param:
- KUBE_DOCKER_REGISTRY:
- type: string
- default: 'docker-dev-local.docker.mirantis.net'
- description: 'Docker registry for binaries and images'
+# This file will be removed in Q3
+# jobs was moved into salt-models/infra repo
diff --git a/jenkins/client/job/k8s-test/mcp-k8s-merge-pipeline.yml b/jenkins/client/job/k8s-test/mcp-k8s-merge-pipeline.yml
index 042e8d3..2500254 100644
--- a/jenkins/client/job/k8s-test/mcp-k8s-merge-pipeline.yml
+++ b/jenkins/client/job/k8s-test/mcp-k8s-merge-pipeline.yml
@@ -1,36 +1,2 @@
-parameters:
- jenkins:
- client:
- job:
- mcp_k8s_merge_pipeline:
- type: workflow-scm
- name: mcp-k8s-merge-pipeline
- display_name: "Kubernetes merge pipeline"
- discard:
- build:
- keep_num: 20
- concurrent: false
- scm:
- type: git
- url: "${_param:jenkins_gerrit_url}/kubernetes-ci/kubernetes-pipelines"
- credentials: "gerrit"
- script: pipelines/mcp-k8s-test-pipeline.groovy
- trigger:
- gerrit:
- project:
- kubernetes/kubernetes:
- branches:
- - compare_type: "ANT"
- name: "**mcp**"
- message:
- build_successful: "Build successful"
- build_unstable: "Build unstable"
- build_failure: "Build failed"
- event:
- change:
- - merged
- param:
- KUBE_DOCKER_REGISTRY:
- type: string
- default: docker-dev-local.docker.mirantis.net
- description: 'Docker registry for binaries and images'
+# This file will be removed in Q3
+# jobs was moved into salt-models/infra repo
diff --git a/jenkins/client/job/k8s-test/mcp-k8s-metallb-merge-pipeline.yml b/jenkins/client/job/k8s-test/mcp-k8s-metallb-merge-pipeline.yml
index c5ffe4e..2500254 100644
--- a/jenkins/client/job/k8s-test/mcp-k8s-metallb-merge-pipeline.yml
+++ b/jenkins/client/job/k8s-test/mcp-k8s-metallb-merge-pipeline.yml
@@ -1,40 +1,2 @@
-parameters:
- jenkins:
- client:
- job:
- mcp_k8s_metallb_merge_pipeline:
- type: workflow-scm
- name: mcp-k8s-metallb-merge-pipeline
- display_name: "MetalLB merge pipeline"
- discard:
- build:
- keep_num: 20
- concurrent: false
- scm:
- type: git
- url: "${_param:jenkins_gerrit_url}/kubernetes-ci/kubernetes-pipelines"
- credentials: "gerrit"
- script: pipelines/mcp-k8s-metallb-pipeline.groovy
- trigger:
- gerrit:
- project:
- kubernetes/metallb:
- branches:
- - compare_type: "ANT"
- name: "**mcp**"
- message:
- build_successful: "Build successful"
- build_unstable: "Build unstable"
- build_failure: "Build failed"
- event:
- change:
- - merged
- param:
- KUBE_DOCKER_REGISTRY:
- type: string
- default: docker-dev-local.docker.mirantis.net
- description: 'Docker registry for binaries and images'
- KUBE_PROD_DOCKER_REGISTRY:
- type: string
- default: ${_param:mcp_docker_registry}
- description: 'Prod docker registry for binaries and images'
+# This file will be removed in Q3
+# jobs was moved into salt-models/infra repo
diff --git a/jenkins/client/job/k8s-test/mcp-k8s-metallb-test-pipeline.yml b/jenkins/client/job/k8s-test/mcp-k8s-metallb-test-pipeline.yml
index fbce687..2500254 100644
--- a/jenkins/client/job/k8s-test/mcp-k8s-metallb-test-pipeline.yml
+++ b/jenkins/client/job/k8s-test/mcp-k8s-metallb-test-pipeline.yml
@@ -1,46 +1,2 @@
-parameters:
- jenkins:
- client:
- job:
- mcp_k8s_metallb_test_pipeline:
- type: workflow-scm
- name: mcp-k8s-metallb-test-pipeline
- display_name: "MetalLB tests pipeline"
- discard:
- build:
- keep_num: 50
- concurrent: true
- scm:
- type: git
- url: "${_param:jenkins_gerrit_url}/kubernetes-ci/kubernetes-pipelines"
- credentials: "gerrit"
- script: pipelines/mcp-k8s-metallb-pipeline.groovy
- trigger:
- gerrit:
- project:
- kubernetes/metallb:
- branches:
- - compare_type: "ANT"
- name: "**"
- message:
- build_successful: "Build successful"
- build_unstable: "Build unstable"
- build_failure: "Build failed"
- event:
- patchset:
- - created:
- excludeDrafts: false
- excludeTrivialRebase: false
- excludeNoCodeChange: false
- comment:
- - addedContains:
- commentAddedCommentContains: '(recheck|reverify)'
- override-votes:
- gerritBuildUnstableVerifiedValue: 1
- gerritBuildUnstableCodeReviewValue: 1
- param:
- KUBE_DOCKER_REGISTRY:
- type: string
- default: 'docker-dev-local.docker.mirantis.net'
- description: 'Docker registry for binaries and images'
-
+# This file will be removed in Q3
+# jobs was moved into salt-models/infra repo
diff --git a/jenkins/client/job/k8s-test/mcp-k8s-test-pipeline.yml b/jenkins/client/job/k8s-test/mcp-k8s-test-pipeline.yml
index 3e01ea2..2500254 100644
--- a/jenkins/client/job/k8s-test/mcp-k8s-test-pipeline.yml
+++ b/jenkins/client/job/k8s-test/mcp-k8s-test-pipeline.yml
@@ -1,69 +1,2 @@
-parameters:
- jenkins:
- client:
- job:
- mcp_k8s_test_pipeline:
- type: workflow-scm
- name: mcp-k8s-test-pipeline
- display_name: "Kubernetes tests pipeline"
- discard:
- build:
- keep_num: 50
- concurrent: true
- scm:
- type: git
- url: "${_param:jenkins_gerrit_url}/kubernetes-ci/kubernetes-pipelines"
- credentials: "gerrit"
- script: pipelines/mcp-k8s-test-pipeline.groovy
- trigger:
- gerrit:
- project:
- kubernetes/kubernetes:
- branches:
- - compare_type: "ANT"
- name: "**"
- message:
- build_successful: "Build successful"
- build_unstable: "Build unstable"
- build_failure: "Build failed"
- event:
- patchset:
- - created:
- excludeDrafts: false
- excludeTrivialRebase: false
- excludeNoCodeChange: false
- comment:
- - addedContains:
- commentAddedCommentContains: '(recheck|reverify)'
- override-votes:
- gerritBuildUnstableVerifiedValue: 1
- gerritBuildUnstableCodeReviewValue: 1
- param:
- KUBE_DOCKER_REGISTRY:
- type: string
- default: docker-dev-local.docker.mirantis.net
- description: 'Docker registry for binaries and images'
- CALICO_DOCKER_REGISTRY:
- type: string
- default: 'docker-prod-virtual.docker.mirantis.net'
- description: 'Docker registry for published Calico images'
- K8S_BASE_IMAGE:
- type: string
- default: 'mirantis/base-images/debian-base:20161223134732'
- description: 'Base Docker image to build k8s'
- CALICO_CNI_IMAGE_REPO:
- type: string
- default: 'calico/cni'
- description: 'Custom calico/cni image repository'
- CALICO_CNI_IMAGE_TAG:
- type: string
- default: 'v1.5.1'
- description: 'Custom calico/cni image tag'
- CALICO_DOWNSTREAM:
- type: boolean
- default: 'true'
- description: 'Use Calico downstream'
- CALICO_VER:
- type: string
- default: 'mcp'
- description: 'Custom Calico version'
+# This file will be removed in Q3
+# jobs was moved into salt-models/infra repo
diff --git a/keycloak/server/realm/drivetrain.yml b/keycloak/server/realm/drivetrain.yml
index 42b3473..054b92f 100644
--- a/keycloak/server/realm/drivetrain.yml
+++ b/keycloak/server/realm/drivetrain.yml
@@ -14,7 +14,7 @@
enabled: true
base_url: /operations-api-portal
redirect_uris:
- - /operations-api-portal/*
+ - "/operations-api/*"
admin_url: /operations-api-portal
direct_access_grants_enabled: true
secret: ${_param:keycloak_operations_api_client_secret}
@@ -39,6 +39,38 @@
oidc-full-name-mapper:
full_name:
name: full_name
+ operations-ui:
+ enabled: true
+ base_url: /
+ web_origins:
+ - "*"
+ redirect_uris:
+ - "*"
+ public_client: true
+ admin_url: /
+ direct_access_grants_enabled: true
+ secret: '*****'
+ protocol_mapper:
+ oidc-usermodel-property-mapper:
+ username:
+ name: username
+ user_attribute: username
+ claim_name: preferred_username
+ given_name:
+ name: given name
+ user_attribute: firstName
+ claim_name: given_name
+ family_name:
+ name: family name
+ user_attribute: lastName
+ claim_name: family_name
+ email:
+ name: email
+ user_attribute: email
+ claim_name: email
+ oidc-full-name-mapper:
+ full_name:
+ name: full_name
federation_provider:
ldap:
display_name: ${_param:keycloak_drivetrain_provider_display_name}
diff --git a/nova/compute/cluster.yml b/nova/compute/cluster.yml
index 92871c0..3053335 100644
--- a/nova/compute/cluster.yml
+++ b/nova/compute/cluster.yml
@@ -37,8 +37,6 @@
SG9MrLHCd5l60aCUQg0UA5ed7Hd6SA314k+HwxJno9/wJ+voBeacMg==
-----END RSA PRIVATE KEY-----
cluster_internal_protocol: 'http'
- nova_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
- nova_memcache_secret_key: ''
openssh:
client:
enabled: True
diff --git a/nova/compute/single.yml b/nova/compute/single.yml
index 90a2fa7..7ba6775 100644
--- a/nova/compute/single.yml
+++ b/nova/compute/single.yml
@@ -37,8 +37,6 @@
SG9MrLHCd5l60aCUQg0UA5ed7Hd6SA314k+HwxJno9/wJ+voBeacMg==
-----END RSA PRIVATE KEY-----
cluster_internal_protocol: 'http'
- nova_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
- nova_memcache_secret_key: ''
openssh:
client:
enabled: True
diff --git a/nova/control/cluster.yml b/nova/control/cluster.yml
index 3a2e293..330a233 100644
--- a/nova/control/cluster.yml
+++ b/nova/control/cluster.yml
@@ -14,8 +14,6 @@
nova_disk_allocation_ratio: 1.0
metadata_password: metadataPass
cluster_internal_protocol: 'http'
- nova_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
- nova_memcache_secret_key: ''
linux:
system:
package:
diff --git a/nova/control/single.yml b/nova/control/single.yml
index 51e856f..5b61f20 100644
--- a/nova/control/single.yml
+++ b/nova/control/single.yml
@@ -5,8 +5,6 @@
parameters:
_param:
cluster_internal_protocol: 'http'
- nova_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
- nova_memcache_secret_key: ''
linux:
system:
package: