Merge "Add RBAC role and rolebinding for cni genie pod control"
diff --git a/aodh/server/cluster.yml b/aodh/server/cluster.yml
index d1f6583..fb6839b 100644
--- a/aodh/server/cluster.yml
+++ b/aodh/server/cluster.yml
@@ -6,13 +6,15 @@
parameters:
_param:
openstack_event_alarm_topic: alarm.all
+ # Keep alarm history in database for 30 days
+ aodh_alarm_history_ttl: 2592000
aodh:
server:
enabled: true
role: ${_param:openstack_node_role}
version: ${_param:aodh_version}
cluster: true
- ttl: 86400
+ ttl: ${_param:aodh_alarm_history_ttl}
debug: false
verbose: true
region: ${_param:openstack_region}
@@ -45,3 +47,8 @@
- host: ${_param:openstack_message_queue_node01_address}
- host: ${_param:openstack_message_queue_node02_address}
- host: ${_param:openstack_message_queue_node03_address}
+ # Check for expired alarm history every day at 2 AM
+ expirer:
+ cron:
+ minute: 0
+ hour: 2
diff --git a/aodh/server/single.yml b/aodh/server/single.yml
index b2a55a6..6fec2a6 100644
--- a/aodh/server/single.yml
+++ b/aodh/server/single.yml
@@ -3,10 +3,18 @@
parameters:
_param:
openstack_event_alarm_topic: alarm.all
+ # Keep alarm history in database for 30 days
+ aodh_alarm_history_ttl: 2592000
aodh:
server:
+ ttl: ${_param:aodh_alarm_history_ttl}
role: ${_param:openstack_node_role}
region: ${_param:openstack_region}
event_alarm_topic: ${_param:openstack_event_alarm_topic}
identity:
region: ${_param:openstack_region}
+ # Check for expired alarm history every day at 2 AM
+ expirer:
+ cron:
+ minute: 0
+ hour: 2
diff --git a/debmirror/mirror_mirantis_com/ubuntu/xenial.yml b/debmirror/mirror_mirantis_com/ubuntu/xenial.yml
index d869e94..91eafb0 100644
--- a/debmirror/mirror_mirantis_com/ubuntu/xenial.yml
+++ b/debmirror/mirror_mirantis_com/ubuntu/xenial.yml
@@ -183,3 +183,5 @@
804: "--include='/main(.*)libbluetooth3'" # python-guestfs
805: "--include='/main(.*)llvm-toolchain-5.0'" # pki-ca: < 389-ds-base < dogtag
806: "--include='/main(.*)man-db'" # include man tool
+ 807: "--include='/main(.*)zfs-doc'" # Some extra fs dep's for MAAS provision stage.PROD-21531
+
diff --git a/designate/server/cluster/init.yml b/designate/server/cluster/init.yml
new file mode 100644
index 0000000..f5935d1
--- /dev/null
+++ b/designate/server/cluster/init.yml
@@ -0,0 +1,5 @@
+classes:
+- service.keepalived.cluster.single
+- service.haproxy.proxy.single
+- system.haproxy.proxy.listen.openstack.designate
+- system.designate.server.cluster.simple
\ No newline at end of file
diff --git a/designate/server/cluster.yml b/designate/server/cluster/simple.yml
similarity index 94%
rename from designate/server/cluster.yml
rename to designate/server/cluster/simple.yml
index f60f883..9f9b18b 100644
--- a/designate/server/cluster.yml
+++ b/designate/server/cluster/simple.yml
@@ -1,8 +1,5 @@
classes:
- service.designate.server.cluster
-- service.keepalived.cluster.single
-- system.haproxy.proxy.listen.openstack.designate
-- service.haproxy.proxy.single
parameters:
_param:
designate_admin_api_enabled: false
diff --git a/jenkins/client/init.yml b/jenkins/client/init.yml
index 409b3f3..a64c76f 100644
--- a/jenkins/client/init.yml
+++ b/jenkins/client/init.yml
@@ -2,6 +2,7 @@
- service.jenkins.support
- service.jenkins.client
- system.jenkins.client.approved_scripts
+ - system.jenkins.client.plugins
parameters:
_param:
jenkins_client_user: none
@@ -21,49 +22,6 @@
port: ${_param:jenkins_master_port}
username: ${_param:jenkins_client_user}
password: ${_param:jenkins_client_password}
- plugin:
- antisamy-markup-formatter: {}
- artifactory: {}
- blueocean: {}
- build-blocker-plugin: {}
- build-monitor-plugin: {}
- build-timeout: {}
- build-user-vars-plugin: {}
- categorized-view: {}
- copyartifact: {}
- description-setter: {}
- discard-old-build: {}
- docker-workflow: {}
- email-ext: {}
- envinject: {}
- extended-choice-parameter: {}
- extensible-choice-parameter: {}
- gerrit-trigger: {}
- git: {}
- github: {}
- heavy-job: {}
- jobConfigHistory: {}
- jira: {}
- ldap: {}
- lockable-resources: {}
- matrix-auth: {}
- monitoring: {}
- multiple-scms: {}
- performance: {}
- permissive-script-security: {}
- pipeline-utility-steps: {}
- plot: {}
- prometheus: {}
- rebuild: {}
- simple-theme-plugin: {}
- slack: {}
- ssh-agent: {}
- test-stability: {}
- throttle-concurrents: {}
- workflow-cps: {}
- workflow-remote-loader: {}
- workflow-scm-step:
- restart: true
lib:
pipeline-library:
enabled: true
diff --git a/jenkins/client/job/salt-models/generate.yml b/jenkins/client/job/salt-models/generate.yml
index 686e74d..002c618 100644
--- a/jenkins/client/job/salt-models/generate.yml
+++ b/jenkins/client/job/salt-models/generate.yml
@@ -28,3 +28,7 @@
TEST_MODEL:
type: boolean
default: false
+ RECLASS_VERSION:
+ type: string
+ default: 'v1.5.4'
+ description: "Version (branch) of Reclass we will use"
diff --git a/jenkins/client/job/salt-models/tests.yml b/jenkins/client/job/salt-models/tests.yml
index c820d26..7c327e8 100644
--- a/jenkins/client/job/salt-models/tests.yml
+++ b/jenkins/client/job/salt-models/tests.yml
@@ -295,6 +295,10 @@
EXTRA_FORMULAS:
type: string
default: "aptly artifactory auditd backupninja collectd devops-portal docker elasticsearch fluentd freeipa gerrit glusterfs grafana haproxy heka horizon influxdb jenkins keepalived kibana libvirt maas memcached mysql nginx ntp openldap openssh postfix prometheus rsync rsyslog rundeck sensu sphinx telegraf xtrabackup watchdog"
+ RECLASS_VERSION:
+ type: string
+ default: 'v1.5.4'
+ description: "Version (branch) of Reclass we will use"
job:
test-salt-model-node:
name: test-salt-model-node
diff --git a/jenkins/client/plugins/init.yml b/jenkins/client/plugins/init.yml
new file mode 100644
index 0000000..903aae3
--- /dev/null
+++ b/jenkins/client/plugins/init.yml
@@ -0,0 +1,46 @@
+parameters:
+ jenkins:
+ client:
+ plugin:
+ antisamy-markup-formatter: {}
+ artifactory: {}
+ blueocean: {}
+ build-blocker-plugin: {}
+ build-monitor-plugin: {}
+ build-timeout: {}
+ build-user-vars-plugin: {}
+ categorized-view: {}
+ copyartifact: {}
+ description-setter: {}
+ discard-old-build: {}
+ docker-workflow: {}
+ email-ext: {}
+ envinject: {}
+ extended-choice-parameter: {}
+ extensible-choice-parameter: {}
+ gerrit-trigger: {}
+ git: {}
+ github: {}
+ heavy-job: {}
+ jobConfigHistory: {}
+ jira: {}
+ ldap: {}
+ lockable-resources: {}
+ matrix-auth: {}
+ monitoring: {}
+ multiple-scms: {}
+ performance: {}
+ permissive-script-security: {}
+ pipeline-utility-steps: {}
+ plot: {}
+ prometheus: {}
+ rebuild: {}
+ simple-theme-plugin: {}
+ slack: {}
+ ssh-agent: {}
+ test-stability: {}
+ throttle-concurrents: {}
+ workflow-cps: {}
+ workflow-remote-loader: {}
+ workflow-scm-step:
+ restart: true
diff --git a/linux/system/single/init.yml b/linux/system/single/init.yml
index 970184c..edefd93 100644
--- a/linux/system/single/init.yml
+++ b/linux/system/single/init.yml
@@ -1,65 +1,5 @@
classes:
-- service.linux.system
+- system.linux.system.single.mcp
- service.salt.minion.master
-- system.linux.system.banner
- system.openssh.server.single
- system.ntp.client.single
-parameters:
- _param:
- local_package_repos: false
- linux:
- system:
- local_package_repos: ${_param:local_package_repos}
- user:
- root:
- enabled: true
- name: root
- home: /root
- kernel:
- modules:
- - nf_conntrack
- sysctl:
- net.ipv4.tcp_keepalive_intvl: 3
- net.ipv4.tcp_keepalive_time: 30
- net.ipv4.tcp_keepalive_probes: 8
- fs.file-max: 124165
- net.core.somaxconn: 4096
- vm.swappiness: 10
- net.nf_conntrack_max: 1048576
- net.ipv4.tcp_retries2: 5
- net.ipv4.tcp_max_syn_backlog: 8192
- net.ipv4.neigh.default.gc_thresh1: 4096
- net.ipv4.neigh.default.gc_thresh2: 8192
- net.ipv4.neigh.default.gc_thresh3: 16384
- net.core.netdev_max_backlog: 261144
- net.ipv4.tcp_tw_reuse: 1
- kernel.panic: 60
- cpu:
- governor: performance
- timezone: UTC
- locale:
- en_US.UTF-8:
- enabled: true
- default: true
- limit:
- default:
- enabled: true
- domain: "*"
- limits:
- - type: hard
- item: nofile
- value: 307200
- - type: soft
- item: nofile
- value: 307200
- - type: soft
- item: nproc
- value: 307200
- - type: hard
- item: nproc
- value: 307200
- systemd:
- system:
- Manager:
- DefaultLimitNOFILE: 307200
- DefaultLimitNPROC: 307200
diff --git a/linux/system/single/mcp.yml b/linux/system/single/mcp.yml
new file mode 100644
index 0000000..850a7ac
--- /dev/null
+++ b/linux/system/single/mcp.yml
@@ -0,0 +1,48 @@
+classes:
+- system.linux.system.single.simple
+parameters:
+ linux:
+ system:
+ kernel:
+ modules:
+ - nf_conntrack
+ sysctl:
+ net.ipv4.tcp_keepalive_intvl: 3
+ net.ipv4.tcp_keepalive_time: 30
+ net.ipv4.tcp_keepalive_probes: 8
+ fs.file-max: 124165
+ net.core.somaxconn: 4096
+ vm.swappiness: 10
+ net.nf_conntrack_max: 1048576
+ net.ipv4.tcp_retries2: 5
+ net.ipv4.tcp_max_syn_backlog: 8192
+ net.ipv4.neigh.default.gc_thresh1: 4096
+ net.ipv4.neigh.default.gc_thresh2: 8192
+ net.ipv4.neigh.default.gc_thresh3: 16384
+ net.core.netdev_max_backlog: 261144
+ net.ipv4.tcp_tw_reuse: 1
+ kernel.panic: 60
+ cpu:
+ governor: performance
+ limit:
+ default:
+ enabled: true
+ domain: "*"
+ limits:
+ - type: hard
+ item: nofile
+ value: 307200
+ - type: soft
+ item: nofile
+ value: 307200
+ - type: soft
+ item: nproc
+ value: 307200
+ - type: hard
+ item: nproc
+ value: 307200
+ systemd:
+ system:
+ Manager:
+ DefaultLimitNOFILE: 307200
+ DefaultLimitNPROC: 307200
diff --git a/linux/system/single/simple.yml b/linux/system/single/simple.yml
new file mode 100644
index 0000000..8154439
--- /dev/null
+++ b/linux/system/single/simple.yml
@@ -0,0 +1,14 @@
+classes:
+- service.linux.system
+- system.linux.system.banner
+parameters:
+ _param:
+ local_package_repos: false
+ linux:
+ system:
+ local_package_repos: ${_param:local_package_repos}
+ timezone: UTC
+ locale:
+ en_US.UTF-8:
+ enabled: true
+ default: true
diff --git a/maas/region/cluster.yml b/maas/region/cluster.yml
index 8df6ea8..ff6dac5 100644
--- a/maas/region/cluster.yml
+++ b/maas/region/cluster.yml
@@ -1,12 +1,18 @@
classes:
- system.maas.region.single
- system.keepalived.server.cluster_maas
+ - system.linux.system.repo.keystorage.saltstack
parameters:
_param:
cluster_vip_address: 10.0.175.80
+ linux_system_repo_mcp_saltstack_url: http://mirror.mirantis.com/${_param:apt_mk_version}/saltstack-2017.7/
maas:
cluster:
enabled: true
role: ${_param:maas_cluster_role}
region:
- host: ${_param:cluster_vip_address}
\ No newline at end of file
+ host: ${_param:cluster_vip_address}
+ saltstack_repo_key: ${linux:system:repo:mcp_saltstack:key}
+ saltstack_repo_trusty: "deb [arch=amd64] ${_param:linux_system_repo_mcp_saltstack_url}/trusty/ trusty main"
+ saltstack_repo_xenial: "deb [arch=amd64] ${_param:linux_system_repo_mcp_saltstack_url}/xenial/ xenial main"
+
diff --git a/panko/server/cluster.yml b/panko/server/cluster.yml
index e277c30..d641f36 100644
--- a/panko/server/cluster.yml
+++ b/panko/server/cluster.yml
@@ -9,9 +9,12 @@
panko_memcached_node01_address: ${_param:cluster_node01_address}
panko_memcached_node02_address: ${_param:cluster_node02_address}
panko_memcached_node03_address: ${_param:cluster_node03_address}
+ # Keep events in database for 30 days
+ panko_event_time_to_live: 2592000
panko:
server:
role: ${_param:openstack_node_role}
+ event_time_to_live: ${_param:panko_event_time_to_live}
identity:
host: ${_param:openstack_control_address}
database:
@@ -24,4 +27,9 @@
- host: ${_param:panko_memcached_node02_address}
port: 11211
- host: ${_param:panko_memcached_node03_address}
- port: 11211
\ No newline at end of file
+ port: 11211
+ # Check for expired events every day at 2 AM
+ expirer:
+ cron:
+ minute: 0
+ hour: 2
\ No newline at end of file
diff --git a/panko/server/single.yml b/panko/server/single.yml
new file mode 100644
index 0000000..497b21e
--- /dev/null
+++ b/panko/server/single.yml
@@ -0,0 +1,16 @@
+classes:
+- service.panko.server.single
+- system.apache.server.site.panko
+parameters:
+ _param:
+ # Keep events in database for 30 days
+ panko_event_time_to_live: 2592000
+ panko:
+ server:
+ role: ${_param:openstack_node_role}
+ event_time_to_live: ${_param:panko_event_time_to_live}
+ # Check for expired events every day at 2 AM
+ expirer:
+ cron:
+ minute: 0
+ hour: 2
\ No newline at end of file