Merge "Switch maas ssaltstack_repo's to mirror"
diff --git a/aodh/server/cluster.yml b/aodh/server/cluster.yml
index 91ebe12..d1f6583 100644
--- a/aodh/server/cluster.yml
+++ b/aodh/server/cluster.yml
@@ -9,6 +9,7 @@
aodh:
server:
enabled: true
+ role: ${_param:openstack_node_role}
version: ${_param:aodh_version}
cluster: true
ttl: 86400
diff --git a/aodh/server/single.yml b/aodh/server/single.yml
index 6eec70e..b2a55a6 100644
--- a/aodh/server/single.yml
+++ b/aodh/server/single.yml
@@ -5,6 +5,7 @@
openstack_event_alarm_topic: alarm.all
aodh:
server:
+ role: ${_param:openstack_node_role}
region: ${_param:openstack_region}
event_alarm_topic: ${_param:openstack_event_alarm_topic}
identity:
diff --git a/barbican/server/cluster.yml b/barbican/server/cluster.yml
index ed45b47..d8b570c 100644
--- a/barbican/server/cluster.yml
+++ b/barbican/server/cluster.yml
@@ -6,5 +6,6 @@
cluster_internal_protocol: 'http'
barbican:
server:
+ role: ${_param:openstack_node_role}
identity:
protocol: ${_param:cluster_internal_protocol}
diff --git a/barbican/server/single.yml b/barbican/server/single.yml
index aab0b18..b115e79 100644
--- a/barbican/server/single.yml
+++ b/barbican/server/single.yml
@@ -5,5 +5,6 @@
internal_protocol: 'http'
barbican:
server:
+ role: ${_param:openstack_node_role}
identity:
protocol: ${_param:internal_protocol}
diff --git a/ceilometer/server/cluster.yml b/ceilometer/server/cluster.yml
index f965451..ad804f8 100644
--- a/ceilometer/server/cluster.yml
+++ b/ceilometer/server/cluster.yml
@@ -13,6 +13,7 @@
cluster: true
secret: ${_param:ceilometer_secret_key}
ttl: 86400
+ role: ${_param:openstack_node_role}
notification:
workload_partitioning: true
batch_timeout: 30
diff --git a/ceilometer/server/single.yml b/ceilometer/server/single.yml
index 9758af2..ae642f1 100644
--- a/ceilometer/server/single.yml
+++ b/ceilometer/server/single.yml
@@ -3,6 +3,7 @@
parameters:
ceilometer:
server:
+ role: ${_param:openstack_node_role}
database:
influxdb:
host: ${_param:stacklight_monitor_node01_address}
diff --git a/ceilometer/server/telemetry/cluster.yml b/ceilometer/server/telemetry/cluster.yml
index d1c28ef..fdf3e03 100644
--- a/ceilometer/server/telemetry/cluster.yml
+++ b/ceilometer/server/telemetry/cluster.yml
@@ -10,6 +10,7 @@
region: ${_param:openstack_region}
cluster: true
secret: ${_param:ceilometer_secret_key}
+ role: ${_param:openstack_node_role}
ttl: 86400
notification:
workload_partitioning: true
diff --git a/ceilometer/server/telemetry/single.yml b/ceilometer/server/telemetry/single.yml
index 7a98b73..2d8828c 100644
--- a/ceilometer/server/telemetry/single.yml
+++ b/ceilometer/server/telemetry/single.yml
@@ -1,2 +1,6 @@
classes:
- service.ceilometer.server.single.common
+parameters:
+ ceilometer:
+ server:
+ role: ${_param:openstack_node_role}
diff --git a/cinder/control/backend/vmware.yml b/cinder/control/backend/vmware.yml
new file mode 100644
index 0000000..d75e257
--- /dev/null
+++ b/cinder/control/backend/vmware.yml
@@ -0,0 +1,13 @@
+parameters:
+ cinder:
+ controller:
+ default_volume_type: vmware-driver
+ backend:
+ vmware:
+ engine: vmware
+ type_name: vmware-driver
+ host_ip: ${_param:openstack_vcenter_host}
+ host_username: ${_param:openstack_vcenter_username}
+ host_password: ${_param:openstack_vcenter_password}
+ cluster_names: ${_param:openstack_vcenter_cluster_names}
+ insecure: true
diff --git a/cinder/control/cluster.yml b/cinder/control/cluster.yml
index 1110c63..b5d6862 100644
--- a/cinder/control/cluster.yml
+++ b/cinder/control/cluster.yml
@@ -25,6 +25,7 @@
default_volume_type: ""
backend: {}
version: ${_param:cinder_version}
+ role: ${_param:openstack_node_role}
osapi:
host: ${_param:cluster_local_address}
database:
diff --git a/cinder/control/single.yml b/cinder/control/single.yml
index d442693..89c5307 100644
--- a/cinder/control/single.yml
+++ b/cinder/control/single.yml
@@ -15,6 +15,7 @@
controller:
backend: {}
default_volume_type: ''
+ role: ${_param:openstack_node_role}
database:
host: ${_param:single_address}
identity:
diff --git a/cinder/volume/backend/vmware.yml b/cinder/volume/backend/vmware.yml
new file mode 100644
index 0000000..1c606d2
--- /dev/null
+++ b/cinder/volume/backend/vmware.yml
@@ -0,0 +1,13 @@
+parameters:
+ cinder:
+ volume:
+ default_volume_type: vmware-driver
+ backend:
+ vmware:
+ engine: vmware
+ type_name: vmware-driver
+ host_ip: ${_param:openstack_vcenter_host}
+ host_username: ${_param:openstack_vcenter_username}
+ host_password: ${_param:openstack_vcenter_password}
+ cluster_names: ${_param:openstack_vcenter_cluster_names}
+ insecure: true
diff --git a/designate/server/cluster.yml b/designate/server/cluster.yml
index afbb7df..f60f883 100644
--- a/designate/server/cluster.yml
+++ b/designate/server/cluster.yml
@@ -23,6 +23,7 @@
region: ${_param:openstack_region}
domain_id: ${_param:designate_domain_id}
version: ${_param:designate_version}
+ role: ${_param:openstack_node_role}
admin_api:
enabled: ${_param:designate_admin_api_enabled}
enabled_extensions_admin: quotas
diff --git a/designate/server/single.yml b/designate/server/single.yml
index 3fdd448..683180e 100644
--- a/designate/server/single.yml
+++ b/designate/server/single.yml
@@ -17,6 +17,7 @@
region: ${_param:openstack_region}
domain_id: ${_param:designate_domain_id}
version: ${_param:designate_version}
+ role: ${_param:openstack_node_role}
admin_api:
enabled: ${_param:designate_admin_api_enabled}
enabled_extensions_admin: quotas
diff --git a/galera/server/database/tacker.yml b/galera/server/database/tacker.yml
new file mode 100644
index 0000000..9cd76b5
--- /dev/null
+++ b/galera/server/database/tacker.yml
@@ -0,0 +1,19 @@
+parameters:
+ _param:
+ mysql_tacker_ssl_option: []
+ mysql:
+ server:
+ database:
+ tacker:
+ encoding: utf8
+ users:
+ - name: tacker
+ password: ${_param:mysql_tacker_password}
+ host: '%'
+ rights: all
+ ssl_option: ${_param:mysql_tacker_ssl_option}
+ - name: tacker
+ password: ${_param:mysql_tacker_password}
+ host: ${_param:cluster_local_address}
+ rights: all
+ ssl_option: ${_param:mysql_tacker_ssl_option}
diff --git a/glance/control/cluster.yml b/glance/control/cluster.yml
index bb87f16..e218835 100644
--- a/glance/control/cluster.yml
+++ b/glance/control/cluster.yml
@@ -15,6 +15,7 @@
enabled: true
version: ${_param:glance_version}
workers: 8
+ role: ${_param:openstack_node_role}
database:
engine: mysql
host: ${_param:openstack_database_address}
diff --git a/glance/control/single.yml b/glance/control/single.yml
index 5580b66..63e1b48 100644
--- a/glance/control/single.yml
+++ b/glance/control/single.yml
@@ -9,6 +9,7 @@
version: latest
glance:
server:
+ role: ${_param:openstack_node_role}
database:
host: ${_param:single_address}
identity:
diff --git a/glance/control/storage/vmware.yml b/glance/control/storage/vmware.yml
new file mode 100644
index 0000000..d908214
--- /dev/null
+++ b/glance/control/storage/vmware.yml
@@ -0,0 +1,2 @@
+classes:
+- service.glance.control.storage.vmware
diff --git a/gnocchi/server/cluster.yml b/gnocchi/server/cluster.yml
index 990fda2..ede63c5 100644
--- a/gnocchi/server/cluster.yml
+++ b/gnocchi/server/cluster.yml
@@ -12,6 +12,7 @@
gnocchi:
server:
enable_proxy_headers_parsing: true
+ role: ${_param:openstack_node_role}
metricd:
metric_processing_delay: 15
metric_reporting_delay: 30
diff --git a/gnocchi/server/single.yml b/gnocchi/server/single.yml
index d82dfee..11ddf39 100644
--- a/gnocchi/server/single.yml
+++ b/gnocchi/server/single.yml
@@ -3,6 +3,7 @@
parameters:
gnocchi:
server:
+ role: ${_param:openstack_node_role}
identity:
region: ${_param:openstack_region}
metricd:
diff --git a/heat/server/cluster.yml b/heat/server/cluster.yml
index 5829aee..eee2b63 100644
--- a/heat/server/cluster.yml
+++ b/heat/server/cluster.yml
@@ -22,6 +22,7 @@
enabled: true
region: ${_param:openstack_region}
version: ${_param:heat_version}
+ role: ${_param:openstack_node_role}
bind:
api_cfn:
address: ${_param:cluster_local_address}
diff --git a/heat/server/single.yml b/heat/server/single.yml
index 0c83206..e686050 100644
--- a/heat/server/single.yml
+++ b/heat/server/single.yml
@@ -9,6 +9,7 @@
version: latest
heat:
server:
+ role: ${_param:openstack_node_role}
region: ${_param:openstack_region}
stack_domain_admin:
name: heat_domain_admin
diff --git a/ironic/api/cluster.yml b/ironic/api/cluster.yml
index 5522f3f..b0bb69f 100644
--- a/ironic/api/cluster.yml
+++ b/ironic/api/cluster.yml
@@ -11,5 +11,6 @@
api:
enabled: true
version: ${_param:ironic_version}
+ role: ${_param:openstack_node_role}
bind:
address: ${_param:cluster_baremetal_local_address}
diff --git a/ironic/api/single.yml b/ironic/api/single.yml
index ed73e90..51c3f9c 100644
--- a/ironic/api/single.yml
+++ b/ironic/api/single.yml
@@ -9,5 +9,6 @@
version: latest
ironic:
api:
+ role: ${_param:openstack_node_role}
bind:
address: ${_param:single_address}
diff --git a/jenkins/client/job/deploy/lab/component/openstack.yml b/jenkins/client/job/deploy/lab/component/openstack.yml
index 0e526c6..2faa44a 100644
--- a/jenkins/client/job/deploy/lab/component/openstack.yml
+++ b/jenkins/client/job/deploy/lab/component/openstack.yml
@@ -18,7 +18,7 @@
stack_env: devcloud
stack_type: heat
stack_install: core,openstack,contrail
- stack_test: ""
+ stack_test: "opencontrail"
job_timer: "H H(0-6) * * *"
- stack_name: os_ha_contrail_ironic
stack_env: devcloud
diff --git a/jenkins/client/job/k8s-test/init.yml b/jenkins/client/job/k8s-test/init.yml
index 0cdaa09..4d22797 100644
--- a/jenkins/client/job/k8s-test/init.yml
+++ b/jenkins/client/job/k8s-test/init.yml
@@ -1,3 +1,4 @@
classes:
- system.jenkins.client.job.k8s-test.mcp-k8s-test-pipeline
-- system.jenkins.client.job.k8s-test.mcp-k8s-merge-pipeline
\ No newline at end of file
+- system.jenkins.client.job.k8s-test.mcp-k8s-merge-pipeline
+- system.jenkins.client.job.k8s-test.mcp-k8s-formula-test-pipeline
diff --git a/jenkins/client/job/k8s-test/mcp-k8s-formula-test-pipeline.yml b/jenkins/client/job/k8s-test/mcp-k8s-formula-test-pipeline.yml
new file mode 100644
index 0000000..976ed1a
--- /dev/null
+++ b/jenkins/client/job/k8s-test/mcp-k8s-formula-test-pipeline.yml
@@ -0,0 +1,67 @@
+parameters:
+ jenkins:
+ client:
+ job:
+ mcp_k8s_formula_test_pipeline:
+ type: workflow-scm
+ name: mcp-k8s-formula-test-pipeline
+ display_name: "Kubernetes formula test pipeline"
+ description: "Run k8s conformance against gerrit commit"
+ discard:
+ build:
+ keep_num: 30
+ artifact:
+ keep_num: 30
+ concurrent: true
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/kubernetes-ci/kubernetes-pipelines"
+ credentials: "gerrit"
+ script: pipelines/mcp-formula-change-test-pipeline.groovy
+ param:
+ SOURCE_CREDENTIALS:
+ type: string
+ default: "gerrit"
+ UPLOAD_APTLY:
+ type: boolean
+ default: 'true'
+ description: Whether to upload to Aptly
+ APTLY_REPO:
+ type: string
+ default: ""
+ description: Aptly repo name
+ BUILD_PACKAGE:
+ type: boolean
+ default: 'true'
+ description: Whether to build package
+ APTLY_REPO_URL:
+ type: string
+ default: "${_param:jenkins_aptly_url}"
+ description: Aptly url
+ APTLY_API_URL:
+ type: string
+ default: "${_param:jenkins_aptly_api_url}"
+ description: Aptly API url
+ SOURCES:
+ type: text
+ default: ""
+ description: Optional parameter to list Git refspecs to be build
+ PKG_BUILD_JOB_NAME:
+ type: string
+ default: "oscore-build-salt-formula-refspec"
+ description: Jenkins job name to build package
+ STACK_DELETE:
+ type: boolean
+ default: 'true'
+ description: Whether to delete stacks ater tests
+ APTLY_PREFIX:
+ type: string
+ default: "oscc-dev"
+ description: Aptly prefix
+ SOURCE_REPO_NAME:
+ type: string
+ description: "Name of the repo where packages are stored"
+ default: "ubuntu-xenial-salt"
+ DEPLOY_JOB:
+ type: string
+ default: "deploy-heat-k8s_ha_calico"
diff --git a/jenkins/client/job/salt-formulas/tests.yml b/jenkins/client/job/salt-formulas/tests.yml
index 1c9f4fb..7d659e8 100644
--- a/jenkins/client/job/salt-formulas/tests.yml
+++ b/jenkins/client/job/salt-formulas/tests.yml
@@ -10,6 +10,7 @@
- name: aptcacher
- name: aptly
- name: artifactory
+ - name: auditd
- name: avinetworks
- name: backupninja
- name: barbican
diff --git a/jenkins/client/job/validate.yml b/jenkins/client/job/validate.yml
index 32b0c0f..4d18225 100644
--- a/jenkins/client/job/validate.yml
+++ b/jenkins/client/job/validate.yml
@@ -251,6 +251,10 @@
type: string
default: "https://github.com/Mirantis/cvp-configuration"
description: URL of repo where testing tools, scenarios, configs are located.
+ TEMPEST_VERSION:
+ type: string
+ default: "15.0.0"
+ description: Version of Tempest
cvp-ha:
type: workflow-scm
name: cvp-ha
diff --git a/jenkins/client/job/vnf-onboarding/test_metaswitch_vsbc.yml b/jenkins/client/job/vnf-onboarding/test_metaswitch_vsbc.yml
index 8720fb1..e480d46 100644
--- a/jenkins/client/job/vnf-onboarding/test_metaswitch_vsbc.yml
+++ b/jenkins/client/job/vnf-onboarding/test_metaswitch_vsbc.yml
@@ -6,8 +6,8 @@
job:
test_metaswitch_vnf:
type: workflow-scm
- name: test_metaswitch_vnf
- display_name: "Onboarding tests for Metaswitch vSBC VNF"
+ name: test_metaswitch_vnf_ee
+ display_name: "Onboarding tests for Metaswitch vSBC VNF against CFY Enterprise Edition"
discard:
build:
keep_num: 20
@@ -50,7 +50,7 @@
default: "${_param:vnf_openstack_api_credentials}"
OPENSTACK_API_TENANT:
type: string
- default: "test"
+ default: "test-metaswitch"
GERRIT_CREDENTIALS:
type: string
default: "${_param:vnf_gerrit_credentials}"
@@ -79,11 +79,11 @@
default: "${_param:contrail_api_url}"
SETUP_OWN_CLOUDIFY:
type: boolean
- description: "Use temporary private Cloudify instance"
- default: false
+ description: "Use temporary private Cloudify instance. Metaswitch vSBC can work only with its own CFY instance"
+ default: true
CLOUDIFY_MANAGER_IP:
type: string
- description: "IP address of extrenal Cloudify. \"auto\" refers to address of deploy_cloudify job Cloudify instance"
+ description: "IP address of external Cloudify. \"auto\" refers to address of deploy_cloudify_enterprise job Cloudify instance"
default: "auto"
CLOUDIFY_MANAGER_OPTIONS:
type: string
@@ -97,6 +97,13 @@
type: string
description: "Parameters for cloudify agent VMs."
default: "CFY_AGENT_NET=cfm-net-shared CFY_AGENT_FLAVOR=cfy.agent CFY_AGENT_BACKEND_FLAVOR=backend.metaswitch CFY_AGENT_IMAGE=agent_vm CFY_AGENT_BASE_IMAGE=base_agent_vm CFY_AGENT_BACKEND_IMAGE=base_backend_vm"
+ CLOUDIFY_MANAGER_VERSION:
+ type: choice
+ choices:
+ - enterprise
+ - community
+ default: "enterprise"
+ description: "CFY edition version, make sure that it is consistent with CFY Manager image"
VNF_ARTIFACTORY_URL:
type: string
default: "${_param:vnf_artifactory_url}"
@@ -116,14 +123,14 @@
VNF_PLUGINS:
type: string
description: "Plugins to fetch from artifactory and install during build package step"
- default: "vnf_onboarding_tools-0.1-py27-none-linux_x86_64_Ubuntu_xenial"
+ default: "vnf_onboarding_tools-0.2-py27-none-linux_x86_64_CentOS_Core, cloudify_diamond_plugin-1.3.8-py27-none-linux_x86_64-centos-Core, metaswitch_deployment_plugin-2.1.0-py27-none-linux_x86_64-centos-Core"
VNF_OPTIONS:
type: string
- default: ""
+ default: "METASWITCH_VSBS_BPS=mirantis-blueprint-insecure-withoutsas-newlicense.tar DCM_IMAGE_NAME=MSwVA-DCM-V3.3 MDM_IMAGE_NAME=MSwVA-MDM-centos PERIMETA_IMAGE_NAME=MSwVA-Perimeta-V4.3.50_SU42_P252"
VNF_DOCKER_CLI_PLATFORM:
type: string
default: "ubuntu"
- CLOUDIFY_DEPLOYMENT_TIMEOUT:
+ VNF_DEPLOYMENT_TIMEOUT:
type: string
description: "Set up timeout for cloudify deployment (depends on each VNF specific and network throughput)."
default: 7200
diff --git a/keystone/client/service/tacker.yml b/keystone/client/service/tacker.yml
new file mode 100644
index 0000000..335bc6e
--- /dev/null
+++ b/keystone/client/service/tacker.yml
@@ -0,0 +1,34 @@
+parameters:
+ _param:
+ cluster_public_protocol: https
+ tacker_service_protocol: http
+ tacker_public_host: ${_param:cluster_public_host}
+ keystone:
+ client:
+ server:
+ identity:
+ project:
+ service:
+ user:
+ tacker:
+ is_admin: true
+ password: ${_param:keystone_tacker_password}
+ email: ${_param:admin_email}
+ service:
+ tacker:
+ type: nfv-orchestration
+ description: OpenStack Tacker NFV Orchestrator Service
+ endpoints:
+ - region: ${_param:openstack_region}
+ public_address: ${_param:tacker_public_host}
+ public_protocol: ${_param:cluster_public_protocol}
+ public_port: 9890
+ public_path: '/'
+ internal_address: ${_param:tacker_service_host}
+ internal_port: 9890
+ internal_path: '/'
+ internal_protocol: ${_param:tacker_service_protocol}
+ admin_protocol: ${_param:tacker_service_protocol}
+ admin_address: ${_param:tacker_service_host}
+ admin_port: 9890
+ admin_path: '/'
diff --git a/keystone/client/v3/service/tacker.yml b/keystone/client/v3/service/tacker.yml
new file mode 100644
index 0000000..c5187dd
--- /dev/null
+++ b/keystone/client/v3/service/tacker.yml
@@ -0,0 +1,34 @@
+parameters:
+ _param:
+ cluster_public_protocol: https
+ tacker_service_protocol: http
+ tacker_public_host: ${_param:cluster_public_host}
+ keystone:
+ client:
+ resources:
+ v3:
+ users:
+ tacker:
+ password: ${_param:keystone_tacker_password}
+ email: ${_param:admin_email}
+ roles:
+ service_admin:
+ name: admin
+ project_id: service
+ service:
+ tacker:
+ type: nfv-orchestration
+ description: OpenStack Tacker NFV Orchestrator Service
+ endpoints:
+ tacker_public:
+ interface: 'public'
+ url: ${_param:cluster_public_protocol}://${_param:tacker_public_host}:9890/
+ region: ${_param:openstack_region}
+ tacker_internal:
+ interface: 'internal'
+ url: ${_param:tacker_service_protocol}://${_param:tacker_service_host}:9890/
+ region: ${_param:openstack_region}
+ tacker_admin:
+ interface: 'admin'
+ url: ${_param:tacker_service_protocol}://${_param:tacker_service_host}:9890/
+ region: ${_param:openstack_region}
diff --git a/keystone/server/cluster.yml b/keystone/server/cluster.yml
index 0ae502b..7e6980b 100644
--- a/keystone/server/cluster.yml
+++ b/keystone/server/cluster.yml
@@ -6,6 +6,7 @@
parameters:
_param:
keystone_tokens_expiration: 3600
+ openstack_node_role: primary
linux:
system:
package:
@@ -25,6 +26,7 @@
admin_name: admin
admin_password: ${_param:keystone_admin_password}
admin_email: ${_param:admin_email}
+ role: ${_param:openstack_node_role}
bind:
address: ${_param:cluster_local_address}
private_address: ${_param:cluster_vip_address}
diff --git a/keystone/server/single.yml b/keystone/server/single.yml
index 16c26ca..2b1e89e 100644
--- a/keystone/server/single.yml
+++ b/keystone/server/single.yml
@@ -8,6 +8,7 @@
mysql_admin_password: password
mysql_keystone_password: password
keystone_tokens_expiration: 3600
+ openstack_node_role: primary
linux:
system:
package:
@@ -24,6 +25,7 @@
admin_name: admin
admin_password: ${_param:keystone_admin_password}
admin_email: ${_param:admin_email}
+ role: ${_param:openstack_node_role}
bind:
address: ${_param:single_address}
private_address: ${_param:single_address}
diff --git a/linux/system/ca_certificates/vmware.yml b/linux/system/ca_certificates/vmware.yml
new file mode 100644
index 0000000..0fac87f
--- /dev/null
+++ b/linux/system/ca_certificates/vmware.yml
@@ -0,0 +1,5 @@
+parameters:
+ linux:
+ system:
+ ca_certificates:
+ vcenter: ${_param:openstack_vcenter_cacert}
diff --git a/linux/system/single/init.yml b/linux/system/single/init.yml
index 970184c..edefd93 100644
--- a/linux/system/single/init.yml
+++ b/linux/system/single/init.yml
@@ -1,65 +1,5 @@
classes:
-- service.linux.system
+- system.linux.system.single.mcp
- service.salt.minion.master
-- system.linux.system.banner
- system.openssh.server.single
- system.ntp.client.single
-parameters:
- _param:
- local_package_repos: false
- linux:
- system:
- local_package_repos: ${_param:local_package_repos}
- user:
- root:
- enabled: true
- name: root
- home: /root
- kernel:
- modules:
- - nf_conntrack
- sysctl:
- net.ipv4.tcp_keepalive_intvl: 3
- net.ipv4.tcp_keepalive_time: 30
- net.ipv4.tcp_keepalive_probes: 8
- fs.file-max: 124165
- net.core.somaxconn: 4096
- vm.swappiness: 10
- net.nf_conntrack_max: 1048576
- net.ipv4.tcp_retries2: 5
- net.ipv4.tcp_max_syn_backlog: 8192
- net.ipv4.neigh.default.gc_thresh1: 4096
- net.ipv4.neigh.default.gc_thresh2: 8192
- net.ipv4.neigh.default.gc_thresh3: 16384
- net.core.netdev_max_backlog: 261144
- net.ipv4.tcp_tw_reuse: 1
- kernel.panic: 60
- cpu:
- governor: performance
- timezone: UTC
- locale:
- en_US.UTF-8:
- enabled: true
- default: true
- limit:
- default:
- enabled: true
- domain: "*"
- limits:
- - type: hard
- item: nofile
- value: 307200
- - type: soft
- item: nofile
- value: 307200
- - type: soft
- item: nproc
- value: 307200
- - type: hard
- item: nproc
- value: 307200
- systemd:
- system:
- Manager:
- DefaultLimitNOFILE: 307200
- DefaultLimitNPROC: 307200
diff --git a/linux/system/single/mcp.yml b/linux/system/single/mcp.yml
new file mode 100644
index 0000000..850a7ac
--- /dev/null
+++ b/linux/system/single/mcp.yml
@@ -0,0 +1,48 @@
+classes:
+- system.linux.system.single.simple
+parameters:
+ linux:
+ system:
+ kernel:
+ modules:
+ - nf_conntrack
+ sysctl:
+ net.ipv4.tcp_keepalive_intvl: 3
+ net.ipv4.tcp_keepalive_time: 30
+ net.ipv4.tcp_keepalive_probes: 8
+ fs.file-max: 124165
+ net.core.somaxconn: 4096
+ vm.swappiness: 10
+ net.nf_conntrack_max: 1048576
+ net.ipv4.tcp_retries2: 5
+ net.ipv4.tcp_max_syn_backlog: 8192
+ net.ipv4.neigh.default.gc_thresh1: 4096
+ net.ipv4.neigh.default.gc_thresh2: 8192
+ net.ipv4.neigh.default.gc_thresh3: 16384
+ net.core.netdev_max_backlog: 261144
+ net.ipv4.tcp_tw_reuse: 1
+ kernel.panic: 60
+ cpu:
+ governor: performance
+ limit:
+ default:
+ enabled: true
+ domain: "*"
+ limits:
+ - type: hard
+ item: nofile
+ value: 307200
+ - type: soft
+ item: nofile
+ value: 307200
+ - type: soft
+ item: nproc
+ value: 307200
+ - type: hard
+ item: nproc
+ value: 307200
+ systemd:
+ system:
+ Manager:
+ DefaultLimitNOFILE: 307200
+ DefaultLimitNPROC: 307200
diff --git a/linux/system/single/simple.yml b/linux/system/single/simple.yml
new file mode 100644
index 0000000..8154439
--- /dev/null
+++ b/linux/system/single/simple.yml
@@ -0,0 +1,14 @@
+classes:
+- service.linux.system
+- system.linux.system.banner
+parameters:
+ _param:
+ local_package_repos: false
+ linux:
+ system:
+ local_package_repos: ${_param:local_package_repos}
+ timezone: UTC
+ locale:
+ en_US.UTF-8:
+ enabled: true
+ default: true
diff --git a/manila/control/cluster.yml b/manila/control/cluster.yml
index ff6ca10..7ea128b 100644
--- a/manila/control/cluster.yml
+++ b/manila/control/cluster.yml
@@ -10,6 +10,7 @@
api:
enabled: true
version: ${_param:openstack_version}
+ role: ${_param:openstack_node_role}
scheduler:
enabled: true
version: ${_param:openstack_version}
diff --git a/manila/control/single.yml b/manila/control/single.yml
index 3e14e96..262a158 100644
--- a/manila/control/single.yml
+++ b/manila/control/single.yml
@@ -9,6 +9,7 @@
api:
enabled: true
version: ${_param:openstack_version}
+ role: ${_param:openstack_node_role}
scheduler:
enabled: true
version: ${_param:openstack_version}
diff --git a/murano/server/cluster.yml b/murano/server/cluster.yml
index d698e7c..6c45f6d 100644
--- a/murano/server/cluster.yml
+++ b/murano/server/cluster.yml
@@ -8,6 +8,7 @@
server:
enabled: true
version: ${_param:murano_version}
+ role: ${_param:openstack_node_role}
bind:
address: ${_param:single_address}
port: 8082
diff --git a/murano/server/single.yml b/murano/server/single.yml
index c3da9f8..938263d 100644
--- a/murano/server/single.yml
+++ b/murano/server/single.yml
@@ -6,6 +6,7 @@
server:
enabled: true
version: ${_param:murano_version}
+ role: ${_param:openstack_node_role}
bind:
address: ${_param:single_address}
port: 8082
diff --git a/neutron/control/cluster.yml b/neutron/control/cluster.yml
index 166de3a..703f196 100644
--- a/neutron/control/cluster.yml
+++ b/neutron/control/cluster.yml
@@ -37,6 +37,7 @@
params: check inter 10s fastinter 2s downinter 3s rise 3 fall 3
neutron:
server:
+ role: ${_param:openstack_node_role}
plugin: contrail
identity:
protocol: ${_param:cluster_internal_protocol}
diff --git a/neutron/control/single.yml b/neutron/control/single.yml
index 067b4df..6196c0a 100644
--- a/neutron/control/single.yml
+++ b/neutron/control/single.yml
@@ -12,6 +12,7 @@
version: latest
neutron:
server:
+ role: ${_param:openstack_node_role}
database:
host: ${_param:single_address}
identity:
diff --git a/nova/client/flavor/vnf_onboarding/metaswitch_vsbc.yml b/nova/client/flavor/vnf_onboarding/metaswitch_vsbc.yml
index 636fc73..831811f 100644
--- a/nova/client/flavor/vnf_onboarding/metaswitch_vsbc.yml
+++ b/nova/client/flavor/vnf_onboarding/metaswitch_vsbc.yml
@@ -20,7 +20,7 @@
vcpus: 1
MetaswitchSSC:
ram: 4096
- disk: 40
+ disk: 80
vcpus: 2
backend.metaswitch:
ram: 2048
diff --git a/nova/control/cluster.yml b/nova/control/cluster.yml
index be5f775..90a2bae 100644
--- a/nova/control/cluster.yml
+++ b/nova/control/cluster.yml
@@ -30,6 +30,7 @@
ram_allocation_ratio: ${_param:nova_ram_allocation_ratio}
disk_allocation_ratio: ${_param:nova_disk_allocation_ratio}
workers: 8
+ role: ${_param:openstack_node_role}
bind:
private_address: ${_param:cluster_local_address}
public_address: ${_param:cluster_vip_address}
diff --git a/nova/control/novncproxy/init.yml b/nova/control/novncproxy/init.yml
deleted file mode 100644
index 3cd04b8..0000000
--- a/nova/control/novncproxy/init.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-classes:
-- system.salt.minion.cert.vnc.novncproxy_client
-parameters:
- nova:
- controller:
- novncproxy:
- tls:
- enabled: True
- key_file: ${_param:novncproxy_client_ssl_key_file}
- cert_file: ${_param:novncproxy_client_ssl_cert_file}
- ca_file: ${_param:novncproxy_ssl_ca_file}
- all_file: ${_param:nova_websocketproxy_ssl_all_file}
-
diff --git a/nova/control/novncproxy/tls/init.yml b/nova/control/novncproxy/tls/init.yml
new file mode 100644
index 0000000..717d55e
--- /dev/null
+++ b/nova/control/novncproxy/tls/init.yml
@@ -0,0 +1,16 @@
+classes:
+- system.salt.minion.cert.vnc.novncproxy_client
+- system.salt.minion.cert.vnc.novncproxy_server
+parameters:
+ _param:
+ nova_vnc_tls_enabled: true
+ nova:
+ controller:
+ # Communication between noVNC proxy and client machine over TLS
+ novncproxy:
+ tls:
+ enabled: ${_param:nova_vnc_tls_enabled}
+ # Only for Queens. Communication between noVNC proxy service and QEMU
+ vencrypt:
+ tls:
+ enabled: ${_param:nova_vnc_tls_enabled}
diff --git a/nova/control/single.yml b/nova/control/single.yml
index 07a3b01..4e3799b 100644
--- a/nova/control/single.yml
+++ b/nova/control/single.yml
@@ -11,6 +11,7 @@
version: latest
nova:
controller:
+ role: ${_param:openstack_node_role}
database:
host: ${_param:single_address}
identity:
diff --git a/octavia/api/cluster.yml b/octavia/api/cluster.yml
index 958f3d4..9e5d0c9 100644
--- a/octavia/api/cluster.yml
+++ b/octavia/api/cluster.yml
@@ -7,6 +7,7 @@
octavia:
api:
enabled: true
+ role: ${_param:openstack_node_role}
bind:
address: ${_param:cluster_local_address}
database:
diff --git a/octavia/api/single.yml b/octavia/api/single.yml
index a9d30a5..ff76e76 100644
--- a/octavia/api/single.yml
+++ b/octavia/api/single.yml
@@ -6,6 +6,7 @@
octavia:
api:
enabled: true
+ role: ${_param:openstack_node_role}
bind:
address: ${_param:single_address}
database:
diff --git a/openssh/server/team/networking.yml b/openssh/server/team/networking.yml
index 7e5f915..e4f5ea7 100644
--- a/openssh/server/team/networking.yml
+++ b/openssh/server/team/networking.yml
@@ -3,6 +3,9 @@
- system.openssh.server.team.members.pjediny
- system.openssh.server.team.members.skreys
- system.openssh.server.team.members.smatov
+- system.openssh.server.team.members.ivasilevskaya
+- system.openssh.server.team.members.jcach
+- system.openssh.server.team.members.psvimbersky
parameters:
_param:
linux_system_user_sudo: true
diff --git a/panko/server/cluster.yml b/panko/server/cluster.yml
index c258c9a..e277c30 100644
--- a/panko/server/cluster.yml
+++ b/panko/server/cluster.yml
@@ -11,6 +11,7 @@
panko_memcached_node03_address: ${_param:cluster_node03_address}
panko:
server:
+ role: ${_param:openstack_node_role}
identity:
host: ${_param:openstack_control_address}
database:
diff --git a/reclass/storage/system/openstack_baremetal_cluster.yml b/reclass/storage/system/openstack_baremetal_cluster.yml
index 71f6034..ff6592f 100644
--- a/reclass/storage/system/openstack_baremetal_cluster.yml
+++ b/reclass/storage/system/openstack_baremetal_cluster.yml
@@ -21,6 +21,7 @@
single_address: ${_param:openstack_baremetal_node01_address}
keepalived_vip_priority: 101
baremetal_address: ${_param:openstack_baremetal_node01_baremetal_address}
+ openstack_node_role: primary
openstack_baremetal_node02:
name: ${_param:openstack_baremetal_node02_hostname}
domain: ${_param:cluster_domain}
@@ -32,6 +33,7 @@
single_address: ${_param:openstack_baremetal_node02_address}
keepalived_vip_priority: 102
baremetal_address: ${_param:openstack_baremetal_node02_baremetal_address}
+ openstack_node_role: secondary
openstack_baremetal_node03:
name: ${_param:openstack_baremetal_node03_hostname}
domain: ${_param:cluster_domain}
@@ -43,5 +45,6 @@
single_address: ${_param:openstack_baremetal_node03_address}
keepalived_vip_priority: 103
baremetal_address: ${_param:openstack_baremetal_node03_baremetal_address}
+ openstack_node_role: secondary
diff --git a/reclass/storage/system/openstack_baremetal_single.yml b/reclass/storage/system/openstack_baremetal_single.yml
index 3b279b0..36e89d3 100644
--- a/reclass/storage/system/openstack_baremetal_single.yml
+++ b/reclass/storage/system/openstack_baremetal_single.yml
@@ -14,3 +14,4 @@
linux_system_codename: ${_param:linux_system_codename}
single_address: ${_param:openstack_baremetal_node01_address}
baremetal_address: ${_param:openstack_baremetal_node01_baremetal_address}
+ openstack_node_role: primary
diff --git a/reclass/storage/system/openstack_control_cluster.yml b/reclass/storage/system/openstack_control_cluster.yml
index 300a04c..e05b3e9 100644
--- a/reclass/storage/system/openstack_control_cluster.yml
+++ b/reclass/storage/system/openstack_control_cluster.yml
@@ -19,6 +19,7 @@
keepalived_vip_priority: 103
opencontrail_database_id: 1
rabbitmq_cluster_role: master
+ openstack_node_role: primary
openstack_control_node02:
name: ${_param:openstack_control_node02_hostname}
domain: ${_param:cluster_domain}
@@ -31,6 +32,7 @@
keepalived_vip_priority: 102
opencontrail_database_id: 2
rabbitmq_cluster_role: slave
+ openstack_node_role: secondary
openstack_control_node03:
name: ${_param:openstack_control_node03_hostname}
domain: ${_param:cluster_domain}
@@ -43,3 +45,4 @@
keepalived_vip_priority: 101
opencontrail_database_id: 3
rabbitmq_cluster_role: slave
+ openstack_node_role: secondary
diff --git a/reclass/storage/system/openstack_control_large.yml b/reclass/storage/system/openstack_control_large.yml
index 842e133..4ad2e90 100644
--- a/reclass/storage/system/openstack_control_large.yml
+++ b/reclass/storage/system/openstack_control_large.yml
@@ -19,6 +19,7 @@
linux_system_codename: ${_param:openstack_control_system_codename}
single_address: ${_param:openstack_control_node01_address}
keepalived_vip_priority: 105
+ openstack_node_role: primary
openstack_control_node02:
name: ${_param:openstack_control_node02_hostname}
domain: ${_param:cluster_domain}
@@ -29,6 +30,7 @@
linux_system_codename: ${_param:openstack_control_system_codename}
single_address: ${_param:openstack_control_node02_address}
keepalived_vip_priority: 104
+ openstack_node_role: secondary
openstack_control_node03:
name: ${_param:openstack_control_node03_hostname}
domain: ${_param:cluster_domain}
@@ -39,6 +41,7 @@
linux_system_codename: ${_param:openstack_control_system_codename}
single_address: ${_param:openstack_control_node03_address}
keepalived_vip_priority: 103
+ openstack_node_role: secondary
openstack_control_node04:
name: ${_param:openstack_control_node04_hostname}
domain: ${_param:cluster_domain}
@@ -49,6 +52,7 @@
linux_system_codename: ${_param:openstack_control_system_codename}
single_address: ${_param:openstack_control_node04_address}
keepalived_vip_priority: 102
+ openstack_node_role: secondary
openstack_control_node05:
name: ${_param:openstack_control_node05_hostname}
domain: ${_param:cluster_domain}
@@ -59,3 +63,4 @@
linux_system_codename: ${_param:openstack_control_system_codename}
single_address: ${_param:openstack_control_node05_address}
keepalived_vip_priority: 101
+ openstack_node_role: secondary
diff --git a/reclass/storage/system/openstack_control_single.yml b/reclass/storage/system/openstack_control_single.yml
index e7329da..fe5c870 100644
--- a/reclass/storage/system/openstack_control_single.yml
+++ b/reclass/storage/system/openstack_control_single.yml
@@ -14,3 +14,4 @@
salt_master_host: ${_param:reclass_config_master}
linux_system_codename: ${_param:openstack_control_system_codename}
single_address: ${_param:openstack_control_node01_address}
+ openstack_node_role: primary
diff --git a/reclass/storage/system/openstack_control_upgrade_single.yml b/reclass/storage/system/openstack_control_upgrade_single.yml
index e387062..b00cc81 100644
--- a/reclass/storage/system/openstack_control_upgrade_single.yml
+++ b/reclass/storage/system/openstack_control_upgrade_single.yml
@@ -14,3 +14,4 @@
salt_master_host: ${_param:reclass_config_master}
linux_system_codename: ${_param:openstack_upgrade_system_codename}
single_address: ${_param:openstack_upgrade_node01_address}
+ openstack_node_role: primary
diff --git a/reclass/storage/system/openstack_telemetry_cluster.yml b/reclass/storage/system/openstack_telemetry_cluster.yml
index 9dc6457..c33a8db 100644
--- a/reclass/storage/system/openstack_telemetry_cluster.yml
+++ b/reclass/storage/system/openstack_telemetry_cluster.yml
@@ -17,6 +17,7 @@
linux_system_codename: ${_param:openstack_telemetry_system_codename}
single_address: ${_param:openstack_telemetry_node01_address}
keepalived_vip_priority: 103
+ openstack_node_role: primary
openstack_telemetry_node02:
name: ${_param:openstack_telemetry_node02_hostname}
domain: ${_param:cluster_domain}
@@ -27,6 +28,7 @@
linux_system_codename: ${_param:openstack_telemetry_system_codename}
single_address: ${_param:openstack_telemetry_node02_address}
keepalived_vip_priority: 102
+ openstack_node_role: secondary
openstack_telemetry_node03:
name: ${_param:openstack_telemetry_node03_hostname}
domain: ${_param:cluster_domain}
@@ -37,3 +39,4 @@
linux_system_codename: ${_param:openstack_telemetry_system_codename}
single_address: ${_param:openstack_telemetry_node03_address}
keepalived_vip_priority: 101
+ openstack_node_role: secondary
diff --git a/sahara/server/cluster.yml b/sahara/server/cluster.yml
index cdb7b04..b01ab3d 100644
--- a/sahara/server/cluster.yml
+++ b/sahara/server/cluster.yml
@@ -9,6 +9,7 @@
enabled: true
version: ${_param:sahara_version}
notification: false
+ role: ${_param:openstack_node_role}
bind:
address: ${_param:single_address}
port: 8386
diff --git a/sahara/server/single.yml b/sahara/server/single.yml
index 01e7b38..fcb26c9 100644
--- a/sahara/server/single.yml
+++ b/sahara/server/single.yml
@@ -5,6 +5,7 @@
server:
enabled: true
version: ${_param:sahara_version}
+ role: ${_param:openstack_node_role}
bind:
host: ${_param:single_address}
port: 8386
diff --git a/salt/minion/ca/qemu-vnc_ca.yml b/salt/minion/ca/qemu-vnc_ca.yml
index 53778f1..a4583ad 100644
--- a/salt/minion/ca/qemu-vnc_ca.yml
+++ b/salt/minion/ca/qemu-vnc_ca.yml
@@ -21,7 +21,7 @@
signing_policy:
cert_server:
type: v3_edge_cert_server
- minions: 'cmp*'
+ minions: '*'
cert_client:
type: v3_edge_cert_client
minions: 'ctl*'
diff --git a/salt/minion/cert/vnc/novncproxy_client.yml b/salt/minion/cert/vnc/novncproxy_client.yml
index 7f695eb..9641611 100644
--- a/salt/minion/cert/vnc/novncproxy_client.yml
+++ b/salt/minion/cert/vnc/novncproxy_client.yml
@@ -5,11 +5,10 @@
novncproxy_client_ssl_key_file: /etc/pki/nova-novncproxy/client-key.pem
novncproxy_client_ssl_cert_file: /etc/pki/nova-novncproxy/client-cert.pem
novncproxy_ssl_ca_file: /etc/pki/nova-novncproxy/ca-cert.pem
- nova_websocketproxy_ssl_all_file: /var/lib/nova/self.pem
salt:
minion:
cert:
- libvirt_novnc_client:
+ novncproxy_novnc_client:
host: ${_param:salt_minion_ca_host}
authority: ${_param:qemu_vnc_ca_authority}
common_name: ${linux:system:name}.${_param:cluster_domain}
@@ -23,7 +22,6 @@
key_file: ${_param:novncproxy_client_ssl_key_file}
cert_file: ${_param:novncproxy_client_ssl_cert_file}
ca_file: ${_param:novncproxy_ssl_ca_file}
- all_file: ${_param:nova_websocketproxy_ssl_all_file}
user: nova
group: nova
mode: 640
diff --git a/salt/minion/cert/vnc/novncproxy_server.yml b/salt/minion/cert/vnc/novncproxy_server.yml
new file mode 100644
index 0000000..20c24e2
--- /dev/null
+++ b/salt/minion/cert/vnc/novncproxy_server.yml
@@ -0,0 +1,29 @@
+classes:
+- system.salt.minion.cert.vnc
+parameters:
+ _param:
+ novncproxy_server_ssl_key_file: /etc/pki/nova-novncproxy/server-key.pem
+ novncproxy_server_ssl_cert_file: /etc/pki/nova-novncproxy/server-cert.pem
+ novncproxy_ssl_ca_file: /etc/pki/nova-novncproxy/ca-cert.pem
+ salt:
+ minion:
+ cert:
+ novncproxy_novnc_server:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:qemu_vnc_ca_authority}
+ common_name: ${linux:system:name}.${_param:cluster_domain}
+ signing_policy: cert_server
+ alternative_names: >
+ IP:${_param:cluster_local_address},
+ IP:${_param:cluster_vip_address},
+ DNS:${_param:cluster_local_address},
+ DNS:${linux:system:name},
+ DNS:${_param:cluster_vip_address},
+ DNS:${linux:network:fqdn}
+ key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+ key_file: ${_param:novncproxy_server_ssl_key_file}
+ cert_file: ${_param:novncproxy_server_ssl_cert_file}
+ ca_file: ${_param:novncproxy_ssl_ca_file}
+ user: nova
+ group: nova
+ mode: 640