Merge "Adding approval to use getTime java method"
diff --git a/.releasenotes/notes/add-mysql-cert-definition-c6a2e6445020d66f.yaml b/.releasenotes/notes/add-mysql-cert-definition-c6a2e6445020d66f.yaml
new file mode 100644
index 0000000..06398e1
--- /dev/null
+++ b/.releasenotes/notes/add-mysql-cert-definition-c6a2e6445020d66f.yaml
@@ -0,0 +1,19 @@
+---
+features:
+ - |
+ Added a system class to generate certificates and keys for MySQL.
+
+ **To generate files:**
+
+ #. Include the class to the Reclass model of your deployment:
+
+ .. code-block:: yaml
+
+ classes:
+ - system.salt.minion.cert.mysql.server
+
+ #. Apply the :command:`salt.minion.cert` Salt state:
+
+ .. code-block:: bash
+
+ salt '*' state.sls salt.minion.cert
diff --git a/.releasenotes/notes/remove-repo-includes-from-system-d4af8a0ac985d4e5.yaml b/.releasenotes/notes/remove-repo-includes-from-system-d4af8a0ac985d4e5.yaml
new file mode 100644
index 0000000..8ab3536
--- /dev/null
+++ b/.releasenotes/notes/remove-repo-includes-from-system-d4af8a0ac985d4e5.yaml
@@ -0,0 +1,19 @@
+---
+summary: >
+ Removed included classes for linux.system.repo from the system level reclass
+ model because they were breaking installation from local repos.
+features:
+ - |
+ Added linux.system.repo definition for MAAS.
+deprecations:
+ - |
+ Removed:
+ - system.linux.system.repo.mcp.salt from salt/master/pkg.yml
+ - system.linux.system.repo.docker from docker/host.yml
+ - service.maas.region.vendor_repo from maas/region/single.yml
+
+ These repos should be added to appropriate cluster level classes. New cluster
+ models from Cookiecutter have them already included.
+fixes:
+ - |
+ MCP deployments can now be installed from local repositories without problems.
\ No newline at end of file
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
index 4fd75aa..35dcda3 100644
--- a/CHANGELOG.rst
+++ b/CHANGELOG.rst
@@ -1,6 +1,8 @@
Changelog
==========
+* 2017-05-22 Petr Michalec <pmichalec@mirantis.com}
+- enable galera cluster check script for haproxy, require salt-formula-galera >= MCP 1.1
* 2017-03-03 Tomáš Kukrál <tkukral@mirantis.com}
- change default Salt-API port to 6969
diff --git a/aptly/server/docker.yml b/aptly/server/docker.yml
index 4e70a92..c33f169 100644
--- a/aptly/server/docker.yml
+++ b/aptly/server/docker.yml
@@ -8,13 +8,15 @@
aptly_gpg_private_key: none
aptly_server_mirror_sources: false
aptly_server_mirror_ubuntu_sources: ${_param:aptly_server_mirror_sources}
+ docker_image_aptly:
+ base: tcpcloud/aptly
aptly:
server:
enabled: true
secure: ${_param:aptly_server_secure}
source:
engine: docker
- image: tcpcloud/aptly
+ image: ${_param:docker_image_aptly:base}
user:
uid: 501
gid: 501
diff --git a/aptly/server/mirror/debian/aptly.yml b/aptly/server/mirror/debian/aptly.yml
index d4e4a61..ce05ee6 100644
--- a/aptly/server/mirror/debian/aptly.yml
+++ b/aptly/server/mirror/debian/aptly.yml
@@ -3,7 +3,7 @@
mirror_aptly_source: http://repo.aptly.info/
mirror_aptly_distribution: squeeze
mirror_aptly_components: main
- mirrot_aptly_gpgkeys:
+ mirror_aptly_gpgkeys:
- 9C7DE460
aptly:
server:
diff --git a/designate/server/backend/pdns.yml b/designate/server/backend/pdns.yml
index 50ec3a2..45ad0b7 100644
--- a/designate/server/backend/pdns.yml
+++ b/designate/server/backend/pdns.yml
@@ -1,3 +1,5 @@
+classes:
+- service.powerdns.server.single
parameters:
designate:
server:
@@ -7,7 +9,6 @@
api_endpoint: ${_param:designate_pdns_api_endpoint}
powerdns:
server:
- enabled: true
bind:
address: ${_param:single_address}
port: 53
diff --git a/devops_portal/service/rundeck.yml b/devops_portal/service/rundeck.yml
index 946e0c2..542974e 100644
--- a/devops_portal/service/rundeck.yml
+++ b/devops_portal/service/rundeck.yml
@@ -1,4 +1,8 @@
parameters:
+ _param:
+ oss_rundeck_user: ${_param:rundeck_admin_username}
+ oss_rundeck_password: ${_param:rundeck_admin_password}
+ oss_rundeck_token: ${_param:rundeck_admin_token}
devops_portal:
config:
service:
@@ -10,9 +14,9 @@
proxy_read_timeout: 300
send_timeout: 300
credentials:
- username: ${_param:rundeck_admin_username}
- password: ${_param:rundeck_admin_password}
- token: ${_param:rundeck_admin_token}
+ username: ${_param:oss_rundeck_user}
+ password: ${_param:oss_rundeck_password}
+ token: ${_param:oss_rundeck_token}
endpoint:
address: ${_param:haproxy_rundeck_bind_host}
port: ${_param:haproxy_rundeck_bind_port}
diff --git a/devops_portal/service/security_monkey.yml b/devops_portal/service/security_monkey.yml
index 9fce180..36b79f6 100644
--- a/devops_portal/service/security_monkey.yml
+++ b/devops_portal/service/security_monkey.yml
@@ -1,4 +1,7 @@
parameters:
+ _param:
+ oss_security_monkey_user: ${_param:security_monkey_user}
+ oss_security_monkey_password: ${_param:security_monkey_password}
devops_portal:
config:
service:
@@ -14,5 +17,5 @@
port: ${_param:security_monkey_bind_port}
https: ${_param:security_monkey_ssl:enabled}
credentials:
- username: ${_param:security_monkey_user}
- password: ${_param:security_monkey_password}
+ username: ${_param:oss_security_monkey_user}
+ password: ${_param:oss_security_monkey_password}
diff --git a/docker/client.yml b/docker/client.yml
index 4691ddb..df11493 100644
--- a/docker/client.yml
+++ b/docker/client.yml
@@ -1,10 +1,12 @@
classes:
- service.docker.client
parameters:
+ _param:
+ docker_image_compose: docker/compose:1.8.0
docker:
client:
enabled: true
compose:
source:
engine: docker
- image: "docker/compose:1.8.0"
+ image: ${_param:docker_image_compose}
diff --git a/docker/host.yml b/docker/host.yml
index 853a5d2..7e5fb8c 100644
--- a/docker/host.yml
+++ b/docker/host.yml
@@ -1,6 +1,5 @@
classes:
- service.docker.host
- - system.linux.system.repo.docker
parameters:
docker:
host:
diff --git a/galera/server/cluster.yml b/galera/server/cluster.yml
index f1c3a48..1ab0aae 100644
--- a/galera/server/cluster.yml
+++ b/galera/server/cluster.yml
@@ -1,4 +1,20 @@
classes:
- service.keepalived.cluster.single
- service.haproxy.proxy.single
-- system.haproxy.proxy.listen.openstack.galera
\ No newline at end of file
+- system.haproxy.proxy.listen.openstack.galera
+parameters:
+ galera:
+ clustercheck:
+ enabled: True
+ user: clustercheck
+ password: clustercheck
+ port: 9200
+ available_when_donor: 0
+ available_when_readonly: 0
+ mysql:
+ server:
+ users:
+ - name: clustercheck
+ password: clustercheck
+ database: '*.*'
+ grants: PROCESS
diff --git a/haproxy/proxy/listen/openstack/galera/clustercheck.yml b/haproxy/proxy/listen/openstack/galera/clustercheck.yml
new file mode 100644
index 0000000..f09e404
--- /dev/null
+++ b/haproxy/proxy/listen/openstack/galera/clustercheck.yml
@@ -0,0 +1,12 @@
+parameters:
+ _param:
+ haproxy_params_check: 'check port 9200'
+ haproxy:
+ proxy:
+ listen:
+ mysql_cluster:
+ # mysql clustercheck service at port 9200 is in conflict
+ # with regular haproxy mysql-check option on port 3306
+ health-check:
+ mysql:
+ enabled: False
diff --git a/haproxy/proxy/listen/openstack/galera.yml b/haproxy/proxy/listen/openstack/galera/init.yml
similarity index 67%
rename from haproxy/proxy/listen/openstack/galera.yml
rename to haproxy/proxy/listen/openstack/galera/init.yml
index 7298cfc..c9bd41c 100644
--- a/haproxy/proxy/listen/openstack/galera.yml
+++ b/haproxy/proxy/listen/openstack/galera/init.yml
@@ -1,4 +1,6 @@
parameters:
+ _param:
+ haproxy_params_check: 'check'
haproxy:
proxy:
timeout:
@@ -19,12 +21,12 @@
- name: ${_param:cluster_node01_hostname}
host: ${_param:cluster_node01_address}
port: 3306
- params: check inter 20s fastinter 2s downinter 2s rise 3 fall 3
+ params: ${_param:haproxy_params_check} inter 20s fastinter 2s downinter 2s rise 3 fall 3
- name: ${_param:cluster_node02_hostname}
host: ${_param:cluster_node02_address}
port: 3306
- params: backup check inter 20s fastinter 2s downinter 2s rise 3 fall 3
+ params: backup ${_param:haproxy_params_check} inter 20s fastinter 2s downinter 2s rise 3 fall 3
- name: ${_param:cluster_node03_hostname}
host: ${_param:cluster_node03_address}
port: 3306
- params: backup check inter 20s fastinter 2s downinter 2s rise 3 fall 3
+ params: backup ${_param:haproxy_params_check} inter 20s fastinter 2s downinter 2s rise 3 fall 3
diff --git a/jenkins/client/approved_scripts.yml b/jenkins/client/approved_scripts.yml
index 97c8593..daafadd 100644
--- a/jenkins/client/approved_scripts.yml
+++ b/jenkins/client/approved_scripts.yml
@@ -100,6 +100,7 @@
- staticMethod java.util.regex.Pattern quote java.lang.String
- staticMethod java.util.stream.Collectors joining java.lang.CharSequence
- staticMethod jenkins.model.Jenkins getInstance
+ - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods asBoolean java.util.regex.Matcher
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods collect java.util.Map groovy.lang.Closure
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods eachFile java.io.File groovy.io.FileType groovy.lang.Closure
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods find java.util.Collection groovy.lang.Closure
diff --git a/jenkins/client/job/ceph/add-osd-host.yml b/jenkins/client/job/ceph/add-node.yml
similarity index 72%
rename from jenkins/client/job/ceph/add-osd-host.yml
rename to jenkins/client/job/ceph/add-node.yml
index 0c7b629..6ae22ad 100644
--- a/jenkins/client/job/ceph/add-osd-host.yml
+++ b/jenkins/client/job/ceph/add-node.yml
@@ -5,7 +5,7 @@
ceph-remove-osd:
type: workflow-scm
concurrent: true
- display_name: "Ceph - add OSD host"
+ display_name: "Ceph - add node"
discard:
build:
keep_num: 50
@@ -13,7 +13,7 @@
type: git
url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
credentials: "gerrit"
- script: ceph-add-osd-host.groovy
+ script: ceph-add-node.groovy
param:
# general parameters
SALT_MASTER_URL:
@@ -26,4 +26,9 @@
default: salt
HOST:
type: string
- description: OSD HOST that will be added to Ceph cluster
+ description: OSD HOST that will be added to Ceph cluster (rgw04*)
+ default: 'rgw04*'
+ HOST_TYPE:
+ type: string
+ description: Type of Ceph node to be added. Valid values are mon/osd/rgw
+ default: 'rgw'
diff --git a/jenkins/client/job/ceph/init.yml b/jenkins/client/job/ceph/init.yml
index 4434e09..4cfc6db 100644
--- a/jenkins/client/job/ceph/init.yml
+++ b/jenkins/client/job/ceph/init.yml
@@ -1,3 +1,6 @@
classes:
- system.jenkins.client.job.ceph.remove-osd
-- system.jenkins.client.job.ceph.add-osd-host
+- system.jenkins.client.job.ceph.replace-failed-osd
+- system.jenkins.client.job.ceph.add-node
+- system.jenkins.client.job.ceph.remove-node
+
diff --git a/jenkins/client/job/ceph/remove-node.yml b/jenkins/client/job/ceph/remove-node.yml
new file mode 100644
index 0000000..9ba449c
--- /dev/null
+++ b/jenkins/client/job/ceph/remove-node.yml
@@ -0,0 +1,46 @@
+parameters:
+ jenkins:
+ client:
+ job:
+ ceph-remove-osd:
+ type: workflow-scm
+ concurrent: true
+ display_name: "Ceph - remove node"
+ discard:
+ build:
+ keep_num: 50
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+ credentials: "gerrit"
+ script: ceph-remove-node.groovy
+ param:
+ # general parameters
+ SALT_MASTER_URL:
+ type: string
+ description: URL of Salt master
+ default: "http://${_param:salt_master_host}:6969"
+ SALT_MASTER_CREDENTIALS:
+ type: string
+ description: Credentials for login to Salt API
+ default: salt
+ HOST:
+ type: string
+ description: OSD HOST that will be removed from Ceph cluster (rgw04*)
+ default: 'rgw04*'
+ HOST_TYPE:
+ type: string
+ description: Type of Ceph node to be removed. Valid values are mon/osd/rgw
+ default: 'rgw'
+ ADMIN_HOST:
+ type: string
+ description: Host with admin keyring and access to cluster management
+ default: 'cmn01*'
+ GENERATE_CRUSHMAP:
+ type: boolean
+ default: 'false'
+ description: Only if removing OSD host. Set to true if crush map file should be updated. Enforce has to happen manually unless it is specifically set to be enforced in pillar.
+ WAIT_FOR_HEALTHY:
+ type: boolean
+ default: 'false'
+ description: Wait for healthy during pipeline
diff --git a/jenkins/client/job/ceph/replace-failed-osd.yml b/jenkins/client/job/ceph/replace-failed-osd.yml
new file mode 100644
index 0000000..50e644b
--- /dev/null
+++ b/jenkins/client/job/ceph/replace-failed-osd.yml
@@ -0,0 +1,57 @@
+parameters:
+ jenkins:
+ client:
+ job:
+ ceph-remove-osd:
+ type: workflow-scm
+ concurrent: true
+ display_name: "Ceph - replace failed OSD"
+ discard:
+ build:
+ keep_num: 50
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+ credentials: "gerrit"
+ script: ceph-replace-failed-osd.groovy
+ param:
+ # general parameters
+ SALT_MASTER_URL:
+ type: string
+ description: URL of Salt master
+ default: "http://${_param:salt_master_host}:6969"
+ SALT_MASTER_CREDENTIALS:
+ type: string
+ description: Credentials for login to Salt API
+ default: salt
+ HOST:
+ type: string
+ description: Failed OSDs on this HOST will replaced
+ OSD:
+ type: string
+ description: These OSD IDs at HOST will be replaced (comma-separated list - 1,2,3)
+ DEVICE:
+ type: string
+ description: Comma separated list of failed devices that will be replaced at HOST (/dev/sdb,/dev/sdc)
+ JOURNAL_OR_BLOCKDB_PARTITION:
+ type: string
+ description: Comma separated list of partitions where journal or block_db for the failed devices on this HOST were stored (/dev/sdh2,/dev/sdh3)
+ ADMIN_HOST:
+ type: string
+ description: Host with admin keyring and correct crushmap file in /etc/ceph/crushmap
+ default: 'cmn01*'
+ ENFORCE_CRUSHMAP:
+ type: boolean
+ default: 'false'
+ description: Set to true if the prepared crush map should be enforced
+ WAIT_FOR_PG_REBALANCE:
+ type: boolean
+ default: 'true'
+ description: Wait for PGs to rebalance after osd is removed from crush map
+ WAIT_FOR_HEALTHY:
+ type: boolean
+ default: 'false'
+ description: Wait for healthy during pipeline
+ CLUSTER_FLAGS:
+ type: string
+ description: Flags to be aplied before pipeline and after pipeline (comma-separated list)
diff --git a/jenkins/client/job/deploy/lab/deploy.yml b/jenkins/client/job/deploy/lab/deploy.yml
index e64858a..108e30d 100644
--- a/jenkins/client/job/deploy/lab/deploy.yml
+++ b/jenkins/client/job/deploy/lab/deploy.yml
@@ -27,6 +27,9 @@
ASK_ON_ERROR:
type: boolean
default: 'false'
+ SLAVE_NODE:
+ type: string
+ default: 'python'
# deployments
STACK_NAME:
diff --git a/jenkins/client/job/deploy/lab/init.yml b/jenkins/client/job/deploy/lab/init.yml
index 0fce66b..52ec947 100644
--- a/jenkins/client/job/deploy/lab/init.yml
+++ b/jenkins/client/job/deploy/lab/init.yml
@@ -12,6 +12,7 @@
- system.jenkins.client.job.deploy.lab.component.kubernetes
- system.jenkins.client.job.deploy.lab.component.openstack
- system.jenkins.client.job.deploy.lab.component.stacklight
+ - system.jenkins.client.job.deploy.lab.ironic
parameters:
jenkins:
diff --git a/jenkins/client/job/deploy/lab/ironic.yml b/jenkins/client/job/deploy/lab/ironic.yml
new file mode 100644
index 0000000..8c397cf
--- /dev/null
+++ b/jenkins/client/job/deploy/lab/ironic.yml
@@ -0,0 +1,79 @@
+parameters:
+ jenkins:
+ client:
+ job:
+ ironic_node_provision:
+ concurrent: true
+ discard:
+ build:
+ keep_num: 20
+ display_name: Ironic - provision nodes
+ name: ironic-provision-nodes
+ param:
+ ASK_ON_ERROR:
+ default: 'false'
+ type: boolean
+ HEAT_STACK_ZONE:
+ default: mcp-mk
+ type: string
+ OPENSTACK_API_CLIENT:
+ default: ''
+ type: string
+ OPENSTACK_API_CREDENTIALS:
+ default: openstack-devcloud-credentials
+ type: string
+ OPENSTACK_API_PROJECT:
+ default: mcp-mk
+ type: string
+ OPENSTACK_API_PROJECT_DOMAIN:
+ default: default
+ type: string
+ OPENSTACK_API_PROJECT_ID:
+ default: ''
+ type: string
+ OPENSTACK_API_URL:
+ default: https://cloud-cz.bud.mirantis.net:5000
+ type: string
+ OPENSTACK_API_USER_DOMAIN:
+ default: default
+ type: string
+ OPENSTACK_API_USER_DOMAIN_ID:
+ default: default
+ type: string
+ OPENSTACK_API_VERSION:
+ default: '3'
+ type: string
+ ENV_NAME:
+ type: string
+ SALT_MASTER_CREDENTIALS:
+ default: salt-qa-credentials
+ type: string
+ SALT_MASTER_URL:
+ default: ''
+ type: string
+ STACK_TYPE:
+ default: heat
+ type: string
+ IRONIC_AUTHORIZATION_PROFILE:
+ default: admin_identity
+ type: string
+ IRONIC_DEPLOY_NODES:
+ default: ''
+ type: string
+ IRONIC_DEPLOY_PROFILE:
+ default: ''
+ type: string
+ IRONIC_DEPLOY_TIMEOUT:
+ default: '60'
+ type: string
+ IRONIC_DEPLOY_PARTITION_PROFILE:
+ default: ''
+ type: string
+ RUN_TARGET:
+ default: 'I@ironic:client and *01*'
+ type: string
+ scm:
+ script: ironic-node-provision-pipeline.groovy
+ type: git
+ url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+ type: workflow-scm
diff --git a/jenkins/client/job/deploy/update/init.yml b/jenkins/client/job/deploy/update/init.yml
index 6b0aebd..4d77c7b 100644
--- a/jenkins/client/job/deploy/update/init.yml
+++ b/jenkins/client/job/deploy/update/init.yml
@@ -3,6 +3,7 @@
- system.jenkins.client.job.deploy.update.config
- system.jenkins.client.job.deploy.update.saltenv
- system.jenkins.client.job.deploy.update.update_salt_environment
+ - system.jenkins.client.job.deploy.update.update_mirror_image
- system.jenkins.client.job.deploy.update.upgrade
- system.jenkins.client.job.deploy.update.upgrade_compute
- system.jenkins.client.job.deploy.update.upgrade_ovs_gateway
diff --git a/jenkins/client/job/deploy/update/update_mirror_image.yml b/jenkins/client/job/deploy/update/update_mirror_image.yml
new file mode 100644
index 0000000..75363db
--- /dev/null
+++ b/jenkins/client/job/deploy/update/update_mirror_image.yml
@@ -0,0 +1,25 @@
+#
+# Jobs to update Salt master environment (formulas and models)
+#
+parameters:
+ _param:
+ jenkins_salt_api_url: "http://${_param:salt_master_host}:6969"
+ jenkins:
+ client:
+ job:
+ deploy-update-mirror-image:
+ type: workflow-scm
+ concurrent: true
+ display_name: "Deploy - update mirror image"
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+ credentials: "gerrit"
+ script: update-mirror-image.groovy
+ param:
+ SALT_MASTER_URL:
+ type: string
+ default: "${_param:jenkins_salt_api_url}"
+ SALT_MASTER_CREDENTIALS:
+ type: string
+ default: "salt"
\ No newline at end of file
diff --git a/jenkins/client/job/k8s-test/init.yml b/jenkins/client/job/k8s-test/init.yml
index 0157bb8..0cdaa09 100644
--- a/jenkins/client/job/k8s-test/init.yml
+++ b/jenkins/client/job/k8s-test/init.yml
@@ -1,2 +1,3 @@
classes:
-- system.jenkins.client.job.k8s-test.mcp-k8s-test-pipeline
\ No newline at end of file
+- system.jenkins.client.job.k8s-test.mcp-k8s-test-pipeline
+- system.jenkins.client.job.k8s-test.mcp-k8s-merge-pipeline
\ No newline at end of file
diff --git a/jenkins/client/job/k8s-test/mcp-k8s-merge-pipeline.yml b/jenkins/client/job/k8s-test/mcp-k8s-merge-pipeline.yml
new file mode 100644
index 0000000..f209aa2
--- /dev/null
+++ b/jenkins/client/job/k8s-test/mcp-k8s-merge-pipeline.yml
@@ -0,0 +1,36 @@
+parameters:
+ jenkins:
+ client:
+ job:
+ mcp_k8s_merge_pipeline:
+ type: workflow-scm
+ name: mcp-k8s-merge-pipeline
+ display_name: "Kubernetes merge pipeline"
+ discard:
+ build:
+ keep_num: 20
+ concurrent: false
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/kubernetes-ci/kubernetes-pipelines"
+ credentials: "gerrit"
+ script: pipelines/mcp-k8s-test-pipeline.groovy
+ trigger:
+ gerrit:
+ project:
+ kubernetes/kubernetes:
+ branches:
+ - compare_type: "ANT"
+ name: "**mcp**"
+ message:
+ build_successful: "Build successful"
+ build_unstable: "Build unstable"
+ build_failure: "Build failed"
+ event:
+ change:
+ - merged
+ param:
+ KUBE_DOCKER_REGISTRY:
+ type: string
+ default: 'docker-dev-local.docker.mirantis.net'
+ description: 'Docker registry for binaries and images'
diff --git a/jenkins/client/job/k8s-test/mcp-k8s-test-pipeline.yml b/jenkins/client/job/k8s-test/mcp-k8s-test-pipeline.yml
index 645b80d..8490ee7 100644
--- a/jenkins/client/job/k8s-test/mcp-k8s-test-pipeline.yml
+++ b/jenkins/client/job/k8s-test/mcp-k8s-test-pipeline.yml
@@ -35,10 +35,13 @@
comment:
- addedContains:
commentAddedCommentContains: '(recheck|reverify)'
+ override-votes:
+ gerritBuildUnstableVerifiedValue: 1
+ gerritBuildUnstableCodeReviewValue: 1
param:
KUBE_DOCKER_REGISTRY:
type: string
- default: 'docker-dev-virtual.docker.mirantis.net'
+ default: 'docker-dev-local.docker.mirantis.net'
description: 'Docker registry for binaries and images'
CALICO_DOCKER_REGISTRY:
type: string
@@ -46,16 +49,8 @@
description: 'Docker registry for published Calico images'
K8S_BASE_IMAGE:
type: string
- default: '{docker-prod-virtual}/mirantis/base-images/debian-base:20161223134732'
+ default: 'mirantis/base-images/debian-base:20161223134732'
description: 'Base Docker image to build k8s'
- DOCKER_IMAGE_UNIT:
- type: string
- default: '{docker-prod-virtual}/mirantis/k8s-tests-images/k8s-tests-unit:latest'
- desription: 'Docker image for k8s unit tests'
- DOCKER_IMAGE_INTEGRATION:
- type: string
- default: '{docker-prod-virtual}/mirantis/k8s-tests-images/k8s-tests-integration:latest'
- desription: 'Docker image for k8s integration tests'
CALICO_CNI_IMAGE_REPO:
type: string
default: 'calico/cni'
diff --git a/jenkins/client/job/oscore/tests.yml b/jenkins/client/job/oscore/tests.yml
index 4897cb0..c8287ac 100644
--- a/jenkins/client/job/oscore/tests.yml
+++ b/jenkins/client/job/oscore/tests.yml
@@ -15,7 +15,7 @@
scm:
type: git
url: "${_param:jenkins_gerrit_url}/openstack-ci/openstack-pipelines.git"
- credentials: "mcp-gerrit"
+ credentials: "gerrit"
branch: 'master'
script: test-openstack-component-pipeline.groovy
trigger:
@@ -26,7 +26,7 @@
HEAT_STACK_ZONE:
type: string
description: AZ
- default: 'mcp-oscore'
+ default: "mcp-oscore-ci"
OPENSTACK_VERSION:
type: string
description: Version of openstack to test
@@ -83,7 +83,7 @@
default: "openstack-devcloud-credentials"
OPENSTACK_API_PROJECT:
type: string
- default: "mcp-oscore"
+ default: "mcp-oscore-ci"
OPENSTACK_API_PROJECT_DOMAIN:
type: string
default: "default"
@@ -137,7 +137,7 @@
scm:
type: git
url: "${_param:jenkins_gerrit_url}/openstack-ci/openstack-pipelines.git"
- credentials: "mcp-gerrit"
+ credentials: "gerrit"
branch: 'master'
script: run-openstack-tests.groovy
param:
@@ -181,6 +181,10 @@
TEST_TEMPEST_PATTERN:
type: string
description: Run tests matched to pattern only
+ TEST_TEMPEST_CONCURRENCY:
+ type: string
+ description: How much test threads to run
+ default: "2"
TEST_MODEL:
type: string
description: Environment salt model
@@ -205,7 +209,7 @@
scm:
type: git
url: "${_param:jenkins_gerrit_url}/openstack-ci/openstack-pipelines.git"
- credentials: "mcp-gerrit"
+ credentials: "gerrit"
branch: 'master'
script: process-openstack-test-results.groovy
param:
@@ -265,3 +269,84 @@
type: string
description: Tests pass rate to consider build successful
default: "90"
+ deploy-kvm-virtual-template:
+ name: "{{job_prefix}}-deploy-kvm-VMs"
+ template:
+ discard:
+ build:
+ keep_num: 30
+ artifact:
+ keep_num: 30
+ type: workflow-scm
+ concurrent: true
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/openstack-ci/openstack-pipelines.git"
+ credentials: "gerrit"
+ branch: 'master'
+ script: deploy-kvm-pipeline.groovy
+ param:
+ # general
+ STACK_NAME:
+ type: string
+ description: "VM prefix name"
+ default: "kvm-aio-node"
+ TEMPLATE:
+ type: choice
+ choices:
+ - AIO
+ - Multi
+ default: "AIO"
+ DEPLOY_OPENSTACK:
+ type: boolean
+ default: 'false'
+ description: "Enable it if openstack deployment is required"
+ JOB_DEP_NAME:
+ type: string
+ default:
+ description: "Name of the job to deploy openstack"
+ DESTROY_ENV:
+ type: boolean
+ default: 'false'
+ description: "Enable if env have to be destoyed."
+ CREATE_ENV:
+ type: boolean
+ default: 'true'
+ description: "Enable it if KVM VM have to be created."
+ STACK_DELETE:
+ type: boolean
+ default: 'false'
+ description: "Enable it if KVM VM have to be deleted."
+ STACK_TYPE:
+ type: string
+ default: "{{stack_type}}"
+ OPENSTACK_API_PROJECT:
+ type: string
+ default: "mcp-oscore-ci"
+ HEAT_STACK_ZONE:
+ type: string
+ description: AZ
+ default: "mcp-oscore-ci"
+ STACK_INSTALL:
+ type: string
+ description: components to install
+ default: 'core,openstack,ovs'
+ STACK_TEST:
+ type: string
+ description: Job for environment deployment
+ default: ''
+ # salt
+ SALT_MASTER_CREDENTIALS:
+ type: string
+ default: "salt-qa-credentials"
+ SALT_MASTER_URL:
+ type: string
+ default: ""
+ SALT_OVERRIDES:
+ type: text
+ default: ""
+ description: YAML with overrides for Salt deployment
+ TEST_MODEL:
+ type: string
+ description: Environment salt model
+ default: "{{model}}"
diff --git a/linux/system/repo/maas.yml b/linux/system/repo/maas.yml
new file mode 100644
index 0000000..d36784e
--- /dev/null
+++ b/linux/system/repo/maas.yml
@@ -0,0 +1,7 @@
+parameters:
+ linux:
+ system:
+ repo:
+ maas:
+ source: deb http://ppa.launchpad.net/maas/stable/ubuntu xenial main
+ key_url: salt://maas/files/vendor_key.gpg
\ No newline at end of file
diff --git a/maas/region/single.yml b/maas/region/single.yml
index 2bf9469..20779aa 100644
--- a/maas/region/single.yml
+++ b/maas/region/single.yml
@@ -1,7 +1,6 @@
classes:
- service.maas.region.single
- service.maas.cluster.single
- - service.maas.region.vendor_repo
parameters:
_param:
maas_admin_username: mirantis
diff --git a/openssh/server/team/members/listomin.yml b/openssh/server/team/members/listomin.yml
new file mode 100644
index 0000000..4a22a23
--- /dev/null
+++ b/openssh/server/team/members/listomin.yml
@@ -0,0 +1,20 @@
+parameters:
+ linux:
+ system:
+ user:
+ listomin:
+ enabled: true
+ name: listomin
+ sudo: ${_param:linux_system_user_sudo}
+ full_name: Leontii Istomin
+ home: /home/listomin
+ email: listomin@mirantis.com
+ openssh:
+ server:
+ enabled: true
+ user:
+ listomin:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCkiHTkB53cYMFqNsKjEa1W+O3KpSRk26zCQtNsJO4KrNTSuROcpSjSGLUL55YgjBzVUUo88WNFJgu5e3oJNmXpWcfyRa2LoQyhAws6LxsGb5hH0YWB34w4uzvcHIpO5QNGmHIMaczdS721cgGMygBla32putV13gZE/y2ucFh4oza5lRuY5GZm2i1iTaDV5QqamDeYC3venjTtnXXuZbsW0Mkyn8mPXe5d3/FYSKLBGGCELnxpyopfpuCBsQEPSuYIz7EWsLCCjKgUrYZ4Uu5Sg5Ifs+Z0lSQR7/wbraDoGSyrubBHP3ub57lJvQ5kvNyKnT+BwGpoF8V+oMuoqR4l listomin@listomin-laptop
+ user: ${linux:system:user:listomin}
\ No newline at end of file
diff --git a/openssh/server/team/members/obasov.yml b/openssh/server/team/members/obasov.yml
new file mode 100644
index 0000000..8f58212
--- /dev/null
+++ b/openssh/server/team/members/obasov.yml
@@ -0,0 +1,20 @@
+parameters:
+ linux:
+ system:
+ user:
+ obasov:
+ enabled: true
+ name: obasov
+ sudo: ${_param:linux_system_user_sudo}
+ full_name: Oleg Basov
+ home: /home/obasov
+ email: obasov@mirantis.com
+ openssh:
+ server:
+ enabled: true
+ user:
+ obasov:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCkbt+z214gkpRTA1Fso0ltxDq37Cu0l75stLO9eIPh9Gd38MliXB5NpJsGk3b521y/a2fdIKMfzwlt3WpC/cgx16l2PesEt4b/ASHYiHNtoGPxbcDRfgcamAsUyUyPtKjbBJJJ2aPfYRRhnEDOZwA3P6ITvpfzj4I24Y46j1H+qmi8gKzFTZpj0EobaPTi/sRztuVLspTy3MntcIwGBJMZCaz0jifYLEEFdEQRHdaZy5L2/2jv7GVECBRd0ucHr+zSM1uV4LQbQVCuGquTn05GZBpwgtMyfwhm7ySMsewZpssVReDha+0WVpNiftKcyBAjXdUsLAgZqeaAz4exey1r olegeech@ns1.sytkovo.su
+ user: ${linux:system:user:obasov}
\ No newline at end of file
diff --git a/openssh/server/team/members/sgalkin.yml b/openssh/server/team/members/sgalkin.yml
new file mode 100644
index 0000000..1388ebc
--- /dev/null
+++ b/openssh/server/team/members/sgalkin.yml
@@ -0,0 +1,20 @@
+parameters:
+ linux:
+ system:
+ user:
+ sgalkin:
+ enabled: true
+ name: sgalkin
+ sudo: ${_param:linux_system_user_sudo}
+ full_name: Sergey Galkin
+ home: /home/sgalkin
+ email: sgalkin@mirantis.com
+ openssh:
+ server:
+ enabled: true
+ user:
+ sgalkin:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAyaEWaI1tkQiWHIB/pHZ6jrZyN7fQDxYodhT54rtbFcwnxGM0L1PuL1WcHGB9GJgWwOe7FE+9/kGxAuabjiFjg/NagdtAOfBp2b9+9sYCc8luJxIicTXHI5fY/tVW28OL8s51cw3Gr2m0atRDxKpb8Zv78qfYSSaENB9vq02IYu4Cr1CLEB6Zawm9iRq9ahMwWfslwIii4wKFuWcgjT6spMiHNkUwIYwxdFlCUh3gEhJYfwhe3LpoAvHmBESW0hdEj0S9YgTByBRgKkKrh98irf6B4DVOLWQLudLjAl59lb9Gz2s6fKUBYbz++I6bejHQ6I83VzT0DDKnbiQRXLh4/Q== gals@gals
+ user: ${linux:system:user:sgalkin}
\ No newline at end of file
diff --git a/openssh/server/team/qa_scale.yml b/openssh/server/team/qa_scale.yml
index a3f4a91..98c5540 100644
--- a/openssh/server/team/qa_scale.yml
+++ b/openssh/server/team/qa_scale.yml
@@ -1,25 +1,8 @@
+classes:
+- system.openssh.server.team.members.listomin
+- system.openssh.server.team.members.sgalkin
+- system.openssh.server.team.members.obasov
+
parameters:
_param:
linux_system_user_sudo: true
- linux:
- system:
- user:
- dburnazyan:
- enabled: true
- name: dburnazyan
- sudo: true
- full_name: David Burnazyan
- home: /home/dburnazyan
- email: dburnazyan@mirantis.com
- openssh:
- server:
- enabled: true
- user:
- dburnazyan:
- enabled: true
- public_keys:
- - ${public_keys:dburnazyan}
- user: ${linux:system:user:dburnazyan}
- public_keys:
- dburnazyan:
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC4xJvnHle7Omjhnv8AsqfXlp1Sg4Ixq/p0Dpcj5SlGN5YTnIs+eRXwy7WHICCgWC1OA+o4omzWQI486u0C4qMkdv+nvuAsvJQVRGNiGVp4gi48x3KqMxlEzeCScMH5oj+W5LJLcb2czHulBPXRluKlITOlF4i5+z3GbFwb8Dg5hBnnbxhhRyh6XyUOh8WQvBqXAk2EqY8vqYAZxV9DXI8OSIYsvpM9jQo/26YrSoTWZ4caCNmL6zVVH7eXaqEzVwDHxpXHLvzSP4bIl85dKygJI1DyN9mZ1B77z1lNZnk7Fu8yQP05Guln5Hzg+VqycAZxOk6ysjRXiYNu56DVZuc3 dburnazyan@dburnazyan-pc.msk.mirantis.net
diff --git a/openssh/server/team/support.yml b/openssh/server/team/support.yml
index f78ceac..1b09ef0 100644
--- a/openssh/server/team/support.yml
+++ b/openssh/server/team/support.yml
@@ -86,8 +86,6 @@
- ${linux:system:user:nkabanova:name}
- ${linux:system:user:rsoto:name}
- ${linux:system:user:rsafonov:name}
- - ${linux:system:user:smachtmes:name}
- - ${linux:system:user:zkhurasani:name}
# L2OPS
- ${linux:system:user:aepifanov:name}
- ${linux:system:user:apetrenko:name}
@@ -104,12 +102,9 @@
- ${linux:system:user:oliemieshko:name}
- ${linux:system:user:sovsianikov:name}
- ${linux:system:user:pmichalec:name}
- - ${linux:system:user:pmathews:name}
- ${linux:system:user:pcizinsky:name}
- ${linux:system:user:osmola:name}
- - ${linux:system:user:cade:name}
- ${linux:system:user:jmosher:name}
- - ${linux:system:user:ecantwell:name}
- ${linux:system:user:lmercl:name}
sudo:
enabled: true
diff --git a/salt/control/cluster/stacklight_log_cluster.yml b/salt/control/cluster/stacklight_log_cluster.yml
index 330e301..e4c08b6 100644
--- a/salt/control/cluster/stacklight_log_cluster.yml
+++ b/salt/control/cluster/stacklight_log_cluster.yml
@@ -5,7 +5,7 @@
stacklight.log:
cpu: 32
ram: 65536
- disk_profile: small
+ disk_profile: xxxxlarge
net_profile: default
cluster:
internal:
diff --git a/salt/control/cluster/stacklight_server_cluster.yml b/salt/control/cluster/stacklight_server_cluster.yml
index 0055d20..6e7da61 100644
--- a/salt/control/cluster/stacklight_server_cluster.yml
+++ b/salt/control/cluster/stacklight_server_cluster.yml
@@ -5,7 +5,7 @@
stacklight.server:
cpu: 32
ram: 65536
- disk_profile: small
+ disk_profile: xxlarge
net_profile: default
cluster:
internal:
diff --git a/salt/control/cluster/stacklight_telemetry_cluster.yml b/salt/control/cluster/stacklight_telemetry_cluster.yml
index bfd14b0..1b39b61 100644
--- a/salt/control/cluster/stacklight_telemetry_cluster.yml
+++ b/salt/control/cluster/stacklight_telemetry_cluster.yml
@@ -5,7 +5,7 @@
stacklight.telemetry:
cpu: 32
ram: 65536
- disk_profile: small
+ disk_profile: xxxlarge
net_profile: default
cluster:
internal:
diff --git a/salt/master/pkg.yml b/salt/master/pkg.yml
index dba30d0..ac839f8 100644
--- a/salt/master/pkg.yml
+++ b/salt/master/pkg.yml
@@ -9,5 +9,4 @@
- system.salt.master.formula.pkg.stacklight
- system.salt.master.formula.pkg.monitoring
- system.salt.master.formula.pkg.helm
-- system.salt.master.formula.pkg.ceph
-- system.linux.system.repo.mcp.salt
+- system.salt.master.formula.pkg.ceph
\ No newline at end of file
diff --git a/salt/minion/cert/mysql/init.yml b/salt/minion/cert/mysql/init.yml
new file mode 100644
index 0000000..a1c480f
--- /dev/null
+++ b/salt/minion/cert/mysql/init.yml
@@ -0,0 +1,13 @@
+parameters:
+ _param:
+ salt_minion_ca_host: cfg01.${_param:cluster_domain}
+ salt_minion_ca_authority: salt_master_ca
+ salt:
+ minion:
+ cert:
+ mysql_server:
+ host: ${_param:salt_minion_ca_host}
+ signing_policy: cert_server
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: mysql_server
+ signing_policy: cert_open
diff --git a/salt/minion/cert/mysql/pki.yml b/salt/minion/cert/mysql/pki.yml
new file mode 100644
index 0000000..b19ef5e
--- /dev/null
+++ b/salt/minion/cert/mysql/pki.yml
@@ -0,0 +1,8 @@
+parameters:
+ salt:
+ minion:
+ cert:
+ mysql_server:
+ key_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:mysql_server:common_name}.key
+ cert_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:mysql_server:common_name}.crt
+ all_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:mysql_server:common_name}-chain-with-key.pem
diff --git a/salt/minion/cert/mysql/server.yml b/salt/minion/cert/mysql/server.yml
new file mode 100644
index 0000000..8ff7519
--- /dev/null
+++ b/salt/minion/cert/mysql/server.yml
@@ -0,0 +1,27 @@
+classes:
+- system.salt.minion.cert.mysql
+
+parameters:
+ _param:
+ mysql_ssl_key_file: /etc/mysql/ssl/key.pem
+ mysql_ssl_cert_file: /etc/mysql/ssl/cert.pem
+ mysql_ssl_ca_file: /etc/mysql/ssl/ca.pem
+ salt:
+ minion:
+ cert:
+ mysql_server:
+ # IP are used as DNS due to cert verificaiton issue of python2:
+ # https://bugs.python.org/issue12000
+ alternative_names: >
+ IP:${_param:cluster_local_address},
+ IP:${_param:cluster_vip_address},
+ DNS:${_param:cluster_local_address},
+ DNS:${_param:cluster_vip_address},
+ DNS:${linux:system:name},
+ DNS:${linux:network:fqdn}
+ key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+ key_file: ${_param:mysql_ssl_key_file}
+ cert_file: ${_param:mysql_ssl_cert_file}
+ ca_file: ${_param:mysql_ssl_ca_file}
+ user: mysql
+ group: mysql