Merge "Adding tls support ceilometer agent for libvirt"
diff --git a/jenkins/client/job/deploy/update/reclass_update_check.yml b/jenkins/client/job/deploy/update/reclass_update_check.yml
new file mode 100644
index 0000000..cec8d79
--- /dev/null
+++ b/jenkins/client/job/deploy/update/reclass_update_check.yml
@@ -0,0 +1,51 @@
+#
+# Jobs to to check new Reclass package version compatibility with model
+#
+parameters:
+ _param:
+ jenkins_salt_api_url: "http://${_param:salt_master_host}:6969"
+ jenkins:
+ client:
+ job:
+ check-reclass-version:
+ type: workflow-scm
+ concurrent: true
+ discard:
+ build:
+ keep_num: 10
+ artifact:
+ keep_num: 10
+ display_name: "Upgrade - check new Reclass package"
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+ branch: "${_param:jenkins_pipelines_branch}"
+ credentials: "gerrit"
+ script: test-reclass-package.groovy
+ param:
+ SALT_MASTER_URL:
+ type: string
+ default: "${_param:jenkins_salt_api_url}"
+ SALT_MASTER_CREDENTIALS:
+ type: string
+ default: "salt"
+ DISTRIB_REVISION:
+ type: string
+ default: 'proposed'
+ description: "Mirror version to use"
+ EXTRA_REPO_PREDEFINED:
+ type: boolean
+ default: false
+ description: "Use mcp extra repo defined on host"
+ EXTRA_REPO:
+ type: string
+ default: ''
+ description: "Extra repo to use in format (for example, deb [arch=amd64] http://apt.mirantis.com/xenial/ nightly extra)"
+ EXTRA_REPO_GPG_KEY_URL:
+ type: string
+ default: ''
+ description: "GPG key URL for extra repo"
+ TARGET_NODES:
+ type: string
+ default: '*'
+ description: "Target specification, e.g. 'I@openssh:server'"
diff --git a/linux/system/repo/keystorage/mirantis_com/extra.yml b/linux/system/repo/keystorage/mirantis_com/extra.yml
new file mode 100644
index 0000000..88e7a27
--- /dev/null
+++ b/linux/system/repo/keystorage/mirantis_com/extra.yml
@@ -0,0 +1,26 @@
+parameters:
+ linux:
+ system:
+ repo:
+ mcp_extra:
+ # pub 2048R/4C5289EF 2018-07-25
+ key: |
+ -----BEGIN PGP PUBLIC KEY BLOCK-----
+ Version: GnuPG v1
+
+ mQENBFtYVY8BCAC3oli93husG0ZVtv/L8I4/bcW60LFCyB0DuwEznGlSaj1fjOQu
+ C7QX9wvGRq8mRZ8mfZ6sbxGmgs0LnV5QIBle1l5I3B+AMGksf6UGEWgoN/vq86g+
+ 0Jg6kJP/D0sjGXvdlfy+bgAqjsx2bWOLjQGtHSIxhe4cE9HPBfMiYsFwGQua3XN3
+ tiGKcifszvDA6uqdjS6DuTEPCzyKiSyUevnWtBh0oUtUt//X4lG2Mx0lU91uUQGj
+ KeZ+fYXOLqgZm/FxLVT5w3g/UGK9Cbz5h4kGCJOfk0EwIZp0IRRs1phOC6gVMwoV
+ yWKCtdHmg7Ob8I4AZ8OW5HJn1UPHTprxcHBnABEBAAG0LEF1dG9idWlsZGVyIDxp
+ bmZyYSthdXRpYnVpbGRlckBtaXJhbnRpcy5jb20+iQE4BBMBAgAiBQJbWFWPAhsD
+ BgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCRZVp5TFKJ70cJB/9ArWrSFyEx
+ qs7Tyo9M5WCPjqw7y2F7jd4Et3hqwc5jx6KlxGpg17SHt4oWcmtML3VBx+ziBAi0
+ 5Ry4Z4w0QqFW6gAqQepeW76Yq/OP5SoqEI9sUwzLfUY7raK/P1buvXB1eZh4mMw4
+ TFf4Hgo8yUQ3geYNnUBBfaSfkmiyBJGsMXBfW2zhlpVIyB6Cye5R823FxGNJe+li
+ hggNCQnKYqrGtr55RO6xYI1v89cgGrO2EVwPkFLA/MUnQEb433Ck+sjp1NZDUfuJ
+ U3gg8S0hT+Cf5XiknT/xqIhhTY/KzlNmynZt/51DzZzsbM+RO6JZFYJL2LuC69gB
+ +R5jrmaGu9fG
+ =sqIn
+ -----END PGP PUBLIC KEY BLOCK-----
diff --git a/linux/system/repo/keystorage/mirantis_com/init.yml b/linux/system/repo/keystorage/mirantis_com/init.yml
index b6c9a86..8a3c1de 100644
--- a/linux/system/repo/keystorage/mirantis_com/init.yml
+++ b/linux/system/repo/keystorage/mirantis_com/init.yml
@@ -1,2 +1,3 @@
classes:
- system.linux.system.repo.keystorage.mirantis_com.openstack
+- system.linux.system.repo.keystorage.mirantis_com.extra
diff --git a/linux/system/repo/mcp/apt_mirantis/extra.yml b/linux/system/repo/mcp/apt_mirantis/extra.yml
new file mode 100644
index 0000000..12e8adc
--- /dev/null
+++ b/linux/system/repo/mcp/apt_mirantis/extra.yml
@@ -0,0 +1,18 @@
+classes:
+- system.linux.system.repo.keystorage.mirantis_com
+parameters:
+ _param:
+ linux_system_architecture: 'amd64'
+ linux_system_repo_url: http://mirror.mirantis.com/${_param:apt_mk_version}/
+ linux_system_repo_mcp_extra_url: ${_param:linux_system_repo_url}/extra/
+ linux:
+ system:
+ repo:
+ mcp_extra:
+ source: "deb ${_param:linux_system_repo_mcp_extra_url}/${_param:linux_system_codename} ${_param:linux_system_codename} main"
+ architectures: ${_param:linux_system_architecture}
+ clean_file: true
+ pin:
+ - pin: 'release o=Mirantis'
+ priority: 1100
+ package: '*'
diff --git a/nova/compute/libvirt/ssl/init.yml b/nova/compute/libvirt/ssl/init.yml
index 87742e0..d9be1a5 100644
--- a/nova/compute/libvirt/ssl/init.yml
+++ b/nova/compute/libvirt/ssl/init.yml
@@ -1,6 +1,11 @@
classes:
- system.salt.minion.cert.libvirtd
parameters:
+ _param:
+ nova_compute_libvirt_allowed_dn_list:
+ all:
+ enabled: true
+ value: '*CN=cmp*.${_param:cluster_domain}*'
nova:
compute:
libvirt:
@@ -10,6 +15,7 @@
key_file: ${_param:libvirtd_server_ssl_key_file}
cert_file: ${_param:libvirtd_server_ssl_cert_file}
ca_file: ${_param:libvirtd_ssl_ca_file}
+ allowed_dn_list: ${_param:nova_compute_libvirt_allowed_dn_list}
client:
key_file: ${_param:libvirtd_client_ssl_key_file}
cert_file: ${_param:libvirtd_client_ssl_cert_file}
diff --git a/salt/minion/cert/libvirtd/vnc_server.yml b/salt/minion/cert/libvirtd/vnc_server.yml
index c49852e..cf60c12 100644
--- a/salt/minion/cert/libvirtd/vnc_server.yml
+++ b/salt/minion/cert/libvirtd/vnc_server.yml
@@ -22,6 +22,6 @@
key_file: ${_param:qemu_vnc_server_ssl_key_file}
cert_file: ${_param:qemu_vnc_server_ssl_cert_file}
ca_file: ${_param:qemu_vnc_ssl_ca_file}
- user: libvirt-qemu
- group: libvirt-qemu
+ user: root
+ group: nova
mode: 640
diff --git a/salt/minion/cert/mysql/clients/openstack/nova.yml b/salt/minion/cert/mysql/clients/openstack/nova.yml
index 955d6eb..4f03628 100644
--- a/salt/minion/cert/mysql/clients/openstack/nova.yml
+++ b/salt/minion/cert/mysql/clients/openstack/nova.yml
@@ -22,6 +22,6 @@
key_file: ${_param:mysql_nova_client_ssl_key_file}
cert_file: ${_param:mysql_nova_client_ssl_cert_file}
ca_file: ${_param:mysql_nova_ssl_ca_file}
- user: nova
+ user: root
group: nova
mode: 640
diff --git a/salt/minion/cert/rabbitmq/clients/openstack/nova.yml b/salt/minion/cert/rabbitmq/clients/openstack/nova.yml
index 04a6078..160acd9 100644
--- a/salt/minion/cert/rabbitmq/clients/openstack/nova.yml
+++ b/salt/minion/cert/rabbitmq/clients/openstack/nova.yml
@@ -22,6 +22,6 @@
key_file: ${_param:rabbitmq_nova_client_ssl_key_file}
cert_file: ${_param:rabbitmq_nova_client_ssl_cert_file}
ca_file: ${_param:rabbitmq_nova_ssl_ca_file}
- user: nova
+ user: root
group: nova
mode: 640
diff --git a/salt/minion/cert/vnc/novncproxy_client.yml b/salt/minion/cert/vnc/novncproxy_client.yml
index 9641611..0193455 100644
--- a/salt/minion/cert/vnc/novncproxy_client.yml
+++ b/salt/minion/cert/vnc/novncproxy_client.yml
@@ -22,6 +22,6 @@
key_file: ${_param:novncproxy_client_ssl_key_file}
cert_file: ${_param:novncproxy_client_ssl_cert_file}
ca_file: ${_param:novncproxy_ssl_ca_file}
- user: nova
+ user: root
group: nova
mode: 640
diff --git a/salt/minion/cert/vnc/novncproxy_server.yml b/salt/minion/cert/vnc/novncproxy_server.yml
index 20c24e2..9c3dd96 100644
--- a/salt/minion/cert/vnc/novncproxy_server.yml
+++ b/salt/minion/cert/vnc/novncproxy_server.yml
@@ -24,6 +24,6 @@
key_file: ${_param:novncproxy_server_ssl_key_file}
cert_file: ${_param:novncproxy_server_ssl_cert_file}
ca_file: ${_param:novncproxy_ssl_ca_file}
- user: nova
+ user: root
group: nova
mode: 640