Merge "Horizon iptables rules"
diff --git a/ceph/radosgw/single.yml b/ceph/radosgw/single.yml
index d6b9bf7..93db9bb 100644
--- a/ceph/radosgw/single.yml
+++ b/ceph/radosgw/single.yml
@@ -18,4 +18,5 @@
rgw_dns_name : ${_param:cluster_domain}
rgw_print_continue: True
rgw_content_length_compat: true
+ rgw_swift_enforce_content_length: true
user: www-data
diff --git a/cinder/control/cluster.yml b/cinder/control/cluster.yml
index 29a1228..8528bc6 100644
--- a/cinder/control/cluster.yml
+++ b/cinder/control/cluster.yml
@@ -55,6 +55,8 @@
host: ${_param:cluster_vip_address}
port: 9292
protocol: ${_param:cluster_internal_protocol}
+ barbican:
+ enabled: ${_param:barbican_integration_enabled}
message_queue:
port: ${_param:openstack_rabbitmq_port}
engine: rabbitmq
diff --git a/cinder/control/single.yml b/cinder/control/single.yml
index 6776835..890a5ea 100644
--- a/cinder/control/single.yml
+++ b/cinder/control/single.yml
@@ -30,6 +30,8 @@
identity:
protocol: ${_param:internal_protocol}
region: ${_param:openstack_region}
+ barbican:
+ enabled: ${_param:barbican_integration_enabled}
message_queue:
port: ${_param:openstack_rabbitmq_port}
x509:
diff --git a/cinder/volume/local.yml b/cinder/volume/local.yml
index 2e7f8de..a71c1df 100644
--- a/cinder/volume/local.yml
+++ b/cinder/volume/local.yml
@@ -17,6 +17,8 @@
enabled: ${_param:galera_ssl_enabled}
glance:
host: ${_param:single_address}
+ barbican:
+ enabled: ${_param:barbican_integration_enabled}
message_queue:
port: ${_param:openstack_rabbitmq_port}
host: ${_param:single_address}
diff --git a/cinder/volume/single.yml b/cinder/volume/single.yml
index 825a338..ea29a32 100644
--- a/cinder/volume/single.yml
+++ b/cinder/volume/single.yml
@@ -24,6 +24,8 @@
glance:
host: ${_param:openstack_control_address}
protocol: ${_param:cluster_internal_protocol}
+ barbican:
+ enabled: ${_param:barbican_integration_enabled}
message_queue:
port: ${_param:openstack_rabbitmq_port}
members:
diff --git a/defaults/openstack/init.yml b/defaults/openstack/init.yml
index 8029768..334fd43 100644
--- a/defaults/openstack/init.yml
+++ b/defaults/openstack/init.yml
@@ -1,8 +1,12 @@
parameters:
_param:
+ # Enable barbican integration in other services nova,glance,cinder
+ barbican_integration_enabled: False
# General
cluster_public_protocol: https
cluster_internal_protocol: http
+ openstack_service_hostname: os-ctl-vip
+ openstack_service_host: ${_param:openstack_service_hostname}.${linux:system:domain}
# SSL
ceilometer_agent_ssl_enabled: False
openstack_mysql_x509_enabled: False
diff --git a/glance/control/cluster.yml b/glance/control/cluster.yml
index 8b4f40c..d127aa3 100644
--- a/glance/control/cluster.yml
+++ b/glance/control/cluster.yml
@@ -54,6 +54,8 @@
region: ${_param:openstack_region}
tenant: service
protocol: ${_param:cluster_internal_protocol}
+ barbican:
+ enabled: ${_param:barbican_integration_enabled}
message_queue:
engine: rabbitmq
port: ${_param:openstack_rabbitmq_port}
diff --git a/glance/control/single.yml b/glance/control/single.yml
index c9b818d..a22da65 100644
--- a/glance/control/single.yml
+++ b/glance/control/single.yml
@@ -31,6 +31,8 @@
registry:
protocol: ${_param:internal_protocol}
show_multiple_locations: True
+ barbican:
+ enabled: ${_param:barbican_integration_enabled}
message_queue:
port: ${_param:openstack_rabbitmq_port}
x509:
diff --git a/linux/network/hosts.yml b/linux/network/hosts/init.yml
similarity index 100%
rename from linux/network/hosts.yml
rename to linux/network/hosts/init.yml
diff --git a/linux/network/hosts/openstack.yml b/linux/network/hosts/openstack.yml
new file mode 100644
index 0000000..1238d0a
--- /dev/null
+++ b/linux/network/hosts/openstack.yml
@@ -0,0 +1,9 @@
+parameters:
+ linux:
+ network:
+ host:
+ openstack_control_vip:
+ address: ${_param:openstack_control_address}
+ names:
+ - ${_param:openstack_service_hostname}
+ - ${_param:openstack_service_hos}
diff --git a/maas/region/single.yml b/maas/region/single.yml
index 74bcea1..eca0ecb 100644
--- a/maas/region/single.yml
+++ b/maas/region/single.yml
@@ -10,8 +10,12 @@
enabled: true
role: master
region:
- host: ${_param:single_address}
- port: 5242
+ host: ${_param:single_address}:5242
+ curtin_vars:
+ amd64:
+ xenial:
+ extra_pkgs: [ "linux-headers-virtual-hwe-16.04", "linux-image-extra-virtual-hwe-16.04" ]
+ kernel_package: 'linux-image-virtual-hwe-16.04'
region:
salt_master_ip: ${_param:infra_config_deploy_address}
theme: mirantis
diff --git a/nova/compute/cluster.yml b/nova/compute/cluster.yml
index 84e00fd..fdb8bcb 100644
--- a/nova/compute/cluster.yml
+++ b/nova/compute/cluster.yml
@@ -70,6 +70,8 @@
password: ${_param:keystone_nova_password}
tenant: service
protocol: ${_param:cluster_internal_protocol}
+ barbican:
+ enabled: ${_param:barbican_integration_enabled}
message_queue:
engine: rabbitmq
port: ${_param:openstack_rabbitmq_port}
diff --git a/nova/compute/single.yml b/nova/compute/single.yml
index a44fe23..f14192c 100644
--- a/nova/compute/single.yml
+++ b/nova/compute/single.yml
@@ -69,6 +69,8 @@
tenant: service
protocol: ${_param:cluster_internal_protocol}
region: ${_param:openstack_region}
+ barbican:
+ enabled: ${_param:barbican_integration_enabled}
message_queue:
engine: rabbitmq
host: ${_param:control_address}
diff --git a/nova/control/cluster.yml b/nova/control/cluster.yml
index 04ba5ee..08bbf07 100644
--- a/nova/control/cluster.yml
+++ b/nova/control/cluster.yml
@@ -61,6 +61,8 @@
password: ${_param:keystone_nova_password}
tenant: service
protocol: ${_param:cluster_internal_protocol}
+ barbican:
+ enabled: ${_param:barbican_integration_enabled}
message_queue:
engine: rabbitmq
port: ${_param:openstack_rabbitmq_port}
diff --git a/nova/control/single.yml b/nova/control/single.yml
index 4f56665..a97a033 100644
--- a/nova/control/single.yml
+++ b/nova/control/single.yml
@@ -29,6 +29,8 @@
region: ${_param:openstack_region}
glance:
protocol: ${_param:cluster_internal_protocol}
+ barbican:
+ enabled: ${_param:barbican_integration_enabled}
message_queue:
port: ${_param:openstack_rabbitmq_port}
x509:
diff --git a/openssh/server/team/members/prazumovsky.yml b/openssh/server/team/members/prazumovsky.yml
index 0f297f3..173649e 100644
--- a/openssh/server/team/members/prazumovsky.yml
+++ b/openssh/server/team/members/prazumovsky.yml
@@ -15,5 +15,5 @@
prazumovsky:
enabled: true
public_keys:
- - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDBySoU/ncTbwN25gxgaubgnB8+xF6mQpiz/tC+MDLitiEw/QHloz6ME5slTJseW2Uvk4jFZz5FNZ9k9/1j+pOtafV8GMHIUOhvX3RUZEiq7wXmcH1T1P4z74Y5anouc82crAWW3d0hQUEAEOx0G3ZGTDmkQTl16mgJvmejvXIN1ESTdEA9tctUogJoSdVu7OGcjGwkqWM9x4CTT7vvD51whHvFswaf6GIWZC3ia1xVTAMJ8W6Xppi5muTW+Uhr4wZm06zZCVHXN+5uYMxwufSoyXc5zwQ+DBPsGENdFvjdNQltlIf9fU3GHuH3d9wAhiPM5CetPcWcj6j2PwwMbx+R prazumovsky@Peters-MacBook-Pro.local
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9+aNOBVCv+g3wLijMgQPKQPAQaZ9UoHiR5WH7cdrC/WtbXMRemufx5TogwuNXJzsD6TG5Egq5gaWqiFHwGeLPwtM8Gce1ke6RxfVAby9H9JPB3QmIAtXw0B1grm8dxK98ST26M1pwrxmukf8Zik1jKLnef4LKG2Aj3RWzSPLz2FHqUKiAI0tx2o1hS46LPMbM81prnnzRvD+V85J0VW9YZ5kjGbQEdACWiyH2Jscp+b/86/CoQs9L81kHvJSONiV8K4EgNasKZiyfWbXD3Y/jmDtwvqBnXZb4Dk0tU6CnjoZZM5naqu4CrIRx+NocHEk1o/L6NC3qUUJngaYZVD53 prazumovsky@MacBook-Pro-prazumovsky.local
user: ${linux:system:user:prazumovsky}
diff --git a/salt/minion/cert/barbican.yml b/salt/minion/cert/barbican.yml
index b53d07d..eb38c44 100644
--- a/salt/minion/cert/barbican.yml
+++ b/salt/minion/cert/barbican.yml
@@ -2,7 +2,7 @@
_param:
salt_minion_ca_host: kmn01.${_param:cluster_domain}
salt_minion_ca_authority: salt_master_ca
- barbican_cert_alternative_names: IP:127.0.0.1,IP:${_param:cluster_local_address},IP:${_param:cluster_vip_address},DNS:${linux:system:name},DNS:${linux:network:fqdn},DNS:${_param:cluster_vip_address}
+ barbican_cert_alternative_names: IP:127.0.0.1,IP:${_param:cluster_local_address},IP:${_param:cluster_vip_address},DNS:${linux:system:name},DNS:${linux:network:fqdn},DNS:${_param:cluster_vip_address},DNS:${_param:openstack_service_host}
salt:
minion:
cert:
diff --git a/salt/minion/cert/openstack_api.yml b/salt/minion/cert/openstack_api.yml
index 03e8974..3f6af63 100644
--- a/salt/minion/cert/openstack_api.yml
+++ b/salt/minion/cert/openstack_api.yml
@@ -2,7 +2,7 @@
_param:
salt_minion_ca_host: ${linux:network:fqdn}
salt_minion_ca_authority: salt_master_ca
- openstack_api_cert_alternative_names: IP:127.0.0.1,IP:${_param:cluster_local_address},IP:${_param:cluster_vip_address},DNS:${linux:system:name},DNS:${linux:network:fqdn},DNS:${_param:cluster_vip_address}
+ openstack_api_cert_alternative_names: IP:127.0.0.1,IP:${_param:cluster_local_address},IP:${_param:cluster_vip_address},DNS:${linux:system:name},DNS:${linux:network:fqdn},DNS:${_param:cluster_vip_address},DNS:${_param:openstack_service_host}
openstack_api_cert_key_file: "/etc/ssl/private/openstack_api.key"
openstack_api_cert_cert_file: "/etc/ssl/certs/openstack_api.crt"
openstack_api_cert_all_file: "/etc/ssl/certs/openstack_api_with_chain.crt"
diff --git a/salt/minion/cert/vnc/novncproxy_server.yml b/salt/minion/cert/vnc/novncproxy_server.yml
index 9c3dd96..a9f0062 100644
--- a/salt/minion/cert/vnc/novncproxy_server.yml
+++ b/salt/minion/cert/vnc/novncproxy_server.yml
@@ -20,6 +20,7 @@
DNS:${linux:system:name},
DNS:${_param:cluster_vip_address},
DNS:${linux:network:fqdn}
+ DNS:${_param:openstack_service_host}
key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
key_file: ${_param:novncproxy_server_ssl_key_file}
cert_file: ${_param:novncproxy_server_ssl_cert_file}