Merge "Add BACKUP_DIR param to ceph-upgrade job" into release/proposed/2019.2.0
diff --git a/defaults/docker_images.yml b/defaults/docker_images.yml
index 25f61c1..6f51d1f 100644
--- a/defaults/docker_images.yml
+++ b/defaults/docker_images.yml
@@ -31,7 +31,7 @@
docker_image_grafana: "${_param:mcp_docker_registry}/openstack-docker/grafana:${_param:mcp_version}"
docker_image_prometheus_es_exporter: "${_param:mcp_docker_registry}/openstack-docker/prometheus-es-exporter:0.5.1-mcp0"
docker_image_prometheus: "${_param:mcp_docker_registry}/openstack-docker/prometheus:${_param:mcp_version}"
- docker_image_prometheus_gainsight: "${_param:mcp_docker_registry}/openstack-docker/gainsight:2019.2.3"
+ docker_image_prometheus_gainsight: "${_param:mcp_docker_registry}/openstack-docker/gainsight:2019.2.4"
docker_image_prometheus_gainsight_elasticsearch: "${_param:mcp_docker_registry}/openstack-docker/gainsight_elasticsearch:${_param:mcp_version}"
docker_image_prometheus_relay: "${_param:mcp_docker_registry}/openstack-docker/prometheus_relay:${_param:mcp_version}"
docker_image_pushgateway: "${_param:mcp_docker_registry}/openstack-docker/pushgateway:${_param:mcp_version}"
diff --git a/defaults/stacklight.yml b/defaults/stacklight.yml
index e969319..625d20c 100644
--- a/defaults/stacklight.yml
+++ b/defaults/stacklight.yml
@@ -1,9 +1,10 @@
parameters:
_param:
# ELK settings
- stacklight_elasticsearch_port: 9200
stacklight_notification_topic: stacklight_notifications
-
+ fluentd_elasticsearch_host: 127.0.0.1
+ fluentd_elasticsearch_port: 9200
+ fluentd_elasticsearch_scheme: http
# ELK stack versions
elasticsearch_version: 5
kibana_version: 5
diff --git a/docker/swarm/stack/jenkins/master.yml b/docker/swarm/stack/jenkins/master.yml
index 4647521..ea4dfe5 100644
--- a/docker/swarm/stack/jenkins/master.yml
+++ b/docker/swarm/stack/jenkins/master.yml
@@ -31,3 +31,8 @@
volumes:
- /srv/volumes/jenkins:/var/jenkins_home
- /etc/ssl/certs/java/cacerts:/etc/ssl/certs/java/cacerts:ro
+ # This is required only for deployments in swarm
+ jenkins:
+ client:
+ location:
+ url: http://jenkins_master:8080
diff --git a/docker/swarm/stack/jenkins/slave01.yml b/docker/swarm/stack/jenkins/slave01.yml
index bfe6116..4791fe3 100644
--- a/docker/swarm/stack/jenkins/slave01.yml
+++ b/docker/swarm/stack/jenkins/slave01.yml
@@ -1,5 +1,4 @@
classes:
-- system.docker
- system.docker.swarm.stack.jenkins.slave_base
parameters:
_param:
@@ -14,12 +13,12 @@
JENKINS_URL: ${_param:jenkins_master_url}
JENKINS_AGENT_NAME: slave01
JENKINS_UPDATE_SLAVE: 'true'
- JENKINS_LOGIN: ${_param:jenkins_slave_user}
- JENKINS_PASSWORD: ${_param:jenkins_slave_password}
- JAVA_OPTS: ${_param:jenkins_slave_extra_opts}
+ JENKINS_LOGIN: ${_param:jenkins_client_user}
+ JENKINS_PASSWORD: ${_param:jenkins_client_password}
+ JAVA_OPTS: "-Dhttp.proxyHost=${_param:docker_http_proxy} -Dhttp.nonProxyHosts=|jenkins_master ${_param:jenkins_slave_extra_opts}"
https_proxy: ${_param:docker_https_proxy}
http_proxy: ${_param:docker_http_proxy}
- no_proxy: ${_param:docker_no_proxy}
+ no_proxy: "jenkins_master,${_param:docker_no_proxy}"
deploy:
restart_policy:
condition: any
diff --git a/docker/swarm/stack/jenkins/slave02.yml b/docker/swarm/stack/jenkins/slave02.yml
index 55505f6..58b5a23 100644
--- a/docker/swarm/stack/jenkins/slave02.yml
+++ b/docker/swarm/stack/jenkins/slave02.yml
@@ -1,5 +1,4 @@
classes:
-- system.docker
- system.docker.swarm.stack.jenkins.slave_base
parameters:
_param:
@@ -14,12 +13,12 @@
JENKINS_URL: ${_param:jenkins_master_url}
JENKINS_AGENT_NAME: slave02
JENKINS_UPDATE_SLAVE: 'true'
- JENKINS_LOGIN: ${_param:jenkins_slave_user}
- JENKINS_PASSWORD: ${_param:jenkins_slave_password}
- JAVA_OPTS: ${_param:jenkins_slave_extra_opts}
+ JENKINS_LOGIN: ${_param:jenkins_client_user}
+ JENKINS_PASSWORD: ${_param:jenkins_client_password}
+ JAVA_OPTS: "-Dhttp.proxyHost=${_param:docker_http_proxy} -Dhttp.nonProxyHosts=|jenkins_master ${_param:jenkins_slave_extra_opts}"
https_proxy: ${_param:docker_https_proxy}
http_proxy: ${_param:docker_http_proxy}
- no_proxy: ${_param:docker_no_proxy}
+ no_proxy: "jenkins_master,${_param:docker_no_proxy}"
deploy:
restart_policy:
condition: any
diff --git a/docker/swarm/stack/jenkins/slave03.yml b/docker/swarm/stack/jenkins/slave03.yml
index f03ed24..cc2acbd 100644
--- a/docker/swarm/stack/jenkins/slave03.yml
+++ b/docker/swarm/stack/jenkins/slave03.yml
@@ -1,5 +1,4 @@
classes:
-- system.docker
- system.docker.swarm.stack.jenkins.slave_base
parameters:
_param:
@@ -14,12 +13,12 @@
JENKINS_URL: ${_param:jenkins_master_url}
JENKINS_AGENT_NAME: slave03
JENKINS_UPDATE_SLAVE: 'true'
- JENKINS_LOGIN: ${_param:jenkins_slave_user}
- JENKINS_PASSWORD: ${_param:jenkins_slave_password}
- JAVA_OPTS: ${_param:jenkins_slave_extra_opts}
+ JENKINS_LOGIN: ${_param:jenkins_client_user}
+ JENKINS_PASSWORD: ${_param:jenkins_client_password}
+ JAVA_OPTS: "-Dhttp.proxyHost=${_param:docker_http_proxy} -Dhttp.nonProxyHosts=|jenkins_master ${_param:jenkins_slave_extra_opts}"
https_proxy: ${_param:docker_https_proxy}
http_proxy: ${_param:docker_http_proxy}
- no_proxy: ${_param:docker_no_proxy}
+ no_proxy: "jenkins_master,${_param:docker_no_proxy}"
deploy:
restart_policy:
condition: any
diff --git a/docker/swarm/stack/jenkins/slave_base.yml b/docker/swarm/stack/jenkins/slave_base.yml
index 91601ab..3de4765 100644
--- a/docker/swarm/stack/jenkins/slave_base.yml
+++ b/docker/swarm/stack/jenkins/slave_base.yml
@@ -1,9 +1,7 @@
classes:
+- system.docker
- system.docker.client.images.jenkins_slave
parameters:
_param:
- jenkins_master_host: ${_param:control_vip_address}
- jenkins_master_url: http://${_param:jenkins_master_host}:${_param:jenkins_master_port}
- jenkins_slave_user: ${_param:jenkins_client_user}
- jenkins_slave_password: ${_param:jenkins_client_password}
+ jenkins_master_url: http://jenkins_master:8080
jenkins_slave_extra_opts: ""
diff --git a/fluentd/label/default_output/elasticsearch.yml b/fluentd/label/default_output/elasticsearch.yml
index 398ea8c..daf95dd 100644
--- a/fluentd/label/default_output/elasticsearch.yml
+++ b/fluentd/label/default_output/elasticsearch.yml
@@ -2,9 +2,6 @@
- service.fluentd.agent.output.elasticsearch
- system.fluentd.label.default_output.filter.common
parameters:
- _param:
- fluentd_elasticsearch_host: 127.0.0.1
- elasticsearch_port: 9200
fluentd:
agent:
config:
@@ -13,4 +10,5 @@
match:
elasticsearch_output:
host: ${_param:fluentd_elasticsearch_host}
- port: ${_param:elasticsearch_port}
+ port: ${_param:fluentd_elasticsearch_port}
+ scheme: ${_param:fluentd_elasticsearch_scheme}
diff --git a/fluentd/label/default_output/elasticsearch_ssl.yml b/fluentd/label/default_output/elasticsearch_ssl.yml
deleted file mode 100644
index da3a5a7..0000000
--- a/fluentd/label/default_output/elasticsearch_ssl.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-parameters:
- fluentd:
- agent:
- config:
- label:
- default_output:
- match:
- elasticsearch_output:
- scheme: https
diff --git a/fluentd/label/notifications/audit.yml b/fluentd/label/notifications/audit.yml
index 49ea953..f0cabaa 100644
--- a/fluentd/label/notifications/audit.yml
+++ b/fluentd/label/notifications/audit.yml
@@ -43,7 +43,8 @@
audit_output:
tag: audit
type: elasticsearch
- host: ${_param:stacklight_log_address}
- port: ${_param:stacklight_elasticsearch_port}
+ host: ${_param:fluentd_elasticsearch_host}
+ port: ${_param:fluentd_elasticsearch_port}
+ scheme: ${_param:fluentd_elasticsearch_scheme}
es_index_name: audit
tag_key: Type
diff --git a/fluentd/label/notifications/notifications.yml b/fluentd/label/notifications/notifications.yml
index 22be3c6..7d1e5c6 100644
--- a/fluentd/label/notifications/notifications.yml
+++ b/fluentd/label/notifications/notifications.yml
@@ -116,7 +116,8 @@
notifications_output:
tag: notification
type: elasticsearch
- host: ${_param:stacklight_log_address}
- port: ${_param:stacklight_elasticsearch_port}
+ host: ${_param:fluentd_elasticsearch_host}
+ port: ${_param:fluentd_elasticsearch_port}
+ scheme: ${_param:fluentd_elasticsearch_scheme}
es_index_name: notification
tag_key: Type
diff --git a/jenkins/slave/init.yml b/jenkins/slave/init.yml
index 20dc641..693464e 100644
--- a/jenkins/slave/init.yml
+++ b/jenkins/slave/init.yml
@@ -6,8 +6,6 @@
_param:
java_environment_version: "8"
java_environment_platform: openjdk
- jenkins_slave_user: none
- jenkins_slave_password: none
jenkins_master_host: ${_param:control_vip_address}
java:
environment:
@@ -23,8 +21,8 @@
port: ${_param:jenkins_master_port}
protocol: ${_param:jenkins_master_protocol}
user:
- name: ${_param:jenkins_slave_user}
- password: ${_param:jenkins_slave_password}
+ name: ${_param:jenkins_client_user}
+ password: ${_param:jenkins_client_password}
linux:
system:
user:
diff --git a/nginx/server/proxy/ssl.yml b/nginx/server/proxy/ssl.yml
index 66a1938..dd4f2cd 100644
--- a/nginx/server/proxy/ssl.yml
+++ b/nginx/server/proxy/ssl.yml
@@ -16,10 +16,10 @@
protocols:
TLSv1:
name: 'TLSv1'
- enabled: True
+ enabled: False
TLSv1.1:
name: 'TLSv1.1'
- enabled: True
+ enabled: False
TLSv1.2:
name: 'TLSv1.2'
enabled: True
@@ -28,16 +28,16 @@
ciphers:
ECDHE-ECDSA-CHACHA20-POLY1305:
name: 'ECDHE-ECDSA-CHACHA20-POLY1305'
- enabled: True
+ enabled: False
ECDHE-RSA-CHACHA20-POLY1305:
name: 'ECDHE-RSA-CHACHA20-POLY1305'
- enabled: True
+ enabled: False
ECDHE-ECDSA-AES128-GCM-SHA256:
name: 'ECDHE-ECDSA-AES128-GCM-SHA256'
- enabled: True
+ enabled: False
ECDHE-RSA-AES128-GCM-SHA256:
name: 'ECDHE-RSA-AES128-GCM-SHA256'
- enabled: True
+ enabled: False
ECDHE-ECDSA-AES256-GCM-SHA384:
name: 'ECDHE-ECDSA-AES256-GCM-SHA384'
enabled: True
@@ -46,76 +46,76 @@
enabled: True
DHE-RSA-AES128-GCM-SHA256:
name: 'DHE-RSA-AES128-GCM-SHA256'
- enabled: True
+ enabled: False
DHE-RSA-AES256-GCM-SHA384:
name: 'DHE-RSA-AES256-GCM-SHA384'
- enabled: True
+ enabled: False
ECDHE-ECDSA-AES128-SHA256:
name: 'ECDHE-ECDSA-AES128-SHA256'
- enabled: True
+ enabled: False
ECDHE-RSA-AES128-SHA256:
name: 'ECDHE-RSA-AES128-SHA256'
- enabled: True
+ enabled: False
ECDHE-ECDSA-AES128-SHA:
name: 'ECDHE-ECDSA-AES128-SHA'
- enabled: True
+ enabled: False
ECDHE-RSA-AES256-SHA384:
name: 'ECDHE-RSA-AES256-SHA384'
enabled: True
ECDHE-RSA-AES128-SHA:
name: 'ECDHE-RSA-AES128-SHA'
- enabled: True
+ enabled: False
ECDHE-ECDSA-AES256-SHA384:
name: 'ECDHE-ECDSA-AES256-SHA384'
enabled: True
ECDHE-ECDSA-AES256-SHA:
name: 'ECDHE-ECDSA-AES256-SHA'
- enabled: True
+ enabled: False
ECDHE-RSA-AES256-SHA:
name: 'ECDHE-RSA-AES256-SHA'
- enabled: True
+ enabled: False
DHE-RSA-AES128-SHA256:
name: 'DHE-RSA-AES128-SHA256'
- enabled: True
+ enabled: False
DHE-RSA-AES128-SHA:
name: 'DHE-RSA-AES128-SHA'
- enabled: True
+ enabled: False
DHE-RSA-AES256-SHA256:
name: 'DHE-RSA-AES256-SHA256'
- enabled: True
+ enabled: False
DHE-RSA-AES256-SHA:
name: 'DHE-RSA-AES256-SHA'
- enabled: True
+ enabled: False
ECDHE-ECDSA-DES-CBC3-SHA:
name: 'ECDHE-ECDSA-DES-CBC3-SHA'
- enabled: True
+ enabled: False
ECDHE-RSA-DES-CBC3-SHA:
name: 'ECDHE-RSA-DES-CBC3-SHA'
- enabled: True
+ enabled: False
EDH-RSA-DES-CBC3-SHA:
name: 'EDH-RSA-DES-CBC3-SHA'
- enabled: True
+ enabled: False
AES128-GCM-SHA256:
name: 'AES128-GCM-SHA256'
- enabled: True
+ enabled: False
AES256-GCM-SHA384:
name: 'AES256-GCM-SHA384'
- enabled: True
+ enabled: False
AES128-SHA256:
name: 'AES128-SHA256'
- enabled: True
+ enabled: False
AES256-SHA256:
name: 'AES256-SHA256'
- enabled: True
+ enabled: False
AES256-SHA:
name: 'AES256-SHA'
- enabled: True
+ enabled: False
AES128-SHA:
name: 'AES128-SHA'
- enabled: True
+ enabled: False
DES-CBC3-SHA:
name: 'DES-CBC3-SHA'
- enabled: True
+ enabled: False
removeDSS:
name: '!DSS'
- enabled: True
\ No newline at end of file
+ enabled: True
diff --git a/salt/control/placement/openstack/golden.yml b/salt/control/placement/openstack/golden.yml
index 03abda5..1212a42 100644
--- a/salt/control/placement/openstack/golden.yml
+++ b/salt/control/placement/openstack/golden.yml
@@ -31,7 +31,7 @@
openstack_proxy_backend_image: ${_param:salt_control_xenial_image_backend}
openstack_barbican_backend_image: ${_param:salt_control_xenial_image_backend}
openstack_dns_backend_image: ${_param:salt_control_xenial_image_backend}
- openstack_telemetry_backend_image: ${_param:salt_control_trusty_image_backend}
+ openstack_telemetry_backend_image: ${_param:salt_control_xenial_image_backend}
salt_control_cluster_node_cloud_init_openstack_control:
user_data:
write_files:
@@ -74,6 +74,13 @@
${salt:control:size:openstack.dns:image_layout}
owner: root:root
path: /usr/share/growlvm/image-layout.yml
+ salt_control_cluster_node_cloud_init_openstack_telemetry:
+ user_data:
+ write_files:
+ - content: |
+ ${salt:control:size:openstack.telemetry:image_layout}
+ owner: root:root
+ path: /usr/share/growlvm/image-layout.yml
salt:
control:
cluster:
@@ -194,21 +201,21 @@
mdb01:
name: ${_param:openstack_telemetry_node01_hostname}
provider: ${_param:infra_kvm_node04_hostname}.${_param:cluster_domain}
- image: ${_param:salt_control_trusty_image}
+ image: ${_param:salt_control_xenial_image}
backend: ${_param:openstack_telemetry_backend_image}
size: openstack.telemetry
cloud_init: ${_param:salt_control_cluster_node_cloud_init_openstack_telemetry}
mdb02:
name: ${_param:openstack_telemetry_node02_hostname}
provider: ${_param:infra_kvm_node05_hostname}.${_param:cluster_domain}
- image: ${_param:salt_control_trusty_image}
+ image: ${_param:salt_control_xenial_image}
backend: ${_param:openstack_telemetry_backend_image}
size: openstack.telemetry
cloud_init: ${_param:salt_control_cluster_node_cloud_init_openstack_telemetry}
mdb03:
name: ${_param:openstack_telemetry_node03_hostname}
provider: ${_param:infra_kvm_node06_hostname}.${_param:cluster_domain}
- image: ${_param:salt_control_trusty_image}
+ image: ${_param:salt_control_xenial_image}
backend: ${_param:openstack_telemetry_backend_image}
size: openstack.telemetry
cloud_init: ${_param:salt_control_cluster_node_cloud_init_openstack_telemetry}