Merge "Add default params for backup" into release/proposed/2019.2.0
diff --git a/backupninja/client/single.yml b/backupninja/client/single.yml
index 6eecc33..0ea839b 100644
--- a/backupninja/client/single.yml
+++ b/backupninja/client/single.yml
@@ -1,2 +1,8 @@
classes:
- service.backupninja.client.single
+parameters:
+ backupninja:
+ client:
+ scheduling:
+ when:
+ - manual
diff --git a/defaults/jenkins.yml b/defaults/jenkins.yml
index d01bf4e..68d843d 100644
--- a/defaults/jenkins.yml
+++ b/defaults/jenkins.yml
@@ -1,6 +1,6 @@
parameters:
_param:
jenkins_master_port: 8081
- jenkins_master_protocol: http
+ jenkins_master_protocol: https
jenkins_pipelines_branch: "master"
jenkins_salt_api_url: "https://${_param:salt_master_host}:${_param:nginx_proxy_salt_api_site_port}"
diff --git a/docker/swarm/stack/postgresql.yml b/docker/swarm/stack/postgresql.yml
index 619e0c2..12eb874 100644
--- a/docker/swarm/stack/postgresql.yml
+++ b/docker/swarm/stack/postgresql.yml
@@ -9,6 +9,8 @@
postgresql_admin_user: postgres
docker:
client:
+ images:
+ - ${_param:docker_image_postgresql}
stack:
postgresql:
environment:
diff --git a/gerrit/client/init.yml b/gerrit/client/init.yml
index 16e4231..4ed374e 100644
--- a/gerrit/client/init.yml
+++ b/gerrit/client/init.yml
@@ -19,7 +19,7 @@
auth_method: basic
http_port: 8080
ssh_port: 29418
- protocol: http
+ protocol: https
password: ${_param:gerrit_admin_password}
key: ${_param:gerrit_admin_private_key}
user:
diff --git a/haproxy/proxy/listen/cicd/gerrit.yml b/haproxy/proxy/listen/cicd/gerrit.yml
index f6ded20..9e11f03 100644
--- a/haproxy/proxy/listen/cicd/gerrit.yml
+++ b/haproxy/proxy/listen/cicd/gerrit.yml
@@ -1,3 +1,5 @@
+classes:
+ - system.salt.minion.cert.proxy.drivetrain_ssl
parameters:
_param:
haproxy_gerrit_bind_host: ${_param:haproxy_bind_address}
@@ -5,7 +7,8 @@
haproxy_gerrit_ssh_bind_host: ${_param:haproxy_gerrit_bind_host}
haproxy_gerrit_ssh_bind_port: 29418
haproxy_gerrit_ssl:
- enabled: false
+ enabled: true
+ pem_file: /etc/haproxy/ssl/drivetrain.pem
haproxy:
proxy:
listen:
diff --git a/haproxy/proxy/listen/cicd/jenkins.yml b/haproxy/proxy/listen/cicd/jenkins.yml
index d8c67d0..9f3bf07 100644
--- a/haproxy/proxy/listen/cicd/jenkins.yml
+++ b/haproxy/proxy/listen/cicd/jenkins.yml
@@ -1,3 +1,5 @@
+classes:
+ - system.salt.minion.cert.proxy.drivetrain_ssl
parameters:
_param:
haproxy_jenkins_bind_host: ${_param:haproxy_bind_address}
@@ -5,7 +7,8 @@
haproxy_jenkins_jnlp_bind_host: ${_param:haproxy_jenkins_bind_host}
haproxy_jenkins_jnlp_bind_port: 50000
haproxy_jenkins_ssl:
- enabled: false
+ enabled: true
+ pem_file: /etc/haproxy/ssl/drivetrain.pem
haproxy:
proxy:
listen:
diff --git a/jenkins/client/approved_scripts.yml b/jenkins/client/approved_scripts.yml
index f15b370..d7a21be 100644
--- a/jenkins/client/approved_scripts.yml
+++ b/jenkins/client/approved_scripts.yml
@@ -138,6 +138,7 @@
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getAt java.lang.String int
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getAt java.util.Collection java.lang.String
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getAt java.util.List groovy.lang.Range
+ - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getAt java.util.regex.Matcher java.util.Collection
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getBytes java.io.File
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods getText java.io.InputStream
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods hasProperty java.lang.Object java.lang.String
diff --git a/jenkins/client/init.yml b/jenkins/client/init.yml
index 11b5430..aa8cf0d 100644
--- a/jenkins/client/init.yml
+++ b/jenkins/client/init.yml
@@ -18,6 +18,7 @@
master:
host: ${_param:jenkins_master_host}
port: ${_param:jenkins_master_port}
+ proto: https
username: ${_param:jenkins_client_user}
password: ${_param:jenkins_client_password}
lib:
diff --git a/salt/minion/cert/proxy/drivetrain_ssl.yml b/salt/minion/cert/proxy/drivetrain_ssl.yml
new file mode 100644
index 0000000..aecb5fb
--- /dev/null
+++ b/salt/minion/cert/proxy/drivetrain_ssl.yml
@@ -0,0 +1,18 @@
+parameters:
+ salt:
+ minion:
+ cert:
+ gerrit:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: drivetrain
+ signing_policy: cert_server
+ alternative_names: "DNS:${_param:cluster_public_host}, DNS:*.${_param:cluster_public_host}, DNS:${_param:cicd_control_address}, IP:${_param:cicd_control_address}"
+ key_file: /etc/haproxy/ssl/drivetrain.key
+ cert_file: /etc/haproxy/ssl/drivetrain.crt
+ ca_file: /etc/ssl/certs/ca-${_param:salt_minion_ca_authority}.pem
+ all_file: /etc/haproxy/ssl/drivetrain.pem
+ user: root
+ group: haproxy
+ mode: 640
+ enabled: true