Merge "Add extra_repo_url in image building jobs"
diff --git a/.releasenotes/notes/add_ssl_support_oss-ea1eb1e086d08e3c.yaml b/.releasenotes/notes/add_ssl_support_oss-ea1eb1e086d08e3c.yaml
new file mode 100644
index 0000000..082e12f
--- /dev/null
+++ b/.releasenotes/notes/add_ssl_support_oss-ea1eb1e086d08e3c.yaml
@@ -0,0 +1,63 @@
+-----
+upgrades:
+ - |
+ Added SSL support for the followibg cloud-monitoring services:
+
+ * Rundeck CIS Collectors
+
+ To provide ssl support for CIS, set up ``cert`` and ``ssl_cert_file``
+ on a cluster level metadata:
+
+ .. code-block:: yaml
+
+ rundeck_cis_openstack:
+ auth_url: ${_param:oss_openstack_auth_url}/auth/tokens
+ username: ${_param:oss_openstack_username}
+ password: ${_param:oss_openstack_password}
+ cert: |
+ -----BEGIN CERTIFICATE-----
+ MIIE0DCCA7igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx
+ -----END CERTIFICATE-----
+ ssl_cert_file: cert.pem
+
+ If all parameters are defined properly, Rundeck enables the ssl support
+ automatically.
+
+ * Cleanup Service
+
+ To provide ssl support for Cleanup Service, specify the cert path
+ and set the ``ssl_verify`` variable to ``True`` on a cluster level
+ metadata:
+
+ .. code-block:: yaml
+
+ janitor_monkey_openstack:
+ username: ${_param:oss_openstack_username}
+ password: ${_param:oss_openstack_password}
+ auth_url: ${_param:oss_openstack_auth_url}
+ ssl_verify: True
+ cacert_path: ${_param:oss_openstack_cert_path}
+
+ * Security Audit Service
+
+ To provide ssl support for Security audit Service, provide cert path,
+ set the ``ssl_verify`` variable to ``True``, and select the endpoint
+ type for cloud connections on a cluster level metadata:
+
+ .. code-block:: yaml
+
+ security_monkey_openstack:
+ username: ${_param:oss_openstack_username}
+ password: ${_param:oss_openstack_password}
+ auth_url: ${_param:oss_openstack_auth_url}
+ ssl_verify: True
+ endpoint_type: public
+ cacert_path: ${_param:oss_openstack_cert_path}
+
+ .. note:: By default, the ``cacert_path`` variable is defined as
+ follows:
+
+ .. code-block:: yaml
+
+ oss_openstack_cert_path: /srv/volumes/rundeck/storage/content/keys/cis/openstack/cert.pem
+
diff --git a/docker/init.yml b/docker/init.yml
new file mode 100644
index 0000000..8ef5e2c
--- /dev/null
+++ b/docker/init.yml
@@ -0,0 +1,6 @@
+parameters:
+ _param:
+ http_proxy: ""
+ docker_http_proxy: ${_param:http_proxy}
+ docker_https_proxy: ${_param:docker_http_proxy}
+ docker_no_proxy: ""
diff --git a/docker/swarm/stack/aptly.yml b/docker/swarm/stack/aptly.yml
index 5570c40..36c719b 100644
--- a/docker/swarm/stack/aptly.yml
+++ b/docker/swarm/stack/aptly.yml
@@ -1,3 +1,5 @@
+classes:
+- system.docker
parameters:
_param:
docker_image_aptly:
@@ -9,6 +11,8 @@
aptly:
environment:
EMAIL_ADDRESS: ${_param:admin_email}
+ https_proxy: ${_param:docker_https_proxy}
+ http_proxy: ${_param:docker_http_proxy}
service:
api:
deploy:
diff --git a/docker/swarm/stack/gerrit.yml b/docker/swarm/stack/gerrit.yml
index 95bc233..49d0a11 100644
--- a/docker/swarm/stack/gerrit.yml
+++ b/docker/swarm/stack/gerrit.yml
@@ -1,3 +1,5 @@
+classes:
+- system.docker
parameters:
_param:
docker_image_gerrit: tcpcloud/gerrit:2.13.6
@@ -8,6 +10,7 @@
gerrit_ldap_account_base: ""
gerrit_ldap_group_base: ""
gerrit_http_listen_url: http://*:8080/
+ gerrit_extra_opts: ""
docker:
client:
stack:
@@ -45,6 +48,10 @@
GERRIT_ADMIN_PWD: ${_param:gerrit_admin_password}
GERRIT_ADMIN_EMAIL: ${_param:gerrit_admin_email}
CANLOADINIFRAME: "true"
+ JAVA_OPTIONS: ${_param:gerrit_extra_opts}
+ https_proxy: ${_param:docker_https_proxy}
+ http_proxy: ${_param:docker_http_proxy}
+ no_proxy: ${_param:docker_no_proxy}
db:
environment:
MYSQL_USER: gerrit
diff --git a/docker/swarm/stack/jenkins/master.yml b/docker/swarm/stack/jenkins/master.yml
index 33ade24..f40d6cd 100644
--- a/docker/swarm/stack/jenkins/master.yml
+++ b/docker/swarm/stack/jenkins/master.yml
@@ -1,3 +1,5 @@
+classes:
+- system.docker
parameters:
_param:
docker_image_jenkins: tcpcloud/jenkins:2.73
@@ -13,6 +15,9 @@
JENKINS_HOME: /var/jenkins_home
JAVA_OPTS: " -server -XX:+AlwaysPreTouch -Xloggc:$JENKINS_HOME/gc-%t.log -XX:NumberOfGCLogFiles=5 -XX:+UseGCLogFileRotation -XX:GCLogFileSize=20m -XX:+PrintGC -XX:+PrintGCDateStamps -XX:+PrintGCDetails -XX:+PrintHeapAtGC -XX:+PrintGCCause -XX:+PrintTenuringDistribution -XX:+PrintReferenceGC -XX:+PrintAdaptiveSizePolicy -XX:+UseG1GC -XX:+ExplicitGCInvokesConcurrent -XX:+ParallelRefProcEnabled -XX:+UseStringDeduplication -XX:+UnlockExperimentalVMOptions -XX:G1NewSizePercent=20 -XX:+UnlockDiagnosticVMOptions -XX:G1SummarizeRSetStatsPeriod=1 -Djenkins.install.runSetupWizard=false -Dhudson.DNSMultiCast.disabled=true -Dhudson.udp=-1 -Dhudson.footerURL=https://www.mirantis.com ${_param:jenkins_master_extra_opts}"
JENKINS_NUM_EXECUTORS: ${_param:jenkins_master_executors_num}
+ https_proxy: ${_param:docker_https_proxy}
+ http_proxy: ${_param:docker_http_proxy}
+ no_proxy: ${_param:docker_no_proxy}
deploy:
restart_policy:
condition: any
diff --git a/docker/swarm/stack/jenkins/slave.yml b/docker/swarm/stack/jenkins/slave.yml
index fc281b7..12a14d4 100644
--- a/docker/swarm/stack/jenkins/slave.yml
+++ b/docker/swarm/stack/jenkins/slave.yml
@@ -1,3 +1,5 @@
+classes:
+- system.docker
parameters:
_param:
docker_image_jenkins_slave: tcpcloud/jnlp-slave
@@ -7,6 +9,7 @@
jenkins_master_url: http://${_param:jenkins_master_host}:${_param:jenkins_master_port}
jenkins_slave_user: ${_param:jenkins_client_user}
jenkins_slave_password: ${_param:jenkins_client_password}
+ jenkins_slave_extra_opts: ""
docker:
client:
stack:
@@ -19,6 +22,10 @@
JENKINS_UPDATE_SLAVE: 'true'
JENKINS_LOGIN: ${_param:jenkins_slave_user}
JENKINS_PASSWORD: ${_param:jenkins_slave_password}
+ JAVA_OPTS: ${_param:jenkins_slave_extra_opts}
+ https_proxy: ${_param:docker_https_proxy}
+ http_proxy: ${_param:docker_http_proxy}
+ no_proxy: ${_param:docker_no_proxy}
deploy:
restart_policy:
condition: any
@@ -39,6 +46,10 @@
JENKINS_UPDATE_SLAVE: 'true'
JENKINS_LOGIN: ${_param:jenkins_slave_user}
JENKINS_PASSWORD: ${_param:jenkins_slave_password}
+ JAVA_OPTS: ${_param:jenkins_slave_extra_opts}
+ https_proxy: ${_param:docker_https_proxy}
+ http_proxy: ${_param:docker_http_proxy}
+ no_proxy: ${_param:docker_no_proxy}
deploy:
restart_policy:
condition: any
@@ -59,6 +70,10 @@
JENKINS_UPDATE_SLAVE: 'true'
JENKINS_LOGIN: ${_param:jenkins_slave_user}
JENKINS_PASSWORD: ${_param:jenkins_slave_password}
+ JAVA_OPTS: ${_param:jenkins_slave_extra_opts}
+ https_proxy: ${_param:docker_https_proxy}
+ http_proxy: ${_param:docker_http_proxy}
+ no_proxy: ${_param:docker_no_proxy}
deploy:
restart_policy:
condition: any
diff --git a/jenkins/client/job/git-mirrors/upstream/init.yml b/jenkins/client/job/git-mirrors/upstream/init.yml
index e11e63c..cc267d9 100644
--- a/jenkins/client/job/git-mirrors/upstream/init.yml
+++ b/jenkins/client/job/git-mirrors/upstream/init.yml
@@ -25,7 +25,8 @@
project:
"{{downstream}}":
branches:
- - master
+ - compare_type: "REG_EXP"
+ name: "(.*?)"
message:
build_successful: "Build successful"
build_unstable: "Build unstable"