Merge "Adding a new job for OSCORE CI"
diff --git a/docker/client/compose/service/jenkins.yml b/docker/client/compose/service/jenkins.yml
index 2cd8c88..7db9da5 100644
--- a/docker/client/compose/service/jenkins.yml
+++ b/docker/client/compose/service/jenkins.yml
@@ -2,7 +2,7 @@
- system.docker.client.compose
parameters:
_param:
- docker_image_jenkins: tcpcloud/jenkins:2.99
+ docker_image_jenkins: tcpcloud/jenkins:2.100
jenkins_master_extra_opts: ""
jenkins_master_executors_num: 4
jenkins_master_max_concurent_requests: 40
diff --git a/docker/swarm/stack/jenkins/master.yml b/docker/swarm/stack/jenkins/master.yml
index 9702392..d08bf71 100644
--- a/docker/swarm/stack/jenkins/master.yml
+++ b/docker/swarm/stack/jenkins/master.yml
@@ -2,7 +2,7 @@
- system.docker
parameters:
_param:
- docker_image_jenkins: tcpcloud/jenkins:2.99
+ docker_image_jenkins: tcpcloud/jenkins:2.100
jenkins_master_extra_opts: ""
jenkins_master_executors_num: 4
jenkins_master_max_concurent_requests: 40
diff --git a/jenkins/client/job/oscore/tests.yml b/jenkins/client/job/oscore/tests.yml
index 89ebd7d..7a5c671 100644
--- a/jenkins/client/job/oscore/tests.yml
+++ b/jenkins/client/job/oscore/tests.yml
@@ -2,6 +2,129 @@
jenkins:
client:
job_template:
+ test-openstack-component-formula:
+ name: "{{job_prefix}}-formula-systest-{{model}}-{{openstack_version}}"
+ template:
+ discard:
+ build:
+ keep_num: 30
+ artifact:
+ keep_num: 30
+ type: workflow-scm
+ concurrent: true
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/openstack-ci/openstack-pipelines.git"
+ credentials: "gerrit"
+ branch: 'master'
+ script: test-openstack-component-pipeline.groovy
+ param:
+ # general
+ HEAT_STACK_ZONE:
+ type: string
+ description: AZ
+ default: "mcp-oscore-ci"
+ OPENSTACK_VERSION:
+ type: string
+ description: Version of openstack to test
+ default: "{{openstack_version}}"
+ PROJECT:
+ type: string
+ description: Project to test
+ default: "all"
+ STACK_TEST_JOB:
+ type: string
+ description: Job for environment deployment
+ default: "{{stack_test_job}}"
+ STACK_TYPE:
+ type: string
+ default: "{{stack_type}}"
+ STACK_INSTALL:
+ type: string
+ description: components to install
+ default: 'core,openstack,ovs'
+ STACK_DELETE:
+ type: boolean
+ default: 'true'
+ description: Don't enable it if you need to use the lab after
+ STACK_CLEANUP_JOB:
+ type: string
+ default: "{{stack_cleanup_job}}"
+ STACK_RECLASS_ADDRESS:
+ type: string
+ default: '{{stack_reclass_address}}'
+ description: 'Url to repository with stack salt models'
+ STACK_RECLASS_BRANCH:
+ type: string
+ default: '{{stack_reclass_branch}}'
+ description: 'Branch of repository with stack salt models'
+ # salt
+ SALT_OVERRIDES:
+ type: text
+ default: ""
+ description: YAML with overrides for Salt deployment
+ FORMULA_PKG_REVISION:
+ type: string
+ description: Version of formulas for salt-master bootstrap
+ default: "{{formula_pkg_revision}}"
+ # openstack api
+ OPENSTACK_API_URL:
+ type: string
+ default: "https://cloud-cz.bud.mirantis.net:5000"
+ OPENSTACK_API_CREDENTIALS:
+ type: string
+ default: "openstack-devcloud-credentials"
+ OPENSTACK_API_PROJECT:
+ type: string
+ default: "mcp-oscore-ci"
+ OPENSTACK_API_PROJECT_DOMAIN:
+ type: string
+ default: "default"
+ OPENSTACK_API_PROJECT_ID:
+ type: string
+ default: ""
+ OPENSTACK_API_USER_DOMAIN:
+ type: string
+ default: "default"
+ OPENSTACK_API_CLIENT:
+ type: string
+ default: ""
+ OPENSTACK_API_VERSION:
+ type: string
+ default: "3"
+ # test
+ TEST_TEMPEST_CONF:
+ type: string
+ description: Tempest configuration file path inside container
+ default: "{{tempest_conf}}"
+ TEST_TEMPEST_TARGET:
+ type: string
+ description: Node to run tests
+ default: "{{tempest_target}}"
+ TEST_TEMPEST_PATTERN:
+ type: string
+ description: Run tests matched to pattern only
+ default: "tempest"
+ TEST_MODEL:
+ type: string
+ description: Environment salt model
+ default: "{{model}}"
+ TEST_PASS_THRESHOLD:
+ type: string
+ description: Tests pass rate to consider build successful
+ default: "{{test_threshold}}"
+ TESTRAIL:
+ type: boolean
+ default: 'false'
+ description: Whether to upload results to testrail
+ FAIL_ON_TESTS:
+ type: boolean
+ default: 'true'
+ description: Whether to fail build on test results
+ BOOTSTRAP_EXTRA_REPO_PARAMS:
+ type: string
+ default: ""
+ description: "Defines a list of extra repos with parameters, format: repo 1, repo priority 1, repo pin 1; repo 2, repo priority 2, repo pin 2"
test-openstack-component-periodic:
name: "{{job_prefix}}-{{milestone}}-{{model}}-{{openstack_version}}-{{formula_pkg_revision}}"
template:
diff --git a/nginx/server/proxy/openstack/glare.yml b/nginx/server/proxy/openstack/glare.yml
new file mode 100644
index 0000000..ac16abc
--- /dev/null
+++ b/nginx/server/proxy/openstack/glare.yml
@@ -0,0 +1,22 @@
+parameters:
+ _param:
+ nginx_proxy_openstack_api_host: ${_param:cluster_public_host}
+ nginx:
+ server:
+ enabled: true
+ site:
+ nginx_proxy_openstack_api_glare:
+ enabled: true
+ type: nginx_proxy
+ name: openstack_api_glare
+ underscores_in_headers: true
+ check: false
+ proxy:
+ host: ${_param:nginx_proxy_openstack_api_proxy_host}
+ port: 9494
+ protocol: http
+ size: 30000m
+ host:
+ name: ${_param:nginx_proxy_openstack_api_host}
+ port: 9494
+ ssl: ${_param:nginx_proxy_ssl}
diff --git a/opencontrail/compute/upgrade.yml b/opencontrail/compute/upgrade.yml
new file mode 100644
index 0000000..d1e4894
--- /dev/null
+++ b/opencontrail/compute/upgrade.yml
@@ -0,0 +1,14 @@
+parameters:
+ opencontrail:
+ compute:
+ control:
+ members:
+ - host: ${_param:opencontrail_control_node01_address}
+ - host: ${_param:opencontrail_control_node02_address}
+ collector:
+ members:
+ - host: ${_param:opencontrail_analytics_node01_address}
+ - host: ${_param:opencontrail_analytics_node02_address}
+ - host: ${_param:opencontrail_analytics_node03_address}
+ discovery:
+ enabled: False
diff --git a/salt/minion/cert/k8s_client.yml b/salt/minion/cert/k8s_client.yml
index 06d83c4..be262b5 100644
--- a/salt/minion/cert/k8s_client.yml
+++ b/salt/minion/cert/k8s_client.yml
@@ -8,6 +8,34 @@
key_file: /etc/kubernetes/ssl/kubelet-client.key
cert_file: /etc/kubernetes/ssl/kubelet-client.crt
ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
- common_name: kubelet-client
+ common_name: system:node:${linux:system:name}
+ organization_name: system:nodes
signing_policy: cert_client
- alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
\ No newline at end of file
+ alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
+ k8s_proxy:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kube-proxy-client.key
+ cert_file: /etc/kubernetes/ssl/kube-proxy-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:kube-proxy
+ signing_policy: cert_client
+ alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
+ k8s_scheduler:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kube-scheduler-client.key
+ cert_file: /etc/kubernetes/ssl/kube-scheduler-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:kube-scheduler
+ signing_policy: cert_client
+ alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
+ k8s_controller_manager:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kube-controller-manager-client.key
+ cert_file: /etc/kubernetes/ssl/kube-controller-manager-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:kube-controller-manager
+ signing_policy: cert_client
+ alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
diff --git a/salt/minion/cert/k8s_client_single.yml b/salt/minion/cert/k8s_client_single.yml
index 179d534..e9c7d79 100644
--- a/salt/minion/cert/k8s_client_single.yml
+++ b/salt/minion/cert/k8s_client_single.yml
@@ -8,6 +8,34 @@
key_file: /etc/kubernetes/ssl/kubelet-client.key
cert_file: /etc/kubernetes/ssl/kubelet-client.crt
ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
- common_name: kubelet-client
+ common_name: system:node:${linux:system:name}
+ organization_name: system:nodes
signing_policy: cert_client
- alternative_names: IP:${_param:control_address},IP:${_param:kubernetes_internal_api_address}
\ No newline at end of file
+ alternative_names: IP:${_param:control_address},IP:${_param:kubernetes_internal_api_address}
+ k8s_proxy:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kube-proxy-client.key
+ cert_file: /etc/kubernetes/ssl/kube-proxy-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:kube-proxy
+ signing_policy: cert_client
+ alternative_names: IP:${_param:control_address},IP:${_param:kubernetes_internal_api_address}
+ k8s_scheduler:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kube-scheduler-client.key
+ cert_file: /etc/kubernetes/ssl/kube-scheduler-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:kube-scheduler
+ signing_policy: cert_client
+ alternative_names: IP:${_param:control_address},IP:${_param:kubernetes_internal_api_address}
+ k8s_controller_manager:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kube-controller-manager-client.key
+ cert_file: /etc/kubernetes/ssl/kube-controller-manager-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:kube-controller-manager
+ signing_policy: cert_client
+ alternative_names: IP:${_param:control_address},IP:${_param:kubernetes_internal_api_address}