Merge "Move octavia certs to salt master"
diff --git a/barbican/client/v1/init.yml b/barbican/client/v1/init.yml
index c582343..352520d 100644
--- a/barbican/client/v1/init.yml
+++ b/barbican/client/v1/init.yml
@@ -1,5 +1,6 @@
-barbican:
- client:
- resources:
- v1:
- enabled: true
\ No newline at end of file
+parameters:
+ barbican:
+ client:
+ resources:
+ v1:
+ enabled: true
\ No newline at end of file
diff --git a/barbican/client/v1/signed_images/octavia.yml b/barbican/client/v1/signed_images/octavia.yml
index c348674..ae708cf 100644
--- a/barbican/client/v1/signed_images/octavia.yml
+++ b/barbican/client/v1/signed_images/octavia.yml
@@ -1,3 +1,6 @@
+classes:
+- system.barbican.client.v1.octavia
+
parameters:
_param:
octavia_image_cert_key: '/etc/octavia/certs/image.key'
diff --git a/docker/swarm/stack/monitoring/gainsight.yml b/docker/swarm/stack/monitoring/gainsight.yml
index 755fbf8..554c8ec 100644
--- a/docker/swarm/stack/monitoring/gainsight.yml
+++ b/docker/swarm/stack/monitoring/gainsight.yml
@@ -14,6 +14,7 @@
gainsight_config_directory: '/srv/gainsight'
gainsight_crontab_directory: '/etc/cron.d'
gainsight_config_path: "${_param:gainsight_config_directory}/config.ini"
+ gainsight_csv_retention: 180
docker:
client:
stack:
@@ -39,6 +40,7 @@
volumes:
- ${prometheus:gainsight:dir:config}:${_param:gainsight_config_directory}
- ${prometheus:gainsight:dir:crontab}:${_param:gainsight_crontab_directory}
+ - ${prometheus:gainsight:dir:csv}:/opt/gainsight/csv
environment:
CSV_UPLOAD_URL: "${_param:gainsight_csv_upload_url}"
ACCOUNT_ID: "${_param:gainsight_account_id}"
@@ -50,3 +52,4 @@
PROMETHEUS_URL: "${_param:gainsight_prometheus_url}"
CONFIG_PATH: "${_param:gainsight_config_path}"
ENABLED: "${_param:gainsight_enabled}"
+ RETENTION: ${_param:gainsight_csv_retention}
diff --git a/docker/swarm/stack/monitoring/gainsight_elasticsearch.yml b/docker/swarm/stack/monitoring/gainsight_elasticsearch.yml
index f960fdc..d8649ed 100644
--- a/docker/swarm/stack/monitoring/gainsight_elasticsearch.yml
+++ b/docker/swarm/stack/monitoring/gainsight_elasticsearch.yml
@@ -14,6 +14,7 @@
gainsight_elasticsearch_config_directory: '/srv/gainsight'
gainsight_elasticsearch_crontab_directory: '/etc/cron.d'
gainsight_elasticsearch_config_path: "${_param:gainsight_elasticsearch_config_directory}/config.ini"
+ gainsight_elasticsearch_csv_retention: 180
docker:
client:
stack:
@@ -39,6 +40,7 @@
volumes:
- ${prometheus:gainsight_elasticsearch:dir:config}:${_param:gainsight_elasticsearch_config_directory}
- ${prometheus:gainsight_elasticsearch:dir:crontab}:${_param:gainsight_elasticsearch_crontab_directory}
+ - ${prometheus:gainsight_elasticsearch:dir:csv}:/opt/gainsight/csv
environment:
CSV_UPLOAD_URL: "${_param:gainsight_elasticsearch_csv_upload_url}"
ACCOUNT_ID: "${_param:gainsight_elasticsearch_account_id}"
@@ -50,3 +52,4 @@
ELASTICSEARCH_HOST: "${_param:gainsight_elasticsearch_elasticsearch_vip}"
CONFIG_PATH: "${_param:gainsight_elasticsearch_config_path}"
ENABLED: "${_param:gainsight_elasticsearch_enabled}"
+ RETENTION: ${_param:gainsight_elasticsearch_csv_retention}
diff --git a/docker/swarm/stack/monitoring/sf_notifier.yml b/docker/swarm/stack/monitoring/sf_notifier.yml
index a66286a..a171ce8 100644
--- a/docker/swarm/stack/monitoring/sf_notifier.yml
+++ b/docker/swarm/stack/monitoring/sf_notifier.yml
@@ -41,4 +41,4 @@
SFDC_PASSWORD: "${_param:sf_notifier_sfdc_password}"
SFDC_ORGANIZATION_ID: "${_param:sf_notifier_sfdc_organization_id}"
SFDC_ENVIRONMENT_ID: "${_param:sf_notifier_sfdc_environment_id}"
- SFDC_SANDBOX_ENABLED: ${_param:sf_notifier_sfdc_sandbox_enabled}
+ SFDC_SANDBOX_ENABLED: "${_param:sf_notifier_sfdc_sandbox_enabled}"
diff --git a/jenkins/client/job/deploy/update/kubernetes_update.yml b/jenkins/client/job/deploy/update/kubernetes_update.yml
index 4e511b1..6b94dc3 100644
--- a/jenkins/client/job/deploy/update/kubernetes_update.yml
+++ b/jenkins/client/job/deploy/update/kubernetes_update.yml
@@ -27,11 +27,11 @@
param:
KUBERNETES_HYPERKUBE_IMAGE:
type: string
- default: "${_param:kubernetes_hyperkube_repo}/hyperkube-amd64:v1.11.3-2"
+ default: "${_param:kubernetes_hyperkube_repo}/hyperkube-amd64:v1.12.3-2"
description: "Versioned image to update control plane from. Should be null if update rolling via reclass-system level"
KUBERNETES_PAUSE_IMAGE:
type: string
- default: "${_param:kubernetes_hyperkube_repo}/pause-amd64:v1.11.3-2"
+ default: "${_param:kubernetes_hyperkube_repo}/pause-amd64:v1.12.3-2"
description: "Versioned pause image to use in deployments. Should be null if update rolling via reclass-system level"
SALT_MASTER_URL:
type: string
diff --git a/kubernetes/common/init.yml b/kubernetes/common/init.yml
index d015a80..c1a8bd6 100644
--- a/kubernetes/common/init.yml
+++ b/kubernetes/common/init.yml
@@ -22,21 +22,22 @@
kubernetes_ingressnginx_repo: ${_param:mcp_docker_registry}/mirantis/kubernetes-ingress-nginx
kubernetes_corends_etcd_operator_repo: quay.io/coreos
kubernetes_containerd_repo: https://github.com/kubernetes-sigs/cri-tools/releases/download
+ kubernetes_openstack_provider_repo: ${_param:mcp_binary_registry}/mirantis/kubernetes/cloud-provider-openstack
# component images/binaries
- kubernetes_calico_image: ${_param:kubernetes_calico_repo}/node:v3.1.3
- kubernetes_calico_kube_controllers_image: ${_param:kubernetes_calico_kube_ctl_repo}/kube-controllers:v3.1.3
- kubernetes_calico_calicoctl_source: ${_param:kubernetes_calico_calicoctl_repo}/calicoctl-v3.1.3
- kubernetes_calico_calicoctl_source_hash: md5=4fa504cd4c545fe2a5d6106f5379c307
- kubernetes_calico_birdcl_source: ${_param:kubernetes_calico_birdcl_repo}/birdcl-v0.3.2-17-20180926111644
- kubernetes_calico_birdcl_source_hash: md5=256a70c67892eb79b74a8fb4e1d22b9b
- kubernetes_calico_cni_source: ${_param:kubernetes_calico_cni_repo}/calico-v3.1.3-15-20181105142706
- kubernetes_calico_cni_source_hash: md5=2f79e8f3ecb4c7d2e357333a01f781d1
- kubernetes_calico_cni_ipam_source: ${_param:kubernetes_calico_cni_repo}/calico-ipam-v3.1.3-15-20181105142706
- kubernetes_calico_cni_ipam_source_hash: md5=f70bea0c60724f56ddb9447fd8862bac
- kubernetes_hyperkube_source: ${_param:kubernetes_hyperkube_repo}/hyperkube_v1.11.3-2_1536938897511
- kubernetes_hyperkube_source_hash: md5=159910d99c3ccf77d1e0f7b346edaf40
- kubernetes_pause_image: ${_param:mcp_docker_registry}/mirantis/kubernetes/pause-amd64:v1.11.3-2
+ kubernetes_calico_image: ${_param:kubernetes_calico_repo}/node:v3.3.2
+ kubernetes_calico_kube_controllers_image: ${_param:kubernetes_calico_kube_ctl_repo}/kube-controllers:v3.3.2
+ kubernetes_calico_calicoctl_source: ${_param:kubernetes_calico_calicoctl_repo}/calicoctl-v3.3.2
+ kubernetes_calico_calicoctl_source_hash: md5=bb38517fdd6b8bb7c130ae7550a9d335
+ kubernetes_calico_birdcl_source: ${_param:kubernetes_calico_birdcl_repo}/birdcl-v0.3.3
+ kubernetes_calico_birdcl_source_hash: md5=0327442efd2592ddce449b66c5d0fc9d
+ kubernetes_calico_cni_source: ${_param:kubernetes_calico_cni_repo}/calico-v3.3.2
+ kubernetes_calico_cni_source_hash: md5=2544bc1865c1451cac7a61264c25a2cb
+ kubernetes_calico_cni_ipam_source: ${_param:kubernetes_calico_cni_repo}/calico-ipam-v3.3.2
+ kubernetes_calico_cni_ipam_source_hash: md5=b22623eeea3b29ba8ec071d859ac7055
+ kubernetes_hyperkube_source: ${_param:kubernetes_hyperkube_repo}/hyperkube_v1.12.3-2_1544133573591
+ kubernetes_hyperkube_source_hash: md5=fc23eaf3ba63d9ed9d141f465f584012
+ kubernetes_pause_image: ${_param:mcp_docker_registry}/mirantis/kubernetes/pause-amd64:v1.12.3-2
kubernetes_virtlet_image: ${_param:kubernetes_virtlet_repo}/virtlet:v1.4.1
kubernetes_criproxy_version: v0.12.0
kubernetes_criproxy_checksum: md5=371cacd3d8568eb88425498b48a649dd
@@ -46,27 +47,27 @@
kubernetes_dnsmasq_image: ${_param:kubernetes_kubedns_repo}/k8s-dns-dnsmasq-amd64:1.14.5
kubernetes_sidecar_image: ${_param:kubernetes_kubedns_repo}/k8s-dns-sidecar-amd64:1.14.5
kubernetes_dns_autoscaler_image: ${_param:kubernetes_kubedns_repo}/cluster-proportional-autoscaler-amd64:1.0.0
- kubernetes_externaldns_image: ${_param:kubernetes_externaldns_repo}/external-dns:v0.5.6-2
- kubernetes_genie_source: ${_param:kubernetes_genie_repo}/genie_v1.0-191-g9902422
- kubernetes_genie_source_hash: md5=1f0b0434e9ba2bc3b6c7945b3dce4294
+ kubernetes_externaldns_image: ${_param:kubernetes_externaldns_repo}/external-dns:v0.5.9-3
+ kubernetes_genie_source: ${_param:kubernetes_genie_repo}/genie_v2.0-1-g209d3c4
+ kubernetes_genie_source_hash: md5=fa7a27ecbb9f800c1b705f87c64f6226
kubernetes_flannel_image: ${_param:kubernetes_flannel_repo}/flannel:v0.10.0-amd64
kubernetes_metallb_controller_image: ${_param:kubernetes_metallb_repo}/controller:v0.7.3-2
kubernetes_metallb_speaker_image: ${_param:kubernetes_metallb_repo}/speaker:v0.7.3-2
kubernetes_sriov_source: ${_param:kubernetes_sriov_repo}/sriov_v0.3-9-g3b31f1a
kubernetes_sriov_source_hash: md5=cd9ea01e80d260218260314447c23b30
- kubernetes_cniplugins_source: ${_param:kubernetes_cniplugins_repo}/containernetworking-plugins_v0.7.2-96-g8bc4cc0.tar.gz
- kubernetes_cniplugins_source_hash: md5=1beef018ea8988f53356314ed020fefa
+ kubernetes_cniplugins_source: ${_param:kubernetes_cniplugins_repo}/containernetworking-plugins_v0.7.2-151-g1d23302.tar.gz
+ kubernetes_cniplugins_source_hash: md5=bb42444166a89ef6832529e9e39d000d
kubernetes_dashboard_image: ${_param:kubernetes_dashboard_repo}/kubernetes-dashboard-amd64:v1.10.0-4
kubernetes_telegraf_image: ${_param:mcp_docker_registry}/openstack-docker/telegraf:2018.8.0
- kubernetes_coredns_image: ${_param:kubernetes_coredns_repo}/coredns:v1.2.2-12
- kubernetes_ingressnginx_controller_image: ${_param:kubernetes_ingressnginx_repo}/nginx-ingress-controller-amd64:nginx-0.19.0-1
- kubernetes_corends_etcd_operator_image: ${_param:kubernetes_corends_etcd_operator_repo}/etcd-operator:v0.9.2
+ kubernetes_coredns_image: ${_param:kubernetes_coredns_repo}/coredns:v1.2.6-4
+ kubernetes_ingressnginx_controller_image: ${_param:kubernetes_ingressnginx_repo}/nginx-ingress-controller-amd64:nginx-0.21.0-3
+ kubernetes_corends_etcd_operator_image: ${_param:kubernetes_corends_etcd_operator_repo}/etcd-operator:v0.9.3
kubernetes_containerd_source: ${_param:kubernetes_containerd_repo}/v1.12.0/crictl-v1.12.0-linux-amd64.tar.gz
kubernetes_containerd_source_hash: md5=ff60b9ddfa5617f7ed14b3f3b6a60056
# images for formula compatibility
- kubernetes_hyperkube_image: ${_param:mcp_docker_registry}/mirantis/kubernetes/hyperkube-amd64:v1.11.3-2
- kubernetes_calico_cni_image: ${_param:mcp_docker_registry}/mirantis/projectcalico/calico/cni:v3.1.3
- kubernetes_calico_calicoctl_image: ${_param:mcp_docker_registry}/mirantis/projectcalico/calico/ctl:v3.1.3
+ kubernetes_hyperkube_image: ${_param:mcp_docker_registry}/mirantis/kubernetes/hyperkube-amd64:v1.12.3-2
+ kubernetes_calico_cni_image: ${_param:mcp_docker_registry}/mirantis/projectcalico/calico/cni:v3.3.2
+ kubernetes_calico_calicoctl_image: ${_param:mcp_docker_registry}/mirantis/projectcalico/calico/ctl:v3.3.2
kubernetes_containerd_package: containerd.io=1.2.0-1
kubernetes_opencontrail_controller_image: ${_param:kubernetes_contrail_registry}/opencontrail-controller:${_param:mcp_version}
@@ -111,6 +112,25 @@
kubernetes_telegraf_agent_quiet: false
kubernetes_telegraf_agent_omit_hostname: false
+ # Cloud providers parameters
+
+ kubernetes_cloudprovider_enabled: false
+ kubernetes_cloudprovider_type: openstack
+
+ # OpenStack cloud provider
+
+ kubernetes_openstack_provider_binary: ${_param:kubernetes_openstack_provider_repo}/openstack-cloud-controller-manager_v0.3.0-1_1543239267245
+ kubernetes_openstack_provider_binary_hash: md5=0d85b5877e9872690390f5b87e45efba
+ kubernetes_openstack_provider_cloud_user: admin
+ kubernetes_openstack_provider_cloud_password: secret
+ kubernetes_openstack_provider_cloud_auth_url: http://127.0.0.1:5000/v3
+ kubernetes_openstack_provider_cloud_tenant_id: tenant_id
+ kubernetes_openstack_provider_cloud_domain_id: default
+ kubernetes_openstack_provider_cloud_region: RegionOne
+ kubernetes_openstack_provider_lbaas_subnet_id: subnet_id
+ kubernetes_openstack_provider_floating_net_id: floating_net_id
+
+
linux:
system:
kernel:
@@ -134,6 +154,20 @@
plugins:
source: ${_param:kubernetes_cniplugins_source}
hash: ${_param:kubernetes_cniplugins_source_hash}
+ cloudprovider:
+ enabled: ${_param:kubernetes_cloudprovider_enabled}
+ provider: ${_param:kubernetes_cloudprovider_type}
+ params:
+ binary: ${_param:kubernetes_openstack_provider_binary}
+ binary_hash: ${_param:kubernetes_openstack_provider_binary_hash}
+ username: ${_param:kubernetes_openstack_provider_cloud_user}
+ password: ${_param:kubernetes_openstack_provider_cloud_password}
+ auth_url: ${_param:kubernetes_openstack_provider_cloud_auth_url}
+ tenant_id: ${_param:kubernetes_openstack_provider_cloud_tenant_id}
+ domain_id: ${_param:kubernetes_openstack_provider_cloud_domain_id}
+ region: ${_param:kubernetes_openstack_provider_cloud_region}
+ subnet_id: ${_param:kubernetes_openstack_provider_lbaas_subnet_id}
+ floating_net_id: ${_param:kubernetes_openstack_provider_floating_net_id}
addons:
dashboard:
enabled: ${_param:kubernetes_dashboard_enabled}
diff --git a/opencontrail/control/analytics.yml b/opencontrail/control/analytics.yml
index 7471997..d6cff61 100644
--- a/opencontrail/control/analytics.yml
+++ b/opencontrail/control/analytics.yml
@@ -6,7 +6,7 @@
parameters:
_param:
opencontrail_kafka_log_cleanup_mtime: '+7'
- opencontrail_kafka_log_cleanup_dir: '/usr/share/kafka/logs/'
+ opencontrail_kafka_log_dir: '/usr/share/kafka/logs'
# Temprorary fix for MOS9 packages to pin old version of kafka
linux:
system:
@@ -22,7 +22,7 @@
- nf_conntrack_ipv4
job:
kafka_logs_cleanup:
- command: "find ${_param:opencontrail_kafka_log_cleanup_dir} -name '*.log.*' -type f -mtime ${_param:opencontrail_kafka_log_cleanup_mtime} -exec rm {} \\;"
+ command: "find ${_param:opencontrail_kafka_log_dir} -name '*.log.*' -type f -mtime ${_param:opencontrail_kafka_log_cleanup_mtime} -exec rm {} \\;"
identifier: kafka_logs_cleanup
hour: 0
minute: 0
diff --git a/opencontrail/control/analytics4_0.yml b/opencontrail/control/analytics4_0.yml
index f0cf352..ed6fb15 100644
--- a/opencontrail/control/analytics4_0.yml
+++ b/opencontrail/control/analytics4_0.yml
@@ -6,8 +6,9 @@
- system.haproxy.proxy.listen.opencontrail.analytics
parameters:
_param:
+ opencontrail_kafka_config_dir: '/usr/share/kafka/config'
opencontrail_kafka_log_cleanup_mtime: '+7'
- opencontrail_kafka_log_cleanup_dir: '/usr/share/kafka/logs/'
+ opencontrail_kafka_log_dir: '/usr/share/kafka/logs'
opencontrail_version: 4.0
linux_repo_contrail_component: oc40
opencontrail_image_tag: latest
@@ -27,7 +28,7 @@
- nf_conntrack_ipv4
job:
kafka_logs_cleanup:
- command: "find ${_param:opencontrail_kafka_log_cleanup_dir} -name '*.log.*' -type f -mtime ${_param:opencontrail_kafka_log_cleanup_mtime} -exec rm {} \\;"
+ command: "find ${_param:opencontrail_kafka_log_dir} -name '*.log.*' -type f -mtime ${_param:opencontrail_kafka_log_cleanup_mtime} -exec rm {} \\;"
identifier: kafka_logs_cleanup
hour: 0
minute: 0
@@ -101,10 +102,10 @@
- /var/lib/analyticsdb:/var/lib/cassandra
- /var/lib/analyticsdb_zookeeper_data:/var/lib/zookeeper
- /var/lib/zookeeper/myid:/var/lib/zookeeper/myid
- - /usr/share/kafka/config/server.properties:/usr/share/kafka/config/server.properties
- - /usr/share/kafka/config/consumer.properties:/usr/share/kafka/config/consumer.properties
- - /usr/share/kafka/config/zookeeper.properties:/usr/share/kafka/config/zookeeper.properties
- - /usr/share/kafka/logs:/usr/share/kafka/logs
+ - ${_param:opencontrail_kafka_config_dir}/server.properties:${_param:opencontrail_kafka_config_dir}/server.properties
+ - ${_param:opencontrail_kafka_config_dir}/consumer.properties:${_param:opencontrail_kafka_config_dir}/consumer.properties
+ - ${_param:opencontrail_kafka_config_dir}/zookeeper.properties:${_param:opencontrail_kafka_config_dir}/zookeeper.properties
+ - ${_param:opencontrail_kafka_log_dir}:${_param:opencontrail_kafka_log_dir}
- /etc/zookeeper/conf/zoo_analytics.cfg:/etc/zookeeper/conf/zoo.cfg
- /etc/zookeeper/conf/log4j.properties:/etc/zookeeper/conf/log4j.properties
- /var/log/contrail:/var/log/contrail
diff --git a/opencontrail/control/cluster.yml b/opencontrail/control/cluster.yml
index 28c12c4..33bfedc 100644
--- a/opencontrail/control/cluster.yml
+++ b/opencontrail/control/cluster.yml
@@ -7,7 +7,7 @@
parameters:
_param:
opencontrail_kafka_log_cleanup_mtime: '+7'
- opencontrail_kafka_log_cleanup_dir: '/usr/share/kafka/logs/'
+ opencontrail_kafka_log_dir: '/usr/share/kafka/logs'
# Temprorary fix for MOS9 packages to pin old version of kafka
linux:
system:
@@ -21,7 +21,7 @@
- nf_conntrack_ipv4
job:
kafka_logs_cleanup:
- command: "find ${_param:opencontrail_kafka_log_cleanup_dir} -name '*.log.*' -type f -mtime ${_param:opencontrail_kafka_log_cleanup_mtime} -exec rm {} \\;"
+ command: "find ${_param:opencontrail_kafka_log_dir} -name '*.log.*' -type f -mtime ${_param:opencontrail_kafka_log_cleanup_mtime} -exec rm {} \\;"
identifier: kafka_logs_cleanup
hour: 0
minute: 0
diff --git a/opencontrail/control/cluster4_0.yml b/opencontrail/control/cluster4_0.yml
index 381a0d2..5914c50 100644
--- a/opencontrail/control/cluster4_0.yml
+++ b/opencontrail/control/cluster4_0.yml
@@ -6,8 +6,9 @@
- system.haproxy.proxy.listen.opencontrail.analytics
parameters:
_param:
+ opencontrail_kafka_config_dir: '/usr/share/kafka/config'
opencontrail_kafka_log_cleanup_mtime: '+7'
- opencontrail_kafka_log_cleanup_dir: '/usr/share/kafka/logs/'
+ opencontrail_kafka_log_dir: '/usr/share/kafka/logs'
opencontrail_version: 4.0
linux_repo_contrail_component: oc40
opencontrail_image_tag: latest
@@ -31,7 +32,7 @@
- nf_conntrack_ipv4
job:
kafka_logs_cleanup:
- command: "find ${_param:opencontrail_kafka_log_cleanup_dir} -name '*.log.*' -type f -mtime ${_param:opencontrail_kafka_log_cleanup_mtime} -exec rm {} \\;"
+ command: "find ${_param:opencontrail_kafka_log_dir} -name '*.log.*' -type f -mtime ${_param:opencontrail_kafka_log_cleanup_mtime} -exec rm {} \\;"
identifier: kafka_logs_cleanup
hour: 0
minute: 0
@@ -179,10 +180,10 @@
- /var/lib/analyticsdb:/var/lib/cassandra
- /var/lib/analyticsdb_zookeeper_data:/var/lib/zookeeper
- /var/lib/zookeeper/myid:/var/lib/zookeeper/myid
- - /usr/share/kafka/config/server.properties:/usr/share/kafka/config/server.properties
- - /usr/share/kafka/config/consumer.properties:/usr/share/kafka/config/consumer.properties
- - /usr/share/kafka/config/zookeeper.properties:/usr/share/kafka/config/zookeeper.properties
- - /usr/share/kafka/logs:/usr/share/kafka/logs
+ - ${_param:opencontrail_kafka_config_dir}/server.properties:${_param:opencontrail_kafka_config_dir}/server.properties
+ - ${_param:opencontrail_kafka_config_dir}/consumer.properties:${_param:opencontrail_kafka_config_dir}/consumer.properties
+ - ${_param:opencontrail_kafka_config_dir}/zookeeper.properties:${_param:opencontrail_kafka_config_dir}/zookeeper.properties
+ - ${_param:opencontrail_kafka_log_dir}:${_param:opencontrail_kafka_log_dir}
- /etc/zookeeper/conf/zoo_analytics.cfg:/etc/zookeeper/conf/zoo.cfg
- /etc/zookeeper/conf/log4j.properties:/etc/zookeeper/conf/log4j.properties
- /var/log/contrail:/var/log/contrail
diff --git a/opencontrail/control/cluster4_0_k8s.yml b/opencontrail/control/cluster4_0_k8s.yml
index cb9ce4f..5564ccf 100644
--- a/opencontrail/control/cluster4_0_k8s.yml
+++ b/opencontrail/control/cluster4_0_k8s.yml
@@ -6,7 +6,7 @@
parameters:
_param:
opencontrail_kafka_log_cleanup_mtime: '+7'
- opencontrail_kafka_log_cleanup_dir: '/usr/share/kafka/logs/'
+ opencontrail_kafka_log_dir: '/usr/share/kafka/logs'
opencontrail_version: 4.0
linux_repo_contrail_component: oc40
opencontrail_image_tag: latest
@@ -30,7 +30,7 @@
- nf_conntrack_ipv4
job:
kafka_logs_cleanup:
- command: "find ${_param:opencontrail_kafka_log_cleanup_dir} -name '*.log.*' -type f -mtime ${_param:opencontrail_kafka_log_cleanup_mtime} -exec rm {} \\;"
+ command: "find ${_param:opencontrail_kafka_log_dir} -name '*.log.*' -type f -mtime ${_param:opencontrail_kafka_log_cleanup_mtime} -exec rm {} \\;"
identifier: kafka_logs_cleanup
hour: 0
minute: 0
diff --git a/opencontrail/control/single.yml b/opencontrail/control/single.yml
index 2ba745b..ef798bd 100644
--- a/opencontrail/control/single.yml
+++ b/opencontrail/control/single.yml
@@ -4,7 +4,7 @@
parameters:
_param:
opencontrail_kafka_log_cleanup_mtime: '+7'
- opencontrail_kafka_log_cleanup_dir: '/usr/share/kafka/logs/'
+ opencontrail_kafka_log_dir: '/usr/share/kafka/logs'
# Temprorary fix for MOS9 packages to pin old version of kafka
linux:
system:
@@ -20,7 +20,7 @@
- nf_conntrack_ipv4
job:
kafka_logs_cleanup:
- command: "find ${_param:opencontrail_kafka_log_cleanup_dir} -name '*.log.*' -type f -mtime ${_param:opencontrail_kafka_log_cleanup_mtime} -exec rm {} \\;"
+ command: "find ${_param:opencontrail_kafka_log_dir} -name '*.log.*' -type f -mtime ${_param:opencontrail_kafka_log_cleanup_mtime} -exec rm {} \\;"
identifier: kafka_logs_cleanup
hour: 0
minute: 0
diff --git a/opencontrail/control/single4_0.yml b/opencontrail/control/single4_0.yml
index 779d8d0..9857221 100644
--- a/opencontrail/control/single4_0.yml
+++ b/opencontrail/control/single4_0.yml
@@ -4,8 +4,9 @@
- service.haproxy.proxy.single
parameters:
_param:
+ opencontrail_kafka_config_dir: '/usr/share/kafka/config'
opencontrail_kafka_log_cleanup_mtime: '+7'
- opencontrail_kafka_log_cleanup_dir: '/usr/share/kafka/logs/'
+ opencontrail_kafka_log_dir: '/usr/share/kafka/logs'
opencontrail_version: 4.0
linux_repo_contrail_component: oc40
opencontrail_image_tag: latest
@@ -26,7 +27,7 @@
- nf_conntrack_ipv4
job:
kafka_logs_cleanup:
- command: "find ${_param:opencontrail_kafka_log_cleanup_dir} -name '*.log.*' -type f -mtime ${_param:opencontrail_kafka_log_cleanup_mtime} -exec rm {} \\;"
+ command: "find ${_param:opencontrail_kafka_log_dir} -name '*.log.*' -type f -mtime ${_param:opencontrail_kafka_log_cleanup_mtime} -exec rm {} \\;"
identifier: kafka_logs_cleanup
hour: 0
minute: 0
@@ -198,10 +199,10 @@
- /var/lib/analyticsdb:/var/lib/cassandra
- /var/lib/analyticsdb_zookeeper_data:/var/lib/zookeeper
- /var/lib/zookeeper/myid:/var/lib/zookeeper/myid
- - /usr/share/kafka/config/server.properties:/usr/share/kafka/config/server.properties
- - /usr/share/kafka/config/consumer.properties:/usr/share/kafka/config/consumer.properties
- - /usr/share/kafka/config/zookeeper.properties:/usr/share/kafka/config/zookeeper.properties
- - /usr/share/kafka/logs:/usr/share/kafka/logs
+ - ${_param:opencontrail_kafka_config_dir}/server.properties:${_param:opencontrail_kafka_config_dir}/server.properties
+ - ${_param:opencontrail_kafka_config_dir}/consumer.properties:${_param:opencontrail_kafka_config_dir}/consumer.properties
+ - ${_param:opencontrail_kafka_config_dir}/zookeeper.properties:${_param:opencontrail_kafka_config_dir}/zookeeper.properties
+ - ${_param:opencontrail_kafka_log_dir}:${_param:opencontrail_kafka_log_dir}
- /etc/zookeeper/conf/zoo_analytics.cfg:/etc/zookeeper/conf/zoo.cfg
- /etc/zookeeper/conf/log4j.properties:/etc/zookeeper/conf/log4j.properties
- /var/log/contrail:/var/log/contrail
diff --git a/openssh/server/team/members/vnaumov.yml b/openssh/server/team/members/vnaumov.yml
index f46cd1d..2805e2c 100644
--- a/openssh/server/team/members/vnaumov.yml
+++ b/openssh/server/team/members/vnaumov.yml
@@ -15,5 +15,5 @@
vnaumov:
enabled: true
public_keys:
- - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDno7VX9jiveRCF7d1C/FK24WLZwCArdrBBOQ1uHqpkUfUYtG6vrYgt/K2n2FXoX55lbeoJAwuNC9HviaY+vQAekCI4W2s02iD+j/GRUwitpv+lJZXSmt/q2PgLz3OFUIsJV0EwyNl+bexM4+2jYTmHeDMrXAsHL4I2GUv5sFycA11UhxZ/Qm2QMKlRZhje/IJieX9u2BhgYuPYffASVl4AhwtDagYdqquwUXrfu/dQRt/U9w0Di9alApcyPqiW9LbXUgwha1G9+ScQnxmp8WvmaV8YR+nf2OFxQHvOZPYjCzniRnYpaQUMeUAkJKxDwqR1dAKYnaQY5TfXtFwfzsjN vnaumov@vnaumov
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDqP7Tzblm0G34kdnW0rbTc4dqJlFq0bVCwiuCadbVgLU0/u6mo48gmejKU2svr4wSKUsAu8Z6bbxqoHz8bpIhABvJkENgkafDR7MC8BUEdUqjw54QRVZ987pVb5f8cyJsbu2jr0F+5B3q0mAujxjCCWRUg9oPiojduD9XJ7+zGv98oREQOpElqVHe05NoZ+cYN6ld/Ye23NltJAnWnJx/W46UnyPpM+5OA1vW9NLLn2CIs9Dj0bsmIVBbUYMTgQtpwPoXcx/UBt1QhK7CJ7pT8UyIS6eoW6F6WdFw8f0sS+pKYzIvyDjKzyrJtcKyfFg5Ca8vtUNEzQM6ARUq7gBGl vnaumov@mirantis.com
user: ${linux:system:user:vnaumov}
diff --git a/salt/master/single.yml b/salt/master/single.yml
index fbb32f2..25eaf56 100644
--- a/salt/master/single.yml
+++ b/salt/master/single.yml
@@ -17,4 +17,8 @@
command_timeout: 10
peer:
'.*':
- - x509.sign_remote_certificate
\ No newline at end of file
+ - x509.sign_remote_certificate
+ ext_pillars:
+ 100_gpg_pillar_renderer:
+ module: gpg
+ params: {}
diff --git a/salt/minion/cert/k8s_client.yml b/salt/minion/cert/k8s_client.yml
index 5f065d5..ff7dabf 100644
--- a/salt/minion/cert/k8s_client.yml
+++ b/salt/minion/cert/k8s_client.yml
@@ -12,6 +12,16 @@
organization_name: system:nodes
signing_policy: cert_client
alternative_names: IP:${_param:kubernetes_control_address},IP:${_param:kubernetes_control_node01_address},IP:${_param:kubernetes_control_node02_address},IP:${_param:kubernetes_control_node03_address},IP:${_param:kubernetes_internal_api_address}
+ k8s_client_fqdn:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kubelet-client-fqdn.key
+ cert_file: /etc/kubernetes/ssl/kubelet-client-fqdn.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:node:${linux:system:name}.${_param:cluster_domain}
+ organization_name: system:nodes
+ signing_policy: cert_client
+ alternative_names: IP:${_param:kubernetes_control_address},IP:${_param:kubernetes_control_node01_address},IP:${_param:kubernetes_control_node02_address},IP:${_param:kubernetes_control_node03_address},IP:${_param:kubernetes_internal_api_address}
k8s_proxy:
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
diff --git a/salt/minion/cert/k8s_client_single.yml b/salt/minion/cert/k8s_client_single.yml
index a4302a3..a2f3d89 100644
--- a/salt/minion/cert/k8s_client_single.yml
+++ b/salt/minion/cert/k8s_client_single.yml
@@ -12,6 +12,16 @@
organization_name: system:nodes
signing_policy: cert_client
alternative_names: IP:${_param:kubernetes_control_address},IP:${_param:kubernetes_internal_api_address}
+ k8s_client_fqdn:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kubelet-client-fqdn.key
+ cert_file: /etc/kubernetes/ssl/kubelet-client-fqdn.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:node:${linux:system:name}.${_param:cluster_domain}
+ organization_name: system:nodes
+ signing_policy: cert_client
+ alternative_names: IP:${_param:kubernetes_control_address},IP:${_param:kubernetes_internal_api_address}
k8s_proxy:
host: ${_param:salt_minion_ca_host}
authority: ${_param:salt_minion_ca_authority}
diff --git a/salt/minion/cert/octavia/image_sign.yml b/salt/minion/cert/octavia/image_sign.yml
index 2e67a02..ad7cfd0 100644
--- a/salt/minion/cert/octavia/image_sign.yml
+++ b/salt/minion/cert/octavia/image_sign.yml
@@ -1,17 +1,15 @@
-classes:
-- system.salt.minion.cert.octavia
parameters:
_param:
+ salt_minion_ca_authority: salt_master_ca
octavia_image_cert_key: /etc/octavia/certs/image.key
octavia_image_cert_file: /etc/octavia/certs/image.crt
salt:
minion:
cert:
octavia:
- host: ${_param:octavia_ca_host}
- authority: octavia_ca
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
common_name: octavia
signing_policy: cert_server
- key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
key_file: ${_param:octavia_image_cert_key}
cert_file: ${_param:octavia_image_cert_file}
\ No newline at end of file