Merge "Refactor apt_mirantis/elastic"

commit: d07141d67b116030e52c1e83ef42807246f4e030 [log] [tgz]
author: mcp-jenkins <mcp-jenkins@mirantis.com> Fri Sep 28 11:27:24 2018 +0000
committer: Gerrit Code Review <gerrit2@84b5d06f6116> Fri Sep 28 11:27:24 2018 +0000
tree: 54e10764432a66f66933260732f9eb8b2e0e4351
parent: e1c5e254db526548034d6088f4890a90e3a851fc [diff]
parent: c80dca133fd61fdb37c980553dc89826cf04a895 [diff]
diff --git a/apache/server/proxy/openstack/oadh.yml b/apache/server/proxy/openstack/oadh.yml
new file mode 100644
index 0000000..d8ae2eb
--- /dev/null
+++ b/apache/server/proxy/openstack/oadh.yml

@@ -0,0 +1,25 @@
+parameters:
+  _param:
+    apache_ssl:
+      enabled: false
+    apache_proxy_ssl: ${_param:apache_ssl}
+    apache_proxy_openstack_api_host: ${_param:cluster_public_host}
+    apache_proxy_openstack_api_address: 0.0.0.0
+    apache_proxy_openstack_aodh_host: ${_param:aodh_service_host}
+  apache:
+    server:
+      enabled: true
+      site:
+        apache_proxy_openstack_api_aodh:
+          enabled: true
+          type: proxy
+          name: openstack_api_aodh
+          proxy:
+            host: ${_param:apache_proxy_openstack_aodh_host}
+            port: 8042
+            protocol: http
+          host:
+            name: ${_param:apache_proxy_openstack_api_host}
+            port: 8042
+            address: ${_param:apache_proxy_openstack_api_address}
+          ssl: ${_param:apache_proxy_ssl}

diff --git a/horizon/server/plugin/octavia.yml b/horizon/server/plugin/octavia.yml
new file mode 100644
index 0000000..2dd5c69
--- /dev/null
+++ b/horizon/server/plugin/octavia.yml

@@ -0,0 +1,9 @@
+parameters:
+  horizon:
+    server:
+      plugin:
+        octavia-dashboard:
+          source:
+            engine: pkg
+            name: python-octavia-dashboard
+

diff --git a/jenkins/client/job/oscore/tests.yml b/jenkins/client/job/oscore/tests.yml
index bccb9b7..c082306 100644
--- a/jenkins/client/job/oscore/tests.yml
+++ b/jenkins/client/job/oscore/tests.yml

@@ -99,6 +99,11 @@
               OPENSTACK_API_VERSION:
                 type: string
                 default: "3"
+              # security test
+              RUN_SECURITY_CHECK:
+                type: boolean
+                description: Whether to run Openscap XCCDF evaluation
+                default: 'false'
               # test
               TEST_CONF:
                 type: string
@@ -682,7 +687,7 @@
             trigger:
               gerrit:
                 project:
-                  "^salt-formulas/(nova|cinder|glance|keystone|horizon|neutron|designate|heat|ironic|barbican|aodh|ceilometer|gnocchi|panko|manila|salt|linux|reclass|galera|memcached|rabbitmq|bind|apache|runtest|oslo-templates|auditd|octavia)$":
+                  "^salt-formulas/(nova|cinder|glance|keystone|horizon|neutron|designate|heat|ironic|barbican|aodh|ceilometer|gnocchi|panko|manila|salt|linux|reclass|galera|memcached|rabbitmq|bind|apache|runtest|oslo-templates|auditd|octavia|openscap)$":
                     compare_type: 'REG_EXP'
                     branches:
                       - master

diff --git a/manila/common/cluster.yml b/manila/common/cluster.yml
index 9ea811e..ad1254b 100644
--- a/manila/common/cluster.yml
+++ b/manila/common/cluster.yml

@@ -1,7 +1,5 @@
 classes:
 - service.manila.common.cluster
-- service.haproxy.proxy.single
-- system.haproxy.proxy.listen.openstack.manila
 - system.salt.minion.cert.mysql.clients.openstack.manila
 - system.salt.minion.cert.rabbitmq.clients.openstack.manila
 parameters:
@@ -12,6 +10,7 @@
     openstack_rabbitmq_x509_enabled: False
     rabbitmq_ssl_enabled: False
     openstack_rabbitmq_port: 5672
+    cluster_internal_protocol: 'http'
   manila:
     common:
       version: ${_param:openstack_version}
@@ -54,4 +53,4 @@
         auth_type: password
         user_domain_id: default
         project_domain_id: default
-        protocol: 'http'
+        protocol: ${_param:cluster_internal_protocol}

diff --git a/manila/common/single.yml b/manila/common/single.yml
index f984ab7..c5a6f97 100644
--- a/manila/common/single.yml
+++ b/manila/common/single.yml

@@ -9,6 +9,7 @@
     openstack_rabbitmq_x509_enabled: False
     rabbitmq_ssl_enabled: False
     openstack_rabbitmq_port: 5672
+    cluster_internal_protocol: 'http'
   manila:
     common:
       version: ${_param:openstack_version}
@@ -51,4 +52,4 @@
         auth_type: password
         user_domain_id: default
         project_domain_id: default
-        protocol: 'http'
+        protocol: ${_param:cluster_internal_protocol}

diff --git a/manila/control/cluster.yml b/manila/control/cluster.yml
index 7ea128b..75b6f76 100644
--- a/manila/control/cluster.yml
+++ b/manila/control/cluster.yml

@@ -1,7 +1,8 @@
 classes:
- - system.manila.common.cluster
- - system.apache.server.site.manila
- - system.haproxy.proxy.listen.openstack.manila
+  - service.haproxy.proxy.single
+  - system.manila.common.cluster
+  - system.apache.server.site.manila
+  - system.haproxy.proxy.listen.openstack.manila
 parameters:
   manila:
     common:

diff --git a/manila/share/init.yml b/manila/share/init.yml
index 2c6558e..346bfcd 100644
--- a/manila/share/init.yml
+++ b/manila/share/init.yml

@@ -1,5 +1,5 @@
 classes:
- - service.manila.common.cluster
+  - system.manila.common.cluster
 parameters:
   manila:
     common:

diff --git a/nova/compute/libvirt/ssl/init.yml b/nova/compute/libvirt/ssl/init.yml
index 9931cbd..87742e0 100644
--- a/nova/compute/libvirt/ssl/init.yml
+++ b/nova/compute/libvirt/ssl/init.yml

@@ -4,6 +4,7 @@
   nova:
     compute:
       libvirt:
+        uri: qemu+tls://${linux:system:name}.${_param:cluster_domain}/system
         tls:
           enabled: True
           key_file: ${_param:libvirtd_server_ssl_key_file}

diff --git a/openssh/server/team/members/dteselkin.yml b/openssh/server/team/members/dteselkin.yml
new file mode 100644
index 0000000..3ddc751
--- /dev/null
+++ b/openssh/server/team/members/dteselkin.yml

@@ -0,0 +1,20 @@
+parameters:
+  linux:
+    system:
+      user:
+        dteselkin:
+          enabled: true
+          name: dteselkin
+          sudo: ${_param:linux_system_user_sudo}
+          full_name: Dmitry Teselkin
+          home: /home/dteselkin
+          email: dteselkin@mirantis.com
+  openssh:
+    server:
+      enabled: true
+      user:
+        dteselkin:
+          enabled: true
+          public_keys:
+            - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCxE+TvswmBZP8xIz4DRlyrQV6CEk1ZDCc8vXT8yYB2VgW7PpYt6ukuV+UjUp18/51JBKbxJIGplF4i1rgEvKX/kfi/FWM3uiqPq9ivLzuykIGiRccsU3kzIntIec7WDDcJeo/P4r5eXWhI+idMvcfLcxCLbN1OKZfBllhagv8oUrWLVCPaPvcWXxUQ8gvylP3Mk+G/OtaTJSk0udG2S4vh1Rg+TU7x8RHV0q8P8LPz19pvWQu5yWbeKd4FbKGUNx9eBqdGR6+nsfpjJZWeeSkUT9C77ihkMtIGJ7EacNYbgYhtIKZeBrfJcw+M1JTXdd8quwVPSA46D4xldQZ7aM7t
+          user: ${linux:system:user:dteselkin}

diff --git a/openssh/server/team/oscore_devops.yml b/openssh/server/team/oscore_devops.yml
index 5ba280a..ce7bddd 100644
--- a/openssh/server/team/oscore_devops.yml
+++ b/openssh/server/team/oscore_devops.yml

@@ -13,6 +13,7 @@
 - system.openssh.server.team.members.oshyshko
 - system.openssh.server.team.members.pshchelo
 - system.openssh.server.team.members.obryndzii
+- system.openssh.server.team.members.dteselkin
 parameters:
   _param:
     linux_system_user_sudo: true

diff --git a/salt/minion/cert/libvirtd/client.yml b/salt/minion/cert/libvirtd/client.yml
index bf0ce83..31c1b32 100644
--- a/salt/minion/cert/libvirtd/client.yml
+++ b/salt/minion/cert/libvirtd/client.yml

@@ -18,4 +18,7 @@
           key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
           key_file: ${_param:libvirtd_client_ssl_key_file}
           cert_file: ${_param:libvirtd_client_ssl_cert_file}
-          ca_file: ${_param:libvirtd_ssl_ca_file}
\ No newline at end of file
+          ca_file: ${_param:libvirtd_ssl_ca_file}
+          user: root
+          group: nova
+          mode: 640

diff --git a/salt/minion/cert/libvirtd/server.yml b/salt/minion/cert/libvirtd/server.yml
index 9080672..b091d86 100644
--- a/salt/minion/cert/libvirtd/server.yml
+++ b/salt/minion/cert/libvirtd/server.yml

@@ -18,4 +18,7 @@
           key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
           key_file: ${_param:libvirtd_server_ssl_key_file}
           cert_file: ${_param:libvirtd_server_ssl_cert_file}
-          ca_file: ${_param:libvirtd_ssl_ca_file}
\ No newline at end of file
+          ca_file: ${_param:libvirtd_ssl_ca_file}
+          user: root
+          group: nova
+          mode: 640
commit	d07141d67b116030e52c1e83ef42807246f4e030	[log] [tgz]
author	mcp-jenkins <mcp-jenkins@mirantis.com>	Fri Sep 28 11:27:24 2018 +0000
committer	Gerrit Code Review <gerrit2@84b5d06f6116>	Fri Sep 28 11:27:24 2018 +0000
tree	54e10764432a66f66933260732f9eb8b2e0e4351
parent	e1c5e254db526548034d6088f4890a90e3a851fc [diff]
parent	c80dca133fd61fdb37c980553dc89826cf04a895 [diff]