Merge "Added new params for fluentd&telegraf under kubernetes"
diff --git a/cinder/control/cluster.yml b/cinder/control/cluster.yml
index b5d6862..5bc5c75 100644
--- a/cinder/control/cluster.yml
+++ b/cinder/control/cluster.yml
@@ -3,9 +3,12 @@
- service.haproxy.proxy.single
- service.keepalived.cluster.single
- system.haproxy.proxy.listen.openstack.cinder
+- system.salt.minion.cert.mysql.clients.openstack.cinder
parameters:
_param:
cluster_internal_protocol: 'http'
+ openstack_mysql_x509_enabled: False
+ galera_ssl_enabled: False
linux:
system:
package:
@@ -35,6 +38,13 @@
name: cinder
user: cinder
password: ${_param:mysql_cinder_password}
+ x509:
+ enabled: ${_param:openstack_mysql_x509_enabled}
+ ca_file: ${_param:mysql_cinder_ssl_ca_file}
+ key_file: ${_param:mysql_cinder_client_ssl_key_file}
+ cert_file: ${_param:mysql_cinder_client_ssl_cert_file}
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
identity:
engine: keystone
region: ${_param:openstack_region}
diff --git a/cinder/control/single.yml b/cinder/control/single.yml
index 89c5307..f38cfb4 100644
--- a/cinder/control/single.yml
+++ b/cinder/control/single.yml
@@ -1,8 +1,11 @@
classes:
- service.cinder.control.single
+- system.salt.minion.cert.mysql.clients.openstack.cinder
parameters:
_param:
internal_protocol: 'http'
+ openstack_mysql_x509_enabled: False
+ galera_ssl_enabled: False
linux:
system:
package:
@@ -18,6 +21,13 @@
role: ${_param:openstack_node_role}
database:
host: ${_param:single_address}
+ x509:
+ enabled: ${_param:openstack_mysql_x509_enabled}
+ ca_file: ${_param:mysql_cinder_ssl_ca_file}
+ key_file: ${_param:mysql_cinder_client_ssl_key_file}
+ cert_file: ${_param:mysql_cinder_client_ssl_cert_file}
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
identity:
protocol: ${_param:internal_protocol}
region: ${_param:openstack_region}
diff --git a/cinder/volume/local.yml b/cinder/volume/local.yml
index d03d6f7..51c3ba8 100644
--- a/cinder/volume/local.yml
+++ b/cinder/volume/local.yml
@@ -1,11 +1,22 @@
classes:
- service.cinder.volume.local
+- system.salt.minion.cert.mysql.clients.openstack.cinder
parameters:
+ _param:
+ openstack_mysql_x509_enabled: False
+ galera_ssl_enabled: False
cinder:
volume:
enabled: True
database:
host: ${_param:single_address}
+ x509:
+ enabled: ${_param:openstack_mysql_x509_enabled}
+ ca_file: ${_param:mysql_cinder_ssl_ca_file}
+ key_file: ${_param:mysql_cinder_client_ssl_key_file}
+ cert_file: ${_param:mysql_cinder_client_ssl_cert_file}
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
glance:
host: ${_param:single_address}
message_queue:
diff --git a/cinder/volume/single.yml b/cinder/volume/single.yml
index f66a190..f6d4503 100644
--- a/cinder/volume/single.yml
+++ b/cinder/volume/single.yml
@@ -1,8 +1,11 @@
classes:
- service.cinder.volume.single
+- system.salt.minion.cert.mysql.clients.openstack.cinder
parameters:
_param:
cluster_internal_protocol: 'http'
+ openstack_mysql_x509_enabled: False
+ galera_ssl_enabled: False
linux:
system:
package:
@@ -14,6 +17,13 @@
enabled: True
database:
host: ${_param:openstack_database_address}
+ x509:
+ enabled: ${_param:openstack_mysql_x509_enabled}
+ ca_file: ${_param:mysql_cinder_ssl_ca_file}
+ key_file: ${_param:mysql_cinder_client_ssl_key_file}
+ cert_file: ${_param:mysql_cinder_client_ssl_cert_file}
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
glance:
host: ${_param:openstack_control_address}
protocol: ${_param:cluster_internal_protocol}
diff --git a/galera/server/database/ssl/cinder.yml b/galera/server/database/ssl/cinder.yml
new file mode 100644
index 0000000..24554a7
--- /dev/null
+++ b/galera/server/database/ssl/cinder.yml
@@ -0,0 +1,4 @@
+parameters:
+ _param:
+ mysql_cinder_ssl_option:
+ - SSL: True
\ No newline at end of file
diff --git a/galera/server/database/x509/cinder.yml b/galera/server/database/x509/cinder.yml
new file mode 100644
index 0000000..38fd75a
--- /dev/null
+++ b/galera/server/database/x509/cinder.yml
@@ -0,0 +1,7 @@
+parameters:
+ _param:
+ mysql_cinder_clietn_ssl_x509_subject: '/C=cz/CN=mysql-cinder-client/L=Prague/O=Mirantis'
+ mysql_cinder_clietn_ssl_x509_issuer: '/C=cz/CN=Salt Master CA/L=Prague/O=Mirantis'
+ mysql_cinder_ssl_option:
+ - SUBJECT: ${_param:mysql_cinder_clietn_ssl_x509_subject}
+ - ISSUER: ${_param:mysql_cinder_clietn_ssl_x509_issuer}
\ No newline at end of file
diff --git a/jenkins/client/job/deploy/update/cloud_update.yml b/jenkins/client/job/deploy/update/cloud_update.yml
index d4a05ec..4482324 100644
--- a/jenkins/client/job/deploy/update/cloud_update.yml
+++ b/jenkins/client/job/deploy/update/cloud_update.yml
@@ -165,3 +165,7 @@
type: boolean
default: 'false'
description: "Run cloud validation pipelines before and after update"
+ MINIONS_TEST_TIMEOUT:
+ type: string
+ default: 10
+ description: "Time in seconds for a Salt result to receive a response when calling a minionsReachable method."
diff --git a/jenkins/client/job/gating.yml b/jenkins/client/job/gating.yml
index 1ed093e..513df82 100644
--- a/jenkins/client/job/gating.yml
+++ b/jenkins/client/job/gating.yml
@@ -44,6 +44,8 @@
compare_type: REG_EXP
branches:
- master
+ - compare_type: ANT
+ name: release/*
skip_vote:
- successful
- failed
diff --git a/jenkins/client/job/oscore/cookiecutter.yml b/jenkins/client/job/oscore/cookiecutter.yml
index bc180b4..5ffe289 100644
--- a/jenkins/client/job/oscore/cookiecutter.yml
+++ b/jenkins/client/job/oscore/cookiecutter.yml
@@ -97,6 +97,8 @@
compare_type: 'REG_EXP'
branches:
- master
+ - compare_type: ANT
+ name: release/*
skip_vote:
- successful
- failed
diff --git a/jenkins/client/job/salt-models/tests.yml b/jenkins/client/job/salt-models/tests.yml
index 81dfd36..983a88b 100644
--- a/jenkins/client/job/salt-models/tests.yml
+++ b/jenkins/client/job/salt-models/tests.yml
@@ -217,6 +217,8 @@
salt-models/{{name}}:
branches:
- master
+ - compare_type: ANT
+ name: release/*
event:
comment:
- addedContains:
@@ -260,6 +262,8 @@
mk/{{cookiecutter_template}}:
branches:
- master
+ - compare_type: ANT
+ name: release/*
event:
comment:
- addedContains:
diff --git a/jenkins/client/job/test_pipelines.yml b/jenkins/client/job/test_pipelines.yml
index c8eaab0..4d661da 100644
--- a/jenkins/client/job/test_pipelines.yml
+++ b/jenkins/client/job/test_pipelines.yml
@@ -35,6 +35,8 @@
"{{repo}}":
branches:
- master
+ - compare_type: ANT
+ name: release/*
event:
patchset:
- created:
diff --git a/nova/control/cluster.yml b/nova/control/cluster.yml
index d202987..2f411b5 100644
--- a/nova/control/cluster.yml
+++ b/nova/control/cluster.yml
@@ -14,6 +14,7 @@
metadata_password: metadataPass
cluster_internal_protocol: 'http'
openstack_mysql_x509_enabled: False
+ galera_ssl_enabled: False
linux:
system:
package:
@@ -48,6 +49,11 @@
password: ${_param:mysql_nova_password}
x509:
enabled: ${_param:openstack_mysql_x509_enabled}
+ ca_file: ${_param:mysql_nova_ssl_ca_file}
+ key_file: ${_param:mysql_nova_client_ssl_key_file}
+ cert_file: ${_param:mysql_nova_client_ssl_cert_file}
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
identity:
engine: keystone
region: ${_param:openstack_region}
diff --git a/nova/control/single.yml b/nova/control/single.yml
index 4cc165d..e7d7671 100644
--- a/nova/control/single.yml
+++ b/nova/control/single.yml
@@ -5,6 +5,7 @@
_param:
cluster_internal_protocol: 'http'
openstack_mysql_x509_enabled: False
+ galera_ssl_enabled: False
linux:
system:
package:
@@ -18,6 +19,11 @@
host: ${_param:single_address}
x509:
enabled: ${_param:openstack_mysql_x509_enabled}
+ ca_file: ${_param:mysql_nova_ssl_ca_file}
+ key_file: ${_param:mysql_nova_client_ssl_key_file}
+ cert_file: ${_param:mysql_nova_client_ssl_cert_file}
+ ssl:
+ enabled: ${_param:galera_ssl_enabled}
identity:
protocol: ${_param:cluster_internal_protocol}
region: ${_param:openstack_region}
diff --git a/octavia/client/init.yml b/octavia/client/init.yml
new file mode 100644
index 0000000..f114e3d
--- /dev/null
+++ b/octavia/client/init.yml
@@ -0,0 +1,2 @@
+classes:
+- service.octavia.client
diff --git a/openssh/server/team/members/pshchelo.yaml b/openssh/server/team/members/pshchelo.yml
similarity index 100%
rename from openssh/server/team/members/pshchelo.yaml
rename to openssh/server/team/members/pshchelo.yml
diff --git a/openssh/server/team/oscore_devops.yml b/openssh/server/team/oscore_devops.yml
index f629d9e..31830fc 100644
--- a/openssh/server/team/oscore_devops.yml
+++ b/openssh/server/team/oscore_devops.yml
@@ -11,6 +11,7 @@
- system.openssh.server.team.members.kkushaev
- system.openssh.server.team.members.sgarbuz
- system.openssh.server.team.members.oshyshko
+- system.openssh.server.team.members.pshchelo
parameters:
_param:
linux_system_user_sudo: true
diff --git a/rabbitmq/server/ssl/init.yml b/rabbitmq/server/ssl/init.yml
new file mode 100644
index 0000000..7fefae7
--- /dev/null
+++ b/rabbitmq/server/ssl/init.yml
@@ -0,0 +1,11 @@
+classes:
+- system.salt.minion.cert.rabbitmq_server
+- service.rabbitmq.server.ssl
+parameters:
+ _param:
+ rabbitmq_ssl_enabled: true
+ rabbitmq_port: 5671 # for non-ssl use 5672 / for ssl 5671
+ rabbitmq:
+ server:
+ ssl:
+ enabled: ${_param:rabbitmq_ssl_enabled}
diff --git a/salt/minion/cert/mysql/clients/openstack/cinder.yml b/salt/minion/cert/mysql/clients/openstack/cinder.yml
new file mode 100644
index 0000000..ec6a77a
--- /dev/null
+++ b/salt/minion/cert/mysql/clients/openstack/cinder.yml
@@ -0,0 +1,27 @@
+parameters:
+ _param:
+ salt_minion_ca_host: cfg01.${_param:cluster_domain}
+ salt_minion_ca_authority: salt_master_ca
+ mysql_cinder_client_ssl_key_file: /etc/pki/mysql-cinder-client/client-key.pem
+ mysql_cinder_client_ssl_cert_file: /etc/pki/mysql-cinder-client/client-cert.pem
+ mysql_cinder_ssl_ca_file: /etc/pki/mysql-cinder-client/ca-cert.pem
+ salt:
+ minion:
+ cert:
+ mysql-cinder-client:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: mysql-cinder-client
+ signing_policy: cert_client
+ alternative_names: >
+ IP:${_param:cluster_local_address},
+ DNS:${_param:cluster_local_address},
+ DNS:${linux:system:name},
+ DNS:${linux:network:fqdn}
+ key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+ key_file: ${_param:mysql_cinder_client_ssl_key_file}
+ cert_file: ${_param:mysql_cinder_client_ssl_cert_file}
+ ca_file: ${_param:mysql_cinder_ssl_ca_file}
+ user: cinder
+ group: cinder
+ mode: 640
\ No newline at end of file