Merge "Rename salt -> saltstack repository to fix inconsistency with image"
diff --git a/docker/host.yml b/docker/host.yml
index 7e5fb8c..c3cc808 100644
--- a/docker/host.yml
+++ b/docker/host.yml
@@ -10,3 +10,6 @@
insecure_registries:
- ${_param:cluster_vip_address}:5000
- ${_param:cluster_public_host}:5000
+ options:
+ ipv6: true
+ fixed-cidr-v6: fc00::/7
diff --git a/fluentd/label/default_output/file.yml b/fluentd/label/default_output/file.yml
new file mode 100644
index 0000000..5e0050d
--- /dev/null
+++ b/fluentd/label/default_output/file.yml
@@ -0,0 +1,27 @@
+parameters:
+ _param:
+ fluentd_default_output_file: /var/log/td-agent/default-all.log
+ fluentd:
+ config:
+ dollar: '$'
+ label:
+ default_output:
+ filter:
+ add_general_fields:
+ tag: "**"
+ type: record_transformer
+ enable_ruby: true
+ record:
+ - name: Type
+ value: log
+ - name: environment_label
+ value: ${_param:cluster_domain}
+ - name: Hostname
+ value: ${fluentd:config:dollar}{ hostname }
+ - name: Timestamp
+ value: ${fluentd:config:dollar}{ time.strftime('%Y-%m-%dT%H:%M:%S%z') }
+ match:
+ everything:
+ tag: '**'
+ type: 'file'
+ path: ${_param:fluentd_default_output_file}
diff --git a/jenkins/client/job/debian/packages/salt.yml b/jenkins/client/job/debian/packages/salt.yml
index 79fa3ca..74665e7 100644
--- a/jenkins/client/job/debian/packages/salt.yml
+++ b/jenkins/client/job/debian/packages/salt.yml
@@ -296,6 +296,9 @@
- name: telegraf
upload_source_package: false
dist: trusty
+ - name: tinyproxy
+ upload_source_package: false
+ dist: trusty
- name: tftpd-hpa
upload_source_package: false
dist: trusty
@@ -609,6 +612,7 @@
upload_source_package: true
dist: xenial
- name: tinyproxy
+ upload_source_package: true
dist: xenial
- name: tftpd-hpa
upload_source_package: true
diff --git a/jenkins/client/job/deploy/update/upgrade.yml b/jenkins/client/job/deploy/update/upgrade.yml
index efbd153..415e0b4 100644
--- a/jenkins/client/job/deploy/update/upgrade.yml
+++ b/jenkins/client/job/deploy/update/upgrade.yml
@@ -35,3 +35,7 @@
type: boolean
default: 'true'
description: "Rollback if control upgrade fails"
+ SKIP_VM_RELAUNCH:
+ type: boolean
+ default: 'false'
+ description: "Set to true if vms should not be recreated"
diff --git a/jenkins/client/job/oscore/init.yml b/jenkins/client/job/oscore/init.yml
index 171ff6e..fc06d59 100644
--- a/jenkins/client/job/oscore/init.yml
+++ b/jenkins/client/job/oscore/init.yml
@@ -1,5 +1,6 @@
classes:
- system.jenkins.client.job.oscore.tests
+ - system.jenkins.client.job.oscore.qa
parameters:
jenkins:
client:
@@ -7,4 +8,4 @@
"OSCORE":
enabled: true
type: ListView
- include_regex: "^oscore-.*"
\ No newline at end of file
+ include_regex: "^oscore-.*"
diff --git a/jenkins/client/job/oscore/qa.yml b/jenkins/client/job/oscore/qa.yml
new file mode 100644
index 0000000..908df5a
--- /dev/null
+++ b/jenkins/client/job/oscore/qa.yml
@@ -0,0 +1,48 @@
+parameters:
+ jenkins:
+ client:
+ job:
+ oscore-build-docker-image:
+ name: "{{job_prefix}}-{{oscore-qa-project}}-build-docker-image"
+ template:
+ discard:
+ build:
+ keep_num: 25
+ artifact:
+ keep_num: 25
+ type: workflow-scm
+ concurrent: true
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/openstack-ci/openstack-pipelines.git"
+ credentials: "gerrit"
+ branch: 'master'
+ script: build-docker-image-pipeline.groovy
+ trigger:
+ gerrit:
+ project:
+ mcp/{{oscore-qa-project}}:
+ branches:
+ - master
+ event:
+ change:
+ - merged
+ param:
+ GIT_URL:
+ type: string
+ default: "ssh://mcp-ci-gerrit@gerrit.mcp.mirantis.net:29418/mcp/{{oscore-qa-project}}"
+ GIT_REF:
+ type: string
+ default: "master"
+ GIT_CREDS_ID:
+ type: string
+ default: "mcp-ci-gerrit"
+ IMAGE_NAME:
+ type: string
+ default: "mirantis/oscore/{{oscore-qa-project}}"
+ IMAGE_TAG:
+ type: string
+ default: "latest"
+ DOCKER_REGISTRY:
+ type: string
+ default: "docker-prod-local.docker.mirantis.net"
diff --git a/jenkins/client/job/salt-formulas/git-mirrors/2way.yml b/jenkins/client/job/salt-formulas/git-mirrors/2way.yml
index 90a96a0..2de63a5 100644
--- a/jenkins/client/job/salt-formulas/git-mirrors/2way.yml
+++ b/jenkins/client/job/salt-formulas/git-mirrors/2way.yml
@@ -223,6 +223,8 @@
branches: ${_param:salt_formulas_branches}
- name: telegraf
branches: ${_param:salt_formulas_branches}
+ - name: tinyproxy
+ branches: ${_param:salt_formulas_branches}
- name: varnish
branches: ${_param:salt_formulas_branches}
- name: xtrabackup
diff --git a/jenkins/client/job/salt-formulas/tests.yml b/jenkins/client/job/salt-formulas/tests.yml
index 236e4d6..aa5208b 100644
--- a/jenkins/client/job/salt-formulas/tests.yml
+++ b/jenkins/client/job/salt-formulas/tests.yml
@@ -114,6 +114,7 @@
- name: supervisor
- name: swift
- name: taiga
+ - name: tinyproxy
- name: telegraf
- name: tftpd-hpa
- name: varnish
diff --git a/nginx/server/proxy/graphite_web.yml b/nginx/server/proxy/graphite_web.yml
index 02035cd..2f3e1e8 100644
--- a/nginx/server/proxy/graphite_web.yml
+++ b/nginx/server/proxy/graphite_web.yml
@@ -8,7 +8,7 @@
type: nginx_proxy
name: graphite
proxy:
- host: mon
+ host: ${_param:stacklight_monitor_hostname}
port: 80
protocol: http
host:
diff --git a/nginx/server/proxy/infra/sphinx.yml b/nginx/server/proxy/infra/sphinx.yml
index 5f733ac..b7bbfc1 100644
--- a/nginx/server/proxy/infra/sphinx.yml
+++ b/nginx/server/proxy/infra/sphinx.yml
@@ -8,7 +8,7 @@
type: nginx_proxy
name: sphinx
proxy:
- host: prx
+ host: ${_param:openstack_proxy_hostname}
port: 8090
protocol: http
host:
diff --git a/nginx/server/proxy/sensu_web.yml b/nginx/server/proxy/sensu_web.yml
index e06120d..c250a49 100644
--- a/nginx/server/proxy/sensu_web.yml
+++ b/nginx/server/proxy/sensu_web.yml
@@ -8,7 +8,7 @@
type: nginx_proxy
name: sensu
proxy:
- host: mon
+ host: ${_param:stacklight_monitor_hostname}
port: 3000
protocol: http
host:
diff --git a/nginx/server/proxy/sphinx_web.yml b/nginx/server/proxy/sphinx_web.yml
index 5f733ac..b7bbfc1 100644
--- a/nginx/server/proxy/sphinx_web.yml
+++ b/nginx/server/proxy/sphinx_web.yml
@@ -8,7 +8,7 @@
type: nginx_proxy
name: sphinx
proxy:
- host: prx
+ host: ${_param:openstack_proxy_hostname}
port: 8090
protocol: http
host:
diff --git a/nova/compute/cluster.yml b/nova/compute/cluster.yml
index 5d0e6a1..e8b29cc 100644
--- a/nova/compute/cluster.yml
+++ b/nova/compute/cluster.yml
@@ -1,5 +1,6 @@
classes:
- service.nova.compute.kvm
+- service.iptables.server
parameters:
_param:
nova_vncproxy_url: https://${_param:cluster_public_host}:6080
@@ -94,3 +95,15 @@
public_key: ${_param:nova_compute_ssh_public}
private_key: ${_param:nova_compute_ssh_private}
my_ip: ${_param:single_address}
+ libvirt:
+ uri: qemu+unix:///system?socket=/var/run/libvirt/libvirt-sock
+ iptables:
+ service:
+ enabled: true
+ chain:
+ INPUT:
+ rules:
+ # deny any connections to libvirt port
+ - destination_port: 16509
+ protocol: tcp
+ jump: DROP
\ No newline at end of file
diff --git a/nova/compute/single.yml b/nova/compute/single.yml
index b915145..d5126df 100644
--- a/nova/compute/single.yml
+++ b/nova/compute/single.yml
@@ -2,6 +2,7 @@
- nova
classes:
- service.nova.compute.kvm
+- service.iptables.server
parameters:
_param:
nova_vncproxy_url: https://${_param:cluster_public_host}:6080
@@ -90,3 +91,15 @@
public_key: ${_param:nova_compute_ssh_public}
private_key: ${_param:nova_compute_ssh_private}
my_ip: ${_param:single_address}
+ libvirt:
+ uri: qemu+unix:///system?socket=/var/run/libvirt/libvirt-sock
+ iptables:
+ service:
+ enabled: true
+ chain:
+ INPUT:
+ rules:
+ # deny any connections to libvirt port
+ - destination_port: 16509
+ protocol: tcp
+ jump: DROP
\ No newline at end of file
diff --git a/salt/master/formula/pkg/foundation.yml b/salt/master/formula/pkg/foundation.yml
index 3111419..5d530d4 100644
--- a/salt/master/formula/pkg/foundation.yml
+++ b/salt/master/formula/pkg/foundation.yml
@@ -34,3 +34,6 @@
lldp:
source: pkg
name: salt-formula-lldp
+ tinyproxy:
+ source: pkg
+ name: salt-formula-tinyproxy