Merge "Add key additional key for user aminasyan"
diff --git a/cinder/control/cluster.yml b/cinder/control/cluster.yml
index 7f8e2d7..286f2ad 100644
--- a/cinder/control/cluster.yml
+++ b/cinder/control/cluster.yml
@@ -52,6 +52,8 @@
user: cinder
password: ${_param:keystone_cinder_password}
protocol: ${_param:cluster_internal_protocol}
+ service_user:
+ enabled: ${_param:cinder_service_user_enabled}
glance:
host: ${_param:cluster_vip_address}
port: 9292
diff --git a/cinder/control/single.yml b/cinder/control/single.yml
index b8f670d..2d662f9 100644
--- a/cinder/control/single.yml
+++ b/cinder/control/single.yml
@@ -31,6 +31,8 @@
identity:
protocol: ${_param:internal_protocol}
region: ${_param:openstack_region}
+ service_user:
+ enabled: ${_param:cinder_service_user_enabled}
barbican:
enabled: ${_param:barbican_integration_enabled}
message_queue:
diff --git a/cinder/volume/local.yml b/cinder/volume/local.yml
index 301946b..e42eef3 100644
--- a/cinder/volume/local.yml
+++ b/cinder/volume/local.yml
@@ -33,6 +33,8 @@
identity:
host: ${_param:single_address}
region: ${_param:openstack_region}
+ service_user:
+ enabled: ${_param:cinder_service_user_enabled}
cache:
security:
enabled: ${_param:cinder_memcache_security_enabled}
diff --git a/cinder/volume/single.yml b/cinder/volume/single.yml
index 9531aa4..a865722 100644
--- a/cinder/volume/single.yml
+++ b/cinder/volume/single.yml
@@ -44,6 +44,8 @@
host: ${_param:openstack_control_address}
protocol: ${_param:cluster_internal_protocol}
region: ${_param:openstack_region}
+ service_user:
+ enabled: ${_param:cinder_service_user_enabled}
cache:
security:
enabled: ${_param:cinder_memcache_security_enabled}
diff --git a/defaults/backup.yml b/defaults/backup.yml
new file mode 100644
index 0000000..66e5173
--- /dev/null
+++ b/defaults/backup.yml
@@ -0,0 +1,7 @@
+parameters:
+ _param:
+ backup_min: "0"
+ backup_hour: "*/12"
+ backup_day_of_month: "*"
+ backup_month: "*"
+ backup_day_of_week: "*"
diff --git a/defaults/docker_images.yml b/defaults/docker_images.yml
index 8207c87..8db61a5 100644
--- a/defaults/docker_images.yml
+++ b/defaults/docker_images.yml
@@ -27,6 +27,7 @@
docker_image_alerta: "${_param:mcp_docker_registry}/mirantis/external/alerta-web:${_param:mcp_version}"
docker_image_alertmanager: "${_param:mcp_docker_registry}/openstack-docker/alertmanager:${_param:mcp_version}"
docker_image_grafana: "${_param:mcp_docker_registry}/openstack-docker/grafana:${_param:mcp_version}"
+ docker_image_prometheus_es_exporter: "${_param:mcp_docker_registry}/mirantis/external/braedon/prometheus-es-exporter:0.5.1"
docker_image_prometheus: "${_param:mcp_docker_registry}/openstack-docker/prometheus:${_param:mcp_version}"
docker_image_prometheus_gainsight: "${_param:mcp_docker_registry}/openstack-docker/gainsight:${_param:mcp_version}"
docker_image_prometheus_gainsight_elasticsearch: "${_param:mcp_docker_registry}/openstack-docker/gainsight_elasticsearch:${_param:mcp_version}"
@@ -134,6 +135,10 @@
- registry: ${_param:mcp_docker_registry}/openstack-docker
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/openstack-docker
name: gainsight_elasticsearch:${_param:mcp_version}
+ - registry: ${_param:mcp_docker_registry}/mirantis/external/braedon
+ target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/mirantis/external/braedon
+ name: prometheus-es-exporter:0.5.1
+
# QA\CVP tool-set's
- registry: ${_param:mcp_docker_registry}/mirantis/oss
target_registry: ${_param:default_local_mirrror_content:docker_client_registry_target_registry}/mirantis/oss
diff --git a/defaults/init.yml b/defaults/init.yml
index 90d5f7f..978671c 100644
--- a/defaults/init.yml
+++ b/defaults/init.yml
@@ -22,6 +22,7 @@
- system.defaults.salt
- system.defaults.stacklight
- system.defaults.xtrabackup
+- system.defaults.backup
parameters:
_param:
mcp_version: stable
@@ -42,6 +43,7 @@
# Other
salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
salt_control_trusty_image_backend: /var/lib/libvirt/images/backends/trusty.qcow2
+ salt_master_api_port: 6969
salt_master_worker_threads: 40
salt_minion_ca_host: cfg01.${_param:cluster_domain}
# Make sure this global variable is defined everywhere, where used it is already set on cluster level
diff --git a/defaults/jenkins.yml b/defaults/jenkins.yml
index 36bcbfb..eddf216 100644
--- a/defaults/jenkins.yml
+++ b/defaults/jenkins.yml
@@ -3,3 +3,4 @@
jenkins_master_port: 8081
jenkins_master_protocol: http
jenkins_pipelines_branch: "master"
+ jenkins_salt_api_url: "http://${_param:salt_master_host}:${_param:salt_master_api_port}"
diff --git a/defaults/linux_system_file.yml b/defaults/linux_system_file.yml
index c37c030..8af3075 100644
--- a/defaults/linux_system_file.yml
+++ b/defaults/linux_system_file.yml
@@ -13,16 +13,23 @@
name: /srv/http/images.mirantis.com/ubuntu-16-04-x64-mcp${_param:mcp_version}.qcow2.md5
source: ${_param:mcp_static_images_url}/ubuntu-16-04-x64-mcp${_param:mcp_version}.qcow2.md5
amphora-x64-haproxy-pike.qcow2:
- source: ${_param:mcp_binary_registry}/mirantis/openstack/octavia/images/${_param:mcp_version}/pike/amphora-x64-haproxy.qcow2
- name: /srv/http/artifactory.mirantis.com/artifactory/binary-prod-local/mirantis/openstack/octavia/images/${_param:mcp_version}/pike/amphora-x64-haproxy.qcow2
- hash: ${_param:mcp_binary_registry}/mirantis/openstack/octavia/images/${_param:mcp_version}/pike/amphora-x64-haproxy.qcow2.md5
+ name: /srv/http/images.mirantis.com/octavia/amphora-x64-haproxy-pike-${_param:mcp_version}.qcow2
+ source: ${_param:mcp_static_images_url}/octavia/amphora-x64-haproxy-pike-${_param:mcp_version}.qcow2
+ hash: ${_param:mcp_static_images_url}/octavia/amphora-x64-haproxy-pike-${_param:mcp_version}.qcow2.md5
amphora-x64-haproxy-pike.qcow2.md5:
- source: ${_param:mcp_binary_registry}/mirantis/openstack/octavia/images/${_param:mcp_version}/pike/amphora-x64-haproxy.qcow2.md5
- name: /srv/http/artifactory.mirantis.com/artifactory/binary-prod-local/mirantis/openstack/octavia/images/${_param:mcp_version}/pike/amphora-x64-haproxy.qcow2.md5
+ name: /srv/http/images.mirantis.com/octavia/amphora-x64-haproxy-pike-${_param:mcp_version}.qcow2.md5
+ source: ${_param:mcp_static_images_url}/octavia/amphora-x64-haproxy-pike-${_param:mcp_version}.qcow2.md5
amphora-x64-haproxy-queens.qcow2:
- source: ${_param:mcp_binary_registry}/mirantis/openstack/octavia/images/${_param:mcp_version}/queens/amphora-x64-haproxy.qcow2
- name: /srv/http/artifactory.mirantis.com/artifactory/binary-prod-local/mirantis/openstack/octavia/images/${_param:mcp_version}/queens/amphora-x64-haproxy.qcow2
- hash: ${_param:mcp_binary_registry}/mirantis/openstack/octavia/images/${_param:mcp_version}/queens/amphora-x64-haproxy.qcow2.md5
+ name: /srv/http/images.mirantis.com/octavia/amphora-x64-haproxy-queens-${_param:mcp_version}.qcow2
+ source: ${_param:mcp_static_images_url}/octavia/amphora-x64-haproxy-queens-${_param:mcp_version}.qcow2
+ hash: ${_param:mcp_static_images_url}/octavia/amphora-x64-haproxy-queens-${_param:mcp_version}.qcow2.md5
amphora-x64-haproxy-queens.qcow2.md5:
- source: ${_param:mcp_binary_registry}/mirantis/openstack/octavia/images/${_param:mcp_version}/queens/amphora-x64-haproxy.qcow2.md5
- name: /srv/http/artifactory.mirantis.com/artifactory/binary-prod-local/mirantis/openstack/octavia/images/${_param:mcp_version}/queens/amphora-x64-haproxy.qcow2.md5
+ name: /srv/http/images.mirantis.com/octavia/amphora-x64-haproxy-queens-${_param:mcp_version}.qcow2.md5
+ source: ${_param:mcp_static_images_url}/octavia/amphora-x64-haproxy-queens-${_param:mcp_version}.qcow2.md5
+ amphora-x64-haproxy-rocky.qcow2:
+ name: /srv/http/images.mirantis.com/octavia/amphora-x64-haproxy-rocky-${_param:mcp_version}.qcow2
+ source: ${_param:mcp_static_images_url}/octavia/amphora-x64-haproxy-rocky-${_param:mcp_version}.qcow2
+ hash: ${_param:mcp_static_images_url}/octavia/amphora-x64-haproxy-rocky-${_param:mcp_version}.qcow2.md5
+ amphora-x64-haproxy-rocky.qcow2.md5:
+ name: /srv/http/images.mirantis.com/octavia/amphora-x64-haproxy-rocky-${_param:mcp_version}.qcow2.md5
+ source: ${_param:mcp_static_images_url}/octavia/amphora-x64-haproxy-rocky-${_param:mcp_version}.qcow2.md5
diff --git a/defaults/openstack/init.yml b/defaults/openstack/init.yml
index 75bb601..8a6db83 100644
--- a/defaults/openstack/init.yml
+++ b/defaults/openstack/init.yml
@@ -13,6 +13,7 @@
openstack_share_service_host: ${_param:openstack_share_service_hostname}.${linux:system:domain}
openstack_kmn_service_host: ${_param:openstack_kmn_service_hostname}.${linux:system:domain}
openstack_telemetry_service_host: ${_param:openstack_telemetry_service_hostname}.${linux:system:domain}
+ openstack_service_user_enabled: True
# SSL
ceilometer_agent_ssl_enabled: False
openstack_mysql_x509_enabled: False
@@ -34,6 +35,7 @@
cinder_old_version: ${_param:openstack_old_version}
cinder_version: ${_param:openstack_version}
cinder_upgrade_enabled: ${_param:openstack_upgrade_enabled}
+ cinder_service_user_enabled: ${_param:openstack_service_user_enabled}
# Nova
nova_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
nova_memcache_secret_key: ''
@@ -41,6 +43,7 @@
nova_version: ${_param:openstack_version}
nova_upgrade_enabled: ${_param:openstack_upgrade_enabled}
nova_instance_build_timeout: 3600
+ nova_service_user_enabled: ${_param:openstack_service_user_enabled}
# Glance
glance_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
glance_memcache_secret_key: ''
@@ -99,6 +102,24 @@
keystone_old_version: ${_param:openstack_old_version}
keystone_version: ${_param:openstack_version}
keystone_upgrade_enabled: ${_param:openstack_upgrade_enabled}
+ # (obryndzii) Rotating keys too frequently, or with ``[fernet_tokens] max_active_keys``
+ # set too low, will cause tokens to become invalid prior to their expiration.
+ # As tokens may be fetched beyond their initial expiration period (nova live migration,
+ # cider volume backup), keys should not be fully rotated within the period of
+ # ``[token] expiration``+``[token] allow_expired_window`` seconds to prevent the tokens
+ # becoming unavailable.
+ # The max_active_keys default value was adjusted according to the following defaults:
+ # [token]/allow_expired_window = 172800 (48 hours)
+ # [token]/expiration = 3600 (1 hour)
+ # rotation_frequency = 1 hour (keystone_fernet_rotate_rsync_minute/hour 0 *)
+ # max_active_keys = (allow_expired_window + expiration)/rotation_frequency + 2
+ # In case of changing those defaults the keystone_tokens_max_active_keys value should be
+ # calculated according to the definition above.
+ keystone_tokens_expiration: 3600
+ keystone_tokens_max_active_keys: 51
+ keystone_tokens_allow_expired_window: 172800
+ keystone_fernet_rotate_rsync_minute: 0
+ keystone_fernet_rotate_rsync_hour: '*'
# Manila
manila_old_version: ${_param:openstack_old_version}
manila_version: ${_param:openstack_version}
@@ -147,7 +168,7 @@
octavia_health_manager_node03_address: 192.168.10.12
#
amphora_image_name: amphora-x64-haproxy
- amphora_image_url: "${_param:mcp_binary_registry}/mirantis/openstack/octavia/images/${_param:mcp_version}/${_param:openstack_version}/amphora-x64-haproxy.qcow2"
+ amphora_image_url: ${_param:mcp_static_images_url}/octavia/amphora-x64-haproxy-${_param:openstack_version}-${_param:mcp_version}.qcow2
# HAproxy
haproxy_openstack_web_bind_port: ${_param:horizon_public_port}
#
diff --git a/defaults/salt/init.yml b/defaults/salt/init.yml
index 61d9866..e71f560 100644
--- a/defaults/salt/init.yml
+++ b/defaults/salt/init.yml
@@ -48,3 +48,10 @@
salt_control_trusty_image: ${_param:mcp_static_images_url}/ubuntu-14-04-x64-mcp${_param:mcp_version}.qcow2
salt_control_xenial_image: ${_param:mcp_static_images_url}/ubuntu-16-04-x64-mcp${_param:mcp_version}.qcow2
+
+ salt_master_api_permissions:
+ - '.*'
+ - '@local'
+ - '@wheel' # to allow access to all wheel modules
+ - '@runner' # to allow access to all runner modules
+ - '@jobs' # to allow access to the jobs runner and/or wheel mo
diff --git a/docker/swarm/stack/ldap.yml b/docker/swarm/stack/ldap.yml
index fbb74bc..b785711 100644
--- a/docker/swarm/stack/ldap.yml
+++ b/docker/swarm/stack/ldap.yml
@@ -39,7 +39,8 @@
- server
hostname: ldap
environment:
- PHPLDAPADMIN_LDAP_HOSTS: "#PYTHON2BASH:[{'server': [{'server': [{'tls': False}]},{'login': [{'bind_id': 'cn=admin,${_param:openldap_dn}'},{'bind_pass': '${_param:openldap_admin_password}'}]}]}]"
+ PHPLDAPADMIN_LDAP_ADMIN_PASSWORD: ${_param:openldap_admin_password}
+ PHPLDAPADMIN_LDAP_HOSTS: "#PYTHON2BASH:[{'server': [{'server': [{'tls': False}]},{'login': [{'bind_id': 'cn=admin,${_param:openldap_dn}'},{'bind_pass': '$PHPLDAPADMIN_LDAP_ADMIN_PASSWORD'}]}]}]"
PHPLDAPADMIN_HTTPS: "false"
PHPLDAPADMIN_TRUST_PROXY_SSL: "true"
PHPLDAPADMIN_SERVER_ADMIN: ${_param:admin_email}
diff --git a/etcd/server/cluster.yml b/etcd/server/cluster.yml
index d9c1c8b..af210d7 100644
--- a/etcd/server/cluster.yml
+++ b/etcd/server/cluster.yml
@@ -4,10 +4,10 @@
- service.etcd.linux
parameters:
_param:
- docker_image_etcd: quay.io/coreos/etcd:v3.3.10
+ docker_image_etcd: quay.io/coreos/etcd:v3.3.12
kubernetes_etcd_repo: https://github.com/etcd-io/etcd/releases/download
- kubernetes_etcd_source: ${_param:kubernetes_etcd_repo}/v3.3.10/etcd-v3.3.10-linux-amd64.tar.gz
- kubernetes_etcd_source_hash: md5=dbbe0d021ba497bf9d9cc9963d0c7a4b
+ kubernetes_etcd_source: ${_param:kubernetes_etcd_repo}/v3.3.12/etcd-v3.3.12-linux-amd64.tar.gz
+ kubernetes_etcd_source_hash: md5=079af00546443b686df31e7ec605135e
etcd:
server:
enabled: true
diff --git a/jenkins/client/init.yml b/jenkins/client/init.yml
index 77e328f..676fe4d 100644
--- a/jenkins/client/init.yml
+++ b/jenkins/client/init.yml
@@ -24,6 +24,9 @@
url: ${_param:jenkins_gerrit_url}/mcp-ci/pipeline-library
credential_id: gerrit
branch: ${_param:jenkins_pipelines_branch}
+ theme:
+ css_url: '/userContent/theme/mirantis.css'
+ js_url: '/userContent/theme/mirantis.js'
view:
Mirrors:
enabled: true
diff --git a/jenkins/client/job/ceph/add-node.yml b/jenkins/client/job/ceph/add-node.yml
index 29af563..763b859 100644
--- a/jenkins/client/job/ceph/add-node.yml
+++ b/jenkins/client/job/ceph/add-node.yml
@@ -20,7 +20,7 @@
SALT_MASTER_URL:
type: string
description: URL of Salt master
- default: "http://${_param:salt_master_host}:6969"
+ default: "${_param:jenkins_salt_api_url}"
SALT_MASTER_CREDENTIALS:
type: string
description: Credentials for login to Salt API
diff --git a/jenkins/client/job/ceph/backend-migration.yml b/jenkins/client/job/ceph/backend-migration.yml
index ab3f639..c0a7c45 100644
--- a/jenkins/client/job/ceph/backend-migration.yml
+++ b/jenkins/client/job/ceph/backend-migration.yml
@@ -20,7 +20,7 @@
SALT_MASTER_URL:
type: string
description: URL of Salt master
- default: "http://${_param:salt_master_host}:6969"
+ default: "${_param:jenkins_salt_api_url}"
SALT_MASTER_CREDENTIALS:
type: string
description: Credentials for login to Salt API
diff --git a/jenkins/client/job/ceph/remove-node.yml b/jenkins/client/job/ceph/remove-node.yml
index 901e319..d6fd128 100644
--- a/jenkins/client/job/ceph/remove-node.yml
+++ b/jenkins/client/job/ceph/remove-node.yml
@@ -20,7 +20,7 @@
SALT_MASTER_URL:
type: string
description: URL of Salt master
- default: "http://${_param:salt_master_host}:6969"
+ default: "${_param:jenkins_salt_api_url}"
SALT_MASTER_CREDENTIALS:
type: string
description: Credentials for login to Salt API
diff --git a/jenkins/client/job/ceph/remove-osd.yml b/jenkins/client/job/ceph/remove-osd.yml
index 99dcb37..3af5a96 100644
--- a/jenkins/client/job/ceph/remove-osd.yml
+++ b/jenkins/client/job/ceph/remove-osd.yml
@@ -20,7 +20,7 @@
SALT_MASTER_URL:
type: string
description: URL of Salt master
- default: "http://${_param:salt_master_host}:6969"
+ default: "${_param:jenkins_salt_api_url}"
SALT_MASTER_CREDENTIALS:
type: string
description: Credentials for login to Salt API
diff --git a/jenkins/client/job/ceph/replace-failed-osd.yml b/jenkins/client/job/ceph/replace-failed-osd.yml
index a342ffb..395b5e5 100644
--- a/jenkins/client/job/ceph/replace-failed-osd.yml
+++ b/jenkins/client/job/ceph/replace-failed-osd.yml
@@ -20,7 +20,7 @@
SALT_MASTER_URL:
type: string
description: URL of Salt master
- default: "http://${_param:salt_master_host}:6969"
+ default: "${_param:jenkins_salt_api_url}"
SALT_MASTER_CREDENTIALS:
type: string
description: Credentials for login to Salt API
diff --git a/jenkins/client/job/ceph/upgrade.yml b/jenkins/client/job/ceph/upgrade.yml
index 7717761..0c07b46 100644
--- a/jenkins/client/job/ceph/upgrade.yml
+++ b/jenkins/client/job/ceph/upgrade.yml
@@ -20,7 +20,7 @@
SALT_MASTER_URL:
type: string
description: URL of Salt master
- default: "http://${_param:salt_master_host}:6969"
+ default: "${_param:jenkins_salt_api_url}"
SALT_MASTER_CREDENTIALS:
type: string
description: Credentials for login to Salt API
diff --git a/jenkins/client/job/deploy/galera_database_backup.yml b/jenkins/client/job/deploy/galera_database_backup.yml
new file mode 100644
index 0000000..e78c29b
--- /dev/null
+++ b/jenkins/client/job/deploy/galera_database_backup.yml
@@ -0,0 +1,33 @@
+parameters:
+ jenkins:
+ client:
+ job:
+ galera_backup_database:
+ type: workflow-scm
+ name: galera-database-backup
+ display_name: "Galera database backup"
+ discard:
+ build:
+ keep_num: 50
+ concurrent: true
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+ branch: "${_param:jenkins_pipelines_branch}"
+ credentials: "gerrit"
+ script: galera-database-backup-pipeline.groovy
+ param:
+ SALT_MASTER_CREDENTIALS:
+ type: string
+ default: "salt"
+ OVERRIDE_BACKUP_NODE:
+ type: string
+ default: "none"
+ SALT_MASTER_URL:
+ type: string
+ default: "${_param:jenkins_salt_api_url}"
+ ASK_CONFIRMATION:
+ type: boolean
+ default: 'true'
+ triggers:
+ - timed: "${_param:backup_min} ${_param:backup_hour} ${_param:backup_day_of_month} ${_param:backup_month} ${_param:backup_day_of_week}"
diff --git a/jenkins/client/job/deploy/galera_verify_restore.yml b/jenkins/client/job/deploy/galera_verify_restore.yml
index 492d76f..73e312a 100644
--- a/jenkins/client/job/deploy/galera_verify_restore.yml
+++ b/jenkins/client/job/deploy/galera_verify_restore.yml
@@ -1,6 +1,4 @@
parameters:
- _param:
- jenkins_salt_api_url: "http://${_param:salt_master_host}:6969"
jenkins:
client:
job:
diff --git a/jenkins/client/job/deploy/openstack.yml b/jenkins/client/job/deploy/openstack.yml
index d5ed556..b265161 100644
--- a/jenkins/client/job/deploy/openstack.yml
+++ b/jenkins/client/job/deploy/openstack.yml
@@ -1,6 +1,4 @@
parameters:
- _param:
- jenkins_salt_api_url: "http://${_param:salt_master_host}:6969"
jenkins:
client:
job:
diff --git a/jenkins/client/job/deploy/try_mcp.yml b/jenkins/client/job/deploy/try_mcp.yml
index 9c161ff..3ad2878 100644
--- a/jenkins/client/job/deploy/try_mcp.yml
+++ b/jenkins/client/job/deploy/try_mcp.yml
@@ -1,6 +1,4 @@
parameters:
- _param:
- jenkins_salt_api_url: "http://${_param:salt_master_host}:6969"
jenkins:
client:
job:
diff --git a/jenkins/client/job/deploy/update/cloud_update.yml b/jenkins/client/job/deploy/update/cloud_update.yml
index aef20ce..f3fe8ef 100644
--- a/jenkins/client/job/deploy/update/cloud_update.yml
+++ b/jenkins/client/job/deploy/update/cloud_update.yml
@@ -2,8 +2,6 @@
# Jobs to update cloud packages on given Salt master environment
#
parameters:
- _param:
- jenkins_salt_api_url: "http://${_param:salt_master_host}:6969"
jenkins:
client:
job:
diff --git a/jenkins/client/job/deploy/update/config.yml b/jenkins/client/job/deploy/update/config.yml
index 47ec321..5eafd70 100644
--- a/jenkins/client/job/deploy/update/config.yml
+++ b/jenkins/client/job/deploy/update/config.yml
@@ -2,8 +2,6 @@
# Jobs to run given states on given Salt master environment's
#
parameters:
- _param:
- jenkins_salt_api_url: "http://${_param:salt_master_host}:6969"
jenkins:
client:
job:
diff --git a/jenkins/client/job/deploy/update/kubernetes_update.yml b/jenkins/client/job/deploy/update/kubernetes_update.yml
index 454d92b..ee77583 100644
--- a/jenkins/client/job/deploy/update/kubernetes_update.yml
+++ b/jenkins/client/job/deploy/update/kubernetes_update.yml
@@ -2,8 +2,6 @@
# Jobs to update cloud packages on given Salt master environment
#
parameters:
- _param:
- jenkins_salt_api_url: "http://${_param:salt_master_host}:6969"
jenkins:
client:
job:
diff --git a/jenkins/client/job/deploy/update/package.yml b/jenkins/client/job/deploy/update/package.yml
index a485c3e..cb25892 100644
--- a/jenkins/client/job/deploy/update/package.yml
+++ b/jenkins/client/job/deploy/update/package.yml
@@ -2,8 +2,6 @@
# Jobs to update packages on given Salt master environment
#
parameters:
- _param:
- jenkins_salt_api_url: "http://${_param:salt_master_host}:6969"
jenkins:
client:
job:
diff --git a/jenkins/client/job/deploy/update/reclass_update_check.yml b/jenkins/client/job/deploy/update/reclass_update_check.yml
index cec8d79..dd279b3 100644
--- a/jenkins/client/job/deploy/update/reclass_update_check.yml
+++ b/jenkins/client/job/deploy/update/reclass_update_check.yml
@@ -2,8 +2,6 @@
# Jobs to to check new Reclass package version compatibility with model
#
parameters:
- _param:
- jenkins_salt_api_url: "http://${_param:salt_master_host}:6969"
jenkins:
client:
job:
diff --git a/jenkins/client/job/deploy/update/restore_cassandra.yml b/jenkins/client/job/deploy/update/restore_cassandra.yml
index 34179af..8b18eb1 100644
--- a/jenkins/client/job/deploy/update/restore_cassandra.yml
+++ b/jenkins/client/job/deploy/update/restore_cassandra.yml
@@ -2,8 +2,6 @@
# Jobs to update packages on given Salt master environment
#
parameters:
- _param:
- jenkins_salt_api_url: "http://${_param:salt_master_host}:6969"
jenkins:
client:
job:
diff --git a/jenkins/client/job/deploy/update/restore_zookeeper.yml b/jenkins/client/job/deploy/update/restore_zookeeper.yml
index ebb57f7..3d0dc05 100644
--- a/jenkins/client/job/deploy/update/restore_zookeeper.yml
+++ b/jenkins/client/job/deploy/update/restore_zookeeper.yml
@@ -2,8 +2,6 @@
# Jobs to update packages on given Salt master environment
#
parameters:
- _param:
- jenkins_salt_api_url: "http://${_param:salt_master_host}:6969"
jenkins:
client:
job:
diff --git a/jenkins/client/job/deploy/update/saltenv.yml b/jenkins/client/job/deploy/update/saltenv.yml
index 734a4e5..f2b38d2 100644
--- a/jenkins/client/job/deploy/update/saltenv.yml
+++ b/jenkins/client/job/deploy/update/saltenv.yml
@@ -3,7 +3,6 @@
#
parameters:
_param:
- jenkins_salt_api_url: "http://${_param:salt_master_host}:6969"
jenkins_salt_model_name: "salt"
jenkins_salt_model_branch: "master"
jenkins:
diff --git a/jenkins/client/job/deploy/update/update_ceph.yml b/jenkins/client/job/deploy/update/update_ceph.yml
index dd8bf58..4b7603b 100644
--- a/jenkins/client/job/deploy/update/update_ceph.yml
+++ b/jenkins/client/job/deploy/update/update_ceph.yml
@@ -2,8 +2,6 @@
# Jobs to run given states on given Salt master environment's
#
parameters:
- _param:
- jenkins_salt_api_url: "http://${_param:salt_master_host}:6969"
jenkins:
client:
job:
diff --git a/jenkins/client/job/deploy/update/update_mirror_image.yml b/jenkins/client/job/deploy/update/update_mirror_image.yml
index 73fd434..96e905c 100644
--- a/jenkins/client/job/deploy/update/update_mirror_image.yml
+++ b/jenkins/client/job/deploy/update/update_mirror_image.yml
@@ -2,8 +2,6 @@
# Jobs to update Salt master environment (formulas and models)
#
parameters:
- _param:
- jenkins_salt_api_url: "http://${_param:salt_master_host}:6969"
jenkins:
client:
job:
@@ -67,4 +65,4 @@
default: 'true'
UPDATE_FILES:
type: boolean
- default: 'true'
\ No newline at end of file
+ default: 'true'
diff --git a/jenkins/client/job/deploy/update/update_opencontrail4.yml b/jenkins/client/job/deploy/update/update_opencontrail4.yml
index 72ea870..e89d622 100644
--- a/jenkins/client/job/deploy/update/update_opencontrail4.yml
+++ b/jenkins/client/job/deploy/update/update_opencontrail4.yml
@@ -2,8 +2,6 @@
# Jobs to update packages on given Salt master environment
#
parameters:
- _param:
- jenkins_salt_api_url: "http://${_param:salt_master_host}:6969"
jenkins:
client:
job:
diff --git a/jenkins/client/job/deploy/update/upgrade.yml b/jenkins/client/job/deploy/update/upgrade.yml
index f4f5630..e3b60e1 100644
--- a/jenkins/client/job/deploy/update/upgrade.yml
+++ b/jenkins/client/job/deploy/update/upgrade.yml
@@ -2,8 +2,6 @@
# Jobs to update packages on given Salt master environment
#
parameters:
- _param:
- jenkins_salt_api_url: "http://${_param:salt_master_host}:6969"
jenkins:
client:
job:
diff --git a/jenkins/client/job/deploy/update/upgrade_compute.yml b/jenkins/client/job/deploy/update/upgrade_compute.yml
index b4628fa..ed5a222 100644
--- a/jenkins/client/job/deploy/update/upgrade_compute.yml
+++ b/jenkins/client/job/deploy/update/upgrade_compute.yml
@@ -2,8 +2,6 @@
# Jobs to update packages on given Salt master environment
#
parameters:
- _param:
- jenkins_salt_api_url: "http://${_param:salt_master_host}:6969"
jenkins:
client:
job:
diff --git a/jenkins/client/job/deploy/update/upgrade_mcp_release.yml b/jenkins/client/job/deploy/update/upgrade_mcp_release.yml
index 577e6ac..3fbd6c0 100644
--- a/jenkins/client/job/deploy/update/upgrade_mcp_release.yml
+++ b/jenkins/client/job/deploy/update/upgrade_mcp_release.yml
@@ -2,8 +2,6 @@
# Jobs to upgrade MCP release
#
parameters:
- _param:
- jenkins_salt_api_url: "http://${_param:salt_master_host}:6969"
jenkins:
client:
job:
diff --git a/jenkins/client/job/deploy/update/upgrade_opencontrail.yml b/jenkins/client/job/deploy/update/upgrade_opencontrail.yml
index 0b0d945..64c3aff 100644
--- a/jenkins/client/job/deploy/update/upgrade_opencontrail.yml
+++ b/jenkins/client/job/deploy/update/upgrade_opencontrail.yml
@@ -2,8 +2,6 @@
# Jobs to update packages on given Salt master environment
#
parameters:
- _param:
- jenkins_salt_api_url: "http://${_param:salt_master_host}:6969"
jenkins:
client:
job:
diff --git a/jenkins/client/job/deploy/update/upgrade_opencontrail4_0.yml b/jenkins/client/job/deploy/update/upgrade_opencontrail4_0.yml
index c1f448c..2d7ed69 100644
--- a/jenkins/client/job/deploy/update/upgrade_opencontrail4_0.yml
+++ b/jenkins/client/job/deploy/update/upgrade_opencontrail4_0.yml
@@ -2,8 +2,6 @@
# Jobs to update packages on given Salt master environment
#
parameters:
- _param:
- jenkins_salt_api_url: "http://${_param:salt_master_host}:6969"
jenkins:
client:
job:
diff --git a/jenkins/client/job/deploy/update/upgrade_ovs_gateway.yml b/jenkins/client/job/deploy/update/upgrade_ovs_gateway.yml
index 76bf436..9d31352 100644
--- a/jenkins/client/job/deploy/update/upgrade_ovs_gateway.yml
+++ b/jenkins/client/job/deploy/update/upgrade_ovs_gateway.yml
@@ -2,8 +2,6 @@
# Jobs to update packages on given Salt master environment
#
parameters:
- _param:
- jenkins_salt_api_url: "http://${_param:salt_master_host}:6969"
jenkins:
client:
job:
diff --git a/jenkins/client/job/deploy/update/upgrade_stacklight.yml b/jenkins/client/job/deploy/update/upgrade_stacklight.yml
index d7279a6..578fd28 100644
--- a/jenkins/client/job/deploy/update/upgrade_stacklight.yml
+++ b/jenkins/client/job/deploy/update/upgrade_stacklight.yml
@@ -2,8 +2,6 @@
# Jobs to process Stacklight update
#
parameters:
- _param:
- jenkins_salt_api_url: "http://${_param:salt_master_host}:6969"
jenkins:
client:
job:
diff --git a/jenkins/client/job/deploy/update/virt_snapshot.yml b/jenkins/client/job/deploy/update/virt_snapshot.yml
index be92c8d..22c8880 100644
--- a/jenkins/client/job/deploy/update/virt_snapshot.yml
+++ b/jenkins/client/job/deploy/update/virt_snapshot.yml
@@ -2,8 +2,6 @@
# Job to manage libvirt live snapshots
#
parameters:
- _param:
- jenkins_salt_api_url: "http://${_param:salt_master_host}:6969"
jenkins:
client:
job:
diff --git a/jenkins/client/job/validate.yml b/jenkins/client/job/validate.yml
index 9f20fc9..ad3ab9e 100644
--- a/jenkins/client/job/validate.yml
+++ b/jenkins/client/job/validate.yml
@@ -1,6 +1,4 @@
parameters:
- _param:
- jenkins_salt_api_url: "http://${_param:salt_master_host}:6969"
jenkins:
client:
view:
@@ -408,8 +406,12 @@
url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
branch: "${_param:jenkins_pipelines_branch}"
credentials: "gerrit"
- script: cvp-stacklight.groovy
+ script: cvp-runner.groovy
param:
+ IMAGE:
+ type: string
+ default: ${_param:docker_image_cvp_sanity_checks}
+ description: Docker image with tests and all pip dependecies to use for testing
SALT_MASTER_URL:
type: string
default: "${_param:jenkins_salt_api_url}"
@@ -417,22 +419,12 @@
SALT_MASTER_CREDENTIALS:
type: string
default: "salt"
- TESTS_REPO:
- type: string
- default: "https://github.com/Mirantis/stacklight-pytest -b cvp_stacklight"
- description: Url for cvp-stacklight-tests
- TESTS_SETTINGS:
- type: string
- default: "SL_AUTOCONF=True"
- description: "Additional environment variables to export"
- TESTS_SET:
- type: string
- default: "stacklight-pytest/stacklight_tests/tests/prometheus/"
- description: "Leave as is for full run or add a filename, e.g. _default_path_/test_dashboards.py"
- PROXY:
- type: string
- default: ""
- description: "Proxy address to use to access the Internet."
+ EXTRA_PARAMS:
+ type: text
+ default: |
+ envs:
+ - SL_AUTOCONF=True
+ description: YAML context with additional parameters
cvp-spt:
type: workflow-scm
name: cvp-spt
diff --git a/keepalived/cluster/instance/kdt_kube_api_server_vip.yml b/keepalived/cluster/instance/kdt_kube_api_server_vip.yml
new file mode 100644
index 0000000..a26748a
--- /dev/null
+++ b/keepalived/cluster/instance/kdt_kube_api_server_vip.yml
@@ -0,0 +1,28 @@
+applications:
+- keepalived
+classes:
+- service.keepalived.support
+parameters:
+ _param:
+ keepalived_vip_priority: 101
+ keepalived_kdt_kube_apiserver_vrrp_script_content: "pidof haproxy && systemctl status kube-apiserver.service --quiet --no-pager"
+ keepalived_kdt_k8s_apiserver_vip_interface: ens3
+ keepalived_kdt_k8s_apiserver_vip_address: ${_param:kdt_control_address}
+ keepalived_kdt_k8s_apiserver_vip_password: password
+ keepalived:
+ cluster:
+ vrrp_scripts:
+ kdt_vip:
+ content: ${_param:keepalived_kdt_kube_apiserver_vrrp_script_content}
+ interval: 10
+ rise: 1
+ fall: 1
+ enabled: true
+ instance:
+ kdt_kube_apiserver_vip:
+ address: ${_param:keepalived_kdt_k8s_apiserver_vip_address}
+ password: ${_param:keepalived_kdt_k8s_apiserver_vip_password}
+ interface: ${_param:keepalived_kdt_k8s_apiserver_vip_interface}
+ virtual_router_id: 70
+ priority: ${_param:keepalived_vip_priority}
+ track_script: kdt_vip
diff --git a/keystone/server/cluster.yml b/keystone/server/cluster.yml
index d64a6cb..7e9ea1b 100644
--- a/keystone/server/cluster.yml
+++ b/keystone/server/cluster.yml
@@ -11,7 +11,6 @@
- system.keystone.client.os_client_config.admin_identity
parameters:
_param:
- keystone_tokens_expiration: 3600
openstack_node_role: primary
keystone_service_protocol: ${_param:cluster_internal_protocol}
linux:
@@ -58,7 +57,8 @@
tokens:
engine: fernet
expiration: ${_param:keystone_tokens_expiration}
- max_active_keys: 3
+ max_active_keys: ${_param:keystone_tokens_max_active_keys}
+ allow_expired_window: ${_param:keystone_tokens_allow_expired_window}
location: /var/lib/keystone/fernet-keys
credential:
location: /var/lib/keystone/credential-keys
diff --git a/keystone/server/fernet_rotation/cluster.yml b/keystone/server/fernet_rotation/cluster.yml
index c34c4f8..cf7b328 100644
--- a/keystone/server/fernet_rotation/cluster.yml
+++ b/keystone/server/fernet_rotation/cluster.yml
@@ -36,7 +36,8 @@
command: '/var/lib/keystone/keystone_keys_rotate.sh -r -s -t fernet >> /var/log/keystone/keystone-rotate.log 2>> /var/log/keystone/keystone-rotate.log'
enabled: true
user: keystone
- minute: 0
+ minute: ${_param:keystone_fernet_rotate_rsync_minute}
+ hour: ${_param:keystone_fernet_rotate_rsync_hour}
keystone_credential_rotate_rsync:
command: '/var/lib/keystone/keystone_keys_rotate.sh -r -s -t credential >> /var/log/keystone/keystone-rotate.log 2>> /var/log/keystone/keystone-rotate.log'
enabled: true
diff --git a/keystone/server/fernet_rotation/single.yml b/keystone/server/fernet_rotation/single.yml
index 8a3d6fb..7514086 100644
--- a/keystone/server/fernet_rotation/single.yml
+++ b/keystone/server/fernet_rotation/single.yml
@@ -22,7 +22,8 @@
command: '/var/lib/keystone/keystone_keys_rotate.sh -r -t fernet >> /var/log/keystone/keystone-rotate.log 2>> /var/log/keystone/keystone-rotate.log'
enabled: true
user: keystone
- minute: 0
+ minute: ${_param:keystone_fernet_rotate_rsync_minute}
+ hour: ${_param:keystone_fernet_rotate_rsync_hour}
keystone_credential_rotate_rsync:
command: '/var/lib/keystone/keystone_keys_rotate.sh -r -t credential >> /var/log/keystone/keystone-rotate.log 2>> /var/log/keystone/keystone-rotate.log'
enabled: true
diff --git a/keystone/server/single.yml b/keystone/server/single.yml
index 6996968..9663488 100644
--- a/keystone/server/single.yml
+++ b/keystone/server/single.yml
@@ -13,7 +13,6 @@
mysql_admin_user: root
mysql_admin_password: password
mysql_keystone_password: password
- keystone_tokens_expiration: 3600
openstack_node_role: primary
keystone_service_protocol: ${_param:cluster_internal_protocol}
linux:
@@ -57,7 +56,8 @@
tokens:
engine: fernet
expiration: ${_param:keystone_tokens_expiration}
- max_active_keys: 3
+ max_active_keys: ${_param:keystone_tokens_max_active_keys}
+ allow_expired_window: ${_param:keystone_tokens_allow_expired_window}
location: /var/lib/keystone/fernet-keys
credential:
location: /var/lib/keystone/credential-keys
diff --git a/kubernetes/common/init.yml b/kubernetes/common/init.yml
index 0555271..952e5c8 100644
--- a/kubernetes/common/init.yml
+++ b/kubernetes/common/init.yml
@@ -41,7 +41,7 @@
kubernetes_hyperkube_source: ${_param:kubernetes_hyperkube_repo}/hyperkube_v1.13.2-1_1549961718696
kubernetes_hyperkube_source_hash: md5=802e0ee43fd2a41e9ed84b0f867e70a2
kubernetes_pause_image: ${_param:mcp_docker_registry}/mirantis/kubernetes/pause-amd64:v1.13.2-1
- kubernetes_virtlet_image: ${_param:kubernetes_virtlet_repo}/virtlet:v1.4.4
+ kubernetes_virtlet_image: ${_param:kubernetes_virtlet_repo}/virtlet:v1.5.0
kubernetes_criproxy_version: v0.14.0
kubernetes_criproxy_checksum: md5=f0fa669295a156a588f3480c9909e6fd
kubernetes_netchecker_agent_image: ${_param:kubernetes_netchecker_agent_repo}/k8s-netchecker-agent:v1.2.2
diff --git a/kubernetes/master/kdt_cluster.yml b/kubernetes/master/kdt_cluster.yml
new file mode 100644
index 0000000..00b0cce
--- /dev/null
+++ b/kubernetes/master/kdt_cluster.yml
@@ -0,0 +1,15 @@
+classes:
+- service.kubernetes.master.cluster
+- service.haproxy.proxy.single
+- system.haproxy.proxy.listen.kubernetes.apiserver
+- system.keepalived.cluster.instance.kdt_kube_api_server_vip
+- system.kubernetes.master.common
+parameters:
+ kubernetes:
+ master:
+ network:
+ calico:
+ prometheus:
+ enabled: true
+ policy:
+ enabled: false
diff --git a/nova/compute/cluster.yml b/nova/compute/cluster.yml
index 7896a97..6df13f5 100644
--- a/nova/compute/cluster.yml
+++ b/nova/compute/cluster.yml
@@ -72,6 +72,8 @@
password: ${_param:keystone_nova_password}
tenant: service
protocol: ${_param:cluster_internal_protocol}
+ service_user:
+ enabled: ${_param:nova_service_user_enabled}
barbican:
enabled: ${_param:barbican_integration_enabled}
message_queue:
diff --git a/nova/compute/single.yml b/nova/compute/single.yml
index 836886e..16a3d06 100644
--- a/nova/compute/single.yml
+++ b/nova/compute/single.yml
@@ -73,6 +73,8 @@
region: ${_param:openstack_region}
barbican:
enabled: ${_param:barbican_integration_enabled}
+ service_user:
+ enabled: ${_param:nova_service_user_enabled}
message_queue:
engine: rabbitmq
host: ${_param:control_address}
diff --git a/nova/compute_ironic/cluster.yml b/nova/compute_ironic/cluster.yml
index 4d49198..6d827b6 100644
--- a/nova/compute_ironic/cluster.yml
+++ b/nova/compute_ironic/cluster.yml
@@ -26,6 +26,8 @@
password: ${_param:keystone_nova_password}
tenant: service
protocol: ${_param:cluster_internal_protocol}
+ service_user:
+ enabled: ${_param:nova_service_user_enabled}
message_queue:
engine: rabbitmq
port: 5672
diff --git a/nova/compute_ironic/single.yml b/nova/compute_ironic/single.yml
index befc742..3ddcc18 100644
--- a/nova/compute_ironic/single.yml
+++ b/nova/compute_ironic/single.yml
@@ -26,6 +26,8 @@
password: ${_param:keystone_nova_password}
tenant: service
protocol: ${_param:cluster_internal_protocol}
+ service_user:
+ enabled: ${_param:nova_service_user_enabled}
message_queue:
engine: rabbitmq
port: 5672
diff --git a/nova/control/cluster.yml b/nova/control/cluster.yml
index 72bb558..779acae 100644
--- a/nova/control/cluster.yml
+++ b/nova/control/cluster.yml
@@ -63,6 +63,8 @@
password: ${_param:keystone_nova_password}
tenant: service
protocol: ${_param:cluster_internal_protocol}
+ service_user:
+ enabled: ${_param:nova_service_user_enabled}
barbican:
enabled: ${_param:barbican_integration_enabled}
message_queue:
diff --git a/nova/control/single.yml b/nova/control/single.yml
index d2cb013..0108af6 100644
--- a/nova/control/single.yml
+++ b/nova/control/single.yml
@@ -26,6 +26,8 @@
identity:
protocol: ${_param:cluster_internal_protocol}
region: ${_param:openstack_region}
+ service_user:
+ enabled: ${_param:nova_service_user_enabled}
network:
protocol: ${_param:cluster_internal_protocol}
region: ${_param:openstack_region}
diff --git a/openssh/server/team/mcp_qa.yml b/openssh/server/team/mcp_qa.yml
index f06e0ba..6ecefa5 100644
--- a/openssh/server/team/mcp_qa.yml
+++ b/openssh/server/team/mcp_qa.yml
@@ -17,6 +17,7 @@
- system.openssh.server.team.members.vryzhenkin
- system.openssh.server.team.members.sturivnyi
- system.openssh.server.team.members.ylobankov
+- system.openssh.server.team.members.ozhurba
# Deprecated users
- system.openssh.server.team.members.deprecated.ababich
- system.openssh.server.team.members.deprecated.akalach
diff --git a/openssh/server/team/members/avolkov.yml b/openssh/server/team/members/avolkov.yml
new file mode 100644
index 0000000..f435ca9
--- /dev/null
+++ b/openssh/server/team/members/avolkov.yml
@@ -0,0 +1,19 @@
+parameters:
+ linux:
+ system:
+ user:
+ avolkov:
+ email: avolkov@mirantis.com
+ enabled: true
+ full_name: Andrey Volkov
+ home: /home/avolkov
+ name: avolkov
+ sudo: ${_param:linux_system_user_sudo}
+ openssh:
+ server:
+ user:
+ avolkov:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDCUd3Qs1HNKgLF1B6qFntcnv4YMvGH6l4kBRdxvUWbTBwMekSFbJ0pnILNVQ8bC7oxFyCUOY/d074BtYcGILjwAbGBNztfi+g97GJYMkwsmmKVPucOy1ojakMg0s6ketQr3AM8YA7z0sbYMP7nbioaJMPhGKai0HRM4vPMSyH/3n9vFzkH9amBZEnTB15ZiXnUzLliyBMgyDUKvEOX072soYXR9TDWvE/TwAHiZdPh6gCMl4+yCinwS7baf9JuaQXn2P9SgCyx6uigAwvfn/XEwDqKFsso+4U53vR4RyktqzdSdFcf2UBUQlRMwvISwJTnLPfBsspQTRNlGqfAP+fd amadev@quasimodo
+ user: ${linux:system:user:avolkov}
diff --git a/openssh/server/team/members/brucemathews.yml b/openssh/server/team/members/brucemathews.yml
index 0fc9b63..466ca1a 100644
--- a/openssh/server/team/members/brucemathews.yml
+++ b/openssh/server/team/members/brucemathews.yml
@@ -15,6 +15,6 @@
bmathews:
enabled: true
public_keys:
- - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1tsh+T2JRsyblZBrF17b/Q2AelpY+gTc9BaMQMj1J/Y/aJZUjD22knG8away01DQ+Qew5/Kcx5k4AvmxWkncRX+7ye9sVJA6BQhwewkN/MiiDJ3hC8hNFfk8ki8arqPxasXZOWacT2DDXw7/gc+/DA4F35UvsMmD+JLVr4fkdzQuHre2QPbqs+6+KdHIl0nI+d3hCCd9Zsd1mYlJkDU7oLC085oIsIqToWTYKw6HFKMqocYzuN4TQKI3dySFpkjMXLz8SK8UVjXA+Lyu0ymIVmvGnVDNAImc9ZMeU+l6W4gpuLY30Zw5/8q8FkKBw5FYWgllmoixlwhNRJJ1Hf7tJ
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdAYo193PNG03Da0EuqfKu+cFM8SqPCYs8rniu+RIhJtlEiezfdYX95zO8omR675pjmw0CgZQB6Bsv9G4eMLS+qpmL0gFWI3/qwDacZGgsLr5iCo6bnIgWx92Ze56O7T4drho8ZK2cnmlUtVK5fhAgKHv/fzssmumzUkyD0+n0qJZIvA9eUm4T55X3IRFqxe321wLQDmQOxUkSv+zAClIEbsR8IUkRiTT6y0IbozrTXJaUUwrBhd+qr68NQXnAiMIP7v9S2TYcL1Ufl2M2W7RB18sGeLmz9cEXNQ+2SZv4ZVeK2O6VnLnQoJjCwkyVBJ2nIuTqZNy51Std3xpkh0ah bmathews@1205-W541
user: ${linux:system:user:bmathews}
diff --git a/openssh/server/team/members/cdodda.yml b/openssh/server/team/members/cdodda.yml
new file mode 100644
index 0000000..d4228b2
--- /dev/null
+++ b/openssh/server/team/members/cdodda.yml
@@ -0,0 +1,19 @@
+parameters:
+ linux:
+ system:
+ user:
+ cdodda:
+ enabled: true
+ name: cdodda
+ sudo: ${_param:linux_system_user_sudo}
+ full_name: Chandra Dodda
+ home: /home/cdodda
+ email: cdodda@mirantis.com
+ openssh:
+ server:
+ user:
+ cdodda:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDbU3LETmZst5dcLl7iPdAeVTtSQoJZoQ3Nza6DHlpv3wtHHvoh8Fd0QFhIkR81a+5563qBcUiFfI9n3vufyJWzc9x+8G2/WJXkKg6D3tnvPqmlT+3Cqj1vNZbjVvXFdVb24pR9jdAa8CEHInWLVNCdL/WShKDSHBQ/cloymzzGhpJOYMXjPzEBxDbiodKMD0TAvw7IKQSY9trlxOXBtQLcHWYxrdxG1ir7TjD6PXdXae8PRxOwh35leot9kWo27icxGIKdJunrvQZI3VB7FSf6hhWajgnmD4yREF9sCLaknl5Xx1J3c/6P0JDeX3DDT4Nv3Bl1cLIdMa0+iDeCPvGz
+ user: ${linux:system:user:cdodda}
diff --git a/openssh/server/team/members/deprecated/ryanday.yml b/openssh/server/team/members/deprecated/ryanday.yml
new file mode 100644
index 0000000..2034598
--- /dev/null
+++ b/openssh/server/team/members/deprecated/ryanday.yml
@@ -0,0 +1,16 @@
+parameters:
+ linux:
+ system:
+ user:
+ rday:
+ email: disabled
+ enabled: false
+ full_name: disabled
+ home: /home/rday
+ name: rday
+ openssh:
+ server:
+ user:
+ rday:
+ enabled: false
+ user: ${linux:system:user:rday}
diff --git a/openssh/server/team/members/npliashechnikov.yml b/openssh/server/team/members/npliashechnikov.yml
new file mode 100644
index 0000000..a5c8504
--- /dev/null
+++ b/openssh/server/team/members/npliashechnikov.yml
@@ -0,0 +1,19 @@
+parameters:
+ linux:
+ system:
+ user:
+ npliashechnikov:
+ email: npliashechnikov@mirantis.com
+ enabled: true
+ full_name: Nikolay Pliashechnykov
+ home: /home/npliashechnikov
+ name: npliashechnikov
+ sudo: ${_param:linux_system_user_sudo}
+ openssh:
+ server:
+ user:
+ npliashechnikov:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxy9ZNE+36U1W3vPxzMx++AujS8Ay9ZgJrfaa6YsWl1FeN87VuGucslHjLqFfiIYJLQl3m7tSLiAujQ/izBKDbfA5hd5z7JaCRB1LE+CehmCL0UVwsHflAi0tPn1tDrTcVGf/BRH0FsoZJo+KpOwohYGN8BMOpUIAP2SkGrE7cGbPrd9NbRqPW80iyIzsNIqzVKTcsh0CcJcr05V5n3or0GvteDMxl+mjAi6hpfx06a/bEfPLV10Ftl4+nIkbXr0KWA68uy7XmTlH+qgVUCMGwRP4mFaU63+uX45WboLKQ0aacPX833qvZJTIPe2FhAygoVoBwgOKBzrbnicBa9U+AQ== dkth1p3@lxf01p581
+ user: ${linux:system:user:npliashechnikov}
diff --git a/openssh/server/team/members/ozhurba.yml b/openssh/server/team/members/ozhurba.yml
new file mode 100644
index 0000000..3e9d779
--- /dev/null
+++ b/openssh/server/team/members/ozhurba.yml
@@ -0,0 +1,19 @@
+parameters:
+ linux:
+ system:
+ user:
+ ozhurba:
+ email: ozhurba@mirantis.com
+ enabled: true
+ full_name: Oleksii Zhurba
+ home: /home/ozhurba
+ name: ozhurba
+ sudo: ${_param:linux_system_user_sudo}
+ openssh:
+ server:
+ user:
+ ozhurba:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUwubPT8GWUeuPCdPeYlIuN8OaD0umc0JuyKWf5ViVhX3VqB6CwS6/ddm9fpbAedV/8J5l/Sl/usK/WuCPVBgKEuGtidRcrABxRt49q+aum5WRd6bsYv4UxFZmaDHKgg6g8LR7Ii26GPM/HdM1CdqnxpVicz7QRj3pgLDYLippg7RAktKkp4Jw7gkBFNR7UXGHr/5qX08VoUadbgWQP7OdHdgSxysqkSiN1Rr9URWEpwZ5wfblkbEzR1JBg6kYJAP3sTJvOQguFvFCVu6++/UX2wbrrc0+0eAO31lFUAIjboYLpWDj5Sj/ER3uwTX0dJw0wpSsa9lHn/LSZrJhrA5v ozhurba@zhurba-mac
+ user: ${linux:system:user:ozhurba}
diff --git a/openssh/server/team/members/ryanday.yml b/openssh/server/team/members/ryanday.yml
deleted file mode 100644
index 455e4aa..0000000
--- a/openssh/server/team/members/ryanday.yml
+++ /dev/null
@@ -1,20 +0,0 @@
-parameters:
- linux:
- system:
- user:
- rday:
- enabled: true
- name: rday
- sudo: ${_param:linux_system_user_sudo}
- full_name: Ryan Day
- home: /home/rday
- email: rday@mirantis.com
- openssh:
- server:
- user:
- rday:
- enabled: true
- public_keys:
- - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQC5WnQjTI+Elg3I3MeuP1T9Y8FKjuLZSj9qiMbetVb9+AbvjbYqjtam7xWzLxsqeH15d/ZSRHnU4E8f0/Wvk1z9Bl+GKl9+IpLvurewl3WXe2yaeZl4Ey3G9goTLfhluB2BbLqf7gu7t02aei68NhYNkp0Ry1FDBQ75frN1EcUoDubHl4HWJWkTsGJFoiaBTmlNRIkbQBYSEGoY331c4e++W0ZLV+q1rjbXVWcWjzuK+i3wCBrDdAjm4LyPjD60yJ/0n8FO4ChlhnGowhkHxQf7Bt80/QhM8VZuWPG4sQReJ2uMBvkFWRYKf8p2h7MaouFLmUOzW0k/EcILBBZgssekaUhDDyXe3c0Qd6yC2Eb8CCRKgIuhTW9+xTfJhZAFLCPDYN/CDybzvgJSgRCa6esxfCQB+i4aRJOeL5IePXdkO+LY1GMbDzVhIxfPviN4/7NRidvtPHEYwLGvaIQUb/XWX4ILXAhdw/ilfOOu9DQkPzpBTQaAGl9+e2edRP3WAe4fjgCPmeTIruwSRqxJFLdLG19m1JaoRwc7H1cIiUQ1i/lMYq2ntA/60FZRQ/xsLdX5LT+wo896bc3pRxore+zs2o2sATEc84u5eCEFk3wMZvfeJdDz/l489G/1kp1SUKMI1ouyBWoP7qO/fI9m+TXg3jYJ3JOd3pYO7jd3kDBuZQ==
- user: ${linux:system:user:rday}
-
diff --git a/openssh/server/team/members/ryanday.yml b/openssh/server/team/members/ryanday.yml
new file mode 120000
index 0000000..3f04d20
--- /dev/null
+++ b/openssh/server/team/members/ryanday.yml
@@ -0,0 +1 @@
+deprecated/ryanday.yml
\ No newline at end of file
diff --git a/openssh/server/team/oscore_devops.yml b/openssh/server/team/oscore_devops.yml
index ad35e7d..8a0f8cb 100644
--- a/openssh/server/team/oscore_devops.yml
+++ b/openssh/server/team/oscore_devops.yml
@@ -17,6 +17,7 @@
- system.openssh.server.team.members.vmarkov
- system.openssh.server.team.members.opetrenko
- system.openssh.server.team.members.apodrepnyi
+- system.openssh.server.team.members.avolkov
parameters:
_param:
linux_system_user_sudo: true
diff --git a/openssh/server/team/services.yml b/openssh/server/team/services.yml
index b735090..371c254 100644
--- a/openssh/server/team/services.yml
+++ b/openssh/server/team/services.yml
@@ -23,6 +23,7 @@
- system.openssh.server.team.members.pbasov
- system.openssh.server.team.members.alis
- system.openssh.server.team.members.isviridov
+- system.openssh.server.team.members.cdodda
parameters:
_param:
linux_system_user_sudo: true
diff --git a/openssh/server/team/services_qa.yml b/openssh/server/team/services_qa.yml
index 682dd8a..553e6a7 100644
--- a/openssh/server/team/services_qa.yml
+++ b/openssh/server/team/services_qa.yml
@@ -1,50 +1,9 @@
+classes:
+- system.openssh.server.team.members.npliashechnikov
+- system.openssh.server.team.members.mchernik
+- system.openssh.server.team.members.osavatieiev
+- system.openssh.server.team.members.dkruglov
+
parameters:
_param:
linux_system_user_sudo: true
- linux:
- system:
- user:
- npliashechnikov:
- enabled: true
- name: npliashechnikov
- sudo: true
- full_name: Nikolay Pliashechnykov
- home: /home/npliashechnikov
- mchernik:
- enabled: true
- name: mchernik
- sudo: true
- full_name: Mikhail Chernik
- home: /home/mchernik
- ozhurba:
- enabled: true
- name: ozhurba
- sudo: true
- full_name: Oleksii Zhurba
- home: /home/ozhurba
- openssh:
- server:
- enabled: true
- user:
- npliashechnikov:
- enabled: true
- public_keys:
- - ${public_keys:npliashechnikov}
- user: ${linux:system:user:npliashechnikov}
- mchernik:
- enabled: true
- public_keys:
- - ${public_keys:mchernik}
- user: ${linux:system:user:mchernik}
- ozhurba:
- enabled: true
- public_keys:
- - ${public_keys:ozhurba}
- user: ${linux:system:user:ozhurba}
- public_keys:
- npliashechnikov:
- key: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxy9ZNE+36U1W3vPxzMx++AujS8Ay9ZgJrfaa6YsWl1FeN87VuGucslHjLqFfiIYJLQl3m7tSLiAujQ/izBKDbfA5hd5z7JaCRB1LE+CehmCL0UVwsHflAi0tPn1tDrTcVGf/BRH0FsoZJo+KpOwohYGN8BMOpUIAP2SkGrE7cGbPrd9NbRqPW80iyIzsNIqzVKTcsh0CcJcr05V5n3or0GvteDMxl+mjAi6hpfx06a/bEfPLV10Ftl4+nIkbXr0KWA68uy7XmTlH+qgVUCMGwRP4mFaU63+uX45WboLKQ0aacPX833qvZJTIPe2FhAygoVoBwgOKBzrbnicBa9U+AQ== dkth1p3@lxf01p581
- mchernik:
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiYzcWNIP1K3DnSfztIZdMTl6zSr133eixsHDWWqI71Fj5UOny4kMH2P/qYk0WHhm7P9kwBNDgmJBY/eO5jb00D2w9BGHyvsOnkpAgzw5neL4ivRT7qLWkRdbcLo8AAFQN7VW+bgMb8gFfYWfttHyfkbJOQlU2xmi8fvhQ+2IM/12S0f0lP2uIYgVn8g9f+1OmtXKOWi/cKx0+6NYsuFjM2oVRlBhwlhPD2mI00rSL6zYjz/8GapPPkylQnds09NueNmrScjsPmJl6lPzU8maxHABZ/KctIZW/0ucMolv/3Ybm5FJIsj6YGUdz7AWzdE9o4tSfugFR3P7Ng/scxXpZ migel@mungo
- ozhurba:
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUwubPT8GWUeuPCdPeYlIuN8OaD0umc0JuyKWf5ViVhX3VqB6CwS6/ddm9fpbAedV/8J5l/Sl/usK/WuCPVBgKEuGtidRcrABxRt49q+aum5WRd6bsYv4UxFZmaDHKgg6g8LR7Ii26GPM/HdM1CdqnxpVicz7QRj3pgLDYLippg7RAktKkp4Jw7gkBFNR7UXGHr/5qX08VoUadbgWQP7OdHdgSxysqkSiN1Rr9URWEpwZ5wfblkbEzR1JBg6kYJAP3sTJvOQguFvFCVu6++/UX2wbrrc0+0eAO31lFUAIjboYLpWDj5Sj/ER3uwTX0dJw0wpSsa9lHn/LSZrJhrA5v ozhurba@zhurba-mac
diff --git a/prometheus/gainsight/query/openstack.yml b/prometheus/gainsight/query/openstack.yml
index 877ad32..40a804b 100644
--- a/prometheus/gainsight/query/openstack.yml
+++ b/prometheus/gainsight/query/openstack.yml
@@ -8,7 +8,7 @@
vstorage_free: "'vStorage Free','avg(sum(avg_over_time(openstack_nova_free_disk[24h])) by (instance))'"
vram_used: "'vRAM Used','avg(sum(avg_over_time(openstack_nova_used_ram[24h])) by (instance))'"
vram_free: "'vRAM Free','avg(sum(avg_over_time(openstack_nova_free_ram[24h])) by (instance))'"
- instances: "'Active Instances','avg(sum(avg_over_time(openstack_nova_instances{state=\"active\"}[24h])) by (instance))'"
+ instances: "'Instances','avg(sum(avg_over_time(openstack_nova_instances{state=\"active\"}[24h])) by (instance))'"
compute_nodes: "'Compute Nodes','avg(sum(openstack_nova_services{binary=~\"nova.compute\"}) by (instance))'"
tenants: "'Tenants','avg(sum(avg_over_time(openstack_keystone_tenants_total[24h])) by (instance))'"
cinder_api: "'Cinder API','avg(avg_over_time(openstack_api_check_status{name=\"cinderv2\"}[24h]))'"
diff --git a/salt/master/api.yml b/salt/master/api.yml
index b5ede2f..f0fa081 100644
--- a/salt/master/api.yml
+++ b/salt/master/api.yml
@@ -1,12 +1,4 @@
parameters:
- _param:
- salt_master_api_port: 6969
- salt_master_api_permissions:
- - '.*'
- - '@local'
- - '@wheel' # to allow access to all wheel modules
- - '@runner' # to allow access to all runner modules
- - '@jobs' # to allow access to the jobs runner and/or wheel mo
salt:
api:
enabled: true
diff --git a/xtrabackup/client/single.yml b/xtrabackup/client/single.yml
index 25fa6d2..cf88e28 100644
--- a/xtrabackup/client/single.yml
+++ b/xtrabackup/client/single.yml
@@ -6,4 +6,5 @@
xtrabackup_client_throttle: 0 # disabled
xtrabackup:
client:
+ cron: false
throttle: ${_param:xtrabackup_client_throttle}
diff --git a/xtrabackup/server/single.yml b/xtrabackup/server/single.yml
index 92d9fc3..34ba45d 100644
--- a/xtrabackup/server/single.yml
+++ b/xtrabackup/server/single.yml
@@ -3,6 +3,7 @@
parameters:
xtrabackup:
server:
+ cron: false
backup_dir: /srv/volumes/backup/xtrabackup
key:
xtrabackup_pub_key: