Merge "Change ssh-key for listomin user in openssh"
diff --git a/.releasenotes/notes/check-ssl-k8s-api-42ea701f38268c1c.yaml b/.releasenotes/notes/check-ssl-k8s-api-42ea701f38268c1c.yaml
new file mode 100644
index 0000000..3cff198
--- /dev/null
+++ b/.releasenotes/notes/check-ssl-k8s-api-42ea701f38268c1c.yaml
@@ -0,0 +1,11 @@
+---
+summary: >
+ Changed the SSL check type to ``check-ssl`` in HAProxy
+ for the Kubernetes ``apiserver``
+
+features:
+ - Replaced the SSL check type from ``ssl-hello-chk`` to
+ ``check-ssl`` in HAProxy for the Kubernetes
+ ``apiserver``. This prevents the TLS errors in logs
+ occurring during the check of SSLv3 that is not supported
+ by the Kubernetes ``apiserver``.
diff --git a/.releasenotes/notes/k8s-sched-controller-to-server-c6aca59f3c4d1379.yaml b/.releasenotes/notes/k8s-sched-controller-to-server-c6aca59f3c4d1379.yaml
new file mode 100644
index 0000000..b32ada6
--- /dev/null
+++ b/.releasenotes/notes/k8s-sched-controller-to-server-c6aca59f3c4d1379.yaml
@@ -0,0 +1,10 @@
+---
+summary: >
+ Moved the ``k8s_scheduler`` and ``k8s_controller_manager``
+ options to ``k8s_server`` and added the ``k8s_admin``
+ option to ``k8s_server``
+
+features:
+ - Moved the ``k8s_scheduler`` and ``k8s_controller_manager``
+ options from ``k8s_client`` to ``k8s_server``. Also added
+ the ``k8s_admin`` option to ``k8s_server``.
diff --git a/.releasenotes/notes/multi-tenancy-contrail-f0bb049c99cddeda.yaml b/.releasenotes/notes/multi-tenancy-contrail-f0bb049c99cddeda.yaml
new file mode 100644
index 0000000..b01c9bb
--- /dev/null
+++ b/.releasenotes/notes/multi-tenancy-contrail-f0bb049c99cddeda.yaml
@@ -0,0 +1,9 @@
+---
+summary: >
+ Enabled the ``multi_tenancy`` option for Mirantis
+ OpenContrail
+
+features:
+ - Enabled the ``multi_tenancy`` option for Mirantis
+ OpenContrail to prevent unauthorized sending
+ of queries to the OpenContrail API.
diff --git a/.releasenotes/notes/samehostfiler-nova-dc7e81cffcbff462.yaml b/.releasenotes/notes/samehostfiler-nova-dc7e81cffcbff462.yaml
new file mode 100644
index 0000000..93c2617
--- /dev/null
+++ b/.releasenotes/notes/samehostfiler-nova-dc7e81cffcbff462.yaml
@@ -0,0 +1,8 @@
+---
+summary: >
+ Added ``SameHostFilter`` to the default Nova filters
+
+features:
+ - Added ``SameHostFilter`` to the default Nova filters
+ to allow users scheduling instances that are based
+ on the ``same_host`` hint.
diff --git a/.releasenotes/notes/ssl-galera-b19bcada86dab036.yaml b/.releasenotes/notes/ssl-galera-b19bcada86dab036.yaml
new file mode 100644
index 0000000..41fe1b3
--- /dev/null
+++ b/.releasenotes/notes/ssl-galera-b19bcada86dab036.yaml
@@ -0,0 +1,9 @@
+---
+summary: >
+ Added a possibility to configure the SSL ``GRANT`` options
+ when creating the Galera databases
+
+features:
+ - Added a possibility to set the SSL ``GRANT`` options when
+ creating the Galera databases using the
+ ``mysql_{service}_ssl_option`` parameter.
diff --git a/cinder/control/backend/solidfire.yml b/cinder/control/backend/solidfire.yml
index 20d708c..b2fbee6 100644
--- a/cinder/control/backend/solidfire.yml
+++ b/cinder/control/backend/solidfire.yml
@@ -1,8 +1,8 @@
parameters:
cinder:
controller:
- defaul_volume_type: normal-storage
- backend:
+ default_volume_type: normal-storage
+ backend:
solidfire:
engine: solidfire
type_name: normal-storage
@@ -11,4 +11,4 @@
san_login: ${_param:san_login}
san_password: ${_param:san_password}
clustername: ${_param:san_cluster_name}
- sf_emulate_512: true
\ No newline at end of file
+ sf_emulate_512: true
diff --git a/jenkins/client/job/deploy/lab/release/mcp10.yml b/jenkins/client/job/deploy/lab/release/mcp10.yml
index 34fb940..66f08af 100644
--- a/jenkins/client/job/deploy/lab/release/mcp10.yml
+++ b/jenkins/client/job/deploy/lab/release/mcp10.yml
@@ -37,13 +37,13 @@
stack_test: ""
job_timer: "H H(0-6) * * *"
- stack_name: virtual_mcp10_ovs_dvr
- stack_env: devcloud_virtual_mcp10_dvr
+ stack_env: devcloud
stack_install: core,openstack,dvr
stack_type: heat
stack_test: ""
job_timer: "H H(0-6) * * *"
- stack_name: virtual_mcp10_ovs
- stack_env: devcloud_virtual_mcp10_ovs
+ stack_env: devcloud
stack_install: core,openstack,ovs
stack_type: heat
stack_test: ""
diff --git a/jenkins/client/job/deploy/lab/release/mcp11.yml b/jenkins/client/job/deploy/lab/release/mcp11.yml
index 5c0f4d4..657e1d1 100644
--- a/jenkins/client/job/deploy/lab/release/mcp11.yml
+++ b/jenkins/client/job/deploy/lab/release/mcp11.yml
@@ -10,13 +10,13 @@
stack_test: ""
job_timer: ""
- stack_name: virtual_mcp11_dvr
- stack_env: devcloud_virtual_mcp11_dvr
+ stack_env: devcloud
stack_install: core,openstack,dvr
stack_type: heat
stack_test: ""
job_timer: ""
- stack_name: virtual_mcp11_ovs
- stack_env: devcloud_virtual_mcp11_ovs
+ stack_env: devcloud
stack_install: core,openstack,ovs
stack_type: heat
stack_test: ""
@@ -57,3 +57,27 @@
stack_type: heat
stack_test: ""
job_timer: "H H(0-6) * * *"
+ - stack_name: virtual_mcp_mitaka_ovs
+ stack_env: devcloud
+ stack_install: core,openstack,ovs
+ stack_type: heat
+ stack_test: ""
+ job_timer: ""
+ - stack_name: virtual_mcp_mitaka_dvr
+ stack_env: devcloud
+ stack_install: core,openstack,dvr
+ stack_type: heat
+ stack_test: ""
+ job_timer: ""
+ - stack_name: virtual_mcp_newton_ovs
+ stack_env: devcloud
+ stack_install: core,openstack,ovs
+ stack_type: heat
+ stack_test: ""
+ job_timer: ""
+ - stack_name: virtual_mcp_newton_dvr
+ stack_env: devcloud
+ stack_install: core,openstack,dvr
+ stack_type: heat
+ stack_test: ""
+ job_timer: ""
diff --git a/jenkins/client/job/salt-formulas/git-mirrors/2way.yml b/jenkins/client/job/salt-formulas/git-mirrors/2way.yml
index 06117f1..4fc9030 100644
--- a/jenkins/client/job/salt-formulas/git-mirrors/2way.yml
+++ b/jenkins/client/job/salt-formulas/git-mirrors/2way.yml
@@ -461,10 +461,10 @@
param:
SOURCE_URL:
type: string
- default: "${_param:jenkins_gerrit_url}/salt-formulas/salt-formulas-cookiecutter.git"
+ default: "${_param:jenkins_gerrit_url}/salt-formulas/cookiecutter-salt-formula"
TARGET_URL:
type: string
- default: "git@github.com:salt-formulas/salt-formulas-cookiecutter.git"
+ default: "git@github.com:salt-formulas/cookiecutter-salt-formula"
CREDENTIALS_ID:
type: string
default: "gerrit"
diff --git a/jenkins/client/job/salt-models/tests.yml b/jenkins/client/job/salt-models/tests.yml
index c496b61..9e6b8ac 100644
--- a/jenkins/client/job/salt-models/tests.yml
+++ b/jenkins/client/job/salt-models/tests.yml
@@ -37,7 +37,7 @@
default: "--force-color"
DEFAULT_GIT_URL:
type: string
- description: "Run against alternate system reclass"
+ description: "Salt model repo URL"
default: "${_param:jenkins_gerrit_url}/salt-models/{{name}}"
DEFAULT_GIT_REF:
type: string
@@ -82,6 +82,84 @@
APT_REPOSITORY_GPG:
type: string
default: ""
+ test_salt_model_customer:
+ name: test-salt-model-customer-{{name}}
+ template:
+ type: workflow-scm
+ discard:
+ build:
+ keep_num: 50
+ artifact:
+ keep_num: 50
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+ branch: "${_param:jenkins_pipelines_branch}"
+ credentials: "gerrit"
+ script: test-salt-models-pipeline.groovy
+ concurrent: true
+ trigger:
+ gerrit:
+ project:
+ salt-models/{{name}}:
+ branches:
+ - compare_type: "REG_EXP"
+ name: "{{branch}}"
+ event:
+ comment:
+ - addedContains:
+ commentAddedCommentContains: '^(?s:Patch Set \d+:.*(test|recheck|reverify)\s*)$'
+ param:
+ SALT_OPTS:
+ type: string
+ default: "--force-color"
+ DEFAULT_GIT_URL:
+ type: string
+ description: "Salt model repo URL"
+ default: "{{source}}"
+ DEFAULT_GIT_REF:
+ type: string
+ default: master
+ CREDENTIALS_ID:
+ type: string
+ default: "gerrit"
+ PARALLEL_NODE_GROUP_SIZE:
+ type: string
+ default: "9"
+ # Salt master setup extra formulas
+ EXTRA_FORMULAS:
+ type: string
+ default: "{{extra_formulas}}"
+ FORMULAS_SOURCE:
+ type: string
+ default: "{{formulas_src}}"
+ FORMULAS_REVISION:
+ type: string
+ default: "{{formulas_revision}}"
+ SYSTEM_GIT_URL:
+ type: string
+ default: ""
+ SYSTEM_GIT_REF:
+ type: string
+ default: ""
+ CONFIG_NODE_NAME_PATTERN:
+ type: string
+ default: "{{config_node_name}}"
+ MAX_CPU_PER_JOB:
+ type: string
+ default: "2"
+ RECLASS_IGNORE_CLASS_NOTFOUND:
+ type: boolean
+ default: "{{reclass_ignore_class_notfound}}"
+ LEGACY_TEST_MODE:
+ type: boolean
+ default: "{{legacy_test_mode}}"
+ APT_REPOSITORY:
+ type: string
+ default: ""
+ APT_REPOSITORY_GPG:
+ type: string
+ default: ""
test_system_reclass:
name: test-salt-model-{{name}}
template:
diff --git a/linux/system/single/init.yml b/linux/system/single/init.yml
index c7c583b..70eae66 100644
--- a/linux/system/single/init.yml
+++ b/linux/system/single/init.yml
@@ -25,6 +25,8 @@
config:
compression-workaround:
"Acquire::CompressionTypes::Order": "gz"
+ aws-s3-mirrors-workaround:
+ "Acquire::http::Pipeline-Depth": "0"
kernel:
modules:
- nf_conntrack
diff --git a/salt/minion/cert/k8s_client.yml b/salt/minion/cert/k8s_client.yml
index 53ff3ba..be262b5 100644
--- a/salt/minion/cert/k8s_client.yml
+++ b/salt/minion/cert/k8s_client.yml
@@ -21,3 +21,21 @@
common_name: system:kube-proxy
signing_policy: cert_client
alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
+ k8s_scheduler:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kube-scheduler-client.key
+ cert_file: /etc/kubernetes/ssl/kube-scheduler-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:kube-scheduler
+ signing_policy: cert_client
+ alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
+ k8s_controller_manager:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kube-controller-manager-client.key
+ cert_file: /etc/kubernetes/ssl/kube-controller-manager-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:kube-controller-manager
+ signing_policy: cert_client
+ alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
diff --git a/salt/minion/cert/k8s_client_single.yml b/salt/minion/cert/k8s_client_single.yml
index eb7b21c..e9c7d79 100644
--- a/salt/minion/cert/k8s_client_single.yml
+++ b/salt/minion/cert/k8s_client_single.yml
@@ -21,3 +21,21 @@
common_name: system:kube-proxy
signing_policy: cert_client
alternative_names: IP:${_param:control_address},IP:${_param:kubernetes_internal_api_address}
+ k8s_scheduler:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kube-scheduler-client.key
+ cert_file: /etc/kubernetes/ssl/kube-scheduler-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:kube-scheduler
+ signing_policy: cert_client
+ alternative_names: IP:${_param:control_address},IP:${_param:kubernetes_internal_api_address}
+ k8s_controller_manager:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kube-controller-manager-client.key
+ cert_file: /etc/kubernetes/ssl/kube-controller-manager-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: system:kube-controller-manager
+ signing_policy: cert_client
+ alternative_names: IP:${_param:control_address},IP:${_param:kubernetes_internal_api_address}
diff --git a/salt/minion/cert/k8s_server.yml b/salt/minion/cert/k8s_server.yml
index d81f5a5..603d369 100644
--- a/salt/minion/cert/k8s_server.yml
+++ b/salt/minion/cert/k8s_server.yml
@@ -11,30 +11,3 @@
all_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.pem
signing_policy: cert_server
alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address},DNS:kubernetes.default,DNS:kubernetes.default.svc
- k8s_scheduler:
- host: ${_param:salt_minion_ca_host}
- authority: ${_param:salt_minion_ca_authority}
- key_file: /etc/kubernetes/ssl/kube-scheduler-client.key
- cert_file: /etc/kubernetes/ssl/kube-scheduler-client.crt
- ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
- common_name: system:kube-scheduler
- signing_policy: cert_client
- alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
- k8s_controller_manager:
- host: ${_param:salt_minion_ca_host}
- authority: ${_param:salt_minion_ca_authority}
- key_file: /etc/kubernetes/ssl/kube-controller-manager-client.key
- cert_file: /etc/kubernetes/ssl/kube-controller-manager-client.crt
- ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
- common_name: system:kube-controller-manager
- signing_policy: cert_client
- alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
- k8s_admin:
- host: ${_param:salt_minion_ca_host}
- authority: ${_param:salt_minion_ca_authority}
- key_file: /etc/kubernetes/ssl/admin.key
- cert_file: /etc/kubernetes/ssl/admin.crt
- ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
- common_name: admin
- organization_name: system:masters
- signing_policy: cert_client
diff --git a/salt/minion/cert/k8s_server_single.yml b/salt/minion/cert/k8s_server_single.yml
index fa3a008..33637e4 100644
--- a/salt/minion/cert/k8s_server_single.yml
+++ b/salt/minion/cert/k8s_server_single.yml
@@ -11,30 +11,3 @@
all_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.pem
signing_policy: cert_server
alternative_names: IP:${_param:control_address},IP:${_param:kubernetes_internal_api_address}
- k8s_scheduler:
- host: ${_param:salt_minion_ca_host}
- authority: ${_param:salt_minion_ca_authority}
- key_file: /etc/kubernetes/ssl/kube-scheduler-client.key
- cert_file: /etc/kubernetes/ssl/kube-scheduler-client.crt
- ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
- common_name: system:kube-scheduler
- signing_policy: cert_client
- alternative_names: IP:${_param:control_address},IP:${_param:kubernetes_internal_api_address}
- k8s_controller_manager:
- host: ${_param:salt_minion_ca_host}
- authority: ${_param:salt_minion_ca_authority}
- key_file: /etc/kubernetes/ssl/kube-controller-manager-client.key
- cert_file: /etc/kubernetes/ssl/kube-controller-manager-client.crt
- ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
- common_name: system:kube-controller-manager
- signing_policy: cert_client
- alternative_names: IP:${_param:control_address},IP:${_param:kubernetes_internal_api_address}
- k8s_admin:
- host: ${_param:salt_minion_ca_host}
- authority: ${_param:salt_minion_ca_authority}
- key_file: /etc/kubernetes/ssl/admin.key
- cert_file: /etc/kubernetes/ssl/admin.crt
- ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
- common_name: admin
- organization_name: system:masters
- signing_policy: cert_client