Merge "Add hotfix|update for openstack repos"
diff --git a/artifactory/client/init.yml b/artifactory/client/init.yml
index bd69bd3..381681e 100644
--- a/artifactory/client/init.yml
+++ b/artifactory/client/init.yml
@@ -329,7 +329,8 @@
pypi-remote:
rclass: remote
packageType: pypi
- url: https://pypi.python.org
+ url: https://files.pythonhosted.org
+ pyPIRegistryUrl: https://pypi.org
unusedArtifactsCleanupEnabled: true
unusedArtifactsCleanupPeriodHours: 720
diff --git a/docker/swarm/network/operations_api_backend.yml b/docker/swarm/network/operations_api_backend.yml
new file mode 100644
index 0000000..f23c239
--- /dev/null
+++ b/docker/swarm/network/operations_api_backend.yml
@@ -0,0 +1,10 @@
+parameters:
+ _param:
+ docker_operations_api_network_subnet: 10.80.0.0/24
+ docker:
+ client:
+ network:
+ operations_api_backend:
+ subnet: ${_param:docker_operations_api_network_subnet}
+ driver: overlay
+ attachable: true
diff --git a/docker/swarm/stack/operations_api.yml b/docker/swarm/stack/operations_api.yml
new file mode 100644
index 0000000..fff4f18
--- /dev/null
+++ b/docker/swarm/stack/operations_api.yml
@@ -0,0 +1,70 @@
+parameters:
+ _param:
+ docker_operations_api_replicas: 1
+ docker_image_operations_api: mirantis/python-operations-api:latest
+ operations_api_sqlalchemy_database_uri: "cockroachdb://oapi@cockroach-ui:26257/oapi"
+ operations_api_sqlalchemy_echo: "false"
+ operations_api_flask_debug: "false"
+ operations_api_bind_host: 0.0.0.0
+ operations_api_bind_port: ${_param:haproxy_operations_api_bind_port}
+ docker_image_cockroachdb: cockroachdb/cockroach:latest
+ operations_api_keycloak_url: "http://${_param:single_address}:${_param:haproxy_keycloak_exposed_port}"
+ docker:
+ client:
+ stack:
+ operations_api:
+ service:
+ operations-api:
+ environment:
+ OAPI_OIDC_CLIENT_SECRETS_OVERRIDE: '
+ {
+ "web": {
+ "client_id": "operations-api",
+ "client_secret": "${_param:keycloak_operations_api_client_secret}",
+ "auth_uri": "${_param:operations_api_keycloak_url}/auth/realms/drivetrain-realm/protocol/openid-connect/auth",
+ "token_uri": "${_param:operations_api_keycloak_url}/auth/realms/drivetrain-realm/protocol/openid-connect/token",
+ "token_introspection_uri": "${_param:operations_api_keycloak_url}/auth/realms/drivetrain-realm/protocol/openid-connect/token/introspect",
+ "issuer": "${_param:operations_api_keycloak_url}/auth/realms/drivetrain-realm",
+ "userinfo_uri": "${_param:operations_api_keycloak_url}/auth/realms/drivetrain-realm/protocol/openid-connect/userinfo"
+ }
+ }'
+ OAPI_SQLALCHEMY_DATABASE_URI: ${_param:operations_api_sqlalchemy_database_uri}
+ OAPI_SQLALCHEMY_ECHO: ${_param:operations_api_sqlalchemy_echo}
+ OAPI_FLASK_DEBUG: ${_param:operations_api_flask_debug}
+ OAPI_FLASK_SECRET_KEY: ${_param:operations_api_flask_secret_key}
+ OAPI_FLASK_SERVER_HOST: ${_param:operations_api_bind_host}
+ OAPI_FLASK_SERVER_PORT: ${_param:operations_api_bind_port}
+ image: ${_param:docker_image_operations_api}
+ deploy:
+ replicas: ${_param:docker_operations_api_replicas}
+ restart_policy:
+ condition: any
+ ports:
+ - ${_param:haproxy_operations_api_exposed_port}:${_param:haproxy_operations_api_bind_port}
+ volumes:
+ - /srv/volumes/operations_api/logs/:/var/log/operations_api
+ cockroach-ui:
+ image: ${_param:docker_image_cockroachdb}
+ ports:
+ - ${_param:haproxy_cockroachdb_ui_exposed_port}:${_param:haproxy_cockroachdb_ui_bind_port}
+ command: start --insecure
+ cockroach-db-1:
+ image: cockroachdb/cockroach
+ command: start --insecure --join=cockroach-ui
+ depends_on:
+ - cockroach-ui
+ volumes:
+ - /srv/volumes/cockroachdb/cockroach-db-1:/cockroach/cockroach-data
+ cockroach-init:
+ environment:
+ COCKROACH_HOST: cockroach-ui
+ image: atengler/cockroach
+ deploy:
+ restart_policy:
+ condition: on-failure
+ depends_on:
+ - cockroach-db-1
+ network:
+ default:
+ external:
+ name: operations_api_backend
diff --git a/haproxy/proxy/listen/cicd/operations_api.yml b/haproxy/proxy/listen/cicd/operations_api.yml
new file mode 100644
index 0000000..14bb44a
--- /dev/null
+++ b/haproxy/proxy/listen/cicd/operations_api.yml
@@ -0,0 +1,76 @@
+parameters:
+ _param:
+ haproxy_operations_api_bind_host: ${_param:haproxy_bind_address}
+ haproxy_operations_api_bind_port: 8001
+ haproxy_operations_api_exposed_port: 18001
+ haproxy_cockroachdb_ui_bind_host: ${_param:haproxy_bind_address}
+ haproxy_cockroachdb_ui_bind_port: 8080
+ haproxy_cockroachdb_ui_exposed_port: 18080
+ haproxy_operations_api_ssl:
+ enabled: false
+ haproxy_cockroachdb_ui_ssl:
+ enabled: false
+ haproxy:
+ proxy:
+ listen:
+ operations_api:
+ mode: http
+ options:
+ - forwardfor
+ - httpchk GET /api/v1/
+ - httpclose
+ - httplog
+ balance: source
+ http_request:
+ - action: "add-header X-Forwarded-Proto https"
+ condition: "if { ssl_fc }"
+ sticks:
+ - http-check expect string 'API'
+ binds:
+ - address: ${_param:haproxy_operations_api_bind_host}
+ port: ${_param:haproxy_operations_api_bind_port}
+ ssl: ${_param:haproxy_operations_api_ssl}
+ servers:
+ - name: ${_param:cluster_node01_name}
+ host: ${_param:cluster_node01_address}
+ port: ${_param:haproxy_operations_api_exposed_port}
+ params: check
+ - name: ${_param:cluster_node02_name}
+ host: ${_param:cluster_node02_address}
+ port: ${_param:haproxy_operations_api_exposed_port}
+ params: backup check
+ - name: ${_param:cluster_node03_name}
+ host: ${_param:cluster_node03_address}
+ port: ${_param:haproxy_operations_api_exposed_port}
+ params: backup check
+ cockroachdb_ui:
+ mode: http
+ balance: source
+ options:
+ - forwardfor
+ - httpchk GET /#/overview/list
+ - httpclose
+ - httplog
+ balance: source
+ http_request:
+ - action: "add-header X-Forwarded-Proto https"
+ condition: "if { ssl_fc }"
+ sticks:
+ - http-check expect string 'CLUSTER OVERVIEW'
+ binds:
+ - address: ${_param:haproxy_cockroachdb_ui_bind_host}
+ port: ${_param:haproxy_cockroachdb_ui_bind_port}
+ ssl: ${_param:haproxy_cockroachdb_ui_ssl}
+ servers:
+ - name: ${_param:cluster_node01_name}
+ host: ${_param:cluster_node01_address}
+ port: ${_param:haproxy_cockroachdb_ui_exposed_port}
+ params: check
+ - name: ${_param:cluster_node02_name}
+ host: ${_param:cluster_node02_address}
+ port: ${_param:haproxy_cockroachdb_ui_exposed_port}
+ params: backup check
+ - name: ${_param:cluster_node03_name}
+ host: ${_param:cluster_node03_address}
+ port: ${_param:haproxy_cockroachdb_ui_exposed_port}
+ params: backup check
diff --git a/jenkins/client/job/deploy/update/kubernetes_update.yml b/jenkins/client/job/deploy/update/kubernetes_update.yml
index 11279ed..4100384 100644
--- a/jenkins/client/job/deploy/update/kubernetes_update.yml
+++ b/jenkins/client/job/deploy/update/kubernetes_update.yml
@@ -26,11 +26,11 @@
param:
KUBERNETES_HYPERKUBE_IMAGE:
type: string
- default: "${_param:kubernetes_hyperkube_repo}/hyperkube-amd64:v1.10.4-4"
+ default: "${_param:kubernetes_hyperkube_repo}/hyperkube-amd64:v1.11.3-2"
description: "Versioned image to update control plane from. Should be null if update rolling via reclass-system level"
KUBERNETES_PAUSE_IMAGE:
type: string
- default: "${_param:kubernetes_hyperkube_repo}/pause-amd64:v1.10.4-4"
+ default: "${_param:kubernetes_hyperkube_repo}/pause-amd64:v1.11.3-2"
description: "Versioned pause image to use in deployments. Should be null if update rolling via reclass-system level"
SALT_MASTER_URL:
type: string
@@ -60,5 +60,21 @@
description: "Salt targeted kubernetes CTL nodes (ex. I@kubernetes:master). Kubernetes control plane"
CMP_TARGET:
type: string
- default: "cmp* and I@kubernetes:pool"
+ default: "I@kubernetes:pool and not I@kubernetes:master"
description: "Salt targeted compute nodes (ex. 'cmp* and I@kubernetes:pool') Kubernetes computes"
+ CONFORMANCE_RUN_AFTER:
+ type: boolean
+ default: "false"
+ description: "Run conformance tests after upgrade"
+ CONFORMANCE_RUN_BEFORE:
+ type: boolean
+ default: "false"
+ description: "Run conformance tests before upgrade"
+ TEST_K8S_API_SERVER:
+ type: string
+ default: "http://127.0.0.1:8080"
+ description: "Local kubernetes apiserver variable for conformance tests"
+ ARTIFACTORY_URL:
+ type: string
+ default: "docker-prod-local.docker.mirantis.com"
+ description: "Artifactory URL where docker images located. Needed to correctly fetch conformance images."
diff --git a/opencontrail/control/analytics.yml b/opencontrail/control/analytics.yml
index 6e56936..36781c2 100644
--- a/opencontrail/control/analytics.yml
+++ b/opencontrail/control/analytics.yml
@@ -33,6 +33,7 @@
network:
host: ${_param:opencontrail_control_address}
collector:
+ role: ${_param:opencontrail_node_role}
discovery:
host: ${_param:opencontrail_control_address}
database:
diff --git a/opencontrail/control/analytics4_0.yml b/opencontrail/control/analytics4_0.yml
index bfdbadb..f0cf352 100644
--- a/opencontrail/control/analytics4_0.yml
+++ b/opencontrail/control/analytics4_0.yml
@@ -39,6 +39,7 @@
network:
host: ${_param:openstack_control_address}
collector:
+ role: ${_param:opencontrail_node_role}
config_only: true
discovery:
host: None
diff --git a/opencontrail/control/control.yml b/opencontrail/control/control.yml
index e846f5d..4719dff 100644
--- a/opencontrail/control/control.yml
+++ b/opencontrail/control/control.yml
@@ -30,6 +30,8 @@
identity:
region: ${_param:openstack_region}
host: ${_param:openstack_control_address}
+ control:
+ role: ${_param:opencontrail_node_role}
web:
analytics:
host: ${_param:opencontrail_analytics_address}
diff --git a/opencontrail/control/control4_0.yml b/opencontrail/control/control4_0.yml
index 8572553..09b1e12 100644
--- a/opencontrail/control/control4_0.yml
+++ b/opencontrail/control/control4_0.yml
@@ -47,6 +47,7 @@
region: ${_param:openstack_region}
host: ${_param:openstack_control_address}
control:
+ role: ${_param:opencontrail_node_role}
config_only: true
analytics:
members:
diff --git a/reclass/storage/system/opencontrail_analytics_cluster.yml b/reclass/storage/system/opencontrail_analytics_cluster.yml
index 400853e..1027904 100644
--- a/reclass/storage/system/opencontrail_analytics_cluster.yml
+++ b/reclass/storage/system/opencontrail_analytics_cluster.yml
@@ -18,6 +18,7 @@
single_address: ${_param:opencontrail_analytics_node01_address}
keepalived_vip_priority: 103
opencontrail_database_id: 1
+ opencontrail_node_role: primary
opencontrail_analytics_node02:
name: ${_param:opencontrail_analytics_node02_hostname}
domain: ${_param:cluster_domain}
@@ -29,6 +30,7 @@
single_address: ${_param:opencontrail_analytics_node02_address}
keepalived_vip_priority: 102
opencontrail_database_id: 2
+ opencontrail_node_role: secondary
opencontrail_analytics_node03:
name: ${_param:opencontrail_analytics_node03_hostname}
domain: ${_param:cluster_domain}
@@ -40,3 +42,4 @@
single_address: ${_param:opencontrail_analytics_node03_address}
keepalived_vip_priority: 101
opencontrail_database_id: 3
+ opencontrail_node_role: secondary
diff --git a/reclass/storage/system/opencontrail_control_cluster.yml b/reclass/storage/system/opencontrail_control_cluster.yml
index f752c83..64214e1 100644
--- a/reclass/storage/system/opencontrail_control_cluster.yml
+++ b/reclass/storage/system/opencontrail_control_cluster.yml
@@ -18,6 +18,7 @@
single_address: ${_param:opencontrail_control_node01_address}
keepalived_vip_priority: 103
opencontrail_database_id: 1
+ opencontrail_node_role: primary
opencontrail_control_node02:
name: ${_param:opencontrail_control_node02_hostname}
domain: ${_param:cluster_domain}
@@ -29,6 +30,7 @@
single_address: ${_param:opencontrail_control_node02_address}
keepalived_vip_priority: 102
opencontrail_database_id: 2
+ opencontrail_node_role: secondary
opencontrail_control_node03:
name: ${_param:opencontrail_control_node03_hostname}
domain: ${_param:cluster_domain}
@@ -40,3 +42,4 @@
single_address: ${_param:opencontrail_control_node03_address}
keepalived_vip_priority: 101
opencontrail_database_id: 3
+ opencontrail_node_role: secondary
diff --git a/reclass/storage/system/opencontrail_gateway_single.yml b/reclass/storage/system/opencontrail_gateway_single.yml
index 30c7043..a545465 100644
--- a/reclass/storage/system/opencontrail_gateway_single.yml
+++ b/reclass/storage/system/opencontrail_gateway_single.yml
@@ -14,3 +14,4 @@
salt_master_host: ${_param:reclass_config_master}
linux_system_codename: ${_param:opencontrail_gateway_system_codename}
single_address: ${_param:opencontrail_gateway_address}
+ opencontrail_node_role: primary
\ No newline at end of file
diff --git a/reclass/storage/system/opencontrail_tor_cluster.yml b/reclass/storage/system/opencontrail_tor_cluster.yml
index 1fa2ad0..513b83f 100644
--- a/reclass/storage/system/opencontrail_tor_cluster.yml
+++ b/reclass/storage/system/opencontrail_tor_cluster.yml
@@ -19,6 +19,7 @@
single_address: ${_param:opencontrail_tor01_node01_address}
tenant_address: ${_param:opencontrail_tor01_node01_tenant_address}
keepalived_vip_priority: 103
+ opencontrail_node_role: primary
opencontrail_tor01_node02:
name: ${_param:opencontrail_tor01_node02_hostname}
domain: ${_param:cluster_domain}
@@ -30,3 +31,4 @@
single_address: ${_param:opencontrail_tor01_node02_address}
tenant_address: ${_param:opencontrail_tor01_node02_tenant_address}
keepalived_vip_priority: 102
+ opencontrail_node_role: secondary