Merge "Add hotfix|update for openstack repos"
diff --git a/artifactory/client/init.yml b/artifactory/client/init.yml
index bd69bd3..381681e 100644
--- a/artifactory/client/init.yml
+++ b/artifactory/client/init.yml
@@ -329,7 +329,8 @@
           pypi-remote:
             rclass: remote
             packageType: pypi
-            url: https://pypi.python.org
+            url: https://files.pythonhosted.org
+            pyPIRegistryUrl: https://pypi.org
             unusedArtifactsCleanupEnabled: true
             unusedArtifactsCleanupPeriodHours: 720
 
diff --git a/docker/swarm/network/operations_api_backend.yml b/docker/swarm/network/operations_api_backend.yml
new file mode 100644
index 0000000..f23c239
--- /dev/null
+++ b/docker/swarm/network/operations_api_backend.yml
@@ -0,0 +1,10 @@
+parameters:
+  _param:
+    docker_operations_api_network_subnet: 10.80.0.0/24
+  docker:
+    client:
+      network:
+        operations_api_backend:
+          subnet: ${_param:docker_operations_api_network_subnet}
+          driver: overlay
+          attachable: true
diff --git a/docker/swarm/stack/operations_api.yml b/docker/swarm/stack/operations_api.yml
new file mode 100644
index 0000000..fff4f18
--- /dev/null
+++ b/docker/swarm/stack/operations_api.yml
@@ -0,0 +1,70 @@
+parameters:
+  _param:
+    docker_operations_api_replicas: 1
+    docker_image_operations_api: mirantis/python-operations-api:latest
+    operations_api_sqlalchemy_database_uri: "cockroachdb://oapi@cockroach-ui:26257/oapi"
+    operations_api_sqlalchemy_echo: "false"
+    operations_api_flask_debug: "false"
+    operations_api_bind_host: 0.0.0.0
+    operations_api_bind_port: ${_param:haproxy_operations_api_bind_port}
+    docker_image_cockroachdb: cockroachdb/cockroach:latest
+    operations_api_keycloak_url: "http://${_param:single_address}:${_param:haproxy_keycloak_exposed_port}"
+  docker:
+    client:
+      stack:
+        operations_api:
+          service:
+            operations-api:
+              environment:
+                OAPI_OIDC_CLIENT_SECRETS_OVERRIDE: '
+                  {
+                    "web": {
+                        "client_id": "operations-api",
+                        "client_secret": "${_param:keycloak_operations_api_client_secret}",
+                        "auth_uri": "${_param:operations_api_keycloak_url}/auth/realms/drivetrain-realm/protocol/openid-connect/auth",
+                        "token_uri": "${_param:operations_api_keycloak_url}/auth/realms/drivetrain-realm/protocol/openid-connect/token",
+                        "token_introspection_uri": "${_param:operations_api_keycloak_url}/auth/realms/drivetrain-realm/protocol/openid-connect/token/introspect",
+                        "issuer": "${_param:operations_api_keycloak_url}/auth/realms/drivetrain-realm",
+                        "userinfo_uri": "${_param:operations_api_keycloak_url}/auth/realms/drivetrain-realm/protocol/openid-connect/userinfo"
+                    }
+                  }'
+                OAPI_SQLALCHEMY_DATABASE_URI: ${_param:operations_api_sqlalchemy_database_uri}
+                OAPI_SQLALCHEMY_ECHO: ${_param:operations_api_sqlalchemy_echo}
+                OAPI_FLASK_DEBUG: ${_param:operations_api_flask_debug}
+                OAPI_FLASK_SECRET_KEY: ${_param:operations_api_flask_secret_key}
+                OAPI_FLASK_SERVER_HOST: ${_param:operations_api_bind_host}
+                OAPI_FLASK_SERVER_PORT: ${_param:operations_api_bind_port}
+              image: ${_param:docker_image_operations_api}
+              deploy:
+                replicas: ${_param:docker_operations_api_replicas}
+                restart_policy:
+                  condition: any
+              ports:
+                - ${_param:haproxy_operations_api_exposed_port}:${_param:haproxy_operations_api_bind_port}
+              volumes:
+                - /srv/volumes/operations_api/logs/:/var/log/operations_api
+            cockroach-ui:
+              image: ${_param:docker_image_cockroachdb}
+              ports:
+                - ${_param:haproxy_cockroachdb_ui_exposed_port}:${_param:haproxy_cockroachdb_ui_bind_port}
+              command: start --insecure
+            cockroach-db-1:
+              image: cockroachdb/cockroach
+              command: start --insecure --join=cockroach-ui
+              depends_on:
+                - cockroach-ui
+              volumes:
+                - /srv/volumes/cockroachdb/cockroach-db-1:/cockroach/cockroach-data
+            cockroach-init:
+              environment:
+                COCKROACH_HOST: cockroach-ui
+              image: atengler/cockroach
+              deploy:
+                restart_policy:
+                  condition: on-failure
+              depends_on:
+                - cockroach-db-1
+          network:
+            default:
+              external:
+                name: operations_api_backend
diff --git a/haproxy/proxy/listen/cicd/operations_api.yml b/haproxy/proxy/listen/cicd/operations_api.yml
new file mode 100644
index 0000000..14bb44a
--- /dev/null
+++ b/haproxy/proxy/listen/cicd/operations_api.yml
@@ -0,0 +1,76 @@
+parameters:
+  _param:
+    haproxy_operations_api_bind_host: ${_param:haproxy_bind_address}
+    haproxy_operations_api_bind_port: 8001
+    haproxy_operations_api_exposed_port: 18001
+    haproxy_cockroachdb_ui_bind_host: ${_param:haproxy_bind_address}
+    haproxy_cockroachdb_ui_bind_port: 8080
+    haproxy_cockroachdb_ui_exposed_port: 18080
+    haproxy_operations_api_ssl:
+      enabled: false
+    haproxy_cockroachdb_ui_ssl:
+      enabled: false
+  haproxy:
+    proxy:
+      listen:
+        operations_api:
+          mode: http
+          options:
+            - forwardfor
+            - httpchk GET /api/v1/
+            - httpclose
+            - httplog
+          balance: source
+          http_request:
+            - action: "add-header X-Forwarded-Proto https"
+              condition: "if { ssl_fc }"
+          sticks:
+          - http-check expect string 'API'
+          binds:
+            - address: ${_param:haproxy_operations_api_bind_host}
+              port: ${_param:haproxy_operations_api_bind_port}
+              ssl: ${_param:haproxy_operations_api_ssl}
+          servers:
+            - name: ${_param:cluster_node01_name}
+              host: ${_param:cluster_node01_address}
+              port: ${_param:haproxy_operations_api_exposed_port}
+              params: check
+            - name: ${_param:cluster_node02_name}
+              host: ${_param:cluster_node02_address}
+              port: ${_param:haproxy_operations_api_exposed_port}
+              params: backup check
+            - name: ${_param:cluster_node03_name}
+              host: ${_param:cluster_node03_address}
+              port: ${_param:haproxy_operations_api_exposed_port}
+              params: backup check
+        cockroachdb_ui:
+          mode: http
+          balance: source
+          options:
+            - forwardfor
+            - httpchk GET /#/overview/list
+            - httpclose
+            - httplog
+          balance: source
+          http_request:
+            - action: "add-header X-Forwarded-Proto https"
+              condition: "if { ssl_fc }"
+          sticks:
+          - http-check expect string 'CLUSTER OVERVIEW'
+          binds:
+            - address: ${_param:haproxy_cockroachdb_ui_bind_host}
+              port: ${_param:haproxy_cockroachdb_ui_bind_port}
+              ssl: ${_param:haproxy_cockroachdb_ui_ssl}
+          servers:
+            - name: ${_param:cluster_node01_name}
+              host: ${_param:cluster_node01_address}
+              port: ${_param:haproxy_cockroachdb_ui_exposed_port}
+              params: check
+            - name: ${_param:cluster_node02_name}
+              host: ${_param:cluster_node02_address}
+              port: ${_param:haproxy_cockroachdb_ui_exposed_port}
+              params: backup check
+            - name: ${_param:cluster_node03_name}
+              host: ${_param:cluster_node03_address}
+              port: ${_param:haproxy_cockroachdb_ui_exposed_port}
+              params: backup check
diff --git a/jenkins/client/job/deploy/update/kubernetes_update.yml b/jenkins/client/job/deploy/update/kubernetes_update.yml
index 11279ed..4100384 100644
--- a/jenkins/client/job/deploy/update/kubernetes_update.yml
+++ b/jenkins/client/job/deploy/update/kubernetes_update.yml
@@ -26,11 +26,11 @@
           param:
             KUBERNETES_HYPERKUBE_IMAGE:
               type: string
-              default: "${_param:kubernetes_hyperkube_repo}/hyperkube-amd64:v1.10.4-4"
+              default: "${_param:kubernetes_hyperkube_repo}/hyperkube-amd64:v1.11.3-2"
               description: "Versioned image to update control plane from. Should be null if update rolling via reclass-system level"
             KUBERNETES_PAUSE_IMAGE:
               type: string
-              default: "${_param:kubernetes_hyperkube_repo}/pause-amd64:v1.10.4-4"
+              default: "${_param:kubernetes_hyperkube_repo}/pause-amd64:v1.11.3-2"
               description: "Versioned pause image to use in deployments. Should be null if update rolling via reclass-system level"
             SALT_MASTER_URL:
               type: string
@@ -60,5 +60,21 @@
               description: "Salt targeted kubernetes CTL nodes (ex. I@kubernetes:master). Kubernetes control plane"
             CMP_TARGET:
               type: string
-              default: "cmp* and I@kubernetes:pool"
+              default: "I@kubernetes:pool and not I@kubernetes:master"
               description: "Salt targeted compute nodes (ex. 'cmp* and I@kubernetes:pool') Kubernetes computes"
+            CONFORMANCE_RUN_AFTER:
+              type: boolean
+              default: "false"
+              description: "Run conformance tests after upgrade"
+            CONFORMANCE_RUN_BEFORE:
+              type: boolean
+              default: "false"
+              description: "Run conformance tests before upgrade"
+            TEST_K8S_API_SERVER:
+              type: string
+              default: "http://127.0.0.1:8080"
+              description: "Local kubernetes apiserver variable for conformance tests"
+            ARTIFACTORY_URL:
+              type: string
+              default: "docker-prod-local.docker.mirantis.com"
+              description: "Artifactory URL where docker images located. Needed to correctly fetch conformance images."
diff --git a/opencontrail/control/analytics.yml b/opencontrail/control/analytics.yml
index 6e56936..36781c2 100644
--- a/opencontrail/control/analytics.yml
+++ b/opencontrail/control/analytics.yml
@@ -33,6 +33,7 @@
       network:
         host: ${_param:opencontrail_control_address}
     collector:
+      role: ${_param:opencontrail_node_role}
       discovery:
         host: ${_param:opencontrail_control_address}
     database:
diff --git a/opencontrail/control/analytics4_0.yml b/opencontrail/control/analytics4_0.yml
index bfdbadb..f0cf352 100644
--- a/opencontrail/control/analytics4_0.yml
+++ b/opencontrail/control/analytics4_0.yml
@@ -39,6 +39,7 @@
       network:
         host: ${_param:openstack_control_address}
     collector:
+      role: ${_param:opencontrail_node_role}
       config_only: true
       discovery:
         host: None
diff --git a/opencontrail/control/control.yml b/opencontrail/control/control.yml
index e846f5d..4719dff 100644
--- a/opencontrail/control/control.yml
+++ b/opencontrail/control/control.yml
@@ -30,6 +30,8 @@
       identity:
         region: ${_param:openstack_region}
         host: ${_param:openstack_control_address}
+    control:
+      role: ${_param:opencontrail_node_role}
     web:
       analytics:
         host: ${_param:opencontrail_analytics_address}
diff --git a/opencontrail/control/control4_0.yml b/opencontrail/control/control4_0.yml
index 8572553..09b1e12 100644
--- a/opencontrail/control/control4_0.yml
+++ b/opencontrail/control/control4_0.yml
@@ -47,6 +47,7 @@
         region: ${_param:openstack_region}
         host: ${_param:openstack_control_address}
     control:
+      role: ${_param:opencontrail_node_role}
       config_only: true
       analytics:
         members:
diff --git a/reclass/storage/system/opencontrail_analytics_cluster.yml b/reclass/storage/system/opencontrail_analytics_cluster.yml
index 400853e..1027904 100644
--- a/reclass/storage/system/opencontrail_analytics_cluster.yml
+++ b/reclass/storage/system/opencontrail_analytics_cluster.yml
@@ -18,6 +18,7 @@
             single_address: ${_param:opencontrail_analytics_node01_address}
             keepalived_vip_priority: 103
             opencontrail_database_id: 1
+            opencontrail_node_role: primary
         opencontrail_analytics_node02:
           name: ${_param:opencontrail_analytics_node02_hostname}
           domain: ${_param:cluster_domain}
@@ -29,6 +30,7 @@
             single_address: ${_param:opencontrail_analytics_node02_address}
             keepalived_vip_priority: 102
             opencontrail_database_id: 2
+            opencontrail_node_role: secondary
         opencontrail_analytics_node03:
           name: ${_param:opencontrail_analytics_node03_hostname}
           domain: ${_param:cluster_domain}
@@ -40,3 +42,4 @@
             single_address: ${_param:opencontrail_analytics_node03_address}
             keepalived_vip_priority: 101
             opencontrail_database_id: 3
+            opencontrail_node_role: secondary
diff --git a/reclass/storage/system/opencontrail_control_cluster.yml b/reclass/storage/system/opencontrail_control_cluster.yml
index f752c83..64214e1 100644
--- a/reclass/storage/system/opencontrail_control_cluster.yml
+++ b/reclass/storage/system/opencontrail_control_cluster.yml
@@ -18,6 +18,7 @@
             single_address: ${_param:opencontrail_control_node01_address}
             keepalived_vip_priority: 103
             opencontrail_database_id: 1
+            opencontrail_node_role: primary
         opencontrail_control_node02:
           name: ${_param:opencontrail_control_node02_hostname}
           domain: ${_param:cluster_domain}
@@ -29,6 +30,7 @@
             single_address: ${_param:opencontrail_control_node02_address}
             keepalived_vip_priority: 102
             opencontrail_database_id: 2
+            opencontrail_node_role: secondary
         opencontrail_control_node03:
           name: ${_param:opencontrail_control_node03_hostname}
           domain: ${_param:cluster_domain}
@@ -40,3 +42,4 @@
             single_address: ${_param:opencontrail_control_node03_address}
             keepalived_vip_priority: 101
             opencontrail_database_id: 3
+            opencontrail_node_role: secondary
diff --git a/reclass/storage/system/opencontrail_gateway_single.yml b/reclass/storage/system/opencontrail_gateway_single.yml
index 30c7043..a545465 100644
--- a/reclass/storage/system/opencontrail_gateway_single.yml
+++ b/reclass/storage/system/opencontrail_gateway_single.yml
@@ -14,3 +14,4 @@
             salt_master_host: ${_param:reclass_config_master}
             linux_system_codename: ${_param:opencontrail_gateway_system_codename}
             single_address: ${_param:opencontrail_gateway_address}
+            opencontrail_node_role: primary
\ No newline at end of file
diff --git a/reclass/storage/system/opencontrail_tor_cluster.yml b/reclass/storage/system/opencontrail_tor_cluster.yml
index 1fa2ad0..513b83f 100644
--- a/reclass/storage/system/opencontrail_tor_cluster.yml
+++ b/reclass/storage/system/opencontrail_tor_cluster.yml
@@ -19,6 +19,7 @@
             single_address: ${_param:opencontrail_tor01_node01_address}
             tenant_address: ${_param:opencontrail_tor01_node01_tenant_address}
             keepalived_vip_priority: 103
+            opencontrail_node_role: primary
         opencontrail_tor01_node02:
           name: ${_param:opencontrail_tor01_node02_hostname}
           domain: ${_param:cluster_domain}
@@ -30,3 +31,4 @@
             single_address: ${_param:opencontrail_tor01_node02_address}
             tenant_address: ${_param:opencontrail_tor01_node02_tenant_address}
             keepalived_vip_priority: 102
+            opencontrail_node_role: secondary