Merge "update services team"
diff --git a/.releasenotes/notes/add-prometheus-relay-df282e14ed88da8c.yaml b/.releasenotes/notes/add-prometheus-relay-df282e14ed88da8c.yaml
new file mode 100644
index 0000000..e9db668
--- /dev/null
+++ b/.releasenotes/notes/add-prometheus-relay-df282e14ed88da8c.yaml
@@ -0,0 +1,10 @@
+---
+summary: >
+ Added the Prometheus Relay service
+
+features:
+ - Added the Prometheus Relay service. The Prometheus Relay service is
+ responsible for getting PromQL queries from external components,
+ such as Grafana, passing them to all discovered Prometheus servers,
+ merging the results and returning the data. Prometheus Relay can be
+ used to handle Prometheus high availability or sharding.
diff --git a/.releasenotes/notes/add_ssl_support_oss-ea1eb1e086d08e3c.yaml b/.releasenotes/notes/add_ssl_support_oss-ea1eb1e086d08e3c.yaml
new file mode 100644
index 0000000..b74bc21
--- /dev/null
+++ b/.releasenotes/notes/add_ssl_support_oss-ea1eb1e086d08e3c.yaml
@@ -0,0 +1,66 @@
+---
+summary: >
+ Added SSL support for cloud-monitoring services
+
+upgrades:
+ - |
+ Added SSL support for the following cloud-monitoring services:
+
+ * Rundeck CIS Collectors
+
+ To provide ssl support for CIS, set up ``cert`` and ``ssl_cert_file``
+ on a cluster level metadata:
+
+ .. code-block:: yaml
+
+ rundeck_cis_openstack:
+ auth_url: ${_param:oss_openstack_auth_url}/auth/tokens
+ username: ${_param:oss_openstack_username}
+ password: ${_param:oss_openstack_password}
+ cert: |
+ -----BEGIN CERTIFICATE-----
+ MIIE0DCCA7igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx
+ -----END CERTIFICATE-----
+ ssl_cert_file: cert.pem
+
+ If all parameters are defined properly, Rundeck enables the ssl support
+ automatically.
+
+ * Cleanup Service
+
+ To provide ssl support for Cleanup Service, specify the cert path
+ and set the ``ssl_verify`` variable to ``True`` on a cluster level
+ metadata:
+
+ .. code-block:: yaml
+
+ janitor_monkey_openstack:
+ username: ${_param:oss_openstack_username}
+ password: ${_param:oss_openstack_password}
+ auth_url: ${_param:oss_openstack_auth_url}
+ ssl_verify: True
+ cacert_path: ${_param:oss_openstack_cert_path}
+
+ * Security Audit Service
+
+ To provide ssl support for Security audit Service, provide cert path,
+ set the ``ssl_verify`` variable to ``True``, and select the endpoint
+ type for cloud connections on a cluster level metadata:
+
+ .. code-block:: yaml
+
+ security_monkey_openstack:
+ username: ${_param:oss_openstack_username}
+ password: ${_param:oss_openstack_password}
+ auth_url: ${_param:oss_openstack_auth_url}
+ ssl_verify: True
+ endpoint_type: public
+ cacert_path: ${_param:oss_openstack_cert_path}
+
+ .. note:: By default, the ``cacert_path`` variable is defined as
+ follows:
+
+ .. code-block:: yaml
+
+ oss_openstack_cert_path: /srv/volumes/rundeck/storage/content/keys/cis/openstack/cert.pem
+
diff --git a/.releasenotes/notes/spawn-multiple-replicas-prometheus-b80eaede9c19b8cd.yaml b/.releasenotes/notes/spawn-multiple-replicas-prometheus-b80eaede9c19b8cd.yaml
new file mode 100644
index 0000000..df15d71
--- /dev/null
+++ b/.releasenotes/notes/spawn-multiple-replicas-prometheus-b80eaede9c19b8cd.yaml
@@ -0,0 +1,15 @@
+---
+summary: >
+ Spawned two replicas of Prometheus to provide HA
+
+features:
+ - Spawned two replicas of Prometheus inside Docker Swarm.
+ These two instances have the same configuration file
+ and scrape the same endpoints. Therefore, they can be
+ treated as one-to-one copies.
+ Due to a limitation, when connecting to the Prometheus
+ web UI it is not possible to choose to which of the
+ existing Prometheus servers to connect and those
+ servers may contain slightly different results for the
+ same queries. Therefore, we suggest that you use Grafana
+ to visualize the data.
diff --git a/docker/init.yml b/docker/init.yml
new file mode 100644
index 0000000..8ef5e2c
--- /dev/null
+++ b/docker/init.yml
@@ -0,0 +1,6 @@
+parameters:
+ _param:
+ http_proxy: ""
+ docker_http_proxy: ${_param:http_proxy}
+ docker_https_proxy: ${_param:docker_http_proxy}
+ docker_no_proxy: ""
diff --git a/docker/swarm/stack/aptly.yml b/docker/swarm/stack/aptly.yml
index 5570c40..36c719b 100644
--- a/docker/swarm/stack/aptly.yml
+++ b/docker/swarm/stack/aptly.yml
@@ -1,3 +1,5 @@
+classes:
+- system.docker
parameters:
_param:
docker_image_aptly:
@@ -9,6 +11,8 @@
aptly:
environment:
EMAIL_ADDRESS: ${_param:admin_email}
+ https_proxy: ${_param:docker_https_proxy}
+ http_proxy: ${_param:docker_http_proxy}
service:
api:
deploy:
diff --git a/docker/swarm/stack/gerrit.yml b/docker/swarm/stack/gerrit.yml
index 95bc233..49d0a11 100644
--- a/docker/swarm/stack/gerrit.yml
+++ b/docker/swarm/stack/gerrit.yml
@@ -1,3 +1,5 @@
+classes:
+- system.docker
parameters:
_param:
docker_image_gerrit: tcpcloud/gerrit:2.13.6
@@ -8,6 +10,7 @@
gerrit_ldap_account_base: ""
gerrit_ldap_group_base: ""
gerrit_http_listen_url: http://*:8080/
+ gerrit_extra_opts: ""
docker:
client:
stack:
@@ -45,6 +48,10 @@
GERRIT_ADMIN_PWD: ${_param:gerrit_admin_password}
GERRIT_ADMIN_EMAIL: ${_param:gerrit_admin_email}
CANLOADINIFRAME: "true"
+ JAVA_OPTIONS: ${_param:gerrit_extra_opts}
+ https_proxy: ${_param:docker_https_proxy}
+ http_proxy: ${_param:docker_http_proxy}
+ no_proxy: ${_param:docker_no_proxy}
db:
environment:
MYSQL_USER: gerrit
diff --git a/docker/swarm/stack/janitor_monkey.yml b/docker/swarm/stack/janitor_monkey.yml
index 08fdb5c..ffea607 100644
--- a/docker/swarm/stack/janitor_monkey.yml
+++ b/docker/swarm/stack/janitor_monkey.yml
@@ -22,6 +22,10 @@
janitor_monkey_elasticsearch: ${_param:elasticsearch_bind_host}:${_param:elasticsearch_binary_bind_port}
janitor_monkey_cloudfire_region: RegionOne
janitor_monkey_cis_clustername: ${_param:elasticsearch_cluster_name}
+ janitor_monkey_instance_age_threshold: 15
+ janitor_monkey_notification_oss_url: http://${_param:haproxy_pushkin_bind_host}:${_param:haproxy_pushkin_bind_port}/post_notification_json
+ janitor_monkey_notification_oss_login_id: 12
+ janitor_monkey_notification_oss_application_id: 2
janitor_monkey_openstack:
project_domain_name: default
project_name: admin
@@ -58,6 +62,10 @@
simianarmy.client.cloudfire.project: ${_param:janitor_monkey_openstack:project_name}
simianarmy.client.cloudfire.SSLVerify: ${_param:janitor_monkey_openstack:ssl_verify}
simianarmy.client.cloudfire.cafile: ${_param:janitor_monkey_openstack:cafile}
+ simianarmy.janitor.rule.stoppedInstanceRule.instanceAgeThreshold: ${_param:janitor_monkey_instance_age_threshold}
+ simianarmy.janitor.notification.oss.url: ${_param:janitor_monkey_notification_oss_url}
+ simianarmy.janitor.notification.oss.login_id: ${_param:janitor_monkey_notification_oss_login_id}
+ simianarmy.janitor.notification.oss.application_id: ${_param:janitor_monkey_notification_oss_application_id}
service:
cleanup-service-mongodb:
image: ${_param:docker_image_mongodb}
diff --git a/docker/swarm/stack/jenkins/master.yml b/docker/swarm/stack/jenkins/master.yml
index 33ade24..f40d6cd 100644
--- a/docker/swarm/stack/jenkins/master.yml
+++ b/docker/swarm/stack/jenkins/master.yml
@@ -1,3 +1,5 @@
+classes:
+- system.docker
parameters:
_param:
docker_image_jenkins: tcpcloud/jenkins:2.73
@@ -13,6 +15,9 @@
JENKINS_HOME: /var/jenkins_home
JAVA_OPTS: " -server -XX:+AlwaysPreTouch -Xloggc:$JENKINS_HOME/gc-%t.log -XX:NumberOfGCLogFiles=5 -XX:+UseGCLogFileRotation -XX:GCLogFileSize=20m -XX:+PrintGC -XX:+PrintGCDateStamps -XX:+PrintGCDetails -XX:+PrintHeapAtGC -XX:+PrintGCCause -XX:+PrintTenuringDistribution -XX:+PrintReferenceGC -XX:+PrintAdaptiveSizePolicy -XX:+UseG1GC -XX:+ExplicitGCInvokesConcurrent -XX:+ParallelRefProcEnabled -XX:+UseStringDeduplication -XX:+UnlockExperimentalVMOptions -XX:G1NewSizePercent=20 -XX:+UnlockDiagnosticVMOptions -XX:G1SummarizeRSetStatsPeriod=1 -Djenkins.install.runSetupWizard=false -Dhudson.DNSMultiCast.disabled=true -Dhudson.udp=-1 -Dhudson.footerURL=https://www.mirantis.com ${_param:jenkins_master_extra_opts}"
JENKINS_NUM_EXECUTORS: ${_param:jenkins_master_executors_num}
+ https_proxy: ${_param:docker_https_proxy}
+ http_proxy: ${_param:docker_http_proxy}
+ no_proxy: ${_param:docker_no_proxy}
deploy:
restart_policy:
condition: any
diff --git a/docker/swarm/stack/jenkins/slave.yml b/docker/swarm/stack/jenkins/slave.yml
index fc281b7..12a14d4 100644
--- a/docker/swarm/stack/jenkins/slave.yml
+++ b/docker/swarm/stack/jenkins/slave.yml
@@ -1,3 +1,5 @@
+classes:
+- system.docker
parameters:
_param:
docker_image_jenkins_slave: tcpcloud/jnlp-slave
@@ -7,6 +9,7 @@
jenkins_master_url: http://${_param:jenkins_master_host}:${_param:jenkins_master_port}
jenkins_slave_user: ${_param:jenkins_client_user}
jenkins_slave_password: ${_param:jenkins_client_password}
+ jenkins_slave_extra_opts: ""
docker:
client:
stack:
@@ -19,6 +22,10 @@
JENKINS_UPDATE_SLAVE: 'true'
JENKINS_LOGIN: ${_param:jenkins_slave_user}
JENKINS_PASSWORD: ${_param:jenkins_slave_password}
+ JAVA_OPTS: ${_param:jenkins_slave_extra_opts}
+ https_proxy: ${_param:docker_https_proxy}
+ http_proxy: ${_param:docker_http_proxy}
+ no_proxy: ${_param:docker_no_proxy}
deploy:
restart_policy:
condition: any
@@ -39,6 +46,10 @@
JENKINS_UPDATE_SLAVE: 'true'
JENKINS_LOGIN: ${_param:jenkins_slave_user}
JENKINS_PASSWORD: ${_param:jenkins_slave_password}
+ JAVA_OPTS: ${_param:jenkins_slave_extra_opts}
+ https_proxy: ${_param:docker_https_proxy}
+ http_proxy: ${_param:docker_http_proxy}
+ no_proxy: ${_param:docker_no_proxy}
deploy:
restart_policy:
condition: any
@@ -59,6 +70,10 @@
JENKINS_UPDATE_SLAVE: 'true'
JENKINS_LOGIN: ${_param:jenkins_slave_user}
JENKINS_PASSWORD: ${_param:jenkins_slave_password}
+ JAVA_OPTS: ${_param:jenkins_slave_extra_opts}
+ https_proxy: ${_param:docker_https_proxy}
+ http_proxy: ${_param:docker_http_proxy}
+ no_proxy: ${_param:docker_no_proxy}
deploy:
restart_policy:
condition: any
diff --git a/docker/swarm/stack/monitoring/init.yml b/docker/swarm/stack/monitoring/init.yml
index 95f5f8d..e274426 100644
--- a/docker/swarm/stack/monitoring/init.yml
+++ b/docker/swarm/stack/monitoring/init.yml
@@ -15,6 +15,22 @@
driver_opts:
encrypted: 1
service:
+ relay:
+ networks:
+ - monitoring
+ deploy:
+ replicas: 2
+ labels:
+ com.mirantis.monitoring: "relay"
+ restart_policy:
+ condition: any
+ labels:
+ com.mirantis.monitoring: "relay"
+ image: ${_param:docker_image_prometheus_relay}
+ ports:
+ - 15016:8080
+ environment:
+ PROMETHEUS_RELAY_DNS: 'tasks.monitoring_server'
remote_storage_adapter:
networks:
- monitoring
@@ -81,7 +97,7 @@
networks:
- monitoring
deploy:
- replicas: 1
+ replicas: 2
labels:
com.mirantis.monitoring: "prometheus"
restart_policy:
diff --git a/docker/swarm/stack/rundeck.yml b/docker/swarm/stack/rundeck.yml
index 0710819..8ab0554 100644
--- a/docker/swarm/stack/rundeck.yml
+++ b/docker/swarm/stack/rundeck.yml
@@ -18,7 +18,7 @@
restart_policy:
condition: any
ports:
- - 14440:4440
+ - ${_param:haproxy_rundeck_exposed_port}:${_param:haproxy_rundeck_bind_port}
volumes:
- /srv/volumes/rundeck/etc/framework.properties:/etc/rundeck/framework.properties
- /srv/volumes/rundeck/etc/tokens.properties:/etc/rundeck/tokens.properties
@@ -32,4 +32,4 @@
network:
default:
external:
- name: oss_backend
\ No newline at end of file
+ name: oss_backend
diff --git a/gerrit/client/project/ci.yml b/gerrit/client/project/ci.yml
index 86ff699..3e36556 100644
--- a/gerrit/client/project/ci.yml
+++ b/gerrit/client/project/ci.yml
@@ -1,11 +1,15 @@
parameters:
+ _param:
+ gerrit_pipeline_library_repo: https://github.com/Mirantis/pipeline-library
+ gerrit_mk_pipelines_repo: https://github.com/Mirantis/mk-pipelines
+ gerrit_decapod_pipelines_repo: https://github.com/mateuszlos/decapod-pipelines
gerrit:
client:
project:
mcp-ci/pipeline-library:
enabled: true
description: Jenkins pipeline libraries
- upstream: https://github.com/Mirantis/pipeline-library
+ upstream: ${_param:gerrit_pipeline_library_repo}
access: ${gerrit:client:default_access}
require_change_id: true
require_agreement: false
@@ -13,7 +17,7 @@
mk/mk-pipelines:
enabled: true
description: Jenkins pipelines
- upstream: https://github.com/Mirantis/mk-pipelines
+ upstream: ${_param:gerrit_mk_pipelines_repo}
access: ${gerrit:client:default_access}
require_change_id: true
require_agreement: false
@@ -21,7 +25,7 @@
mk/decapod-pipelines:
enabled: true
description: Decapod jenkins pipelines
- upstream: https://github.com/mateuszlos/decapod-pipelines
+ upstream: ${_param:gerrit_decapod_pipelines_repo}
access: ${gerrit:client:default_access}
require_change_id: true
require_agreement: false
diff --git a/haproxy/proxy/listen/oss/rundeck.yml b/haproxy/proxy/listen/oss/rundeck.yml
index fbabb38..120a9ea 100644
--- a/haproxy/proxy/listen/oss/rundeck.yml
+++ b/haproxy/proxy/listen/oss/rundeck.yml
@@ -2,6 +2,7 @@
_param:
haproxy_rundeck_bind_host: ${_param:haproxy_bind_address}
haproxy_rundeck_bind_port: 4440
+ haproxy_rundeck_exposed_port: 14440
haproxy_rundeck_ssl:
enabled: false
haproxy:
@@ -25,13 +26,13 @@
servers:
- name: ${_param:cluster_node01_name}
host: ${_param:cluster_node01_address}
- port: 14440
+ port: ${_param:haproxy_rundeck_exposed_port}
params: check
- name: ${_param:cluster_node02_name}
host: ${_param:cluster_node02_address}
- port: 14440
+ port: ${_param:haproxy_rundeck_exposed_port}
params: backup check
- name: ${_param:cluster_node03_name}
host: ${_param:cluster_node03_address}
- port: 14440
+ port: ${_param:haproxy_rundeck_exposed_port}
params: backup check
diff --git a/jenkins/client/job/aptly.yml b/jenkins/client/job/aptly.yml
index c6a5755..256c04a 100644
--- a/jenkins/client/job/aptly.yml
+++ b/jenkins/client/job/aptly.yml
@@ -75,6 +75,9 @@
RECREATE:
type: boolean
default: 'false'
+ DUMP_PUBLISH:
+ type: boolean
+ default: 'true'
DIFF_ONLY:
type: boolean
default: '{{diff_only}}'
diff --git a/jenkins/client/job/deploy/lab/component/kubernetes.yml b/jenkins/client/job/deploy/lab/component/kubernetes.yml
index e2598eb..62526f7 100644
--- a/jenkins/client/job/deploy/lab/component/kubernetes.yml
+++ b/jenkins/client/job/deploy/lab/component/kubernetes.yml
@@ -35,7 +35,7 @@
job_timer: "H H(0-6) * * *"
- stack_name: k8s_ha_calico_sm
stack_env: devcloud
- stack_type: heat
+ stack_type: aws
stack_install: core,k8s,calico
stack_test: ""
job_timer: "H H(0-6) * * *"
diff --git a/jenkins/client/job/docker/build-images.yml b/jenkins/client/job/docker/build-images.yml
index ca1d058..0f2cdc9 100644
--- a/jenkins/client/job/docker/build-images.yml
+++ b/jenkins/client/job/docker/build-images.yml
@@ -54,3 +54,6 @@
DOCKER_GIT_TAG:
type: boolean
default: "true"
+ EXTRA_REPO_URL:
+ type: string
+ default: "${_param:jenkins_aptly_url}"
diff --git a/jenkins/client/job/git-mirrors/upstream/init.yml b/jenkins/client/job/git-mirrors/upstream/init.yml
index e11e63c..cc267d9 100644
--- a/jenkins/client/job/git-mirrors/upstream/init.yml
+++ b/jenkins/client/job/git-mirrors/upstream/init.yml
@@ -25,7 +25,8 @@
project:
"{{downstream}}":
branches:
- - master
+ - compare_type: "REG_EXP"
+ name: "(.*?)"
message:
build_successful: "Build successful"
build_unstable: "Build unstable"
diff --git a/jenkins/client/job/oss/init.yml b/jenkins/client/job/oss/init.yml
index f8b5bdc..9478ffd 100644
--- a/jenkins/client/job/oss/init.yml
+++ b/jenkins/client/job/oss/init.yml
@@ -1,4 +1,5 @@
classes:
- system.jenkins.client.job.oss.test_devops_portal
- system.jenkins.client.job.oss.test_devops_portal_nightly
+ - system.jenkins.client.job.oss.test_pushkin_codebase
- system.jenkins.client.job.oss.test_security_monkey_openstack
diff --git a/jenkins/client/job/oss/test_pushkin_codebase.yml b/jenkins/client/job/oss/test_pushkin_codebase.yml
new file mode 100644
index 0000000..245f1d8
--- /dev/null
+++ b/jenkins/client/job/oss/test_pushkin_codebase.yml
@@ -0,0 +1,50 @@
+parameters:
+ jenkins:
+ client:
+ job:
+ test-oss-pushkin-codebase:
+ name: test-oss-pushkin-codebase
+ discard:
+ build:
+ keep_num: 15
+ artifact:
+ keep_num: 15
+ type: workflow-scm
+ concurrent: true
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/oss/jenkins/pipelines"
+ credentials: "gerrit"
+ script: test-pushkin-pipeline.groovy
+ trigger:
+ gerrit:
+ project:
+ "oss/pushkin":
+ branches:
+ - devel
+ - master
+ skip_vote:
+ - successful
+ - failed
+ - unstable
+ - not_built
+ event:
+ patchset:
+ - created:
+ excludeDrafts: false
+ excludeTrivialRebase: false
+ excludeNoCodeChange: false
+ comment:
+ - addedContains:
+ commentAddedCommentContains: '^(?s:Patch Set \d+:.*(test|recheck|reverify)\s*)$'
+ param:
+ CREDENTIALS_ID:
+ type: string
+ default: "gerrit"
+ DEFAULT_GIT_URL:
+ type: string
+ default: "${_param:jenkins_gerrit_url}/oss/pushkin"
+ DEFAULT_GIT_REF:
+ type: string
+ default: master
+ description: "Refspec in format refs/changes/, i.e. refs/changes/32/10332/4"
diff --git a/openssh/server/team/stacklight.yml b/openssh/server/team/stacklight.yml
index 1133135..fcdbce5 100644
--- a/openssh/server/team/stacklight.yml
+++ b/openssh/server/team/stacklight.yml
@@ -18,13 +18,6 @@
full_name: Simon Pasquier
home: /home/spasquier
email: spasquier@mirantis.com
- ppetit:
- enabled: true
- name: ppetit
- sudo: true
- full_name: Patrick Petit
- home: /home/ppetit
- email: ppetit@mirantis.com
obourdon:
enabled: true
name: obourdon
@@ -111,58 +104,53 @@
public_keys:
- ${public_keys:spasquier}
user: ${linux:system:user:spasquier}
- ppetit:
- enabled: true
- public_keys:
- - ${public_keys:ppetit}
- user: ${linux:system:user:ppetit}
obourdon:
- enable: true
+ enabled: true
public_keys:
- ${public_keys:obourdon}
user: ${linux:system:user:obourdon}
dkalashnik:
- enable: true
+ enabled: true
public_keys:
- ${public_keys:dkalashnik}
user: ${linux:system:user:dkalashnik}
rpromyshlennikov:
- enable: true
+ enabled: true
public_keys:
- ${public_keys:rpromyshlennikov}
user: ${linux:system:user:rpromyshlennikov}
vgusev:
- enable: true
+ enabled: true
public_keys:
- ${public_keys:vgusev}
user: ${linux:system:user:vgusev}
mpolreich:
- enable: true
+ enabled: true
public_keys:
- ${public_keys:mpolreich}
user: ${linux:system:user:mpolreich}
isvetlov:
- enable: true
+ enabled: true
public_keys:
- ${public_keys:isvetlov}
user: ${linux:system:user:isvetlov}
akholkin:
- enable: true
+ enabled: true
public_keys:
- ${public_keys:akholkin}
user: ${linux:system:user:akholkin}
kszukielojc:
- enable: true
+ enabled: true
public_keys:
- ${public_keys:kszukielojc}
user: ${linux:system:user:kszukielojc}
isviridov:
- enable: true
+ enabled: true
public_keys:
- ${public_keys:isviridov}
user: ${linux:system:user:isviridov}
nzaporozhets:
- enable: true
+ enabled: true
public_keys:
- ${public_keys:nzaporozhets}
user: ${linux:system:user:nzaporozhets}
@@ -171,8 +159,6 @@
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC3odU+3V2uDA2ptAFL9hrJRPNEEdAyztWOZFQ5Oyd9oerTGOU3p4xmrgWWjfKFKbYGhiiIUcYAol5PkTfKukGEkkjCHYA1t023soCaaAj85wCZCnw2zQNAziwxTYmAzTqgxiSvtZNMMrtJvFHRIRDzJ3M1lV0prWNWkMM1/3FAd4W49y6VT3fkMCo8uqG7CfGdgR2DgBCxf9KaNPfW5eDEPOgmE5lK8tVSEI6T+Cg7hbcTf4lFYnlFBnlQgp/0JstsM4Vbwb4B34LOpOsf2S8rrWk2xQMjwaMHXkc2s/E8iW3F5nVFuyEXYISFQIiAHw8dzC6CHgLcyHUVWwznKawZ newt@newt-dev1
spasquier:
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXBHKQaGUNB92DsnyvflmCbmuXnkiuNahZiue3hnyXqLA2q8jmQmzBbxReAJzexnVfJhrUCTw8IPJUpMUP27u3igvGdkhfctdUuxVf9yGJErtGNgHK/aGbeLCvUOmhw6X/xbf3IbyFL1gwxOJ2cmmjlSptYU9E1W2xFY+IMFWBhzO3vso5EABgPVli/UUMfeXUUd++lIZpoyYe2Hkri1QGNhzfbZcFjEO78+vNiLZrvjJEtkXWu7iZTYK6eE365CiFJzqFL7N6Ichb28qakcmVqR/foreuz3cOMqMGssKoOQk1213x8w4fE0yLwf9Ft8L7GMf+vXQvuNt0ZKBPWqn7 spasquier@mirantis.com
- ppetit:
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCUGCb+mGidT4FRa4rJxoYx39NX2vCjRw+CmCQJW/Uf6xc0NNp5WRWJ0hnyIMRVVfehvfjdXPo4bO4cXIwmo06C1Wx+DMyvjI9NvuHtt52p3QTsh+PYZe5t4hFuGh7veWQw3LuLtDLVlVS633FQMgT/BXDaBc65yfN9CuV6lHqZ6KPKoGAi3ADlcQFqhFttO+GsVkxd6uGtelnbYXsDMwylCIKop0C/obu6wG85d/8Q2/Zts5CvUcCiCNfZtl8otgNMrpfnuhC0xAsmgwDxqK2kshxUujclyFfO7ixl+E9Plc7kUJvodNbzOcAmY3YpuHVoJQkHx/Ou81/q+JOVtFxz ppetit@baobab
obourdon:
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDOd0PnoQhjjo/UrmCotaGZxXfpxLoMmuZ+XjKqAkEb9kE+aE0+k8t2EUs8PIctEgIcIC9vmovqOzIt5uNLV5MyN4R+pdIBKyWEQ5fQPaFhn/uZKf7AxLYhTVVW1wM+cDzrpWTyNQ0w59JBfNPZ/BDMtdpch9gTP24pwJ8yUDHHMSt1FnVqa7+Czw8jig4/oM05Mob5DQKlWOdtdUP3XYHSGJuHY4tHmc5sPvzIqs5r47uj5VD4gaCUqYeRS2C1YJcisN880qIqUHuCK0k9gQP+0DKJPVPmPPCuwebBzUUfjhKcbqiikKxPS0p4DWiprmeF8xjvmVWX+V8lP/v0hXiVgMc3wMoXJklH+XM7U5y5uzN8MF4YqAi4M/uSK5UF+TPn5dtu9s+joQmqt5XXaV4iFQe5kcdIYEMNJUGxiwMzByhvqWgC1reYSD8FquqLTH/5ITvFFmaTyQbBJMnXAE+QxdTXMfhTnfI/pbbhAUmfr5w8Z34lZG5UDnUy/rR+LlvJS76MqCr3nemZTHqhUYIrIJA8f9Xa8o9UJTy2QICdj2NidW1UzHCPybc/nH7qc6TjZJALLdhzK2QDbO6seJLOXuVHwSxjOx2Jdv5HImpFSeEfiGRQqc8bT+NGZI5V+cW+FuztU8i46VaSPXFM8t+57Ut/MdndAVYSPqgc7E3u3w== obourdon@mirantis.com
dkalashnik:
diff --git a/postgresql/client/janitor_monkey.yml b/postgresql/client/janitor_monkey.yml
new file mode 100644
index 0000000..def9a06
--- /dev/null
+++ b/postgresql/client/janitor_monkey.yml
@@ -0,0 +1,30 @@
+classes:
+ - system.postgresql.client
+parameters:
+ _param:
+ janmonkey_db_host: ${_param:haproxy_postgresql_bind_host}
+ janmonkey_db_user: janmonkey
+ janmonkey_db_user_password: janmonkey
+ janmonkey_login_id: 12
+ janmonkey_application_id: 2
+ postgresql:
+ client:
+ server:
+ server01:
+ database:
+ janmonkey:
+ enabled: true
+ encoding: 'UTF8'
+ locale: 'en_US'
+ users:
+ - name: ${_param:janmonkey_db_user}
+ password: ${_param:janmonkey_db_user_password}
+ host: ${_param:janmonkey_db_host}
+ createdb: true
+ rights: all privileges
+ init:
+ maintenance_db: pushkin
+ force: true
+ queries:
+ - INSERT INTO login VALUES (${_param:janmonkey_login_id}, ${_param:janmonkey_application_id}) ON CONFLICT (id) DO UPDATE SET id = excluded.id;
+ - INSERT INTO device VALUES (${_param:janmonkey_application_id}, ${_param:janmonkey_login_id}, 42, 'janitor_audit_service', NULL, 1, NULL) ON CONFLICT (id) DO UPDATE SET id = excluded.id;
diff --git a/postgresql/client/security_monkey.yml b/postgresql/client/security_monkey.yml
index 43e48d2..a7a341f 100644
--- a/postgresql/client/security_monkey.yml
+++ b/postgresql/client/security_monkey.yml
@@ -5,6 +5,8 @@
secmonkey_db_host: ${_param:haproxy_postgresql_bind_host}
secmonkey_db_user: secmonkey
secmonkey_db_user_password: secmonkey
+ secmonkey_login_id: 11
+ secmonkey_application_id: 1
postgresql:
client:
server:
@@ -24,5 +26,5 @@
maintenance_db: pushkin
force: true
queries:
- - INSERT INTO login VALUES (11, 1) ON CONFLICT (id) DO UPDATE SET id = excluded.id;
- - INSERT INTO device VALUES (1, 11, 42, 'security_audit_service', NULL, 1, NULL) ON CONFLICT (id) DO UPDATE SET id = excluded.id;
+ - INSERT INTO login VALUES (${_param:secmonkey_login_id}, ${_param:secmonkey_application_id}) ON CONFLICT (id) DO UPDATE SET id = excluded.id;
+ - INSERT INTO device VALUES (${_param:secmonkey_application_id}, ${_param:secmonkey_login_id}, 42, 'security_audit_service', NULL, 1, NULL) ON CONFLICT (id) DO UPDATE SET id = excluded.id;