Merge "Allow passing extra java opts and proxy env"
diff --git a/.releasenotes/notes/add_ssl_support_oss-ea1eb1e086d08e3c.yaml b/.releasenotes/notes/add_ssl_support_oss-ea1eb1e086d08e3c.yaml
new file mode 100644
index 0000000..082e12f
--- /dev/null
+++ b/.releasenotes/notes/add_ssl_support_oss-ea1eb1e086d08e3c.yaml
@@ -0,0 +1,63 @@
+-----
+upgrades:
+ - |
+ Added SSL support for the followibg cloud-monitoring services:
+
+ * Rundeck CIS Collectors
+
+ To provide ssl support for CIS, set up ``cert`` and ``ssl_cert_file``
+ on a cluster level metadata:
+
+ .. code-block:: yaml
+
+ rundeck_cis_openstack:
+ auth_url: ${_param:oss_openstack_auth_url}/auth/tokens
+ username: ${_param:oss_openstack_username}
+ password: ${_param:oss_openstack_password}
+ cert: |
+ -----BEGIN CERTIFICATE-----
+ MIIE0DCCA7igAwIBAgIBBzANBgkqhkiG9w0BAQsFADCBgzELMAkGA1UEBhMCVVMx
+ -----END CERTIFICATE-----
+ ssl_cert_file: cert.pem
+
+ If all parameters are defined properly, Rundeck enables the ssl support
+ automatically.
+
+ * Cleanup Service
+
+ To provide ssl support for Cleanup Service, specify the cert path
+ and set the ``ssl_verify`` variable to ``True`` on a cluster level
+ metadata:
+
+ .. code-block:: yaml
+
+ janitor_monkey_openstack:
+ username: ${_param:oss_openstack_username}
+ password: ${_param:oss_openstack_password}
+ auth_url: ${_param:oss_openstack_auth_url}
+ ssl_verify: True
+ cacert_path: ${_param:oss_openstack_cert_path}
+
+ * Security Audit Service
+
+ To provide ssl support for Security audit Service, provide cert path,
+ set the ``ssl_verify`` variable to ``True``, and select the endpoint
+ type for cloud connections on a cluster level metadata:
+
+ .. code-block:: yaml
+
+ security_monkey_openstack:
+ username: ${_param:oss_openstack_username}
+ password: ${_param:oss_openstack_password}
+ auth_url: ${_param:oss_openstack_auth_url}
+ ssl_verify: True
+ endpoint_type: public
+ cacert_path: ${_param:oss_openstack_cert_path}
+
+ .. note:: By default, the ``cacert_path`` variable is defined as
+ follows:
+
+ .. code-block:: yaml
+
+ oss_openstack_cert_path: /srv/volumes/rundeck/storage/content/keys/cis/openstack/cert.pem
+
diff --git a/docker/swarm/stack/janitor_monkey.yml b/docker/swarm/stack/janitor_monkey.yml
index 08fdb5c..ffea607 100644
--- a/docker/swarm/stack/janitor_monkey.yml
+++ b/docker/swarm/stack/janitor_monkey.yml
@@ -22,6 +22,10 @@
janitor_monkey_elasticsearch: ${_param:elasticsearch_bind_host}:${_param:elasticsearch_binary_bind_port}
janitor_monkey_cloudfire_region: RegionOne
janitor_monkey_cis_clustername: ${_param:elasticsearch_cluster_name}
+ janitor_monkey_instance_age_threshold: 15
+ janitor_monkey_notification_oss_url: http://${_param:haproxy_pushkin_bind_host}:${_param:haproxy_pushkin_bind_port}/post_notification_json
+ janitor_monkey_notification_oss_login_id: 12
+ janitor_monkey_notification_oss_application_id: 2
janitor_monkey_openstack:
project_domain_name: default
project_name: admin
@@ -58,6 +62,10 @@
simianarmy.client.cloudfire.project: ${_param:janitor_monkey_openstack:project_name}
simianarmy.client.cloudfire.SSLVerify: ${_param:janitor_monkey_openstack:ssl_verify}
simianarmy.client.cloudfire.cafile: ${_param:janitor_monkey_openstack:cafile}
+ simianarmy.janitor.rule.stoppedInstanceRule.instanceAgeThreshold: ${_param:janitor_monkey_instance_age_threshold}
+ simianarmy.janitor.notification.oss.url: ${_param:janitor_monkey_notification_oss_url}
+ simianarmy.janitor.notification.oss.login_id: ${_param:janitor_monkey_notification_oss_login_id}
+ simianarmy.janitor.notification.oss.application_id: ${_param:janitor_monkey_notification_oss_application_id}
service:
cleanup-service-mongodb:
image: ${_param:docker_image_mongodb}
diff --git a/docker/swarm/stack/rundeck.yml b/docker/swarm/stack/rundeck.yml
index 0710819..8ab0554 100644
--- a/docker/swarm/stack/rundeck.yml
+++ b/docker/swarm/stack/rundeck.yml
@@ -18,7 +18,7 @@
restart_policy:
condition: any
ports:
- - 14440:4440
+ - ${_param:haproxy_rundeck_exposed_port}:${_param:haproxy_rundeck_bind_port}
volumes:
- /srv/volumes/rundeck/etc/framework.properties:/etc/rundeck/framework.properties
- /srv/volumes/rundeck/etc/tokens.properties:/etc/rundeck/tokens.properties
@@ -32,4 +32,4 @@
network:
default:
external:
- name: oss_backend
\ No newline at end of file
+ name: oss_backend
diff --git a/haproxy/proxy/listen/oss/rundeck.yml b/haproxy/proxy/listen/oss/rundeck.yml
index fbabb38..120a9ea 100644
--- a/haproxy/proxy/listen/oss/rundeck.yml
+++ b/haproxy/proxy/listen/oss/rundeck.yml
@@ -2,6 +2,7 @@
_param:
haproxy_rundeck_bind_host: ${_param:haproxy_bind_address}
haproxy_rundeck_bind_port: 4440
+ haproxy_rundeck_exposed_port: 14440
haproxy_rundeck_ssl:
enabled: false
haproxy:
@@ -25,13 +26,13 @@
servers:
- name: ${_param:cluster_node01_name}
host: ${_param:cluster_node01_address}
- port: 14440
+ port: ${_param:haproxy_rundeck_exposed_port}
params: check
- name: ${_param:cluster_node02_name}
host: ${_param:cluster_node02_address}
- port: 14440
+ port: ${_param:haproxy_rundeck_exposed_port}
params: backup check
- name: ${_param:cluster_node03_name}
host: ${_param:cluster_node03_address}
- port: 14440
+ port: ${_param:haproxy_rundeck_exposed_port}
params: backup check
diff --git a/jenkins/client/job/git-mirrors/upstream/init.yml b/jenkins/client/job/git-mirrors/upstream/init.yml
index e11e63c..cc267d9 100644
--- a/jenkins/client/job/git-mirrors/upstream/init.yml
+++ b/jenkins/client/job/git-mirrors/upstream/init.yml
@@ -25,7 +25,8 @@
project:
"{{downstream}}":
branches:
- - master
+ - compare_type: "REG_EXP"
+ name: "(.*?)"
message:
build_successful: "Build successful"
build_unstable: "Build unstable"
diff --git a/postgresql/client/janitor_monkey.yml b/postgresql/client/janitor_monkey.yml
new file mode 100644
index 0000000..def9a06
--- /dev/null
+++ b/postgresql/client/janitor_monkey.yml
@@ -0,0 +1,30 @@
+classes:
+ - system.postgresql.client
+parameters:
+ _param:
+ janmonkey_db_host: ${_param:haproxy_postgresql_bind_host}
+ janmonkey_db_user: janmonkey
+ janmonkey_db_user_password: janmonkey
+ janmonkey_login_id: 12
+ janmonkey_application_id: 2
+ postgresql:
+ client:
+ server:
+ server01:
+ database:
+ janmonkey:
+ enabled: true
+ encoding: 'UTF8'
+ locale: 'en_US'
+ users:
+ - name: ${_param:janmonkey_db_user}
+ password: ${_param:janmonkey_db_user_password}
+ host: ${_param:janmonkey_db_host}
+ createdb: true
+ rights: all privileges
+ init:
+ maintenance_db: pushkin
+ force: true
+ queries:
+ - INSERT INTO login VALUES (${_param:janmonkey_login_id}, ${_param:janmonkey_application_id}) ON CONFLICT (id) DO UPDATE SET id = excluded.id;
+ - INSERT INTO device VALUES (${_param:janmonkey_application_id}, ${_param:janmonkey_login_id}, 42, 'janitor_audit_service', NULL, 1, NULL) ON CONFLICT (id) DO UPDATE SET id = excluded.id;