Merge "Add PIPELINE_TIMEOUT param"
diff --git a/.releasenotes/notes/salt-control-ordered-interfaces.yaml b/.releasenotes/notes/salt-control-ordered-interfaces.yaml
new file mode 100644
index 0000000..92e21f3
--- /dev/null
+++ b/.releasenotes/notes/salt-control-ordered-interfaces.yaml
@@ -0,0 +1,32 @@
+---
+fixes:
+ - |
+ When defining interfaces for kvm-quemu VMs use sorted list of interfaces
+ to avoid random NIC assignment/name.
+
+ Fixes https://mirantis.jira.com/browse/PROD-21976
+
+ Required model change on existing deployments with MCP >= 2018.7.0, update
+ `salt:virt:nic` profiles to use list with `- name:` key instead of dict:
+
+ .. code-block:: yaml
+
+ salt:
+ virt:
+ nic:
+ default:
+ eth1:
+ bridge: br-mgm
+ eth0:
+ bridge: br-ctl
+ control:
+ - name: eth1
+ bridge: br_mgm
+ model: virtio
+ - name: eth2
+ bridge: br_ctl
+ model: virtio
+ - name: eth3
+ bridge: br_proxy
+ model: virtio
+
diff --git a/galera/server/database/ssl/nova.yml b/galera/server/database/ssl/nova.yml
new file mode 100644
index 0000000..b0a87c8
--- /dev/null
+++ b/galera/server/database/ssl/nova.yml
@@ -0,0 +1,4 @@
+parameters:
+ _param:
+ mysql_nova_ssl_option:
+ - SSL: True
\ No newline at end of file
diff --git a/galera/server/database/x509/nova.yml b/galera/server/database/x509/nova.yml
new file mode 100644
index 0000000..305fafd
--- /dev/null
+++ b/galera/server/database/x509/nova.yml
@@ -0,0 +1,7 @@
+parameters:
+ _param:
+ mysql_nova_clietn_ssl_x509_subject: '/C=cz/CN=mysql-nova-client/L=Prague/O=Mirantis'
+ mysql_nova_clietn_ssl_x509_issuer: '/C=cz/CN=Salt Master CA/L=Prague/O=Mirantis'
+ mysql_nova_ssl_option:
+ - SUBJECT: ${_param:mysql_nova_clietn_ssl_x509_subject}
+ - ISSUER: ${_param:mysql_nova_clietn_ssl_x509_issuer}
\ No newline at end of file
diff --git a/glusterfs/client/volume/keystone.yml b/glusterfs/client/volume/keystone.yml
index a93c0c1..f0a6e30 100644
--- a/glusterfs/client/volume/keystone.yml
+++ b/glusterfs/client/volume/keystone.yml
@@ -1,3 +1,5 @@
+classes:
+- system.linux.system.users.keystone
parameters:
_param:
keystone_glusterfs_service_host: ${_param:glusterfs_service_host}
@@ -20,20 +22,3 @@
user: keystone
group: keystone
opts: "defaults,backup-volfile-servers=${_param:glusterfs_node01_address}:${_param:glusterfs_node02_address}:${_param:glusterfs_node03_address}"
- linux:
- system:
- user:
- keystone:
- enabled: true
- name: keystone
- home: /var/lib/keystone
- uid: 301
- gid: 301
- shell: /bin/false
- system: True
- group:
- keystone:
- enabled: true
- name: keystone
- gid: 301
- system: True
diff --git a/jenkins/client/approved_scripts.yml b/jenkins/client/approved_scripts.yml
index 65db576..0dc20b0 100644
--- a/jenkins/client/approved_scripts.yml
+++ b/jenkins/client/approved_scripts.yml
@@ -66,6 +66,7 @@
- method java.util.regex.MatchResult group int
- method java.util.regex.MatchResult groupCount
- method java.util.regex.Matcher find
+ - method java.util.regex.Matcher group java.lang.String
- method java.util.regex.Matcher matches
- method java.util.regex.Pattern matcher java.lang.CharSequence
- method java.util.stream.Stream collect java.util.stream.Collector
@@ -84,6 +85,7 @@
- new groovy.json.JsonSlurperClassic
- new groovy.util.XmlParser
- new java.io.File java.lang.String
+ - new java.io.File java.lang.String java.lang.String
- new java.io.IOException java.lang.String
- new java.io.OutputStreamWriter java.io.OutputStream
- new java.lang.Exception java.lang.String
diff --git a/jenkins/client/job/deploy/lab/cicd.yml b/jenkins/client/job/deploy/lab/cicd.yml
index d524bbc..8252cfd 100644
--- a/jenkins/client/job/deploy/lab/cicd.yml
+++ b/jenkins/client/job/deploy/lab/cicd.yml
@@ -10,6 +10,9 @@
template:
type: workflow-scm
concurrent: true
+ discard:
+ build:
+ keep_num: 10
display_name: "Deploy {{name}} heat stack"
scm:
type: git
diff --git a/jenkins/client/job/deploy/lab/demo.yml b/jenkins/client/job/deploy/lab/demo.yml
index 2bb6ad5..3af2d7c 100644
--- a/jenkins/client/job/deploy/lab/demo.yml
+++ b/jenkins/client/job/deploy/lab/demo.yml
@@ -5,6 +5,9 @@
deploy_kafka_demo:
type: workflow-scm
concurrent: false
+ discard:
+ build:
+ keep_num: 10
display_name: "Kafka demo"
scm:
type: git
diff --git a/jenkins/client/job/deploy/openstack.yml b/jenkins/client/job/deploy/openstack.yml
index a9f2007..d5ed556 100644
--- a/jenkins/client/job/deploy/openstack.yml
+++ b/jenkins/client/job/deploy/openstack.yml
@@ -44,6 +44,9 @@
deploy-openstack-compute:
type: workflow-scm
concurrent: true
+ discard:
+ build:
+ keep_num: 50
display_name: "Deploy - OpenStack Compute node"
scm:
type: git
diff --git a/jenkins/client/job/docker/opencontrail.yml b/jenkins/client/job/docker/opencontrail.yml
index b5052de..0e4f40a 100644
--- a/jenkins/client/job/docker/opencontrail.yml
+++ b/jenkins/client/job/docker/opencontrail.yml
@@ -6,7 +6,11 @@
name: "docker-build-images-opencontrail-{{version}}"
jobs:
- version: oc40
+ branch: master
- version: oc41
+ branch: master
+ - version: oc50
+ branch: R5.0
template:
discard:
build:
@@ -24,7 +28,7 @@
project:
"mk/docker-opencontrail":
branches:
- - master
+ - "{{branch}}"
event:
ref:
- updated: {}
@@ -44,6 +48,9 @@
IMAGE_CREDENTIALS_ID:
type: string
default: "gerrit"
+ IMAGE_BRANCH:
+ type: string
+ default: "{{branch}}"
APT_KEY:
type: string
default: "${_param:jenkins_aptly_url}/public.gpg"
diff --git a/jenkins/client/job/opencontrail/build/generic.yml b/jenkins/client/job/opencontrail/build/generic.yml
index 1506326..0f130c4 100644
--- a/jenkins/client/job/opencontrail/build/generic.yml
+++ b/jenkins/client/job/opencontrail/build/generic.yml
@@ -140,7 +140,7 @@
build:
keep_num: 5
artifact:
- keep_num: 5
+ keep_num: 2
type: workflow-scm
concurrent: true
quiet_period: 120
diff --git a/jenkins/client/job/oscore/qa.yml b/jenkins/client/job/oscore/qa.yml
index 13d0e76..f076a78 100644
--- a/jenkins/client/job/oscore/qa.yml
+++ b/jenkins/client/job/oscore/qa.yml
@@ -70,8 +70,8 @@
project:
mcp/{{oscore-qa-project}}:
branches:
- - compare_type: "PLAIN"
- name: "master"
+ - master
+ - pike
event:
patchset:
- created
diff --git a/jenkins/client/job/oscore/tests.yml b/jenkins/client/job/oscore/tests.yml
index af33cc1..f4fb7e0 100644
--- a/jenkins/client/job/oscore/tests.yml
+++ b/jenkins/client/job/oscore/tests.yml
@@ -35,10 +35,6 @@
type: string
description: Version of openstack to test
default: "{{openstack_version}}"
- PROJECT:
- type: string
- description: Project to test
- default: "all"
STACK_TEST_JOB:
type: string
description: Job for environment deployment
@@ -144,10 +140,6 @@
type: string
default: "salt-qa-credentials"
description: Jenkins credential ID for Salt master
- USE_RALLY:
- type: boolean
- description: Whether to use container with rally
- default: "{{use_rally}}"
TEST_MILESTONE:
type: string
description: Product milestone
@@ -182,10 +174,6 @@
type: string
description: Version of openstack to test
default: "{{openstack_version}}"
- PROJECT:
- type: string
- description: Project to test
- default: "all"
STACK_TEST_JOB:
type: string
description: Job for environment deployment
@@ -287,10 +275,6 @@
type: string
default: "salt-qa-credentials"
description: Jenkins credential ID for Salt master
- USE_RALLY:
- type: boolean
- description: Whether to use container with rally
- default: "{{use_rally}}"
test-runner-template:
name: "{{job_prefix}}-{{test_type}}-runner"
template:
@@ -320,9 +304,6 @@
OPENSTACK_VERSION:
type: string
description: Version of openstack to test
- PROJECT:
- type: string
- description: Name of project being tested
PROC_RESULTS_JOB:
type: string
description: Job for results processing
@@ -360,9 +341,6 @@
TEST_PATTERN:
type: string
description: Run tests matched to pattern only
- TEST_SET:
- type: string
- description: Run tests matched by tempest set only
TEST_CONCURRENCY:
type: string
description: How much test threads to run
@@ -386,10 +364,6 @@
type: boolean
description: Whether to use pepper to connect to salt master
default: 'false'
- USE_RALLY:
- type: boolean
- description: Whether to use container with rally
- default: 'true'
results-checker-template:
name: "{{job_prefix}}-{{test_type}}-results-checker"
template:
diff --git a/jenkins/client/job/salt-formulas/tests.yml b/jenkins/client/job/salt-formulas/tests.yml
index d1dc00b..f2ef200 100644
--- a/jenkins/client/job/salt-formulas/tests.yml
+++ b/jenkins/client/job/salt-formulas/tests.yml
@@ -183,6 +183,7 @@
RUN_TEST_IN_DOCKER:
type: boolean
description: "Run test stage in docker environment"
+ default: 'true'
SMOKE_TEST_DOCKER_IMG:
type: string
default: "ubuntu:16.04"
diff --git a/jenkins/client/job/salt-models/tests.yml b/jenkins/client/job/salt-models/tests.yml
index f061e76..81dfd36 100644
--- a/jenkins/client/job/salt-models/tests.yml
+++ b/jenkins/client/job/salt-models/tests.yml
@@ -375,3 +375,28 @@
APT_REPOSITORY_GPG:
type: string
default: ""
+ test-mk-cookiecutter-templates-chunk:
+ name: test-mk-cookiecutter-templates-chunk
+ discard:
+ build:
+ keep_num: 300
+ artifact:
+ keep_num: 30
+ type: workflow-scm
+ concurrent: true
+ plugin_properties:
+ throttleconcurrents:
+ enabled: true
+ throttle_option: category
+ categories:
+ - test-model
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+ branch: "${_param:jenkins_pipelines_branch}"
+ credentials: "gerrit"
+ script: test-cookiecutter-reclass-chunk.groovy
+ param:
+ EXTRA_VARIABLES_YAML:
+ type: string
+ default: ""
diff --git a/jenkins/client/job/validate.yml b/jenkins/client/job/validate.yml
index d1638a6..a020a73 100644
--- a/jenkins/client/job/validate.yml
+++ b/jenkins/client/job/validate.yml
@@ -168,6 +168,10 @@
type: string
default: ""
description: Path for reports outside docker image
+ SKIP_LIST:
+ type: string
+ description: "Skip list for Rally test"
+ default: ""
cvp-sanity:
type: workflow-scm
name: cvp-sanity
diff --git a/keystone/server/cluster.yml b/keystone/server/cluster.yml
index 7e6980b..4c24975 100644
--- a/keystone/server/cluster.yml
+++ b/keystone/server/cluster.yml
@@ -3,6 +3,7 @@
- service.keepalived.cluster.single
- system.haproxy.proxy.listen.openstack.keystone
- system.haproxy.proxy.listen.openstack.keystone.standalone
+- system.linux.system.users.keystone
parameters:
_param:
keystone_tokens_expiration: 3600
diff --git a/keystone/server/fernet_rotation/cluster.yml b/keystone/server/fernet_rotation/cluster.yml
new file mode 100644
index 0000000..e09b8e9
--- /dev/null
+++ b/keystone/server/fernet_rotation/cluster.yml
@@ -0,0 +1,20 @@
+parameters:
+ keystone:
+ server:
+ tokens:
+ fernet_sync_nodes_list:
+ sync_node01:
+ name: ${_param:openstack_control_node02_hostname}
+ enabled: True
+ sync_node02:
+ name: ${_param:openstack_control_node03_hostname}
+ enabled: True
+ fernet_rotation_driver: rsync
+ linux:
+ system:
+ job:
+ keystone_fernet_rotate_rsync:
+ command: '/var/lib/keystone/fernet_keys_rotate.sh -rs >> /var/log/keystone/fernet_rotate.log 2>> /var/log/keystone/fernet_rotate.log'
+ enabled: true
+ user: keystone
+ minute: 0
diff --git a/keystone/server/fernet_rotation/single.yml b/keystone/server/fernet_rotation/single.yml
new file mode 100644
index 0000000..3aa2add
--- /dev/null
+++ b/keystone/server/fernet_rotation/single.yml
@@ -0,0 +1,13 @@
+parameters:
+ keystone:
+ server:
+ tokens:
+ fernet_rotation_driver: rsync
+ linux:
+ system:
+ job:
+ keystone_fernet_rotate_rsync:
+ command: '/var/lib/keystone/fernet_keys_rotate.sh -r >> /var/log/keystone/fernet_rotate.log 2>> /var/log/keystone/fernet_rotate.log'
+ enabled: true
+ user: keystone
+ minute: 0
diff --git a/keystone/server/single.yml b/keystone/server/single.yml
index 2b1e89e..68a29a7 100644
--- a/keystone/server/single.yml
+++ b/keystone/server/single.yml
@@ -1,5 +1,6 @@
classes:
- service.keystone.server.single
+- system.linux.system.users.keystone
parameters:
_param:
keystone_service_token: token
diff --git a/kubernetes/common.yml b/kubernetes/common.yml
index 2dbccc4..218450a 100644
--- a/kubernetes/common.yml
+++ b/kubernetes/common.yml
@@ -1,21 +1,22 @@
parameters:
_param:
- kubernetes_calico_calicoctl_repo: docker-prod-virtual.docker.mirantis.net/mirantis/projectcalico/calico
- kubernetes_calico_repo: docker-prod-virtual.docker.mirantis.net/mirantis/projectcalico/calico
- kubernetes_calico_cni_repo: docker-prod-virtual.docker.mirantis.net/mirantis/projectcalico/calico
- kubernetes_hyperkube_repo: docker-prod-virtual.docker.mirantis.net/mirantis/kubernetes
- kubernetes_contrail_cni_repo: docker-prod-virtual.docker.mirantis.net/mirantis/kubernetes
- kubernetes_contrail_network_controller_repo: docker-prod-virtual.docker.mirantis.net/mirantis/kubernetes/contrail-integration
+ kubernetes_calico_calicoctl_repo: docker-prod-local.artifactory.mirantis.com/mirantis/projectcalico/calico
+ kubernetes_calico_repo: docker-prod-local.artifactory.mirantis.com/mirantis/projectcalico/calico
+ kubernetes_calico_cni_repo: docker-prod-local.artifactory.mirantis.com/mirantis/projectcalico/calico
+ kubernetes_hyperkube_repo: docker-prod-local.artifactory.mirantis.com/mirantis/kubernetes
+ kubernetes_contrail_cni_repo: docker-prod-local.artifactory.mirantis.com/mirantis/kubernetes
+ kubernetes_contrail_network_controller_repo: docker-prod-local.artifactory.mirantis.com/mirantis/kubernetes/contrail-integration
kubernetes_netchecker_agent_repo: mirantis
kubernetes_netchecker_server_repo: mirantis
kubernetes_virtlet_repo: mirantis
kubernetes_kubedns_repo: gcr.io/google_containers
kubernetes_externaldns_repo: mirantis
- kubernetes_genie_repo: https://artifactory.mcp.mirantis.net/artifactory/binary-prod-local/mirantis/kubernetes/cni-genie
+ kubernetes_genie_repo: https://docker-prod-local.artifactory.mirantis.com/artifactory/binary-prod-local/mirantis/kubernetes/cni-genie
kubernetes_flannel_repo: quay.io/coreos
kubernetes_metallb_repo: metallb
- kubernetes_sriov_repo: https://artifactory.mcp.mirantis.net/artifactory/binary-prod-local/mirantis/kubernetes/sriov-cni
- kubernetes_cniplugins_repo: https://artifactory.mcp.mirantis.net/artifactory/binary-prod-local/mirantis/kubernetes/containernetworking-plugins
+ kubernetes_sriov_repo: https://docker-prod-local.artifactory.mirantis.com/artifactory/binary-prod-local/mirantis/kubernetes/sriov-cni
+ kubernetes_cniplugins_repo: https://docker-prod-local.artifactory.mirantis.com/artifactory/binary-prod-local/mirantis/kubernetes/containernetworking-plugins
+ kubernetes_dashboard_repo: k8s.gcr.io
# component docker images
kubernetes_docker_package: docker-engine=1.13.1-0~ubuntu-xenial
@@ -45,8 +46,10 @@
kubernetes_sriov_source_hash: md5=c0cc33202afd02e4cc44b977a8faf6e7
kubernetes_cniplugins_source: ${_param:kubernetes_cniplugins_repo}/cni-plugins_v0.7.1-48-g696b1f9.tar.gz
kubernetes_cniplugins_source_hash: md5=5ec1cf5e989097c6127ea5365e277b02
+ kubernetes_dashboard_image: ${_param:kubernetes_dashboard_repo}/kubernetes-dashboard-amd64:v1.8.3
kubelet_fail_on_swap: true
+ kubernetes_dashboard_enabled: true
kubernetes_kubedns_enabled: true
kubernetes_externaldns_enabled: false
kubernetes_coredns_enabled: false
@@ -79,6 +82,9 @@
source: ${_param:kubernetes_cniplugins_source}
hash: ${_param:kubernetes_cniplugins_source_hash}
addons:
+ dashboard:
+ enabled: ${_param:kubernetes_dashboard_enabled}
+ image: ${_param:kubernetes_dashboard_image}
dns:
enabled: ${_param:kubernetes_kubedns_enabled}
kubedns_image: ${_param:kubernetes_kubedns_image}
diff --git a/linux/system/users/keystone.yml b/linux/system/users/keystone.yml
new file mode 100644
index 0000000..14e38dd
--- /dev/null
+++ b/linux/system/users/keystone.yml
@@ -0,0 +1,18 @@
+parameters:
+ linux:
+ system:
+ user:
+ keystone:
+ enabled: true
+ name: keystone
+ home: /var/lib/keystone
+ uid: 301
+ gid: 301
+ shell: /bin/false
+ system: True
+ group:
+ keystone:
+ enabled: true
+ name: keystone
+ gid: 301
+ system: True
diff --git a/openssh/server/team/mcp_qa.yml b/openssh/server/team/mcp_qa.yml
index b22272a..38e19c3 100644
--- a/openssh/server/team/mcp_qa.yml
+++ b/openssh/server/team/mcp_qa.yml
@@ -156,6 +156,13 @@
full_name: Artem Minasyan
home: /home/aminasyan
email: aminasyan@mirantis.com
+ imenkov:
+ enabled: true
+ name: imenkov
+ sudo: true
+ full_name: Ilya Menkov
+ home: /home/imenkov
+ email: imenkov@mirantis.com
group:
libvirtd:
enabled: true
@@ -284,6 +291,11 @@
public_keys:
- ${public_keys:aminasyan}
user: ${linux:system:user:aminasyan}
+ imenkov:
+ enable: true
+ public_keys:
+ - ${public_keys:imenkov}
+ user: ${linux:system:user:imenkov}
public_keys:
ddmitriev:
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDuD4wJ8hzkchQ0pfgdwWukQyps1xYRfHOsjosmDu/mmgaXVud5mnpwb2q35E2YYTox2mx+ulJqyS+099gz6MPg4P8D5qdMuRbAsJqbceLaaIGQhdT8qgSo7ESrl5pwvYnfWzKLKF0z5s7nrW0nvArC40zhV9o9XpvzzzSFByepWfkwA8ReldGUYVvTKp8YXaCrqEdMZrU42adPM2nl+fYBbGF+h4/Ka247aVjPeER0blV3znFXbv2Kf38G+i/TEGaktgpBdtGGDi1tX2loMypmTJeqZRJnM0Eoly0BnynB7CSxn11eoIXBUe1mVYNqmQd1hw6uh59iymhK5j939v9J ddmitriev@dis_xcom
@@ -333,4 +345,6 @@
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYj97WGfiL550eVPyQmFyrgpTw61tfins1CpgrZewWqAWJMgYklRdMYl4OReE5UO2po7ag0f/QsOtGU8aQbnxnWUYPZyS3Qk+Bg8OOSBmewPxmT7WH97KdGKBdC9b3xUNFOUXEUOMmOe3jq9YET+xebUnfsA5qwYU5dL9Cb5UAPzVxYI8z5RiaNTo8dtwZr7lbJJRy8YfSWCtiD59vewc6BE2NTUyDjsfmKd9K/IkyKboGU9AC5mLYDsjvWwiGcNdfigRyaYWKmoo7Xhe1W2Og4dpI5pozOwVg7hISW9NRgLXrZP/9me1rFBH7EQjpjO3+Pto1//R3Nx9QLsB59yuj snovikov@snovikov
aminasyan:
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCo9BHw8WdIFOEuY10XvUqHPl1jCqtA8TYntt5Aee2rR8X8pLG9lWjHPFkNArD5upCRvv6f88Xs4QLoEGWMWcbfMkJE4gMNkOWL4As5iNgagw+DybQrA6nXyassHi8le+quwICfJ1v16IXxPgMBCcrRcSYvHKv+n8KsuBH1csRnJ8aHvIZJTL43Eq0F+aj2S0/9D+m2dyRwcmamn6EqX61NfL5UP3422i4JykTXY6I8iwEHs7Er+jPBD7rtJ/q4Kn/bIyT/Vz0tGHiWyVt7B8GBoPb3PgDuzXKvU7OtOxFb3uhANeecjzIz5G5rAsAQcizf+MGCOoBwFLFJTPAharWN artem@Artem
+ imenkov:
+ key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSWoSuHV1FNRuooS3d0nVkTRCwC+Tc585Z1cPcMQns7H1ogLIya//T3gMfxINxCjlF1eek18vI9B5QszZZUL2P7prFxe5EJlt6iM8jD61umkncaTbx6oc8r8xu5ufH9RDxfKHvQX1mhhID5JK+/GoRDIW5Zs7wFSHCrANYV2dtmOfmRSc/qpgh87Z9X10UDymp5MLjpQZzjM+qZCtz6yV14m835j4eiEN7+QZ2XZ/Wtzer7VVdhtjbw8gESSyuPIVf66keuLVUixk0CXosQYrqWDPWpT0Rhh63lnUacgplh74TU+bb+vYRjIHxCgOY2Ex6Pk5jrsroi0YoWtI4SErD imenkov@atopilin-nb-wifi.srt.mirantis.net
diff --git a/openssh/server/team/members/pbasov.yml b/openssh/server/team/members/pbasov.yml
new file mode 100644
index 0000000..567f1cd
--- /dev/null
+++ b/openssh/server/team/members/pbasov.yml
@@ -0,0 +1,19 @@
+parameters:
+ linux:
+ system:
+ user:
+ pbasov:
+ enabled: true
+ name: pbasov
+ sudo: ${_param:linux_system_user_sudo}
+ full_name: Pavel Basov
+ home: /home/pbasov
+ email: pbasov@mirantis.com
+ openssh:
+ server:
+ user:
+ pbasov:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC6cHg1SvsxWp5tD0Ee7nl4pyW9cLO/ZQYYxUYa2zSn/RWFm9BFuy1VwkJiYCIvk0lTXfKQMiO10mKm2xFC3VT0vpTSGIYDh4oxDu0FpIaTmXX3ULVdLNwWvrkHoPkIbPy1nUYlJQ+9PEh6KWkbxeYXFxVPoouWkDwshF63GrRA7Pyg2CuVn/FEA+ldSeq7mp/kkOWvlKXpJzvKXt4A/6odOCUiCnX//CWreHCnfCV3KsteyBc+UP2ql6wpEXmIIYdrOF0O3ofqRPTx6ivIOGGDuYB6e/XDivoEBPWNcLYcr9d5HKOTgRE6xF2Q1ElzpbvAY4AS+kggEjIgImiB3TxX pbasov@mirantis.com
+ user: ${linux:system:user:pbasov}
diff --git a/openssh/server/team/services.yml b/openssh/server/team/services.yml
index c2f4e28..3116d90 100644
--- a/openssh/server/team/services.yml
+++ b/openssh/server/team/services.yml
@@ -19,6 +19,7 @@
- system.openssh.server.team.members.dstremkouski
- system.openssh.server.team.members.mchernik
- system.openssh.server.team.members.hkraemer
+- system.openssh.server.team.members.pbasov
parameters:
_param:
linux_system_user_sudo: true
diff --git a/salt/control/virt.yml b/salt/control/virt.yml
index 0bbb7fa..05bf23d 100644
--- a/salt/control/virt.yml
+++ b/salt/control/virt.yml
@@ -62,4 +62,4 @@
size: 4000000
xxxxhuge:
- system:
- size: 5000000
\ No newline at end of file
+ size: 5000000
diff --git a/salt/master/formula/pkg/openstack.yml b/salt/master/formula/pkg/openstack.yml
index 381ae1a..31b8980 100644
--- a/salt/master/formula/pkg/openstack.yml
+++ b/salt/master/formula/pkg/openstack.yml
@@ -34,6 +34,9 @@
glusterfs:
source: pkg
name: salt-formula-glusterfs
+ gnocchi:
+ source: pkg
+ name: salt-formula-gnocchi
designate:
source: pkg
name: salt-formula-designate
@@ -82,6 +85,9 @@
opencontrail:
source: pkg
name: salt-formula-opencontrail
+ panko:
+ source: pkg
+ name: salt-formula-panko
python:
source: pkg
name: salt-formula-python
diff --git a/salt/minion/cert/mysql/clients/openstack/nova.yml b/salt/minion/cert/mysql/clients/openstack/nova.yml
new file mode 100644
index 0000000..154a553
--- /dev/null
+++ b/salt/minion/cert/mysql/clients/openstack/nova.yml
@@ -0,0 +1,27 @@
+parameters:
+ _param:
+ salt_minion_ca_host: cfg01.${_param:cluster_domain}
+ salt_minion_ca_authority: salt_master_ca
+ mysql_nova_client_ssl_key_file: /etc/pki/mysql-nova-client/client-key.pem
+ mysql_nova_client_ssl_cert_file: /etc/pki/mysql-nova-client/client-cert.pem
+ mysql_nova_ssl_ca_file: /etc/pki/mysql-nova-client/ca-cert.pem
+ salt:
+ minion:
+ cert:
+ mysql-nova-client:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: mysql-nova-client
+ signing_policy: cert_client
+ alternative_names: >
+ IP:${_param:cluster_local_address},
+ DNS:${_param:cluster_local_address},
+ DNS:${linux:system:name},
+ DNS:${linux:network:fqdn}
+ key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+ key_file: ${_param:mysql_nova_client_ssl_key_file}
+ cert_file: ${_param:mysql_nova_client_ssl_cert_file}
+ ca_file: ${_param:mysql_nova_ssl_ca_file}
+ user: nova
+ group: nova
+ mode: 640
\ No newline at end of file