Merge "Add barbican:server:database:host"
diff --git a/.releasenotes/notes/salt-control-ordered-interfaces.yaml b/.releasenotes/notes/salt-control-ordered-interfaces.yaml
new file mode 100644
index 0000000..92e21f3
--- /dev/null
+++ b/.releasenotes/notes/salt-control-ordered-interfaces.yaml
@@ -0,0 +1,32 @@
+---
+fixes:
+ - |
+ When defining interfaces for kvm-quemu VMs use sorted list of interfaces
+ to avoid random NIC assignment/name.
+
+ Fixes https://mirantis.jira.com/browse/PROD-21976
+
+ Required model change on existing deployments with MCP >= 2018.7.0, update
+ `salt:virt:nic` profiles to use list with `- name:` key instead of dict:
+
+ .. code-block:: yaml
+
+ salt:
+ virt:
+ nic:
+ default:
+ eth1:
+ bridge: br-mgm
+ eth0:
+ bridge: br-ctl
+ control:
+ - name: eth1
+ bridge: br_mgm
+ model: virtio
+ - name: eth2
+ bridge: br_ctl
+ model: virtio
+ - name: eth3
+ bridge: br_proxy
+ model: virtio
+
diff --git a/ceilometer/agent/polling/opendaylight.yml b/ceilometer/agent/polling/opendaylight.yml
new file mode 100644
index 0000000..aabbe9c
--- /dev/null
+++ b/ceilometer/agent/polling/opendaylight.yml
@@ -0,0 +1,33 @@
+parameters:
+ _param:
+ opendaylight_service_host: 127.0.0.1
+ opendaylight_rest_port: 8080
+ ceilometer:
+ opendaylight:
+ driver: opendaylight.v2
+ auth: basic
+ user: admin
+ password: admin
+ scheme: http
+ interval: 900
+ ceilometer:
+ agent:
+ polling:
+ sources:
+ odl_source:
+ meters:
+ - switch
+ - switch.ports
+ - switch.port
+ - switch.port.uptime
+ - switch.port.receive.drops
+ - switch.port.receive.errors
+ - switch.port.transmit.packets
+ - switch.port.receive.packets
+ - switch.port.transmit.bytes
+ - switch.port.receive.bytes
+ interval: ${_param:ceilometer:opendaylight:interval}
+ resources:
+ - ${_param:ceilometer:opendaylight:driver}://${_param:opendaylight_service_host}:${_param:opendaylight_rest_port}/controller/statistics?auth=${_param:ceilometer:opendaylight:auth}&user=${_param:ceilometer:opendaylight:user}&password=${_param:ceilometer:opendaylight:password}&scheme=${_param:ceilometer:opendaylight:scheme}
+ sinks:
+ - meter_sink
diff --git a/debmirror/mirror_mirantis_com/percona/xenial.yml b/debmirror/mirror_mirantis_com/percona/xenial.yml
new file mode 100644
index 0000000..e5efb9a
--- /dev/null
+++ b/debmirror/mirror_mirantis_com/percona/xenial.yml
@@ -0,0 +1,27 @@
+parameters:
+ _param:
+ apt_mk_version: 'stable'
+ mirror_mirantis_com_percona_xenial_force: False
+ debmirror_mirrors_base_target_dir: "/srv/volumes/aptly/public/${_param:apt_mk_version}/"
+ debmirror:
+ client:
+ enabled: true
+ mirrors:
+ mirror_mirantis_com_percona_xenial:
+ force: ${_param:mirror_mirantis_com_percona_xenial_force}
+ lock_target: True
+ extra_flags: [ '--verbose', '--progress', '--nosource', '--no-check-gpg', '--rsync-extra=none' ]
+ method: "rsync"
+ arch: [ 'amd64' ]
+ mirror_host: "mirror.mirantis.com"
+ mirror_root: ":mirror/${_param:apt_mk_version}/percona/xenial/"
+ target_dir: "${_param:debmirror_mirrors_base_target_dir}/percona/xenial/"
+ log_file: "/var/log/debmirror/mirror_mirantis_com_percona_xenial.log"
+ dist: [ xenial ]
+ section: [ main ]
+ filter:
+ 001: "--exclude='(-dbg_|-dbg-)'"
+ 002: "--exclude='/percona-server-5.(5|6)'"
+ 003: "--exclude='/percona-server-mongodb'"
+ 004: "--exclude='/(percona-xtradb-cluster|percona-server-5|percona-xtradb-cluster)'"
+ 050: "--include='/*galera*'"
diff --git a/galera/server/database/ssl/nova.yml b/galera/server/database/ssl/nova.yml
new file mode 100644
index 0000000..b0a87c8
--- /dev/null
+++ b/galera/server/database/ssl/nova.yml
@@ -0,0 +1,4 @@
+parameters:
+ _param:
+ mysql_nova_ssl_option:
+ - SSL: True
\ No newline at end of file
diff --git a/galera/server/database/x509/nova.yml b/galera/server/database/x509/nova.yml
new file mode 100644
index 0000000..305fafd
--- /dev/null
+++ b/galera/server/database/x509/nova.yml
@@ -0,0 +1,7 @@
+parameters:
+ _param:
+ mysql_nova_clietn_ssl_x509_subject: '/C=cz/CN=mysql-nova-client/L=Prague/O=Mirantis'
+ mysql_nova_clietn_ssl_x509_issuer: '/C=cz/CN=Salt Master CA/L=Prague/O=Mirantis'
+ mysql_nova_ssl_option:
+ - SUBJECT: ${_param:mysql_nova_clietn_ssl_x509_subject}
+ - ISSUER: ${_param:mysql_nova_clietn_ssl_x509_issuer}
\ No newline at end of file
diff --git a/glusterfs/client/volume/keystone.yml b/glusterfs/client/volume/keystone.yml
index a93c0c1..f0a6e30 100644
--- a/glusterfs/client/volume/keystone.yml
+++ b/glusterfs/client/volume/keystone.yml
@@ -1,3 +1,5 @@
+classes:
+- system.linux.system.users.keystone
parameters:
_param:
keystone_glusterfs_service_host: ${_param:glusterfs_service_host}
@@ -20,20 +22,3 @@
user: keystone
group: keystone
opts: "defaults,backup-volfile-servers=${_param:glusterfs_node01_address}:${_param:glusterfs_node02_address}:${_param:glusterfs_node03_address}"
- linux:
- system:
- user:
- keystone:
- enabled: true
- name: keystone
- home: /var/lib/keystone
- uid: 301
- gid: 301
- shell: /bin/false
- system: True
- group:
- keystone:
- enabled: true
- name: keystone
- gid: 301
- system: True
diff --git a/horizon/server/cluster.yml b/horizon/server/cluster.yml
index a68ab12..1d1f5eb 100644
--- a/horizon/server/cluster.yml
+++ b/horizon/server/cluster.yml
@@ -2,6 +2,7 @@
- service.keepalived.cluster.single
- service.horizon.server.cluster
- service.haproxy.proxy.single
+- system.apache.server.single
- system.haproxy.proxy.listen.openstack.horizon
- system.memcached.server.single
parameters:
@@ -15,4 +16,7 @@
plugin: {}
session:
engine: "cache"
-
+ apache:
+ server:
+ modules:
+ - wsgi
diff --git a/horizon/server/single.yml b/horizon/server/single.yml
index 2b59f52..2555a50 100644
--- a/horizon/server/single.yml
+++ b/horizon/server/single.yml
@@ -1,5 +1,6 @@
classes:
- service.horizon.server.single
+- system.apache.server.single
- system.memcached.server.single
parameters:
_param:
@@ -13,4 +14,7 @@
plugin: {}
session:
engine: "cache"
-
+ apache:
+ server:
+ modules:
+ - wsgi
diff --git a/jenkins/client/approved_scripts.yml b/jenkins/client/approved_scripts.yml
index 65db576..0dc20b0 100644
--- a/jenkins/client/approved_scripts.yml
+++ b/jenkins/client/approved_scripts.yml
@@ -66,6 +66,7 @@
- method java.util.regex.MatchResult group int
- method java.util.regex.MatchResult groupCount
- method java.util.regex.Matcher find
+ - method java.util.regex.Matcher group java.lang.String
- method java.util.regex.Matcher matches
- method java.util.regex.Pattern matcher java.lang.CharSequence
- method java.util.stream.Stream collect java.util.stream.Collector
@@ -84,6 +85,7 @@
- new groovy.json.JsonSlurperClassic
- new groovy.util.XmlParser
- new java.io.File java.lang.String
+ - new java.io.File java.lang.String java.lang.String
- new java.io.IOException java.lang.String
- new java.io.OutputStreamWriter java.io.OutputStream
- new java.lang.Exception java.lang.String
diff --git a/jenkins/client/job/debian/packages/salt-multi.yml b/jenkins/client/job/debian/packages/salt-multi.yml
index e185b60..b58b801 100644
--- a/jenkins/client/job/debian/packages/salt-multi.yml
+++ b/jenkins/client/job/debian/packages/salt-multi.yml
@@ -63,7 +63,7 @@
upload_source_package: true
dist: xenial
- name: swift
- upload_source_package: true
+ upload_source_package: false
dist: xenial
template:
discard:
diff --git a/jenkins/client/job/deploy/update/upgrade_mcp_release.yml b/jenkins/client/job/deploy/update/upgrade_mcp_release.yml
index 5968245..18f5646 100644
--- a/jenkins/client/job/deploy/update/upgrade_mcp_release.yml
+++ b/jenkins/client/job/deploy/update/upgrade_mcp_release.yml
@@ -47,4 +47,8 @@
UPDATE_LOCAL_REPOS:
type: boolean
default: 'false'
- description: "Use only when local repositories are present."
\ No newline at end of file
+ description: "Use only when local repositories are present."
+ PIPELINE_TIMEOUT:
+ type: string
+ default: '12'
+ description: "Sets pipeline timeout in hours. Defaults to '12' if left empty."
\ No newline at end of file
diff --git a/jenkins/client/job/oscore/qa.yml b/jenkins/client/job/oscore/qa.yml
index 13d0e76..f076a78 100644
--- a/jenkins/client/job/oscore/qa.yml
+++ b/jenkins/client/job/oscore/qa.yml
@@ -70,8 +70,8 @@
project:
mcp/{{oscore-qa-project}}:
branches:
- - compare_type: "PLAIN"
- name: "master"
+ - master
+ - pike
event:
patchset:
- created
diff --git a/jenkins/client/job/oscore/salt_virtual_models.yml b/jenkins/client/job/oscore/salt_virtual_models.yml
index f315b3d..49ef6df 100644
--- a/jenkins/client/job/oscore/salt_virtual_models.yml
+++ b/jenkins/client/job/oscore/salt_virtual_models.yml
@@ -109,6 +109,30 @@
type: boolean
description: Whether to use container with rally
default: "false"
+ TEST_PASS_THRESHOLD:
+ type: string
+ description: Tests pass rate to consider build successful
+ default: "96"
+ FAIL_ON_TESTS:
+ type: boolean
+ default: 'true'
+ description: Whether to fail build on test results
+ TEST_PATTERN:
+ type: string
+ description: Run tests matched to pattern only
+ default: ''
+ TEST_MILESTONE:
+ type: string
+ description: Product milestone
+ default: 'MCP1.1'
+ TESTRAIL:
+ type: boolean
+ description: Whether to upload results to testrail or not
+ default: "false"
+ OPENSTACK_VERSION:
+ type: string
+ description: Version of openstack to test
+ default: ""
scm:
script: test-virtual-model-pipeline.groovy
type: git
diff --git a/jenkins/client/job/salt-formulas/tests.yml b/jenkins/client/job/salt-formulas/tests.yml
index d1dc00b..ca8d0a5 100644
--- a/jenkins/client/job/salt-formulas/tests.yml
+++ b/jenkins/client/job/salt-formulas/tests.yml
@@ -160,7 +160,7 @@
param:
SALT_VERSION:
type: string
- default: ""
+ default: "2017.7.7"
description: "Version of salt for use in test, empty string means latest (default)"
SALT_OPTS:
type: string
@@ -183,6 +183,7 @@
RUN_TEST_IN_DOCKER:
type: boolean
description: "Run test stage in docker environment"
+ default: 'true'
SMOKE_TEST_DOCKER_IMG:
type: string
default: "ubuntu:16.04"
diff --git a/jenkins/client/job/salt-models/generate.yml b/jenkins/client/job/salt-models/generate.yml
index 39af9b8..73f815d 100644
--- a/jenkins/client/job/salt-models/generate.yml
+++ b/jenkins/client/job/salt-models/generate.yml
@@ -32,8 +32,8 @@
type: string
TEST_MODEL:
type: boolean
- default: false
+ default: true
RECLASS_VERSION:
type: string
default: 'v1.5.4'
- description: "Version (branch) of Reclass we will use"
+ description: "Version (branch) of Reclass we will use.pip+git package"
diff --git a/jenkins/client/job/validate.yml b/jenkins/client/job/validate.yml
index a020a73..112cb3d 100644
--- a/jenkins/client/job/validate.yml
+++ b/jenkins/client/job/validate.yml
@@ -206,12 +206,12 @@
description: e.g. skipped_nodes=nal01.local.com,ntw01.local.com
TESTS_SET:
type: string
- default: "cvp-sanity-check/cvp_checks/tests/"
- description: Leave empty for full run or choose a file, e.g. test_mtu.py
+ default: "cvp-sanity-checks/cvp_checks/tests/"
+ description: "Leave as is for full run or add a filename, e.g. _default_path_/test_mtu.py"
PROXY:
type: string
default: ""
- description: Proxy address to clone repo and install python requirements
+ description: "Proxy address to use to access the Internet. For offline mode, use \"offline\" value."
cvp-func:
type: workflow-scm
name: cvp-func
@@ -246,7 +246,7 @@
description: Credentials to the Salt API
TEST_IMAGE:
type: string
- default: "xrally/xrally-openstack:0.9.1"
+ default: "xrally/xrally-openstack:0.9.2"
description: Docker image to use for running Rally/Tempest
TARGET_NODE:
type: string
@@ -255,7 +255,7 @@
PROXY:
type: string
default: ""
- description: Proxy address to clone repo and install python requirements
+ description: "Proxy address to use to access the Internet. For offline mode, use \"offline\" value."
TEMPEST_TEST_PATTERN:
type: string
default: "set=smoke"
@@ -309,7 +309,7 @@
description: Node where container with tempest will be run
TEST_IMAGE:
type: string
- default: "xrally/xrally-openstack:0.9.1"
+ default: "xrally/xrally-openstack:0.9.2"
description: Docker image to use for running Rally/Tempest
TARGET_NODES:
type: string
@@ -330,7 +330,7 @@
PROXY:
type: string
default: ""
- description: Proxy address to clone repo and install python requirements
+ description: "Proxy address to use to access the Internet. For offline mode, use \"offline\" value."
TEMPEST_TEST_PATTERN:
type: string
default: "set=smoke"
@@ -373,7 +373,7 @@
description: Path to scenario file in container
TEST_IMAGE:
type: string
- default: "xrally/xrally-openstack:0.9.1"
+ default: "xrally/xrally-openstack:0.9.2"
description: Docker image to use for running Rally/Tempest
SALT_MASTER_URL:
type: string
@@ -390,9 +390,11 @@
TOOLS_REPO:
type: string
default: "https://github.com/Mirantis/cvp-configuration"
+ description: URL of repo where testing tools, scenarios, configs are located.
PROXY:
type: string
default: ""
+ description: "Proxy address to use to access the Internet. For offline mode, use \"offline\" value."
cvp-stacklight:
type: workflow-scm
name: cvp-stacklight
@@ -419,7 +421,7 @@
default: "salt"
TESTS_REPO:
type: string
- default: "https://github.com/legan4ik/stacklight-pytest"
+ default: "https://github.com/Mirantis/stacklight-pytest -b cvp_stacklight"
description: Url for cvp-stacklight-tests
TESTS_SETTINGS:
type: string
@@ -428,11 +430,11 @@
TESTS_SET:
type: string
default: "stacklight-pytest/stacklight_tests/tests/prometheus/"
- description: "Leave empty for full run or choose a file, e.g. test_dashboards.py"
+ description: "Leave as is for full run or add a filename, e.g. _default_path_/test_dashboards.py"
PROXY:
type: string
default: ""
- description: Proxy address to clone repo and install python requirements
+ description: "Proxy address to use to access the Internet. For offline mode, use \"offline\" value."
cvp-spt:
type: workflow-scm
name: cvp-spt
@@ -468,8 +470,8 @@
TESTS_SET:
type: string
default: "cvp-spt/cvp_spt/tests/"
- description: "Leave empty for full run or choose a file, e.g. test_glance.py"
+ description: "Leave as is for full run or add a filename, e.g. _default_path_/test_glance.py"
PROXY:
type: string
default: ""
- description: Proxy address to clone repo and install python requirements
+ description: "Proxy address to use to access the Internet. For offline mode, use \"offline\" value."
diff --git a/keystone/server/cluster.yml b/keystone/server/cluster.yml
index 7e6980b..c9642bd 100644
--- a/keystone/server/cluster.yml
+++ b/keystone/server/cluster.yml
@@ -3,6 +3,8 @@
- service.keepalived.cluster.single
- system.haproxy.proxy.listen.openstack.keystone
- system.haproxy.proxy.listen.openstack.keystone.standalone
+- system.linux.system.users.keystone
+- system.keystone.server.fernet_rotation.cluster
parameters:
_param:
keystone_tokens_expiration: 3600
diff --git a/keystone/server/fernet_rotation/cluster.yml b/keystone/server/fernet_rotation/cluster.yml
new file mode 100644
index 0000000..a4aad33
--- /dev/null
+++ b/keystone/server/fernet_rotation/cluster.yml
@@ -0,0 +1,38 @@
+parameters:
+ _param:
+ fernet_rotation_driver: 'rsync'
+ credential_rotation_driver: 'rsync'
+ keystone:
+ server:
+ tokens:
+ fernet_sync_nodes_list:
+ sync_node01:
+ name: ${_param:cluster_node02_hostname}
+ enabled: True
+ sync_node02:
+ name: ${_param:cluster_node03_hostname}
+ enabled: True
+ fernet_rotation_driver: ${_param:fernet_rotation_driver}
+ credential:
+ credential_sync_nodes_list:
+ sync_node01:
+ name: ${_param:cluster_node02_hostname}
+ enabled: True
+ sync_node02:
+ name: ${_param:cluster_node03_hostname}
+ enabled: True
+ credential_rotation_driver: ${_param:credential_rotation_driver}
+ linux:
+ system:
+ job:
+ keystone_fernet_rotate_rsync:
+ command: '/var/lib/keystone/keystone_keys_rotate.sh -r -s -t fernet >> /var/log/keystone/keystone-rotate.log 2>> /var/log/keystone/keystone-rotate.log'
+ enabled: true
+ user: keystone
+ minute: 0
+ keystone_credential_rotate_rsync:
+ command: '/var/lib/keystone/keystone_keys_rotate.sh -r -s -t credential >> /var/log/keystone/keystone-rotate.log 2>> /var/log/keystone/keystone-rotate.log'
+ enabled: true
+ user: keystone
+ hour: 0
+ minute: 0
diff --git a/keystone/server/fernet_rotation/single.yml b/keystone/server/fernet_rotation/single.yml
new file mode 100644
index 0000000..de5ca6a
--- /dev/null
+++ b/keystone/server/fernet_rotation/single.yml
@@ -0,0 +1,24 @@
+parameters:
+ _param:
+ fernet_rotation_driver: 'rsync'
+ credential_rotation_driver: 'rsync'
+ keystone:
+ server:
+ tokens:
+ fernet_rotation_driver: ${_param:fernet_rotation_driver}
+ credential:
+ credential_rotation_driver: ${_param:credential_rotation_driver}
+ linux:
+ system:
+ job:
+ keystone_fernet_rotate_rsync:
+ command: '/var/lib/keystone/keystone_keys_rotate.sh -r -t fernet >> /var/log/keystone/keystone-rotate.log 2>> /var/log/keystone/keystone-rotate.log'
+ enabled: true
+ user: keystone
+ minute: 0
+ keystone_credential_rotate_rsync:
+ command: '/var/lib/keystone/keystone_keys_rotate.sh -r -t credential >> /var/log/keystone/keystone-rotate.log 2>> /var/log/keystone/keystone-rotate.log'
+ enabled: true
+ user: keystone
+ hour: 0
+ minute: 0
diff --git a/keystone/server/single.yml b/keystone/server/single.yml
index 2b1e89e..e1131c0 100644
--- a/keystone/server/single.yml
+++ b/keystone/server/single.yml
@@ -1,5 +1,7 @@
classes:
- service.keystone.server.single
+- system.linux.system.users.keystone
+- system.keystone.server.fernet_rotation.single
parameters:
_param:
keystone_service_token: token
diff --git a/linux/system/banner.yml b/linux/system/banner.yml
index 173a044..55b417f 100644
--- a/linux/system/banner.yml
+++ b/linux/system/banner.yml
@@ -8,9 +8,9 @@
contents: |
=================================== WARNING ====================================
You have accessed a computer managed by ${_param:banner_company_name}.
- You are required to have authorisation from ${_param:banner_company_name}
+ You are required to have authorization from ${_param:banner_company_name}
before you proceed and you are strictly limited to use set out within that
- authorisation. Unauthorised access to or misuse of this system is prohibited
+ authorization. Unauthorized access to or misuse of this system is prohibited
and constitutes an offence under the Computer Misuse Act 1990.
If you disclose any information obtained through this system without authority
${_param:banner_company_name} may take legal action against you.
diff --git a/linux/system/motd/static.yml b/linux/system/motd/static.yml
index c0e23c0..831a84e 100644
--- a/linux/system/motd/static.yml
+++ b/linux/system/motd/static.yml
@@ -6,9 +6,9 @@
motd: |
=================================== WARNING ====================================
You have accessed a computer managed by ${_param:motd_company_name}.
- You are required to have authorisation from ${_param:motd_company_name}
+ You are required to have authorization from ${_param:motd_company_name}
before you proceed and you are strictly limited to use set out within that
- authorisation. Unauthorised access to or misuse of this system is prohibited
+ authorization. Unauthorized access to or misuse of this system is prohibited
and constitutes an offence under the Computer Misuse Act 1990.
If you disclose any information obtained through this system without
authority ${_param:motd_company_name} may take legal action against you.
diff --git a/linux/system/repo/keystorage/percona.yml b/linux/system/repo/keystorage/percona.yml
new file mode 100644
index 0000000..809f3cb
--- /dev/null
+++ b/linux/system/repo/keystorage/percona.yml
@@ -0,0 +1,86 @@
+parameters:
+ linux:
+ system:
+ repo:
+ mcp_percona:
+ # Percona Development Team (Packaging key) <info@percona.com>
+ # pub 4096R/8507EFA5 2016-06-30
+ key: |
+ -----BEGIN PGP PUBLIC KEY BLOCK-----
+ Version: GnuPG v1
+
+ mQINBFd0veABEADyFa8jPHXhhX1XS9W7Og4p+jLxB0aowElk4Kt6lb/mYjwKmQ77
+ 9ZKUAvb1xRYFU1/NEaykEl/jxE7RA/fqlqheZzBblB3WLIPM0sMfh/D4fyFCaKKF
+ k2CSwXtYfhk9DOsBP2K+ZEg0PoLqMbLIBUxPl61ZIy2tnF3G+gCfGu6pMHK7WTtI
+ nnruMKk51s9Itc9vUeUvRGDcFIiEEq0xJhEX/7J/WAReD5Am/kD4CvkkunSqbhhu
+ B6DV9tAeEFtDppEHdFDzfHfTOwlHLgTvgVETDgLgTRXzztgBVKl7Gdvc3ulbtowB
+ uBtbuRr49+QIlcBdFZmM6gA4V5P9/qrkUaarvuIkXWQYs9/8oCd3SRluhdxXs3xX
+ 1/gQQXYHUhcdAWrqS56txncXf0cnO2v5kO5rlOX1ovpNQsc69R52LJKOLA1Kmjca
+ JNtC+4e+SF2upK14gtXK384z7owXYUA4NRZOEu+UAw7wAoiIWPUfzMEHYi8I3Rsz
+ EtpVyOQC5YyYgwzIdt4YxlVJ0CUoinvtIygies8LkA5GQvaGJHYG1aQ3i9WDddCX
+ wtoV1uA4EZlEWjTXlSRc92jhSKut/EWbmYHEUhmvcfFErrxUPqirpVZHSaXY5Rdh
+ KVFyx9JcRuIQ0SJxeHQPlaEkyhKpTDN5Cw7USLwoXfIu2w0w0W06LdXZ7wARAQAB
+ tDtQZXJjb25hIERldmVsb3BtZW50IFRlYW0gKFBhY2thZ2luZyBrZXkpIDxpbmZv
+ QHBlcmNvbmEuY29tPokCNwQTAQgAIQUCWwLC+wIbAwULCQgHAgYVCAkKCwIEFgID
+ AQIeAQIXgAAKCRCTNKJfhQfvpYf+D/oD7dFS0eXR4OH2g8CACNeTWB2EJ57W0gyL
+ wko42IjBSOSogB4BMm/3vlk8PefikTU5+Z/fYK3OIJV7kMIEXNfnNzr3QWvafHRR
+ qGUoTmvP29O5Y4s7oGllIUOlr9gwtSGfHnjtF+WZBhko2uH6KvXBJay28ye4S8sS
+ zDQdk8RULFN4hfIT4duOjo7Clf4iZtoUX7bVN32NRYH8Ss4IvbdDOAjlzjQa+NgO
+ SEsDvP3DwRoZQcAIMXngOMlPa/SA87pAcOup/8AvX3i7F7ZfWkKys3jpoSRyt0Ol
+ InpOrlJqJY4ugSxNkCgz+21kb1EVtIjSY8LAMPzZ5OAiiG0MyOTUyKFhzAkE1Mn3
+ Cs9TzNjybPlvPGt6CsckjgReL2XQBqITRsmLOwzWguuqduBlPISVoeGUPpEBj7Hv
+ Ca7p9QbEaXtN5JmlAFLwPTuM4S5IxG5bEXMFECKL45J8F9G/EGs/qO/HSebQsJ/+
+ i5Ct6gElUwIOaaCUPpWG0qwR2aP4QAndvLsaGN7v6BmtLYw8+n5vjIueFXh/gRyI
+ 8eOIxrCUYhukkdM+YQ0h6Xd+X8FvHdYRGHmW86Ro2HkBqqKyXbab04+769jpzCdM
+ b0oKzXapU94mKuWZ+fOncshTpUN17neFzb1YIc2kcwb3rQxDJNd7IR3mq+d3yapk
+ vTYlP7uFk7RGUGVyY29uYSBNeVNRTCBEZXZlbG9wbWVudCBUZWFtIChQYWNrYWdp
+ bmcga2V5KSA8bXlzcWwtZGV2QHBlcmNvbmEuY29tPokCOQQwAQgAIwUCWwLD2Rwd
+ IFVzZXIgSUQgaXMgbm8gbG9uZ2VyIHZhbGlkAAoJEJM0ol+FB++lW4UQALX2/ofm
+ ALXhdC0nlh4X1MJLPpmLjyZKTyK3YNOUJukzGW0LVGIq4SAvPxw4oc4zQ1PCQuUG
+ oj062Fd4sWF1oGFQBOVUAebnyCOcAE1ybcpw9FhdB6ZGa0hTx1RD9jg+OT8e1u62
+ XbQyRuLBbbncyIt/lhTcqnCVv14auolAVLuFqiFx5uk2n1x5Y5bs6ABt9Ka0MhYZ
+ m6Qyhm0kGNYn+AiHEwNgdAboe155zp2augVVDmGS+s+tVD60nnWzZLsZGCCZh2gJ
+ jyxxXNaIeY7OyaMRQFa3gBVGd7UeJZ1d3MR4nR7wlKMUXSC8a0l+bkgi/sgyAJNg
+ X3bCiEDRIGxGv/Dgg1/ahKVEch/W0Y+0DyifPzAFtnCBH0c2GJUrU8/c2i1iKhYf
+ /r/711136Oqd5LDROQGzo4dnzdTs3qEeWdIVkgSwaLUFrw6Kq0tAnZSqHK2WQw3C
+ 1oPdlBMimysOhJnwsmYbtlgRF2/rU7QiuJvMHXqBPfOSHKRcy5hoa5S2+PCe/IXB
+ Qmod1MlmfsUH6TjwC5SWGFaIm76+ROsiQKie28fAqRLKqeNvuaMqxTsVpYofQZXE
+ JcSyhwhTcaQxsrYYM+4z8sbdxiIqR7PW6BthsAKCrOr6U53Pm00+yI16Tt7FNcVc
+ wHl+lRTe/EhDQ93LvbFvB4/Svx/GLdlvdsHaiQI3BBMBCgAhBQJXdL3gAhsDBQsJ
+ CAcDBRUKCQgLBRYCAwEAAh4BAheAAAoJEJM0ol+FB++l4koQAKkrRP+K/p/TGlnq
+ lbNyS5gdSIB1hxT3iFwIdF9EPZq0U+msh8OY7omV/82rJp4T5cIJFvivtWQpEwpU
+ jJtqBzVrQlF+12D1RFPSoXkmk6t4opAmCsAmAtRHaXIzU9WGJETaHl57Trv5IPMv
+ 15X3TmLnk1mDMSImJoxWJMyUHzA37BlPjvqQZv5meuweLCbL4qJS015s7Uz+1f/F
+ siDLsrlE0iYCAScfBeRSKF4MSnk5huIGgncaltKJPnNYppXUb2wt+4X2dpY3/V0B
+ oiG8YBxV6N7sA7lC/OoYF6+H3DMlSxGBQEb1i9b6ypwZIbG6CnM2abLqO67D3XGx
+ 559/FtAgxrDBX1f63MQKlu+tQ9mOrCvSbt+bMGT6frFopgH6XiSOhOiMmjUazVRB
+ sXRK/HM5qIk5MK0tGPSgpc5tr9NbMDmp58OQZYQscslKhx0EDDYHQyHfYFS2qodu
+ RwQG4BgpZm2xjGM/auCvdZ+pxjqy7dnEXvMVf0i1BylkyW4p+oK5nEwY3KHljsRx
+ uJ0+gjfyj64ihNMSqDX5k38T2GPSXm5XAN+/iazlIuiqPQKLZWUjTOwr2/AA6Azt
+ U/fmsXV2swz8WekqT2fphvWKUOISr3tEGG+HF1iIY43BoAMHYYOcdSI1ZODZq3Wi
+ c+zlN1WzPshDB+d3acxeV5JhstvPuQINBFd0veABEACfuHVbey5qG5P6rRhAX2pd
+ d/f7iwHdcW1+evxCfCR5fHzsO1LRwlHM9GRqlztKzgxzAIfgUXqdMXUs6vW8agfk
+ u553h8gBqrhdq9NH65/YenzV/Sv9c/EGzsBQurau1RC4gfJ4jgAedu4FQKZvVr//
+ 0NTWuJm3el3orYYz4rLq79avSgD7Q/uK8/j71zgCJixsFzjC8ehRlOtMdetPTY36
+ zc2LjQSMTSpE7SvEbrk6yDKpQvZabl3dmkEkBvoFpat7x+i3ZtBCzRFTx2rH/9DW
+ KCO+SuGVBXs8vhLtAvKKjbWGGU9LrmESZcahI6fliH5w28NvpOuJlr8Rn/6jQmJD
+ DPKO50XKM8hpT6DBqIE99YqYLUzXAKf4Y88FyHvlO6kiVbXaOYz1OTqCWVqjaMYF
+ biPW6NgDX0hyE9uG0lfNA9P5edqyPSEaTN+kpD9OVqG6R0uPBCFY8u25NrNRhMqI
+ FQdvI54eEtN0ktFP0FrlFFkg6S+l+3Qsr9sMDKCUVTJ/BkKwqkdhTv5XY4KiIEJQ
+ jvMKr0vH5lYiPDGX/3KsJL+rxJjA++4Wh40WBLYDSDWSAfCPSokg1lRjOaMDhnH5
+ YnUeEk6Mhy61DQRsH+xEpeL/F1L06u0Wh+0iXqKXJA4jvU4XwGSkzg3yaablkYnu
+ n5myhIQYswIdCyEH4Wl3SQARAQABiQIfBBgBCgAJBQJXdL3gAhsMAAoJEJM0ol+F
+ B++lxqkQAIC7jz1CWt+tbKgutLRFcxexNQZoTAAPTk3OjqqeCLWO1cmHtmjNSXTc
+ 5rpX78vPEYQjzQpAARZxAppAdeJHBzm9Qrfiyo7TW8P0Gf9c9p1mPUtl2g0BNvRU
+ 7zYzgCF1aIwKtS+XO2UdTT56Gy5vaxd1BiTg8J9ytkIGSkuSXSOASeGC5RmN3SaD
+ 6yomVa483k9kVhhSOUzKwYK9f2WgGhI1xxpVF5LbbRhCoEz4ia/TqJoWdH/agul3
+ 4AGWOgPRhMu+FEpb/nons73XTwQtcXiZAe9z4ZltVsSciolgRzPwkXxMmWVMme9Y
+ ymVCPTrzxPi6nc6npSZzE275m02u86V2htwD2MbSuGmcTdmAPPfXgQ5XM57ELElD
+ bNA1eN1jZAhzYBLv63X+nNOy6ysuac5Q7ozyBOIpNksLleA0+FzsnYmPlGqzYtnD
+ 6nFglDn898jk/LWkwitL472fh8RRbDYffsXealiy6W2TYKrQl52ajLV7D5PUUS9x
+ SlAPcdPSuXAzh7GhOKDommWwLfPo0uYN3Xja+AkW135ctz4evCpvZjkBTfog07FG
+ lumduUK5fHvJYiSyV1P5SKr4722C8jWCo2YcS+IsZgVFFuY1bG6HtiImpP75IM0G
+ 3g1uyd2OhF9nGDSxjp4kKWnUoGdV0P1bUXaAbvXRzlIcx7dOD7tZ
+ =cTh+
+ -----END PGP PUBLIC KEY BLOCK-----
+
diff --git a/linux/system/repo/mcp/apt_mirantis/percona.yml b/linux/system/repo/mcp/apt_mirantis/percona.yml
new file mode 100644
index 0000000..0cdd192
--- /dev/null
+++ b/linux/system/repo/mcp/apt_mirantis/percona.yml
@@ -0,0 +1,18 @@
+classes:
+- system.linux.system.repo.keystorage.percona
+parameters:
+ _param:
+ apt_mk_version: stable
+ linux_system_repo_url: http://mirror.mirantis.com/${_param:apt_mk_version}/
+ linux_system_repo_mcp_percona_url: ${_param:linux_system_repo_url}/percona/
+ linux:
+ system:
+ repo:
+ mcp_percona:
+ source: "deb ${_param:linux_system_repo_mcp_percona_url}/${_param:linux_system_codename}/ ${_param:linux_system_codename} main"
+ architectures: amd64
+ clean_file: true
+ pin:
+ - pin: "release l=percona"
+ priority: 1100
+ package: '*'
diff --git a/linux/system/users/keystone.yml b/linux/system/users/keystone.yml
new file mode 100644
index 0000000..14e38dd
--- /dev/null
+++ b/linux/system/users/keystone.yml
@@ -0,0 +1,18 @@
+parameters:
+ linux:
+ system:
+ user:
+ keystone:
+ enabled: true
+ name: keystone
+ home: /var/lib/keystone
+ uid: 301
+ gid: 301
+ shell: /bin/false
+ system: True
+ group:
+ keystone:
+ enabled: true
+ name: keystone
+ gid: 301
+ system: True
diff --git a/nginx/server/proxy/openstack_web.yml b/nginx/server/proxy/openstack_web.yml
index ad5ffea..b85527f 100644
--- a/nginx/server/proxy/openstack_web.yml
+++ b/nginx/server/proxy/openstack_web.yml
@@ -36,3 +36,7 @@
host:
name: ${_param:nginx_proxy_openstack_web_host}
port: 80
+ apache:
+ server:
+ bind:
+ listen_default_ports: false
diff --git a/openssh/server/team/mcp_qa.yml b/openssh/server/team/mcp_qa.yml
index b22272a..38e19c3 100644
--- a/openssh/server/team/mcp_qa.yml
+++ b/openssh/server/team/mcp_qa.yml
@@ -156,6 +156,13 @@
full_name: Artem Minasyan
home: /home/aminasyan
email: aminasyan@mirantis.com
+ imenkov:
+ enabled: true
+ name: imenkov
+ sudo: true
+ full_name: Ilya Menkov
+ home: /home/imenkov
+ email: imenkov@mirantis.com
group:
libvirtd:
enabled: true
@@ -284,6 +291,11 @@
public_keys:
- ${public_keys:aminasyan}
user: ${linux:system:user:aminasyan}
+ imenkov:
+ enable: true
+ public_keys:
+ - ${public_keys:imenkov}
+ user: ${linux:system:user:imenkov}
public_keys:
ddmitriev:
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDuD4wJ8hzkchQ0pfgdwWukQyps1xYRfHOsjosmDu/mmgaXVud5mnpwb2q35E2YYTox2mx+ulJqyS+099gz6MPg4P8D5qdMuRbAsJqbceLaaIGQhdT8qgSo7ESrl5pwvYnfWzKLKF0z5s7nrW0nvArC40zhV9o9XpvzzzSFByepWfkwA8ReldGUYVvTKp8YXaCrqEdMZrU42adPM2nl+fYBbGF+h4/Ka247aVjPeER0blV3znFXbv2Kf38G+i/TEGaktgpBdtGGDi1tX2loMypmTJeqZRJnM0Eoly0BnynB7CSxn11eoIXBUe1mVYNqmQd1hw6uh59iymhK5j939v9J ddmitriev@dis_xcom
@@ -333,4 +345,6 @@
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDYj97WGfiL550eVPyQmFyrgpTw61tfins1CpgrZewWqAWJMgYklRdMYl4OReE5UO2po7ag0f/QsOtGU8aQbnxnWUYPZyS3Qk+Bg8OOSBmewPxmT7WH97KdGKBdC9b3xUNFOUXEUOMmOe3jq9YET+xebUnfsA5qwYU5dL9Cb5UAPzVxYI8z5RiaNTo8dtwZr7lbJJRy8YfSWCtiD59vewc6BE2NTUyDjsfmKd9K/IkyKboGU9AC5mLYDsjvWwiGcNdfigRyaYWKmoo7Xhe1W2Og4dpI5pozOwVg7hISW9NRgLXrZP/9me1rFBH7EQjpjO3+Pto1//R3Nx9QLsB59yuj snovikov@snovikov
aminasyan:
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCo9BHw8WdIFOEuY10XvUqHPl1jCqtA8TYntt5Aee2rR8X8pLG9lWjHPFkNArD5upCRvv6f88Xs4QLoEGWMWcbfMkJE4gMNkOWL4As5iNgagw+DybQrA6nXyassHi8le+quwICfJ1v16IXxPgMBCcrRcSYvHKv+n8KsuBH1csRnJ8aHvIZJTL43Eq0F+aj2S0/9D+m2dyRwcmamn6EqX61NfL5UP3422i4JykTXY6I8iwEHs7Er+jPBD7rtJ/q4Kn/bIyT/Vz0tGHiWyVt7B8GBoPb3PgDuzXKvU7OtOxFb3uhANeecjzIz5G5rAsAQcizf+MGCOoBwFLFJTPAharWN artem@Artem
+ imenkov:
+ key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSWoSuHV1FNRuooS3d0nVkTRCwC+Tc585Z1cPcMQns7H1ogLIya//T3gMfxINxCjlF1eek18vI9B5QszZZUL2P7prFxe5EJlt6iM8jD61umkncaTbx6oc8r8xu5ufH9RDxfKHvQX1mhhID5JK+/GoRDIW5Zs7wFSHCrANYV2dtmOfmRSc/qpgh87Z9X10UDymp5MLjpQZzjM+qZCtz6yV14m835j4eiEN7+QZ2XZ/Wtzer7VVdhtjbw8gESSyuPIVf66keuLVUixk0CXosQYrqWDPWpT0Rhh63lnUacgplh74TU+bb+vYRjIHxCgOY2Ex6Pk5jrsroi0YoWtI4SErD imenkov@atopilin-nb-wifi.srt.mirantis.net
diff --git a/reclass/storage/system/openstack_telemetry_cluster.yml b/reclass/storage/system/openstack_telemetry_cluster.yml
index c33a8db..4c688a8 100644
--- a/reclass/storage/system/openstack_telemetry_cluster.yml
+++ b/reclass/storage/system/openstack_telemetry_cluster.yml
@@ -18,6 +18,8 @@
single_address: ${_param:openstack_telemetry_node01_address}
keepalived_vip_priority: 103
openstack_node_role: primary
+ ceilometer_create_gnocchi_resources: true
+ redis_cluster_role: 'master'
openstack_telemetry_node02:
name: ${_param:openstack_telemetry_node02_hostname}
domain: ${_param:cluster_domain}
@@ -29,6 +31,7 @@
single_address: ${_param:openstack_telemetry_node02_address}
keepalived_vip_priority: 102
openstack_node_role: secondary
+ redis_cluster_role: 'slave'
openstack_telemetry_node03:
name: ${_param:openstack_telemetry_node03_hostname}
domain: ${_param:cluster_domain}
@@ -40,3 +43,4 @@
single_address: ${_param:openstack_telemetry_node03_address}
keepalived_vip_priority: 101
openstack_node_role: secondary
+ redis_cluster_role: 'slave'
diff --git a/salt/control/virt.yml b/salt/control/virt.yml
index 0bbb7fa..05bf23d 100644
--- a/salt/control/virt.yml
+++ b/salt/control/virt.yml
@@ -62,4 +62,4 @@
size: 4000000
xxxxhuge:
- system:
- size: 5000000
\ No newline at end of file
+ size: 5000000
diff --git a/salt/master/formula/pkg/openstack.yml b/salt/master/formula/pkg/openstack.yml
index 381ae1a..4717682 100644
--- a/salt/master/formula/pkg/openstack.yml
+++ b/salt/master/formula/pkg/openstack.yml
@@ -34,6 +34,9 @@
glusterfs:
source: pkg
name: salt-formula-glusterfs
+ gnocchi:
+ source: pkg
+ name: salt-formula-gnocchi
designate:
source: pkg
name: salt-formula-designate
@@ -82,6 +85,9 @@
opencontrail:
source: pkg
name: salt-formula-opencontrail
+ panko:
+ source: pkg
+ name: salt-formula-panko
python:
source: pkg
name: salt-formula-python
@@ -97,6 +103,3 @@
supervisor:
source: pkg
name: salt-formula-supervisor
- swift:
- source: pkg
- name: salt-formula-swift
diff --git a/salt/minion/cert/mysql/clients/openstack/nova.yml b/salt/minion/cert/mysql/clients/openstack/nova.yml
new file mode 100644
index 0000000..154a553
--- /dev/null
+++ b/salt/minion/cert/mysql/clients/openstack/nova.yml
@@ -0,0 +1,27 @@
+parameters:
+ _param:
+ salt_minion_ca_host: cfg01.${_param:cluster_domain}
+ salt_minion_ca_authority: salt_master_ca
+ mysql_nova_client_ssl_key_file: /etc/pki/mysql-nova-client/client-key.pem
+ mysql_nova_client_ssl_cert_file: /etc/pki/mysql-nova-client/client-cert.pem
+ mysql_nova_ssl_ca_file: /etc/pki/mysql-nova-client/ca-cert.pem
+ salt:
+ minion:
+ cert:
+ mysql-nova-client:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: mysql-nova-client
+ signing_policy: cert_client
+ alternative_names: >
+ IP:${_param:cluster_local_address},
+ DNS:${_param:cluster_local_address},
+ DNS:${linux:system:name},
+ DNS:${linux:network:fqdn}
+ key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+ key_file: ${_param:mysql_nova_client_ssl_key_file}
+ cert_file: ${_param:mysql_nova_client_ssl_cert_file}
+ ca_file: ${_param:mysql_nova_ssl_ca_file}
+ user: nova
+ group: nova
+ mode: 640
\ No newline at end of file
diff --git a/xtrabackup/server/single.yml b/xtrabackup/server/single.yml
index d1d54fd..f72a92a 100644
--- a/xtrabackup/server/single.yml
+++ b/xtrabackup/server/single.yml
@@ -1,2 +1,6 @@
classes:
- service.xtrabackup.server.single
+parameters:
+ _param:
+ xtrabackup_qpress_source: pkg
+ xtrabackup_qpress_source_name: qpress