Merge "Update run-openscap-xccdf-evaluation Jenkins job"
diff --git a/aptly/server/single.yml b/aptly/server/single.yml
index 9f2d401..55e4b9c 100644
--- a/aptly/server/single.yml
+++ b/aptly/server/single.yml
@@ -8,6 +8,12 @@
aptly_server_secure: true
aptly_server_mirror_sources: false
aptly_server_mirror_ubuntu_sources: ${_param:aptly_server_mirror_sources}
+ linux:
+ system:
+ cron:
+ user:
+ aptly:
+ enabled: true
nginx:
server:
site:
diff --git a/defaults/docker_images.yml b/defaults/docker_images.yml
index ed8599e..b402031 100644
--- a/defaults/docker_images.yml
+++ b/defaults/docker_images.yml
@@ -6,8 +6,8 @@
docker_image_visualizer: "${_param:mcp_docker_registry}/mirantis/external/visualizer:${_param:mcp_version}"
# openldap:1.1.8
docker_image_openldap: "${_param:mcp_docker_registry}/mirantis/external/openldap:${_param:mcp_version}"
- # library/postgres:9.6 #G
- docker_image_postgresql: "${_param:mcp_docker_registry}/mirantis/external/library/postgres:${_param:mcp_version}"
+ # library/postgres:9.6
+ docker_image_postgresql: "${_param:mcp_docker_registry}/mirantis/external/library/postgres:9.6.10"
# library/mongo:3.4 #G
docker_image_mongodb: "${_param:mcp_docker_registry}/mirantis/external/library/mongo:${_param:mcp_version}"
###
diff --git a/defaults/init.yml b/defaults/init.yml
index e98e3ae..9b2b6cf 100644
--- a/defaults/init.yml
+++ b/defaults/init.yml
@@ -15,6 +15,7 @@
- system.defaults.gerrit
- system.defaults.keepalived
- system.defaults.salt
+- system.defaults.stacklight
parameters:
_param:
mcp_version: stable
@@ -32,6 +33,8 @@
# Docker artifact globals
mcp_docker_registry: 'docker-prod-local.artifactory.mirantis.com'
mcp_binary_registry: "https://${_param:mcp_docker_registry}/artifactory/binary-prod-local"
+ # Opencontrail globals
+ opencontrail_version: 4.0
# Other
salt_control_xenial_image_backend: /var/lib/libvirt/images/backends/xenial.qcow2
salt_control_trusty_image_backend: /var/lib/libvirt/images/backends/trusty.qcow2
diff --git a/defaults/linux_system_repo.yml b/defaults/linux_system_repo.yml
index 880194f..b38a11c 100644
--- a/defaults/linux_system_repo.yml
+++ b/defaults/linux_system_repo.yml
@@ -14,7 +14,7 @@
linux_system_repo_mcp_docker_legacy_url: ${_param:linux_system_repo_url}/docker-1.x/
linux_system_repo_mcp_docker_url: ${_param:linux_system_repo_url}/docker/
linux_system_repo_mcp_elasticsearch_curator_url: ${_param:linux_system_repo_url}/elasticsearch-curator-5/
- linux_system_repo_mcp_elasticsearch_url: ${_param:linux_system_repo_url}/elasticsearch-5.x/
+ linux_system_repo_mcp_elasticsearch_url: ${_param:linux_system_repo_url}/elasticsearch-${_param:elasticsearch_version}.x/
linux_system_repo_mcp_extra_url: ${_param:linux_system_repo_url}/extra/
linux_system_repo_mcp_glusterfs_url: ${_param:linux_system_repo_url}/glusterfs-${_param:linux_system_repo_mcp_glusterfs_version_number}/
linux_system_repo_mcp_influxdb_url: ${_param:linux_system_repo_url}/influxdb
@@ -32,6 +32,10 @@
linux_system_repo_update_mirantis_openstack_url: ${_param:linux_system_repo_update_url}/openstack-${_param:openstack_version}/
linux_system_repo_hotfix_mirantis_openstack_url: ${_param:linux_system_repo_hotfix_url}/openstack-${_param:openstack_version}/
#
+ linux_system_repo_opencontrail_url: ${_param:linux_system_repo_url}/opencontrail-${_param:opencontrail_version}/
+ linux_system_repo_update_opencontrail_url: ${_param:linux_system_repo_update_url}/opencontrail-${_param:opencontrail_version}/
+ linux_system_repo_hotfix_opencontrail_url: ${_param:linux_system_repo_hotfix_url}/opencontrail-${_param:opencontrail_version}/
+ #
linux_system_repo_ubuntu_url: ${_param:linux_system_repo_url}/ubuntu/
linux_system_repo_update_ubuntu_url: ${_param:linux_system_repo_update_url}/ubuntu/
linux_system_repo_hotfix_ubuntu_url: ${_param:linux_system_repo_hotfix_url}/ubuntu/
diff --git a/defaults/openstack/init.yml b/defaults/openstack/init.yml
index b1f814c..23f0332 100644
--- a/defaults/openstack/init.yml
+++ b/defaults/openstack/init.yml
@@ -19,8 +19,8 @@
openstack_memcache_security_strategy: 'ENCRYPT'
openstack_memcached_proto_tcp_enabled: True
openstack_memcached_proto_udp_enabled: False
- openstack_old_version: ocata
openstack_version: ocata
+ openstack_old_version: ${_param:openstack_version}
openstack_upgrade_enabled: False
# Cinder
cinder_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
@@ -61,8 +61,8 @@
# Gnocchi
gnocchi_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
gnocchi_memcache_secret_key: ''
- gnocchi_old_version: 4.0
gnocchi_version: 4.0
+ gnocchi_old_version: ${_param:gnocchi_version}
gnocchi_upgrade_enabled: ${_param:openstack_upgrade_enabled}
# Panko
panko_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
diff --git a/defaults/stacklight.yml b/defaults/stacklight.yml
new file mode 100644
index 0000000..1abbb5e
--- /dev/null
+++ b/defaults/stacklight.yml
@@ -0,0 +1,5 @@
+parameters:
+ _param:
+ # ELK stack versions
+ elasticsearch_version: 5
+ kibana_version: 5
diff --git a/docker/swarm/stack/monitoring/sf_notifier.yml b/docker/swarm/stack/monitoring/sf_notifier.yml
index 1fb416f..a66286a 100644
--- a/docker/swarm/stack/monitoring/sf_notifier.yml
+++ b/docker/swarm/stack/monitoring/sf_notifier.yml
@@ -4,6 +4,7 @@
_param:
sf_notifier_workers: 4
sf_notifier_buffer_size: 32768
+ sf_notifier_alert_id_hash_func: sha256
docker:
client:
stack:
@@ -34,6 +35,7 @@
SF_NOTIFIER_WORKERS: ${_param:sf_notifier_workers}
SF_NOTIFIER_BUFFER_SIZE: ${_param:sf_notifier_buffer_size}
SF_NOTIFIER_APP_PORT: ${prometheus:sf_notifier:uwsgi:bind_port}
+ SF_NOTIFIER_ALERT_ID_HASH_FUNC: ${_param:sf_notifier_alert_id_hash_func}
SFDC_AUTH_URL: "${_param:sf_notifier_sfdc_auth_url}"
SFDC_USERNAME: "${_param:sf_notifier_sfdc_username}"
SFDC_PASSWORD: "${_param:sf_notifier_sfdc_password}"
diff --git a/elasticsearch/server/cluster.yml b/elasticsearch/server/cluster.yml
index 1bbe404..76774aa 100644
--- a/elasticsearch/server/cluster.yml
+++ b/elasticsearch/server/cluster.yml
@@ -6,7 +6,6 @@
java_environment_version: "8"
java_environment_platform: openjdk
elasticsearch_cluster_name: elasticsearch
- elasticsearch_version: 5
linux:
system:
sysctl:
diff --git a/elasticsearch/server/single.yml b/elasticsearch/server/single.yml
index 419513d..a044394 100644
--- a/elasticsearch/server/single.yml
+++ b/elasticsearch/server/single.yml
@@ -2,8 +2,6 @@
- service.java.environment.openjdk8
- service.elasticsearch.server.single
parameters:
- _param:
- elasticsearch_version: 5
linux:
system:
sysctl:
diff --git a/jenkins/client/job/deploy/update/cloud_update.yml b/jenkins/client/job/deploy/update/cloud_update.yml
index 4482324..aef20ce 100644
--- a/jenkins/client/job/deploy/update/cloud_update.yml
+++ b/jenkins/client/job/deploy/update/cloud_update.yml
@@ -55,36 +55,28 @@
description: "Stop API services before update"
TARGET_KERNEL_UPDATES:
type: string
- default: "cfg,ctl,prx,msg,dbs"
- description: "Comma separated list of nodes to update kernel if newer version is available (Valid values are cfg,ctl,prx,msg,dbs,log,mon,mtr,ntw,nal,gtw-virtual,cmn,rgw,cid,cmp,kvm,osd,gtw-physical)"
+ default: "cfg,msg,dbs"
+ description: "Comma separated list of nodes to update kernel if newer version is available (Valid values are cfg,msg,dbs,log,mon,mtr,ntw,nal,cmn,rgw,cid,kvm,osd)"
TARGET_REBOOT:
type: string
- default: "cfg,ctl,prx,msg,dbs"
- description: "Comma separated list of nodes to reboot after update or physical machine rollback (Valid values are cfg,ctl,prx,msg,dbs,log,mon,mtr,ntw,nal,gtw-virtual,cmn,rgw,cid,cmp,kvm,osd,gtw-physical)"
+ default: "cfg,msg,dbs"
+ description: "Comma separated list of nodes to reboot after update or physical machine rollback (Valid values are cfg,msg,dbs,log,mon,mtr,ntw,nal,cmn,rgw,cid,kvm,osd)"
TARGET_HIGHSTATE:
type: string
- default: "cfg,ctl,prx,msg,dbs"
- description: "Comma separated list of nodes to run Salt Highstate on after update or physical machine rollback (Valid values are cfg,ctl,prx,msg,dbs,log,mon,mtr,ntw,nal,gtw-virtual,cmn,rgw,cid,cmp,kvm,osd,gtw-physical)"
+ default: "cfg,msg,dbs"
+ description: "Comma separated list of nodes to run Salt Highstate on after update or physical machine rollback (Valid values are cfg,msg,dbs,log,mon,mtr,ntw,nal,cmn,rgw,cid,kvm,osd)"
TARGET_UPDATES:
type: string
- default: "cfg,ctl,prx,msg,dbs"
- description: "Comma separated list of nodes to update (Valid values are cfg,ctl,prx,msg,dbs,log,mon,mtr,ntw,nal,gtw-virtual,cmn,rgw,cid,cmp,kvm,osd,gtw-physical)"
+ default: "cfg,msg,dbs"
+ description: "Comma separated list of nodes to update (Valid values are cfg,msg,dbs,log,mon,mtr,ntw,nal,cmn,rgw,cid,kvm,osd)"
TARGET_ROLLBACKS:
type: string
default: ""
- description: "Comma separated list of nodes to rollback (Valid values are ctl,prx,msg,dbs,log,mon,mtr,ntw,nal,gtw-virtual,cmn,rgw,cmp,kvm,osd,gtw-physical)"
+ description: "Comma separated list of nodes to rollback (Valid values are msg,dbs,log,mon,mtr,ntw,nal,cmn,rgw,kvm,osd)"
TARGET_SNAPSHOT_MERGES:
type: string
default: ""
- description: "Comma separated list of nodes to merge live snapshot for (Valid values are cfg,ctl,prx,msg,dbs,log,mon,mtr,ntw,nal,gtw-virtual,cmn,rgw,cid)"
- CTL_TARGET:
- type: string
- default: "ctl*"
- description: "Salt targeted CTL nodes (ex. ctl*)"
- PRX_TARGET:
- type: string
- default: "prx*"
- description: "Salt targeted PRX nodes (ex. prx*)"
+ description: "Comma separated list of nodes to merge live snapshot for (Valid values are cfg,msg,dbs,log,mon,mtr,ntw,nal,cmn,rgw,cid)"
MSG_TARGET:
type: string
default: "msg*"
@@ -125,10 +117,6 @@
type: string
default: "cid*"
description: "Salt targeted CID nodes (ex. cid*)"
- CMP_TARGET:
- type: string
- default: "cmp001*"
- description: "Salt targeted physical compute nodes (ex. cmp001*)"
KVM_TARGET:
type: string
default: "kvm01*"
@@ -137,10 +125,6 @@
type: string
default: "osd001*"
description: "Salt targeted physical Ceph OSD nodes (ex. osd001*)"
- GTW_TARGET:
- type: string
- default: "gtw01*"
- description: "Salt targeted physical or virtual GTW nodes (ex. gtw01*)"
ROLLBACK_PKG_VERSIONS:
type: string
default: ""
diff --git a/kibana/server/single.yml b/kibana/server/single.yml
index 745c07a..965f274 100644
--- a/kibana/server/single.yml
+++ b/kibana/server/single.yml
@@ -1,8 +1,6 @@
classes:
- service.kibana.server.single
parameters:
- _param:
- kibana_version: 5
kibana:
server:
enabled: true
diff --git a/linux/system/repo/mcp/apt_mirantis/contrail.yml b/linux/system/repo/mcp/apt_mirantis/contrail.yml
new file mode 100644
index 0000000..da8b03c
--- /dev/null
+++ b/linux/system/repo/mcp/apt_mirantis/contrail.yml
@@ -0,0 +1,11 @@
+classes:
+- system.linux.system.repo.keystorage.mirantis_com
+parameters:
+ linux:
+ system:
+ repo:
+ mcp_opencontrail:
+ source: "deb ${_param:linux_system_repo_opencontrail_url}/${_param:linux_system_codename} ${_param:linux_system_codename} main"
+ key: ${_param:linux_system_repo_mirror_mirantis_key}
+ architectures: ${_param:linux_system_architecture}
+ clean_file: true
diff --git a/linux/system/repo/mcp/apt_mirantis/hotfix/contrail.yml b/linux/system/repo/mcp/apt_mirantis/hotfix/contrail.yml
new file mode 100644
index 0000000..bae4104
--- /dev/null
+++ b/linux/system/repo/mcp/apt_mirantis/hotfix/contrail.yml
@@ -0,0 +1,11 @@
+classes:
+- system.linux.system.repo.keystorage.mirantis_com
+parameters:
+ linux:
+ system:
+ repo:
+ mcp_opencontrail_hotfix:
+ source: "deb ${_param:linux_system_repo_hotfix_opencontrail_url}/${_param:linux_system_codename} ${_param:linux_system_codename} main"
+ key: ${_param:linux_system_repo_mirror_mirantis_key}
+ architectures: ${_param:linux_system_architecture}
+ clean_file: true
diff --git a/linux/system/repo/mcp/apt_mirantis/update/contrail.yml b/linux/system/repo/mcp/apt_mirantis/update/contrail.yml
new file mode 100644
index 0000000..503b9ea
--- /dev/null
+++ b/linux/system/repo/mcp/apt_mirantis/update/contrail.yml
@@ -0,0 +1,11 @@
+classes:
+- system.linux.system.repo.keystorage.mirantis_com
+parameters:
+ linux:
+ system:
+ repo:
+ mcp_opencontrail_update:
+ source: "deb ${_param:linux_system_repo_update_opencontrail_url}/${_param:linux_system_codename} ${_param:linux_system_codename} main"
+ key: ${_param:linux_system_repo_mirror_mirantis_key}
+ architectures: ${_param:linux_system_architecture}
+ clean_file: true
diff --git a/linux/system/repo/mcp/contrail.yml b/linux/system/repo/mcp/contrail.yml
index 3211f78..b0e9994 100644
--- a/linux/system/repo/mcp/contrail.yml
+++ b/linux/system/repo/mcp/contrail.yml
@@ -1,3 +1,4 @@
+# DEPRECATED since 2018.12+ release.
parameters:
_param:
linux_repo_contrail_component: oc311
diff --git a/maas/region/single.yml b/maas/region/single.yml
index e7c7078..309ef34 100644
--- a/maas/region/single.yml
+++ b/maas/region/single.yml
@@ -16,7 +16,24 @@
xenial:
extra_pkgs:
enabled: true
- pkgs: [ "linux-headers-virtual-hwe-16.04", "linux-image-extra-virtual-hwe-16.04" ]
+ pkgs:
+ - linux-headers-virtual-hwe-16.04
+ - linux-image-extra-virtual-hwe-16.04
+ - acpid
+ - apt-transport-https
+ - bridge-utils
+ - curl
+ - dbus
+ - ethtool
+ - ifenslave
+ - iptables
+ - iputils-ping
+ - lsof
+ - strace
+ - tcpdump
+ - traceroute
+ - vlan
+ - wget
kernel_package:
enabled: true
value: 'linux-image-virtual-hwe-16.04'