Merge "MPC Lab refactor"
diff --git a/.releasenotes/notes/add-fwaas-d4dea7f376eb3f83.yaml b/.releasenotes/notes/add-fwaas-d4dea7f376eb3f83.yaml
new file mode 100644
index 0000000..69c6ad2
--- /dev/null
+++ b/.releasenotes/notes/add-fwaas-d4dea7f376eb3f83.yaml
@@ -0,0 +1,19 @@
+---
+features:
+ - |
+ Add system level metadata class required to enable FWaaS in Neutron.
+
+ The Firewall-as-a-Service (FWaaS) plug-in applies firewalls to OpenStack
+ objects such as projects, routers, router ports, as well as to VM ports
+ and SFC ports in FWaaS V2.
+
+ To enable FWaaS add the ``system.neutron.fwaas`` class to nodes with
+ control, gateway and, if the Neutron DVR feature is enabled, compute roles.
+
+ By default the FWaaS V1 is installed. To install FWaaS V2 redefine the
+ ``fwaas_version`` parameter on the cluster level:
+
+ .. code-block:: yaml
+
+ fwaas_version: v2
+
diff --git a/.releasenotes/notes/add-influxdb-relay-dc8bd245bebec442.yaml b/.releasenotes/notes/add-influxdb-relay-dc8bd245bebec442.yaml
new file mode 100644
index 0000000..2ccc60c
--- /dev/null
+++ b/.releasenotes/notes/add-influxdb-relay-dc8bd245bebec442.yaml
@@ -0,0 +1,15 @@
+---
+features:
+ - |
+ Added system metadata classes to deploy the InfluxDB relay service.
+
+ The InfluxDB relay service replicates the InfluxDB data to a cluster of
+ InfluxDB servers for HA.
+
+ For more details about the service, see the `GitHub project
+ <https://github.com/influxdata/influxdb-relay>`_ page.
+
+ To enable it, add the ``system.influxdb.relay.cluster`` class to the
+ Telemetry nodes and change
+ ``system.haproxy.proxy.listen.stacklight.influxdb`` to
+ ``system.haproxy.proxy.listen.stacklight.influxdb_relay``.
diff --git a/aptly/server/docker.yml b/aptly/server/docker.yml
index 3fa0a8e1..4e70a92 100644
--- a/aptly/server/docker.yml
+++ b/aptly/server/docker.yml
@@ -6,6 +6,8 @@
aptly_gpg_keypair_id: none
aptly_gpg_public_key: none
aptly_gpg_private_key: none
+ aptly_server_mirror_sources: false
+ aptly_server_mirror_ubuntu_sources: ${_param:aptly_server_mirror_sources}
aptly:
server:
enabled: true
diff --git a/aptly/server/mirror/ubuntu/trusty/ubuntu.yml b/aptly/server/mirror/ubuntu/trusty/ubuntu.yml
index 3cd7c7b..3495967 100644
--- a/aptly/server/mirror/ubuntu/trusty/ubuntu.yml
+++ b/aptly/server/mirror/ubuntu/trusty/ubuntu.yml
@@ -1,6 +1,7 @@
parameters:
_param:
linux_system_country_code: cz
+ aptly_server_mirror_ubuntu_trusty_sources: ${_param:aptly_server_mirror_ubuntu_sources}
aptly:
server:
mirror:
@@ -8,6 +9,7 @@
trusty-main:
source: http://${_param:linux_system_country_code}.archive.ubuntu.com/ubuntu/
distribution: trusty
+ sources: ${_param:aptly_server_mirror_ubuntu_trusty_sources}
components: main
architectures: amd64
gpgkeys:
@@ -21,6 +23,7 @@
trusty-multiverse:
source: http://${_param:linux_system_country_code}.archive.ubuntu.com/ubuntu/
distribution: trusty
+ sources: ${_param:aptly_server_mirror_ubuntu_trusty_sources}
components: multiverse
architectures: amd64
gpgkeys:
@@ -33,6 +36,7 @@
- ubuntu/trusty
trusty-restricted:
source: http://${_param:linux_system_country_code}.archive.ubuntu.com/ubuntu/
+ sources: ${_param:aptly_server_mirror_ubuntu_trusty_sources}
distribution: trusty
components: restricted
architectures: amd64
@@ -46,6 +50,7 @@
- ubuntu/trusty
trusty-universe:
source: http://${_param:linux_system_country_code}.archive.ubuntu.com/ubuntu/
+ sources: ${_param:aptly_server_mirror_ubuntu_trusty_sources}
distribution: trusty
components: universe
architectures: amd64
@@ -61,6 +66,7 @@
# trusty-updates
trusty-updates-main:
source: http://${_param:linux_system_country_code}.archive.ubuntu.com/ubuntu/
+ sources: ${_param:aptly_server_mirror_ubuntu_trusty_sources}
distribution: trusty-updates
components: main
architectures: amd64
@@ -74,6 +80,7 @@
- ubuntu/trusty-updates
trusty-updates-multiverse:
source: http://${_param:linux_system_country_code}.archive.ubuntu.com/ubuntu/
+ sources: ${_param:aptly_server_mirror_ubuntu_trusty_sources}
distribution: trusty-updates
components: multiverse
architectures: amd64
@@ -87,6 +94,7 @@
- ubuntu/trusty-updates
trusty-updates-restricted:
source: http://${_param:linux_system_country_code}.archive.ubuntu.com/ubuntu/
+ sources: ${_param:aptly_server_mirror_ubuntu_trusty_sources}
distribution: trusty-updates
components: restricted
architectures: amd64
@@ -100,6 +108,7 @@
- ubuntu/trusty-updates
trusty-updates-universe:
source: http://${_param:linux_system_country_code}.archive.ubuntu.com/ubuntu/
+ sources: ${_param:aptly_server_mirror_ubuntu_trusty_sources}
distribution: trusty-updates
components: universe
architectures: amd64
@@ -115,6 +124,7 @@
#trusty-security:
trusty-security-main:
source: http://${_param:linux_system_country_code}.archive.ubuntu.com/ubuntu/
+ sources: ${_param:aptly_server_mirror_ubuntu_trusty_sources}
distribution: trusty-security
components: main
architectures: amd64
@@ -128,6 +138,7 @@
- ubuntu/trusty-security
trusty-security-multiverse:
source: http://${_param:linux_system_country_code}.archive.ubuntu.com/ubuntu/
+ sources: ${_param:aptly_server_mirror_ubuntu_trusty_sources}
distribution: trusty-security
components: multiverse
architectures: amd64
@@ -141,6 +152,7 @@
- ubuntu/trusty-security
trusty-security-restricted:
source: http://${_param:linux_system_country_code}.archive.ubuntu.com/ubuntu/
+ sources: ${_param:aptly_server_mirror_ubuntu_trusty_sources}
distribution: trusty-security
components: restricted
architectures: amd64
@@ -154,6 +166,7 @@
- ubuntu/trusty-security
trusty-security-universe:
source: http://${_param:linux_system_country_code}.archive.ubuntu.com/ubuntu/
+ sources: ${_param:aptly_server_mirror_ubuntu_trusty_sources}
distribution: trusty-security
components: universe
architectures: amd64
@@ -169,6 +182,7 @@
#trusty-proposed:
trusty-proposed-main:
source: http://${_param:linux_system_country_code}.archive.ubuntu.com/ubuntu/
+ sources: ${_param:aptly_server_mirror_ubuntu_trusty_sources}
distribution: trusty-proposed
components: main
architectures: amd64
@@ -182,6 +196,7 @@
- ubuntu/trusty-proposed
trusty-proposed-multiverse:
source: http://${_param:linux_system_country_code}.archive.ubuntu.com/ubuntu/
+ sources: ${_param:aptly_server_mirror_ubuntu_trusty_sources}
distribution: trusty-proposed
components: multiverse
architectures: amd64
@@ -195,6 +210,7 @@
- ubuntu/trusty-proposed
trusty-proposed-restricted:
source: http://${_param:linux_system_country_code}.archive.ubuntu.com/ubuntu/
+ sources: ${_param:aptly_server_mirror_ubuntu_trusty_sources}
distribution: trusty-proposed
components: restricted
architectures: amd64
@@ -208,6 +224,7 @@
- ubuntu/trusty-proposed
trusty-proposed-universe:
source: http://${_param:linux_system_country_code}.archive.ubuntu.com/ubuntu/
+ sources: ${_param:aptly_server_mirror_ubuntu_trusty_sources}
distribution: trusty-proposed
components: universe
architectures: amd64
@@ -223,6 +240,7 @@
#trusty-backports:
trusty-backports-main:
source: http://${_param:linux_system_country_code}.archive.ubuntu.com/ubuntu/
+ sources: ${_param:aptly_server_mirror_ubuntu_trusty_sources}
distribution: trusty-backports
components: main
architectures: amd64
@@ -236,6 +254,7 @@
- ubuntu/trusty-backports
trusty-backports-multiverse:
source: http://${_param:linux_system_country_code}.archive.ubuntu.com/ubuntu/
+ sources: ${_param:aptly_server_mirror_ubuntu_trusty_sources}
distribution: trusty-backports
components: multiverse
architectures: amd64
@@ -249,6 +268,7 @@
- ubuntu/trusty-backports
trusty-backports-restricted:
source: http://${_param:linux_system_country_code}.archive.ubuntu.com/ubuntu/
+ sources: ${_param:aptly_server_mirror_ubuntu_trusty_sources}
distribution: trusty-backports
components: restricted
architectures: amd64
@@ -262,6 +282,7 @@
- ubuntu/trusty-backports
trusty-backports-universe:
source: http://${_param:linux_system_country_code}.archive.ubuntu.com/ubuntu/
+ sources: ${_param:aptly_server_mirror_ubuntu_trusty_sources}
distribution: trusty-backports
components: universe
architectures: amd64
diff --git a/aptly/server/mirror/ubuntu/xenial/ubuntu.yml b/aptly/server/mirror/ubuntu/xenial/ubuntu.yml
index 4675063..6b41aee 100644
--- a/aptly/server/mirror/ubuntu/xenial/ubuntu.yml
+++ b/aptly/server/mirror/ubuntu/xenial/ubuntu.yml
@@ -2,12 +2,13 @@
_param:
linux_system_country_code_default: cz
linux_system_country_code: ${_param:linux_system_country_code_default}
+ aptly_server_mirror_ubuntu_xenial_sources: ${_param:aptly_server_mirror_ubuntu_sources}
aptly:
server:
mirror:
# xenial
xenial-main:
- sources: true
+ sources: ${_param:aptly_server_mirror_ubuntu_xenial_sources}
source: http://${_param:linux_system_country_code}.archive.ubuntu.com/ubuntu/
distribution: xenial
components: main
@@ -21,7 +22,7 @@
distributions:
- ubuntu/xenial
xenial-multiverse:
- sources: true
+ sources: ${_param:aptly_server_mirror_ubuntu_xenial_sources}
source: http://${_param:linux_system_country_code}.archive.ubuntu.com/ubuntu/
distribution: xenial
components: multiverse
@@ -35,7 +36,7 @@
distributions:
- ubuntu/xenial
xenial-restricted:
- sources: true
+ sources: ${_param:aptly_server_mirror_ubuntu_xenial_sources}
source: http://${_param:linux_system_country_code}.archive.ubuntu.com/ubuntu/
distribution: xenial
components: restricted
@@ -49,7 +50,7 @@
distributions:
- ubuntu/xenial
xenial-universe:
- sources: true
+ sources: ${_param:aptly_server_mirror_ubuntu_xenial_sources}
source: http://${_param:linux_system_country_code}.archive.ubuntu.com/ubuntu/
distribution: xenial
components: universe
@@ -65,7 +66,7 @@
# xenial-updates
xenial-updates-main:
- sources: true
+ sources: ${_param:aptly_server_mirror_ubuntu_xenial_sources}
source: http://${_param:linux_system_country_code}.archive.ubuntu.com/ubuntu/
distribution: xenial-updates
components: main
@@ -79,7 +80,7 @@
distributions:
- ubuntu/xenial-updates
xenial-updates-multiverse:
- sources: true
+ sources: ${_param:aptly_server_mirror_ubuntu_xenial_sources}
source: http://${_param:linux_system_country_code}.archive.ubuntu.com/ubuntu/
distribution: xenial-updates
components: multiverse
@@ -93,7 +94,7 @@
distributions:
- ubuntu/xenial-updates
xenial-updates-restricted:
- sources: true
+ sources: ${_param:aptly_server_mirror_ubuntu_xenial_sources}
source: http://${_param:linux_system_country_code}.archive.ubuntu.com/ubuntu/
distribution: xenial-updates
components: restricted
@@ -107,7 +108,7 @@
distributions:
- ubuntu/xenial-updates
xenial-updates-universe:
- sources: true
+ sources: ${_param:aptly_server_mirror_ubuntu_xenial_sources}
source: http://${_param:linux_system_country_code}.archive.ubuntu.com/ubuntu/
distribution: xenial-updates
components: universe
@@ -123,7 +124,7 @@
#xenial-security:
xenial-security-main:
- sources: true
+ sources: ${_param:aptly_server_mirror_ubuntu_xenial_sources}
source: http://${_param:linux_system_country_code}.archive.ubuntu.com/ubuntu/
distribution: xenial-security
components: main
@@ -137,7 +138,7 @@
distributions:
- ubuntu/xenial-security
xenial-security-multiverse:
- sources: true
+ sources: ${_param:aptly_server_mirror_ubuntu_xenial_sources}
source: http://${_param:linux_system_country_code}.archive.ubuntu.com/ubuntu/
distribution: xenial-security
components: multiverse
@@ -151,7 +152,7 @@
distributions:
- ubuntu/xenial-security
xenial-security-restricted:
- sources: true
+ sources: ${_param:aptly_server_mirror_ubuntu_xenial_sources}
source: http://${_param:linux_system_country_code}.archive.ubuntu.com/ubuntu/
distribution: xenial-security
components: restricted
@@ -165,7 +166,7 @@
distributions:
- ubuntu/xenial-security
xenial-security-universe:
- sources: true
+ sources: ${_param:aptly_server_mirror_ubuntu_xenial_sources}
source: http://${_param:linux_system_country_code}.archive.ubuntu.com/ubuntu/
distribution: xenial-security
components: universe
@@ -181,7 +182,7 @@
#xenial-proposed:
xenial-proposed-main:
- sources: true
+ sources: ${_param:aptly_server_mirror_ubuntu_xenial_sources}
source: http://${_param:linux_system_country_code}.archive.ubuntu.com/ubuntu/
distribution: xenial-proposed
components: main
@@ -195,7 +196,7 @@
distributions:
- ubuntu/xenial-proposed
xenial-proposed-multiverse:
- sources: true
+ sources: ${_param:aptly_server_mirror_ubuntu_xenial_sources}
source: http://${_param:linux_system_country_code}.archive.ubuntu.com/ubuntu/
distribution: xenial-proposed
components: multiverse
@@ -263,7 +264,7 @@
distributions:
- ubuntu/xenial-backports
xenial-backports-restricted:
- sources: true
+ sources: ${_param:aptly_server_mirror_ubuntu_xenial_sources}
source: http://${_param:linux_system_country_code}.archive.ubuntu.com/ubuntu/
distribution: xenial-backports
components: restricted
@@ -277,7 +278,7 @@
distributions:
- ubuntu/xenial-backports
xenial-backports-universe:
- sources: true
+ sources: ${_param:aptly_server_mirror_ubuntu_xenial_sources}
source: http://${_param:linux_system_country_code}.archive.ubuntu.com/ubuntu/
distribution: xenial-backports
components: universe
diff --git a/aptly/server/single.yml b/aptly/server/single.yml
index 8b71974..e8da341 100644
--- a/aptly/server/single.yml
+++ b/aptly/server/single.yml
@@ -6,6 +6,8 @@
_param:
nginx_aptly_server_host: ${linux:network:fqdn}
aptly_server_secure: true
+ aptly_server_mirror_sources: false
+ aptly_server_mirror_ubuntu_sources: ${_param:aptly_server_mirror_sources}
iptables:
service:
enabled: true
diff --git a/designate/server/backend/bind.yml b/designate/server/backend/bind.yml
index 4201f60..823d52d 100644
--- a/designate/server/backend/bind.yml
+++ b/designate/server/backend/bind.yml
@@ -21,7 +21,7 @@
local:
enabled: true
bind:
- address: ${_param:single_address}
+ address: 127.0.0.1
port: 953
allow:
- 127.0.0.1
diff --git a/devops_portal/service/jenkins.yml b/devops_portal/service/jenkins.yml
index 349a707..83d9d05 100644
--- a/devops_portal/service/jenkins.yml
+++ b/devops_portal/service/jenkins.yml
@@ -3,6 +3,7 @@
config:
service:
jenkins:
+ configure_proxy: true
endpoint:
address: ${_param:haproxy_jenkins_bind_host}
port: ${_param:haproxy_jenkins_bind_port}
diff --git a/docker/swarm/stack/elasticsearch.yml b/docker/swarm/stack/elasticsearch.yml
index 5ee295c..1c22e8f 100644
--- a/docker/swarm/stack/elasticsearch.yml
+++ b/docker/swarm/stack/elasticsearch.yml
@@ -4,6 +4,7 @@
docker_image_elasticsearch: docker.elastic.co/elasticsearch/elasticsearch:5.4.1
elasticsearch_cluster_name: oss-cluster
elasticsearch_xpack_security_enabled: 'false'
+ elasticsearch_xpack_monitoring_enabled: 'false'
elasticsearch_discovery_zen_minimum_master_nodes: 1
elasticsearch_discovery_type: single-node
docker:
@@ -13,6 +14,7 @@
environment:
cluster.name: ${_param:elasticsearch_cluster_name}
xpack.security.enabled: ${_param:elasticsearch_xpack_security_enabled}
+ xpack.monitoring.enabled: ${_param:elasticsearch_xpack_monitoring_enabled}
discovery.zen.minimum_master_nodes: ${_param:elasticsearch_discovery_zen_minimum_master_nodes}
discovery.type: ${_param:elasticsearch_discovery_type}
service:
diff --git a/haproxy/proxy/listen/stacklight/influxdb_relay.yml b/haproxy/proxy/listen/stacklight/influxdb_relay.yml
new file mode 100644
index 0000000..bb3dd81
--- /dev/null
+++ b/haproxy/proxy/listen/stacklight/influxdb_relay.yml
@@ -0,0 +1,53 @@
+parameters:
+ _param:
+ cluster_influxdb_port: 8086
+ haproxy:
+ proxy:
+ listen:
+ influxdb_relay:
+ mode: http
+ format: end
+ binds:
+ - address: ${_param:cluster_vip_address}
+ port: ${_param:cluster_influxdb_port}
+ acls:
+ - name: influxdb
+ conditions:
+ - type: path_beg
+ condition: /query
+ # InfluxDB backends for read requests
+ options:
+ - "httpchk GET /ping"
+ - httplog
+ - dontlog-normal
+ servers:
+ - name: ${_param:cluster_node01_hostname}
+ host: ${_param:cluster_node01_address}
+ port: 8086
+ params: 'check'
+ - name: ${_param:cluster_node02_hostname}
+ host: ${_param:cluster_node02_address}
+ port: 8086
+ params: 'check'
+ - name: ${_param:cluster_node03_hostname}
+ host: ${_param:cluster_node03_address}
+ port: 8086
+ params: 'check'
+ options:
+ - "httpchk GET /ping"
+ - httplog
+ - dontlog-normal
+ # InfluxDB relay backends for write requests
+ servers:
+ - name: ${_param:cluster_node01_hostname}
+ host: ${_param:cluster_node01_address}
+ port: 9096
+ params: 'check'
+ - name: ${_param:cluster_node02_hostname}
+ host: ${_param:cluster_node02_address}
+ port: 9096
+ params: 'check'
+ - name: ${_param:cluster_node03_hostname}
+ host: ${_param:cluster_node03_address}
+ port: 9096
+ params: 'check'
diff --git a/influxdb/relay/cluster.yml b/influxdb/relay/cluster.yml
new file mode 100644
index 0000000..03639e1
--- /dev/null
+++ b/influxdb/relay/cluster.yml
@@ -0,0 +1,2 @@
+classes:
+- service.influxdb.relay.cluster
diff --git a/jenkins/client/job/debian/packages/extra.yml b/jenkins/client/job/debian/packages/extra.yml
index c7df567..b344c63 100644
--- a/jenkins/client/job/debian/packages/extra.yml
+++ b/jenkins/client/job/debian/packages/extra.yml
@@ -101,6 +101,10 @@
dist: trusty
build: pipeline
branch: debian/trusty
+ - package: libvirt-exporter
+ dist: trusty
+ build: libvirt-exporter
+ branch: master
- package: librdkafka
dist: xenial
build: pipeline
@@ -165,6 +169,10 @@
dist: xenial
build: jmx-exporter
branch: master
+ - package: influxdb-relay
+ dist: xenial
+ build: influxdb-relay
+ branch: master
template:
type: workflow-scm
concurrent: false
diff --git a/jenkins/client/job/deploy/lab/deploy.yml b/jenkins/client/job/deploy/lab/deploy.yml
index 75bab43..54a13ad 100644
--- a/jenkins/client/job/deploy/lab/deploy.yml
+++ b/jenkins/client/job/deploy/lab/deploy.yml
@@ -135,7 +135,7 @@
default: "http://127.0.0.1:8080"
TEST_K8S_CONFORMANCE_IMAGE:
type: string
- default: "docker-dev-virtual.docker.mirantis.net/mirantis/kubernetes/k8s-conformance:v1.5.1-3_1482332392819"
+ default: "docker-dev-virtual.docker.mirantis.net/mirantis/kubernetes/k8s-conformance:v1.7.3-1_1503652362277"
TEST_TEMPEST_IMAGE:
type: string
diff --git a/jenkins/client/job/deploy/lab/init.yml b/jenkins/client/job/deploy/lab/init.yml
index 860e55f..0fce66b 100644
--- a/jenkins/client/job/deploy/lab/init.yml
+++ b/jenkins/client/job/deploy/lab/init.yml
@@ -8,6 +8,7 @@
- system.jenkins.client.job.deploy.lab.release.mcp11
- system.jenkins.client.job.deploy.lab.component.aaa
- system.jenkins.client.job.deploy.lab.component.ceph
+ - system.jenkins.client.job.deploy.lab.component.drivetrain
- system.jenkins.client.job.deploy.lab.component.kubernetes
- system.jenkins.client.job.deploy.lab.component.openstack
- system.jenkins.client.job.deploy.lab.component.stacklight
diff --git a/jenkins/client/job/deploy/rollout.yml b/jenkins/client/job/deploy/rollout.yml
index 3f2f835..06aab0a 100644
--- a/jenkins/client/job/deploy/rollout.yml
+++ b/jenkins/client/job/deploy/rollout.yml
@@ -51,7 +51,7 @@
default: "http://127.0.0.1:8080"
TEST_K8S_CONFORMANCE_IMAGE:
type: string
- default: "docker-dev-virtual.docker.mirantis.net/mirantis/kubernetes/k8s-conformance:v1.5.1-3_1482332392819"
+ default: "docker-dev-virtual.docker.mirantis.net/mirantis/kubernetes/k8s-conformance:v1.7.3-1_1503652362277"
TEST_TEMPEST_IMAGE:
type: string
description: "Tempest docker image"
diff --git a/jenkins/client/job/deploy/test.yml b/jenkins/client/job/deploy/test.yml
index 0b5d541..0f9b202 100644
--- a/jenkins/client/job/deploy/test.yml
+++ b/jenkins/client/job/deploy/test.yml
@@ -31,7 +31,7 @@
default: "http://127.0.0.1:8080"
TEST_K8S_CONFORMANCE_IMAGE:
type: string
- default: "docker-dev-virtual.docker.mirantis.net/mirantis/kubernetes/k8s-conformance:v1.5.1-3_1482332392819"
+ default: "docker-dev-virtual.docker.mirantis.net/mirantis/kubernetes/k8s-conformance:v1.7.3-1_1503652362277"
TEST_TEMPEST_IMAGE:
type: string
diff --git a/jenkins/client/job/deploy/update/utils.yml b/jenkins/client/job/deploy/update/utils.yml
new file mode 100644
index 0000000..fa6ce14
--- /dev/null
+++ b/jenkins/client/job/deploy/update/utils.yml
@@ -0,0 +1,70 @@
+parameters:
+ jenkins:
+ client:
+ job:
+ reclass_metadata_update:
+ type: workflow-scm
+ concurrent: true
+ display_name: "Deploy - Update reclass metadata"
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+ credentials: "gerrit"
+ script: update-reclass-metadata.groovy
+ param:
+ SALT_MASTER_URL:
+ type: string
+ default: "http://127.0.0.1:8000"
+ description: Full Salt API address [https://127.0.0.1:8000].
+ SALT_MASTER_CREDENTIALS:
+ type: string
+ default: "salt"
+ description: Credentials to the Salt API.
+ TARGET_SERVERS:
+ type: string
+ default: "I@reclass:storage"
+ description: Salt compound target to match nodes to be updated.
+ salt_master_formula_update:
+ type: workflow-scm
+ concurrent: true
+ display_name: "Deploy - Update salt master formulas"
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+ credentials: "gerrit"
+ script: update-salt-master-formulas.groovy
+ param:
+ SALT_MASTER_URL:
+ type: string
+ default: "http://127.0.0.1:8000"
+ description: Full Salt API address [https://127.0.0.1:8000].
+ SALT_MASTER_CREDENTIALS:
+ type: string
+ default: "salt"
+ description: Credentials to the Salt API.
+ TARGET_SERVERS:
+ type: string
+ default: "I@reclass:storage"
+ description: Salt compound target to match nodes to be updated.
+ jenkins_master_job_update:
+ type: workflow-scm
+ concurrent: true
+ display_name: "Deploy - Update jenkins master jobs"
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+ credentials: "gerrit"
+ script: update-jenkins-master-jobs.groovy
+ param:
+ SALT_MASTER_URL:
+ type: string
+ default: "http://127.0.0.1:8000"
+ description: Full Salt API address [https://127.0.0.1:8000].
+ SALT_MASTER_CREDENTIALS:
+ type: string
+ default: "salt"
+ description: Credentials to the Salt API.
+ TARGET_SERVERS:
+ type: string
+ default: "I@reclass:storage"
+ description: Salt compound target to match nodes to be updated.
diff --git a/jenkins/client/job/git-mirrors/downstream/debian-packages.yml b/jenkins/client/job/git-mirrors/downstream/debian-packages.yml
index dde7d9a..eb899dc 100644
--- a/jenkins/client/job/git-mirrors/downstream/debian-packages.yml
+++ b/jenkins/client/job/git-mirrors/downstream/debian-packages.yml
@@ -15,3 +15,7 @@
downstream: debian/gophercloud
upstream: "https://github.com/gophercloud/gophercloud.git"
branches: master
+ - name: debian-influxdb-relay
+ downstream: debian/influxdb-relay
+ upstream: "https://github.com/influxdata/influxdb-relay.git"
+ branches: master
diff --git a/jenkins/client/job/opencontrail/build/generic.yml b/jenkins/client/job/opencontrail/build/generic.yml
index 19701d6..f21eaa9 100644
--- a/jenkins/client/job/opencontrail/build/generic.yml
+++ b/jenkins/client/job/opencontrail/build/generic.yml
@@ -85,7 +85,7 @@
branch: R4.0
ppa: mirantis-opencontrail/opencontrail-4.0
upload_source_package: true
- dpdk: contrail_dpdk_2_1
+ dpdk: contrail_dpdk_17_02
build_trigger: "H H(20-23) * * *"
- buildname: oc40
os: ubuntu
@@ -93,22 +93,6 @@
branch: R4.0
ppa: mirantis-opencontrail/opencontrail-4.0
upload_source_package: true
- dpdk: contrail_dpdk_2_1
- build_trigger: "H H(20-23) * * *"
- - buildname: oc40-dpdk1702
- os: ubuntu
- dist: trusty
- branch: R4.0
- ppa: mirantis-opencontrail/opencontrail-4.0-dpdk-17-02
- upload_source_package: false
- dpdk: contrail_dpdk_17_02
- build_trigger: "H H(20-23) * * *"
- - buildname: oc40-dpdk1702
- os: ubuntu
- dist: xenial
- branch: R4.0
- ppa: mirantis-opencontrail/opencontrail-4.0-dpdk-17-02
- upload_source_package: false
dpdk: contrail_dpdk_17_02
build_trigger: "H H(20-23) * * *"
- buildname: oc666
@@ -116,15 +100,17 @@
dist: trusty
branch: master
ppa: mirantis-opencontrail/opencontrail-master
- upload_source_package: false
- build_trigger: ""
+ upload_source_package: true
+ dpdk: contrail_dpdk_17_02
+ build_trigger: "H H(20-23) * * *"
- buildname: oc666
os: ubuntu
dist: xenial
branch: master
ppa: mirantis-opencontrail/opencontrail-master
- upload_source_package: false
- build_trigger: ""
+ upload_source_package: true
+ dpdk: contrail_dpdk_17_02
+ build_trigger: "H H(20-23) * * *"
template:
discard:
build:
diff --git a/jenkins/client/job/salt-formulas/tests.yml b/jenkins/client/job/salt-formulas/tests.yml
index fe95493..448c421 100644
--- a/jenkins/client/job/salt-formulas/tests.yml
+++ b/jenkins/client/job/salt-formulas/tests.yml
@@ -156,8 +156,42 @@
DEFAULT_GIT_REF:
type: string
default: master
- KITCHEN_TESTS_PARALLEL:
- type: boolean
- default: 'false'
CUSTOM_KITCHEN_ENVS:
type: text
+ PARALLEL_GROUP_SIZE:
+ type: string
+ default: "8"
+ job:
+ test-salt-formulas-env:
+ name: test-salt-formulas-env
+ discard:
+ build:
+ keep_num: 500
+ artifact:
+ keep_num: 10
+ type: workflow-scm
+ concurrent: true
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+ credentials: "gerrit"
+ script: test-salt-formulas-env.groovy
+ param:
+ SALT_VERSION:
+ type: string
+ default: "latest"
+ SALT_OPTS:
+ type: string
+ default: "--force-color"
+ CREDENTIALS_ID:
+ type: string
+ default: "gerrit"
+ DEFAULT_GIT_URL:
+ type: string
+ description: "Run against alternate system reclass"
+ default: "${_param:jenkins_gerrit_url}/salt-formulas/{{name}}"
+ DEFAULT_GIT_REF:
+ type: string
+ default: master
+ KITCHEN_ENV:
+ type: text
diff --git a/jenkins/client/job/salt-models/tests.yml b/jenkins/client/job/salt-models/tests.yml
index dd2ca90..3233495 100644
--- a/jenkins/client/job/salt-models/tests.yml
+++ b/jenkins/client/job/salt-models/tests.yml
@@ -1,6 +1,6 @@
parameters:
_param:
- jenkins_pollscm_spec: "0 1 * * *"
+ jenkins_pollscm_spec: "0 1 * * *"
jenkins:
client:
job_template:
@@ -103,6 +103,11 @@
jobs:
- cookiecutter_template: cookiecutter-templates
template:
+ discard:
+ build:
+ keep_num: 20
+ artifact:
+ keep_num: 20
type: workflow-scm
concurrent: true
scm:
diff --git a/jenkins/client/job/validate.yml b/jenkins/client/job/validate.yml
index 6f22a0c..7be935b 100644
--- a/jenkins/client/job/validate.yml
+++ b/jenkins/client/job/validate.yml
@@ -55,4 +55,25 @@
default: "http://127.0.0.1:8080"
TEST_K8S_CONFORMANCE_IMAGE:
type: string
- default: "docker-dev-virtual.docker.mirantis.net/mirantis/kubernetes/k8s-conformance:v1.5.1-3_1482332392819"
+ default: "docker-dev-virtual.docker.mirantis.net/mirantis/kubernetes/k8s-conformance:v1.7.3-1_1503652362277"
+ RUN_SPT_TESTS:
+ type: boolean
+ default: 'true'
+ SPT_SSH_USER:
+ type: string
+ default: "root"
+ SPT_FLOATING_NETWORK:
+ type: string
+ default: ""
+ SPT_IMAGE:
+ type: string
+ default: ""
+ SPT_USER:
+ type: string
+ default: ""
+ SPT_FLAVOR:
+ type: string
+ default: ""
+ SPT_AVAILABILITY_ZONE:
+ type: string
+ default: "nova"
diff --git a/linux/network/dynamic_hosts.yml b/linux/network/dynamic_hosts.yml
new file mode 100644
index 0000000..fc1ef68
--- /dev/null
+++ b/linux/network/dynamic_hosts.yml
@@ -0,0 +1,13 @@
+parameters:
+ linux:
+ network:
+ purge_hosts: true
+ mine_dns_records: true
+ host:
+ localhost_hostname:
+ address: ${_param:single_address}
+ grain: true
+ names:
+ - ${linux:network:fqdn}
+ - ${linux:network:hostname}
+
diff --git a/linux/system/profile/autosudo.yml b/linux/system/profile/autosudo.yml
new file mode 100644
index 0000000..ff5f029
--- /dev/null
+++ b/linux/system/profile/autosudo.yml
@@ -0,0 +1,127 @@
+parameters:
+ linux:
+ system:
+ profile:
+ # script provides sudoon & sudooff commands, allows working as-if root while tracking all commands
+ autosudo.sh: |
+ #!/bin/bash
+
+ # USAGE: $ . autosudo.sh
+ # $ sudoon
+ # $ sudo: <any commands>
+ # $ sudo: ...
+ # $ sudo: sudooff
+ # LIMITATIONS:
+ # - does not check your sudo policy, assumes "bash -c ..." is allowed
+ # - autocompletion (tab) for files/dirs does not work in restricted folders
+ # - may contain bugs
+ # NOTES: supports "cd ..."; allows to freely operate in restricted directories
+
+ function sudoon () {
+ if [ -z "$PREEXEC_PROMPT" ]
+ then
+ trap - DEBUG
+ ORIGINAL_PROMPT_COMMAND="$PROMPT_COMMAND"
+ PREEXEC_PROMPT=1
+ ORIGINAL_PS1=$PS1
+ PS1=$ORIGINAL_PS1"sudo: "
+ shopt -s extdebug
+ PROMPT_COMMAND="_preexec_prompt"
+ trap "_preexec_sudo" DEBUG
+ fi
+ }
+
+ function sudooff () {
+ trap - DEBUG
+ shopt -u extdebug
+ unset PREEXEC_PROMPT
+ PS1=$ORIGINAL_PS1
+ unset SUDO_DIR
+ PROMPT_COMMAND="$ORIGINAL_PROMPT_COMMAND"
+ unset ORIGINAL_PROMPT_COMMAND
+ }
+
+ function _preexec_prompt() {
+ trap - DEBUG
+ PREEXEC_PROMPT=1
+ trap "_preexec_sudo" DEBUG
+ }
+
+
+ function _preexec_sudo() {
+ # echo PREEXEC_PROMPT=$PREEXEC_PROMPT BASH_COMMAND=$BASH_COMMAND SUDO_DIR=$SUDO_DIR
+ [ -n "$COMP_LINE" ] && return
+ [ "$BASH_COMMAND" == "$PROMPT_COMMAND" ] && return
+ [ -z "$BASH_COMMAND" ] && return
+ [[ "$BASH_COMMAND" =~ ^exit$|^set\ |^shopt\ |^trap\ |^sudoon$|^sudooff$ ]] && return
+ [ -z "$PREEXEC_PROMPT" ] && return
+ if [ "$PREEXEC_PROMPT" -eq 0 ]; then
+ # echo cancelling "$BASH_COMMAND"
+ return 1
+ fi
+
+ # echo "trap-DEBUG"
+ trap - DEBUG
+ PREEXEC_PROMPT=0
+ FULL_COMMAND=$(HISTTIMEFORMAT='' history 1 | sed -e "s/^[ ]*[0-9]*[ ]*//")
+ # echo "Running _preexec_sudo $FULL_COMMAND"
+ ARG_0=$(cut -d' ' -f1 <<< "$BASH_COMMAND")
+ TYPE=$(type "$ARG_0" 2> /dev/null | head -n 1)
+ if [[ ! "$TYPE" =~ / ]]
+ then
+ if [ "$BASH_COMMAND" == "$FULL_COMMAND" ]
+ then
+ if [[ "$BASH_COMMAND" =~ ^cd\ ]]
+ then
+ if [ -z "$SUDO_DIR" ]
+ then
+ if $BASH_COMMAND 2> /dev/null
+ then
+ trap "_preexec_sudo" DEBUG
+ return 1
+ else
+ DIR=$(sudo bash -c "$BASH_COMMAND; pwd")
+ DIR_ERR=$?
+ fi
+ else
+ DIR=$(sudo bash -c "cd $SUDO_DIR; $BASH_COMMAND; pwd")
+ DIR_ERR=$?
+ fi
+ if [ "$DIR_ERR" -eq 0 ]
+ then
+ if cd "$DIR" 2> /dev/null
+ then
+ SUDO_DIR=''
+ PS1=$ORIGINAL_PS1"sudo: "
+ else
+ SUDO_DIR=$DIR
+ [ -n "$SUDO_DIR" ] && PS1_SUDO_DIR="($(echo "$SUDO_DIR" | rev | cut -d'/' -f1 | rev))" || PS1_SUDO_DIR=''
+ PS1=$ORIGINAL_PS1"sudo$PS1_SUDO_DIR: "
+ fi
+ fi
+ trap "_preexec_sudo" DEBUG
+ return 1
+ elif [ -z "$SUDO_DIR" ]
+ then
+ trap "_preexec_sudo" DEBUG
+ return # single call to function / builtin; not sudoing
+ fi
+ fi
+ fi
+ [[ "$TYPE" =~ / ]] && [ "$(which "$ARG_0")" == "$(which sudo)" ] && return 0 # execute explicit sudo as-is
+ if [ -n "$SUDO_DIR" ]
+ then
+ CMD_DIR="cd $SUDO_DIR; "
+ else
+ CMD_DIR=''
+ fi
+ if [ ! "$BASH_COMMAND" == "$FULL_COMMAND" ] || [ -n "$CMD_DIR" ]
+ then
+ # echo combined or cd command: `printf '%q' "$CMD_DIR$FULL_COMMAND"`
+ eval sudo -E bash -c $(printf '%q' "$CMD_DIR$FULL_COMMAND")
+ else
+ eval sudo -E $FULL_COMMAND
+ fi
+ trap "_preexec_sudo" DEBUG
+ return 1
+ }
diff --git a/neutron/fwaas.yml b/neutron/fwaas.yml
new file mode 100644
index 0000000..79c6439
--- /dev/null
+++ b/neutron/fwaas.yml
@@ -0,0 +1,8 @@
+classes:
+- service.neutron.fwaas
+parameters:
+ _param:
+ fwaas_version: v1
+ neutron:
+ fwaas:
+ api_version: ${_param:fwaas_version}
diff --git a/nova/client/flavor/default.yml b/nova/client/flavor/default.yml
index 492530d..1d374c5 100644
--- a/nova/client/flavor/default.yml
+++ b/nova/client/flavor/default.yml
@@ -61,4 +61,4 @@
m1.large100:
ram: 8096
disk: 100
- vcpus: 4
+ vcpus: 4
diff --git a/openssh/server/team/l1_support.yml b/openssh/server/team/l1_support.yml
index 302dd55..9d2a4c9 100644
--- a/openssh/server/team/l1_support.yml
+++ b/openssh/server/team/l1_support.yml
@@ -19,7 +19,7 @@
- system.openssh.server.team.members.maximefimov
- system.openssh.server.team.members.michaelpetersen
- system.openssh.server.team.members.mikhailkraynov
-- system.openssh.server.team.members.nadezhdakabanova
+- system.openssh.server.team.members.nkabanova
- system.openssh.server.team.members.renesoto
- system.openssh.server.team.members.rsafonov
- system.openssh.server.team.members.scottmachtmes
diff --git a/openssh/server/team/members/nadezhdakabanova.yml b/openssh/server/team/members/nkabanova.yml
similarity index 68%
rename from openssh/server/team/members/nadezhdakabanova.yml
rename to openssh/server/team/members/nkabanova.yml
index 58d2ed3..fdbb827 100644
--- a/openssh/server/team/members/nadezhdakabanova.yml
+++ b/openssh/server/team/members/nkabanova.yml
@@ -20,4 +20,6 @@
public_keys:
nkabanova:
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDuI74hcXTCbbvWoWHNLkng0nDBBwEzZJu8APmKVBukr9Lldz5r8n4OLRzlMI9oKbzvOuY082Cwp+9f5w5ViF/wmmEBa5sktUOBI5Jsi+g5ulb1i2HQOiaRibFJZZcoW03YRQCqQ8D9H4QcuXkT4oNuL5Wcj0UKPQT5r6N2kvuNXlJfEezQQim4nVRymel2USPt/AhlN4AUfBShR8Ykaky2Me4pt5xi0fLOJ9ZDWlEa4dl19Jd4tPz66+dLPiWql+6dgd9GiN+f7NLdDOv3RfOBH6n/It4y/fI+2/UY57X13dWauQNIQHQHDTpCCRiB+XOHwoCRaV81XTHbR865+/sP
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDTOke7Y9PB9lbFxaOHVq/YriVzPWsjH+Ie/KiqfjkeLLy3HsUIAJGrxeDbT1YB8Y6OBEKrCk45ECgsRu6MS6jMx4CmJPEV2QNf05Y7g3XBoTeNZwUQtW1aUER6ZXALiBon81cAvVhHDIRHDwTxrSMUTyY0m4sInSt+M6yg22nW24BJLNbRvKwMvO0bdVFzCHrTWbODAOGNplQf63eWlYC2t87PsqTT8CVHgv40QGLIbmGFCyMhnTk2TUMW8d8qMLzHAQU8Cd50HLW6mCEF1oW5QNffpemqeW0oA8vi2iLcRV0lbD5yuwaojYRMpudXOzMttkfjz/+ok/d+qWpiUzep root@Nadezhda
+
diff --git a/openssh/server/team/support.yml b/openssh/server/team/support.yml
index 4dd5bdc..fae16a6 100644
--- a/openssh/server/team/support.yml
+++ b/openssh/server/team/support.yml
@@ -15,7 +15,6 @@
- system.openssh.server.team.members.matthewroark
- system.openssh.server.team.members.maximefimov
- system.openssh.server.team.members.mikhailkraynov
-- system.openssh.server.team.members.nadezhdakabanova
- system.openssh.server.team.members.renesoto
- system.openssh.server.team.members.rsafonov
- system.openssh.server.team.members.scottmachtmes
@@ -31,6 +30,7 @@
- system.openssh.server.team.members.fsoppelsa
- system.openssh.server.team.members.manashkin
- system.openssh.server.team.members.nkondra
+- system.openssh.server.team.members.nkabanova
- system.openssh.server.team.members.obryndzii
- system.openssh.server.team.members.oliemieshko
- system.openssh.server.team.members.sovsianikov
@@ -44,7 +44,7 @@
- system.openssh.server.team.members.pmichalec
parameters:
_param:
- linux_system_user_sudo: false
+ linux_system_user_sudo: true
linux:
system:
group:
@@ -98,6 +98,7 @@
- ${linux:system:user:fsoppelsa:name}
- ${linux:system:user:manashkin:name}
- ${linux:system:user:nkondra:name}
+ - ${linux:system:user:nkabanova:name}
- ${linux:system:user:obryndzii:name}
- ${linux:system:user:oliemieshko:name}
- ${linux:system:user:sovsianikov:name}
diff --git a/openssh/server/team/tcpcloud.yml b/openssh/server/team/tcpcloud.yml
index bcd9327..5f9af00 100644
--- a/openssh/server/team/tcpcloud.yml
+++ b/openssh/server/team/tcpcloud.yml
@@ -21,7 +21,6 @@
- system.openssh.server.team.members.vmikes
- system.openssh.server.team.members.psvimbersky
- system.openssh.server.team.members.chnyda
-
parameters:
_param:
linux_system_user_sudo: true
diff --git a/prometheus/server/alert/labels_add/route.yml b/prometheus/server/alert/labels_add/route.yml
index 47d9eea..651dab7 100644
--- a/prometheus/server/alert/labels_add/route.yml
+++ b/prometheus/server/alert/labels_add/route.yml
@@ -1,6 +1,6 @@
parameters:
_param:
- prometheus_server_alert_label_route: mail
+ prometheus_server_alert_label_route: email
prometheus:
server:
config:
diff --git a/salt/master/formula/git/ceph.yml b/salt/master/formula/git/ceph.yml
new file mode 100644
index 0000000..10c3ca0
--- /dev/null
+++ b/salt/master/formula/git/ceph.yml
@@ -0,0 +1,10 @@
+parameters:
+ salt:
+ master:
+ environment:
+ dev:
+ formula:
+ ceph:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-ceph.git'
+ revision: ${_param:salt_master_environment_revision}
diff --git a/salt/master/formula/git/saltstack.yml b/salt/master/formula/git/saltstack.yml
index ebcf96f..fde03ef 100644
--- a/salt/master/formula/git/saltstack.yml
+++ b/salt/master/formula/git/saltstack.yml
@@ -39,10 +39,21 @@
source: git
address: '${_param:salt_master_environment_repository}/salt-formula-reclass.git'
revision: ${_param:salt_master_environment_revision}
+ module:
+ reclass.py:
+ enabled: true
+ state:
+ reclass.py:
+ enabled: true
salt:
source: git
address: '${_param:salt_master_environment_repository}/salt-formula-salt.git'
revision: ${_param:salt_master_environment_revision}
+ module:
+ seedng.py:
+ enabled: true
+ virtng.py:
+ enabled: true
sphinx:
source: git
address: '${_param:salt_master_environment_repository}/salt-formula-sphinx.git'
diff --git a/salt/master/formula/pkg/ceph.yml b/salt/master/formula/pkg/ceph.yml
new file mode 100644
index 0000000..461f5c5
--- /dev/null
+++ b/salt/master/formula/pkg/ceph.yml
@@ -0,0 +1,9 @@
+parameters:
+ salt:
+ master:
+ environment:
+ prd:
+ formula:
+ ceph:
+ source: pkg
+ name: salt-formula-ceph
diff --git a/salt/master/git.yml b/salt/master/git.yml
index 4562a74..7f09ed9 100644
--- a/salt/master/git.yml
+++ b/salt/master/git.yml
@@ -9,6 +9,7 @@
- system.salt.master.formula.git.stacklight
- system.salt.master.formula.git.monitoring
- system.salt.master.formula.git.helm
+- system.salt.master.formula.git.ceph
parameters:
_param:
salt_master_environment_repository: "https://github.com/salt-formulas"
diff --git a/salt/master/pkg.yml b/salt/master/pkg.yml
index 62854f1..dba30d0 100644
--- a/salt/master/pkg.yml
+++ b/salt/master/pkg.yml
@@ -9,4 +9,5 @@
- system.salt.master.formula.pkg.stacklight
- system.salt.master.formula.pkg.monitoring
- system.salt.master.formula.pkg.helm
+- system.salt.master.formula.pkg.ceph
- system.linux.system.repo.mcp.salt
diff --git a/salt/minion/cert/salt_api.yml b/salt/minion/cert/salt_api.yml
new file mode 100644
index 0000000..acd9bba
--- /dev/null
+++ b/salt/minion/cert/salt_api.yml
@@ -0,0 +1,11 @@
+parameters:
+ salt:
+ minion:
+ cert:
+ salt_api:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: salt_api
+ signing_policy: cert_server
+ alternative_names: IP:${_param:salt_master_host},IP:127.0.0.1,DNS:${_param:infra_config_hostname}.${_param:cluster_domain}
+ mode: '0644'