Merge "Add prometheus-es-exporter"
diff --git a/billometer/server/single.yml b/billometer/server/single.yml
index 8152202..c606303 100644
--- a/billometer/server/single.yml
+++ b/billometer/server/single.yml
@@ -7,16 +7,8 @@
- service.supervisor.server.single
parameters:
_param:
- billometer_secret_key: billometer
keystone_billometer_address: localhost
- keystone_billometer_password: password
- postgresql_billometer_password: password
- postgresql_graphite_password: password
rabbitmq_admin_name: admin
- rabbitmq_admin_password: password
- rabbitmq_secret_key: rabbitmq
- rabbitmq_billometer_password: password
- rabbitmq_graphite_password: password
postgresql:
server:
database:
diff --git a/ceilometer/agent/polling/opendaylight.yml b/ceilometer/agent/polling/opendaylight.yml
index aabbe9c..082231a 100644
--- a/ceilometer/agent/polling/opendaylight.yml
+++ b/ceilometer/agent/polling/opendaylight.yml
@@ -7,7 +7,7 @@
driver: opendaylight.v2
auth: basic
user: admin
- password: admin
+# password: admin
scheme: http
interval: 900
ceilometer:
diff --git a/ceilometer/server/backend/default.yml b/ceilometer/server/backend/default.yml
index 071e4a1..8d0531e 100644
--- a/ceilometer/server/backend/default.yml
+++ b/ceilometer/server/backend/default.yml
@@ -10,7 +10,7 @@
server:
database:
engine: none
- password: none
+# password: none
publisher:
default:
enabled: false
diff --git a/cinder/control/cluster.yml b/cinder/control/cluster.yml
index 7f8e2d7..286f2ad 100644
--- a/cinder/control/cluster.yml
+++ b/cinder/control/cluster.yml
@@ -52,6 +52,8 @@
user: cinder
password: ${_param:keystone_cinder_password}
protocol: ${_param:cluster_internal_protocol}
+ service_user:
+ enabled: ${_param:cinder_service_user_enabled}
glance:
host: ${_param:cluster_vip_address}
port: 9292
diff --git a/cinder/control/single.yml b/cinder/control/single.yml
index b8f670d..2d662f9 100644
--- a/cinder/control/single.yml
+++ b/cinder/control/single.yml
@@ -31,6 +31,8 @@
identity:
protocol: ${_param:internal_protocol}
region: ${_param:openstack_region}
+ service_user:
+ enabled: ${_param:cinder_service_user_enabled}
barbican:
enabled: ${_param:barbican_integration_enabled}
message_queue:
diff --git a/cinder/volume/local.yml b/cinder/volume/local.yml
index 301946b..e42eef3 100644
--- a/cinder/volume/local.yml
+++ b/cinder/volume/local.yml
@@ -33,6 +33,8 @@
identity:
host: ${_param:single_address}
region: ${_param:openstack_region}
+ service_user:
+ enabled: ${_param:cinder_service_user_enabled}
cache:
security:
enabled: ${_param:cinder_memcache_security_enabled}
diff --git a/cinder/volume/single.yml b/cinder/volume/single.yml
index 9531aa4..a865722 100644
--- a/cinder/volume/single.yml
+++ b/cinder/volume/single.yml
@@ -44,6 +44,8 @@
host: ${_param:openstack_control_address}
protocol: ${_param:cluster_internal_protocol}
region: ${_param:openstack_region}
+ service_user:
+ enabled: ${_param:cinder_service_user_enabled}
cache:
security:
enabled: ${_param:cinder_memcache_security_enabled}
diff --git a/defaults/backup.yml b/defaults/backup.yml
new file mode 100644
index 0000000..66e5173
--- /dev/null
+++ b/defaults/backup.yml
@@ -0,0 +1,7 @@
+parameters:
+ _param:
+ backup_min: "0"
+ backup_hour: "*/12"
+ backup_day_of_month: "*"
+ backup_month: "*"
+ backup_day_of_week: "*"
diff --git a/defaults/docker_images.yml b/defaults/docker_images.yml
index 8db61a5..bec34e7 100644
--- a/defaults/docker_images.yml
+++ b/defaults/docker_images.yml
@@ -16,7 +16,7 @@
docker_image_gerrit: "${_param:mcp_docker_registry}/mirantis/cicd/gerrit:${_param:mcp_version}"
# mysql:5.6
docker_image_mysql: "${_param:mcp_docker_registry}/mirantis/cicd/mysql:${_param:mcp_version}"
- # jenkins:2.121.3
+ # jenkins:2.150.3
docker_image_jenkins: "${_param:mcp_docker_registry}/mirantis/cicd/jenkins:${_param:mcp_version}"
docker_image_jenkins_slave: "${_param:mcp_docker_registry}/mirantis/cicd/jnlp-slave:${_param:mcp_version}"
# model-generator
diff --git a/defaults/etcd.yml b/defaults/etcd.yml
new file mode 100644
index 0000000..06d9a18
--- /dev/null
+++ b/defaults/etcd.yml
@@ -0,0 +1,6 @@
+parameters:
+ _param:
+ docker_image_etcd: quay.io/coreos/etcd:v3.3.12
+ kubernetes_etcd_repo: https://github.com/etcd-io/etcd/releases/download
+ kubernetes_etcd_source: ${_param:kubernetes_etcd_repo}/v3.3.12/etcd-v3.3.12-linux-amd64.tar.gz
+ kubernetes_etcd_source_hash: md5=079af00546443b686df31e7ec605135e
diff --git a/defaults/init.yml b/defaults/init.yml
index 42c315a..b70367e 100644
--- a/defaults/init.yml
+++ b/defaults/init.yml
@@ -20,8 +20,12 @@
- system.defaults.gerrit
- system.defaults.keepalived
- system.defaults.salt
+- system.defaults.secrets
- system.defaults.stacklight
- system.defaults.xtrabackup
+- system.defaults.backup
+# k8s
+- system.defaults.etcd
parameters:
_param:
mcp_version: stable
diff --git a/defaults/linux_system_file.yml b/defaults/linux_system_file.yml
index c37c030..8af3075 100644
--- a/defaults/linux_system_file.yml
+++ b/defaults/linux_system_file.yml
@@ -13,16 +13,23 @@
name: /srv/http/images.mirantis.com/ubuntu-16-04-x64-mcp${_param:mcp_version}.qcow2.md5
source: ${_param:mcp_static_images_url}/ubuntu-16-04-x64-mcp${_param:mcp_version}.qcow2.md5
amphora-x64-haproxy-pike.qcow2:
- source: ${_param:mcp_binary_registry}/mirantis/openstack/octavia/images/${_param:mcp_version}/pike/amphora-x64-haproxy.qcow2
- name: /srv/http/artifactory.mirantis.com/artifactory/binary-prod-local/mirantis/openstack/octavia/images/${_param:mcp_version}/pike/amphora-x64-haproxy.qcow2
- hash: ${_param:mcp_binary_registry}/mirantis/openstack/octavia/images/${_param:mcp_version}/pike/amphora-x64-haproxy.qcow2.md5
+ name: /srv/http/images.mirantis.com/octavia/amphora-x64-haproxy-pike-${_param:mcp_version}.qcow2
+ source: ${_param:mcp_static_images_url}/octavia/amphora-x64-haproxy-pike-${_param:mcp_version}.qcow2
+ hash: ${_param:mcp_static_images_url}/octavia/amphora-x64-haproxy-pike-${_param:mcp_version}.qcow2.md5
amphora-x64-haproxy-pike.qcow2.md5:
- source: ${_param:mcp_binary_registry}/mirantis/openstack/octavia/images/${_param:mcp_version}/pike/amphora-x64-haproxy.qcow2.md5
- name: /srv/http/artifactory.mirantis.com/artifactory/binary-prod-local/mirantis/openstack/octavia/images/${_param:mcp_version}/pike/amphora-x64-haproxy.qcow2.md5
+ name: /srv/http/images.mirantis.com/octavia/amphora-x64-haproxy-pike-${_param:mcp_version}.qcow2.md5
+ source: ${_param:mcp_static_images_url}/octavia/amphora-x64-haproxy-pike-${_param:mcp_version}.qcow2.md5
amphora-x64-haproxy-queens.qcow2:
- source: ${_param:mcp_binary_registry}/mirantis/openstack/octavia/images/${_param:mcp_version}/queens/amphora-x64-haproxy.qcow2
- name: /srv/http/artifactory.mirantis.com/artifactory/binary-prod-local/mirantis/openstack/octavia/images/${_param:mcp_version}/queens/amphora-x64-haproxy.qcow2
- hash: ${_param:mcp_binary_registry}/mirantis/openstack/octavia/images/${_param:mcp_version}/queens/amphora-x64-haproxy.qcow2.md5
+ name: /srv/http/images.mirantis.com/octavia/amphora-x64-haproxy-queens-${_param:mcp_version}.qcow2
+ source: ${_param:mcp_static_images_url}/octavia/amphora-x64-haproxy-queens-${_param:mcp_version}.qcow2
+ hash: ${_param:mcp_static_images_url}/octavia/amphora-x64-haproxy-queens-${_param:mcp_version}.qcow2.md5
amphora-x64-haproxy-queens.qcow2.md5:
- source: ${_param:mcp_binary_registry}/mirantis/openstack/octavia/images/${_param:mcp_version}/queens/amphora-x64-haproxy.qcow2.md5
- name: /srv/http/artifactory.mirantis.com/artifactory/binary-prod-local/mirantis/openstack/octavia/images/${_param:mcp_version}/queens/amphora-x64-haproxy.qcow2.md5
+ name: /srv/http/images.mirantis.com/octavia/amphora-x64-haproxy-queens-${_param:mcp_version}.qcow2.md5
+ source: ${_param:mcp_static_images_url}/octavia/amphora-x64-haproxy-queens-${_param:mcp_version}.qcow2.md5
+ amphora-x64-haproxy-rocky.qcow2:
+ name: /srv/http/images.mirantis.com/octavia/amphora-x64-haproxy-rocky-${_param:mcp_version}.qcow2
+ source: ${_param:mcp_static_images_url}/octavia/amphora-x64-haproxy-rocky-${_param:mcp_version}.qcow2
+ hash: ${_param:mcp_static_images_url}/octavia/amphora-x64-haproxy-rocky-${_param:mcp_version}.qcow2.md5
+ amphora-x64-haproxy-rocky.qcow2.md5:
+ name: /srv/http/images.mirantis.com/octavia/amphora-x64-haproxy-rocky-${_param:mcp_version}.qcow2.md5
+ source: ${_param:mcp_static_images_url}/octavia/amphora-x64-haproxy-rocky-${_param:mcp_version}.qcow2.md5
diff --git a/defaults/openstack/init.yml b/defaults/openstack/init.yml
index 89cd7b2..b5b66e1 100644
--- a/defaults/openstack/init.yml
+++ b/defaults/openstack/init.yml
@@ -13,6 +13,7 @@
openstack_share_service_host: ${_param:openstack_share_service_hostname}.${linux:system:domain}
openstack_kmn_service_host: ${_param:openstack_kmn_service_hostname}.${linux:system:domain}
openstack_telemetry_service_host: ${_param:openstack_telemetry_service_hostname}.${linux:system:domain}
+ openstack_service_user_enabled: True
# SSL
ceilometer_agent_ssl_enabled: False
openstack_mysql_x509_enabled: False
@@ -28,12 +29,19 @@
openstack_version: queens
openstack_old_version: ${_param:openstack_version}
openstack_upgrade_enabled: False
+ # Security compliance user options
+ openstack_service_user_options:
+ ignore_change_password_upon_first_use: True
+ ignore_password_expiry: True
+ ignore_lockout_failure_attempts: False
+ lock_password: False
# Cinder
cinder_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
cinder_memcache_secret_key: ''
cinder_old_version: ${_param:openstack_old_version}
cinder_version: ${_param:openstack_version}
cinder_upgrade_enabled: ${_param:openstack_upgrade_enabled}
+ cinder_service_user_enabled: ${_param:openstack_service_user_enabled}
# Nova
nova_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
nova_memcache_secret_key: ''
@@ -41,6 +49,7 @@
nova_version: ${_param:openstack_version}
nova_upgrade_enabled: ${_param:openstack_upgrade_enabled}
nova_instance_build_timeout: 3600
+ nova_service_user_enabled: ${_param:openstack_service_user_enabled}
# Glance
glance_memcache_security_enabled: ${_param:openstack_memcache_security_enabled}
glance_memcache_secret_key: ''
@@ -165,7 +174,7 @@
octavia_health_manager_node03_address: 192.168.10.12
#
amphora_image_name: amphora-x64-haproxy
- amphora_image_url: "${_param:mcp_binary_registry}/mirantis/openstack/octavia/images/${_param:mcp_version}/${_param:openstack_version}/amphora-x64-haproxy.qcow2"
+ amphora_image_url: ${_param:mcp_static_images_url}/octavia/amphora-x64-haproxy-${_param:openstack_version}-${_param:mcp_version}.qcow2
# HAproxy
haproxy_openstack_web_bind_port: ${_param:horizon_public_port}
#
diff --git a/defaults/secrets.yml b/defaults/secrets.yml
new file mode 100644
index 0000000..f47c1e0
--- /dev/null
+++ b/defaults/secrets.yml
@@ -0,0 +1,74 @@
+# All commented params just for reference, should be auto-generated
+# Actually all must be genertated but keep some uncommented for backward
+# compatibility.
+parameters:
+ _param:
+# PostgreSQL
+# postgresql_admin_user_password: <<CHANGEME>>
+# postgresql_client_password: <<CHANGEME>>
+# rundeck_db_user_password: <<CHANGEME>>
+# sfdc_db_user_password: <<CHANGEME>>
+# alertmanager_db_user_password: <<CHANGEME>>
+# pushkin_db_user_password: <<CHANGEME>>
+# postgresql_billometer_password: <<CHANGEME>>
+# postgresql_graphite_password: <<CHANGEME>>
+
+# Opencontrail
+ opencontrail_identity_password: contrail123
+# opencontrail_stats_password: <<CHANGEME>>
+ opencontrail_message_queue_password: guest
+
+# RabbitMQ
+# rabbitmq_monitor_password: <<CHANGEME>>
+# rabbitmq_admin_password: <<CHANGEME>>
+ rabbitmq_guest_password: guest
+# rabbitmq_billometer_password: <<CHANGEME>>
+# rabbitmq_graphite_password: <<CHANGEME>>
+# rabbitmq_cold_password: <<CHANGEME>>
+# rabbitmq_secret_key: <<CHANGEME>>
+
+# Keepalived
+# keepalived_k8s_apiserver_vip_password: <<CHANGEME>>
+# keepalived_openstack_web_public_vip_password: <<CHANGEME>>
+# keepalived_openstack_baremetal_password: <<CHANGEME>>
+ keepalived_openstack_telemetry_vip_password: password
+# keepalived_openstack_manila_vip_password: <<CHANGEME>>
+# keepalived_openstack_barbican_vip_password: <<CHANGEME>>
+
+# Jenkins
+# jenkins_admin_password: <<CHANGEME>>
+# jenkins_client_password: <<CHANGEME>>
+# jenkins_security_ldap_manager_password: <<CHANGEME>>
+# oss_jenkins_password: <<CHANGEME>>
+
+# Gerrit/LDAP
+ gerrit_ldap_bind_password: password
+
+# Docker
+# keycloak_admin_password: <<CHANGEME>>
+# kqueen_api_ldap_password: <<CHANGEME>>
+# kqueen_credentials:
+# kqueen_api_admin_password: <<CHANGEME>>
+# pushkin_email_sender_password: <<CHANGEME>>
+# sfdc_password: <<CHANGEME>>
+
+# Billometer
+# keystone_billometer_password: <<CHANGEME>>
+
+# Nova
+# metadata_password: <<CHANGEME>>
+
+# Grafana
+# grafana_password: <<CHANGEME>>
+# grafana_database_password: <<CHANGEME>>
+
+# Keystone
+# keystone_admin_password: <<CHANGEME>>
+# mysql_admin_password: <<CHANGEME>>
+# mysql_keystone_password: <<CHANGEME>>
+
+# Kubernetes
+ kubernetes_openstack_provider_cloud_password: password
+
+# Galera
+# galera_clustercheck_password: <<CHANGEME>>
diff --git a/devops_portal/service/jenkins.yml b/devops_portal/service/jenkins.yml
index ee00912..b800188 100644
--- a/devops_portal/service/jenkins.yml
+++ b/devops_portal/service/jenkins.yml
@@ -1,7 +1,6 @@
parameters:
_param:
oss_jenkins_user: admin
- oss_jenkins_password: password
devops_portal:
config:
service:
diff --git a/docker/client/compose/service/gerrit.yml b/docker/client/compose/service/gerrit.yml
index 69b2a2c..67af5eb 100644
--- a/docker/client/compose/service/gerrit.yml
+++ b/docker/client/compose/service/gerrit.yml
@@ -4,7 +4,6 @@
_param:
gerrit_ldap_server: ""
gerrit_ldap_bind_user: ""
- gerrit_ldap_bind_password: ""
gerrit_ldap_account_base: ""
gerrit_ldap_group_base: ""
gerrit_http_listen_url: http://*:8080/
diff --git a/docker/swarm/stack/dashboard.yml b/docker/swarm/stack/dashboard.yml
index 62a3e14..7b0eac5 100644
--- a/docker/swarm/stack/dashboard.yml
+++ b/docker/swarm/stack/dashboard.yml
@@ -6,7 +6,6 @@
grafana_database_type: sqlite3
grafana_database_host: localhost
grafana_database_port: 3306
- grafana_database_password: password
docker:
client:
stack:
diff --git a/docker/swarm/stack/gerrit.yml b/docker/swarm/stack/gerrit.yml
index 964899d..42af606 100644
--- a/docker/swarm/stack/gerrit.yml
+++ b/docker/swarm/stack/gerrit.yml
@@ -4,7 +4,6 @@
_param:
gerrit_ldap_server: ""
gerrit_ldap_bind_user: ""
- gerrit_ldap_bind_password: ""
gerrit_ldap_account_base: ""
gerrit_ldap_group_base: ""
gerrit_http_listen_url: http://*:8080/
diff --git a/docker/swarm/stack/janitor_monkey.yml b/docker/swarm/stack/janitor_monkey.yml
index 0cb8c43..b711e45 100644
--- a/docker/swarm/stack/janitor_monkey.yml
+++ b/docker/swarm/stack/janitor_monkey.yml
@@ -2,7 +2,7 @@
_param:
docker_janitor_monkey_replicas: 1
docker_mongodb_admin_username: admin
- docker_mongodb_admin_password: password
+# docker_mongodb_admin_password: password
docker_image_janitor_monkey: ${_param:mcp_docker_registry}/mirantis/oss/janitor-monkey
janitor_monkey_bind_host: cleanup-service-api
janitor_monkey_bind_port: 8080
@@ -17,7 +17,7 @@
janitor_monkey_base_url: http://${_param:janitor_monkey_mongodb_host}:${_param:janitor_monkey_mongodb_port}
janitor_monkey_mongodb_db: mcp_cloud
janitor_monkey_mongodb_username: janitor
- janitor_monkey_mongodb_password: password
+# janitor_monkey_mongodb_password: password
janitor_monkey_elasticsearch: ${_param:elasticsearch_bind_host}:${_param:elasticsearch_binary_bind_port}
janitor_monkey_cloudfire_region: RegionOne
janitor_monkey_cis_clustername: ${_param:elasticsearch_cluster_name}
@@ -30,7 +30,7 @@
project_name: admin
auth_url: http://yourcloud.com:5000/v3/auth/tokens
username: admin
- password: password
+# password: password
endpoint_type: public
ssl_verify: False
source_credentials_dir: /srv/volumes/rundeck/storage
diff --git a/docker/swarm/stack/keycloak.yml b/docker/swarm/stack/keycloak.yml
index 7dcb88a..3598282 100644
--- a/docker/swarm/stack/keycloak.yml
+++ b/docker/swarm/stack/keycloak.yml
@@ -6,7 +6,6 @@
keycloak_proxy_bind_port: ${_param:haproxy_keycloak_proxy_bind_port}
# Initial admin support
keycloak_admin_username: admin
- keycloak_admin_password: password
docker:
client:
stack:
diff --git a/docker/swarm/stack/kqueen.yml b/docker/swarm/stack/kqueen.yml
index 0c61ed9..24166ed 100644
--- a/docker/swarm/stack/kqueen.yml
+++ b/docker/swarm/stack/kqueen.yml
@@ -10,7 +10,6 @@
kqueen_api_prometheus_whitelist: '172.16.10.0/24' ##REcheck with network
kqueen_api_ldap_uri: 'ldap://ldap'
kqueen_api_ldap_dn: 'cn=admin,dc=example,dc=org'
- kqueen_api_ldap_password: 'password'
kqueen_api_auth_modules: 'local'
docker_kqueen_ui_replicas: 1
kqueen_ui_bind_port: ${_param:haproxy_kqueen_ui_bind_port}
@@ -26,7 +25,6 @@
kqueen_ui_secret_key: 'pasteyoursecret'
kqueen_api_bootstrap_admin: True
kqueen_api_admin_username: admin
- kqueen_api_admin_password: default
kqueen_api_admin_organization: MirantisCloudPlatform
kqueen_api_admin_namespace: mcp
docker:
diff --git a/docker/swarm/stack/postgresql.yml b/docker/swarm/stack/postgresql.yml
index b3936c6..619e0c2 100644
--- a/docker/swarm/stack/postgresql.yml
+++ b/docker/swarm/stack/postgresql.yml
@@ -7,7 +7,6 @@
postgresql_ssl:
enabled: false
postgresql_admin_user: postgres
- postgresql_admin_user_password: postgrespassword
docker:
client:
stack:
diff --git a/docker/swarm/stack/pushkin.yml b/docker/swarm/stack/pushkin.yml
index 2ee26e4..3bb1e17 100644
--- a/docker/swarm/stack/pushkin.yml
+++ b/docker/swarm/stack/pushkin.yml
@@ -13,13 +13,11 @@
pushkin_smtp_port: 587
pushkin_smtp_use_tls: true
webhook_from: your_sender@mail.com
- pushkin_email_sender_password: your_sender_password
webhook_recipients: "recepient1@mail.com,recepient2@mail.com"
webhook_login_id: 13
webhook_application_id: 24
sfdc_auth_url: https://login.salesforce.com/services/oauth2/token
sfdc_username: user@example.net
- sfdc_password: secret
sfdc_consumer_key: example_consumer_key
sfdc_consumer_secret: example_consumer_secret
sfdc_organization_id: example_organization_id
diff --git a/docker/swarm/stack/security_monkey.yml b/docker/swarm/stack/security_monkey.yml
index 5db205e..582a219 100644
--- a/docker/swarm/stack/security_monkey.yml
+++ b/docker/swarm/stack/security_monkey.yml
@@ -13,7 +13,7 @@
security_monkey_db: secmonkey
notification_service_url: http://${_param:pushkin_bind_host}:${_param:haproxy_pushkin_bind_port}/post_notification_json
security_monkey_user: devopsportal@devopsportal.local
- security_monkey_password: devopsportal
+# security_monkey_password: devopsportal
security_monkey_role: Justify
security_monkey_fqdn: ${_param:security_monkey_bind_host}
security_monkey_web_port: ${_param:security_monkey_bind_port}
@@ -26,7 +26,7 @@
os_account_name: mcp_cloud
auth_url: http://yourcloud.com:5000/v3/auth/tokens
username: admin
- password: password
+# password: password
project_domain_name: Default
project_name: admin
user_domain_name: Default
diff --git a/etcd/server/cluster.yml b/etcd/server/cluster.yml
index d9c1c8b..2314dc2 100644
--- a/etcd/server/cluster.yml
+++ b/etcd/server/cluster.yml
@@ -3,11 +3,6 @@
- service.etcd.support
- service.etcd.linux
parameters:
- _param:
- docker_image_etcd: quay.io/coreos/etcd:v3.3.10
- kubernetes_etcd_repo: https://github.com/etcd-io/etcd/releases/download
- kubernetes_etcd_source: ${_param:kubernetes_etcd_repo}/v3.3.10/etcd-v3.3.10-linux-amd64.tar.gz
- kubernetes_etcd_source_hash: md5=dbbe0d021ba497bf9d9cc9963d0c7a4b
etcd:
server:
enabled: true
diff --git a/etcd/server/single.yml b/etcd/server/single.yml
new file mode 100644
index 0000000..b36f743
--- /dev/null
+++ b/etcd/server/single.yml
@@ -0,0 +1,17 @@
+classes:
+- service.etcd.server.single
+- service.etcd.support
+- service.etcd.linux
+parameters:
+ etcd:
+ server:
+ enabled: true
+ image: ${_param:docker_image_etcd}
+ source:
+ engine: archive
+ etcd_source: ${_param:kubernetes_etcd_source}
+ etcd_source_hash: ${_param:kubernetes_etcd_source_hash}
+ bind:
+ host: ${_param:single_address}
+ ssl:
+ enabled: true
diff --git a/galera/server/clustercheck.yml b/galera/server/clustercheck.yml
index a5d7137..6213c58 100644
--- a/galera/server/clustercheck.yml
+++ b/galera/server/clustercheck.yml
@@ -1,6 +1,4 @@
parameters:
- _param:
- galera_clustercheck_password: clustercheck
galera:
clustercheck:
enabled: True
diff --git a/grafana/server/single.yml b/grafana/server/single.yml
index 775ce38..6303430 100644
--- a/grafana/server/single.yml
+++ b/grafana/server/single.yml
@@ -4,7 +4,6 @@
_param:
grafana_port: 3000
grafana_user: admin
- grafana_password: admin
grafana:
server:
enabled: true
diff --git a/graphite/collector/single.yml b/graphite/collector/single.yml
index 5ca5715..5442a3f 100644
--- a/graphite/collector/single.yml
+++ b/graphite/collector/single.yml
@@ -2,8 +2,6 @@
- service.memcached.server.local
- service.graphite.collector.single
parameters:
- _param:
- rabbitmq_monitor_password: password
carbon:
relay:
enabled: false
diff --git a/graphite/server/single.yml b/graphite/server/single.yml
index 237c65d..9c891d3 100644
--- a/graphite/server/single.yml
+++ b/graphite/server/single.yml
@@ -7,12 +7,7 @@
parameters:
_param:
graphite_secret_key: secret
- postgresql_graphite_password: password
apache2_site_graphite_host: ${_param:single_address}
- rabbitmq_graphite_password: password
- rabbitmq_monitor_password: password
- rabbitmq_admin_password: password
- rabbitmq_secret_key: password
apache:
server:
modules:
diff --git a/haproxy/proxy/listen/opencontrail/analytics.yml b/haproxy/proxy/listen/opencontrail/analytics.yml
index 14890ca..fd20277 100644
--- a/haproxy/proxy/listen/opencontrail/analytics.yml
+++ b/haproxy/proxy/listen/opencontrail/analytics.yml
@@ -1,6 +1,4 @@
parameters:
- _param:
- opencontrail_stats_password: password
haproxy:
proxy:
listen:
diff --git a/haproxy/proxy/listen/opencontrail/control.yml b/haproxy/proxy/listen/opencontrail/control.yml
index db407be..b704f04 100644
--- a/haproxy/proxy/listen/opencontrail/control.yml
+++ b/haproxy/proxy/listen/opencontrail/control.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- opencontrail_stats_password: password
opencontrail_api_start_offset: 0
opencontrail_api_workers_count: 1
haproxy:
diff --git a/haproxy/proxy/listen/opencontrail/control4_0.yml b/haproxy/proxy/listen/opencontrail/control4_0.yml
index baeb86e..22623fd 100644
--- a/haproxy/proxy/listen/opencontrail/control4_0.yml
+++ b/haproxy/proxy/listen/opencontrail/control4_0.yml
@@ -1,6 +1,5 @@
parameters:
_param:
- opencontrail_stats_password: password
opencontrail_api_start_offset: 0
opencontrail_api_workers_count: 1
haproxy:
diff --git a/heka/router/single.yml b/heka/router/single.yml
index 8801e42..bba6458 100644
--- a/heka/router/single.yml
+++ b/heka/router/single.yml
@@ -12,7 +12,6 @@
heka_router_prefetch_count: 20
rabbitmq_secret_key: secret_key
rabbitmq_admin_name: admin
- rabbitmq_admin_password: workshoplearning42
kibana_elasticsearch_host: localhost
heka:
shipper:
diff --git a/ironic/conductor/cluster.yml b/ironic/conductor/cluster.yml
index b733a87..8682c4c 100644
--- a/ironic/conductor/cluster.yml
+++ b/ironic/conductor/cluster.yml
@@ -15,6 +15,15 @@
ironic:
conductor:
api_url: '${_param:ironic_conductor_api_url_protocol}://${_param:cluster_baremetal_vip_address}:6385'
+ enabled_hardware_types:
+ - ipmi
+ enabled_boot_interfaces:
+ - pxe
+ default_deploy_interface: iscsi
+ enabled_management_interfaces:
+ - ipmitool
+ enabled_power_interfaces:
+ - ipmitool
database:
x509:
enabled: ${_param:openstack_mysql_x509_enabled}
diff --git a/ironic/conductor/single.yml b/ironic/conductor/single.yml
index 752f1cf..5c861eb 100644
--- a/ironic/conductor/single.yml
+++ b/ironic/conductor/single.yml
@@ -14,6 +14,15 @@
conductor:
enabled: true
version: ${_param:ironic_version}
+ enabled_hardware_types:
+ - ipmi
+ enabled_boot_interfaces:
+ - pxe
+ default_deploy_interface: iscsi
+ enabled_management_interfaces:
+ - ipmitool
+ enabled_power_interfaces:
+ - ipmitool
database:
x509:
enabled: ${_param:openstack_mysql_x509_enabled}
diff --git a/jenkins/client/init.yml b/jenkins/client/init.yml
index 77e328f..d1fa605 100644
--- a/jenkins/client/init.yml
+++ b/jenkins/client/init.yml
@@ -6,7 +6,6 @@
parameters:
_param:
jenkins_client_user: none
- jenkins_client_password: none
jenkins_master_host: ${_param:control_vip_address}
jenkins_aptly_storages: "local"
jenkins_master_url_prefix: ""
@@ -24,6 +23,9 @@
url: ${_param:jenkins_gerrit_url}/mcp-ci/pipeline-library
credential_id: gerrit
branch: ${_param:jenkins_pipelines_branch}
+ theme:
+ css_url: '/userContent/theme/mirantis.css'
+ js_url: '/userContent/theme/mirantis.js'
view:
Mirrors:
enabled: true
diff --git a/jenkins/client/job/deploy/galera_database_backup.yml b/jenkins/client/job/deploy/galera_database_backup.yml
new file mode 100644
index 0000000..e78c29b
--- /dev/null
+++ b/jenkins/client/job/deploy/galera_database_backup.yml
@@ -0,0 +1,33 @@
+parameters:
+ jenkins:
+ client:
+ job:
+ galera_backup_database:
+ type: workflow-scm
+ name: galera-database-backup
+ display_name: "Galera database backup"
+ discard:
+ build:
+ keep_num: 50
+ concurrent: true
+ scm:
+ type: git
+ url: "${_param:jenkins_gerrit_url}/mk/mk-pipelines"
+ branch: "${_param:jenkins_pipelines_branch}"
+ credentials: "gerrit"
+ script: galera-database-backup-pipeline.groovy
+ param:
+ SALT_MASTER_CREDENTIALS:
+ type: string
+ default: "salt"
+ OVERRIDE_BACKUP_NODE:
+ type: string
+ default: "none"
+ SALT_MASTER_URL:
+ type: string
+ default: "${_param:jenkins_salt_api_url}"
+ ASK_CONFIRMATION:
+ type: boolean
+ default: 'true'
+ triggers:
+ - timed: "${_param:backup_min} ${_param:backup_hour} ${_param:backup_day_of_month} ${_param:backup_month} ${_param:backup_day_of_week}"
diff --git a/jenkins/client/job/validate.yml b/jenkins/client/job/validate.yml
index ad3ab9e..d24db10 100644
--- a/jenkins/client/job/validate.yml
+++ b/jenkins/client/job/validate.yml
@@ -24,6 +24,40 @@
credentials: "gerrit"
script: validate-cloud.groovy
param:
+ ACCUMULATE_RESULTS:
+ type: boolean
+ default: 'true'
+ description: If chosen then previous build results will be used in the current build
+ JOB_TIMEOUT:
+ type: string
+ default: "3"
+ description: Job timeout in hours
+ RUN_RALLY_TESTS:
+ type: boolean
+ default: 'true'
+ description: |
+ If chosen, Rally tests will be executed. Please set K8S_RALLY='true' if you plan
+ to test K8S cluster with Rally framework. Special K8S plugin has to be utilized
+ RUN_TEMPEST_TESTS:
+ type: boolean
+ default: 'false'
+ description: If chosen then Tempest tests will be executed
+ RUN_SPT_TESTS:
+ type: boolean
+ default: 'false'
+ description: If chosen, SPT tests will be executed
+ TEST_IMAGE:
+ type: string
+ default: 'xrally/xrally-openstack:latest'
+ description: |
+ Docker image to use with required test set. Please use
+ 'xrally/xrally-openstack:latest' - for Rally tests
+ "${_param:mcp_docker_registry}/mirantis/oss/qa-tools" -
+ for SPT/Tempest environment setup
+ TARGET_NODE:
+ type: string
+ default: ""
+ description: Target node where this job will be executed from
SALT_MASTER_URL:
type: string
default: "${_param:jenkins_salt_api_url}"
@@ -32,151 +66,78 @@
type: string
default: "salt"
description: Credentials to the Salt API
- TEST_IMAGE:
- type: string
- default: "${_param:mcp_docker_registry}/mirantis/oss/qa-tools"
- description: Docker image to setup testing environment
- TARGET_NODE:
- type: string
- default: ""
- description: Target node where this job will be executed from
- RUN_RALLY_TESTS:
- type: boolean
- default: 'true'
- description: If chosen then Rally tests will be executed
- RUN_TEMPEST_TESTS:
- type: boolean
- default: 'true'
- description: If chosen then Tempest tests will be executed
- RUN_K8S_TESTS:
- type: boolean
- default: 'true'
- description: If chosen then K8S tests will be executed
- TEMPEST_TEST_SET:
- type: choice
- choices:
- - smoke
- - full
- description: Set of Tempest tests to run
- TEMPEST_CONFIG_REPO:
- type: string
- default: ""
- description: Git repository with configuration files for Tempest
- TEMPEST_CONFIG_BRANCH:
- type: string
- default: ""
- description: Git branch which will be used during the checkout
- TEMPEST_REPO:
- type: string
- default: ""
- description: Git repository with Tempest
- TEMPEST_VERSION:
- type: string
- default: ""
- description: Version of Tempest (tag, branch or commit)
- TEST_K8S_NODE:
- type: string
- default: ""
- description: Kubernetes node to run tests from
- TEST_K8S_API_SERVER:
- type: string
- default: "http://127.0.0.1:8080"
- description: API server parameter for K8S tests
- TEST_K8S_CONFORMANCE_IMAGE:
- type: string
- default: "docker-dev-virtual.docker.mirantis.net/mirantis/kubernetes/k8s-conformance:v1.7.5-2_1504192939316"
- description: Docker image to run K8S tests
- RUN_SPT_TESTS:
- type: boolean
- default: 'true'
- description: If chosen then SPT tests will be executed
- SPT_SSH_USER:
- type: string
- default: "root"
- description: Username that is used to ssh between cluster nodes
- FLOATING_NETWORK:
- type: string
- default: ""
- description: External(floating) network name (used in both SPT and Rally)
- SPT_IMAGE:
- type: string
- default: ""
- description: Image that is used for network-VM-to-VM-iperf-tests tests
- SPT_IMAGE_USER:
- type: string
- default: ""
- description: Username that is used to ssh to SPT_IMAGE
- SPT_FLAVOR:
- type: string
- default: ""
- description: Flavor name for SPT_IMAGE (make sure you have required flavor created)
- RALLY_IMAGE:
- type: string
- default: "cirros"
- RALLY_FLAVOR:
- type: string
- default: "m1.tiny"
- description: Flavor name for Rally scenarios
- RALLY_CONFIG_REPO:
- type: string
- default: ""
- description: Git repository with configuration files for Rally
- RALLY_CONFIG_BRANCH:
- type: string
- default: ""
- description: Git branch which will be used during the checkout
- RALLY_SCENARIOS:
- type: string
- default: ""
- description: Rally scenarios directory or file with scenarios
- RALLY_SL_SCENARIOS:
- type: string
- default: ""
- description: Stacklight Rally scenarios directory or file with scenarios
- RALLY_TASK_ARGS_FILE:
- type: string
- default: ""
- description: Rally scenarios arguments file
- AVAILABILITY_ZONE:
- type: string
- default: "nova"
- description: Name of availability zone
- GENERATE_REPORT:
- type: boolean
- default: 'true'
- description: If chosen then at the end of the test run HTML report will be generated
- ACCUMULATE_RESULTS:
- type: boolean
- default: 'true'
- description: If chosen then previous build results will be used in the current build
- RALLY_PLUGINS_REPO:
- type: string
- default: ""
- description: Git repository with Rally plugins
- RALLY_PLUGINS_BRANCH:
- type: string
- default: ""
- description: Git branch which will be used during the checkout
- K8S_RALLY:
- type: boolean
- default: 'false'
- description: If chosen then K8S Rally test will be executed
- STACKLIGHT_RALLY:
- type: boolean
- default: 'false'
- description: If chosen then Stacklight Rally test will be executed
- JOB_TIMEOUT:
- type: string
- default: "3"
- description: Job timeout in hours
- REPORT_DIR:
- type: string
- default: ""
- description: Path for reports outside docker image
- SKIP_LIST:
- type: string
- description: "Skip list for Rally test"
- default: ""
+ VALIDATE_PARAMS:
+ type: text
+ default: |
+ ---
+ rally:
+ # Name of availability zone
+ AVAILABILITY_ZONE: 'nova'
+ # External(floating) network name
+ FLOATING_NETWORK: 'public'
+ # Rally base image for glance
+ RALLY_IMAGE: 'cirros'
+ # Flavor name for Rally scenarios
+ RALLY_FLAVOR: 'm1.tiny'
+ # Git repository with configuration files for Rally
+ RALLY_CONFIG_REPO: 'https://github.com/Mirantis/scale-scenarios'
+ # Git branch which will be used during the checkout
+ RALLY_CONFIG_BRANCH: 'master'
+ # Git repository with Rally plugins
+ RALLY_PLUGINS_REPO: 'https://github.com/Mirantis/rally-plugins'
+ # Git branch which will be used during the checkout
+ RALLY_PLUGINS_BRANCH: 'master'
+ # Rally scenarios directory or file with scenarios
+ RALLY_SCENARIOS: 'rally-scenarios-light'
+ # Stacklight Rally scenarios directory or file with scenarios
+ RALLY_SL_SCENARIOS: 'rally-stacklight'
+ # Rally scenarios arguments file
+ RALLY_TASK_ARGS_FILE: 'job-params-light.yaml'
+ # Rally-compliant DB connection string for long-term results storing
+ RALLY_DB_CONN_STRING: ''
+ # List of tags for marking Rally tasks. Used as filter for Rally trends
+ RALLY_TAGS:
+ # - 'platform=openstack'
+ # - 'env=your_env_name'
+ # - 'cmp=2'
+ # Generate rally trends report. Requires an external DB
+ RALLY_TRENDS: 'false'
+ # If chosen K8S Rally plugin will be used to test K8S cluster
+ K8S_RALLY: 'false'
+ # If chosen then Stacklight Rally test will be executed
+ STACKLIGHT_RALLY: 'false'
+ # Path for reports outside docker image
+ REPORT_DIR: '/root/qa_results'
+ # Scenarios names/dirs to skip
+ SKIP_LIST: ''
+ tempest:
+ # Set of Tempest tests to run (smoke,full)
+ TEMPEST_TEST_SET: 'smoke'
+ # Git repository with configuration files for Tempest
+ TEMPEST_CONFIG_REPO: ''
+ # Git branch which will be used during the checkout
+ TEMPEST_CONFIG_BRANCH: ''
+ # description: Git repository with Tempest
+ TEMPEST_REPO: ''
+ # description: Version of Tempest (tag, branch or commit)
+ TEMPEST_VERSION: ''
+ # If chosen, run HTML report will be generated
+ GENERATE_REPORT: 'false'
+ spt:
+ # Name of availability zone
+ AVAILABILITY_ZONE: 'nova'
+ # External(floating) network name
+ FLOATING_NETWORK: 'public'
+ # Username that is used to ssh between cluster nodes
+ SPT_SSH_USER: 'root'
+ # Image that is used for network-VM-to-VM-iperf-tests tests
+ SPT_IMAGE: ''
+ # Username that is used to ssh to SPT_IMAGE
+ SPT_IMAGE_USER: ''
+ # Flavor name for SPT_IMAGE (make sure you have required flavor created)
+ SPT_FLAVOR: ''
+ # If chosen, run HTML report will be generated
+ GENERATE_REPORT: 'false'
cvp-sanity:
type: workflow-scm
name: cvp-sanity
diff --git a/jenkins/client/security/ldap.yml b/jenkins/client/security/ldap.yml
index ba53570..d47e74f 100644
--- a/jenkins/client/security/ldap.yml
+++ b/jenkins/client/security/ldap.yml
@@ -1,7 +1,6 @@
parameters:
_param:
jenkins_security_ldap_manager_dn: ''
- jenkins_security_ldap_manager_password: ''
jenkins_security_ldap_user_search_filter: 'uid={0}'
jenkins_security_ldap_user_search_base: ''
jenkins_security_ldap_group_search_base: ''
diff --git a/keepalived/cluster/instance/kube_api_server_vip.yml b/keepalived/cluster/instance/kube_api_server_vip.yml
index f7fbce8..42d95f1 100644
--- a/keepalived/cluster/instance/kube_api_server_vip.yml
+++ b/keepalived/cluster/instance/kube_api_server_vip.yml
@@ -8,7 +8,6 @@
keepalived_kube_apiserver_vrrp_script_content: "pidof haproxy && systemctl status kube-apiserver.service --quiet --no-pager"
keepalived_k8s_apiserver_vip_interface: ens3
keepalived_k8s_apiserver_vip_address: ${_param:kubernetes_control_address}
- keepalived_k8s_apiserver_vip_password: password
keepalived:
cluster:
vrrp_scripts:
@@ -25,4 +24,4 @@
interface: ${_param:keepalived_k8s_apiserver_vip_interface}
virtual_router_id: 60
priority: ${_param:keepalived_vip_priority}
- track_script: k8s_vip
\ No newline at end of file
+ track_script: k8s_vip
diff --git a/keepalived/cluster/instance/openstack_barbican_vip.yml b/keepalived/cluster/instance/openstack_barbican_vip.yml
index 3c733c4..f6e430f 100644
--- a/keepalived/cluster/instance/openstack_barbican_vip.yml
+++ b/keepalived/cluster/instance/openstack_barbican_vip.yml
@@ -3,7 +3,6 @@
parameters:
_param:
keepalived_openstack_barbican_vip_address: ${_param:cluster_vip_address}
- keepalived_openstack_barbican_vip_password: password
keepalived_openstack_barbican_vip_interface: eth1
keepalived_vip_virtual_router_id: 250
keepalived_vip_address: ${_param:keepalived_openstack_barbican_vip_address}
diff --git a/keepalived/cluster/instance/openstack_baremetal_vip.yml b/keepalived/cluster/instance/openstack_baremetal_vip.yml
index 355cf53..fe2b527 100644
--- a/keepalived/cluster/instance/openstack_baremetal_vip.yml
+++ b/keepalived/cluster/instance/openstack_baremetal_vip.yml
@@ -5,7 +5,6 @@
parameters:
_param:
keepalived_openstack_baremetal_vip_address: ${_param:cluster_baremetal_vip_address}
- keepalived_openstack_baremetal_password: password
keepalived_openstack_baremetal_vip_interface: eth1
keepalived_openstack_baremetal_vip_virtual_router_id: 132
keepalived_openstack_baremetal_vip_priority: ${_param:keepalived_vip_priority}
diff --git a/keepalived/cluster/instance/openstack_manila_vip.yml b/keepalived/cluster/instance/openstack_manila_vip.yml
index d8330c4..b87d998 100644
--- a/keepalived/cluster/instance/openstack_manila_vip.yml
+++ b/keepalived/cluster/instance/openstack_manila_vip.yml
@@ -3,7 +3,6 @@
parameters:
_param:
keepalived_openstack_manila_vip_address: ${_param:cluster_vip_address}
- keepalived_openstack_manila_vip_password: password
keepalived_openstack_manila_vip_interface: eth1
keepalived_vip_virtual_router_id: 235
keepalived_vip_address: ${_param:keepalived_openstack_manila_vip_address}
diff --git a/keepalived/cluster/instance/openstack_telemetry_vip.yml b/keepalived/cluster/instance/openstack_telemetry_vip.yml
index 5dc91a1..92aa048 100644
--- a/keepalived/cluster/instance/openstack_telemetry_vip.yml
+++ b/keepalived/cluster/instance/openstack_telemetry_vip.yml
@@ -3,7 +3,6 @@
parameters:
_param:
keepalived_openstack_telemetry_vip_address: ${_param:cluster_vip_address}
- keepalived_openstack_telemetry_vip_password: password
keepalived_openstack_telemetry_vip_interface: eth1
keepalived_vip_virtual_router_id: 230
keepalived_vip_address: ${_param:keepalived_openstack_telemetry_vip_address}
diff --git a/keepalived/cluster/instance/openstack_web_public_vip.yml b/keepalived/cluster/instance/openstack_web_public_vip.yml
index 363f23b..3efebd2 100644
--- a/keepalived/cluster/instance/openstack_web_public_vip.yml
+++ b/keepalived/cluster/instance/openstack_web_public_vip.yml
@@ -5,7 +5,6 @@
parameters:
_param:
keepalived_openstack_web_public_vip_address: ${_param:cluster_vip_address}
- keepalived_openstack_web_public_vip_password: password
keepalived_openstack_web_public_vip_interface: eth1
keepalived:
cluster:
diff --git a/keystone/client/core.yml b/keystone/client/core.yml
index 8c73b16..c965e6f 100644
--- a/keystone/client/core.yml
+++ b/keystone/client/core.yml
@@ -35,6 +35,7 @@
is_admin: true
password: ${_param:keystone_admin_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
admin_identity:
admin:
user: admin
diff --git a/keystone/client/image_manager.yml b/keystone/client/image_manager.yml
index becd512..3f7c773 100644
--- a/keystone/client/image_manager.yml
+++ b/keystone/client/image_manager.yml
@@ -21,5 +21,6 @@
is_admin: false
password: ${_param:keystone_image_manager_password}
email: ${_param:keystone_image_manager_email}
+ options: ${_param:openstack_service_user_options}
roles:
- image_manager
diff --git a/keystone/client/service/aodh.yml b/keystone/client/service/aodh.yml
index e7c8a0d..3d2dae0 100644
--- a/keystone/client/service/aodh.yml
+++ b/keystone/client/service/aodh.yml
@@ -15,6 +15,7 @@
is_admin: true
password: ${_param:keystone_aodh_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
aodh:
type: alarming
diff --git a/keystone/client/service/barbican.yml b/keystone/client/service/barbican.yml
index 8c975ba..1a65afd 100644
--- a/keystone/client/service/barbican.yml
+++ b/keystone/client/service/barbican.yml
@@ -16,6 +16,7 @@
barbican:
password: ${_param:keystone_barbican_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
- admin
- creator
diff --git a/keystone/client/service/billometer.yml b/keystone/client/service/billometer.yml
index 5aa1f2e..14c570e 100644
--- a/keystone/client/service/billometer.yml
+++ b/keystone/client/service/billometer.yml
@@ -14,6 +14,7 @@
is_admin: true
password: ${_param:keystone_billometer_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
billometer:
type: billing
diff --git a/keystone/client/service/ceilometer.yml b/keystone/client/service/ceilometer.yml
index e3bc485..131f3bb 100644
--- a/keystone/client/service/ceilometer.yml
+++ b/keystone/client/service/ceilometer.yml
@@ -16,6 +16,7 @@
is_admin: true
password: ${_param:keystone_ceilometer_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
ceilometer:
type: metering
diff --git a/keystone/client/service/cinder.yml b/keystone/client/service/cinder.yml
index cf27875..ec0b2ca 100644
--- a/keystone/client/service/cinder.yml
+++ b/keystone/client/service/cinder.yml
@@ -14,3 +14,4 @@
is_admin: true
password: ${_param:keystone_cinder_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
diff --git a/keystone/client/service/cinder2.yml b/keystone/client/service/cinder2.yml
index 997651a..fd8cbfc 100644
--- a/keystone/client/service/cinder2.yml
+++ b/keystone/client/service/cinder2.yml
@@ -14,6 +14,7 @@
is_admin: true
password: ${_param:keystone_cinder_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
cinderv2:
type: volumev2
diff --git a/keystone/client/service/cinder3.yml b/keystone/client/service/cinder3.yml
index 870c781..6280a7b 100644
--- a/keystone/client/service/cinder3.yml
+++ b/keystone/client/service/cinder3.yml
@@ -14,6 +14,7 @@
is_admin: true
password: ${_param:keystone_cinder_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
cinderv3:
type: volumev3
diff --git a/keystone/client/service/congress.yml b/keystone/client/service/congress.yml
index 1e1141b..e0a6754 100644
--- a/keystone/client/service/congress.yml
+++ b/keystone/client/service/congress.yml
@@ -14,6 +14,7 @@
is_admin: true
password: ${_param:keystone_congress_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
congress:
type: policy
diff --git a/keystone/client/service/contrail.yml b/keystone/client/service/contrail.yml
index ad2f6e2..6792156 100644
--- a/keystone/client/service/contrail.yml
+++ b/keystone/client/service/contrail.yml
@@ -14,6 +14,7 @@
is_admin: true
password: ${_param:opencontrail_admin_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
opencontrail:
type: contrail
diff --git a/keystone/client/service/designate.yml b/keystone/client/service/designate.yml
index 83bb7ef..80f3761 100644
--- a/keystone/client/service/designate.yml
+++ b/keystone/client/service/designate.yml
@@ -14,6 +14,7 @@
is_admin: true
password: ${_param:keystone_designate_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
designate:
type: dns
diff --git a/keystone/client/service/glance.yml b/keystone/client/service/glance.yml
index 8c6f39d..69b5d8b 100644
--- a/keystone/client/service/glance.yml
+++ b/keystone/client/service/glance.yml
@@ -14,6 +14,7 @@
is_admin: true
password: ${_param:keystone_glance_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
glance:
type: image
diff --git a/keystone/client/service/glare.yml b/keystone/client/service/glare.yml
index 24d827a..22d619f 100644
--- a/keystone/client/service/glare.yml
+++ b/keystone/client/service/glare.yml
@@ -12,6 +12,7 @@
is_admin: true
password: ${_param:keystone_glance_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
glare:
type: artifact
diff --git a/keystone/client/service/gnocchi.yml b/keystone/client/service/gnocchi.yml
index 0b46f36..2336a8c 100644
--- a/keystone/client/service/gnocchi.yml
+++ b/keystone/client/service/gnocchi.yml
@@ -17,6 +17,7 @@
is_admin: true
password: ${_param:keystone_gnocchi_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
gnocchi:
type: metric
diff --git a/keystone/client/service/heat.yml b/keystone/client/service/heat.yml
index e0bae14..9c17b06 100644
--- a/keystone/client/service/heat.yml
+++ b/keystone/client/service/heat.yml
@@ -17,6 +17,7 @@
is_admin: true
password: ${_param:keystone_heat_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
heat:
type: orchestration
diff --git a/keystone/client/service/ironic.yml b/keystone/client/service/ironic.yml
index 1466039..e350284 100644
--- a/keystone/client/service/ironic.yml
+++ b/keystone/client/service/ironic.yml
@@ -15,6 +15,7 @@
is_admin: true
password: ${_param:keystone_ironic_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
ironic:
type: baremetal
diff --git a/keystone/client/service/manila.yml b/keystone/client/service/manila.yml
index 358ed36..5cc66d2 100644
--- a/keystone/client/service/manila.yml
+++ b/keystone/client/service/manila.yml
@@ -14,6 +14,7 @@
is_admin: true
password: ${_param:keystone_manila_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
manila:
type: share
diff --git a/keystone/client/service/manila2.yml b/keystone/client/service/manila2.yml
index 38f2672..8cccc24 100644
--- a/keystone/client/service/manila2.yml
+++ b/keystone/client/service/manila2.yml
@@ -14,6 +14,7 @@
is_admin: true
password: ${_param:keystone_manila_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
manilav2:
type: sharev2
diff --git a/keystone/client/service/murano.yml b/keystone/client/service/murano.yml
index aa3cee3..1652ac2 100644
--- a/keystone/client/service/murano.yml
+++ b/keystone/client/service/murano.yml
@@ -12,6 +12,7 @@
is_admin: true
password: ${_param:keystone_murano_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
murano:
type: application-catalog
diff --git a/keystone/client/service/neutron.yml b/keystone/client/service/neutron.yml
index 33434c1..59e4b33 100644
--- a/keystone/client/service/neutron.yml
+++ b/keystone/client/service/neutron.yml
@@ -14,6 +14,7 @@
is_admin: true
password: ${_param:keystone_neutron_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
neutron:
type: network
diff --git a/keystone/client/service/nova.yml b/keystone/client/service/nova.yml
index 24a1dd5..22bbfc9 100644
--- a/keystone/client/service/nova.yml
+++ b/keystone/client/service/nova.yml
@@ -14,6 +14,7 @@
is_admin: true
password: ${_param:keystone_nova_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
nova:
type: compute
diff --git a/keystone/client/service/nova21.yml b/keystone/client/service/nova21.yml
index 2335f5a..27a0580 100644
--- a/keystone/client/service/nova21.yml
+++ b/keystone/client/service/nova21.yml
@@ -14,6 +14,7 @@
is_admin: true
password: ${_param:keystone_nova_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
nova20:
type: compute_legacy
diff --git a/keystone/client/service/octavia.yml b/keystone/client/service/octavia.yml
index a38d40e..c5ca83f 100644
--- a/keystone/client/service/octavia.yml
+++ b/keystone/client/service/octavia.yml
@@ -18,6 +18,7 @@
is_admin: true
password: ${_param:keystone_octavia_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
octavia:
type: load-balancer
diff --git a/keystone/client/service/panko.yml b/keystone/client/service/panko.yml
index 7ad4397..43897be 100644
--- a/keystone/client/service/panko.yml
+++ b/keystone/client/service/panko.yml
@@ -15,6 +15,7 @@
is_admin: true
password: ${_param:keystone_panko_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
panko:
type: event
diff --git a/keystone/client/service/radosgw-s3.yml b/keystone/client/service/radosgw-s3.yml
index b44d7eb..bcf596f 100644
--- a/keystone/client/service/radosgw-s3.yml
+++ b/keystone/client/service/radosgw-s3.yml
@@ -15,6 +15,7 @@
is_admin: true
password: ${_param:keystone_swift_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
radosgw-s3:
type: s3
diff --git a/keystone/client/service/radosgw-swift.yml b/keystone/client/service/radosgw-swift.yml
index cd495ee..c8b6569 100644
--- a/keystone/client/service/radosgw-swift.yml
+++ b/keystone/client/service/radosgw-swift.yml
@@ -17,6 +17,7 @@
is_admin: true
password: ${_param:keystone_swift_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
admin:
user:
admin:
diff --git a/keystone/client/service/sahara.yml b/keystone/client/service/sahara.yml
index 526649a..8d88168 100644
--- a/keystone/client/service/sahara.yml
+++ b/keystone/client/service/sahara.yml
@@ -12,6 +12,7 @@
is_admin: true
password: ${_param:keystone_sahara_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
sahara:
type: data-processing
diff --git a/keystone/client/service/swift-s3.yml b/keystone/client/service/swift-s3.yml
index d36d279..36050a4 100644
--- a/keystone/client/service/swift-s3.yml
+++ b/keystone/client/service/swift-s3.yml
@@ -12,6 +12,7 @@
is_admin: true
password: ${_param:keystone_swift_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
swift-s3:
type: object-store
diff --git a/keystone/client/service/swift.yml b/keystone/client/service/swift.yml
index b599d97..ddcaf26 100644
--- a/keystone/client/service/swift.yml
+++ b/keystone/client/service/swift.yml
@@ -12,6 +12,7 @@
is_admin: true
password: ${_param:keystone_swift_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
swift:
type: object-store
diff --git a/keystone/client/service/tacker.yml b/keystone/client/service/tacker.yml
index 28eef93..e1c7019 100644
--- a/keystone/client/service/tacker.yml
+++ b/keystone/client/service/tacker.yml
@@ -13,6 +13,7 @@
is_admin: true
password: ${_param:keystone_tacker_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
service:
tacker:
type: nfv-orchestration
diff --git a/keystone/client/single.yml b/keystone/client/single.yml
index 74d3e5b..20b2b91 100644
--- a/keystone/client/single.yml
+++ b/keystone/client/single.yml
@@ -43,6 +43,7 @@
is_admin: true
password: ${_param:keystone_admin_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
admin_identity:
admin:
user: admin
diff --git a/keystone/client/v3/service/aodh.yml b/keystone/client/v3/service/aodh.yml
index eafd92a..a4f217c 100644
--- a/keystone/client/v3/service/aodh.yml
+++ b/keystone/client/v3/service/aodh.yml
@@ -11,6 +11,7 @@
aodh:
password: ${_param:keystone_aodh_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/barbican.yml b/keystone/client/v3/service/barbican.yml
index 93ce204..f008abc 100644
--- a/keystone/client/v3/service/barbican.yml
+++ b/keystone/client/v3/service/barbican.yml
@@ -16,6 +16,7 @@
barbican:
password: ${_param:keystone_barbican_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/billometer.yml b/keystone/client/v3/service/billometer.yml
index 0992519..9e115eb 100644
--- a/keystone/client/v3/service/billometer.yml
+++ b/keystone/client/v3/service/billometer.yml
@@ -5,10 +5,11 @@
client:
resources:
v3:
- user:
+ users:
billometer:
password: ${_param:keystone_billometer_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/ceilometer.yml b/keystone/client/v3/service/ceilometer.yml
index 727171e..9129773 100644
--- a/keystone/client/v3/service/ceilometer.yml
+++ b/keystone/client/v3/service/ceilometer.yml
@@ -10,6 +10,7 @@
ceilometer:
password: ${_param:keystone_ceilometer_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/cinder.yml b/keystone/client/v3/service/cinder.yml
index 4f6c76c..1dd279a 100644
--- a/keystone/client/v3/service/cinder.yml
+++ b/keystone/client/v3/service/cinder.yml
@@ -9,6 +9,7 @@
cinder:
password: ${_param:keystone_cinder_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/cinder2.yml b/keystone/client/v3/service/cinder2.yml
index 886edee..4d49d2b 100644
--- a/keystone/client/v3/service/cinder2.yml
+++ b/keystone/client/v3/service/cinder2.yml
@@ -9,6 +9,7 @@
cinder:
password: ${_param:keystone_cinder_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/cinder3.yml b/keystone/client/v3/service/cinder3.yml
index 9682186..a4465ac 100644
--- a/keystone/client/v3/service/cinder3.yml
+++ b/keystone/client/v3/service/cinder3.yml
@@ -9,6 +9,7 @@
cinder:
password: ${_param:keystone_cinder_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/congress.yml b/keystone/client/v3/service/congress.yml
index 15cce34..0d34181 100644
--- a/keystone/client/v3/service/congress.yml
+++ b/keystone/client/v3/service/congress.yml
@@ -9,6 +9,7 @@
congress:
password: ${_param:keystone_congress_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/contrail.yml b/keystone/client/v3/service/contrail.yml
index e6277d5..930804a 100644
--- a/keystone/client/v3/service/contrail.yml
+++ b/keystone/client/v3/service/contrail.yml
@@ -20,6 +20,7 @@
contrail:
password: ${_param:opencontrail_admin_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
is_admin: true
roles:
admin:
diff --git a/keystone/client/v3/service/designate.yml b/keystone/client/v3/service/designate.yml
index 821f2cb..271ea22 100644
--- a/keystone/client/v3/service/designate.yml
+++ b/keystone/client/v3/service/designate.yml
@@ -9,6 +9,7 @@
designate:
password: ${_param:keystone_designate_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/glance.yml b/keystone/client/v3/service/glance.yml
index a690a73..0e01709 100644
--- a/keystone/client/v3/service/glance.yml
+++ b/keystone/client/v3/service/glance.yml
@@ -9,6 +9,7 @@
glance:
password: ${_param:keystone_glance_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/gnocchi.yml b/keystone/client/v3/service/gnocchi.yml
index 6a11023..63241db 100644
--- a/keystone/client/v3/service/gnocchi.yml
+++ b/keystone/client/v3/service/gnocchi.yml
@@ -10,6 +10,7 @@
gnocchi:
password: ${_param:keystone_gnocchi_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/heat.yml b/keystone/client/v3/service/heat.yml
index a1b248f..54c8f0b 100644
--- a/keystone/client/v3/service/heat.yml
+++ b/keystone/client/v3/service/heat.yml
@@ -16,6 +16,7 @@
heat:
password: ${_param:keystone_heat_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/ironic.yml b/keystone/client/v3/service/ironic.yml
index 216049c..bd2795b 100644
--- a/keystone/client/v3/service/ironic.yml
+++ b/keystone/client/v3/service/ironic.yml
@@ -10,6 +10,7 @@
ironic:
password: ${_param:keystone_ironic_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/keystone.yml b/keystone/client/v3/service/keystone.yml
index ab3b29c..6c005c7 100644
--- a/keystone/client/v3/service/keystone.yml
+++ b/keystone/client/v3/service/keystone.yml
@@ -24,6 +24,7 @@
admin:
password: ${_param:keystone_admin_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/manila.yml b/keystone/client/v3/service/manila.yml
index 9030c98..bb90159 100644
--- a/keystone/client/v3/service/manila.yml
+++ b/keystone/client/v3/service/manila.yml
@@ -9,6 +9,7 @@
manila:
password: ${_param:keystone_manila_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/manila2.yml b/keystone/client/v3/service/manila2.yml
index 06aa44e..f5771ad 100644
--- a/keystone/client/v3/service/manila2.yml
+++ b/keystone/client/v3/service/manila2.yml
@@ -9,6 +9,7 @@
manila:
password: ${_param:keystone_manila_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/neutron.yml b/keystone/client/v3/service/neutron.yml
index 2c1df47..6af16f9 100644
--- a/keystone/client/v3/service/neutron.yml
+++ b/keystone/client/v3/service/neutron.yml
@@ -9,6 +9,7 @@
neutron:
password: ${_param:keystone_neutron_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/nova.yml b/keystone/client/v3/service/nova.yml
index d2f76f6..d0c7366 100644
--- a/keystone/client/v3/service/nova.yml
+++ b/keystone/client/v3/service/nova.yml
@@ -9,6 +9,7 @@
nova:
password: ${_param:keystone_nova_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/nova21.yml b/keystone/client/v3/service/nova21.yml
index 5bccedf..85bd29f 100644
--- a/keystone/client/v3/service/nova21.yml
+++ b/keystone/client/v3/service/nova21.yml
@@ -9,6 +9,7 @@
nova:
password: ${_param:keystone_nova_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/octavia.yml b/keystone/client/v3/service/octavia.yml
index 26940ff..54c8bc9 100644
--- a/keystone/client/v3/service/octavia.yml
+++ b/keystone/client/v3/service/octavia.yml
@@ -26,6 +26,7 @@
octavia:
password: ${_param:keystone_octavia_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/panko.yml b/keystone/client/v3/service/panko.yml
index 5f4c70b..226f601 100644
--- a/keystone/client/v3/service/panko.yml
+++ b/keystone/client/v3/service/panko.yml
@@ -10,6 +10,7 @@
panko:
password: ${_param:keystone_panko_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/radosgw-s3.yml b/keystone/client/v3/service/radosgw-s3.yml
index 7c03f4a..1a7ae3c 100644
--- a/keystone/client/v3/service/radosgw-s3.yml
+++ b/keystone/client/v3/service/radosgw-s3.yml
@@ -4,12 +4,13 @@
radosgw_service_protocol: http
keystone:
client:
- resource:
+ resources:
v3:
users:
swift:
password: ${_param:keystone_swift_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/radosgw-swift.yml b/keystone/client/v3/service/radosgw-swift.yml
index d1acce3..2e78bb9 100644
--- a/keystone/client/v3/service/radosgw-swift.yml
+++ b/keystone/client/v3/service/radosgw-swift.yml
@@ -14,6 +14,7 @@
swift:
password: ${_param:keystone_swift_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/client/v3/service/tacker.yml b/keystone/client/v3/service/tacker.yml
index 8a01280..bddca05 100644
--- a/keystone/client/v3/service/tacker.yml
+++ b/keystone/client/v3/service/tacker.yml
@@ -10,6 +10,7 @@
tacker:
password: ${_param:keystone_tacker_password}
email: ${_param:admin_email}
+ options: ${_param:openstack_service_user_options}
roles:
service_admin:
name: admin
diff --git a/keystone/server/single.yml b/keystone/server/single.yml
index 9663488..014a6dc 100644
--- a/keystone/server/single.yml
+++ b/keystone/server/single.yml
@@ -9,10 +9,8 @@
parameters:
_param:
keystone_service_token: token
- keystone_admin_password: password
mysql_admin_user: root
- mysql_admin_password: password
- mysql_keystone_password: password
+ keystone_tokens_expiration: 3600
openstack_node_role: primary
keystone_service_protocol: ${_param:cluster_internal_protocol}
linux:
diff --git a/kubernetes/common/init.yml b/kubernetes/common/init.yml
index 0555271..bfbd98a 100644
--- a/kubernetes/common/init.yml
+++ b/kubernetes/common/init.yml
@@ -41,7 +41,7 @@
kubernetes_hyperkube_source: ${_param:kubernetes_hyperkube_repo}/hyperkube_v1.13.2-1_1549961718696
kubernetes_hyperkube_source_hash: md5=802e0ee43fd2a41e9ed84b0f867e70a2
kubernetes_pause_image: ${_param:mcp_docker_registry}/mirantis/kubernetes/pause-amd64:v1.13.2-1
- kubernetes_virtlet_image: ${_param:kubernetes_virtlet_repo}/virtlet:v1.4.4
+ kubernetes_virtlet_image: ${_param:kubernetes_virtlet_repo}/virtlet:v1.5.0
kubernetes_criproxy_version: v0.14.0
kubernetes_criproxy_checksum: md5=f0fa669295a156a588f3480c9909e6fd
kubernetes_netchecker_agent_image: ${_param:kubernetes_netchecker_agent_repo}/k8s-netchecker-agent:v1.2.2
@@ -131,7 +131,6 @@
kubernetes_openstack_provider_binary: ${_param:kubernetes_openstack_provider_repo}/openstack-cloud-controller-manager_v0.3.0-2_1549884015986
kubernetes_openstack_provider_binary_hash: md5=fd19a97527009aac72de7997744885fb
kubernetes_openstack_provider_cloud_user: admin
- kubernetes_openstack_provider_cloud_password: secret
kubernetes_openstack_provider_cloud_auth_url: http://127.0.0.1:5000/v3
kubernetes_openstack_provider_cloud_tenant_id: tenant_id
kubernetes_openstack_provider_cloud_domain_id: default
diff --git a/kubernetes/control/opencontrail.yml b/kubernetes/control/opencontrail.yml
index 75e3b0d..8cdd97c 100644
--- a/kubernetes/control/opencontrail.yml
+++ b/kubernetes/control/opencontrail.yml
@@ -1,12 +1,10 @@
parameters:
_param:
opencontrail_identity_user: admin
- opencontrail_identity_password: contrail123
opencontrail_identity_tenant: admin
opencontrail_public_ip_range: 172.17.47.128/25
opencontrail_public_ip_network: default-domain:default-project:Public
opencontrail_private_ip_range: 10.150.0.0/16
- opencontrail_message_queue_password: guest
kubernetes:
pool:
network:
diff --git a/kubernetes/control/services/drivetrain/gerrit.yml b/kubernetes/control/services/drivetrain/gerrit.yml
index 724ffc2..8350c56 100644
--- a/kubernetes/control/services/drivetrain/gerrit.yml
+++ b/kubernetes/control/services/drivetrain/gerrit.yml
@@ -3,7 +3,6 @@
gerrit_ldap_user_pattern: 'uid={username}'
gerrit_ldap_server: "ldap://openldap"
gerrit_ldap_bind_user: ""
- gerrit_ldap_bind_password: ""
gerrit_ldap_account_base: ""
gerrit_ldap_group_base: ""
gerrit_http_listen_url: proxy-http://*:8080/gerrit/
diff --git a/kubernetes/master/kdt_cluster.yml b/kubernetes/master/kdt_cluster.yml
new file mode 100644
index 0000000..00b0cce
--- /dev/null
+++ b/kubernetes/master/kdt_cluster.yml
@@ -0,0 +1,15 @@
+classes:
+- service.kubernetes.master.cluster
+- service.haproxy.proxy.single
+- system.haproxy.proxy.listen.kubernetes.apiserver
+- system.keepalived.cluster.instance.kdt_kube_api_server_vip
+- system.kubernetes.master.common
+parameters:
+ kubernetes:
+ master:
+ network:
+ calico:
+ prometheus:
+ enabled: true
+ policy:
+ enabled: false
diff --git a/linux/network/mcp.yml b/linux/network/mcp.yml
new file mode 100644
index 0000000..47ff7da
--- /dev/null
+++ b/linux/network/mcp.yml
@@ -0,0 +1,4 @@
+parameters:
+ linux:
+ network:
+ tap_custom_txqueuelen: 10000
\ No newline at end of file
diff --git a/linux/system/single/mcp.yml b/linux/system/single/mcp.yml
index e8ca938..74afc08 100644
--- a/linux/system/single/mcp.yml
+++ b/linux/system/single/mcp.yml
@@ -1,4 +1,5 @@
classes:
+- system.linux.network.mcp
- system.linux.system.single.simple
- system.linux.system.repo.mcp.apt_mirantis.mirantis_pining
parameters:
@@ -44,6 +45,9 @@
- type: hard
item: nproc
value: 307200
+ package:
+ smartmontools:
+ version: latest
systemd:
system:
Manager:
diff --git a/neutron/control/opendaylight/cluster.yml b/neutron/control/opendaylight/cluster.yml
index 2f22403..91ed809 100644
--- a/neutron/control/opendaylight/cluster.yml
+++ b/neutron/control/opendaylight/cluster.yml
@@ -11,7 +11,7 @@
host: ${_param:opendaylight_service_host}
rest_api_port: 8282
user: admin
- password: admin
+# password: admin
ovsdb_connection: tcp:127.0.0.1:6639
router: ${_param:opendaylight_router}
mechanism:
diff --git a/neutron/control/opendaylight/single.yml b/neutron/control/opendaylight/single.yml
index c12d04a..333d2c2 100644
--- a/neutron/control/opendaylight/single.yml
+++ b/neutron/control/opendaylight/single.yml
@@ -11,7 +11,7 @@
host: ${_param:opendaylight_service_host}
rest_api_port: 8282
user: admin
- password: admin
+# password: admin
ovsdb_connection: tcp:127.0.0.1:6639
router: ${_param:opendaylight_router}
mechanism:
diff --git a/nova/compute/cluster.yml b/nova/compute/cluster.yml
index 7896a97..6df13f5 100644
--- a/nova/compute/cluster.yml
+++ b/nova/compute/cluster.yml
@@ -72,6 +72,8 @@
password: ${_param:keystone_nova_password}
tenant: service
protocol: ${_param:cluster_internal_protocol}
+ service_user:
+ enabled: ${_param:nova_service_user_enabled}
barbican:
enabled: ${_param:barbican_integration_enabled}
message_queue:
diff --git a/nova/compute/single.yml b/nova/compute/single.yml
index 836886e..16a3d06 100644
--- a/nova/compute/single.yml
+++ b/nova/compute/single.yml
@@ -73,6 +73,8 @@
region: ${_param:openstack_region}
barbican:
enabled: ${_param:barbican_integration_enabled}
+ service_user:
+ enabled: ${_param:nova_service_user_enabled}
message_queue:
engine: rabbitmq
host: ${_param:control_address}
diff --git a/nova/compute_ironic/cluster.yml b/nova/compute_ironic/cluster.yml
index 4d49198..bed113f 100644
--- a/nova/compute_ironic/cluster.yml
+++ b/nova/compute_ironic/cluster.yml
@@ -10,6 +10,9 @@
pkgs:
- nova-compute-ironic
instance_build_timeout: ${_param:nova_instance_build_timeout}
+ reserved_host_memory_mb: 0
+ reserved_host_disk_mb: 0
+ reserved_host_cpu: 0
database:
engine: mysql
host: ${_param:openstack_database_address}
@@ -26,6 +29,8 @@
password: ${_param:keystone_nova_password}
tenant: service
protocol: ${_param:cluster_internal_protocol}
+ service_user:
+ enabled: ${_param:nova_service_user_enabled}
message_queue:
engine: rabbitmq
port: 5672
diff --git a/nova/compute_ironic/single.yml b/nova/compute_ironic/single.yml
index befc742..6534e43 100644
--- a/nova/compute_ironic/single.yml
+++ b/nova/compute_ironic/single.yml
@@ -10,6 +10,9 @@
pkgs:
- nova-compute-ironic
instance_build_timeout: ${_param:nova_instance_build_timeout}
+ reserved_host_memory_mb: 0
+ reserved_host_disk_mb: 0
+ reserved_host_cpu: 0
database:
engine: mysql
host: ${_param:control_address}
@@ -26,6 +29,8 @@
password: ${_param:keystone_nova_password}
tenant: service
protocol: ${_param:cluster_internal_protocol}
+ service_user:
+ enabled: ${_param:nova_service_user_enabled}
message_queue:
engine: rabbitmq
port: 5672
diff --git a/nova/control/cluster.yml b/nova/control/cluster.yml
index 72bb558..2527b33 100644
--- a/nova/control/cluster.yml
+++ b/nova/control/cluster.yml
@@ -13,7 +13,6 @@
nova_cpu_allocation_ratio: 16.0
nova_ram_allocation_ratio: 1.5
nova_disk_allocation_ratio: 1.0
- metadata_password: metadataPass
linux:
system:
package:
@@ -63,6 +62,8 @@
password: ${_param:keystone_nova_password}
tenant: service
protocol: ${_param:cluster_internal_protocol}
+ service_user:
+ enabled: ${_param:nova_service_user_enabled}
barbican:
enabled: ${_param:barbican_integration_enabled}
message_queue:
diff --git a/nova/control/single.yml b/nova/control/single.yml
index d2cb013..0108af6 100644
--- a/nova/control/single.yml
+++ b/nova/control/single.yml
@@ -26,6 +26,8 @@
identity:
protocol: ${_param:cluster_internal_protocol}
region: ${_param:openstack_region}
+ service_user:
+ enabled: ${_param:nova_service_user_enabled}
network:
protocol: ${_param:cluster_internal_protocol}
region: ${_param:openstack_region}
diff --git a/opencontrail/control/analytics4_0.yml b/opencontrail/control/analytics4_0.yml
index f18babb..d60ed8b 100644
--- a/opencontrail/control/analytics4_0.yml
+++ b/opencontrail/control/analytics4_0.yml
@@ -19,7 +19,6 @@
opencontrail_message_queue_node02_address: ${_param:openstack_message_queue_node02_address}
opencontrail_message_queue_node03_address: ${_param:openstack_message_queue_node03_address}
opencontrail_message_queue_address: ${_param:openstack_message_queue_address}
- opencontrail_message_queue_password: guest
opencontrail_analytics_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analytics:${_param:opencontrail_image_tag}
opencontrail_analyticsdb_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analyticsdb:${_param:opencontrail_image_tag}
opencontrail_analytics_container_name: opencontrail_analytics_1
diff --git a/opencontrail/control/cluster4_0.yml b/opencontrail/control/cluster4_0.yml
index 95b0d90..129639c 100644
--- a/opencontrail/control/cluster4_0.yml
+++ b/opencontrail/control/cluster4_0.yml
@@ -20,7 +20,6 @@
opencontrail_message_queue_node02_address: ${_param:openstack_control_node02_address}
opencontrail_message_queue_node03_address: ${_param:openstack_control_node03_address}
opencontrail_message_queue_address: ${_param:openstack_control_address}
- opencontrail_message_queue_password: guest
opencontrail_analytics_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analytics:${_param:opencontrail_image_tag}
opencontrail_analyticsdb_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analyticsdb:${_param:opencontrail_image_tag}
opencontrail_controller_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-controller:${_param:opencontrail_image_tag}
diff --git a/opencontrail/control/cluster4_0_k8s.yml b/opencontrail/control/cluster4_0_k8s.yml
index cf9a8e7..e8d8b59 100644
--- a/opencontrail/control/cluster4_0_k8s.yml
+++ b/opencontrail/control/cluster4_0_k8s.yml
@@ -14,7 +14,6 @@
opencontrail_message_queue_node02_address: ${_param:openstack_control_node02_address}
opencontrail_message_queue_node03_address: ${_param:openstack_control_node03_address}
opencontrail_message_queue_address: ${_param:openstack_control_address}
- opencontrail_message_queue_password: guest
opencontrail_analytics_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analytics:${_param:opencontrail_image_tag}
opencontrail_analyticsdb_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analyticsdb:${_param:opencontrail_image_tag}
opencontrail_controller_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-controller:${_param:opencontrail_image_tag}
diff --git a/opencontrail/control/control4_0.yml b/opencontrail/control/control4_0.yml
index ba47959..a6dd1a0 100644
--- a/opencontrail/control/control4_0.yml
+++ b/opencontrail/control/control4_0.yml
@@ -14,7 +14,6 @@
opencontrail_message_queue_node01_address: ${_param:openstack_message_queue_node01_address}
opencontrail_message_queue_node02_address: ${_param:openstack_message_queue_node02_address}
opencontrail_message_queue_node03_address: ${_param:openstack_message_queue_node03_address}
- opencontrail_message_queue_password: guest
opencontrail_controller_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-controller:${_param:opencontrail_image_tag}
opencontrail_controller_container_name: opencontrail_controller_1
opencontrail_api_workers_count: 6
diff --git a/opencontrail/control/single4_0.yml b/opencontrail/control/single4_0.yml
index 9c11443..342eb98 100644
--- a/opencontrail/control/single4_0.yml
+++ b/opencontrail/control/single4_0.yml
@@ -16,7 +16,6 @@
opencontrail_controller_container_name: opencontrail_controller_1
opencontrail_analytics_container_name: opencontrail_analytics_1
opencontrail_analyticsdb_container_name: opencontrail_analyticsdb_1
- opencontrail_message_queue_password: guest
# Temprorary fix for MOS9 packages to pin old version of kafka
linux:
system:
diff --git a/openssh/server/team/mcp_qa.yml b/openssh/server/team/mcp_qa.yml
index f06e0ba..6ecefa5 100644
--- a/openssh/server/team/mcp_qa.yml
+++ b/openssh/server/team/mcp_qa.yml
@@ -17,6 +17,7 @@
- system.openssh.server.team.members.vryzhenkin
- system.openssh.server.team.members.sturivnyi
- system.openssh.server.team.members.ylobankov
+- system.openssh.server.team.members.ozhurba
# Deprecated users
- system.openssh.server.team.members.deprecated.ababich
- system.openssh.server.team.members.deprecated.akalach
diff --git a/openssh/server/team/members/aminasyan.yml b/openssh/server/team/members/aminasyan.yml
index 133047d..18ee3f0 100644
--- a/openssh/server/team/members/aminasyan.yml
+++ b/openssh/server/team/members/aminasyan.yml
@@ -16,4 +16,5 @@
enabled: true
public_keys:
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDaC1Esdbd0RgI4UrpYvZGckOW9PGaA5Q5CD0IRj/DB0RkxLpSaLJUPMml6xNhaL13nuQ7JnOmPKrzT8Vu3P5/rw2Kvo8rmXVoFTXj0xuzLlYJutqxpYj6zGQzzai4pXOtfNVOoKhwrLrQuJXOgNgWD0dECevNgA+6GLCVmAKCyzZxC89u5HpNVbv85fqn0Q2sgelxOHOlq2xEnqtcHX/MnMSSr8EjzcFXssshuYvgqanlbT1G63ie3RjbAzf/dSpqNpVaRJTB0RJpXrZyGnosxOjQpfkAY4VjfgdnRIFb1ul5JR6+Q25XBtS9DBWXq9dSpeLISENZG5THmO7vXhOD1 aminasyan@aminasyan-macbook.local
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDBH7+vVgUiiflgclsGBVoGeeSYocSHDkHsRKUOfprH/EPwoYM4mwPotKaO3u342U7Gakxhe9X95jpa1xk4O70w3rsTKERiBcvwM1GUeMoCjyNfUtseZku817wUj+NmU2/bo6YB/Jtuqx+QxxrzXrctowl7rkZud13gypKqVA4kaeT8cclSD0ZNAL99p7y8aXa3CuJ2nBzkzfM0/tuXGsiBZxDm7MzbIjySCTPJz8Y+n8rvmETfMG4smfl1E5R4o0AXpKwWUTZxQxx/BXh1jC9CxnDO/CccLdSY+jY7qvzhCvUsQf3v3Ppdi5wgqaVBf7SaLIeEsyqBwu6CMg1K6jHJt46sdiDSG79/SQHUsrrbVY9lA3tV5CAO0kz4Caae01k8BsO2lT9xLhed7V4ReAbAL3QBTvWMEob8ARQCB6EuaI7VxMcQvmoGK5Rf8/qh+B8JmbgAUyUy/j8qIjeZv4C7LbQO9z86AeGBrd6H5zDzlBL6RcyhvtVvOybovXLTujeMTyydqXfnZ7XTOEwp3lVzavsQO5ej1Ao5CJ/7yXFN3bpTO0fLFDSg/zzS2cME6J6KaT3dJLFfUpS/0hoQlOCV5L10LhZeh0Ot4GfVJ2tGOBQRnYGZHR2MpxQTZV/yhQDfYFBxZtvKcmAFdLTMaJ6GxLleuymJI4n4Vy3pg14O/w== aminasyan@artem
user: ${linux:system:user:aminasyan}
diff --git a/openssh/server/team/members/brucemathews.yml b/openssh/server/team/members/brucemathews.yml
index 0fc9b63..466ca1a 100644
--- a/openssh/server/team/members/brucemathews.yml
+++ b/openssh/server/team/members/brucemathews.yml
@@ -15,6 +15,6 @@
bmathews:
enabled: true
public_keys:
- - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC1tsh+T2JRsyblZBrF17b/Q2AelpY+gTc9BaMQMj1J/Y/aJZUjD22knG8away01DQ+Qew5/Kcx5k4AvmxWkncRX+7ye9sVJA6BQhwewkN/MiiDJ3hC8hNFfk8ki8arqPxasXZOWacT2DDXw7/gc+/DA4F35UvsMmD+JLVr4fkdzQuHre2QPbqs+6+KdHIl0nI+d3hCCd9Zsd1mYlJkDU7oLC085oIsIqToWTYKw6HFKMqocYzuN4TQKI3dySFpkjMXLz8SK8UVjXA+Lyu0ymIVmvGnVDNAImc9ZMeU+l6W4gpuLY30Zw5/8q8FkKBw5FYWgllmoixlwhNRJJ1Hf7tJ
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDdAYo193PNG03Da0EuqfKu+cFM8SqPCYs8rniu+RIhJtlEiezfdYX95zO8omR675pjmw0CgZQB6Bsv9G4eMLS+qpmL0gFWI3/qwDacZGgsLr5iCo6bnIgWx92Ze56O7T4drho8ZK2cnmlUtVK5fhAgKHv/fzssmumzUkyD0+n0qJZIvA9eUm4T55X3IRFqxe321wLQDmQOxUkSv+zAClIEbsR8IUkRiTT6y0IbozrTXJaUUwrBhd+qr68NQXnAiMIP7v9S2TYcL1Ufl2M2W7RB18sGeLmz9cEXNQ+2SZv4ZVeK2O6VnLnQoJjCwkyVBJ2nIuTqZNy51Std3xpkh0ah bmathews@1205-W541
user: ${linux:system:user:bmathews}
diff --git a/openssh/server/team/members/lmendes.yml b/openssh/server/team/members/lmendes.yml
new file mode 100644
index 0000000..e461c85
--- /dev/null
+++ b/openssh/server/team/members/lmendes.yml
@@ -0,0 +1,19 @@
+parameters:
+ linux:
+ system:
+ user:
+ lmendes:
+ enabled: true
+ name: lmendes
+ sudo: ${_param:linux_system_user_sudo}
+ full_name: Leandro Mendes
+ home: /home/lmendes
+ email: lmendes@mirantis.com
+ openssh:
+ server:
+ user:
+ lmendes:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQD44cCDiCstIu7i8fxM1BaHi9xbFrvKMWaExFgc+ygw+WXxqVpBRdjn+Tm41ItrfD2A5vHQ6Az/gKE2qBFIIjRqR/Qe3CuOOIES1aNGNsRQ2pBk8B7YQnrctOvikTLDbPGZWXKIOvVNL3Jd6BlRrfCc8JxJE0h5E+ssa+zIHlNP+CwCs+TYYuhzU0zrbqCN2sqjytSIAp+zkH9M653m3EKZ1XyaPuz2U5q2LWmfyjMoTjWzBadlaQdf5xROKgdewg+femcOkX/hImUtK3YPsGJAbjBLv1wtqVGUuPuGtYfG5RPHSC5s4KEGf+3VlLQk8jQvWfgIIpEhw7T8VbcLvBlJoqE2rSbCMyKQI/t61rMCFE3llBS1ZHtkPIp8efgiU7Dil8u0lIztzgVqlIvqV1tzw7yCKFYE8VRtQebtbreCkU6zrvUmJLArFMKaYWHMs28LsSz7QNce4DnqS1wehuvbnrvQCpc85d5U4w8Q1ZFDmTbmc1x+lEYHG7io0nhTt2u6H/7/JEbedNg7wrQLq7/w28jY3vY+aoa7QtE9LRxTBRm0wB0ROVXt/AC3v5ErrpkSvMl2TjGHIJqCLrmmt1xogKCTmDHbX55xhN6SkshuGYHy/y6qM+CpomTeqDBhvdbgAKHUnzT3TbJdfmuxa3ztra2pBTB7Yx5FIOQW7i/CUw== lmendes@mirantis.com
+ user: ${linux:system:user:lmendes}
diff --git a/openssh/server/team/members/npliashechnikov.yml b/openssh/server/team/members/npliashechnikov.yml
new file mode 100644
index 0000000..a5c8504
--- /dev/null
+++ b/openssh/server/team/members/npliashechnikov.yml
@@ -0,0 +1,19 @@
+parameters:
+ linux:
+ system:
+ user:
+ npliashechnikov:
+ email: npliashechnikov@mirantis.com
+ enabled: true
+ full_name: Nikolay Pliashechnykov
+ home: /home/npliashechnikov
+ name: npliashechnikov
+ sudo: ${_param:linux_system_user_sudo}
+ openssh:
+ server:
+ user:
+ npliashechnikov:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxy9ZNE+36U1W3vPxzMx++AujS8Ay9ZgJrfaa6YsWl1FeN87VuGucslHjLqFfiIYJLQl3m7tSLiAujQ/izBKDbfA5hd5z7JaCRB1LE+CehmCL0UVwsHflAi0tPn1tDrTcVGf/BRH0FsoZJo+KpOwohYGN8BMOpUIAP2SkGrE7cGbPrd9NbRqPW80iyIzsNIqzVKTcsh0CcJcr05V5n3or0GvteDMxl+mjAi6hpfx06a/bEfPLV10Ftl4+nIkbXr0KWA68uy7XmTlH+qgVUCMGwRP4mFaU63+uX45WboLKQ0aacPX833qvZJTIPe2FhAygoVoBwgOKBzrbnicBa9U+AQ== dkth1p3@lxf01p581
+ user: ${linux:system:user:npliashechnikov}
diff --git a/openssh/server/team/members/ozhurba.yml b/openssh/server/team/members/ozhurba.yml
new file mode 100644
index 0000000..3e9d779
--- /dev/null
+++ b/openssh/server/team/members/ozhurba.yml
@@ -0,0 +1,19 @@
+parameters:
+ linux:
+ system:
+ user:
+ ozhurba:
+ email: ozhurba@mirantis.com
+ enabled: true
+ full_name: Oleksii Zhurba
+ home: /home/ozhurba
+ name: ozhurba
+ sudo: ${_param:linux_system_user_sudo}
+ openssh:
+ server:
+ user:
+ ozhurba:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUwubPT8GWUeuPCdPeYlIuN8OaD0umc0JuyKWf5ViVhX3VqB6CwS6/ddm9fpbAedV/8J5l/Sl/usK/WuCPVBgKEuGtidRcrABxRt49q+aum5WRd6bsYv4UxFZmaDHKgg6g8LR7Ii26GPM/HdM1CdqnxpVicz7QRj3pgLDYLippg7RAktKkp4Jw7gkBFNR7UXGHr/5qX08VoUadbgWQP7OdHdgSxysqkSiN1Rr9URWEpwZ5wfblkbEzR1JBg6kYJAP3sTJvOQguFvFCVu6++/UX2wbrrc0+0eAO31lFUAIjboYLpWDj5Sj/ER3uwTX0dJw0wpSsa9lHn/LSZrJhrA5v ozhurba@zhurba-mac
+ user: ${linux:system:user:ozhurba}
diff --git a/openssh/server/team/services.yml b/openssh/server/team/services.yml
index 371c254..65e3cb1 100644
--- a/openssh/server/team/services.yml
+++ b/openssh/server/team/services.yml
@@ -24,6 +24,7 @@
- system.openssh.server.team.members.alis
- system.openssh.server.team.members.isviridov
- system.openssh.server.team.members.cdodda
+- system.openssh.server.team.members.lmendes
parameters:
_param:
linux_system_user_sudo: true
diff --git a/openssh/server/team/services_qa.yml b/openssh/server/team/services_qa.yml
index 682dd8a..553e6a7 100644
--- a/openssh/server/team/services_qa.yml
+++ b/openssh/server/team/services_qa.yml
@@ -1,50 +1,9 @@
+classes:
+- system.openssh.server.team.members.npliashechnikov
+- system.openssh.server.team.members.mchernik
+- system.openssh.server.team.members.osavatieiev
+- system.openssh.server.team.members.dkruglov
+
parameters:
_param:
linux_system_user_sudo: true
- linux:
- system:
- user:
- npliashechnikov:
- enabled: true
- name: npliashechnikov
- sudo: true
- full_name: Nikolay Pliashechnykov
- home: /home/npliashechnikov
- mchernik:
- enabled: true
- name: mchernik
- sudo: true
- full_name: Mikhail Chernik
- home: /home/mchernik
- ozhurba:
- enabled: true
- name: ozhurba
- sudo: true
- full_name: Oleksii Zhurba
- home: /home/ozhurba
- openssh:
- server:
- enabled: true
- user:
- npliashechnikov:
- enabled: true
- public_keys:
- - ${public_keys:npliashechnikov}
- user: ${linux:system:user:npliashechnikov}
- mchernik:
- enabled: true
- public_keys:
- - ${public_keys:mchernik}
- user: ${linux:system:user:mchernik}
- ozhurba:
- enabled: true
- public_keys:
- - ${public_keys:ozhurba}
- user: ${linux:system:user:ozhurba}
- public_keys:
- npliashechnikov:
- key: ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAxy9ZNE+36U1W3vPxzMx++AujS8Ay9ZgJrfaa6YsWl1FeN87VuGucslHjLqFfiIYJLQl3m7tSLiAujQ/izBKDbfA5hd5z7JaCRB1LE+CehmCL0UVwsHflAi0tPn1tDrTcVGf/BRH0FsoZJo+KpOwohYGN8BMOpUIAP2SkGrE7cGbPrd9NbRqPW80iyIzsNIqzVKTcsh0CcJcr05V5n3or0GvteDMxl+mjAi6hpfx06a/bEfPLV10Ftl4+nIkbXr0KWA68uy7XmTlH+qgVUCMGwRP4mFaU63+uX45WboLKQ0aacPX833qvZJTIPe2FhAygoVoBwgOKBzrbnicBa9U+AQ== dkth1p3@lxf01p581
- mchernik:
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCiYzcWNIP1K3DnSfztIZdMTl6zSr133eixsHDWWqI71Fj5UOny4kMH2P/qYk0WHhm7P9kwBNDgmJBY/eO5jb00D2w9BGHyvsOnkpAgzw5neL4ivRT7qLWkRdbcLo8AAFQN7VW+bgMb8gFfYWfttHyfkbJOQlU2xmi8fvhQ+2IM/12S0f0lP2uIYgVn8g9f+1OmtXKOWi/cKx0+6NYsuFjM2oVRlBhwlhPD2mI00rSL6zYjz/8GapPPkylQnds09NueNmrScjsPmJl6lPzU8maxHABZ/KctIZW/0ucMolv/3Ybm5FJIsj6YGUdz7AWzdE9o4tSfugFR3P7Ng/scxXpZ migel@mungo
- ozhurba:
- key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDUwubPT8GWUeuPCdPeYlIuN8OaD0umc0JuyKWf5ViVhX3VqB6CwS6/ddm9fpbAedV/8J5l/Sl/usK/WuCPVBgKEuGtidRcrABxRt49q+aum5WRd6bsYv4UxFZmaDHKgg6g8LR7Ii26GPM/HdM1CdqnxpVicz7QRj3pgLDYLippg7RAktKkp4Jw7gkBFNR7UXGHr/5qX08VoUadbgWQP7OdHdgSxysqkSiN1Rr9URWEpwZ5wfblkbEzR1JBg6kYJAP3sTJvOQguFvFCVu6++/UX2wbrrc0+0eAO31lFUAIjboYLpWDj5Sj/ER3uwTX0dJw0wpSsa9lHn/LSZrJhrA5v ozhurba@zhurba-mac
diff --git a/postgresql/client/init.yml b/postgresql/client/init.yml
index 95fdcdb..1775654 100644
--- a/postgresql/client/init.yml
+++ b/postgresql/client/init.yml
@@ -1,7 +1,6 @@
parameters:
_param:
postgresql_client_user: none
- postgresql_client_password: none
postgresql_client_host: ${_param:control_vip_address}
postgresql_client_port: 5432
postgresql:
diff --git a/postgresql/client/pushkin/alertmanager.yml b/postgresql/client/pushkin/alertmanager.yml
index 8e413da..bf01013 100644
--- a/postgresql/client/pushkin/alertmanager.yml
+++ b/postgresql/client/pushkin/alertmanager.yml
@@ -4,7 +4,6 @@
_param:
alertmanager_db_host: ${_param:haproxy_postgresql_bind_host}
alertmanager_db_user: alertmanager
- alertmanager_db_user_password: alertmanager
webhook_login_id: 13
webhook_application_id: 24
postgresql:
diff --git a/postgresql/client/pushkin/init.yml b/postgresql/client/pushkin/init.yml
index 5677646..26f8abe 100644
--- a/postgresql/client/pushkin/init.yml
+++ b/postgresql/client/pushkin/init.yml
@@ -4,7 +4,6 @@
_param:
pushkin_db_host: ${_param:haproxy_postgresql_bind_host}
pushkin_db_user: pushkin
- pushkin_db_user_password: pushkin
postgresql:
client:
server:
diff --git a/postgresql/client/pushkin/janitor_monkey.yml b/postgresql/client/pushkin/janitor_monkey.yml
index b56d098..78a3b27 100644
--- a/postgresql/client/pushkin/janitor_monkey.yml
+++ b/postgresql/client/pushkin/janitor_monkey.yml
@@ -4,7 +4,6 @@
_param:
janmonkey_db_host: ${_param:haproxy_postgresql_bind_host}
janmonkey_db_user: janmonkey
- janmonkey_db_user_password: janmonkey
janmonkey_login_id: 12
janmonkey_application_id: 2
postgresql:
diff --git a/postgresql/client/pushkin/security_monkey.yml b/postgresql/client/pushkin/security_monkey.yml
index 18154cd..1ebf4f4 100644
--- a/postgresql/client/pushkin/security_monkey.yml
+++ b/postgresql/client/pushkin/security_monkey.yml
@@ -4,7 +4,6 @@
_param:
secmonkey_db_host: ${_param:haproxy_postgresql_bind_host}
secmonkey_db_user: secmonkey
- secmonkey_db_user_password: secmonkey
postgresql:
client:
server:
diff --git a/postgresql/client/pushkin/sfdc.yml b/postgresql/client/pushkin/sfdc.yml
index 57af7fe..cfb1236 100644
--- a/postgresql/client/pushkin/sfdc.yml
+++ b/postgresql/client/pushkin/sfdc.yml
@@ -4,7 +4,6 @@
_param:
sfdc_db_host: ${_param:haproxy_postgresql_bind_host}
sfdc_db_user: sfdc
- sfdc_db_user_password: sfdc
sfdc_login_id: 14
sfdc_application_id: 4
postgresql:
diff --git a/postgresql/client/rundeck.yml b/postgresql/client/rundeck.yml
index 0c1102d..d4cd256 100644
--- a/postgresql/client/rundeck.yml
+++ b/postgresql/client/rundeck.yml
@@ -4,7 +4,6 @@
_param:
rundeck_db_host: ${_param:haproxy_postgresql_bind_host}
rundeck_db_user: rundeck
- rundeck_db_user_password: password
postgresql:
client:
server:
diff --git a/postgresql/client/security_monkey.yml b/postgresql/client/security_monkey.yml
index ab7a4c8..5693d6c 100644
--- a/postgresql/client/security_monkey.yml
+++ b/postgresql/client/security_monkey.yml
@@ -4,7 +4,6 @@
_param:
secmonkey_db_host: ${_param:haproxy_postgresql_bind_host}
secmonkey_db_user: secmonkey
- secmonkey_db_user_password: secmonkey
postgresql:
client:
server:
diff --git a/rabbitmq/server/vhost/catalog.yml b/rabbitmq/server/vhost/catalog.yml
index 23cb0f2..cd4b0cb 100644
--- a/rabbitmq/server/vhost/catalog.yml
+++ b/rabbitmq/server/vhost/catalog.yml
@@ -12,7 +12,7 @@
definition: '{"ha-mode": "all", "message-ttl": 120000}'
admin:
name: admin
- password: zeQuooQu47eed8esahpie2Lai8En9ohp
+ password: ${_param:rabbitmq_guest_password}
bind:
address: ${_param:single_address}
management:
diff --git a/rabbitmq/server/vhost/opencontrail.yml b/rabbitmq/server/vhost/opencontrail.yml
index 8f88cee..c29f7c8 100644
--- a/rabbitmq/server/vhost/opencontrail.yml
+++ b/rabbitmq/server/vhost/opencontrail.yml
@@ -5,7 +5,7 @@
'/':
enabled: true
user: guest
- password: guest
+ password: ${_param:rabbitmq_guest_password}
policies:
- name: HA
pattern: '^(?!amq\.).*'
diff --git a/rabbitmq/server/vhost/openstack/init.yml b/rabbitmq/server/vhost/openstack/init.yml
index 50b0814..5b440e7 100644
--- a/rabbitmq/server/vhost/openstack/init.yml
+++ b/rabbitmq/server/vhost/openstack/init.yml
@@ -8,7 +8,7 @@
'/':
enabled: true
user: guest
- password: guest
+ password: ${_param:rabbitmq_guest_password}
policies:
- name: HA
pattern: '^(?!amq\.).*'
diff --git a/rundeck/client/project/cicd.yml b/rundeck/client/project/cicd.yml
index e09d9f1..e8e528e 100644
--- a/rundeck/client/project/cicd.yml
+++ b/rundeck/client/project/cicd.yml
@@ -8,7 +8,7 @@
auth_url: http://yourcloud.com:5000/v3/auth/tokens
endpoint_type: publicURL
username: admin
- password: password
+# password: password
cert: plain-certificate
ssl_cert_file: cert.pem
project_name: admin
diff --git a/sensu/server/cluster.yml b/sensu/server/cluster.yml
index 5c8fe85..7f17a2c 100644
--- a/sensu/server/cluster.yml
+++ b/sensu/server/cluster.yml
@@ -6,10 +6,6 @@
- service.sensu.server.single
parameters:
_param:
- rabbitmq_secret_key: secret
- rabbitmq_admin_password: password
- rabbitmq_cold_password: password
- rabbitmq_monitor_password: password
sensu_message_queue_host: ${_param:cluster_vip_address}
cluster_redis_port: 6379
sensu:
diff --git a/sensu/server/dashboard.yml b/sensu/server/dashboard.yml
index 7cabe2b..98f480f 100644
--- a/sensu/server/dashboard.yml
+++ b/sensu/server/dashboard.yml
@@ -5,7 +5,6 @@
- service.sensu.server.single
parameters:
_param:
- rabbitmq_monitor_password: password
sensu_message_queue_host: 127.0.0.1
sensu:
dashboard:
diff --git a/sensu/server/single.yml b/sensu/server/single.yml
index 806b9ef..e3c4df9 100644
--- a/sensu/server/single.yml
+++ b/sensu/server/single.yml
@@ -4,5 +4,4 @@
- service.sensu.server.single
parameters:
_param:
- rabbitmq_monitor_password: password
sensu_message_queue_host: 127.0.0.1
diff --git a/xtrabackup/client/single.yml b/xtrabackup/client/single.yml
index 25fa6d2..cf88e28 100644
--- a/xtrabackup/client/single.yml
+++ b/xtrabackup/client/single.yml
@@ -6,4 +6,5 @@
xtrabackup_client_throttle: 0 # disabled
xtrabackup:
client:
+ cron: false
throttle: ${_param:xtrabackup_client_throttle}
diff --git a/xtrabackup/server/single.yml b/xtrabackup/server/single.yml
index 92d9fc3..34ba45d 100644
--- a/xtrabackup/server/single.yml
+++ b/xtrabackup/server/single.yml
@@ -3,6 +3,7 @@
parameters:
xtrabackup:
server:
+ cron: false
backup_dir: /srv/volumes/backup/xtrabackup
key:
xtrabackup_pub_key: