Merge "Remove sudo limits for support team"
diff --git a/.releasenotes/config.yaml b/.releasenotes/config.yaml
index 28db76e..bf103f9 100644
--- a/.releasenotes/config.yaml
+++ b/.releasenotes/config.yaml
@@ -9,10 +9,11 @@
prelude_section_name: summary
show_source: False
sections:
- - [features, New Features]
- - [upgrade, Upgrade Notes]
- - [fixes, Bug Fixes]
- - [other, Other Notes]
+ - [features, New features]
+ - [upgrades, Upgrade notes]
+ - [deprecations, Deprecation notes]
+ - [fixes, Bug fixes]
+ - [others, Other notes]
template: |
---
# Author the following sections or remove the section if it is not related.
@@ -21,38 +22,66 @@
# If you miss a section from the list below, please first submit a review
# adding it to .releasenotes/config.yaml.
#
+ # Format content with reStructuredText (RST).
+ # **Formatting examples:**
+ # - |
+ # This is a brief description of the feature. It may include a
+ # number of components:
+ #
+ # * List item 1
+ # * List item 2.
+ # This code block below will appear as part of the list item 2:
+ #
+ # .. code-block:: yaml
+ #
+ # classes:
+ # - system.class.to.load
+ #
+ # The code block below will appear on the same level as the feature
+ # description:
+ #
+ # .. code-block:: text
+ #
+ # provide model/formula pillar snippets
+
+
summary: >
This section is not mandatory. Use it to highlight the change.
features:
- - Use list to record summary of features.
- - |
- Provide detailed description with examples.
- Format with reStructuredText.
+ - Use the list to record summary of **NEW** features
+ - Provide detailed description of the feature indicating the use cases
+ when users benefit from using it
+ - Explain how the feature integrates into the overall reference
+ architecture of a deployment.
+ - Provide steps to deploy the feature (if the procedure is complicated
+ indicate during what stage of the deployment workflow it should be
+ deployed).
+ - Indicate limitations or incompatibility with other versions, if applicable.
+ - Provide a brief overview of how to use the feature after installation
+ (Day2 operations).
+ - Provide troubleshooting information, if any.
+ - Provide disaster recovery information (in case of hardware or software
+ failure.)
- .. code-block:: text
+ upgrades:
+ - Use the list to record summary of an **improvement** to an existing
+ functionality/feature
+ - Document how to use a feature.
+ - Document the related upgrade instructions.
+ - Indicate limitations, if applicable.
- provide model/formula pillar snippets
-
- upgrade:
- - |
- Document how to use a feature and related upgrade instructions.
+ deprecations:
+ - Use the list to record deprecated features.
+ - Explain the reason of deprecation.
+ - Point to the functionality that can be used instead.
fixes:
- - Use list to record summary of fixes.
- Quick and dirty `git log --oneline`.
+ - Use the list to record summary of a bug fix for blocker, critical,
+ and/or customer-found issues.
+ - Provide a brief summary of what has been fixed.
- other:
- - Author additional notes for the release.
- - Format with reStructuredText.
- - |
- Use this section if note is not related to one of the common sections:
- features, issues, upgrade, deprecations, security, fixes, api, cli
+ others:
+ - Author any additional notes. Use this section if note is not related to
+ any of the common sections above.
- * list item 1
- * list item 2
-
- .. code-block:: yaml
-
- classes:
- - system.class.to.load
diff --git a/.releasenotes/notes/add-releasenotes-20cce0cea873f011.yaml b/.releasenotes/notes/add-releasenotes-20cce0cea873f011.yaml
index 733776f..45b6749 100644
--- a/.releasenotes/notes/add-releasenotes-20cce0cea873f011.yaml
+++ b/.releasenotes/notes/add-releasenotes-20cce0cea873f011.yaml
@@ -1,18 +1,20 @@
---
summary: >
- Use "reno", an releasenotes configuration tool to record release notes.
- Documentation: https://docs.openstack.org/reno/latest
+ This is the test release of MCP Feature Update notes.
+ These notes are intended to detail the new functionality and
+ bug fixes released for Reclass model on a sprint basis.
- Example usage:
-
- .. code-block:: shell
-
- # to list/create/show release notes, run following commands
- reno -qd .releasenotes list
- reno -qd .releasenotes new releasenote-slug-title --edit
- reno -qd .releasenotes report --no-show-source
-
-other:
+others:
- |
- Added `reno <https://docs.openstack.org/reno/latest>_` configuration to track release notes
- within the reclass-system git repository.
+ Added `Reno <https://docs.openstack.org/reno/latest>_`, a release notes
+ configuration tool, to track release notes within the ``reclass-system``
+ Git repository.
+
+ To list/create/show release notes:
+
+ .. code-block:: shell
+
+ reno -qd .releasenotes list
+ reno -qd .releasenotes new releasenote-slug-title --edit
+ reno -qd .releasenotes report --no-show-source
+
diff --git a/docker/swarm/stack/monitoring/init.yml b/docker/swarm/stack/monitoring/init.yml
index 347319a..17a3a49 100644
--- a/docker/swarm/stack/monitoring/init.yml
+++ b/docker/swarm/stack/monitoring/init.yml
@@ -95,11 +95,11 @@
- ${prometheus:server:dir:config}:${_param:prometheus_server_config_directory}
- ${prometheus:server:dir:data}:${_param:prometheus_server_data_directory}
environment:
- config_dir: ${_param:prometheus_server_config_directory}
- data_dir: ${_param:prometheus_server_data_directory}
- bind_port: ${prometheus:server:bind:port}
- bind_address: ${prometheus:server:bind:address}
- storage_local_engine: ${prometheus:server:storage:local:engine}
- storage_local_retention: ${prometheus:server:storage:local:retention}
- storage_local_target_heap_size: ${prometheus:server:storage:local:target_heap_size}
- storage_local_num_fingerprint_mutexes: ${prometheus:server:storage:local:num_fingerprint_mutexes}
+ PROMETHEUS_CONFIG_DIR: ${_param:prometheus_server_config_directory}
+ PROMETHEUS_DATA_DIR: ${_param:prometheus_server_data_directory}
+ PROMETHEUS_BIND_PORT: ${prometheus:server:bind:port}
+ PROMETHEUS_BIND_ADDRESS: ${prometheus:server:bind:address}
+ PROMETHEUS_STORAGE_LOCAL_ENGINE: ${prometheus:server:storage:local:engine}
+ PROMETHEUS_STORAGE_LOCAL_RETENTION: ${prometheus:server:storage:local:retention}
+ PROMETHEUS_STORAGE_LOCAL_TARGET_HEAP_SIZE: ${prometheus:server:storage:local:target_heap_size}
+ PROMETHEUS_STORAGE_LOCAL_NUM_FINGERPRINT_MUTEXES: ${prometheus:server:storage:local:num_fingerprint_mutexes}
diff --git a/haproxy/proxy/listen/opencontrail/tor.yml b/haproxy/proxy/listen/opencontrail/tor.yml
new file mode 100644
index 0000000..0595ccd
--- /dev/null
+++ b/haproxy/proxy/listen/opencontrail/tor.yml
@@ -0,0 +1,19 @@
+parameters:
+ haproxy:
+ proxy:
+ listen:
+ contrail_tor01:
+ type: contrail-tor
+ service_name: contrail
+ binds:
+ - address: ${_param:cluster_vip_address}
+ port: 6631
+ servers:
+ - name: sw01
+ host: ${_param:cluster_node01_address}
+ port: 6632
+ params: check
+ - name: sw02
+ host: ${_param:cluster_node02_address}
+ port: 6632
+ params: check backup
diff --git a/helm/analytics_pipeline/hdfs.yml b/helm/analytics_pipeline/hdfs.yml
new file mode 100644
index 0000000..64e0cef
--- /dev/null
+++ b/helm/analytics_pipeline/hdfs.yml
@@ -0,0 +1,15 @@
+parameters:
+ _param:
+ analytics_hdfs_release: ${_param:analytics_release_prefix}hdfs
+ analytics_hdfs_address: hdfs-namenode-${_param:analytics_hdfs_release}-0.hdfs-namenode-${_param:analytics_hdfs_release}
+ helm:
+ client:
+ releases:
+ analytics-pipeline-hdfs:
+ enabled: ${_param:analytics_enabled}
+ name: ${_param:analytics_hdfs_release}
+ chart: ${_param:analytics_repo}/hdfs
+ values:
+ datanode:
+ replicas: 3
+ antiAffinity: soft
diff --git a/helm/analytics_pipeline/init.yml b/helm/analytics_pipeline/init.yml
new file mode 100644
index 0000000..f994efa
--- /dev/null
+++ b/helm/analytics_pipeline/init.yml
@@ -0,0 +1,19 @@
+classes:
+- system.helm.analytics_pipeline.zookeeper
+- system.helm.analytics_pipeline.kafka
+- system.helm.analytics_pipeline.spark
+- system.helm.analytics_pipeline.hdfs
+- system.helm.analytics_pipeline.tweepub
+- system.helm.analytics_pipeline.tweetics
+- system.helm.analytics_pipeline.tweeviz
+- service.helm.client
+parameters:
+ _param:
+ analytics_enabled: true
+ analytics_repo: mirantisworkloads
+ analytics_release_prefix: analytics-pipeline-
+ analytics_kafka_replicas: 3
+ helm:
+ client:
+ repos:
+ mirantisworkloads: https://mirantisworkloads.storage.googleapis.com/
diff --git a/helm/analytics_pipeline/kafka.yml b/helm/analytics_pipeline/kafka.yml
new file mode 100644
index 0000000..3c88299
--- /dev/null
+++ b/helm/analytics_pipeline/kafka.yml
@@ -0,0 +1,17 @@
+parameters:
+ _param:
+ analytics_kafka_release: ${_param:analytics_release_prefix}kafka
+ analytics_kafka_address: kafka-${_param:analytics_kafka_release}-0.kafka-${_param:analytics_kafka_release}:9092,kafka-${_param:analytics_kafka_release}-1.kafka-${_param:analytics_kafka_release}:9092,kafka-${_param:analytics_kafka_release}-2.kafka-${_param:analytics_kafka_release}:9092
+ helm:
+ client:
+ releases:
+ analytics-pipeline-kafka:
+ enabled: ${_param:analytics_enabled}
+ name: ${_param:analytics_kafka_release}
+ chart: ${_param:analytics_repo}/kafka
+ values:
+ replicas: ${_param:analytics_kafka_replicas}
+ antiAffinity: soft
+ zookeeper:
+ deployChart: false
+ externalAddress: ${_param:analytics_zookeeper_address}
diff --git a/helm/analytics_pipeline/spark.yml b/helm/analytics_pipeline/spark.yml
new file mode 100644
index 0000000..aeb2856
--- /dev/null
+++ b/helm/analytics_pipeline/spark.yml
@@ -0,0 +1,20 @@
+parameters:
+ _param:
+ analytics_spark_release: ${_param:analytics_release_prefix}spark
+ analytics_spark_address: spark-master-${_param:analytics_spark_release}-0.spark-master-${_param:analytics_spark_release}:7077,spark-master-${_param:analytics_spark_release}-1.spark-master-${_param:analytics_spark_release}:7077
+ helm:
+ client:
+ releases:
+ analytics-pipeline-spark:
+ enabled: ${_param:analytics_enabled}
+ name: ${_param:analytics_spark_release}
+ chart: ${_param:analytics_repo}/spark
+ values:
+ spark:
+ master:
+ replicas: 1
+ worker:
+ replicas: 3
+ zookeeper:
+ deployChart: false
+ externalAddress: ${_param:analytics_zookeeper_address}
diff --git a/helm/analytics_pipeline/tweepub.yml b/helm/analytics_pipeline/tweepub.yml
new file mode 100644
index 0000000..42678a3
--- /dev/null
+++ b/helm/analytics_pipeline/tweepub.yml
@@ -0,0 +1,23 @@
+parameters:
+ _param:
+ analytics_tweepub_release: ${_param:analytics_release_prefix}tweepub
+ helm:
+ client:
+ releases:
+ analytics-pipeline-tweepub:
+ enabled: ${_param:analytics_enabled}
+ name: ${_param:analytics_tweepub_release}
+ chart: ${_param:analytics_repo}/tweepub
+ values:
+ twitter:
+ appKey: ${_param:analytics_twitter_app_key}
+ appSecret: ${_param:analytics_twitter_app_secret}
+ tokenKey: ${_param:analytics_twitter_token_key}
+ tokenSecret: ${_param:analytics_twitter_token_secret}
+
+ # San Francisco, Boston, New York
+ locations: -71.4415,41.9860,-70.4747,42.9041,-122.75,36.8,-121.75,37.8,-74,40,-73,41
+ kafka:
+ deployChart: false
+ externalAddress: ${_param:analytics_kafka_address}
+ topic: twitter-stream
diff --git a/helm/analytics_pipeline/tweetics.yml b/helm/analytics_pipeline/tweetics.yml
new file mode 100644
index 0000000..de438bf
--- /dev/null
+++ b/helm/analytics_pipeline/tweetics.yml
@@ -0,0 +1,27 @@
+parameters:
+ _param:
+ analytics_tweetics_release: ${_param:analytics_release_prefix}tweetics
+ helm:
+ client:
+ releases:
+ analytics-pipeline-tweetics:
+ enabled: ${_param:analytics_enabled}
+ name: ${_param:analytics_tweetics_release}
+ chart: ${_param:analytics_repo}/tweetics
+ values:
+ minHashtagCounts: 0
+ zookeeper:
+ deployChart: false
+ externalAddress: ${_param:analytics_zookeeper_address}
+ kafka:
+ deployChart: false
+ externalAddress: ${_param:analytics_kafka_address}
+ topic: twitter-stream
+ spark:
+ deployChart: false
+ externalAddress: ${_param:analytics_spark_address}
+ storage: hdfs
+ hdfs:
+ deployChart: false
+ externalAddress: ${_param:analytics_hdfs_address}
+ path: /twitter
diff --git a/helm/analytics_pipeline/tweeviz.yml b/helm/analytics_pipeline/tweeviz.yml
new file mode 100644
index 0000000..d8f7aef
--- /dev/null
+++ b/helm/analytics_pipeline/tweeviz.yml
@@ -0,0 +1,19 @@
+parameters:
+ _param:
+ analytics_tweeviz_release: ${_param:analytics_release_prefix}tweeviz
+ helm:
+ client:
+ releases:
+ analytics-pipeline-tweeviz:
+ enabled: ${_param:analytics_enabled}
+ name: ${_param:analytics_tweeviz_release}
+ chart: ${_param:analytics_repo}/tweeviz
+ values:
+ minPopularity: 1
+ topListSize: 25
+ storage: hdfs
+ hdfs:
+ deployChart: false
+ externalAddress: ${_param:analytics_hdfs_address}
+ path: /
+ externalPort: 8020
diff --git a/helm/analytics_pipeline/zookeeper.yml b/helm/analytics_pipeline/zookeeper.yml
new file mode 100644
index 0000000..698510d
--- /dev/null
+++ b/helm/analytics_pipeline/zookeeper.yml
@@ -0,0 +1,14 @@
+parameters:
+ _param:
+ analytics_zookeeper_release: ${_param:analytics_release_prefix}zookeeper
+ analytics_zookeeper_address: zk-${_param:analytics_zookeeper_release}-0.zk-${_param:analytics_zookeeper_release}:2181,zk-${_param:analytics_zookeeper_release}-1.zk-${_param:analytics_zookeeper_release}:2181,zk-${_param:analytics_zookeeper_release}-2.zk-${_param:analytics_zookeeper_release}:2181
+ helm:
+ client:
+ releases:
+ analytics-pipeline-zookeeper:
+ enabled: ${_param:analytics_enabled}
+ name: ${_param:analytics_zookeeper_release}
+ chart: ${_param:analytics_repo}/zookeeper
+ values:
+ replicas: 3
+ antiAffinity: soft
diff --git a/jenkins/client/approved_scripts.yml b/jenkins/client/approved_scripts.yml
index 99f2492..b187e26 100644
--- a/jenkins/client/approved_scripts.yml
+++ b/jenkins/client/approved_scripts.yml
@@ -127,3 +127,5 @@
- method java.io.File listFiles
- method java.lang.String concat java.lang.String
- method org.jenkinsci.plugins.workflow.steps.FlowInterruptedException getCauses
+ - method org.jenkinsci.plugins.workflow.support.steps.build.RunWrapper getRawBuild
+ - method hudson.model.Actionable getAction java.lang.Class
diff --git a/jenkins/client/init.yml b/jenkins/client/init.yml
index b37c48f..7d87ffe 100644
--- a/jenkins/client/init.yml
+++ b/jenkins/client/init.yml
@@ -16,7 +16,6 @@
username: ${_param:jenkins_client_user}
password: ${_param:jenkins_client_password}
plugin:
- ansicolor: {}
artifactory: {}
build-blocker-plugin: {}
build-monitor-plugin: {}
@@ -39,7 +38,6 @@
simple-theme-plugin: {}
slack: {}
test-stability: {}
- timestamper: {}
workflow-cps: {}
workflow-remote-loader: {}
workflow-scm-step:
diff --git a/jenkins/client/job/deploy/lab/component/ceph.yml b/jenkins/client/job/deploy/lab/component/ceph.yml
index f8953b6..e9e3d64 100644
--- a/jenkins/client/job/deploy/lab/component/ceph.yml
+++ b/jenkins/client/job/deploy/lab/component/ceph.yml
@@ -14,4 +14,4 @@
stack_type: aws
stack_install: core,ceph
stack_test: "ceph"
- job_timer: ""
+ job_timer: "H H * * *"
diff --git a/jenkins/client/job/opencontrail/build/dpdk-extra.yml b/jenkins/client/job/opencontrail/build/dpdk-extra.yml
index 156cedb..53e1ae3 100644
--- a/jenkins/client/job/opencontrail/build/dpdk-extra.yml
+++ b/jenkins/client/job/opencontrail/build/dpdk-extra.yml
@@ -1,4 +1,6 @@
parameters:
+ _param:
+ jenkins_contrail_dpdk_kernel_modules_dkms: "${_param:jenkins_gerrit_url}/contrail/contrail-dpdk-kernel-modules-dkms"
jenkins:
client:
job_template:
@@ -84,3 +86,52 @@
description: "binary packages to create"
type: string
default: "{{binary}}"
+ build-opencontrail-dpdk-kernel-modules-dkms:
+ name: build-opencontrail-dpdk-kernel-modules-dkms-{{os}}-{{dist}}-{{dpdk}}
+ jobs:
+ - os: ubuntu
+ dist: xenial
+ branch: contrail_dpdk_2_1
+ dpdk: "21"
+ aptly_repo: ubuntu-xenial-mitaka
+ - os: ubuntu
+ dist: xenial
+ dpdk: "1702"
+ branch: contrail_dpdk_17_02
+ aptly_repo: ubuntu-xenial-oc40-dpdk1702
+ template:
+ discard:
+ build:
+ keep_num: 5
+ artifact:
+ keep_num: 5
+ type: workflow-scm
+ concurrent: false
+ quiet_period: 120
+ scm:
+ type: git
+ url: "${_param:jenkins_contrail_dpdk_kernel_modules_dkms}"
+ credentials: "gerrit"
+ branch: "{{branch}}"
+ param:
+ SOURCE_BRANCH:
+ type: string
+ default: "{{branch}}"
+ SOURCE_CREDENTIALS:
+ type: string
+ default: "gerrit"
+ APTLY_URL:
+ type: string
+ default: "${_param:jenkins_aptly_api_url}"
+ APTLY_REPO:
+ type: string
+ default: "{{aptly_repo}}"
+ OS:
+ type: string
+ default: "{{os}}"
+ DIST:
+ type: string
+ default: "{{dist}}"
+ ARCH:
+ type: string
+ default: "amd64"
diff --git a/linux/system/repo/aptly.yml b/linux/system/repo/aptly.yml
new file mode 100644
index 0000000..330ba03
--- /dev/null
+++ b/linux/system/repo/aptly.yml
@@ -0,0 +1,9 @@
+parameters:
+ linux:
+ system:
+ repo:
+ aptly:
+ source: "deb http://repo.aptly.info/ squeeze main"
+ architectures: amd64
+ key_id: 9E3E53F19C7DE460
+ key_server: keys.gnupg.net
diff --git a/linux/system/single.yml b/linux/system/single.yml
index e2a8502..928efda 100644
--- a/linux/system/single.yml
+++ b/linux/system/single.yml
@@ -35,6 +35,8 @@
net.ipv4.neigh.default.gc_thresh2: 8192
net.ipv4.neigh.default.gc_thresh3: 16384
net.core.netdev_max_backlog: 261144
+ net.ipv4.tcp_tw_recycle: 1
+ net.ipv4.tcp_tw_reuse: 1
kernel.panic: 60
cpu:
governor: performance
diff --git a/opencontrail/compute/tor/cluster.yml b/opencontrail/compute/tor/cluster.yml
new file mode 100644
index 0000000..662de03
--- /dev/null
+++ b/opencontrail/compute/tor/cluster.yml
@@ -0,0 +1,4 @@
+classes:
+- service.haproxy.proxy.single
+- service.keepalived.cluster.single
+- service.opencontrail.compute.tor.cluster
diff --git a/openssh/server/team/all.yml b/openssh/server/team/all.yml
index 4dcb121..1fea51d 100644
--- a/openssh/server/team/all.yml
+++ b/openssh/server/team/all.yml
@@ -5,7 +5,9 @@
- system.openssh.server.team.mcp_ci
- system.openssh.server.team.mmo_devops
- system.openssh.server.team.presales
-- system.openssh.server.team.support
+- system.openssh.server.team.services
+# avoid teams w/sudo group restrictions, or override restrictions
+#- system.openssh.server.team.support
- system.openssh.server.team.stacklight
- system.openssh.server.team.networking
- system.openssh.server.team.oss_team
diff --git a/openssh/server/team/members/chnyda.yml b/openssh/server/team/members/chnyda.yml
new file mode 100644
index 0000000..2bcecaf
--- /dev/null
+++ b/openssh/server/team/members/chnyda.yml
@@ -0,0 +1,20 @@
+parameters:
+ linux:
+ system:
+ user:
+ chnyda:
+ enabled: true
+ name: chnyda
+ sudo: true
+ full_name: Cedric Hnyda
+ home: /home/chnyda
+ email: chnyda@mirantis.com
+ openssh:
+ server:
+ enabled: true
+ user:
+ chnyda:
+ enabled: true
+ public_keys:
+ - key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDHmLTwDSFslOUVo4ViT0bqVLhSaweuLt0QNWhnIaSPgqWhHOSkdqt3+Tg4l8Vd4O4Z44Yv/rXqhmO5X1AIytNccA6+nJe4Km3JC6QzG6npS3ghtHWDU3DOGgWd5RrULviEDSIj1w1oG8oHxdycGkbfjApAkiDR/xr7NHhTcPhEuvn/q7i1raj4vpNdIrR+cr6XA3l+I4cmaizpjuWaFrag1q24RS7PVEUmcPRSODrkdwFREsrLkIlIgtIoMIIjtEDdk1RU/loiXrNwuVRI3KTLqhheFlHedQd13uzpn66KF6UVlZAm+k2y2jLdEi5IFKD3g6mmWsNH6xSZYVn6d84/XvLjMsS/UL+WHr5xetHNSi3RtQOkCPYphq1KcRAXLwH0dgtDwfyg2F+5ezG3wMsZAqD3KiaGNmDcA6R19Fpjm0S4SXa+QnX5eZcO9DS5cYTjs8F2T9Vsaspvwc0U80M6+JvOlV1PBNJYQhSxdX1Plf2p1MrrRnYhlgMdzCiPSQHsKp3tei8I+bqCvV9iScLAbLxKaW/yWdeuh74oGitTfI4R0h0HMJ1lqK+rT5wtMXyJSvFMK6Zph0GqJf3QHBhzCfs5PIto1pyNdXbI8KzfgTgyo+3gpIPAQ2VD/pf8mOD218UPNQglYWP6wniTq/hVtC2tl3DW53qx5qv10osGmw== chnyda@mirantis.com
+ user: ${linux:system:user:chnyda}
diff --git a/openssh/server/team/tcpcloud.yml b/openssh/server/team/tcpcloud.yml
index c7b465a..bcd9327 100644
--- a/openssh/server/team/tcpcloud.yml
+++ b/openssh/server/team/tcpcloud.yml
@@ -20,6 +20,7 @@
- system.openssh.server.team.members.tkukral
- system.openssh.server.team.members.vmikes
- system.openssh.server.team.members.psvimbersky
+- system.openssh.server.team.members.chnyda
parameters:
_param:
diff --git a/prometheus/server/target/kubernetes/endpoint.yml b/prometheus/server/target/kubernetes/endpoint.yml
deleted file mode 100644
index 671f037..0000000
--- a/prometheus/server/target/kubernetes/endpoint.yml
+++ /dev/null
@@ -1,7 +0,0 @@
-parameters:
- prometheus:
- server:
- target:
- kubernetes:
- endpoint:
- enabled: true
diff --git a/prometheus/server/target/kubernetes/init.yml b/prometheus/server/target/kubernetes/init.yml
deleted file mode 100644
index 919c916..0000000
--- a/prometheus/server/target/kubernetes/init.yml
+++ /dev/null
@@ -1,9 +0,0 @@
-parameters:
- prometheus:
- server:
- target:
- kubernetes:
- enabled: true
- api_ip: ${_param:kubernetes_control_address}
- cert_name: prometheus-server.crt
- key_name: prometheus-server.key
diff --git a/prometheus/server/target/kubernetes/pod.yml b/prometheus/server/target/kubernetes/pod.yml
deleted file mode 100644
index 964282f..0000000
--- a/prometheus/server/target/kubernetes/pod.yml
+++ /dev/null
@@ -1,7 +0,0 @@
-parameters:
- prometheus:
- server:
- target:
- kubernetes:
- pod:
- enabled: true
diff --git a/reclass/storage/system/opencontrail_tor_cluster.yml b/reclass/storage/system/opencontrail_tor_cluster.yml
new file mode 100644
index 0000000..81d7314
--- /dev/null
+++ b/reclass/storage/system/opencontrail_tor_cluster.yml
@@ -0,0 +1,31 @@
+parameters:
+ _param:
+ opencontrail_tor01_node01_hostname: tor01
+ opencontrail_tor01_node02_hostname: tor02
+ opencontrail_tor01_node01_tenant_address: ${_param:opencontrail_tor01_node01_address}
+ opencontrail_tor01_node02_tenant_address: ${_param:opencontrail_tor01_node02_address}
+ reclass:
+ storage:
+ node:
+ opencontrail_tor01_node01:
+ name: ${_param:opencontrail_tor01_node01_hostname}
+ domain: ${_param:cluster_domain}
+ classes:
+ - cluster.${_param:cluster_name}.opencontrail.tor
+ params:
+ salt_master_host: ${_param:reclass_config_master}
+ linux_system_codename: xenial
+ single_address: ${_param:opencontrail_tor01_node01_address}
+ tenant_address: ${_param:opencontrail_tor01_node01_tenant_address}
+ keepalived_vip_priority: 103
+ opencontrail_tor01_node02:
+ name: ${_param:opencontrail_tor01_node02_hostname}
+ domain: ${_param:cluster_domain}
+ classes:
+ - cluster.${_param:cluster_name}.opencontrail.tor
+ params:
+ salt_master_host: ${_param:reclass_config_master}
+ linux_system_codename: xenial
+ single_address: ${_param:opencontrail_tor01_node02_address}
+ tenant_address: ${_param:opencontrail_tor01_node02_tenant_address}
+ keepalived_vip_priority: 102
diff --git a/reclass/storage/system/openstack_baremetal_cluster.yml b/reclass/storage/system/openstack_baremetal_cluster.yml
index 8cab119..71f6034 100644
--- a/reclass/storage/system/openstack_baremetal_cluster.yml
+++ b/reclass/storage/system/openstack_baremetal_cluster.yml
@@ -19,6 +19,7 @@
salt_master_host: ${_param:reclass_config_master}
linux_system_codename: ${_param:linux_system_codename}
single_address: ${_param:openstack_baremetal_node01_address}
+ keepalived_vip_priority: 101
baremetal_address: ${_param:openstack_baremetal_node01_baremetal_address}
openstack_baremetal_node02:
name: ${_param:openstack_baremetal_node02_hostname}
@@ -29,6 +30,7 @@
salt_master_host: ${_param:reclass_config_master}
linux_system_codename: ${_param:linux_system_codename}
single_address: ${_param:openstack_baremetal_node02_address}
+ keepalived_vip_priority: 102
baremetal_address: ${_param:openstack_baremetal_node02_baremetal_address}
openstack_baremetal_node03:
name: ${_param:openstack_baremetal_node03_hostname}
@@ -39,6 +41,7 @@
salt_master_host: ${_param:reclass_config_master}
linux_system_codename: ${_param:linux_system_codename}
single_address: ${_param:openstack_baremetal_node03_address}
+ keepalived_vip_priority: 103
baremetal_address: ${_param:openstack_baremetal_node03_baremetal_address}
diff --git a/salt/master/formula/git/helm.yml b/salt/master/formula/git/helm.yml
new file mode 100644
index 0000000..c25358f
--- /dev/null
+++ b/salt/master/formula/git/helm.yml
@@ -0,0 +1,16 @@
+parameters:
+ salt:
+ master:
+ environment:
+ prd:
+ formula:
+ helm:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-helm.git'
+ revision: ${_param:salt_master_environment_revision}
+ module:
+ helm.py:
+ enabled: true
+ state:
+ helm_release.py:
+ enabled: true
diff --git a/salt/master/formula/pkg/helm.yml b/salt/master/formula/pkg/helm.yml
new file mode 100644
index 0000000..8b68bfe
--- /dev/null
+++ b/salt/master/formula/pkg/helm.yml
@@ -0,0 +1,9 @@
+parameters:
+ salt:
+ master:
+ environment:
+ prd:
+ formula:
+ helm:
+ source: pkg
+ name: salt-formula-helm
diff --git a/salt/master/git.yml b/salt/master/git.yml
index 267bdb1..4562a74 100644
--- a/salt/master/git.yml
+++ b/salt/master/git.yml
@@ -8,6 +8,7 @@
- system.salt.master.formula.git.saltstack
- system.salt.master.formula.git.stacklight
- system.salt.master.formula.git.monitoring
+- system.salt.master.formula.git.helm
parameters:
_param:
salt_master_environment_repository: "https://github.com/salt-formulas"
diff --git a/salt/master/pkg.yml b/salt/master/pkg.yml
index 1001d49..62854f1 100644
--- a/salt/master/pkg.yml
+++ b/salt/master/pkg.yml
@@ -8,4 +8,5 @@
- system.salt.master.formula.pkg.saltstack
- system.salt.master.formula.pkg.stacklight
- system.salt.master.formula.pkg.monitoring
+- system.salt.master.formula.pkg.helm
- system.linux.system.repo.mcp.salt
diff --git a/salt/minion/cert/etcd_client_single.yml b/salt/minion/cert/etcd_client_single.yml
new file mode 100644
index 0000000..a14e106
--- /dev/null
+++ b/salt/minion/cert/etcd_client_single.yml
@@ -0,0 +1,18 @@
+parameters:
+ salt:
+ minion:
+ cert:
+ etcd_client:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: ${linux:system:name}
+ signing_policy: cert_open
+ alternative_names: DNS:${linux:system:name},DNS:${linux:network:fqdn}
+ extended_key_usage: clientAuth
+ key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+ key_file: /var/lib/etcd/etcd-client.key
+ cert_file: /var/lib/etcd/etcd-client.crt
+ all_file: /var/lib/etcd/etcd-client.pem
+ ca_file: /var/lib/etcd/ca.pem
+ user: etcd
+ group: etcd
diff --git a/salt/minion/cert/etcd_server_single.yml b/salt/minion/cert/etcd_server_single.yml
new file mode 100644
index 0000000..f9fc585
--- /dev/null
+++ b/salt/minion/cert/etcd_server_single.yml
@@ -0,0 +1,18 @@
+parameters:
+ salt:
+ minion:
+ cert:
+ etcd_server:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: ${linux:system:name}
+ signing_policy: cert_open
+ alternative_names: IP:127.0.0.1,DNS:${linux:system:name},DNS:${linux:network:fqdn}
+ extended_key_usage: serverAuth,clientAuth
+ key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+ key_file: /var/lib/etcd/etcd-server.key
+ cert_file: /var/lib/etcd/etcd-server.crt
+ all_file: /var/lib/etcd/etcd-server.pem
+ ca_file: /var/lib/etcd/ca.pem
+ user: etcd
+ group: etcd
diff --git a/salt/minion/cert/opencontrail/tor.yml b/salt/minion/cert/opencontrail/tor.yml
new file mode 100644
index 0000000..eb9c704
--- /dev/null
+++ b/salt/minion/cert/opencontrail/tor.yml
@@ -0,0 +1,14 @@
+parameters:
+ _param:
+ salt_minion_ca_authority: salt_master_ca
+ salt:
+ minion:
+ cert:
+ opencontrail_tor:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: opencontrail_tor
+ key_file: /etc/contrail/ssl/certs/tor.key
+ cert_file: /etc/contrail/ssl/certs/tor.crt
+ ca_file: /etc/contrail/ssl/certs/ca.crt
+ signing_policy: cert_open