Merge "Add MINIONS_TEST_TIMEOUT param to cloud update pipeline"
diff --git a/docker/swarm/stack/decapod.yml b/docker/swarm/stack/decapod.yml
index bd86062..2d915fc 100644
--- a/docker/swarm/stack/decapod.yml
+++ b/docker/swarm/stack/decapod.yml
@@ -1,12 +1,13 @@
parameters:
_param:
+ mcp_docker_registry: 'docker-prod-local.artifactory.mirantis.com'
docker_decapod_fe_replicas: 3
decapod_version: latest
- docker_image_admin: docker-prod-local.artifactory.mirantis.com/mirantis/ceph/decapod/admin:${_param:decapod_version}
- docker_image_db: docker-prod-local.artifactory.mirantis.com/mirantis/ceph/decapod/db:${_param:decapod_version}
- docker_image_api: docker-prod-local.artifactory.mirantis.com/mirantis/ceph/decapod/api:${_param:decapod_version}
- docker_image_controller: docker-prod-local.artifactory.mirantis.com/mirantis/ceph/decapod/controller:latest
- docker_image_frontend: docker-prod-local.artifactory.mirantis.com/mirantis/ceph/decapod/frontend:${_param:decapod_version}
+ docker_image_admin: ${_param:mcp_docker_registry}/mirantis/ceph/decapod/admin:${_param:decapod_version}
+ docker_image_db: ${_param:mcp_docker_registry}/mirantis/ceph/decapod/db:${_param:decapod_version}
+ docker_image_api: ${_param:mcp_docker_registry}/mirantis/ceph/decapod/api:${_param:decapod_version}
+ docker_image_controller: ${_param:mcp_docker_registry}/mirantis/ceph/decapod/controller:latest
+ docker_image_frontend: ${_param:mcp_docker_registry}/mirantis/ceph/decapod/frontend:${_param:decapod_version}
docker:
client:
stack:
diff --git a/docker/swarm/stack/devops_portal.yml b/docker/swarm/stack/devops_portal.yml
index f8f89f9..c7790d8 100644
--- a/docker/swarm/stack/devops_portal.yml
+++ b/docker/swarm/stack/devops_portal.yml
@@ -1,7 +1,8 @@
parameters:
_param:
+ mcp_docker_registry: 'docker-prod-local.artifactory.mirantis.com'
docker_devops_portal_replicas: 1
- docker_image_devops_portal: docker-prod-local.artifactory.mirantis.com/mirantis/oss/devops-portal:latest
+ docker_image_devops_portal: ${_param:mcp_docker_registry}/mirantis/oss/devops-portal:latest
docker:
client:
stack:
@@ -23,4 +24,4 @@
external:
name: oss_backend
frontend:
- driver: overlay
\ No newline at end of file
+ driver: overlay
diff --git a/docker/swarm/stack/hce.yml b/docker/swarm/stack/hce.yml
index 7a25ce4..a2d4505 100644
--- a/docker/swarm/stack/hce.yml
+++ b/docker/swarm/stack/hce.yml
@@ -1,7 +1,8 @@
parameters:
_param:
+ mcp_docker_registry: 'docker-prod-local.artifactory.mirantis.com'
docker_hce_replicas: 1
- docker_image_hce: docker-prod-local.artifactory.mirantis.com/mirantis/oss/hce
+ docker_image_hce: ${_param:mcp_docker_registry}/mirantis/oss/hce
hce_bind_host: hce-api
hce_bind_port: ${_param:haproxy_hce_bind_port}
hce_prometheus_protocol: http
diff --git a/docker/swarm/stack/janitor_monkey.yml b/docker/swarm/stack/janitor_monkey.yml
index 2849554..4793b1a 100644
--- a/docker/swarm/stack/janitor_monkey.yml
+++ b/docker/swarm/stack/janitor_monkey.yml
@@ -1,10 +1,11 @@
parameters:
_param:
+ mcp_docker_registry: 'docker-prod-local.artifactory.mirantis.com'
docker_janitor_monkey_replicas: 1
docker_image_mongodb: library/mongo:3.4
docker_mongodb_admin_username: admin
docker_mongodb_admin_password: password
- docker_image_janitor_monkey: docker-prod-local.artifactory.mirantis.com/mirantis/oss/janitor-monkey
+ docker_image_janitor_monkey: ${_param:mcp_docker_registry}/mirantis/oss/janitor-monkey
janitor_monkey_bind_host: cleanup-service-api
janitor_monkey_bind_port: 8080
janitor_monkey_ssl:
diff --git a/docker/swarm/stack/monitoring/alerta.yml b/docker/swarm/stack/monitoring/alerta.yml
index 5e99286..8c9d7aa 100644
--- a/docker/swarm/stack/monitoring/alerta.yml
+++ b/docker/swarm/stack/monitoring/alerta.yml
@@ -2,7 +2,8 @@
- system.prometheus.alerta
parameters:
_param:
- docker_image_alerta: docker-prod-local.artifactory.mirantis.com/mirantis/external/alerta-web:latest
+ mcp_docker_registry: 'docker-prod-local.artifactory.mirantis.com'
+ docker_image_alerta: ${_param:mcp_docker_registry}/mirantis/external/alerta-web:latest
alerta_mongodb_uri: "mongodb://${_param:cluster_node01_address}:27017,${_param:cluster_node02_address}:27017,${_param:cluster_node03_address}:27017/alerta?replicaSet=stacklight"
alerta_admin_username: "admin@alerta.io"
docker:
diff --git a/docker/swarm/stack/monitoring/elasticsearch_client_node.yml b/docker/swarm/stack/monitoring/elasticsearch_client_node.yml
new file mode 100644
index 0000000..2e509f1
--- /dev/null
+++ b/docker/swarm/stack/monitoring/elasticsearch_client_node.yml
@@ -0,0 +1,46 @@
+parameters:
+ _param:
+ mcp_docker_registry: 'docker-prod-local.artifactory.mirantis.com'
+ docker_image_elasticsearch: ${_param:mcp_docker_registry}/mirantis/external/elasticsearch:nightly
+ elasticsearch_client_node_publish_host: ${_param:cluster_public_host}
+ elasticsearch_cluster_name: elasticsearch
+ docker:
+ client:
+ stack:
+ monitoring:
+ network:
+ monitoring:
+ driver: overlay
+ driver_opts:
+ encrypted: 1
+ service:
+ elasticsearch_client_node:
+ networks:
+ - monitoring
+ deploy:
+ replicas: 1
+ labels:
+ com.mirantis.monitoring: "elasticsearch"
+ restart_policy:
+ condition: any
+ environment:
+ ES_JAVA_OPTS: "-Xms512m -Xmx512m"
+ cluster.name: ${_param:elasticsearch_cluster_name}
+ node.master: "false"
+ node.data: "false"
+ node.ingest: "false"
+ node.attr.client_node: "true"
+ search.remote.connect: "false"
+ network.host: 0.0.0.0
+ network.publish_host: ${_param:elasticsearch_client_node_publish_host}
+ xpack.security.enabled: "false"
+ xpack.monitoring.enabled: "false"
+ bootstrap.memory_lock: "false"
+ discovery.zen.minimum_master_nodes: 2
+ discovery.zen.ping.unicast.hosts: ${_param:stacklight_monitor_address}
+ labels:
+ com.mirantis.monitoring: "elasticsearch"
+ image: ${_param:docker_image_elasticsearch}
+ ports:
+ - 9305:9300
+ - 9205:9200
diff --git a/docker/swarm/stack/monitoring/gainsight.yml b/docker/swarm/stack/monitoring/gainsight.yml
index 11344b7..5748034 100644
--- a/docker/swarm/stack/monitoring/gainsight.yml
+++ b/docker/swarm/stack/monitoring/gainsight.yml
@@ -2,6 +2,7 @@
- system.prometheus.gainsight.container
parameters:
_param:
+ mcp_docker_registry: 'docker-prod-local.artifactory.mirantis.com'
gainsight_enabled: 'true'
gainsight_csv_upload_url: 'http://localhost:9999'
gainsight_account_id: 'default'
@@ -14,7 +15,7 @@
gainsight_config_directory: '/srv/gainsight'
gainsight_crontab_directory: '/etc/cron.d'
gainsight_config_path: "${_param:gainsight_config_directory}/config.ini"
- docker_image_prometheus_gainsight: 'docker-prod-local.artifactory.mirantis.com/openstack-docker/gainsight:nightly'
+ docker_image_prometheus_gainsight: '${_param:mcp_docker_registry}/openstack-docker/gainsight:nightly'
docker:
client:
stack:
diff --git a/docker/swarm/stack/pushkin.yml b/docker/swarm/stack/pushkin.yml
index 55f1fd6..65d400e 100644
--- a/docker/swarm/stack/pushkin.yml
+++ b/docker/swarm/stack/pushkin.yml
@@ -1,7 +1,8 @@
parameters:
_param:
+ mcp_docker_registry: 'docker-prod-local.artifactory.mirantis.com'
docker_pushkin_replicas: 1
- docker_image_pushkin: docker-prod-local.artifactory.mirantis.com/mirantis/oss/pushkin
+ docker_image_pushkin: ${_param:mcp_docker_registry}/mirantis/oss/pushkin
pushkin_bind_host: pushkin-api
pushkin_bind_port: ${_param:haproxy_pushkin_bind_port}
pushkin_elasticsearch: ${_param:elasticsearch_bind_host}
diff --git a/docker/swarm/stack/rundeck.yml b/docker/swarm/stack/rundeck.yml
index 88693be..b680eea 100644
--- a/docker/swarm/stack/rundeck.yml
+++ b/docker/swarm/stack/rundeck.yml
@@ -1,7 +1,8 @@
parameters:
_param:
+ mcp_docker_registry: 'docker-prod-local.artifactory.mirantis.com'
docker_rundeck_replicas: 1
- docker_image_rundeck: docker-prod-local.artifactory.mirantis.com/mirantis/oss/rundeck:latest
+ docker_image_rundeck: ${_param:mcp_docker_registry}/mirantis/oss/rundeck:latest
rundeck_bind_host: rundeck-api
rundeck_bind_port: ${_param:haproxy_rundeck_bind_port}
rundeck_ssl:
diff --git a/docker/swarm/stack/security_monkey.yml b/docker/swarm/stack/security_monkey.yml
index 2f844c0..2c46878 100644
--- a/docker/swarm/stack/security_monkey.yml
+++ b/docker/swarm/stack/security_monkey.yml
@@ -1,11 +1,12 @@
parameters:
_param:
+ mcp_docker_registry: 'docker-prod-local.artifactory.mirantis.com'
docker_security_monkey_api_replicas: 1
docker_security_monkey_scheduler_replicas: 1
secmonkey_login_id: 11
secmonkey_application_id: 1
- docker_image_security_monkey_api: docker-prod-local.artifactory.mirantis.com/mirantis/oss/security-monkey-api
- docker_image_security_monkey_scheduler: docker-prod-local.artifactory.mirantis.com/mirantis/oss/security-monkey-scheduler
+ docker_image_security_monkey_api: ${_param:mcp_docker_registry}/mirantis/oss/security-monkey-api
+ docker_image_security_monkey_scheduler: ${_param:mcp_docker_registry}/mirantis/oss/security-monkey-scheduler
security_monkey_bind_host: security-audit-api
security_monkey_bind_port: ${_param:haproxy_security_monkey_bind_port}
security_monkey_ssl:
diff --git a/jenkins/client/approved_scripts.yml b/jenkins/client/approved_scripts.yml
index 0dc20b0..498cc62 100644
--- a/jenkins/client/approved_scripts.yml
+++ b/jenkins/client/approved_scripts.yml
@@ -133,6 +133,7 @@
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods plus java.util.List java.util.Collection
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods println java.lang.Object java.lang.Object
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods putAt java.lang.Object java.lang.String java.lang.Object
+ - staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods readLines java.lang.String
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods sort java.util.Collection
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods split java.lang.String
- staticMethod org.codehaus.groovy.runtime.DefaultGroovyMethods takeRight java.util.List int
diff --git a/jenkins/client/job/deploy/lab/deploy.yml b/jenkins/client/job/deploy/lab/deploy.yml
index 624e553..b1deafa 100644
--- a/jenkins/client/job/deploy/lab/deploy.yml
+++ b/jenkins/client/job/deploy/lab/deploy.yml
@@ -1,5 +1,6 @@
parameters:
_param:
+ mcp_docker_registry: 'docker-prod-local.artifactory.mirantis.com'
jenkins_deploy_jobs: []
heat_stack_zone_job_param:
type: string
@@ -180,7 +181,7 @@
TEST_TEMPEST_IMAGE:
type: string
description: "Tempest docker image"
- default: "docker-prod-local.artifactory.mirantis.com/mirantis/oscore/rally-tempest"
+ default: "${_param:mcp_docker_registry}/mirantis/oscore/rally-tempest"
TEST_TEMPEST_TARGET:
type: string
description: "Node to run tests"
diff --git a/jenkins/client/job/deploy/rollout.yml b/jenkins/client/job/deploy/rollout.yml
index 3b05fd6..25b088d 100644
--- a/jenkins/client/job/deploy/rollout.yml
+++ b/jenkins/client/job/deploy/rollout.yml
@@ -1,4 +1,6 @@
parameters:
+ _param:
+ mcp_docker_registry: 'docker-prod-local.artifactory.mirantis.com'
jenkins:
client:
job:
@@ -56,7 +58,7 @@
TEST_TEMPEST_IMAGE:
type: string
description: "Tempest docker image"
- default: "docker-prod-local.artifactory.mirantis.com/mirantis/oscore/rally-tempest"
+ default: "${_param:mcp_docker_registry}/mirantis/oscore/rally-tempest"
TEST_TEMPEST_TARGET:
type: string
description: "Node to run tests"
diff --git a/jenkins/client/job/deploy/test.yml b/jenkins/client/job/deploy/test.yml
index acf6fa3..cad8ed4 100644
--- a/jenkins/client/job/deploy/test.yml
+++ b/jenkins/client/job/deploy/test.yml
@@ -1,4 +1,6 @@
parameters:
+ _param:
+ mcp_docker_registry: 'docker-prod-local.artifactory.mirantis.com'
jenkins:
client:
job:
@@ -37,7 +39,7 @@
TEST_TEMPEST_IMAGE:
type: string
description: "Tempest docker image"
- default: "docker-prod-local.artifactory.mirantis.com/mirantis/oscore/rally-tempest"
+ default: "${_param:mcp_docker_registry}/mirantis/oscore/rally-tempest"
TEST_TEMPEST_TARGET:
type: string
description: "Node to run tests. use FQDN for ctl01 e.g. ctl01.deploy-heat-os_ha_contrail-17.bud-mk.local"
diff --git a/jenkins/client/job/k8s-test/mcp-k8s-merge-pipeline.yml b/jenkins/client/job/k8s-test/mcp-k8s-merge-pipeline.yml
index f209aa2..e7697a0 100644
--- a/jenkins/client/job/k8s-test/mcp-k8s-merge-pipeline.yml
+++ b/jenkins/client/job/k8s-test/mcp-k8s-merge-pipeline.yml
@@ -1,4 +1,6 @@
parameters:
+ _param:
+ mcp_docker_registry: 'docker-dev-local.docker.mirantis.net'
jenkins:
client:
job:
@@ -32,5 +34,5 @@
param:
KUBE_DOCKER_REGISTRY:
type: string
- default: 'docker-dev-local.docker.mirantis.net'
+ default: ${_param:mcp_docker_registry}
description: 'Docker registry for binaries and images'
diff --git a/jenkins/client/job/k8s-test/mcp-k8s-test-pipeline.yml b/jenkins/client/job/k8s-test/mcp-k8s-test-pipeline.yml
index 0fdbbfe..99a3884 100644
--- a/jenkins/client/job/k8s-test/mcp-k8s-test-pipeline.yml
+++ b/jenkins/client/job/k8s-test/mcp-k8s-test-pipeline.yml
@@ -1,4 +1,6 @@
parameters:
+ _param:
+ mcp_docker_registry: 'docker-dev-local.docker.mirantis.net'
jenkins:
client:
job:
@@ -41,7 +43,7 @@
param:
KUBE_DOCKER_REGISTRY:
type: string
- default: 'docker-dev-local.docker.mirantis.net'
+ default: ${_param:mcp_docker_registry}
description: 'Docker registry for binaries and images'
CALICO_DOCKER_REGISTRY:
type: string
diff --git a/jenkins/client/job/test_pipelines.yml b/jenkins/client/job/test_pipelines.yml
index d18b281..c8eaab0 100644
--- a/jenkins/client/job/test_pipelines.yml
+++ b/jenkins/client/job/test_pipelines.yml
@@ -1,4 +1,6 @@
parameters:
+ _param:
+ mcp_docker_registry: 'docker-dev-local.docker.mirantis.net'
jenkins:
client:
job_template:
@@ -48,7 +50,7 @@
default: "gerrit"
GRADLE_IMAGE:
type: string
- default: "docker-dev-local.docker.mirantis.net/mirantis/cicd/niaquinto_gradle"
+ default: "${_param:mcp_docker_registry}/mirantis/cicd/niaquinto_gradle"
GRADLE_CMD:
type: string
default: "check --info"
diff --git a/jenkins/client/job/validate.yml b/jenkins/client/job/validate.yml
index 112cb3d..57db539 100644
--- a/jenkins/client/job/validate.yml
+++ b/jenkins/client/job/validate.yml
@@ -2,6 +2,7 @@
_param:
jenkins_salt_api_url: "http://${_param:salt_master_host}:6969"
cvp_sanity_default_repo: "https://github.com/Mirantis/cvp-sanity-checks"
+ mcp_docker_registry: 'docker-prod-local.artifactory.mirantis.com'
jenkins:
client:
view:
@@ -37,7 +38,7 @@
description: Credentials to the Salt API
TEST_IMAGE:
type: string
- default: "docker-prod-local.artifactory.mirantis.com/mirantis/oss/qa-tools"
+ default: "${_param:mcp_docker_registry}/mirantis/oss/qa-tools"
description: Docker image to setup testing environment
TARGET_NODE:
type: string
diff --git a/jenkins/client/job/vnf-onboarding/init.yml b/jenkins/client/job/vnf-onboarding/init.yml
index 69b4f4d..60f9ce1 100644
--- a/jenkins/client/job/vnf-onboarding/init.yml
+++ b/jenkins/client/job/vnf-onboarding/init.yml
@@ -1,15 +1,15 @@
classes:
- system.jenkins.client.job.vnf-onboarding.deploy_cloudify
-
parameters:
_param:
cluster_public_protocol: https
+ mcp_docker_registry: 'docker-dev-local.docker.mirantis.net'
vnf_gerrit_credentials: "gerrit"
vnf_openstack_api_url: "${_param:cluster_public_protocol}://${_param:cluster_public_host}:5000/v2.0"
vnf_openstack_api_credentials: "test-openstack"
vnf_openstack_api_admin_credentials: "admin-openstack"
vnf_openstack_ssh_key_credentials: "openstack_key"
vnf_elastic_url: "${_param:stacklight_log_address}:${_param:cluster_elasticsearch_port}"
- vnf_docker_registry_path: "docker-dev-local.docker.mirantis.net/mirantis/vnf-onboarding"
+ vnf_docker_registry_path: "${_param:mcp_docker_registry}/mirantis/vnf-onboarding"
vnf_artifactory_url: "https://artifactory.mcp.mirantis.net/artifactory/vnf-onboarding-sandbox"
contrail_api_url: "http://127.0.0.1:8082"
diff --git a/keystone/client/core.yml b/keystone/client/core.yml
index 899f4aa..8c73b16 100644
--- a/keystone/client/core.yml
+++ b/keystone/client/core.yml
@@ -3,12 +3,13 @@
parameters:
_param:
keystone_service_protocol: http
+###TODO: the section below should be removed in the future together with same related changes in cookiecutter-templates (control_init.yml)
linux:
system:
job:
keystone_job_rotate:
command: '/usr/bin/keystone-manage fernet_rotate --keystone-user keystone --keystone-group keystone >> /var/log/key_rotation_log 2>> /var/log/key_rotation_log'
- enabled: true
+ enabled: false
user: root
minute: 0
keystone:
diff --git a/keystone/client/single.yml b/keystone/client/single.yml
index ad2d55a..b8ab7f1 100644
--- a/keystone/client/single.yml
+++ b/keystone/client/single.yml
@@ -10,12 +10,13 @@
parameters:
_param:
keystone_service_protocol: http
+###TODO: the section below should be removed in the future together with same related changes in cookiecutter-templates (control_init.yml)
linux:
system:
job:
keystone_job_rotate:
command: '/usr/bin/keystone-manage fernet_rotate --keystone-user keystone --keystone-group keystone >> /var/log/key_rotation_log 2>> /var/log/key_rotation_log'
- enabled: true
+ enabled: false
user: root
minute: 0
keystone:
diff --git a/kubernetes/common.yml b/kubernetes/common.yml
index 218450a..639154e 100644
--- a/kubernetes/common.yml
+++ b/kubernetes/common.yml
@@ -1,11 +1,12 @@
parameters:
_param:
- kubernetes_calico_calicoctl_repo: docker-prod-local.artifactory.mirantis.com/mirantis/projectcalico/calico
- kubernetes_calico_repo: docker-prod-local.artifactory.mirantis.com/mirantis/projectcalico/calico
- kubernetes_calico_cni_repo: docker-prod-local.artifactory.mirantis.com/mirantis/projectcalico/calico
- kubernetes_hyperkube_repo: docker-prod-local.artifactory.mirantis.com/mirantis/kubernetes
- kubernetes_contrail_cni_repo: docker-prod-local.artifactory.mirantis.com/mirantis/kubernetes
- kubernetes_contrail_network_controller_repo: docker-prod-local.artifactory.mirantis.com/mirantis/kubernetes/contrail-integration
+ mcp_docker_registry: 'docker-prod-local.artifactory.mirantis.com'
+ kubernetes_calico_calicoctl_repo: ${_param:mcp_docker_registry}/mirantis/projectcalico/calico
+ kubernetes_calico_repo: ${_param:mcp_docker_registry}/mirantis/projectcalico/calico
+ kubernetes_calico_cni_repo: ${_param:mcp_docker_registry}/mirantis/projectcalico/calico
+ kubernetes_hyperkube_repo: ${_param:mcp_docker_registry}/mirantis/kubernetes
+ kubernetes_contrail_cni_repo: ${_param:mcp_docker_registry}/mirantis/kubernetes
+ kubernetes_contrail_network_controller_repo: ${_param:mcp_docker_registry}/mirantis/kubernetes/contrail-integration
kubernetes_netchecker_agent_repo: mirantis
kubernetes_netchecker_server_repo: mirantis
kubernetes_virtlet_repo: mirantis
@@ -62,6 +63,13 @@
kubernetes_contrail_network_controller_enabled: false
kubernetes_metallb_enabled: false
kubernetes_sriov_enabled: false
+ kubernetes_fluentd_enabled: false
+
+ # the rest of fluentd related params, the non bools
+ kubernetes_fluentd_aggregator_bind_port: 24224
+ kubernetes_fluentd_aggregator_es_host: 127.0.0.1
+ kubernetes_fluentd_aggregator_es_port: 9200
+ kubernetes_fluentd_aggregator_es_scheme: http
docker:
host:
@@ -104,6 +112,15 @@
image: ${_param:kubernetes_contrail_network_controller_image}
flannel:
image: ${_param:kubernetes_flannel_image}
+ fluentd:
+ enabled: ${_param:kubernetes_fluentd_enabled}
+ aggregator:
+ bind:
+ port: ${_param:kubernetes_fluentd_aggregator_bind_port}
+ es:
+ host: ${_param:kubernetes_fluentd_aggregator_es_host}
+ port: ${_param:kubernetes_fluentd_aggregator_es_port}
+ scheme: ${_param:kubernetes_fluentd_aggregator_es_scheme}
virtlet:
enabled: ${_param:kubernetes_virtlet_enabled}
namespace: kube-system
diff --git a/nginx/server/proxy/stacklight/elasticsearch.yml b/nginx/server/proxy/stacklight/elasticsearch.yml
new file mode 100644
index 0000000..82d8bad
--- /dev/null
+++ b/nginx/server/proxy/stacklight/elasticsearch.yml
@@ -0,0 +1,25 @@
+parameters:
+ nginx:
+ server:
+ stream:
+ elasticsearch_binary:
+ backend:
+ elasticsearch:
+ address: ${_param:stacklight_monitor_address}
+ port: 9305
+ host:
+ port: 9300
+ site:
+ nginx_proxy_elasticsearch:
+ enabled: true
+ type: nginx_proxy
+ name: elasticsearch
+ proxy:
+ host: ${_param:stacklight_monitor_address}
+ port: 9205
+ protocol: http
+ host:
+ name: ${_param:cluster_public_host}
+ port: 9200
+ protocol: https
+ ssl: ${_param:nginx_proxy_ssl}
diff --git a/nginx/server/stream/gerrit_ssh.yml b/nginx/server/stream/gerrit_ssh.yml
new file mode 100644
index 0000000..13b7ba2
--- /dev/null
+++ b/nginx/server/stream/gerrit_ssh.yml
@@ -0,0 +1,16 @@
+parameters:
+ _param:
+ nginx_proxy_gerrit_server_stream_host: ${_param:cicd_control_address}
+ nginx_proxy_gerrit_server_stream_port: 29418
+ nginx_proxy_gerrit_server_site_stream_port: 29418
+ nginx:
+ server:
+ stream:
+ gerrit_ssh:
+ backend:
+ cicd:
+ address: ${_param:nginx_proxy_gerrit_server_stream_host}
+ port: ${_param:nginx_proxy_gerrit_server_stream_port}
+ host:
+ port: ${_param:nginx_proxy_gerrit_server_site_stream_port}
+
diff --git a/nova/control/cluster.yml b/nova/control/cluster.yml
index 90a2bae..d202987 100644
--- a/nova/control/cluster.yml
+++ b/nova/control/cluster.yml
@@ -4,6 +4,7 @@
- service.keepalived.cluster.single
- system.haproxy.proxy.listen.openstack.nova
- system.haproxy.proxy.listen.openstack.novnc
+- system.salt.minion.cert.mysql.clients.openstack.nova
parameters:
_param:
nova_vncproxy_url: http://${_param:cluster_vip_address}:6080
@@ -12,6 +13,7 @@
nova_disk_allocation_ratio: 1.0
metadata_password: metadataPass
cluster_internal_protocol: 'http'
+ openstack_mysql_x509_enabled: False
linux:
system:
package:
@@ -44,6 +46,8 @@
name: nova
user: nova
password: ${_param:mysql_nova_password}
+ x509:
+ enabled: ${_param:openstack_mysql_x509_enabled}
identity:
engine: keystone
region: ${_param:openstack_region}
diff --git a/nova/control/single.yml b/nova/control/single.yml
index 4e3799b..4cc165d 100644
--- a/nova/control/single.yml
+++ b/nova/control/single.yml
@@ -1,8 +1,10 @@
classes:
+- system.salt.minion.cert.mysql.clients.openstack.nova
- service.nova.control.single
parameters:
_param:
cluster_internal_protocol: 'http'
+ openstack_mysql_x509_enabled: False
linux:
system:
package:
@@ -14,6 +16,8 @@
role: ${_param:openstack_node_role}
database:
host: ${_param:single_address}
+ x509:
+ enabled: ${_param:openstack_mysql_x509_enabled}
identity:
protocol: ${_param:cluster_internal_protocol}
region: ${_param:openstack_region}
diff --git a/opencontrail/control/analytics4_0.yml b/opencontrail/control/analytics4_0.yml
index 88abb7f..b779aed 100644
--- a/opencontrail/control/analytics4_0.yml
+++ b/opencontrail/control/analytics4_0.yml
@@ -6,6 +6,7 @@
- system.haproxy.proxy.listen.opencontrail.analytics
parameters:
_param:
+ mcp_docker_registry: 'docker-prod-local.artifactory.mirantis.com'
opencontrail_kafka_log_cleanup_mtime: '+7'
opencontrail_kafka_log_cleanup_dir: '/usr/share/kafka/logs/'
opencontrail_version: 4.0
@@ -15,8 +16,8 @@
opencontrail_message_queue_node02_address: ${_param:openstack_message_queue_node02_address}
opencontrail_message_queue_node03_address: ${_param:openstack_message_queue_node03_address}
opencontrail_message_queue_address: ${_param:openstack_message_queue_address}
- opencontrail_analytics_image: docker-prod-local.artifactory.mirantis.com/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analytics:${_param:opencontrail_image_tag}
- opencontrail_analyticsdb_image: docker-prod-local.artifactory.mirantis.com/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analyticsdb:${_param:opencontrail_image_tag}
+ opencontrail_analytics_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analytics:${_param:opencontrail_image_tag}
+ opencontrail_analyticsdb_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analyticsdb:${_param:opencontrail_image_tag}
opencontrail_analytics_container_name: opencontrail_analytics_1
opencontrail_analyticsdb_container_name: opencontrail_analyticsdb_1
# Temprorary fix for MOS9 packages to pin old version of kafka
@@ -112,4 +113,4 @@
privileged: true
restart: always
env_file:
- - contrail.env
\ No newline at end of file
+ - contrail.env
diff --git a/opencontrail/control/cluster4_0.yml b/opencontrail/control/cluster4_0.yml
index 05cf7d6..4f1127f 100644
--- a/opencontrail/control/cluster4_0.yml
+++ b/opencontrail/control/cluster4_0.yml
@@ -6,6 +6,7 @@
- system.haproxy.proxy.listen.opencontrail.analytics
parameters:
_param:
+ mcp_docker_registry: 'docker-prod-local.artifactory.mirantis.com'
opencontrail_kafka_log_cleanup_mtime: '+7'
opencontrail_kafka_log_cleanup_dir: '/usr/share/kafka/logs/'
opencontrail_version: 4.0
@@ -15,9 +16,9 @@
opencontrail_message_queue_node02_address: ${_param:openstack_control_node02_address}
opencontrail_message_queue_node03_address: ${_param:openstack_control_node03_address}
opencontrail_message_queue_address: ${_param:openstack_control_address}
- opencontrail_analytics_image: docker-prod-local.artifactory.mirantis.com/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analytics:${_param:opencontrail_image_tag}
- opencontrail_analyticsdb_image: docker-prod-local.artifactory.mirantis.com/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analyticsdb:${_param:opencontrail_image_tag}
- opencontrail_controller_image: docker-prod-local.artifactory.mirantis.com/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-controller:${_param:opencontrail_image_tag}
+ opencontrail_analytics_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analytics:${_param:opencontrail_image_tag}
+ opencontrail_analyticsdb_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analyticsdb:${_param:opencontrail_image_tag}
+ opencontrail_controller_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-controller:${_param:opencontrail_image_tag}
opencontrail_controller_container_name: opencontrail_controller_1
opencontrail_analytics_container_name: opencontrail_analytics_1
opencontrail_analyticsdb_container_name: opencontrail_analyticsdb_1
diff --git a/opencontrail/control/control4_0.yml b/opencontrail/control/control4_0.yml
index 932a789..207e9da 100644
--- a/opencontrail/control/control4_0.yml
+++ b/opencontrail/control/control4_0.yml
@@ -5,13 +5,14 @@
- system.haproxy.proxy.listen.opencontrail.control
parameters:
_param:
+ mcp_docker_registry: 'docker-prod-local.artifactory.mirantis.com'
opencontrail_version: 4.0
linux_repo_contrail_component: oc40
opencontrail_image_tag: latest
opencontrail_message_queue_node01_address: ${_param:openstack_message_queue_node01_address}
opencontrail_message_queue_node02_address: ${_param:openstack_message_queue_node02_address}
opencontrail_message_queue_node03_address: ${_param:openstack_message_queue_node03_address}
- opencontrail_controller_image: docker-prod-local.artifactory.mirantis.com/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-controller:${_param:opencontrail_image_tag}
+ opencontrail_controller_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-controller:${_param:opencontrail_image_tag}
opencontrail_controller_container_name: opencontrail_controller_1
analytics_vip_address: ${_param:opencontrail_analytics_address}
opencontrail:
diff --git a/opencontrail/control/single4_0.yml b/opencontrail/control/single4_0.yml
index 4570e69..9826b28 100644
--- a/opencontrail/control/single4_0.yml
+++ b/opencontrail/control/single4_0.yml
@@ -4,14 +4,15 @@
- service.haproxy.proxy.single
parameters:
_param:
+ mcp_docker_registry: 'docker-prod-local.artifactory.mirantis.com'
opencontrail_kafka_log_cleanup_mtime: '+7'
opencontrail_kafka_log_cleanup_dir: '/usr/share/kafka/logs/'
opencontrail_version: 4.0
linux_repo_contrail_component: oc40
opencontrail_image_tag: latest
- opencontrail_analytics_image: docker-prod-local.artifactory.mirantis.com/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analytics:${_param:opencontrail_image_tag}
- opencontrail_analyticsdb_image: docker-prod-local.artifactory.mirantis.com/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analyticsdb:${_param:opencontrail_image_tag}
- opencontrail_controller_image: docker-prod-local.artifactory.mirantis.com/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-controller:${_param:opencontrail_image_tag}
+ opencontrail_analytics_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analytics:${_param:opencontrail_image_tag}
+ opencontrail_analyticsdb_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-analyticsdb:${_param:opencontrail_image_tag}
+ opencontrail_controller_image: ${_param:mcp_docker_registry}/opencontrail-${_param:linux_repo_contrail_component}/opencontrail-controller:${_param:opencontrail_image_tag}
opencontrail_controller_container_name: opencontrail_controller_1
opencontrail_analytics_container_name: opencontrail_analytics_1
opencontrail_analyticsdb_container_name: opencontrail_analyticsdb_1
diff --git a/openssh/server/team/members/pshchelo.yaml b/openssh/server/team/members/pshchelo.yaml
new file mode 100644
index 0000000..52e7cc6
--- /dev/null
+++ b/openssh/server/team/members/pshchelo.yaml
@@ -0,0 +1,20 @@
+parameters:
+ linux:
+ system:
+ user:
+ pshchelo:
+ enabled: true
+ name: pshchelo
+ sudo: ${_param:linux_system_user_sudo}
+ full_name: Pavlo Shchelokovskyy
+ home: /home/pshchelo
+ email: pshchelokovskyy@mirantis.com
+ openssh:
+ server:
+ enabled: true
+ user:
+ pshchelo:
+ enabled: true
+ public_keys:
+ - key: ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOns6c3H+TP0HBYWI+N6nX/ilPrGth5ElLCyN4EHJqcq pshchelo@git
+ user: ${linux:system:user:pshchelo}
diff --git a/rundeck/client/project/cicd.yml b/rundeck/client/project/cicd.yml
index 4cbcd40..6038fcc 100644
--- a/rundeck/client/project/cicd.yml
+++ b/rundeck/client/project/cicd.yml
@@ -1,9 +1,10 @@
parameters:
_param:
+ mcp_docker_registry: 'docker-prod-local.artifactory.mirantis.com'
rundeck_cis_jobs_repository: https://gerrit.mcp.mirantis.net/oss/rundeck-cis-jobs
rundeck_cis_jobs_revision: master
rundeck_cis_elasticsearch_url: yourelastic:9200
- rundeck_cis_os_docker_image: docker-prod-local.artifactory.mirantis.com/mirantis/oss/cis-openstack:latest
+ rundeck_cis_os_docker_image: ${_param:mcp_docker_registry}/mirantis/oss/cis-openstack:latest
rundeck_cis_openstack:
auth_url: http://yourcloud.com:5000/v3/auth/tokens
endpoint_type: publicURL
diff --git a/salt/minion/ca/octavia_ca.yml b/salt/minion/ca/octavia_ca.yml
index 453c450..e6e0ae0 100644
--- a/salt/minion/ca/octavia_ca.yml
+++ b/salt/minion/ca/octavia_ca.yml
@@ -27,7 +27,5 @@
days_valid:
authority: ${_param:octavia_ca_days_valid_authority}
certificate: ${_param:octavia_ca_days_valid_certificate}
- ca_file: ${octavia:manager:certificates:ca_certificate}
- ca_key_file: ${octavia:manager:certificates:ca_private_key}
user: octavia
group: octavia