summaryrefslogtreecommitdiffstats
path: root/mcp/reclass/classes/system/salt
diff options
context:
space:
mode:
Diffstat (limited to 'mcp/reclass/classes/system/salt')
-rw-r--r--mcp/reclass/classes/system/salt/control/cluster/cicd_control_cluster.yml29
-rw-r--r--mcp/reclass/classes/system/salt/control/cluster/infra_idm_cluster.yml26
-rw-r--r--mcp/reclass/classes/system/salt/control/cluster/infra_integration_single.yml19
-rw-r--r--mcp/reclass/classes/system/salt/control/cluster/infra_proxy_cluster.yml24
-rw-r--r--mcp/reclass/classes/system/salt/control/cluster/infra_proxy_single.yml19
-rw-r--r--mcp/reclass/classes/system/salt/control/cluster/infra_storage_single.yml18
-rw-r--r--mcp/reclass/classes/system/salt/control/cluster/infra_version_control_single.yml18
-rw-r--r--mcp/reclass/classes/system/salt/control/cluster/opencontrail_analytics_cluster.yml29
-rw-r--r--mcp/reclass/classes/system/salt/control/cluster/opencontrail_control_cluster.yml29
-rw-r--r--mcp/reclass/classes/system/salt/control/cluster/openstack_benchmark_single.yml18
-rw-r--r--mcp/reclass/classes/system/salt/control/cluster/openstack_billing_single.yml18
-rw-r--r--mcp/reclass/classes/system/salt/control/cluster/openstack_control_cluster.yml29
-rw-r--r--mcp/reclass/classes/system/salt/control/cluster/openstack_database_cluster.yml29
-rw-r--r--mcp/reclass/classes/system/salt/control/cluster/openstack_dns_cluster.yml22
-rw-r--r--mcp/reclass/classes/system/salt/control/cluster/openstack_gateway_cluster.yml26
-rw-r--r--mcp/reclass/classes/system/salt/control/cluster/openstack_gateway_single.yml18
-rw-r--r--mcp/reclass/classes/system/salt/control/cluster/openstack_message_queue_cluster.yml29
-rw-r--r--mcp/reclass/classes/system/salt/control/cluster/openstack_proxy_cluster.yml25
-rw-r--r--mcp/reclass/classes/system/salt/control/cluster/openstack_proxy_single.yml19
-rw-r--r--mcp/reclass/classes/system/salt/control/cluster/openstack_telemetry_cluster.yml29
-rw-r--r--mcp/reclass/classes/system/salt/control/cluster/openstack_upgrade_single.yml18
-rw-r--r--mcp/reclass/classes/system/salt/control/cluster/rsyslog_single.yml18
-rw-r--r--mcp/reclass/classes/system/salt/control/cluster/stacklight_log_cluster.yml29
-rw-r--r--mcp/reclass/classes/system/salt/control/cluster/stacklight_server_cluster.yml29
-rw-r--r--mcp/reclass/classes/system/salt/control/cluster/stacklight_telemetry_cluster.yml29
-rw-r--r--mcp/reclass/classes/system/salt/control/cluster/stacklight_telemetry_single.yml19
-rw-r--r--mcp/reclass/classes/system/salt/control/virt.yml47
-rw-r--r--mcp/reclass/classes/system/salt/master/api.yml31
-rw-r--r--mcp/reclass/classes/system/salt/master/formula/git/ccp.yml10
-rw-r--r--mcp/reclass/classes/system/salt/master/formula/git/foundation.yml56
-rw-r--r--mcp/reclass/classes/system/salt/master/formula/git/kubernetes.yml22
-rw-r--r--mcp/reclass/classes/system/salt/master/formula/git/monitoring.yml14
-rw-r--r--mcp/reclass/classes/system/salt/master/formula/git/openstack.yml122
-rw-r--r--mcp/reclass/classes/system/salt/master/formula/git/oss.yml26
-rw-r--r--mcp/reclass/classes/system/salt/master/formula/git/saltstack.yml49
-rw-r--r--mcp/reclass/classes/system/salt/master/formula/git/stacklight.yml83
-rw-r--r--mcp/reclass/classes/system/salt/master/formula/pkg/ccp.yml9
-rw-r--r--mcp/reclass/classes/system/salt/master/formula/pkg/foundation.yml33
-rw-r--r--mcp/reclass/classes/system/salt/master/formula/pkg/kubernetes.yml18
-rw-r--r--mcp/reclass/classes/system/salt/master/formula/pkg/monitoring.yml12
-rw-r--r--mcp/reclass/classes/system/salt/master/formula/pkg/openstack.yml93
-rw-r--r--mcp/reclass/classes/system/salt/master/formula/pkg/oss.yml12
-rw-r--r--mcp/reclass/classes/system/salt/master/formula/pkg/saltstack.yml39
-rw-r--r--mcp/reclass/classes/system/salt/master/formula/pkg/stacklight.yml54
-rw-r--r--mcp/reclass/classes/system/salt/master/git.yml14
-rw-r--r--mcp/reclass/classes/system/salt/master/pkg.yml11
-rw-r--r--mcp/reclass/classes/system/salt/master/single.yml19
-rw-r--r--mcp/reclass/classes/system/salt/minion/ca/salt_master.yml29
-rw-r--r--mcp/reclass/classes/system/salt/minion/cert/ceph/init.yml12
-rw-r--r--mcp/reclass/classes/system/salt/minion/cert/ceph/openstack.yml11
-rw-r--r--mcp/reclass/classes/system/salt/minion/cert/ceph/pki.yml8
-rw-r--r--mcp/reclass/classes/system/salt/minion/cert/etcd_client.yml18
-rw-r--r--mcp/reclass/classes/system/salt/minion/cert/etcd_server.yml18
-rw-r--r--mcp/reclass/classes/system/salt/minion/cert/k8s_client.yml13
-rw-r--r--mcp/reclass/classes/system/salt/minion/cert/k8s_client_single.yml13
-rw-r--r--mcp/reclass/classes/system/salt/minion/cert/k8s_server.yml13
-rw-r--r--mcp/reclass/classes/system/salt/minion/cert/k8s_server_single.yml13
-rw-r--r--mcp/reclass/classes/system/salt/minion/cert/prometheus_server.yml13
-rw-r--r--mcp/reclass/classes/system/salt/minion/cert/proxy/cicd.yml15
-rw-r--r--mcp/reclass/classes/system/salt/minion/cert/proxy/init.yml11
-rw-r--r--mcp/reclass/classes/system/salt/minion/cert/proxy/openstack.yml11
-rw-r--r--mcp/reclass/classes/system/salt/minion/cert/proxy/pki.yml8
-rw-r--r--mcp/reclass/classes/system/salt/minion/cert/swift/init.yml11
-rw-r--r--mcp/reclass/classes/system/salt/minion/cert/swift/openstack.yml11
-rw-r--r--mcp/reclass/classes/system/salt/minion/cert/swift/pki.yml8
-rw-r--r--mcp/reclass/classes/system/salt/minion/cert/wildcard/init.yml16
-rw-r--r--mcp/reclass/classes/system/salt/minion/master.yml2
-rw-r--r--mcp/reclass/classes/system/salt/minion/masters.yml7
68 files changed, 1650 insertions, 0 deletions
diff --git a/mcp/reclass/classes/system/salt/control/cluster/cicd_control_cluster.yml b/mcp/reclass/classes/system/salt/control/cluster/cicd_control_cluster.yml
new file mode 100644
index 000000000..82366a8ff
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/control/cluster/cicd_control_cluster.yml
@@ -0,0 +1,29 @@
+parameters:
+ salt:
+ control:
+ size:
+ cicd.control:
+ cpu: 8
+ ram: 32768
+ disk_profile: large
+ net_profile: default
+ cluster:
+ internal:
+ domain: ${_param:cluster_domain}
+ engine: virt
+ node:
+ cid01:
+ name: ${_param:cicd_control_node01_hostname}
+ provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_xenial_image}
+ size: cicd.control
+ cid02:
+ name: ${_param:cicd_control_node02_hostname}
+ provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_xenial_image}
+ size: cicd.control
+ cid03:
+ name: ${_param:cicd_control_node03_hostname}
+ provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_xenial_image}
+ size: cicd.control
diff --git a/mcp/reclass/classes/system/salt/control/cluster/infra_idm_cluster.yml b/mcp/reclass/classes/system/salt/control/cluster/infra_idm_cluster.yml
new file mode 100644
index 000000000..3db87a27e
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/control/cluster/infra_idm_cluster.yml
@@ -0,0 +1,26 @@
+parameters:
+ salt:
+ control:
+ size:
+ infra.idm:
+ cpu: 4
+ ram: 8192
+ disk_profile: large
+ net_profile: default
+ cluster:
+ internal:
+ domain: ${_param:cluster_domain}
+ engine: virt
+ node:
+ idm01:
+ provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_centos7_image}
+ size: infra.idm
+ idm02:
+ provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_centos7_image}
+ size: infra.idm
+ idm03:
+ provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_centos7_image}
+ size: infra.idm
diff --git a/mcp/reclass/classes/system/salt/control/cluster/infra_integration_single.yml b/mcp/reclass/classes/system/salt/control/cluster/infra_integration_single.yml
new file mode 100644
index 000000000..66de89559
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/control/cluster/infra_integration_single.yml
@@ -0,0 +1,19 @@
+parameters:
+ salt:
+ control:
+ size:
+ infra.integration:
+ cpu: 4
+ ram: 8192
+ disk_profile: small
+ net_profile: default
+ cluster:
+ internal:
+ domain: ${_param:cluster_domain}
+ engine: virt
+ node:
+ cid01:
+ name: ${_param:cicd_control_node01_hostname}
+ provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_xenial_image}
+ size: infra.integration
diff --git a/mcp/reclass/classes/system/salt/control/cluster/infra_proxy_cluster.yml b/mcp/reclass/classes/system/salt/control/cluster/infra_proxy_cluster.yml
new file mode 100644
index 000000000..f3453ff82
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/control/cluster/infra_proxy_cluster.yml
@@ -0,0 +1,24 @@
+parameters:
+ salt:
+ control:
+ size:
+ infra.proxy:
+ cpu: 32
+ ram: 65536
+ disk_profile: small
+ net_profile: default
+ cluster:
+ internal:
+ domain: ${_param:cluster_domain}
+ engine: virt
+ node:
+ prx01:
+ name: ${_param:openstack_proxy_node01_hostname}
+ provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_trusty_image}
+ size: infra.proxy
+ prx02:
+ name: ${_param:openstack_proxy_node01_hostname}
+ provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_trusty_image}
+ size: infra.proxy
diff --git a/mcp/reclass/classes/system/salt/control/cluster/infra_proxy_single.yml b/mcp/reclass/classes/system/salt/control/cluster/infra_proxy_single.yml
new file mode 100644
index 000000000..7d092fa27
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/control/cluster/infra_proxy_single.yml
@@ -0,0 +1,19 @@
+parameters:
+ salt:
+ control:
+ size:
+ infra.proxy:
+ cpu: 32
+ ram: 65536
+ disk_profile: small
+ net_profile: default
+ cluster:
+ internal:
+ domain: ${_param:cluster_domain}
+ engine: virt
+ node:
+ prx01:
+ name: ${_param:openstack_proxy_node01_hostname}
+ provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_trusty_image}
+ size: infra.proxy
diff --git a/mcp/reclass/classes/system/salt/control/cluster/infra_storage_single.yml b/mcp/reclass/classes/system/salt/control/cluster/infra_storage_single.yml
new file mode 100644
index 000000000..ca8ce26c9
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/control/cluster/infra_storage_single.yml
@@ -0,0 +1,18 @@
+parameters:
+ salt:
+ control:
+ size:
+ infra.storage:
+ cpu: 4
+ ram: 8192
+ disk_profile: xxxlarge
+ net_profile: default
+ cluster:
+ internal:
+ domain: ${_param:cluster_domain}
+ engine: virt
+ node:
+ sto01:
+ provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_xenial_image}
+ size: infra.storage
diff --git a/mcp/reclass/classes/system/salt/control/cluster/infra_version_control_single.yml b/mcp/reclass/classes/system/salt/control/cluster/infra_version_control_single.yml
new file mode 100644
index 000000000..10e01aba3
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/control/cluster/infra_version_control_single.yml
@@ -0,0 +1,18 @@
+parameters:
+ salt:
+ control:
+ size:
+ infra.version_control:
+ cpu: 4
+ ram: 8192
+ disk_profile: small
+ net_profile: default
+ cluster:
+ internal:
+ domain: ${_param:cluster_domain}
+ engine: virt
+ node:
+ git01:
+ provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_xenial_image}
+ size: infra.version_control
diff --git a/mcp/reclass/classes/system/salt/control/cluster/opencontrail_analytics_cluster.yml b/mcp/reclass/classes/system/salt/control/cluster/opencontrail_analytics_cluster.yml
new file mode 100644
index 000000000..37fb60ac3
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/control/cluster/opencontrail_analytics_cluster.yml
@@ -0,0 +1,29 @@
+parameters:
+ salt:
+ control:
+ size:
+ opencontrail.analytics:
+ cpu: 32
+ ram: 65536
+ disk_profile: small
+ net_profile: default
+ cluster:
+ internal:
+ domain: ${_param:cluster_domain}
+ engine: virt
+ node:
+ nal01:
+ name: ${_param:opencontrail_analytics_node01_hostname}
+ provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_trusty_image}
+ size: opencontrail.analytics
+ nal02:
+ name: ${_param:opencontrail_analytics_node02_hostname}
+ provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_trusty_image}
+ size: opencontrail.analytics
+ nal03:
+ name: ${_param:opencontrail_analytics_node03_hostname}
+ provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_trusty_image}
+ size: opencontrail.analytics
diff --git a/mcp/reclass/classes/system/salt/control/cluster/opencontrail_control_cluster.yml b/mcp/reclass/classes/system/salt/control/cluster/opencontrail_control_cluster.yml
new file mode 100644
index 000000000..10ddf5e25
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/control/cluster/opencontrail_control_cluster.yml
@@ -0,0 +1,29 @@
+parameters:
+ salt:
+ control:
+ size:
+ opencontrail.control:
+ cpu: 32
+ ram: 65536
+ disk_profile: small
+ net_profile: default
+ cluster:
+ internal:
+ domain: ${_param:cluster_domain}
+ engine: virt
+ node:
+ ntw01:
+ name: ${_param:opencontrail_control_node01_hostname}
+ provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_trusty_image}
+ size: opencontrail.control
+ ntw02:
+ name: ${_param:opencontrail_control_node02_hostname}
+ provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_trusty_image}
+ size: opencontrail.control
+ ntw03:
+ name: ${_param:opencontrail_control_node03_hostname}
+ provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_trusty_image}
+ size: opencontrail.control
diff --git a/mcp/reclass/classes/system/salt/control/cluster/openstack_benchmark_single.yml b/mcp/reclass/classes/system/salt/control/cluster/openstack_benchmark_single.yml
new file mode 100644
index 000000000..0677320a6
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/control/cluster/openstack_benchmark_single.yml
@@ -0,0 +1,18 @@
+parameters:
+ salt:
+ control:
+ size:
+ openstack.benchmark:
+ cpu: 2
+ ram: 4096
+ disk_profile: small
+ net_profile: default
+ cluster:
+ internal:
+ domain: ${_param:cluster_domain}
+ engine: virt
+ node:
+ bmk01:
+ provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_trusty_image}
+ size: openstack.benchmark
diff --git a/mcp/reclass/classes/system/salt/control/cluster/openstack_billing_single.yml b/mcp/reclass/classes/system/salt/control/cluster/openstack_billing_single.yml
new file mode 100644
index 000000000..f8dacf725
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/control/cluster/openstack_billing_single.yml
@@ -0,0 +1,18 @@
+parameters:
+ salt:
+ control:
+ size:
+ openstack.billing:
+ cpu: 4
+ ram: 8192
+ disk_profile: large
+ net_profile: default
+ cluster:
+ internal:
+ domain: ${_param:cluster_domain}
+ engine: virt
+ node:
+ bil01:
+ provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_trusty_image}
+ size: openstack.control
diff --git a/mcp/reclass/classes/system/salt/control/cluster/openstack_control_cluster.yml b/mcp/reclass/classes/system/salt/control/cluster/openstack_control_cluster.yml
new file mode 100644
index 000000000..f28a7d069
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/control/cluster/openstack_control_cluster.yml
@@ -0,0 +1,29 @@
+parameters:
+ salt:
+ control:
+ size:
+ openstack.control:
+ cpu: 32
+ ram: 65536
+ disk_profile: small
+ net_profile: default
+ cluster:
+ internal:
+ domain: ${_param:cluster_domain}
+ engine: virt
+ node:
+ ctl01:
+ name: ${_param:openstack_control_node01_hostname}
+ provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_trusty_image}
+ size: openstack.control
+ ctl02:
+ name: ${_param:openstack_control_node02_hostname}
+ provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_trusty_image}
+ size: openstack.control
+ ctl03:
+ name: ${_param:openstack_control_node03_hostname}
+ provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_trusty_image}
+ size: openstack.control
diff --git a/mcp/reclass/classes/system/salt/control/cluster/openstack_database_cluster.yml b/mcp/reclass/classes/system/salt/control/cluster/openstack_database_cluster.yml
new file mode 100644
index 000000000..2a00308e3
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/control/cluster/openstack_database_cluster.yml
@@ -0,0 +1,29 @@
+parameters:
+ salt:
+ control:
+ size:
+ openstack.database:
+ cpu: 32
+ ram: 65536
+ disk_profile: small
+ net_profile: default
+ cluster:
+ internal:
+ domain: ${_param:cluster_domain}
+ engine: virt
+ node:
+ dbs01:
+ name: ${_param:openstack_database_node01_hostname}
+ provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_trusty_image}
+ size: openstack.database
+ dbs02:
+ name: ${_param:openstack_database_node02_hostname}
+ provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_trusty_image}
+ size: openstack.database
+ dbs03:
+ name: ${_param:openstack_database_node03_hostname}
+ provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_trusty_image}
+ size: openstack.database
diff --git a/mcp/reclass/classes/system/salt/control/cluster/openstack_dns_cluster.yml b/mcp/reclass/classes/system/salt/control/cluster/openstack_dns_cluster.yml
new file mode 100644
index 000000000..71af5c139
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/control/cluster/openstack_dns_cluster.yml
@@ -0,0 +1,22 @@
+parameters:
+ salt:
+ control:
+ size:
+ openstack.dns:
+ cpu: 2
+ ram: 4096
+ disk_profile: small
+ net_profile: default
+ cluster:
+ internal:
+ domain: ${_param:cluster_domain}
+ engine: virt
+ node:
+ dns01:
+ provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_xenial_image}
+ size: openstack.dns
+ dns02:
+ provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_xenial_image}
+ size: openstack.dns
diff --git a/mcp/reclass/classes/system/salt/control/cluster/openstack_gateway_cluster.yml b/mcp/reclass/classes/system/salt/control/cluster/openstack_gateway_cluster.yml
new file mode 100644
index 000000000..5d2a20a77
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/control/cluster/openstack_gateway_cluster.yml
@@ -0,0 +1,26 @@
+parameters:
+ salt:
+ control:
+ size:
+ openstack.gateway:
+ cpu: 32
+ ram: 65536
+ disk_profile: small
+ net_profile: default
+ cluster:
+ internal:
+ domain: ${_param:cluster_domain}
+ engine: virt
+ node:
+ gtw01:
+ provider: kvm01.${_param:cluster_domain}
+ image: ${_param:salt_control_xenial_image}
+ size: openstack.gateway
+ gtw02:
+ provider: kvm01.${_param:cluster_domain}
+ image: ${_param:salt_control_xenial_image}
+ size: openstack.gateway
+ gtw03:
+ provider: kvm01.${_param:cluster_domain}
+ image: ${_param:salt_control_xenial_image}
+ size: openstack.gateway
diff --git a/mcp/reclass/classes/system/salt/control/cluster/openstack_gateway_single.yml b/mcp/reclass/classes/system/salt/control/cluster/openstack_gateway_single.yml
new file mode 100644
index 000000000..e10d1b2ff
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/control/cluster/openstack_gateway_single.yml
@@ -0,0 +1,18 @@
+parameters:
+ salt:
+ control:
+ size:
+ openstack.gateway:
+ cpu: 32
+ ram: 65536
+ disk_profile: small
+ net_profile: default
+ cluster:
+ internal:
+ domain: ${_param:cluster_domain}
+ engine: virt
+ node:
+ gtw01:
+ provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_xenial_image}
+ size: openstack.gateway
diff --git a/mcp/reclass/classes/system/salt/control/cluster/openstack_message_queue_cluster.yml b/mcp/reclass/classes/system/salt/control/cluster/openstack_message_queue_cluster.yml
new file mode 100644
index 000000000..cab5adb2d
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/control/cluster/openstack_message_queue_cluster.yml
@@ -0,0 +1,29 @@
+parameters:
+ salt:
+ control:
+ size:
+ openstack.message_queue:
+ cpu: 32
+ ram: 65536
+ disk_profile: small
+ net_profile: default
+ cluster:
+ internal:
+ domain: ${_param:cluster_domain}
+ engine: virt
+ node:
+ msg01:
+ name: ${_param:openstack_message_queue_node01_hostname}
+ provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_trusty_image}
+ size: openstack.message_queue
+ msg02:
+ name: ${_param:openstack_message_queue_node02_hostname}
+ provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_trusty_image}
+ size: openstack.message_queue
+ msg03:
+ name: ${_param:openstack_message_queue_node03_hostname}
+ provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_trusty_image}
+ size: openstack.message_queue
diff --git a/mcp/reclass/classes/system/salt/control/cluster/openstack_proxy_cluster.yml b/mcp/reclass/classes/system/salt/control/cluster/openstack_proxy_cluster.yml
new file mode 100644
index 000000000..628dcd885
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/control/cluster/openstack_proxy_cluster.yml
@@ -0,0 +1,25 @@
+parameters:
+ salt:
+ control:
+ size:
+ openstack.proxy:
+ cpu: 32
+ ram: 65536
+ disk_profile: small
+ net_profile: default
+ cluster:
+ internal:
+ domain: ${_param:cluster_domain}
+ engine: virt
+ node:
+ prx01:
+ name: ${_param:openstack_proxy_node01_hostname}
+ provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_trusty_image}
+ size: openstack.proxy
+ prx02:
+ name: ${_param:openstack_proxy_node02_hostname}
+ provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_trusty_image}
+ size: openstack.proxy
+
diff --git a/mcp/reclass/classes/system/salt/control/cluster/openstack_proxy_single.yml b/mcp/reclass/classes/system/salt/control/cluster/openstack_proxy_single.yml
new file mode 100644
index 000000000..8ad0baf6f
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/control/cluster/openstack_proxy_single.yml
@@ -0,0 +1,19 @@
+parameters:
+ salt:
+ control:
+ size:
+ openstack.proxy:
+ cpu: 32
+ ram: 65536
+ disk_profile: small
+ net_profile: default
+ cluster:
+ internal:
+ domain: ${_param:cluster_domain}
+ engine: virt
+ node:
+ prx01:
+ name: ${_param:openstack_proxy_node01_hostname}
+ provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_trusty_image}
+ size: openstack.proxy
diff --git a/mcp/reclass/classes/system/salt/control/cluster/openstack_telemetry_cluster.yml b/mcp/reclass/classes/system/salt/control/cluster/openstack_telemetry_cluster.yml
new file mode 100644
index 000000000..633b98483
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/control/cluster/openstack_telemetry_cluster.yml
@@ -0,0 +1,29 @@
+parameters:
+ salt:
+ control:
+ size:
+ openstack.telemetry:
+ cpu: 4
+ ram: 8192
+ disk_profile: large
+ net_profile: default
+ cluster:
+ internal:
+ domain: ${_param:cluster_domain}
+ engine: virt
+ node:
+ mdb01:
+ name: ${_param:openstack_telemetry_node01_hostname}
+ provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_trusty_image}
+ size: openstack.telemetry
+ mdb02:
+ name: ${_param:openstack_telemetry_node02_hostname}
+ provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_trusty_image}
+ size: openstack.telemetry
+ mdb03:
+ name: ${_param:openstack_telemetry_node03_hostname}
+ provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_trusty_image}
+ size: openstack.telemetry
diff --git a/mcp/reclass/classes/system/salt/control/cluster/openstack_upgrade_single.yml b/mcp/reclass/classes/system/salt/control/cluster/openstack_upgrade_single.yml
new file mode 100644
index 000000000..3189f3e94
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/control/cluster/openstack_upgrade_single.yml
@@ -0,0 +1,18 @@
+parameters:
+ salt:
+ control:
+ size:
+ openstack.upgrade:
+ cpu: 32
+ ram: 65536
+ disk_profile: medium
+ net_profile: default
+ cluster:
+ internal:
+ domain: ${_param:cluster_domain}
+ engine: virt
+ node:
+ upg01:
+ provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_xenial_image}
+ size: openstack.upgrade
diff --git a/mcp/reclass/classes/system/salt/control/cluster/rsyslog_single.yml b/mcp/reclass/classes/system/salt/control/cluster/rsyslog_single.yml
new file mode 100644
index 000000000..76cc77f4e
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/control/cluster/rsyslog_single.yml
@@ -0,0 +1,18 @@
+parameters:
+ salt:
+ control:
+ size:
+ infra.rsyslog:
+ cpu: 8
+ ram: 8192
+ disk_profile: xxlarge
+ net_profile: default
+ cluster:
+ internal:
+ domain: ${_param:cluster_domain}
+ engine: virt
+ node:
+ rsl01:
+ provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_xenial_image}
+ size: infra.rsyslog
diff --git a/mcp/reclass/classes/system/salt/control/cluster/stacklight_log_cluster.yml b/mcp/reclass/classes/system/salt/control/cluster/stacklight_log_cluster.yml
new file mode 100644
index 000000000..330e301e1
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/control/cluster/stacklight_log_cluster.yml
@@ -0,0 +1,29 @@
+parameters:
+ salt:
+ control:
+ size:
+ stacklight.log:
+ cpu: 32
+ ram: 65536
+ disk_profile: small
+ net_profile: default
+ cluster:
+ internal:
+ domain: ${_param:cluster_domain}
+ engine: virt
+ node:
+ log01:
+ name: ${_param:stacklight_log_node01_hostname}
+ provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_xenial_image}
+ size: stacklight.log
+ log02:
+ name: ${_param:stacklight_log_node02_hostname}
+ provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_xenial_image}
+ size: stacklight.log
+ log03:
+ name: ${_param:stacklight_log_node03_hostname}
+ provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_xenial_image}
+ size: stacklight.log
diff --git a/mcp/reclass/classes/system/salt/control/cluster/stacklight_server_cluster.yml b/mcp/reclass/classes/system/salt/control/cluster/stacklight_server_cluster.yml
new file mode 100644
index 000000000..0055d20a2
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/control/cluster/stacklight_server_cluster.yml
@@ -0,0 +1,29 @@
+parameters:
+ salt:
+ control:
+ size:
+ stacklight.server:
+ cpu: 32
+ ram: 65536
+ disk_profile: small
+ net_profile: default
+ cluster:
+ internal:
+ domain: ${_param:cluster_domain}
+ engine: virt
+ node:
+ mon01:
+ name: ${_param:stacklight_monitor_node01_hostname}
+ provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_xenial_image}
+ size: stacklight.server
+ mon02:
+ name: ${_param:stacklight_monitor_node02_hostname}
+ provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_xenial_image}
+ size: stacklight.server
+ mon03:
+ name: ${_param:stacklight_monitor_node03_hostname}
+ provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_xenial_image}
+ size: stacklight.server
diff --git a/mcp/reclass/classes/system/salt/control/cluster/stacklight_telemetry_cluster.yml b/mcp/reclass/classes/system/salt/control/cluster/stacklight_telemetry_cluster.yml
new file mode 100644
index 000000000..bfd14b0d8
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/control/cluster/stacklight_telemetry_cluster.yml
@@ -0,0 +1,29 @@
+parameters:
+ salt:
+ control:
+ size:
+ stacklight.telemetry:
+ cpu: 32
+ ram: 65536
+ disk_profile: small
+ net_profile: default
+ cluster:
+ internal:
+ domain: ${_param:cluster_domain}
+ engine: virt
+ node:
+ mtr01:
+ name: ${_param:stacklight_telemetry_node01_hostname}
+ provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_xenial_image}
+ size: stacklight.telemetry
+ mtr02:
+ name: ${_param:stacklight_telemetry_node02_hostname}
+ provider: ${_param:infra_kvm_node02_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_xenial_image}
+ size: stacklight.telemetry
+ mtr03:
+ name: ${_param:stacklight_telemetry_node03_hostname}
+ provider: ${_param:infra_kvm_node03_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_xenial_image}
+ size: stacklight.telemetry
diff --git a/mcp/reclass/classes/system/salt/control/cluster/stacklight_telemetry_single.yml b/mcp/reclass/classes/system/salt/control/cluster/stacklight_telemetry_single.yml
new file mode 100644
index 000000000..81fd6fb1d
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/control/cluster/stacklight_telemetry_single.yml
@@ -0,0 +1,19 @@
+parameters:
+ salt:
+ control:
+ size:
+ stacklight.telemetry:
+ cpu: 32
+ ram: 65536
+ disk_profile: small
+ net_profile: default
+ cluster:
+ internal:
+ domain: ${_param:cluster_domain}
+ engine: virt
+ node:
+ mtr01:
+ name: ${_param:stacklight_telemetry_node01_hostname}
+ provider: ${_param:infra_kvm_node01_hostname}.${_param:cluster_domain}
+ image: ${_param:salt_control_xenial_image}
+ size: stacklight.telemetry
diff --git a/mcp/reclass/classes/system/salt/control/virt.yml b/mcp/reclass/classes/system/salt/control/virt.yml
new file mode 100644
index 000000000..6ed85378c
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/control/virt.yml
@@ -0,0 +1,47 @@
+classes:
+ - service.libvirt.server.kvm
+parameters:
+ salt:
+ control:
+ enabled: True
+ virt_enabled: True
+ virt:
+ nic:
+ default:
+ eth1:
+ bridge: br0
+ model: virtio
+ eth0:
+ bridge: br1
+ model: virtio
+ disk:
+ default:
+ - system:
+ size: 50000
+ xxxsmall:
+ - system:
+ size: 8000
+ xxsmall:
+ - system:
+ size: 15000
+ xsmall:
+ - system:
+ size: 30000
+ small:
+ - system:
+ size: 50000
+ medium:
+ - system:
+ size: 80000
+ large:
+ - system:
+ size: 100000
+ xlarge:
+ - system:
+ size: 150000
+ xxlarge:
+ - system:
+ size: 300000
+ xxxlarge:
+ - system:
+ size: 500000
diff --git a/mcp/reclass/classes/system/salt/master/api.yml b/mcp/reclass/classes/system/salt/master/api.yml
new file mode 100644
index 000000000..b5ede2f8a
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/master/api.yml
@@ -0,0 +1,31 @@
+parameters:
+ _param:
+ salt_master_api_port: 6969
+ salt_master_api_permissions:
+ - '.*'
+ - '@local'
+ - '@wheel' # to allow access to all wheel modules
+ - '@runner' # to allow access to all runner modules
+ - '@jobs' # to allow access to the jobs runner and/or wheel mo
+ salt:
+ api:
+ enabled: true
+ bind:
+ address: 0.0.0.0
+ port: ${_param:salt_master_api_port}
+ master:
+ command_timeout: 600
+ user:
+ salt:
+ permissions: ${_param:salt_master_api_permissions}
+ linux:
+ system:
+ user:
+ salt:
+ enabled: true
+ name: salt
+ password: ${_param:salt_api_password_hash}
+ home: /var/tmp/salt
+ sudo: false
+ system: true
+ shell: /bin/false
diff --git a/mcp/reclass/classes/system/salt/master/formula/git/ccp.yml b/mcp/reclass/classes/system/salt/master/formula/git/ccp.yml
new file mode 100644
index 000000000..c8f1c65bb
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/master/formula/git/ccp.yml
@@ -0,0 +1,10 @@
+parameters:
+ salt:
+ master:
+ environment:
+ dev:
+ formula:
+ ccp:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-ccp.git'
+ revision: ${_param:salt_master_environment_revision}
diff --git a/mcp/reclass/classes/system/salt/master/formula/git/foundation.yml b/mcp/reclass/classes/system/salt/master/formula/git/foundation.yml
new file mode 100644
index 000000000..7e21699f8
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/master/formula/git/foundation.yml
@@ -0,0 +1,56 @@
+parameters:
+ salt:
+ master:
+ environment:
+ dev:
+ formula:
+ aptly:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-aptly.git'
+ revision: ${_param:salt_master_environment_revision}
+ bind:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-bind.git'
+ revision: ${_param:salt_master_environment_revision}
+ gerrit:
+ module:
+ gerrit.py:
+ enabled: true
+ state:
+ gerrit.py:
+ enabled: true
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-gerrit.git'
+ revision: ${_param:salt_master_environment_revision}
+ jenkins:
+ module:
+ jenkins_common.py:
+ enabled: true
+ state:
+ jenkins_credential.py:
+ enabled: true
+ jenkins_job.py:
+ enabled: true
+ jenkins_lib.py:
+ enabled: true
+ jenkins_node.py:
+ enabled: true
+ jenkins_plugin.py:
+ enabled: true
+ jenkins_security.py:
+ enabled: true
+ jenkins_slack.py:
+ enabled: true
+ jenkins_smtp.py:
+ enabled: true
+ jenkins_user.py:
+ enabled: true
+ jenkins_view.py:
+ enabled: true
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-jenkins.git'
+ revision: ${_param:salt_master_environment_revision}
+ openldap:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-openldap.git'
+ revision: ${_param:salt_master_environment_revision}
diff --git a/mcp/reclass/classes/system/salt/master/formula/git/kubernetes.yml b/mcp/reclass/classes/system/salt/master/formula/git/kubernetes.yml
new file mode 100644
index 000000000..fe8ad5dab
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/master/formula/git/kubernetes.yml
@@ -0,0 +1,22 @@
+parameters:
+ salt:
+ master:
+ environment:
+ dev:
+ formula:
+ kubernetes:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-kubernetes.git'
+ revision: ${_param:salt_master_environment_revision}
+ etcd:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-etcd.git'
+ revision: ${_param:salt_master_environment_revision}
+ bird:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-bird.git'
+ revision: ${_param:salt_master_environment_revision}
+ docker:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-docker.git'
+ revision: ${_param:salt_master_environment_revision} \ No newline at end of file
diff --git a/mcp/reclass/classes/system/salt/master/formula/git/monitoring.yml b/mcp/reclass/classes/system/salt/master/formula/git/monitoring.yml
new file mode 100644
index 000000000..e0cf30df1
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/master/formula/git/monitoring.yml
@@ -0,0 +1,14 @@
+parameters:
+ salt:
+ master:
+ environment:
+ dev:
+ formula:
+ prometheus:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-prometheus.git'
+ revision: ${_param:salt_master_environment_revision}
+ telegraf:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-telegraf.git'
+ revision: ${_param:salt_master_environment_revision}
diff --git a/mcp/reclass/classes/system/salt/master/formula/git/openstack.yml b/mcp/reclass/classes/system/salt/master/formula/git/openstack.yml
new file mode 100644
index 000000000..36ddfc29b
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/master/formula/git/openstack.yml
@@ -0,0 +1,122 @@
+parameters:
+ salt:
+ master:
+ environment:
+ dev:
+ formula:
+ aodh:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-aodh.git'
+ revision: ${_param:salt_master_environment_revision}
+ #avinetworks:
+ # source: git
+ # address: '${_param:salt_master_environment_repository}/salt-formula-avinetworks.git'
+ # revision: ${_param:salt_master_environment_revision}
+ billometer:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-billometer.git'
+ revision: ${_param:salt_master_environment_revision}
+ ceilometer:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-ceilometer.git'
+ revision: ${_param:salt_master_environment_revision}
+ ceph:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-ceph.git'
+ revision: ${_param:salt_master_environment_revision}
+ cinder:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-cinder.git'
+ revision: ${_param:salt_master_environment_revision}
+ designate:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-designate.git'
+ revision: ${_param:salt_master_environment_revision}
+ galera:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-galera.git'
+ revision: ${_param:salt_master_environment_revision}
+ glance:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-glance.git'
+ revision: ${_param:salt_master_environment_revision}
+ glusterfs:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-glusterfs.git'
+ revision: ${_param:salt_master_environment_revision}
+ haproxy:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-haproxy.git'
+ revision: ${_param:salt_master_environment_revision}
+ heat:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-heat.git'
+ revision: ${_param:salt_master_environment_revision}
+ horizon:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-horizon.git'
+ revision: ${_param:salt_master_environment_revision}
+ keepalived:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-keepalived.git'
+ revision: ${_param:salt_master_environment_revision}
+ keystone:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-keystone.git'
+ revision: ${_param:salt_master_environment_revision}
+ memcached:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-memcached.git'
+ revision: ${_param:salt_master_environment_revision}
+ mongodb:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-mongodb.git'
+ revision: ${_param:salt_master_environment_revision}
+ mysql:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-mysql.git'
+ revision: ${_param:salt_master_environment_revision}
+ murano:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-murano.git'
+ revision: ${_param:salt_master_environment_revision}
+ neutron:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-neutron.git'
+ revision: ${_param:salt_master_environment_revision}
+ nginx:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-nginx.git'
+ revision: ${_param:salt_master_environment_revision}
+ nova:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-nova.git'
+ revision: ${_param:salt_master_environment_revision}
+ opencontrail:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-opencontrail.git'
+ revision: ${_param:salt_master_environment_revision}
+ python:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-python.git'
+ revision: ${_param:salt_master_environment_revision}
+ rabbitmq:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-rabbitmq.git'
+ revision: ${_param:salt_master_environment_revision}
+ sahara:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-sahara.git'
+ revision: ${_param:salt_master_environment_revision}
+ statsd:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-statsd.git'
+ revision: ${_param:salt_master_environment_revision}
+ supervisor:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-supervisor.git'
+ revision: ${_param:salt_master_environment_revision}
+ swift:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-swift.git'
+ revision: ${_param:salt_master_environment_revision}
diff --git a/mcp/reclass/classes/system/salt/master/formula/git/oss.yml b/mcp/reclass/classes/system/salt/master/formula/git/oss.yml
new file mode 100644
index 000000000..e9273873a
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/master/formula/git/oss.yml
@@ -0,0 +1,26 @@
+parameters:
+ _param:
+ salt_master_oss_repository: https://gerrit.mcp.mirantis.net/salt-formulas
+ salt_master_oss_revision: master
+ salt:
+ master:
+ environment:
+ dev:
+ formula:
+ devops_portal:
+ module:
+ devops_utils.py:
+ enabled: true
+ source: git
+ address: '${_param:salt_master_oss_repository}/devops-portal.git'
+ revision: ${_param:salt_master_oss_revision}
+ rundeck:
+ module:
+ rundeck.py:
+ enabled: true
+ state:
+ rundeck_project.py:
+ enabled: true
+ source: git
+ address: '${_param:salt_master_oss_repository}/rundeck.git'
+ revision: ${_param:salt_master_oss_revision}
diff --git a/mcp/reclass/classes/system/salt/master/formula/git/saltstack.yml b/mcp/reclass/classes/system/salt/master/formula/git/saltstack.yml
new file mode 100644
index 000000000..d0ca4535a
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/master/formula/git/saltstack.yml
@@ -0,0 +1,49 @@
+parameters:
+ salt:
+ master:
+ environment:
+ dev:
+ formula:
+ backupninja:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-backupninja.git'
+ revision: ${_param:salt_master_environment_revision}
+ git:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-git.git'
+ revision: ${_param:salt_master_environment_revision}
+ iptables:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-iptables.git'
+ revision: ${_param:salt_master_environment_revision}
+ libvirt:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-libvirt.git'
+ revision: ${_param:salt_master_environment_revision}
+ linux:
+ module:
+ linux_netlink.py:
+ enabled: true
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-linux.git'
+ revision: ${_param:salt_master_environment_revision}
+ ntp:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-ntp.git'
+ revision: ${_param:salt_master_environment_revision}
+ openssh:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-openssh.git'
+ revision: ${_param:salt_master_environment_revision}
+ reclass:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-reclass.git'
+ revision: ${_param:salt_master_environment_revision}
+ salt:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-salt.git'
+ revision: ${_param:salt_master_environment_revision}
+ sphinx:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-sphinx.git'
+ revision: ${_param:salt_master_environment_revision}
diff --git a/mcp/reclass/classes/system/salt/master/formula/git/stacklight.yml b/mcp/reclass/classes/system/salt/master/formula/git/stacklight.yml
new file mode 100644
index 000000000..ed07d827e
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/master/formula/git/stacklight.yml
@@ -0,0 +1,83 @@
+parameters:
+ salt:
+ master:
+ environment:
+ dev:
+ formula:
+ apache:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-apache.git'
+ revision: ${_param:salt_master_environment_revision}
+ collectd:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-collectd.git'
+ revision: ${_param:salt_master_environment_revision}
+ elasticsearch:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-elasticsearch.git'
+ revision: ${_param:salt_master_environment_revision}
+ grafana:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-grafana.git'
+ revision: ${_param:salt_master_environment_revision}
+ state:
+ grafana3_datasource.py:
+ enabled: true
+ grafana3_dashboard.py:
+ enabled: true
+ graphite:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-graphite.git'
+ revision: ${_param:salt_master_environment_revision}
+ heka:
+ module:
+ heka_alarming.py:
+ enabled: true
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-heka.git'
+ revision: ${_param:salt_master_environment_revision}
+ influxdb:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-influxdb.git'
+ revision: ${_param:salt_master_environment_revision}
+ java:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-java.git'
+ revision: ${_param:salt_master_environment_revision}
+ kibana:
+ state:
+ kibana_object.py:
+ enabled: true
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-kibana.git'
+ revision: ${_param:salt_master_environment_revision}
+ nagios:
+ module:
+ nagios_alarming.py:
+ enabled: true
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-nagios.git'
+ revision: ${_param:salt_master_environment_revision}
+ postgresql:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-postgresql.git'
+ revision: ${_param:salt_master_environment_revision}
+ rabbitmq:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-rabbitmq.git'
+ revision: ${_param:salt_master_environment_revision}
+ redis:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-redis.git'
+ revision: ${_param:salt_master_environment_revision}
+ rsyslog:
+ module:
+ rsyslog_util.py:
+ enabled: true
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-rsyslog.git'
+ revision: ${_param:salt_master_environment_revision}
+ sensu:
+ source: git
+ address: '${_param:salt_master_environment_repository}/salt-formula-sensu.git'
+ revision: ${_param:salt_master_environment_revision}
diff --git a/mcp/reclass/classes/system/salt/master/formula/pkg/ccp.yml b/mcp/reclass/classes/system/salt/master/formula/pkg/ccp.yml
new file mode 100644
index 000000000..194beb895
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/master/formula/pkg/ccp.yml
@@ -0,0 +1,9 @@
+parameters:
+ salt:
+ master:
+ environment:
+ prd:
+ formula:
+ ccp:
+ source: pkg
+ name: salt-formula-ccp
diff --git a/mcp/reclass/classes/system/salt/master/formula/pkg/foundation.yml b/mcp/reclass/classes/system/salt/master/formula/pkg/foundation.yml
new file mode 100644
index 000000000..3eed5e900
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/master/formula/pkg/foundation.yml
@@ -0,0 +1,33 @@
+parameters:
+ salt:
+ master:
+ environment:
+ prd:
+ formula:
+ aptcacher:
+ source: pkg
+ name: salt-formula-aptcacher
+ aptly:
+ source: pkg
+ name: salt-formula-aptly
+ bind:
+ source: pkg
+ name: salt-formula-bind
+ gerrit:
+ source: pkg
+ name: salt-formula-gerrit
+ jenkins:
+ source: pkg
+ name: salt-formula-jenkins
+ freeipa:
+ source: pkg
+ name: salt-formula-freeipa
+ maas:
+ source: pkg
+ name: salt-formula-maas
+ openldap:
+ source: pkg
+ name: salt-formula-openldap
+ lldp:
+ source: pkg
+ name: salt-formula-lldp
diff --git a/mcp/reclass/classes/system/salt/master/formula/pkg/kubernetes.yml b/mcp/reclass/classes/system/salt/master/formula/pkg/kubernetes.yml
new file mode 100644
index 000000000..7b3af30d1
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/master/formula/pkg/kubernetes.yml
@@ -0,0 +1,18 @@
+parameters:
+ salt:
+ master:
+ environment:
+ prd:
+ formula:
+ kubernetes:
+ source: pkg
+ name: salt-formula-kubernetes
+ etcd:
+ source: pkg
+ name: salt-formula-etcd
+ bird:
+ source: pkg
+ name: salt-formula-bird
+ docker:
+ source: pkg
+ name: salt-formula-docker \ No newline at end of file
diff --git a/mcp/reclass/classes/system/salt/master/formula/pkg/monitoring.yml b/mcp/reclass/classes/system/salt/master/formula/pkg/monitoring.yml
new file mode 100644
index 000000000..375cbd88b
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/master/formula/pkg/monitoring.yml
@@ -0,0 +1,12 @@
+parameters:
+ salt:
+ master:
+ environment:
+ prd:
+ formula:
+ prometheus:
+ source: pkg
+ name: salt-formula-prometheus
+ telegraf:
+ source: pkg
+ name: salt-formula-telegraf
diff --git a/mcp/reclass/classes/system/salt/master/formula/pkg/openstack.yml b/mcp/reclass/classes/system/salt/master/formula/pkg/openstack.yml
new file mode 100644
index 000000000..b1222d1e6
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/master/formula/pkg/openstack.yml
@@ -0,0 +1,93 @@
+parameters:
+ salt:
+ master:
+ environment:
+ prd:
+ formula:
+ aodh:
+ source: pkg
+ name: salt-formula-aodh
+ #avinetworks:
+ # source: pkg
+ # name: salt-formula-avinetworks
+ billometer:
+ source: pkg
+ name: salt-formula-billometer
+ ceilometer:
+ source: pkg
+ name: salt-formula-ceilometer
+ ceph:
+ source: pkg
+ name: salt-formula-ceph
+ cinder:
+ source: pkg
+ name: salt-formula-cinder
+ galera:
+ source: pkg
+ name: salt-formula-galera
+ glance:
+ source: pkg
+ name: salt-formula-glance
+ glusterfs:
+ source: pkg
+ name: salt-formula-glusterfs
+ designate:
+ source: pkg
+ name: salt-formula-designate
+ haproxy:
+ source: pkg
+ name: salt-formula-haproxy
+ heat:
+ source: pkg
+ name: salt-formula-heat
+ horizon:
+ source: pkg
+ name: salt-formula-horizon
+ keepalived:
+ source: pkg
+ name: salt-formula-keepalived
+ keystone:
+ source: pkg
+ name: salt-formula-keystone
+ memcached:
+ source: pkg
+ name: salt-formula-memcached
+ mongodb:
+ source: pkg
+ name: salt-formula-mongodb
+ mysql:
+ source: pkg
+ name: salt-formula-mysql
+ murano:
+ source: pkg
+ name: salt-formula-murano
+ neutron:
+ source: pkg
+ name: salt-formula-neutron
+ nginx:
+ source: pkg
+ name: salt-formula-nginx
+ nova:
+ source: pkg
+ name: salt-formula-nova
+ opencontrail:
+ source: pkg
+ name: salt-formula-opencontrail
+ python:
+ source: pkg
+ name: salt-formula-python
+ rabbitmq:
+ source: pkg
+ name: salt-formula-rabbitmq
+ sahara:
+ source: pkg
+ name: salt-formula-sahara
+ statsd:
+ source: pkg
+ name: salt-formula-statsd
+ supervisor:
+ source: pkg
+ name: salt-formula-supervisor
+ swift:
+ source: pkg
+ name: salt-formula-swift
diff --git a/mcp/reclass/classes/system/salt/master/formula/pkg/oss.yml b/mcp/reclass/classes/system/salt/master/formula/pkg/oss.yml
new file mode 100644
index 000000000..45739d23e
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/master/formula/pkg/oss.yml
@@ -0,0 +1,12 @@
+parameters:
+ salt:
+ master:
+ environment:
+ prd:
+ formula:
+ devops_portal:
+ source: pkg
+ name: salt-formula-devops-portal
+ rundeck:
+ source: pkg
+ name: salt-formula-rundeck
diff --git a/mcp/reclass/classes/system/salt/master/formula/pkg/saltstack.yml b/mcp/reclass/classes/system/salt/master/formula/pkg/saltstack.yml
new file mode 100644
index 000000000..eeff26b9e
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/master/formula/pkg/saltstack.yml
@@ -0,0 +1,39 @@
+parameters:
+ salt:
+ master:
+ environment:
+ prd:
+ formula:
+ backupninja:
+ source: pkg
+ name: salt-formula-backupninja
+ git:
+ source: pkg
+ name: salt-formula-git
+ iptables:
+ source: pkg
+ name: salt-formula-iptables
+ libvirt:
+ source: pkg
+ name: salt-formula-libvirt
+ linux:
+ source: pkg
+ name: salt-formula-linux
+ nginx:
+ source: pkg
+ name: salt-formula-nginx
+ ntp:
+ source: pkg
+ name: salt-formula-ntp
+ openssh:
+ source: pkg
+ name: salt-formula-openssh
+ reclass:
+ source: pkg
+ name: salt-formula-reclass
+ salt:
+ source: pkg
+ name: salt-formula-salt
+ sphinx:
+ source: pkg
+ name: salt-formula-sphinx
diff --git a/mcp/reclass/classes/system/salt/master/formula/pkg/stacklight.yml b/mcp/reclass/classes/system/salt/master/formula/pkg/stacklight.yml
new file mode 100644
index 000000000..4fe75c0f0
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/master/formula/pkg/stacklight.yml
@@ -0,0 +1,54 @@
+parameters:
+ salt:
+ master:
+ environment:
+ prd:
+ formula:
+ apache:
+ source: pkg
+ name: salt-formula-apache
+ collectd:
+ source: pkg
+ name: salt-formula-collectd
+ elasticsearch:
+ source: pkg
+ name: salt-formula-elasticsearch
+ grafana:
+ source: pkg
+ name: salt-formula-grafana
+ graphite:
+ source: pkg
+ name: salt-formula-graphite
+ heka:
+ source: pkg
+ name: salt-formula-heka
+ influxdb:
+ source: pkg
+ name: salt-formula-influxdb
+ java:
+ source: pkg
+ name: salt-formula-java
+ kibana:
+ source: pkg
+ name: salt-formula-kibana
+ #nagios:
+ # source: pkg
+ # name: salt-formula-nagios
+ postgresql:
+ source: pkg
+ name: salt-formula-postgresql
+ rabbitmq:
+ source: pkg
+ name: salt-formula-rabbitmq
+ redis:
+ source: pkg
+ name: salt-formula-redis
+ rsyslog:
+ source: pkg
+ name: salt-formula-rsyslog
+ sensu:
+ source: pkg
+ name: salt-formula-sensu
+ nagios:
+ source: pkg
+ name: salt-formula-nagios
diff --git a/mcp/reclass/classes/system/salt/master/git.yml b/mcp/reclass/classes/system/salt/master/git.yml
new file mode 100644
index 000000000..267bdb192
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/master/git.yml
@@ -0,0 +1,14 @@
+classes:
+- system.salt.master.single
+- system.salt.master.formula.git.ccp
+- system.salt.master.formula.git.foundation
+- system.salt.master.formula.git.kubernetes
+- system.salt.master.formula.git.openstack
+- system.salt.master.formula.git.oss
+- system.salt.master.formula.git.saltstack
+- system.salt.master.formula.git.stacklight
+- system.salt.master.formula.git.monitoring
+parameters:
+ _param:
+ salt_master_environment_repository: "https://github.com/salt-formulas"
+ salt_master_environment_revision: master
diff --git a/mcp/reclass/classes/system/salt/master/pkg.yml b/mcp/reclass/classes/system/salt/master/pkg.yml
new file mode 100644
index 000000000..1001d49de
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/master/pkg.yml
@@ -0,0 +1,11 @@
+classes:
+- system.salt.master.single
+- system.salt.master.formula.pkg.ccp
+- system.salt.master.formula.pkg.foundation
+- system.salt.master.formula.pkg.kubernetes
+- system.salt.master.formula.pkg.openstack
+- system.salt.master.formula.pkg.oss
+- system.salt.master.formula.pkg.saltstack
+- system.salt.master.formula.pkg.stacklight
+- system.salt.master.formula.pkg.monitoring
+- system.linux.system.repo.mcp.salt
diff --git a/mcp/reclass/classes/system/salt/master/single.yml b/mcp/reclass/classes/system/salt/master/single.yml
new file mode 100644
index 000000000..9764a970a
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/master/single.yml
@@ -0,0 +1,19 @@
+classes:
+- service.git.client
+- service.salt.master.single
+parameters:
+ linux:
+ system:
+ sysctl:
+ net.core.rmem_max: 16777216
+ net.core.wmem_max: 16777216
+ net.ipv4.tcp_rmem: 4096 87380 16777216
+ net.ipv4.tcp_wmem: 4096 87380 16777216
+ salt:
+ master:
+ accept_policy: auto_accept
+ worker_threads: 40
+ command_timeout: 10
+ peer:
+ '.*':
+ - x509.sign_remote_certificate
diff --git a/mcp/reclass/classes/system/salt/minion/ca/salt_master.yml b/mcp/reclass/classes/system/salt/minion/ca/salt_master.yml
new file mode 100644
index 000000000..87cd6e6c0
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/minion/ca/salt_master.yml
@@ -0,0 +1,29 @@
+parameters:
+ _param:
+ salt_minion_ca_common_name: Salt Master CA
+ salt_minion_ca_country: cz
+ salt_minion_ca_locality: Prague
+ salt_minion_ca_organization: Mirantis
+ salt_minion_ca_days_valid_authority: 3650
+ salt_minion_ca_days_valid_certificate: 365
+ salt:
+ minion:
+ ca:
+ salt_master_ca:
+ common_name: ${_param:salt_minion_ca_common_name}
+ country: ${_param:salt_minion_ca_country}
+ locality: ${_param:salt_minion_ca_locality}
+ organization: ${_param:salt_minion_ca_organization}
+ signing_policy:
+ cert_server:
+ type: v3_edge_cert_server
+ minions: '*'
+ cert_client:
+ type: v3_edge_cert_client
+ minions: '*'
+ cert_open:
+ type: v3_edge_cert_open
+ minions: '*'
+ days_valid:
+ authority: ${_param:salt_minion_ca_days_valid_authority}
+ certificate: ${_param:salt_minion_ca_days_valid_certificate}
diff --git a/mcp/reclass/classes/system/salt/minion/cert/ceph/init.yml b/mcp/reclass/classes/system/salt/minion/cert/ceph/init.yml
new file mode 100644
index 000000000..8b2e61ce8
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/minion/cert/ceph/init.yml
@@ -0,0 +1,12 @@
+parameters:
+ _param:
+ salt_minion_ca_authority: salt_master_ca
+ salt:
+ minion:
+ cert:
+ ceph:
+ host: ${_param:salt_minion_ca_host}
+ signing_policy: cert_server
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: ${_param:cluster_public_host}
+
diff --git a/mcp/reclass/classes/system/salt/minion/cert/ceph/openstack.yml b/mcp/reclass/classes/system/salt/minion/cert/ceph/openstack.yml
new file mode 100644
index 000000000..664352da9
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/minion/cert/ceph/openstack.yml
@@ -0,0 +1,11 @@
+classes:
+- system.salt.minion.cert.ceph
+parameters:
+ _param:
+ salt_pki_ceph_alt_names: IP:${_param:cluster_public_host},DNS:${_param:cluster_public_host}
+ salt:
+ minion:
+ cert:
+ ceph:
+ common_name: ceph
+ alternative_names: IP:127.0.0.1,${_param:salt_pki_ceph_alt_names}
diff --git a/mcp/reclass/classes/system/salt/minion/cert/ceph/pki.yml b/mcp/reclass/classes/system/salt/minion/cert/ceph/pki.yml
new file mode 100644
index 000000000..37e4fc5ad
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/minion/cert/ceph/pki.yml
@@ -0,0 +1,8 @@
+parameters:
+ salt:
+ minion:
+ cert:
+ ceph:
+ key_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:ceph:common_name}.key
+ cert_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:ceph:common_name}.crt
+ all_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:ceph:common_name}-chain-with-key.pem
diff --git a/mcp/reclass/classes/system/salt/minion/cert/etcd_client.yml b/mcp/reclass/classes/system/salt/minion/cert/etcd_client.yml
new file mode 100644
index 000000000..90b41da7f
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/minion/cert/etcd_client.yml
@@ -0,0 +1,18 @@
+parameters:
+ salt:
+ minion:
+ cert:
+ etcd_client:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: ${linux:system:name}
+ signing_policy: cert_open
+ alternative_names: IP:${_param:cluster_local_address},DNS:${linux:system:name},DNS:${linux:network:fqdn}
+ extended_key_usage: clientAuth
+ key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+ key_file: /var/lib/etcd/etcd-client.key
+ cert_file: /var/lib/etcd/etcd-client.crt
+ all_file: /var/lib/etcd/etcd-client.pem
+ ca_file: /var/lib/etcd/ca.pem
+ user: etcd
+ group: etcd
diff --git a/mcp/reclass/classes/system/salt/minion/cert/etcd_server.yml b/mcp/reclass/classes/system/salt/minion/cert/etcd_server.yml
new file mode 100644
index 000000000..ea26a4052
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/minion/cert/etcd_server.yml
@@ -0,0 +1,18 @@
+parameters:
+ salt:
+ minion:
+ cert:
+ etcd_server:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: ${linux:system:name}
+ signing_policy: cert_open
+ alternative_names: IP:127.0.0.1,IP:${_param:cluster_vip_address},IP:${_param:cluster_local_address},DNS:${linux:system:name},DNS:${linux:network:fqdn}
+ extended_key_usage: serverAuth,clientAuth
+ key_usage: "digitalSignature,nonRepudiation,keyEncipherment"
+ key_file: /var/lib/etcd/etcd-server.key
+ cert_file: /var/lib/etcd/etcd-server.crt
+ all_file: /var/lib/etcd/etcd-server.pem
+ ca_file: /var/lib/etcd/ca.pem
+ user: etcd
+ group: etcd
diff --git a/mcp/reclass/classes/system/salt/minion/cert/k8s_client.yml b/mcp/reclass/classes/system/salt/minion/cert/k8s_client.yml
new file mode 100644
index 000000000..06d83c4a1
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/minion/cert/k8s_client.yml
@@ -0,0 +1,13 @@
+parameters:
+ salt:
+ minion:
+ cert:
+ k8s_client:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kubelet-client.key
+ cert_file: /etc/kubernetes/ssl/kubelet-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: kubelet-client
+ signing_policy: cert_client
+ alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address} \ No newline at end of file
diff --git a/mcp/reclass/classes/system/salt/minion/cert/k8s_client_single.yml b/mcp/reclass/classes/system/salt/minion/cert/k8s_client_single.yml
new file mode 100644
index 000000000..179d534be
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/minion/cert/k8s_client_single.yml
@@ -0,0 +1,13 @@
+parameters:
+ salt:
+ minion:
+ cert:
+ k8s_client:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: /etc/kubernetes/ssl/kubelet-client.key
+ cert_file: /etc/kubernetes/ssl/kubelet-client.crt
+ ca_file: /etc/kubernetes/ssl/ca-kubernetes.crt
+ common_name: kubelet-client
+ signing_policy: cert_client
+ alternative_names: IP:${_param:control_address},IP:${_param:kubernetes_internal_api_address} \ No newline at end of file
diff --git a/mcp/reclass/classes/system/salt/minion/cert/k8s_server.yml b/mcp/reclass/classes/system/salt/minion/cert/k8s_server.yml
new file mode 100644
index 000000000..603d3691d
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/minion/cert/k8s_server.yml
@@ -0,0 +1,13 @@
+parameters:
+ salt:
+ minion:
+ cert:
+ k8s_server:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: kubernetes-server
+ key_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.key
+ cert_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.crt
+ all_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.pem
+ signing_policy: cert_server
+ alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address},DNS:kubernetes.default,DNS:kubernetes.default.svc
diff --git a/mcp/reclass/classes/system/salt/minion/cert/k8s_server_single.yml b/mcp/reclass/classes/system/salt/minion/cert/k8s_server_single.yml
new file mode 100644
index 000000000..33637e4a8
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/minion/cert/k8s_server_single.yml
@@ -0,0 +1,13 @@
+parameters:
+ salt:
+ minion:
+ cert:
+ k8s_server:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: kubernetes-server
+ key_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.key
+ cert_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.crt
+ all_file: /srv/salt/env/${_param:salt_master_base_environment}/_certs/kubernetes/kubernetes-server.pem
+ signing_policy: cert_server
+ alternative_names: IP:${_param:control_address},IP:${_param:kubernetes_internal_api_address}
diff --git a/mcp/reclass/classes/system/salt/minion/cert/prometheus_server.yml b/mcp/reclass/classes/system/salt/minion/cert/prometheus_server.yml
new file mode 100644
index 000000000..30a0711a1
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/minion/cert/prometheus_server.yml
@@ -0,0 +1,13 @@
+parameters:
+ salt:
+ minion:
+ cert:
+ prometheus_server:
+ host: ${_param:salt_minion_ca_host}
+ authority: ${_param:salt_minion_ca_authority}
+ key_file: ${prometheus:server:dir:config}/prometheus-server.key
+ cert_file: ${prometheus:server:dir:config}/prometheus-server.crt
+ common_name: prometheus-server
+ signing_policy: cert_client
+ alternative_names: IP:${_param:cluster_vip_address},IP:${_param:cluster_node01_address},IP:${_param:cluster_node02_address},IP:${_param:cluster_node03_address},IP:${_param:kubernetes_internal_api_address}
+ mode: '0444'
diff --git a/mcp/reclass/classes/system/salt/minion/cert/proxy/cicd.yml b/mcp/reclass/classes/system/salt/minion/cert/proxy/cicd.yml
new file mode 100644
index 000000000..5fb5b280a
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/minion/cert/proxy/cicd.yml
@@ -0,0 +1,15 @@
+classes:
+- system.salt.minion.cert.proxy
+parameters:
+ salt:
+ minion:
+ cert:
+ proxy:
+ alternative_names: "DNS:${_param:cluster_public_host}, DNS:*.${_param:cluster_public_host}, IP:${_param:control_vip_address}, IP:${_param:single_address}"
+ key_file: /etc/haproxy/ssl/${_param:cluster_public_host}.key
+ cert_file: /etc/haproxy/ssl/${_param:cluster_public_host}.crt
+ all_file: /etc/haproxy/ssl/${_param:cluster_public_host}-all.pem
+ ca_file: /etc/haproxy/ssl/${_param:salt_minion_ca_authority}-ca.crt
+ user: root
+ group: haproxy
+ mode: 640 \ No newline at end of file
diff --git a/mcp/reclass/classes/system/salt/minion/cert/proxy/init.yml b/mcp/reclass/classes/system/salt/minion/cert/proxy/init.yml
new file mode 100644
index 000000000..fac9aa554
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/minion/cert/proxy/init.yml
@@ -0,0 +1,11 @@
+parameters:
+ _param:
+ salt_minion_ca_authority: salt_master_ca
+ salt:
+ minion:
+ cert:
+ proxy:
+ host: ${_param:salt_minion_ca_host}
+ signing_policy: cert_server
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: ${_param:cluster_public_host}
diff --git a/mcp/reclass/classes/system/salt/minion/cert/proxy/openstack.yml b/mcp/reclass/classes/system/salt/minion/cert/proxy/openstack.yml
new file mode 100644
index 000000000..627d96bd6
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/minion/cert/proxy/openstack.yml
@@ -0,0 +1,11 @@
+classes:
+- system.salt.minion.cert.proxy
+parameters:
+ _param:
+ salt_pki_proxy_alt_names: IP:${_param:cluster_public_host},DNS:${_param:cluster_public_host},DNS:proxy.${_param:cluster_public_host},DNS:horizon.${_param:cluster_public_host}
+ salt:
+ minion:
+ cert:
+ proxy:
+ common_name: proxy
+ alternative_names: IP:127.0.0.1,${_param:salt_pki_proxy_alt_names}
diff --git a/mcp/reclass/classes/system/salt/minion/cert/proxy/pki.yml b/mcp/reclass/classes/system/salt/minion/cert/proxy/pki.yml
new file mode 100644
index 000000000..731aea625
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/minion/cert/proxy/pki.yml
@@ -0,0 +1,8 @@
+parameters:
+ salt:
+ minion:
+ cert:
+ proxy:
+ key_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:proxy:common_name}.key
+ cert_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:proxy:common_name}.crt
+ all_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:proxy:common_name}-chain-with-key.pem
diff --git a/mcp/reclass/classes/system/salt/minion/cert/swift/init.yml b/mcp/reclass/classes/system/salt/minion/cert/swift/init.yml
new file mode 100644
index 000000000..28859cf23
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/minion/cert/swift/init.yml
@@ -0,0 +1,11 @@
+parameters:
+ _param:
+ salt_minion_ca_authority: salt_master_ca
+ salt:
+ minion:
+ cert:
+ swift:
+ host: ${_param:salt_minion_ca_host}
+ signing_policy: cert_server
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: ${_param:cluster_public_host}
diff --git a/mcp/reclass/classes/system/salt/minion/cert/swift/openstack.yml b/mcp/reclass/classes/system/salt/minion/cert/swift/openstack.yml
new file mode 100644
index 000000000..5560e1b46
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/minion/cert/swift/openstack.yml
@@ -0,0 +1,11 @@
+classes:
+- system.salt.minion.cert.swift
+parameters:
+ _param:
+ salt_pki_swift_alt_names: IP:${_param:cluster_public_host},DNS:${_param:cluster_public_host}
+ salt:
+ minion:
+ cert:
+ swift:
+ common_name: swift
+ alternative_names: IP:127.0.0.1,${_param:salt_pki_swift_alt_names}
diff --git a/mcp/reclass/classes/system/salt/minion/cert/swift/pki.yml b/mcp/reclass/classes/system/salt/minion/cert/swift/pki.yml
new file mode 100644
index 000000000..3195e48fc
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/minion/cert/swift/pki.yml
@@ -0,0 +1,8 @@
+parameters:
+ salt:
+ minion:
+ cert:
+ swift:
+ key_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:swift:common_name}.key
+ cert_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:swift:common_name}.crt
+ all_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:swift:common_name}-chain-with-key.pem
diff --git a/mcp/reclass/classes/system/salt/minion/cert/wildcard/init.yml b/mcp/reclass/classes/system/salt/minion/cert/wildcard/init.yml
new file mode 100644
index 000000000..29748958c
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/minion/cert/wildcard/init.yml
@@ -0,0 +1,16 @@
+parameters:
+ _param:
+ salt_minion_ca_authority: salt_master_ca
+ salt_pki_wildcard_alt_names: IP:${_param:cluster_public_host},DNS:${_param:cluster_public_host},DNS:*.${_param:cluster_public_host},DNS:${_param:cluster_domain},DNS:*.${_param:cluster_domain}
+ salt:
+ minion:
+ cert:
+ proxy:
+ host: ${_param:salt_minion_ca_host}
+ signing_policy: cert_server
+ authority: ${_param:salt_minion_ca_authority}
+ common_name: wildcard
+ alternative_names: IP:127.0.0.1,${_param:salt_pki_wildcard_alt_names}
+ key_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:wildcard:common_name}.key
+ cert_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:wildcard:common_name}.crt
+ all_file: /srv/salt/pki/${_param:cluster_name}/${salt:minion:cert:wildcard:common_name}-chain-with-key.pem
diff --git a/mcp/reclass/classes/system/salt/minion/master.yml b/mcp/reclass/classes/system/salt/minion/master.yml
new file mode 100644
index 000000000..fbeb1782d
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/minion/master.yml
@@ -0,0 +1,2 @@
+classes:
+- service.salt.minion.master
diff --git a/mcp/reclass/classes/system/salt/minion/masters.yml b/mcp/reclass/classes/system/salt/minion/masters.yml
new file mode 100644
index 000000000..829474ac7
--- /dev/null
+++ b/mcp/reclass/classes/system/salt/minion/masters.yml
@@ -0,0 +1,7 @@
+parameters:
+ salt:
+ minion:
+ master_type: failover
+ masters:
+ - host: ${_param:infra_config_deploy_address}
+ - host: ${_param:infra_config_address}