Sync os cacert from proxy to salt master

JIRA: FUEL-274
Change-Id: I2c8161b24cb18a0d1f9dc6fd509ce18af7ea8cf5
Signed-off-by: Michael Polenchuk <mpolenchuk@mirantis.com>

diff --git a/mcp/config/states/openstack_ha b/mcp/config/states/openstack_ha
index 507ca61..cc4279c 100755 (executable)
--- a/mcp/config/states/openstack_ha
+++ b/mcp/config/states/openstack_ha
@@ -44,3 +44,6 @@ salt -I 'nova:compute' state.sls nova
 
 salt -I 'horizon:server' state.sls horizon
 salt -I 'nginx:server' state.sls nginx
+
+salt -C 'I@nginx:server and *01*' cp.push /etc/ssl/certs/10.167.4.80-with-chain.crt upload_path='/os_cacert'
+cd /etc/ssl/certs && ln -s /var/cache/salt/master/minions/prx01.*/files/os_cacert

diff --git a/mcp/patches/0008-Handle-file_recv-option.patch b/mcp/patches/0008-Handle-file_recv-option.patch
new file mode 100644 (file)
index 0000000..0c76449
--- /dev/null
+++ b/mcp/patches/0008-Handle-file_recv-option.patch
@@ -0,0 +1,18 @@
+From: Michael Polenchuk <mpolenchuk@mirantis.com>
+Date: Mon, 28 Aug 2017 16:17:43 +0400
+Subject: [PATCH] Handle file_recv option
+
+
+diff --git a/salt/files/master.conf b/salt/files/master.conf
+index 329ae0d..a9d9656 100644
+--- a/salt/files/master.conf
++++ b/salt/files/master.conf
+@@ -95,6 +95,8 @@ logstash_zmq_handler:
+ order_masters: True
+ {%- endif %}
+
++file_recv: {{ master.get('file_recv', False) }}
++
+ {#-
+ vim: syntax=jinja
+ -#}

diff --git a/mcp/patches/patches.list b/mcp/patches/patches.list
index 1a651cf..419ff26 100644 (file)
--- a/mcp/patches/patches.list
+++ b/mcp/patches/patches.list
@@ -5,3 +5,4 @@
 /usr/share/salt-formulas/env: 0005-maas-module-Obtain-fabric-ID-from-CIDR.patch
 /usr/share/salt-formulas/env: 0006-maas-module-Add-VLAN-DHCP-enable-support.patch
 /usr/share/salt-formulas/env: 0007-linux.network.interface-noifupdown-support.patch
+/usr/share/salt-formulas/env: 0008-Handle-file_recv-option.patch

diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-odl-ha/infra/config.yml b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-odl-ha/infra/config.yml
index 202799f..a7b08f8 100644 (file)
--- a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-odl-ha/infra/config.yml
+++ b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-odl-ha/infra/config.yml
@@ -38,6 +38,7 @@ parameters:
   salt:
     master:
       accept_policy: open_mode
+      file_recv: true
   reclass:
     storage:
       data_source:

diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-odl-ha/openstack/control.yml b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-odl-ha/openstack/control.yml
index 227c649..e8666d6 100644 (file)
--- a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-odl-ha/openstack/control.yml
+++ b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-odl-ha/openstack/control.yml
@@ -39,6 +39,9 @@ parameters:
       interface:
         ens2: ${_param:linux_dhcp_interface}
         ens3: ${_param:linux_single_interface}
+  keystone:
+    server:
+      cacert: /etc/ssl/certs/mcp_os_cacert
   neutron:
     server:
       backend:

diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-dpdk-ha/infra/config.yml b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-dpdk-ha/infra/config.yml
index b7fd128..be3dc38 100644 (file)
--- a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-dpdk-ha/infra/config.yml
+++ b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-dpdk-ha/infra/config.yml
@@ -37,6 +37,7 @@ parameters:
   salt:
     master:
       accept_policy: open_mode
+      file_recv: true
   reclass:
     storage:
       data_source:

diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-dpdk-ha/openstack/control.yml b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-dpdk-ha/openstack/control.yml
index 4bfd27c..e7a3b85 100644 (file)
--- a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-dpdk-ha/openstack/control.yml
+++ b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-dpdk-ha/openstack/control.yml
@@ -43,6 +43,9 @@ parameters:
       interface:
         ens2: ${_param:linux_dhcp_interface}
         ens3: ${_param:linux_single_interface}
+  keystone:
+    server:
+      cacert: /etc/ssl/certs/mcp_os_cacert
   bind:
     server:
       control:

diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-ha/infra/config.yml b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-ha/infra/config.yml
index ce2c951..a75b41d 100644 (file)
--- a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-ha/infra/config.yml
+++ b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-ha/infra/config.yml
@@ -37,6 +37,7 @@ parameters:
   salt:
     master:
       accept_policy: open_mode
+      file_recv: true
   reclass:
     storage:
       data_source:

diff --git a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-ha/openstack/control.yml b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-ha/openstack/control.yml
index 6f47f8a..a5913dd 100644 (file)
--- a/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-ha/openstack/control.yml
+++ b/mcp/reclass/classes/cluster/baremetal-mcp-ocata-ovs-ha/openstack/control.yml
@@ -39,6 +39,9 @@ parameters:
       interface:
         ens2: ${_param:linux_dhcp_interface}
         ens3: ${_param:linux_single_interface}
+  keystone:
+    server:
+      cacert: /etc/ssl/certs/mcp_os_cacert
   bind:
     server:
       control:

diff --git a/mcp/reclass/classes/system b/mcp/reclass/classes/system
index fc30e31..7b186ff 160000 (submodule)
--- a/mcp/reclass/classes/system
+++ b/mcp/reclass/classes/system
@@ -1 +1 @@
-Subproject commit fc30e3196598bb01f8807d90113d7b8c0794ea94
+Subproject commit 7b186ff21829b6a0055c08cc681b94bd89aedf1d