canonical/cpe-deployments
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Many more changes see description

Browse Source 
* Update all relations to be more specific, this helps
  with --dry-run
* Update constraints, so that its balanced across the 3 systems
* Update overlay to fix versions
* ensure pause_minority for rabbitmq
* Add lxd metadata url
This commit is contained in:
Arif Ali 2021-12-06 22:42:10 +00:00
parent 2443f4c6ae
commit 34e0c03840
8 changed files with 205 additions and 317 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

210
config/bundle_bionic.yaml
View File

@ -132,64 +132,45 @@ machines:
# Baremetals
# Control Nodes
"100":
constraints: tags=control
constraints: tags=control,asrock01
"101":
constraints: tags=control
constraints: tags=control,asrock02
"102":
constraints: tags=control
constraints: tags=control,asrock03
# LMA Nodes
"200":
constraints: tags=compute
constraints: tags=compute,asrock01
"201":
constraints: tags=compute
constraints: tags=compute,asrock02
"202":
constraints: tags=compute
constraints: tags=compute,asrock03
# Landscape Nodes
"300":
constraints: tags=compute
constraints: tags=compute,asrock01
"301":
constraints: tags=compute
constraints: tags=compute,asrock02
"302":
constraints: tags=compute
constraints: tags=compute,asrock03
# Contrail Nodes
"400":
constraints: tags=control
constraints: tags=control,asrock01
"401":
constraints: tags=control
constraints: tags=control,asrock02
"402":
constraints: tags=control
# "500":
# constraints: tags=compute
# "501":
# constraints: tags=compute
# "502":
# constraints: tags=compute
# "503":
# constraints: tags=compute
# "504":
# constraints: tags=compute
# "505":
# constraints: tags=compute
# "506":
# constraints: tags=compute
# "507":
# constraints: tags=compute
# "508":
# constraints: tags=compute
constraints: tags=control,asrock03
# hyper-converged nova/ceph Nodes
"1000":
constraints: tags=compute
constraints: tags=compute,asrock01
"1001":
constraints: tags=compute
constraints: tags=compute,asrock02
"1002":
constraints: tags=compute
constraints: tags=compute,asrock03
"1003":
constraints: tags=compute
constraints: tags=compute,asrock01
"1004":
constraints: tags=compute
constraints: tags=compute,asrock02
"1005":
constraints: tags=compute
constraints: tags=compute,asrock03
applications:
# HAcluster
@ -662,7 +643,7 @@ applications:
options:
source: *openstack-origin
min-cluster-size: 3
cluster-partition-handling: ignore
cluster-partition-handling: pause_minority
num_units: 3
to:
- lxd:100
@ -706,6 +687,7 @@ applications:
# LMA stack applications
landscape-server:
charm: cs:landscape-server
series: bionic
bindings:
"": *oam-space
options:
@ -742,13 +724,14 @@ applications:
options:
source: *openstack-origin
min-cluster-size: 3
cluster-partition-handling: ignore
cluster-partition-handling: pause_minority
to:
- lxd:300
- lxd:301
- lxd:302
landscape-postgresql:
charm: cs:postgresql
series: bionic
bindings:
"": *oam-space
options:
@ -774,7 +757,6 @@ applications:
- lxd:302
graylog:
charm: cs:graylog
series: bionic
bindings:
"": *oam-space
num_units: 1
@ -942,7 +924,6 @@ applications:
#url: https://landscape.example.com/message-system
prometheus:
charm: cs:prometheus2
series: bionic
bindings:
"": *oam-space
num_units: 1
@ -960,7 +941,6 @@ applications:
- lxd:201
grafana:
charm: cs:~prometheus-charmers/grafana
series: bionic
bindings:
"": *oam-space
options:
@ -1089,7 +1069,6 @@ applications:
# -----END PGP PUBLIC KEY BLOCK-----
prometheus-ceph-exporter:
charm: cs:prometheus-ceph-exporter
series: bionic
bindings:
"": *oam-space
ceph: *ceph-public-space
@ -1264,15 +1243,15 @@ relations:
- [ "neutron-gateway:juju-info", "sysconfig-control:juju-info" ]
# Neutron-gateway relations
- [ "neutron-gateway", "nova-cloud-controller" ]
- [ "neutron-gateway:quantum-network-service", "nova-cloud-controller:quantum-network-service" ]
- [ "neutron-gateway:amqp", "rabbitmq-server:amqp" ]
- [ "neutron-gateway:neutron-plugin-api", "neutron-api:neutron-plugin-api" ]
- [ "neutron-gateway:juju-info", "ntp:juju-info" ]
# Neutron-openvswitch relations
- [ "neutron-openvswitch:amqp" , "rabbitmq-server:amqp" ]
- [ "neutron-openvswitch" , "neutron-api" ]
- [ "neutron-openvswitch" , "nova-compute" ]
- [ "neutron-openvswitch:neutron-plugin-api" , "neutron-api:neutron-plugin-api" ]
- [ "neutron-openvswitch:neutron-plugin" , "nova-compute:neutron-plugin" ]
# vault stuff
- [ "vault:shared-db", "mysql:shared-db" ]
@ -1373,90 +1352,90 @@ relations:
- [ "juniper-server:juju-info", "ntp:juju-info" ]
# LMA/landscape subordinates
- [ "nova-compute", "filebeat" ]
- [ "nova-compute", "telegraf" ]
- [ "nova-compute", "nrpe-host" ]
- [ "nova-compute", "landscape-client" ]
- [ "nova-compute:juju-info", "filebeat:beats-host" ]
- [ "nova-compute:juju-info", "telegraf:juju-info" ]
- [ "nova-compute:nrpe-external-master", "nrpe-host:nrpe-external-master" ]
- [ "nova-compute:juju-info", "landscape-client:container" ]
- [ "neutron-gateway", "filebeat" ]
- [ "neutron-gateway", "telegraf" ]
- [ "neutron-gateway", "nrpe-host" ]
- [ "neutron-gateway", "landscape-client" ]
- [ "neutron-gateway:juju-info", "filebeat:beats-host" ]
- [ "neutron-gateway:juju-info", "telegraf:juju-info" ]
- [ "neutron-gateway:nrpe-external-master", "nrpe-host:nrpe-external-master" ]
- [ "neutron-gateway:juju-info", "landscape-client:container" ]
- [ "keystone", "filebeat" ]
- [ "keystone", "telegraf" ]
- [ "keystone", "nrpe-container" ]
- [ "keystone", "landscape-client" ]
- [ "keystone:juju-info", "filebeat:beats-host" ]
- [ "keystone:juju-info", "telegraf:juju-info" ]
- [ "keystone:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "keystone:juju-info", "landscape-client:container" ]
- [ "glance", "filebeat" ]
- [ "glance", "telegraf" ]
- [ "glance", "nrpe-container" ]
- [ "glance", "landscape-client" ]
- [ "glance:juju-info", "filebeat:beats-host" ]
- [ "glance:juju-info", "telegraf:juju-info" ]
- [ "glance:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "glance:juju-info", "landscape-client:container" ]
- [ "cinder", "filebeat" ]
- [ "cinder", "telegraf" ]
- [ "cinder", "nrpe-container" ]
- [ "cinder", "landscape-client" ]
- [ "cinder:juju-info", "filebeat:beats-host" ]
- [ "cinder:juju-info", "telegraf:juju-info" ]
- [ "cinder:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "cinder:juju-info", "landscape-client:container" ]
# - [ "cinder2", "filebeat" ]
# - [ "cinder2", "telegraf" ]
# - [ "cinder2", "nrpe-container" ]
# - [ "cinder2", "landscape-client" ]
# - [ "cinder2:juju-info", "filebeat:beats-host" ]
# - [ "cinder2:juju-info", "telegraf:juju-info" ]
# - [ "cinder2:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
# - [ "cinder2:juju-info", "landscape-client:container" ]
- [ "heat", "filebeat" ]
- [ "heat", "telegraf" ]
- [ "heat", "nrpe-container" ]
- [ "heat", "landscape-client" ]
- [ "heat:juju-info", "filebeat:beats-host" ]
- [ "heat:juju-info", "telegraf:juju-info" ]
- [ "heat:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "heat:juju-info", "landscape-client:container" ]
- [ "mysql", "filebeat" ]
- [ "mysql", "telegraf" ]
- [ "mysql", "nrpe-container" ]
- [ "mysql", "landscape-client" ]
- [ "mysql:juju-info", "filebeat:beats-host" ]
- [ "mysql:juju-info", "telegraf:juju-info" ]
- [ "mysql:juju-info", "nrpe-container:general-info" ]
- [ "mysql:juju-info", "landscape-client:container" ]
- [ "ceph-mon", "filebeat" ]
- [ "ceph-mon", "telegraf" ]
- [ "ceph-mon", "nrpe-container" ]
- [ "ceph-mon", "landscape-client" ]
- [ "ceph-mon:juju-info", "filebeat:beats-host" ]
- [ "ceph-mon:juju-info", "telegraf:juju-info" ]
- [ "ceph-mon:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "ceph-mon:juju-info", "landscape-client:container" ]
- [ "neutron-api", "filebeat" ]
- [ "neutron-api", "telegraf" ]
- [ "neutron-api", "nrpe-container" ]
- [ "neutron-api", "landscape-client" ]
- [ "neutron-api:juju-info", "filebeat:beats-host" ]
- [ "neutron-api:juju-info", "telegraf:juju-info" ]
- [ "neutron-api:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "neutron-api:juju-info", "landscape-client:container" ]
- [ "rabbitmq-server", "filebeat" ]
- [ "rabbitmq-server", "telegraf" ]
- [ "rabbitmq-server", "nrpe-container" ]
- [ "rabbitmq-server", "landscape-client" ]
- [ "rabbitmq-server:juju-info", "filebeat:beats-host" ]
- [ "rabbitmq-server:juju-info", "telegraf:juju-info" ]
- [ "rabbitmq-server:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "rabbitmq-server:juju-info", "landscape-client:container" ]
- [ "openstack-dashboard", "filebeat" ]
- [ "openstack-dashboard", "telegraf" ]
- [ "openstack-dashboard", "nrpe-container" ]
- [ "openstack-dashboard", "landscape-client" ]
- [ "openstack-dashboard:juju-info", "filebeat:beats-host" ]
- [ "openstack-dashboard:juju-info", "telegraf:juju-info" ]
- [ "openstack-dashboard:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "openstack-dashboard:juju-info", "landscape-client:container" ]
- [ "nova-cloud-controller", "filebeat" ]
- [ "nova-cloud-controller", "telegraf" ]
- [ "nova-cloud-controller", "nrpe-container" ]
- [ "nova-cloud-controller", "landscape-client" ]
- [ "nova-cloud-controller:juju-info", "filebeat:beats-host" ]
- [ "nova-cloud-controller:juju-info", "telegraf:juju-info" ]
- [ "nova-cloud-controller:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "nova-cloud-controller:juju-info", "landscape-client:container" ]
- [ "gnocchi", "filebeat" ]
- [ "gnocchi", "telegraf" ]
- [ "gnocchi", "nrpe-container" ]
- [ "gnocchi", "landscape-client" ]
- [ "gnocchi:juju-info", "filebeat:beats-host" ]
- [ "gnocchi:juju-info", "telegraf:juju-info" ]
- [ "gnocchi:juju-info", "nrpe-container:general-info" ]
- [ "gnocchi:juju-info", "landscape-client:container" ]
- [ "ceilometer", "filebeat" ]
- [ "ceilometer", "telegraf" ]
- [ "ceilometer", "nrpe-container" ]
- [ "ceilometer", "landscape-client" ]
- [ "ceilometer:juju-info", "filebeat:beats-host" ]
- [ "ceilometer:juju-info", "telegraf:juju-info" ]
- [ "ceilometer:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "ceilometer:juju-info", "landscape-client:container" ]
- [ "aodh", "filebeat" ]
- [ "aodh", "telegraf" ]
- [ "aodh", "landscape-client" ]
- [ "aodh", "nrpe-container" ]
- [ "aodh:juju-info", "filebeat:beats-host" ]
- [ "aodh:juju-info", "telegraf:juju-info" ]
- [ "aodh:juju-info", "nrpe-container:general-info" ]
- [ "aodh:juju-info", "landscape-client:container" ]
- [ "juniper-server", "telegraf" ]
- [ "juniper-server", "filebeat" ]
- [ "juniper-server", "landscape-client" ]
- [ "juniper-server", "nrpe-host" ]
- [ "juniper-server:juju-info", "filebeat:beats-host" ]
- [ "juniper-server:juju-info", "telegraf:juju-info" ]
- [ "juniper-server:juju-info", "landscape-client:container" ]
- [ "juniper-server:juju-info", "nrpe-host:general-info" ]
- [ "hacluster-aodh:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "hacluster-cinder:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
@ -1498,6 +1477,3 @@ relations:
- [ "landscape-server:amqp", "landscape-rabbitmq-server:amqp" ]
- [ "landscape-server:website", "landscape-haproxy:reverseproxy" ]
- [ "landscape-server:db", "landscape-postgresql:db-admin" ]

186
config/bundle_focal.yaml
View File

@ -169,38 +169,19 @@ machines:
constraints: tags=compute,asrock02
"402":
constraints: tags=compute,asrock03
# "500":
# constraints: tags=compute
# "501":
# constraints: tags=compute
# "502":
# constraints: tags=compute
# "503":
# constraints: tags=compute
# "504":
# constraints: tags=compute
# "505":
# constraints: tags=compute
# "506":
# constraints: tags=compute
# "507":
# constraints: tags=compute
# "508":
# constraints: tags=compute
# hyper-converged nova/ceph Nodes
"1000":
constraints: tags=compute
constraints: tags=compute,asrock01
"1001":
constraints: tags=compute
constraints: tags=compute,asrock01
"1002":
constraints: tags=compute
constraints: tags=compute,asrock02
"1003":
constraints: tags=compute
constraints: tags=compute,asrock02
"1004":
constraints: tags=compute
constraints: tags=compute,asrock03
"1005":
constraints: tags=compute
constraints: tags=compute,asrock03
applications:
# HAcluster
@ -866,7 +847,7 @@ applications:
options:
source: *openstack-origin
min-cluster-size: 3
cluster-partition-handling: ignore
cluster-partition-handling: pause_minority
to:
- lxd:300
- lxd:301
@ -1413,15 +1394,15 @@ relations:
- [ "controller-server:juju-info", "sysconfig-control:juju-info" ]
# Neutron-gateway relations
- [ "neutron-gateway", "nova-cloud-controller" ]
- [ "neutron-gateway:quantum-network-service", "nova-cloud-controller:quantum-network-service" ]
- [ "neutron-gateway:amqp", "rabbitmq-server:amqp" ]
- [ "neutron-gateway:neutron-plugin-api", "neutron-api:neutron-plugin-api" ]
- [ "neutron-gateway:juju-info", "ntp:juju-info" ]
# Neutron-openvswitch relations
- [ "neutron-openvswitch:amqp" , "rabbitmq-server:amqp" ]
- [ "neutron-openvswitch" , "neutron-api" ]
- [ "neutron-openvswitch" , "nova-compute" ]
- [ "neutron-openvswitch:neutron-plugin-api" , "neutron-api:neutron-plugin-api" ]
- [ "neutron-openvswitch:neutron-plugin" , "nova-compute:neutron-plugin" ]
# vault stuff
- [ "vault:shared-db", "vault-mysql-router:shared-db" ]
@ -1526,95 +1507,95 @@ relations:
- [ "grafana:dashboards", "telegraf-prometheus:dashboards" ]
# LMA/landscape subordinates
- [ "nova-compute", "filebeat" ]
- [ "nova-compute", "telegraf" ]
- [ "nova-compute", "nrpe-host" ]
- [ "nova-compute", "landscape-client" ]
- [ "nova-compute:juju-info", "filebeat:beats-host" ]
- [ "nova-compute:juju-info", "telegraf:juju-info" ]
- [ "nova-compute:nrpe-external-master", "nrpe-host:nrpe-external-master" ]
- [ "nova-compute:juju-info", "landscape-client:container" ]
- [ "neutron-gateway", "filebeat" ]
- [ "neutron-gateway", "telegraf" ]
- [ "neutron-gateway", "nrpe-host" ]
- [ "neutron-gateway", "landscape-client" ]
- [ "neutron-gateway:juju-info", "filebeat:beats-host" ]
- [ "neutron-gateway:juju-info", "telegraf:juju-info" ]
- [ "neutron-gateway:nrpe-external-master", "nrpe-host:nrpe-external-master" ]
- [ "neutron-gateway:juju-info", "landscape-client:container" ]
- [ "keystone", "filebeat" ]
- [ "keystone", "telegraf" ]
- [ "keystone", "nrpe-container" ]
- [ "keystone", "landscape-client" ]
- [ "keystone:juju-info", "filebeat:beats-host" ]
- [ "keystone:juju-info", "telegraf:juju-info" ]
- [ "keystone:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "keystone:juju-info", "landscape-client:container" ]
- [ "glance", "filebeat" ]
- [ "glance", "telegraf" ]
- [ "glance", "nrpe-container" ]
- [ "glance", "landscape-client" ]
- [ "glance:juju-info", "filebeat:beats-host" ]
- [ "glance:juju-info", "telegraf:juju-info" ]
- [ "glance:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "glance:juju-info", "landscape-client:container" ]
- [ "cinder", "filebeat" ]
- [ "cinder", "telegraf" ]
- [ "cinder", "nrpe-container" ]
- [ "cinder", "landscape-client" ]
- [ "cinder:juju-info", "filebeat:beats-host" ]
- [ "cinder:juju-info", "telegraf:juju-info" ]
- [ "cinder:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "cinder:juju-info", "landscape-client:container" ]
# - [ "cinder2", "filebeat" ]
# - [ "cinder2", "telegraf" ]
# - [ "cinder2", "nrpe-container" ]
# - [ "cinder2", "landscape-client" ]
# - [ "cinder2:juju-info", "filebeat:beats-host" ]
# - [ "cinder2:juju-info", "telegraf:juju-info" ]
# - [ "cinder2:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
# - [ "cinder2:juju-info", "landscape-client:container" ]
- [ "heat", "filebeat" ]
- [ "heat", "telegraf" ]
- [ "heat", "nrpe-container" ]
- [ "heat", "landscape-client" ]
- [ "heat:juju-info", "filebeat:beats-host" ]
- [ "heat:juju-info", "telegraf:juju-info" ]
- [ "heat:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "heat:juju-info", "landscape-client:container" ]
- [ "mysql", "filebeat" ]
- [ "mysql", "telegraf" ]
- [ "mysql", "nrpe-container" ]
- [ "mysql", "landscape-client" ]
- [ "mysql:juju-info", "filebeat:beats-host" ]
- [ "mysql:juju-info", "telegraf:juju-info" ]
- [ "mysql:juju-info", "nrpe-container:general-info" ]
- [ "mysql:juju-info", "landscape-client:container" ]
- [ "ceph-mon", "filebeat" ]
- [ "ceph-mon", "telegraf" ]
- [ "ceph-mon", "nrpe-container" ]
- [ "ceph-mon", "landscape-client" ]
- [ "ceph-mon:juju-info", "filebeat:beats-host" ]
- [ "ceph-mon:juju-info", "telegraf:juju-info" ]
- [ "ceph-mon:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "ceph-mon:juju-info", "landscape-client:container" ]
- [ "neutron-api", "filebeat" ]
- [ "neutron-api", "telegraf" ]
- [ "neutron-api", "nrpe-container" ]
- [ "neutron-api", "landscape-client" ]
- [ "neutron-api:juju-info", "filebeat:beats-host" ]
- [ "neutron-api:juju-info", "telegraf:juju-info" ]
- [ "neutron-api:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "neutron-api:juju-info", "landscape-client:container" ]
- [ "rabbitmq-server", "filebeat" ]
- [ "rabbitmq-server", "telegraf" ]
- [ "rabbitmq-server", "nrpe-container" ]
- [ "rabbitmq-server", "landscape-client" ]
- [ "rabbitmq-server:juju-info", "filebeat:beats-host" ]
- [ "rabbitmq-server:juju-info", "telegraf:juju-info" ]
- [ "rabbitmq-server:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "rabbitmq-server:juju-info", "landscape-client:container" ]
- [ "openstack-dashboard", "filebeat" ]
- [ "openstack-dashboard", "telegraf" ]
- [ "openstack-dashboard", "nrpe-container" ]
- [ "openstack-dashboard", "landscape-client" ]
- [ "openstack-dashboard:juju-info", "filebeat:beats-host" ]
- [ "openstack-dashboard:juju-info", "telegraf:juju-info" ]
- [ "openstack-dashboard:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "openstack-dashboard:juju-info", "landscape-client:container" ]
- [ "nova-cloud-controller", "filebeat" ]
- [ "nova-cloud-controller", "telegraf" ]
- [ "nova-cloud-controller", "nrpe-container" ]
- [ "nova-cloud-controller", "landscape-client" ]
- [ "nova-cloud-controller:juju-info", "filebeat:beats-host" ]
- [ "nova-cloud-controller:juju-info", "telegraf:juju-info" ]
- [ "nova-cloud-controller:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "nova-cloud-controller:juju-info", "landscape-client:container" ]
- [ "gnocchi", "filebeat" ]
- [ "gnocchi", "telegraf" ]
- [ "gnocchi", "nrpe-container" ]
- [ "gnocchi", "landscape-client" ]
- [ "gnocchi:juju-info", "filebeat:beats-host" ]
- [ "gnocchi:juju-info", "telegraf:juju-info" ]
- [ "gnocchi:juju-info", "nrpe-container:general-info" ]
- [ "gnocchi:juju-info", "landscape-client:container" ]
- [ "ceilometer", "filebeat" ]
- [ "ceilometer", "telegraf" ]
- [ "ceilometer", "nrpe-container" ]
- [ "ceilometer", "landscape-client" ]
- [ "ceilometer:juju-info", "filebeat:beats-host" ]
- [ "ceilometer:juju-info", "telegraf:juju-info" ]
- [ "ceilometer:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "ceilometer:juju-info", "landscape-client:container" ]
- [ "aodh", "filebeat" ]
- [ "aodh", "telegraf" ]
- [ "aodh", "landscape-client" ]
- [ "aodh", "nrpe-container" ]
- [ "aodh:juju-info", "filebeat:beats-host" ]
- [ "aodh:juju-info", "telegraf:juju-info" ]
- [ "aodh:juju-info", "nrpe-container:general-info" ]
- [ "aodh:juju-info", "landscape-client:container" ]
- [ "placement", "filebeat" ]
- [ "placement", "telegraf" ]
- [ "placement", "landscape-client" ]
- [ "placement", "nrpe-container" ]
- [ "placement:juju-info", "filebeat:beats-host" ]
- [ "placement:juju-info", "telegraf:juju-info" ]
- [ "placement:juju-info", "nrpe-container:general-info" ]
- [ "placement:juju-info", "landscape-client:container" ]
- [ "juniper-server", "telegraf" ]
- [ "juniper-server", "filebeat" ]
- [ "juniper-server", "landscape-client" ]
- [ "juniper-server", "nrpe-host" ]
- [ "juniper-server:juju-info", "filebeat:beats-host" ]
- [ "juniper-server:juju-info", "telegraf:juju-info" ]
- [ "juniper-server:juju-info", "landscape-client:container" ]
- [ "juniper-server:juju-info", "nrpe-host:general-info" ]
- [ "hacluster-aodh:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "hacluster-cinder:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
@ -1656,6 +1637,3 @@ relations:
- [ "landscape-server:amqp", "landscape-rabbitmq-server:amqp" ]
- [ "landscape-server:website", "landscape-haproxy:reverseproxy" ]
- [ "landscape-server:db", "landscape-postgresql:db-admin" ]

89
config/juju-model-default-cis-bionic.yaml
View File

@ -1,89 +0,0 @@
cloudinit-userdata: |
packages:
- squashfuse
- libopenscap8
write_files:
- owner: root:root
path: /root/99-post-juju.yaml
permissions: '0644'
content: |
network:
version: 2
ethernets:
ens3:
link-local: []
ens4:
link-local: []
ens5:
link-local: []
ens6:
link-local: []
ens7:
link-local: []
ens8:
link-local: []
ens9:
link-local: []
- owner: root:root
path: /tmp/cis-hardening.conf
permissions: '0644'
content: |
# Hash created by grub-mkpasswd-pbkdf2 to set grub password. If empty, grub password
# is not set.
# (CIS rule 1.4.2)
grub_hash=
# Grub user set for authentication
grub_user=root
# Time synchronization service selected (ntp or chrony - if empty, none will be installed)
# (CIS rule 2.2.1.1-2.2.1.3)
time_sync_svc=
time_sync_addr=
# Audit log storage size, before log is automatically rotated
# (CIS rule 4.1.1.1)
max_log_file=8
# Remote log host address (CIS rule 4.2.2.4)
# Use the format loghost.example.com:554, to define the port
remote_log_server=
# SSH access limitation parameters at /etc/ssh/sshd_config (CIS rule 5.2.14)
AllowUsers=ubuntu
AllowGroups=
DenyUsers=
DenyGroups=
# PAM password quality parameters at /etc/security/pwquality.conf (CIS rule 5.3.1)
minlen=14
dcredit=-1
ucredit=-1
ocredit=-1
lcredit=-1
# sudo group members, aside from root (CIS rule 5.6)
sudo_member=
# Unowned files will be changed to this user (CIS rule 6.1.11)
unowned_user=root
# Ungrouped files will be changed to this user (CIS rule 6.1.12)
unowned_group=root
# Delete files in the home directory which violate CIS rules (CIS rules 6.2.11, 6.2.12, 6.2.14)
delete_user_files=true
preruncmd:
- locale-gen en_GB.UTF-8; update-locale
- wget -qO - http://192.168.1.12/keys/security-benchmarks.asc | sudo apt-key add -
- sudo add-apt-repository "deb http://192.168.1.12/private-ppa.launchpad.net/ubuntu-advantage/security-benchmarks/ubuntu bionic main"
- sudo apt update
- sudo DEBIAN_FRONTEND=noninteractive apt install -y -q usg-cisbenchmark
- cd /usr/share/ubuntu-scap-security-guides/cis-hardening; sudo ./Canonical_Ubuntu_18.04_CIS-harden.sh -f /tmp/cis-hardening.conf lvl2_server
# remove auditd as added by Hardening script but is not supported on containers
- "systemd-detect-virt --container && apt purge -y auditd"
- "systemd-detect-virt --container && rm -rf /root/99-post-juju.yaml"
- "! systemd-detect-virt --container && mv /root/99-post-juju.yaml /etc/netplan/99-post-juju.yaml"
- "! systemd-detect-virt --container && sudo lxc profile set default security.nesting true"
- sudo netplan apply
default-series: "bionic"
apt-mirror: http://192.168.1.12/archive.ubuntu.com/ubuntu

3
config/juju-model-default-cis-focal.yaml → config/juju-model-default-cis.yaml
View File

@ -149,6 +149,5 @@ cloudinit-userdata: |
commands:
"00": systemctl restart snapd
default-series: "focal"
#apt-mirror: http://192.168.1.12/archive.ubuntu.com/ubuntu
apt-mirror: http://192.168.1.12/archive.ubuntu.com/ubuntu
lxd-snap-channel: "4.19/stable"

12
config/juju-model-default.yaml
View File

@ -1,4 +1,8 @@
cloudinit-userdata: |
apt:
primary:
- arches: [amd64]
uri: http://192.168.1.12/archive.ubuntu.com/ubuntu
write_files:
- owner: root:root
path: /root/99-post-juju.yaml
@ -27,6 +31,12 @@ cloudinit-userdata: |
- "! systemd-detect-virt --container && mv /root/99-post-juju.yaml /etc/netplan/99-post-juju.yaml"
- "! systemd-detect-virt --container && sudo lxc profile set default security.nesting true"
- sudo netplan apply
snap:
commands:
"00": systemctl restart snapd
default-series: "bionic"
apt-mirror: http://192.168.1.12/archive.ubuntu.com/ubuntu
lxd-snap-channel: "4.19/stable"
container-image-metadata-url: "http://192.168.1.12/lxd/"
container-image-stream: released

4
config/juju_deploy_focal.sh
View File

@ -2,7 +2,9 @@
series=focal
juju model-config juju-model-default-cis-${series}.yaml
juju model-config juju-model-default.yaml
juju model-config default-series=${series}
juju deploy ./bundle_${series}.yaml \
--overlay ./overlays/ovs.yaml \

6
config/overlays/ldap.yaml
View File

@ -104,6 +104,6 @@ applications:
}
relations:
- [ "keystone", "keystone-ldap-domain1" ]
- [ "keystone", "keystone-ldap-domain2" ]
- [ "keystone", "keystone-ldap-domain3" ]
- [ "keystone:domain-backend", "keystone-ldap-domain1:domain-backend" ]
- [ "keystone:domain-backend", "keystone-ldap-domain2:domain-backend" ]
- [ "keystone:domain-backend", "keystone-ldap-domain3:domain-backend" ]

12
config/overlays/openstack_versioned_overlay_focal.yaml
View File

@ -23,6 +23,8 @@ applications:
# charm: cs:cinder-310
cinder-ceph:
charm: cs:cinder-ceph-262 # upgrade to support availability-zone specification
controller-server:
charm: cs:ubuntu-18
easyrsa:
charm: cs:~containers/easyrsa-408
elasticsearch:
@ -71,6 +73,8 @@ applications:
charm: cs:hacluster-76
heat:
charm: cs:heat-283
juniper-server:
charm: cs:ubuntu-18
keystone-ldap-domain1:
charm: cs:keystone-ldap-35
keystone-ldap-domain2:
@ -81,6 +85,8 @@ applications:
charm: cs:keystone-323
landscape-client:
charm: cs:landscape-client-35
landscape-client-bionic:
charm: cs:landscape-client-35
landscape-haproxy:
charm: cs:haproxy-61
landscape-postgresql:
@ -89,6 +95,12 @@ applications:
charm: cs:~openstack-charmers-next/rabbitmq-server-438 # attempted fix for LP#1939702
landscape-server:
charm: cs:landscape-server-39
ldap-domain1:
charm: cs:~openstack-charmers/ldap-test-fixture-4
ldap-domain2:
charm: cs:~openstack-charmers/ldap-test-fixture-4
ldap-domain3:
charm: cs:~openstack-charmers/ldap-test-fixture-4
# lldpd:
# charm: cs:lldpd-9
memcached: