canonical/cpe-deployments
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity

Update deployment for granularity

Browse Source 
* Add nova policy override for mimic
* fine tuning of keystone override
* segregate lma and landscape applications/relations
* Add workaround for altname for interfaces
* Update focal overlay to update and mimic
* Add hosts file for addtion to local host
This commit is contained in:
Arif Ali
2022-11-01 20:51:17 +00:00
parent 19a928f02f
commit 6af8998860
14 changed files with 692 additions and 2591 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
config/bundle_bionic.yaml
View File

@ -735,7 +735,7 @@ applications:
bindings:
"": *oam-space
options:
extra_packages: python-apt postgresql-contrib postgresql-.*-debversion postgresql-plpython-.*
extra_packages: python-apt postgresql-contrib postgresql-.*-debversion postgresql-plpython.*
max_connections: 500
max_prepared_transactions: 500
num_units: 2

555
config/bundle_focal.yaml
View File

@ -629,6 +629,15 @@ applications:
- 103
- 104
- 105
lma-server:
charm: cs:ubuntu
num_units: 3
bindings:
"": *oam-space
to:
- 300
- 301
- 302
neutron-gateway:
charm: cs:neutron-gateway
num_units: 3
@ -808,362 +817,6 @@ applications:
- lxd:101
- lxd:102
# LMA stack applications
landscape-server:
charm: cs:landscape-server
series: bionic
bindings:
"": *oam-space
options:
install_sources: |-
- 'deb http://192.168.1.12/ppa.launchpad.net/landscape/19.10/ubuntu bionic main'
install_keys: |-
- |
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.6
Comment: Hostname: keyserver.ubuntu.com
mI0ESXN/egEEAOgRYISU9dnQm4BB5ZEEwKT+NKUDNd/DhMYdtBMw9Yk7S5cyoqpbtwoPJVzK
AXxq+ng5e3yYypSv98pLMr5UF09FGaeyGlD4s1uaVFWkFCO4jsTg7pWIY6qzO/jMxB5+Yu/G
0GjWQMNKxFk0oHMa0PhNBZtdPacVz65mOVmCsh/lABEBAAG0G0xhdW5jaHBhZCBQUEEgZm9y
IExhbmRzY2FwZYi2BBMBAgAgBQJJc396AhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQ
boWobkZStOb+rwP+ONKUWeX+MTIPqGWkknBPV7jm8nyyIUojC4IhS+9YR6GYnn0hMABSkEHm
IV73feKmrT2GESYI1UdYeKiOkWsPN/JyBk+eTvKet0qsw5TluqiHSW+LEi/+zUyrS3dDMX3o
yaLgYa+UkjIyxnaKLkQuCiS+D+fYwnJulIkhaKObtdE=
=UwRd
-----END PGP PUBLIC KEY BLOCK-----
license-file: include-base64://../secrets/ldslicense.txt
#root-url: http://landscape.example.com/
num_units: 3
to:
- 300
- 301
- 302
landscape-rabbitmq-server:
charm: cs:rabbitmq-server
bindings:
"": *oam-space
cluster: *oam-space
amqp: *oam-space
num_units: 3
options:
source: *openstack-origin
min-cluster-size: 3
cluster-partition-handling: pause_minority
to:
- lxd:300
- lxd:301
- lxd:302
landscape-postgresql:
charm: cs:postgresql
series: bionic
bindings:
"": *oam-space
options:
extra_packages: python-apt postgresql-contrib postgresql-.*-debversion postgresql-plpython-.*
max_connections: 500
max_prepared_transactions: 500
num_units: 2
to:
- lxd:300
- lxd:301
landscape-haproxy:
charm: cs:haproxy
bindings:
"": *oam-space
options:
default_timeouts: "queue 60000, connect 5000, client 120000, server 120000"
services: ""
source: backports
ssl_cert: SELFSIGNED
global_default_bind_options: "no-tlsv10"
num_units: 1
to:
- lxd:302
graylog:
charm: cs:graylog
bindings:
"": *oam-space
num_units: 1
options:
channel: "4/stable"
jvm_heap_size: '1G'
rest_transport_uri: http://graylog.example.com:9001
index_rotation_period: PT3H
to:
- 200
graylog-mongodb:
charm: cs:mongodb
bindings:
"": *oam-space
num_units: 1
options:
nagios_context: *nagios-context
to:
- lxd:200
elasticsearch:
charm: cs:elasticsearch
bindings:
"": *oam-space
num_units: 2
options:
firewall_enabled: False
es-heap-size: 2
gpg-key: |
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.6
Comment: Hostname: keyserver.ubuntu.com
mQENBFI3HsoBCADXDtbNJnxbPqB1vDNtCsqhe49vFYsZN9IOZsZXgp7aHjh6CJBDA+bGFOwy
hbd7at35jQjWAw1O3cfYsKAmFy+Ar3LHCMkV3oZspJACTIgCrwnkic/9CUliQe324qvObU2Q
RtP4Fl0zWcfb/S8UYzWXWIFuJqMvE9MaRY1bwUBvzoqavLGZj3SF1SPO+TB5QrHkrQHBsmX+
Jda6d4Ylt8/t6CvMwgQNlrlzIO9WT+YN6zS+sqHd1YK/aY5qhoLNhp9G/HxhcSVCkLq8SStj
1ZZ1S9juBPoXV1ZWNbxFNGwOh/NYGldD2kmBf3YgCqeLzHahsAEpvAm8TBa7Q9W21C8vABEB
AAG0RUVsYXN0aWNzZWFyY2ggKEVsYXN0aWNzZWFyY2ggU2lnbmluZyBLZXkpIDxkZXZfb3Bz
QGVsYXN0aWNzZWFyY2gub3JnPokBOAQTAQIAIgUCUjceygIbAwYLCQgHAwIGFQgCCQoLBBYC
AwECHgECF4AACgkQ0n1mbNiOQrRzjAgAlTUQ1mgo3nK6BGXbj4XAJvuZDG0HILiUt+pPnz75
nsf0NWhqR4yGFlmpuctgCmTD+HzYtV9fp9qW/bwVuJCNtKXk3sdzYABY+Yl0Cez/7C2GuGCO
lbn0luCNT9BxJnh4mC9h/cKI3y5jvZ7wavwe41teqG14V+EoFSn3NPKmTxcDTFrV7SmVPxCB
cQze00cJhprKxkuZMPPVqpBS+JfDQtzUQD/LSFfhHj9eD+Xe8d7sw+XvxB2aN4gnTlRzjL1n
TRp0h2/IOGkqYfIG9rWmSLNlxhB2t+c0RsjdGM4/eRlPWylFbVMc5pmDpItrkWSnzBfkmXL3
vO2X3WvwmSFiQbkBDQRSNx7KAQgA5JUlzcMW5/cuyZR8alSacKqhSbvoSqqbzHKcUQZmlzNM
KGTABFG1yRx9r+wa/fvqP6OTRzRDvVS/cycws8YX7Ddum7x8uI95b9ye1/Xy5noPEm8cD+hp
lnpU+PBQZJ5XJ2I+1l9Nixx47wPGXeClLqcdn0ayd+v+Rwf3/XUJrvccG2YZUiQ4jWZkoxsA
07xx7Bj+Lt8/FKG7sHRFvePFU0ZS6JFx9GJqjSBbHRRkam+4emW3uWgVfZxuwcUCn1ayNgRt
KiFv9jQrg2TIWEvzYx9tywTCxc+FFMWAlbCzi+m4WD+QUWWfDQ009U/WM0ks0KwwEwSk/UDu
ToxGnKU2dQARAQABiQEfBBgBAgAJBQJSNx7KAhsMAAoJENJ9ZmzYjkK0c3MIAIE9hAR20mqJ
WLcsxLtrRs6uNF1VrpB+4n/55QU7oxA1iVBO6IFu4qgsF12JTavnJ5MLaETlggXY+zDef9sy
TPXoQctpzcaNVDmedwo1SiL03uMoblOvWpMR/Y0j6rm7IgrMWUDXDPvoPGjMl2q1iTeyHkMZ
EyUJ8SKsaHh4jV9wp9KmC8C+9CwMukL7vM5w8cgvJoAwsp3Fn59AxWthN3XJYcnMfStkIuWg
R7U2r+a210W6vnUxU4oN0PmMcursYPyeV0NX/KQeUeNMwGTFB6QHS/anRaGQewijkrYYoTNt
fllxIu9XYmiBERQ/qPDlGRlOgVTd9xUfHFkzB52c70E=
=92oX
-----END PGP PUBLIC KEY BLOCK-----
apt-repository: 'deb http://192.168.1.12/artifacts.elastic.co/packages/6.x/apt stable main'
to:
- 201
- 202
filebeat:
charm: cs:filebeat
options:
logpath: "/var/log/*.log /var/log/*/*.log /var/log/syslog"
install_keys: |-
- |
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.6
Comment: Hostname: keyserver.ubuntu.com
mQENBFI3HsoBCADXDtbNJnxbPqB1vDNtCsqhe49vFYsZN9IOZsZXgp7aHjh6CJBDA+bGFOwy
hbd7at35jQjWAw1O3cfYsKAmFy+Ar3LHCMkV3oZspJACTIgCrwnkic/9CUliQe324qvObU2Q
RtP4Fl0zWcfb/S8UYzWXWIFuJqMvE9MaRY1bwUBvzoqavLGZj3SF1SPO+TB5QrHkrQHBsmX+
Jda6d4Ylt8/t6CvMwgQNlrlzIO9WT+YN6zS+sqHd1YK/aY5qhoLNhp9G/HxhcSVCkLq8SStj
1ZZ1S9juBPoXV1ZWNbxFNGwOh/NYGldD2kmBf3YgCqeLzHahsAEpvAm8TBa7Q9W21C8vABEB
AAG0RUVsYXN0aWNzZWFyY2ggKEVsYXN0aWNzZWFyY2ggU2lnbmluZyBLZXkpIDxkZXZfb3Bz
QGVsYXN0aWNzZWFyY2gub3JnPokBOAQTAQIAIgUCUjceygIbAwYLCQgHAwIGFQgCCQoLBBYC
AwECHgECF4AACgkQ0n1mbNiOQrRzjAgAlTUQ1mgo3nK6BGXbj4XAJvuZDG0HILiUt+pPnz75
nsf0NWhqR4yGFlmpuctgCmTD+HzYtV9fp9qW/bwVuJCNtKXk3sdzYABY+Yl0Cez/7C2GuGCO
lbn0luCNT9BxJnh4mC9h/cKI3y5jvZ7wavwe41teqG14V+EoFSn3NPKmTxcDTFrV7SmVPxCB
cQze00cJhprKxkuZMPPVqpBS+JfDQtzUQD/LSFfhHj9eD+Xe8d7sw+XvxB2aN4gnTlRzjL1n
TRp0h2/IOGkqYfIG9rWmSLNlxhB2t+c0RsjdGM4/eRlPWylFbVMc5pmDpItrkWSnzBfkmXL3
vO2X3WvwmSFiQbkBDQRSNx7KAQgA5JUlzcMW5/cuyZR8alSacKqhSbvoSqqbzHKcUQZmlzNM
KGTABFG1yRx9r+wa/fvqP6OTRzRDvVS/cycws8YX7Ddum7x8uI95b9ye1/Xy5noPEm8cD+hp
lnpU+PBQZJ5XJ2I+1l9Nixx47wPGXeClLqcdn0ayd+v+Rwf3/XUJrvccG2YZUiQ4jWZkoxsA
07xx7Bj+Lt8/FKG7sHRFvePFU0ZS6JFx9GJqjSBbHRRkam+4emW3uWgVfZxuwcUCn1ayNgRt
KiFv9jQrg2TIWEvzYx9tywTCxc+FFMWAlbCzi+m4WD+QUWWfDQ009U/WM0ks0KwwEwSk/UDu
ToxGnKU2dQARAQABiQEfBBgBAgAJBQJSNx7KAhsMAAoJENJ9ZmzYjkK0c3MIAIE9hAR20mqJ
WLcsxLtrRs6uNF1VrpB+4n/55QU7oxA1iVBO6IFu4qgsF12JTavnJ5MLaETlggXY+zDef9sy
TPXoQctpzcaNVDmedwo1SiL03uMoblOvWpMR/Y0j6rm7IgrMWUDXDPvoPGjMl2q1iTeyHkMZ
EyUJ8SKsaHh4jV9wp9KmC8C+9CwMukL7vM5w8cgvJoAwsp3Fn59AxWthN3XJYcnMfStkIuWg
R7U2r+a210W6vnUxU4oN0PmMcursYPyeV0NX/KQeUeNMwGTFB6QHS/anRaGQewijkrYYoTNt
fllxIu9XYmiBERQ/qPDlGRlOgVTd9xUfHFkzB52c70E=
=92oX
-----END PGP PUBLIC KEY BLOCK-----
install_sources: |
- 'deb http://192.168.1.12/artifacts.elastic.co/packages/6.x/apt stable main'
nagios:
charm: cs:nagios
series: bionic
bindings:
"": *oam-space
num_units: 1
options:
enable_livestatus: true
check_timeout: 50
to:
- lxd:202
openstack-service-checks:
charm: cs:~llama-charmers-next/openstack-service-checks
constraints: *oam-space-constr
bindings:
"": *public-space
identity-credentials: *internal-space
num_units: 1
to:
- lxd:202
nrpe-host:
charm: cs:nrpe
bindings:
monitors: *oam-space
options:
nagios_hostname_type: "host"
nagios_host_context: *nagios-context
xfs_errors: "30"
netlinks: |
- bond0 mtu:1500 speed:1000
- bond1 mtu:9000 speed:50000
- eno1 mtu:1500 speed:1000
- eno2 mtu:1500 speed:1000
- enp25s0f0 mtu:9000 speed:25000
- enp25s0f1 mtu:9000 speed:25000
nrpe-container:
charm: cs:nrpe
bindings:
monitors: *oam-space
options:
nagios_hostname_type: unit
nagios_host_context: *nagios-context
disk_root: ''
load: ''
swap: ''
swap_activity: ''
mem: ''
landscape-client:
charm: cs:landscape-client
options:
account-name: "standalone"
#registration-key: include-file://../secrets/landscape-registration.txt
disable-unattended-upgrades: True
# the reason that this has to be done manually is because Landscape server needs an admin user to be
# created first (manual step, see above). Once the user and registration key is set configure the clients' url and ping-url options.
#ping-url: http://landscape.example.com/ping
#url: https://landscape.example.com/message-system
landscape-client-bionic:
charm: cs:landscape-client
options:
account-name: "standalone"
origin: |
deb http://192.168.1.12/ppa.launchpad.net/landscape/19.10/ubuntu bionic main|-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.6
Comment: Hostname: keyserver.ubuntu.com
mI0ESXN/egEEAOgRYISU9dnQm4BB5ZEEwKT+NKUDNd/DhMYdtBMw9Yk7S5cyoqpbtwoPJVzK
AXxq+ng5e3yYypSv98pLMr5UF09FGaeyGlD4s1uaVFWkFCO4jsTg7pWIY6qzO/jMxB5+Yu/G
0GjWQMNKxFk0oHMa0PhNBZtdPacVz65mOVmCsh/lABEBAAG0G0xhdW5jaHBhZCBQUEEgZm9y
IExhbmRzY2FwZYi2BBMBAgAgBQJJc396AhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQ
boWobkZStOb+rwP+ONKUWeX+MTIPqGWkknBPV7jm8nyyIUojC4IhS+9YR6GYnn0hMABSkEHm
IV73feKmrT2GESYI1UdYeKiOkWsPN/JyBk+eTvKet0qsw5TluqiHSW+LEi/+zUyrS3dDMX3o
yaLgYa+UkjIyxnaKLkQuCiS+D+fYwnJulIkhaKObtdE=
=UwRd
-----END PGP PUBLIC KEY BLOCK-----
#registration-key: include-file://../secrets/landscape-registration.txt
disable-unattended-upgrades: True
# the reason that this has to be done manually is because Landscape server needs an admin user to be
# created first (manual step, see above). Once the user and registration key is set configure the clients' url and ping-url options.
#ping-url: http://landscape.example.com/ping
#url: https://landscape.example.com/message-system
prometheus:
charm: cs:prometheus2
bindings:
"": *oam-space
num_units: 1
to:
- lxd:201
prometheus-openstack-exporter:
charm: cs:prometheus-openstack-exporter
constraints: *oam-space-constr
bindings:
"": *public-space
identity-credentials: *internal-space
prometheus-openstack-exporter-service: *oam-space
num_units: 1
to:
- lxd:201
grafana:
charm: cs:~prometheus-charmers/grafana
bindings:
"": *oam-space
options:
port: "3000"
install_method: snap
num_units: 1
to:
- lxd:201
telegraf:
charm: cs:telegraf
options:
# Contrail services are listening on 8094
socket_listener_port: '8095'
install_sources: |
- 'deb http://192.168.1.12/ppa.launchpad.net/telegraf-devs/ppa/ubuntu focal main'
install_keys: |-
- |
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.6
Comment: Hostname: keyserver.ubuntu.com
mQINBFcVSuIBEAC80aj0tAQ6+NhGV/bkSwu6Oj+BpDR50Be3uBv7ttdtvChL5zHTnaxjdK3h
LKSyrDLlmSOkffQ2uO7CxvqeF09MsHhyvrDDx0EY54//xxoAB++PoB2OQqmqldg3Al5Hp4Dz
rllV5CIX5PD8NGX8UpO3HXk5wEwn9G81l8cia3vPveU82EIkHMiJGpk6+L86OMlwXzxkSI3M
xXgNFKQc+ELDYLvGSseYC9vPN3kdmFoo/UjznPPE4fxr4bXit3N8Abl1jYjBa0x6SWkK1BAb
s8w3BXtvyk90z9Oyme69wPD4zAYfFp+kN2nDmTDBMtNCyMu9oatdI5SukMNK4Lcm8eAE6VNs
04j7BKvGk9+17M8WP9Pw8nIisOwScS9gUlJlLUpnBaJ+sxoOvGQ4mzZxYMKzJh0E58aEX3bS
AyzQfsae8bZLNOTcgotyzzIDJFF9npzu3wmKjeOt/706p4LiDqKUbQK6cI+QcJ/y80ZUK8pB
M043ttSHWLmTBFX2drp6zQGae9+02fX89ZD+5c+MPlubJMYCCKkvQT4OssHfC+dVDQ66rwUy
OObrzsVgikdpIxQVitL3J+Dms56xAkdFfoo+qdxxdv9S/eakc5mfavc/4WVvmFDaJiqJnJRR
Ryw1zApRtuweEEdVn8niy1mahoKpWaw1pTI4AazjWI6xJH1JyQARAQABtB9MYXVuY2hwYWQg
UFBBIGZvciBUZWxlZ3JhZiBEZXZziQI4BBMBAgAiBQJXFUriAhsDBgsJCAcDAgYVCAIJCgsE
FgIDAQIeAQIXgAAKCRDxDL4ByUQG9UgbEACa4IzdeYxH/S5I6MrZfvWNo/JTZ/MZWDD+QlMW
60ThAemCUSE+NJvZZ1q7ovGFpYnHJT9GQXOwJAX1quDUqyM1uXNmLlOyIVNnmjUTINoLhw2V
iC8E7dMWC9w4Na2fKezmNHH00kNl43ncstIjjZ3pLnDGYm1y0ItiCUcTRgHhx2cUZ/vStz1S
Pdqj4P3i8vuspoYJ2T3VPlM/0G+u9Yjuy3Uzu9RugOyO3UJPoi3+4O2VTNosSBy5MILVCp49
eigyFVGpq5sT/c86qd1zqmsNWEubrlzDfETS4LMj9epr46ZKPXGQkeryt1m2Oe0HkIdNZ+IQ
5p+i9fnEy7/1uKTXWQYsg2UWsLA2PvTvwY8JxxMhUFgv12q2w7STntqJyi9PLItYNtbtKoS3
XZCCMqQLCWMXHY+2ol6rRSfs06H/wzlR8LjDaEXkDVuDmqMtcbgTboZYblsGxst7I/Y4Wgfi
J52uiIyobQ69uJbG0XeRTLZ3WyrBkopEsTX/+sQjVqbADXYU4hBVDgnCf2uN/5dcwSEvDj8/
+WsToAfEJkscRBsQjTLVzf+eFqHLrbqz/yoYIqBc//IJMBSbxIf5mrOHHLdbOuMCB6PVwpTI
vLFOSDNPuVDX+S1goA8KJTnXpm8jWDynn3XaXx3AlYw4iZ0ETSgQLQLRd6JuPOEGXsGdBA==
=ufaX
-----END PGP PUBLIC KEY BLOCK-----
extra_plugins: |
[[inputs.exec]]
commands = [ "/usr/bin/awk '{print int($1)}' /proc/uptime" ]
name_override = "exec_uptime"
data_format = "value"
bindings:
# overrides private-address exposed to prometheus
prometheus-client: *oam-space
telegraf-prometheus:
charm: cs:telegraf
bindings:
# overrides private-address exposed to prometheus
prometheus-client: *oam-space
options:
install_sources: |
- 'deb http://192.168.1.12/ppa.launchpad.net/telegraf-devs/ppa/ubuntu focal main'
install_keys: |-
- |
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.6
Comment: Hostname: keyserver.ubuntu.com
mQINBFcVSuIBEAC80aj0tAQ6+NhGV/bkSwu6Oj+BpDR50Be3uBv7ttdtvChL5zHTnaxjdK3h
LKSyrDLlmSOkffQ2uO7CxvqeF09MsHhyvrDDx0EY54//xxoAB++PoB2OQqmqldg3Al5Hp4Dz
rllV5CIX5PD8NGX8UpO3HXk5wEwn9G81l8cia3vPveU82EIkHMiJGpk6+L86OMlwXzxkSI3M
xXgNFKQc+ELDYLvGSseYC9vPN3kdmFoo/UjznPPE4fxr4bXit3N8Abl1jYjBa0x6SWkK1BAb
s8w3BXtvyk90z9Oyme69wPD4zAYfFp+kN2nDmTDBMtNCyMu9oatdI5SukMNK4Lcm8eAE6VNs
04j7BKvGk9+17M8WP9Pw8nIisOwScS9gUlJlLUpnBaJ+sxoOvGQ4mzZxYMKzJh0E58aEX3bS
AyzQfsae8bZLNOTcgotyzzIDJFF9npzu3wmKjeOt/706p4LiDqKUbQK6cI+QcJ/y80ZUK8pB
M043ttSHWLmTBFX2drp6zQGae9+02fX89ZD+5c+MPlubJMYCCKkvQT4OssHfC+dVDQ66rwUy
OObrzsVgikdpIxQVitL3J+Dms56xAkdFfoo+qdxxdv9S/eakc5mfavc/4WVvmFDaJiqJnJRR
Ryw1zApRtuweEEdVn8niy1mahoKpWaw1pTI4AazjWI6xJH1JyQARAQABtB9MYXVuY2hwYWQg
UFBBIGZvciBUZWxlZ3JhZiBEZXZziQI4BBMBAgAiBQJXFUriAhsDBgsJCAcDAgYVCAIJCgsE
FgIDAQIeAQIXgAAKCRDxDL4ByUQG9UgbEACa4IzdeYxH/S5I6MrZfvWNo/JTZ/MZWDD+QlMW
60ThAemCUSE+NJvZZ1q7ovGFpYnHJT9GQXOwJAX1quDUqyM1uXNmLlOyIVNnmjUTINoLhw2V
iC8E7dMWC9w4Na2fKezmNHH00kNl43ncstIjjZ3pLnDGYm1y0ItiCUcTRgHhx2cUZ/vStz1S
Pdqj4P3i8vuspoYJ2T3VPlM/0G+u9Yjuy3Uzu9RugOyO3UJPoi3+4O2VTNosSBy5MILVCp49
eigyFVGpq5sT/c86qd1zqmsNWEubrlzDfETS4LMj9epr46ZKPXGQkeryt1m2Oe0HkIdNZ+IQ
5p+i9fnEy7/1uKTXWQYsg2UWsLA2PvTvwY8JxxMhUFgv12q2w7STntqJyi9PLItYNtbtKoS3
XZCCMqQLCWMXHY+2ol6rRSfs06H/wzlR8LjDaEXkDVuDmqMtcbgTboZYblsGxst7I/Y4Wgfi
J52uiIyobQ69uJbG0XeRTLZ3WyrBkopEsTX/+sQjVqbADXYU4hBVDgnCf2uN/5dcwSEvDj8/
+WsToAfEJkscRBsQjTLVzf+eFqHLrbqz/yoYIqBc//IJMBSbxIf5mrOHHLdbOuMCB6PVwpTI
vLFOSDNPuVDX+S1goA8KJTnXpm8jWDynn3XaXx3AlYw4iZ0ETSgQLQLRd6JuPOEGXsGdBA==
=ufaX
-----END PGP PUBLIC KEY BLOCK-----
# canonical-livepatch:
# charm: cs:canonical-livepatch
# options:
@ -1408,195 +1061,9 @@ relations:
- [ "etcd:certificates", "easyrsa:client" ]
- [ "etcd:db", "vault:etcd" ]
# vault lma/monitoring
- [ "filebeat:beats-host", "vault:juju-info" ]
- [ "nrpe-container:nrpe-external-master", "vault:nrpe-external-master" ]
- [ "landscape-client:container", "vault:juju-info" ]
- [ "filebeat:beats-host", "etcd:juju-info" ]
- [ "nrpe-container:nrpe-external-master", "etcd:nrpe-external-master" ]
- [ "landscape-client:container", "etcd:juju-info" ]
- [ "filebeat:beats-host", "easyrsa:juju-info" ]
- [ "nrpe-container:general-info", "easyrsa:juju-info" ]
- [ "landscape-client:container", "easyrsa:juju-info" ]
# memcached
- [ "memcached:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "memcached:juju-info", "filebeat:beats-host" ]
- [ "memcached:juju-info", "landscape-client:container" ]
# grafana
- [ "grafana:juju-info", "filebeat:beats-host" ]
- [ "grafana:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "grafana:juju-info", "landscape-client:container" ]
# graylog
- [ "graylog:elasticsearch", "elasticsearch:client" ]
- [ "graylog:mongodb", "graylog-mongodb:database" ]
- [ "graylog:beats", "filebeat:logstash" ]
- [ "graylog:nrpe-external-master", "nrpe-host:nrpe-external-master" ]
- [ "graylog:juju-info", "telegraf:juju-info" ]
- [ "graylog:juju-info", "landscape-client:container" ]
# nagios
- [ "nagios:juju-info", "filebeat:beats-host" ]
- [ "nagios:monitors", "nrpe-container:monitors" ]
- [ "nagios:monitors", "nrpe-host:monitors" ]
- [ "nagios:juju-info", "landscape-client-bionic:container" ]
# openstack-service-checks
- [ "openstack-service-checks:identity-credentials", "keystone:identity-credentials" ]
- [ "openstack-service-checks:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "openstack-service-checks:juju-info", "filebeat:beats-host" ]
- [ "openstack-service-checks:juju-info", "landscape-client:container" ]
# graylog-mongodb
- [ "graylog-mongodb:juju-info", "filebeat:beats-host" ]
- [ "graylog-mongodb:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "graylog-mongodb:juju-info", "landscape-client:container" ]
# elasticsearch
- [ "elasticsearch:juju-info", "filebeat:beats-host" ]
- [ "elasticsearch:juju-info", "telegraf:juju-info" ]
- [ "elasticsearch:nrpe-external-master", "nrpe-host:nrpe-external-master" ]
- [ "elasticsearch:juju-info", "landscape-client:container" ]
# prometheus
- [ "prometheus:juju-info", "filebeat:beats-host" ]
- [ "prometheus:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "prometheus:juju-info", "telegraf-prometheus:juju-info" ]
- [ "prometheus:grafana-source", "grafana:grafana-source" ]
- [ "prometheus:target", "telegraf:prometheus-client" ]
- [ "prometheus:juju-info", "landscape-client:container" ]
# prometheus-openstack-exporter
- [ "prometheus-openstack-exporter:identity-credentials", "keystone:identity-credentials" ]
- [ "prometheus-openstack-exporter:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "prometheus-openstack-exporter:prometheus-openstack-exporter-service", "prometheus:target" ]
- [ "prometheus-openstack-exporter:juju-info", "filebeat:beats-host" ]
- [ "prometheus-openstack-exporter:juju-info", "landscape-client:container" ]
# juniper server
- [ "juniper-server:juju-info", "ntp:juju-info" ]
# grafana dashboards
- [ "grafana:dashboards", "telegraf:dashboards" ]
- [ "grafana:dashboards", "telegraf-prometheus:dashboards" ]
# lma server
- [ "lma-server:juju-info", "ntp:juju-info" ]
# LMA/landscape subordinates
- [ "nova-compute:juju-info", "filebeat:beats-host" ]
# - [ "nova-compute:juju-info", "telegraf:juju-info" ]
- [ "nova-compute:nrpe-external-master", "nrpe-host:nrpe-external-master" ]
- [ "nova-compute:juju-info", "landscape-client:container" ]
- [ "ceph-osd:juju-info", "telegraf:juju-info" ]
- [ "neutron-gateway:juju-info", "filebeat:beats-host" ]
- [ "neutron-gateway:juju-info", "telegraf:juju-info" ]
- [ "neutron-gateway:nrpe-external-master", "nrpe-host:nrpe-external-master" ]
- [ "neutron-gateway:juju-info", "landscape-client:container" ]
- [ "keystone:juju-info", "filebeat:beats-host" ]
- [ "keystone:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "keystone:juju-info", "landscape-client:container" ]
- [ "glance:juju-info", "filebeat:beats-host" ]
- [ "glance:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "glance:juju-info", "landscape-client:container" ]
- [ "cinder:juju-info", "filebeat:beats-host" ]
- [ "cinder:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "cinder:juju-info", "landscape-client:container" ]
# - [ "cinder2:juju-info", "filebeat:beats-host" ]
# - [ "cinder2:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
# - [ "cinder2:juju-info", "landscape-client:container" ]
- [ "heat:juju-info", "filebeat:beats-host" ]
- [ "heat:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "heat:juju-info", "landscape-client:container" ]
- [ "mysql-innodb-cluster:juju-info", "filebeat:beats-host" ]
- [ "mysql-innodb-cluster:juju-info", "nrpe-container:general-info" ]
- [ "mysql-innodb-cluster:juju-info", "landscape-client:container" ]
- [ "ceph-mon:prometheus", "prometheus:target" ]
- [ "ceph-mon:juju-info", "filebeat:beats-host" ]
- [ "ceph-mon:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "ceph-mon:juju-info", "landscape-client:container" ]
- [ "neutron-api:juju-info", "filebeat:beats-host" ]
- [ "neutron-api:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "neutron-api:juju-info", "landscape-client:container" ]
- [ "rabbitmq-server:juju-info", "filebeat:beats-host" ]
- [ "rabbitmq-server:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "rabbitmq-server:juju-info", "landscape-client:container" ]
- [ "openstack-dashboard:juju-info", "filebeat:beats-host" ]
- [ "openstack-dashboard:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "openstack-dashboard:juju-info", "landscape-client:container" ]
- [ "nova-cloud-controller:juju-info", "filebeat:beats-host" ]
- [ "nova-cloud-controller:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "nova-cloud-controller:juju-info", "landscape-client:container" ]
- [ "gnocchi:juju-info", "filebeat:beats-host" ]
- [ "gnocchi:juju-info", "nrpe-container:general-info" ]
- [ "gnocchi:juju-info", "landscape-client:container" ]
- [ "ceilometer:juju-info", "filebeat:beats-host" ]
- [ "ceilometer:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "ceilometer:juju-info", "landscape-client:container" ]
- [ "aodh:juju-info", "filebeat:beats-host" ]
- [ "aodh:juju-info", "nrpe-container:general-info" ]
- [ "aodh:juju-info", "landscape-client:container" ]
- [ "placement:juju-info", "filebeat:beats-host" ]
- [ "placement:juju-info", "nrpe-container:general-info" ]
- [ "placement:juju-info", "landscape-client:container" ]
- [ "juniper-server:juju-info", "filebeat:beats-host" ]
- [ "juniper-server:juju-info", "telegraf:juju-info" ]
- [ "juniper-server:juju-info", "landscape-client:container" ]
- [ "juniper-server:juju-info", "nrpe-host:general-info" ]
- [ "hacluster-aodh:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "hacluster-cinder:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "hacluster-glance:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "hacluster-gnocchi:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "hacluster-heat:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "hacluster-horizon:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "hacluster-keystone:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "hacluster-neutron:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "hacluster-nova:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "hacluster-placement:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
# Landscape
- [ "landscape-server:juju-info", "ntp:juju-info" ]
- [ "landscape-server:juju-info", "filebeat:beats-host" ]
- [ "landscape-server:juju-info", "nrpe-host:general-info" ]
- [ "landscape-server:juju-info", "telegraf:juju-info" ]
- [ "landscape-server:juju-info", "landscape-client-bionic:container" ]
- [ "landscape-rabbitmq-server:juju-info", "ntp:juju-info" ]
- [ "landscape-rabbitmq-server:juju-info", "filebeat:beats-host" ]
- [ "landscape-rabbitmq-server:nrpe-external-master", "nrpe-host:nrpe-external-master" ]
- [ "landscape-rabbitmq-server:juju-info", "landscape-client:container" ]
- [ "landscape-postgresql:juju-info", "ntp:juju-info" ]
- [ "landscape-postgresql:juju-info", "filebeat:beats-host" ]
- [ "landscape-postgresql:local-monitors", "nrpe-host:local-monitors" ]
- [ "landscape-postgresql:juju-info", "nrpe-host:general-info" ]
- [ "landscape-postgresql:juju-info", "landscape-client-bionic:container" ]
- [ "landscape-haproxy:juju-info", "filebeat:beats-host" ]
- [ "landscape-haproxy:juju-info", "nrpe-host:general-info" ]
- [ "landscape-haproxy:local-monitors", "nrpe-host:local-monitors" ]
- [ "landscape-haproxy:juju-info", "landscape-client:container" ]
- [ "landscape-server:amqp", "landscape-rabbitmq-server:amqp" ]
- [ "landscape-server:website", "landscape-haproxy:reverseproxy" ]
- [ "landscape-server:db", "landscape-postgresql:db-admin" ]

7
config/juju-model-default-cis.yaml
View File

@ -130,6 +130,12 @@ cloudinit-userdata: |
ruleset4="4.2.1.1 4.2.1.2 4.2.1.3 4.2.1.4 4.2.1.5 4.2.1.6 4.2.2.1 4.2.2.2 4.2.2.3 4.2.3 4.3 4.4"
ruleset5="5.1.1 5.1.2 5.1.3 5.1.4 5.1.5 5.1.6 5.1.7 5.1.8 5.1.9 5.2.1 5.2.2 5.2.3 5.2.4 5.2.6 5.2.7 5.2.8 5.2.9 5.2.10 5.2.11 5.2.12 5.2.13 5.2.14 5.2.15 5.2.16 5.2.17 5.2.18 5.2.19 5.2.21 5.2.22 5.3.1 5.3.2 5.3.3 5.3.4 5.4.1.1 5.4.1.2 5.4.1.3 5.4.1.4 5.4.1.5 5.4.2 5.4.3 5.4.4 5.4.5 5.5 5.6"
ruleset6="6.1.2 6.1.3 6.1.4 6.1.5 6.1.6 6.1.7 6.1.8 6.1.9 6.1.10 6.1.11 6.1.12 6.1.13 6.1.14 6.2.1 6.2.2 6.2.3 6.2.4 6.2.5 6.2.6 6.2.7 6.2.8 6.2.9 6.2.10 6.2.11 6.2.12 6.2.13 6.2.14 6.2.15 6.2.16 6.2.17"
- owner: root:root
path: /etc/systemd/network/99-default.link
permissions: '0644'
content: |
[Link]
NamePolicy=keep kernel database onboard path slot
preruncmd:
- locale-gen en_GB.UTF-8; update-locale
- wget -qO - http://192.168.1.12/keys/security-benchmarks.asc | sudo apt-key add -
@ -146,6 +152,7 @@ cloudinit-userdata: |
- "! systemd-detect-virt --container && mv /root/99-post-juju.yaml /etc/netplan/99-post-juju.yaml"
- "! systemd-detect-virt --container && sudo lxc profile set default security.nesting true"
- sudo netplan apply
- "! systemd-detect-virt --container && update-initramfs -u -k all"
snap:
commands:
"00": systemctl restart snapd

7
config/juju-model-default.yaml
View File

@ -25,6 +25,12 @@ cloudinit-userdata: |
link-local: []
ens9:
link-local: []
- owner: root:root
path: /etc/systemd/network/99-default.link
permissions: '0644'
content: |
[Link]
NamePolicy=keep kernel database onboard path slot
preruncmd:
- locale-gen en_GB.UTF-8; update-locale
- "systemd-detect-virt --container && rm -rf /root/99-post-juju.yaml"
@ -32,6 +38,7 @@ cloudinit-userdata: |
- "! systemd-detect-virt --container && mv /root/99-post-juju.yaml /etc/netplan/99-post-juju.yaml"
- "! systemd-detect-virt --container && sudo lxc profile set default security.nesting true"
- sudo netplan apply
- "! systemd-detect-virt --container && update-initramfs -u -k all"
snap:
commands:
"00": systemctl restart snapd

10
config/juju_deploy_focal.sh
View File

@ -13,11 +13,15 @@ juju deploy ./bundle_${series}.yaml \
--overlay ./overlays/ldap.yaml \
--overlay ./overlays/resources.yaml \
--overlay ./overlays/openstack_versioned_overlay_${series}.yaml \
--overlay ./overlays/lma_offers.yaml \
--overlay ./overlays/ssl.yaml \
--overlay ./overlays/ssl_${series}.yaml \
--overlay ./overlays/stsstack.yaml $*
# --overlay ./overlays/lma_offers.yaml \
# --overlay ./overlays/advanced-routing.yaml \
# --overlay ./overlays/lma.yaml \
# --overlay ./overlays/landscape.yaml \
# --overlay ./overlays/ssl.yaml \
# --overlay ./overlays/ssl_${series}.yaml \
# --overlay ./overlays/contrail.yaml \
# --overlay ./overlays/openstack_versioned_overlay.yaml \
# --overlay ./overlays/openstack_versioned_overlay_gemini.yaml \

31
config/overlays/advanced-routing.yaml Normal file
View File

@ -0,0 +1,31 @@
applications:
external-advanced-routing:
charm: cs:advanced-routing
options:
enable-advanced-routing: true
advanced-routing-config: |
[ {
"type": "table",
"table": "SF1"
}, {
"type": "route",
"default_route": true,
"gateway": "192.168.1.254",
"table": "SF1"
}, {
"type": "rule",
"from-net": "192.168.1.0/24",
"to-net": "192.168.1.0/24",
"priority": 100
}, {
"type": "rule",
"from-net": "192.168.1.0/24",
"table": "SF1",
"priority": 101
} ]
# See LP #1871856:
# Charm shouldn't "block" if apply-changes action is configured
action-managed-update: False
relations:
- [ "external-advanced-routing:juju-info", "aodh:juju-info" ]

151
config/overlays/landscape.yaml Normal file
View File

@ -0,0 +1,151 @@
variables:
oam-space: &oam-space oam
openstack-origin: &openstack-origin distro
applications:
landscape-server:
charm: cs:landscape-server
series: bionic
bindings:
"": *oam-space
options:
install_sources: |-
- 'deb http://192.168.1.12/ppa.launchpad.net/landscape/19.10/ubuntu bionic main'
install_keys: |-
- |
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.6
Comment: Hostname: keyserver.ubuntu.com
mI0ESXN/egEEAOgRYISU9dnQm4BB5ZEEwKT+NKUDNd/DhMYdtBMw9Yk7S5cyoqpbtwoPJVzK
AXxq+ng5e3yYypSv98pLMr5UF09FGaeyGlD4s1uaVFWkFCO4jsTg7pWIY6qzO/jMxB5+Yu/G
0GjWQMNKxFk0oHMa0PhNBZtdPacVz65mOVmCsh/lABEBAAG0G0xhdW5jaHBhZCBQUEEgZm9y
IExhbmRzY2FwZYi2BBMBAgAgBQJJc396AhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQ
boWobkZStOb+rwP+ONKUWeX+MTIPqGWkknBPV7jm8nyyIUojC4IhS+9YR6GYnn0hMABSkEHm
IV73feKmrT2GESYI1UdYeKiOkWsPN/JyBk+eTvKet0qsw5TluqiHSW+LEi/+zUyrS3dDMX3o
yaLgYa+UkjIyxnaKLkQuCiS+D+fYwnJulIkhaKObtdE=
=UwRd
-----END PGP PUBLIC KEY BLOCK-----
license-file: include-base64://../../secrets/ldslicense.txt
#root-url: http://landscape.example.com/
num_units: 3
to:
- 300
- 301
- 302
landscape-rabbitmq-server:
charm: cs:rabbitmq-server
bindings:
"": *oam-space
cluster: *oam-space
amqp: *oam-space
num_units: 3
options:
source: *openstack-origin
min-cluster-size: 3
cluster-partition-handling: pause_minority
to:
- lxd:300
- lxd:301
- lxd:302
landscape-postgresql:
charm: cs:postgresql
series: bionic
bindings:
"": *oam-space
options:
extra_packages: python-apt postgresql-contrib postgresql-.*-debversion postgresql-plpython.*
max_connections: 500
max_prepared_transactions: 500
num_units: 2
to:
- lxd:300
- lxd:301
landscape-haproxy:
charm: cs:haproxy
bindings:
"": *oam-space
options:
default_timeouts: "queue 60000, connect 5000, client 120000, server 120000"
services: ""
source: backports
ssl_cert: SELFSIGNED
global_default_bind_options: "no-tlsv10"
num_units: 1
to:
- lxd:302
landscape-client:
charm: cs:landscape-client
options:
account-name: "standalone"
#registration-key: include-file://../secrets/landscape-registration.txt
disable-unattended-upgrades: True
# the reason that this has to be done manually is because Landscape server needs an admin user to be
# created first (manual step, see above). Once the user and registration key is set configure the clients' url and ping-url options.
#ping-url: http://landscape.example.com/ping
#url: https://landscape.example.com/message-system
landscape-client-bionic:
charm: cs:landscape-client
options:
account-name: "standalone"
origin: |
deb http://192.168.1.12/ppa.launchpad.net/landscape/19.10/ubuntu bionic main|-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.6
Comment: Hostname: keyserver.ubuntu.com
mI0ESXN/egEEAOgRYISU9dnQm4BB5ZEEwKT+NKUDNd/DhMYdtBMw9Yk7S5cyoqpbtwoPJVzK
AXxq+ng5e3yYypSv98pLMr5UF09FGaeyGlD4s1uaVFWkFCO4jsTg7pWIY6qzO/jMxB5+Yu/G
0GjWQMNKxFk0oHMa0PhNBZtdPacVz65mOVmCsh/lABEBAAG0G0xhdW5jaHBhZCBQUEEgZm9y
IExhbmRzY2FwZYi2BBMBAgAgBQJJc396AhsDBgsJCAcDAgQVAggDBBYCAwECHgECF4AACgkQ
boWobkZStOb+rwP+ONKUWeX+MTIPqGWkknBPV7jm8nyyIUojC4IhS+9YR6GYnn0hMABSkEHm
IV73feKmrT2GESYI1UdYeKiOkWsPN/JyBk+eTvKet0qsw5TluqiHSW+LEi/+zUyrS3dDMX3o
yaLgYa+UkjIyxnaKLkQuCiS+D+fYwnJulIkhaKObtdE=
=UwRd
-----END PGP PUBLIC KEY BLOCK-----
#registration-key: include-file://../secrets/landscape-registration.txt
disable-unattended-upgrades: True
# the reason that this has to be done manually is because Landscape server needs an admin user to be
# created first (manual step, see above). Once the user and registration key is set configure the clients' url and ping-url options.
#ping-url: http://landscape.example.com/ping
#url: https://landscape.example.com/message-system
relations:
# Landscape Applications
- [ "landscape-server:juju-info", "ntp:juju-info" ]
- [ "landscape-rabbitmq-server:juju-info", "ntp:juju-info" ]
- [ "landscape-rabbitmq-server:juju-info", "landscape-client:container" ]
- [ "landscape-postgresql:juju-info", "ntp:juju-info" ]
- [ "landscape-server:amqp", "landscape-rabbitmq-server:amqp" ]
- [ "landscape-server:website", "landscape-haproxy:reverseproxy" ]
- [ "landscape-server:db", "landscape-postgresql:db-admin" ]
# landscape-client-bionic
- [ "landscape-client-bionic:container", "landscape-haproxy:juju-info" ]
- [ "landscape-client-bionic:container", "landscape-postgresql:juju-info" ]
- [ "landscape-client-bionic:container", "landscape-server:juju-info" ]
# landscape-client
- [ "landscape-client:container", "vault:juju-info" ]
- [ "landscape-client:container", "etcd:juju-info" ]
- [ "landscape-client:container", "easyrsa:juju-info" ]
- [ "landscape-client:container", "memcached:juju-info" ]
- [ "landscape-client:container", "nova-compute:juju-info" ]
- [ "landscape-client:container", "neutron-gateway:juju-info" ]
- [ "landscape-client:container", "keystone:juju-info" ]
- [ "landscape-client:container", "glance:juju-info" ]
- [ "landscape-client:container", "cinder:juju-info" ]
# - [ "landscape-client:container", "cinder2:juju-info" ]
- [ "landscape-client:container", "heat:juju-info" ]
- [ "landscape-client:container", "mysql-innodb-cluster:juju-info" ]
- [ "landscape-client:container", "ceph-mon:juju-info" ]
- [ "landscape-client:container", "neutron-api:juju-info" ]
- [ "landscape-client:container", "rabbitmq-server:juju-info" ]
- [ "landscape-client:container", "openstack-dashboard:juju-info" ]
- [ "landscape-client:container", "nova-cloud-controller:juju-info" ]
- [ "landscape-client:container", "gnocchi:juju-info" ]
- [ "landscape-client:container", "ceilometer:juju-info" ]
- [ "landscape-client:container", "aodh:juju-info" ]
- [ "landscape-client:container", "placement:juju-info" ]
- [ "landscape-client:container", "juniper-server:juju-info" ]

415
config/overlays/lma.yaml Normal file
View File

@ -0,0 +1,415 @@
variables:
oam-space: &oam-space oam
public-space: &public-space oam
internal-space: &internal-space oam
nagios-context: &nagios-context arif-nc01
oam-space-constr: &oam-space-constr spaces=oam
applications:
graylog:
charm: cs:graylog
bindings:
"": *oam-space
num_units: 1
options:
channel: "4/stable"
jvm_heap_size: '1G'
rest_transport_uri: http://graylog.example.com:9001
index_rotation_period: PT3H
to:
- 200
graylog-mongodb:
charm: cs:mongodb
bindings:
"": *oam-space
num_units: 1
options:
nagios_context: *nagios-context
to:
- lxd:200
elasticsearch:
charm: cs:elasticsearch
bindings:
"": *oam-space
num_units: 2
options:
firewall_enabled: False
es-heap-size: 2
gpg-key: |
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.6
Comment: Hostname: keyserver.ubuntu.com
mQENBFI3HsoBCADXDtbNJnxbPqB1vDNtCsqhe49vFYsZN9IOZsZXgp7aHjh6CJBDA+bGFOwy
hbd7at35jQjWAw1O3cfYsKAmFy+Ar3LHCMkV3oZspJACTIgCrwnkic/9CUliQe324qvObU2Q
RtP4Fl0zWcfb/S8UYzWXWIFuJqMvE9MaRY1bwUBvzoqavLGZj3SF1SPO+TB5QrHkrQHBsmX+
Jda6d4Ylt8/t6CvMwgQNlrlzIO9WT+YN6zS+sqHd1YK/aY5qhoLNhp9G/HxhcSVCkLq8SStj
1ZZ1S9juBPoXV1ZWNbxFNGwOh/NYGldD2kmBf3YgCqeLzHahsAEpvAm8TBa7Q9W21C8vABEB
AAG0RUVsYXN0aWNzZWFyY2ggKEVsYXN0aWNzZWFyY2ggU2lnbmluZyBLZXkpIDxkZXZfb3Bz
QGVsYXN0aWNzZWFyY2gub3JnPokBOAQTAQIAIgUCUjceygIbAwYLCQgHAwIGFQgCCQoLBBYC
AwECHgECF4AACgkQ0n1mbNiOQrRzjAgAlTUQ1mgo3nK6BGXbj4XAJvuZDG0HILiUt+pPnz75
nsf0NWhqR4yGFlmpuctgCmTD+HzYtV9fp9qW/bwVuJCNtKXk3sdzYABY+Yl0Cez/7C2GuGCO
lbn0luCNT9BxJnh4mC9h/cKI3y5jvZ7wavwe41teqG14V+EoFSn3NPKmTxcDTFrV7SmVPxCB
cQze00cJhprKxkuZMPPVqpBS+JfDQtzUQD/LSFfhHj9eD+Xe8d7sw+XvxB2aN4gnTlRzjL1n
TRp0h2/IOGkqYfIG9rWmSLNlxhB2t+c0RsjdGM4/eRlPWylFbVMc5pmDpItrkWSnzBfkmXL3
vO2X3WvwmSFiQbkBDQRSNx7KAQgA5JUlzcMW5/cuyZR8alSacKqhSbvoSqqbzHKcUQZmlzNM
KGTABFG1yRx9r+wa/fvqP6OTRzRDvVS/cycws8YX7Ddum7x8uI95b9ye1/Xy5noPEm8cD+hp
lnpU+PBQZJ5XJ2I+1l9Nixx47wPGXeClLqcdn0ayd+v+Rwf3/XUJrvccG2YZUiQ4jWZkoxsA
07xx7Bj+Lt8/FKG7sHRFvePFU0ZS6JFx9GJqjSBbHRRkam+4emW3uWgVfZxuwcUCn1ayNgRt
KiFv9jQrg2TIWEvzYx9tywTCxc+FFMWAlbCzi+m4WD+QUWWfDQ009U/WM0ks0KwwEwSk/UDu
ToxGnKU2dQARAQABiQEfBBgBAgAJBQJSNx7KAhsMAAoJENJ9ZmzYjkK0c3MIAIE9hAR20mqJ
WLcsxLtrRs6uNF1VrpB+4n/55QU7oxA1iVBO6IFu4qgsF12JTavnJ5MLaETlggXY+zDef9sy
TPXoQctpzcaNVDmedwo1SiL03uMoblOvWpMR/Y0j6rm7IgrMWUDXDPvoPGjMl2q1iTeyHkMZ
EyUJ8SKsaHh4jV9wp9KmC8C+9CwMukL7vM5w8cgvJoAwsp3Fn59AxWthN3XJYcnMfStkIuWg
R7U2r+a210W6vnUxU4oN0PmMcursYPyeV0NX/KQeUeNMwGTFB6QHS/anRaGQewijkrYYoTNt
fllxIu9XYmiBERQ/qPDlGRlOgVTd9xUfHFkzB52c70E=
=92oX
-----END PGP PUBLIC KEY BLOCK-----
apt-repository: 'deb http://192.168.1.12/artifacts.elastic.co/packages/6.x/apt stable main'
to:
- 201
- 202
filebeat:
charm: cs:filebeat
options:
logpath: "/var/log/*.log /var/log/*/*.log /var/log/syslog"
install_keys: |-
- |
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.6
Comment: Hostname: keyserver.ubuntu.com
mQENBFI3HsoBCADXDtbNJnxbPqB1vDNtCsqhe49vFYsZN9IOZsZXgp7aHjh6CJBDA+bGFOwy
hbd7at35jQjWAw1O3cfYsKAmFy+Ar3LHCMkV3oZspJACTIgCrwnkic/9CUliQe324qvObU2Q
RtP4Fl0zWcfb/S8UYzWXWIFuJqMvE9MaRY1bwUBvzoqavLGZj3SF1SPO+TB5QrHkrQHBsmX+
Jda6d4Ylt8/t6CvMwgQNlrlzIO9WT+YN6zS+sqHd1YK/aY5qhoLNhp9G/HxhcSVCkLq8SStj
1ZZ1S9juBPoXV1ZWNbxFNGwOh/NYGldD2kmBf3YgCqeLzHahsAEpvAm8TBa7Q9W21C8vABEB
AAG0RUVsYXN0aWNzZWFyY2ggKEVsYXN0aWNzZWFyY2ggU2lnbmluZyBLZXkpIDxkZXZfb3Bz
QGVsYXN0aWNzZWFyY2gub3JnPokBOAQTAQIAIgUCUjceygIbAwYLCQgHAwIGFQgCCQoLBBYC
AwECHgECF4AACgkQ0n1mbNiOQrRzjAgAlTUQ1mgo3nK6BGXbj4XAJvuZDG0HILiUt+pPnz75
nsf0NWhqR4yGFlmpuctgCmTD+HzYtV9fp9qW/bwVuJCNtKXk3sdzYABY+Yl0Cez/7C2GuGCO
lbn0luCNT9BxJnh4mC9h/cKI3y5jvZ7wavwe41teqG14V+EoFSn3NPKmTxcDTFrV7SmVPxCB
cQze00cJhprKxkuZMPPVqpBS+JfDQtzUQD/LSFfhHj9eD+Xe8d7sw+XvxB2aN4gnTlRzjL1n
TRp0h2/IOGkqYfIG9rWmSLNlxhB2t+c0RsjdGM4/eRlPWylFbVMc5pmDpItrkWSnzBfkmXL3
vO2X3WvwmSFiQbkBDQRSNx7KAQgA5JUlzcMW5/cuyZR8alSacKqhSbvoSqqbzHKcUQZmlzNM
KGTABFG1yRx9r+wa/fvqP6OTRzRDvVS/cycws8YX7Ddum7x8uI95b9ye1/Xy5noPEm8cD+hp
lnpU+PBQZJ5XJ2I+1l9Nixx47wPGXeClLqcdn0ayd+v+Rwf3/XUJrvccG2YZUiQ4jWZkoxsA
07xx7Bj+Lt8/FKG7sHRFvePFU0ZS6JFx9GJqjSBbHRRkam+4emW3uWgVfZxuwcUCn1ayNgRt
KiFv9jQrg2TIWEvzYx9tywTCxc+FFMWAlbCzi+m4WD+QUWWfDQ009U/WM0ks0KwwEwSk/UDu
ToxGnKU2dQARAQABiQEfBBgBAgAJBQJSNx7KAhsMAAoJENJ9ZmzYjkK0c3MIAIE9hAR20mqJ
WLcsxLtrRs6uNF1VrpB+4n/55QU7oxA1iVBO6IFu4qgsF12JTavnJ5MLaETlggXY+zDef9sy
TPXoQctpzcaNVDmedwo1SiL03uMoblOvWpMR/Y0j6rm7IgrMWUDXDPvoPGjMl2q1iTeyHkMZ
EyUJ8SKsaHh4jV9wp9KmC8C+9CwMukL7vM5w8cgvJoAwsp3Fn59AxWthN3XJYcnMfStkIuWg
R7U2r+a210W6vnUxU4oN0PmMcursYPyeV0NX/KQeUeNMwGTFB6QHS/anRaGQewijkrYYoTNt
fllxIu9XYmiBERQ/qPDlGRlOgVTd9xUfHFkzB52c70E=
=92oX
-----END PGP PUBLIC KEY BLOCK-----
install_sources: |
- 'deb http://192.168.1.12/artifacts.elastic.co/packages/6.x/apt stable main'
nagios:
charm: cs:nagios
series: bionic
bindings:
"": *oam-space
num_units: 1
options:
enable_livestatus: true
check_timeout: 50
to:
- lxd:202
openstack-service-checks:
charm: cs:~llama-charmers-next/openstack-service-checks
constraints: *oam-space-constr
bindings:
"": *public-space
identity-credentials: *internal-space
num_units: 1
to:
- lxd:202
nrpe-host:
charm: cs:nrpe
bindings:
monitors: *oam-space
options:
nagios_hostname_type: "host"
nagios_host_context: *nagios-context
xfs_errors: "30"
netlinks: |
- bond0 mtu:1500 speed:1000
- bond1 mtu:9000 speed:50000
- eno1 mtu:1500 speed:1000
- eno2 mtu:1500 speed:1000
- enp25s0f0 mtu:9000 speed:25000
- enp25s0f1 mtu:9000 speed:25000
nrpe-container:
charm: cs:nrpe
bindings:
monitors: *oam-space
options:
nagios_hostname_type: unit
nagios_host_context: *nagios-context
disk_root: ''
load: ''
swap: ''
swap_activity: ''
mem: ''
prometheus:
charm: cs:prometheus2
bindings:
"": *oam-space
num_units: 1
to:
- lxd:201
prometheus-openstack-exporter:
charm: cs:prometheus-openstack-exporter
constraints: *oam-space-constr
bindings:
"": *public-space
identity-credentials: *internal-space
prometheus-openstack-exporter-service: *oam-space
num_units: 1
to:
- lxd:201
grafana:
charm: cs:~prometheus-charmers/grafana
bindings:
"": *oam-space
options:
port: "3000"
install_method: snap
num_units: 1
to:
- lxd:201
telegraf:
charm: cs:telegraf
options:
# Contrail services are listening on 8094
socket_listener_port: '8095'
install_sources: |
- 'deb http://192.168.1.12/ppa.launchpad.net/telegraf-devs/ppa/ubuntu focal main'
install_keys: |-
- |
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.6
Comment: Hostname: keyserver.ubuntu.com
mQINBFcVSuIBEAC80aj0tAQ6+NhGV/bkSwu6Oj+BpDR50Be3uBv7ttdtvChL5zHTnaxjdK3h
LKSyrDLlmSOkffQ2uO7CxvqeF09MsHhyvrDDx0EY54//xxoAB++PoB2OQqmqldg3Al5Hp4Dz
rllV5CIX5PD8NGX8UpO3HXk5wEwn9G81l8cia3vPveU82EIkHMiJGpk6+L86OMlwXzxkSI3M
xXgNFKQc+ELDYLvGSseYC9vPN3kdmFoo/UjznPPE4fxr4bXit3N8Abl1jYjBa0x6SWkK1BAb
s8w3BXtvyk90z9Oyme69wPD4zAYfFp+kN2nDmTDBMtNCyMu9oatdI5SukMNK4Lcm8eAE6VNs
04j7BKvGk9+17M8WP9Pw8nIisOwScS9gUlJlLUpnBaJ+sxoOvGQ4mzZxYMKzJh0E58aEX3bS
AyzQfsae8bZLNOTcgotyzzIDJFF9npzu3wmKjeOt/706p4LiDqKUbQK6cI+QcJ/y80ZUK8pB
M043ttSHWLmTBFX2drp6zQGae9+02fX89ZD+5c+MPlubJMYCCKkvQT4OssHfC+dVDQ66rwUy
OObrzsVgikdpIxQVitL3J+Dms56xAkdFfoo+qdxxdv9S/eakc5mfavc/4WVvmFDaJiqJnJRR
Ryw1zApRtuweEEdVn8niy1mahoKpWaw1pTI4AazjWI6xJH1JyQARAQABtB9MYXVuY2hwYWQg
UFBBIGZvciBUZWxlZ3JhZiBEZXZziQI4BBMBAgAiBQJXFUriAhsDBgsJCAcDAgYVCAIJCgsE
FgIDAQIeAQIXgAAKCRDxDL4ByUQG9UgbEACa4IzdeYxH/S5I6MrZfvWNo/JTZ/MZWDD+QlMW
60ThAemCUSE+NJvZZ1q7ovGFpYnHJT9GQXOwJAX1quDUqyM1uXNmLlOyIVNnmjUTINoLhw2V
iC8E7dMWC9w4Na2fKezmNHH00kNl43ncstIjjZ3pLnDGYm1y0ItiCUcTRgHhx2cUZ/vStz1S
Pdqj4P3i8vuspoYJ2T3VPlM/0G+u9Yjuy3Uzu9RugOyO3UJPoi3+4O2VTNosSBy5MILVCp49
eigyFVGpq5sT/c86qd1zqmsNWEubrlzDfETS4LMj9epr46ZKPXGQkeryt1m2Oe0HkIdNZ+IQ
5p+i9fnEy7/1uKTXWQYsg2UWsLA2PvTvwY8JxxMhUFgv12q2w7STntqJyi9PLItYNtbtKoS3
XZCCMqQLCWMXHY+2ol6rRSfs06H/wzlR8LjDaEXkDVuDmqMtcbgTboZYblsGxst7I/Y4Wgfi
J52uiIyobQ69uJbG0XeRTLZ3WyrBkopEsTX/+sQjVqbADXYU4hBVDgnCf2uN/5dcwSEvDj8/
+WsToAfEJkscRBsQjTLVzf+eFqHLrbqz/yoYIqBc//IJMBSbxIf5mrOHHLdbOuMCB6PVwpTI
vLFOSDNPuVDX+S1goA8KJTnXpm8jWDynn3XaXx3AlYw4iZ0ETSgQLQLRd6JuPOEGXsGdBA==
=ufaX
-----END PGP PUBLIC KEY BLOCK-----
extra_plugins: |
[[inputs.exec]]
commands = [ "/usr/bin/awk '{print int($1)}' /proc/uptime" ]
name_override = "exec_uptime"
data_format = "value"
bindings:
# overrides private-address exposed to prometheus
prometheus-client: *oam-space
telegraf-prometheus:
charm: cs:telegraf
bindings:
# overrides private-address exposed to prometheus
prometheus-client: *oam-space
options:
install_sources: |
- 'deb http://192.168.1.12/ppa.launchpad.net/telegraf-devs/ppa/ubuntu focal main'
install_keys: |-
- |
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: SKS 1.1.6
Comment: Hostname: keyserver.ubuntu.com
mQINBFcVSuIBEAC80aj0tAQ6+NhGV/bkSwu6Oj+BpDR50Be3uBv7ttdtvChL5zHTnaxjdK3h
LKSyrDLlmSOkffQ2uO7CxvqeF09MsHhyvrDDx0EY54//xxoAB++PoB2OQqmqldg3Al5Hp4Dz
rllV5CIX5PD8NGX8UpO3HXk5wEwn9G81l8cia3vPveU82EIkHMiJGpk6+L86OMlwXzxkSI3M
xXgNFKQc+ELDYLvGSseYC9vPN3kdmFoo/UjznPPE4fxr4bXit3N8Abl1jYjBa0x6SWkK1BAb
s8w3BXtvyk90z9Oyme69wPD4zAYfFp+kN2nDmTDBMtNCyMu9oatdI5SukMNK4Lcm8eAE6VNs
04j7BKvGk9+17M8WP9Pw8nIisOwScS9gUlJlLUpnBaJ+sxoOvGQ4mzZxYMKzJh0E58aEX3bS
AyzQfsae8bZLNOTcgotyzzIDJFF9npzu3wmKjeOt/706p4LiDqKUbQK6cI+QcJ/y80ZUK8pB
M043ttSHWLmTBFX2drp6zQGae9+02fX89ZD+5c+MPlubJMYCCKkvQT4OssHfC+dVDQ66rwUy
OObrzsVgikdpIxQVitL3J+Dms56xAkdFfoo+qdxxdv9S/eakc5mfavc/4WVvmFDaJiqJnJRR
Ryw1zApRtuweEEdVn8niy1mahoKpWaw1pTI4AazjWI6xJH1JyQARAQABtB9MYXVuY2hwYWQg
UFBBIGZvciBUZWxlZ3JhZiBEZXZziQI4BBMBAgAiBQJXFUriAhsDBgsJCAcDAgYVCAIJCgsE
FgIDAQIeAQIXgAAKCRDxDL4ByUQG9UgbEACa4IzdeYxH/S5I6MrZfvWNo/JTZ/MZWDD+QlMW
60ThAemCUSE+NJvZZ1q7ovGFpYnHJT9GQXOwJAX1quDUqyM1uXNmLlOyIVNnmjUTINoLhw2V
iC8E7dMWC9w4Na2fKezmNHH00kNl43ncstIjjZ3pLnDGYm1y0ItiCUcTRgHhx2cUZ/vStz1S
Pdqj4P3i8vuspoYJ2T3VPlM/0G+u9Yjuy3Uzu9RugOyO3UJPoi3+4O2VTNosSBy5MILVCp49
eigyFVGpq5sT/c86qd1zqmsNWEubrlzDfETS4LMj9epr46ZKPXGQkeryt1m2Oe0HkIdNZ+IQ
5p+i9fnEy7/1uKTXWQYsg2UWsLA2PvTvwY8JxxMhUFgv12q2w7STntqJyi9PLItYNtbtKoS3
XZCCMqQLCWMXHY+2ol6rRSfs06H/wzlR8LjDaEXkDVuDmqMtcbgTboZYblsGxst7I/Y4Wgfi
J52uiIyobQ69uJbG0XeRTLZ3WyrBkopEsTX/+sQjVqbADXYU4hBVDgnCf2uN/5dcwSEvDj8/
+WsToAfEJkscRBsQjTLVzf+eFqHLrbqz/yoYIqBc//IJMBSbxIf5mrOHHLdbOuMCB6PVwpTI
vLFOSDNPuVDX+S1goA8KJTnXpm8jWDynn3XaXx3AlYw4iZ0ETSgQLQLRd6JuPOEGXsGdBA==
=ufaX
-----END PGP PUBLIC KEY BLOCK-----
relations:
# grafana
- [ "grafana:juju-info", "filebeat:beats-host" ]
- [ "grafana:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "grafana:juju-info", "landscape-client:container" ]
# graylog
- [ "graylog:elasticsearch", "elasticsearch:client" ]
- [ "graylog:mongodb", "graylog-mongodb:database" ]
- [ "graylog:beats", "filebeat:logstash" ]
- [ "graylog:nrpe-external-master", "nrpe-host:nrpe-external-master" ]
- [ "graylog:juju-info", "telegraf:juju-info" ]
- [ "graylog:juju-info", "landscape-client:container" ]
# nagios
- [ "nagios:juju-info", "filebeat:beats-host" ]
- [ "nagios:monitors", "nrpe-container:monitors" ]
- [ "nagios:monitors", "nrpe-host:monitors" ]
- [ "nagios:juju-info", "landscape-client-bionic:container" ]
# openstack-service-checks
- [ "openstack-service-checks:identity-credentials", "keystone:identity-credentials" ]
- [ "openstack-service-checks:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "openstack-service-checks:juju-info", "filebeat:beats-host" ]
- [ "openstack-service-checks:juju-info", "landscape-client:container" ]
# graylog-mongodb
- [ "graylog-mongodb:juju-info", "filebeat:beats-host" ]
- [ "graylog-mongodb:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "graylog-mongodb:juju-info", "landscape-client:container" ]
# elasticsearch
- [ "elasticsearch:juju-info", "filebeat:beats-host" ]
- [ "elasticsearch:juju-info", "telegraf:juju-info" ]
- [ "elasticsearch:nrpe-external-master", "nrpe-host:nrpe-external-master" ]
- [ "elasticsearch:juju-info", "landscape-client:container" ]
# prometheus
- [ "prometheus:juju-info", "filebeat:beats-host" ]
- [ "prometheus:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "prometheus:juju-info", "telegraf-prometheus:juju-info" ]
- [ "prometheus:grafana-source", "grafana:grafana-source" ]
- [ "prometheus:target", "telegraf:prometheus-client" ]
- [ "prometheus:juju-info", "landscape-client:container" ]
# prometheus-openstack-exporter
- [ "prometheus-openstack-exporter:identity-credentials", "keystone:identity-credentials" ]
- [ "prometheus-openstack-exporter:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "prometheus-openstack-exporter:prometheus-openstack-exporter-service", "prometheus:target" ]
- [ "prometheus-openstack-exporter:juju-info", "filebeat:beats-host" ]
- [ "prometheus-openstack-exporter:juju-info", "landscape-client:container" ]
# grafana dashboards
- [ "grafana:dashboards", "telegraf:dashboards" ]
- [ "grafana:dashboards", "telegraf-prometheus:dashboards" ]
# vault lma/monitoring
- [ "filebeat:beats-host", "vault:juju-info" ]
- [ "nrpe-container:nrpe-external-master", "vault:nrpe-external-master" ]
- [ "filebeat:beats-host", "etcd:juju-info" ]
- [ "nrpe-container:nrpe-external-master", "etcd:nrpe-external-master" ]
- [ "filebeat:beats-host", "easyrsa:juju-info" ]
- [ "nrpe-container:general-info", "easyrsa:juju-info" ]
- [ "nova-compute:juju-info", "filebeat:beats-host" ]
# - [ "nova-compute:juju-info", "telegraf:juju-info" ]
- [ "nova-compute:nrpe-external-master", "nrpe-host:nrpe-external-master" ]
- [ "ceph-osd:juju-info", "telegraf:juju-info" ]
- [ "neutron-gateway:juju-info", "filebeat:beats-host" ]
- [ "neutron-gateway:juju-info", "telegraf:juju-info" ]
- [ "neutron-gateway:nrpe-external-master", "nrpe-host:nrpe-external-master" ]
- [ "keystone:juju-info", "filebeat:beats-host" ]
- [ "keystone:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "glance:juju-info", "filebeat:beats-host" ]
- [ "glance:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "cinder:juju-info", "filebeat:beats-host" ]
- [ "cinder:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
# - [ "cinder2:juju-info", "filebeat:beats-host" ]
# - [ "cinder2:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "heat:juju-info", "filebeat:beats-host" ]
- [ "heat:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "mysql-innodb-cluster:juju-info", "filebeat:beats-host" ]
- [ "mysql-innodb-cluster:juju-info", "nrpe-container:general-info" ]
- [ "ceph-mon:prometheus", "prometheus:target" ]
- [ "ceph-mon:juju-info", "filebeat:beats-host" ]
- [ "ceph-mon:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "neutron-api:juju-info", "filebeat:beats-host" ]
- [ "neutron-api:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "rabbitmq-server:juju-info", "filebeat:beats-host" ]
- [ "rabbitmq-server:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "openstack-dashboard:juju-info", "filebeat:beats-host" ]
- [ "openstack-dashboard:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "nova-cloud-controller:juju-info", "filebeat:beats-host" ]
- [ "nova-cloud-controller:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "gnocchi:juju-info", "filebeat:beats-host" ]
- [ "gnocchi:juju-info", "nrpe-container:general-info" ]
- [ "ceilometer:juju-info", "filebeat:beats-host" ]
- [ "ceilometer:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "aodh:juju-info", "filebeat:beats-host" ]
- [ "aodh:juju-info", "nrpe-container:general-info" ]
- [ "placement:juju-info", "filebeat:beats-host" ]
- [ "placement:juju-info", "nrpe-container:general-info" ]
- [ "juniper-server:juju-info", "filebeat:beats-host" ]
- [ "juniper-server:juju-info", "telegraf:juju-info" ]
- [ "juniper-server:juju-info", "nrpe-host:general-info" ]
- [ "hacluster-aodh:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "hacluster-cinder:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "hacluster-glance:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "hacluster-gnocchi:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "hacluster-heat:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "hacluster-horizon:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "hacluster-keystone:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "hacluster-neutron:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "hacluster-nova:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "hacluster-placement:nrpe-external-master", "nrpe-container:nrpe-external-master" ]
- [ "landscape-server:juju-info", "filebeat:beats-host" ]
- [ "landscape-server:juju-info", "nrpe-host:general-info" ]
- [ "landscape-server:juju-info", "telegraf:juju-info" ]
- [ "landscape-rabbitmq-server:juju-info", "filebeat:beats-host" ]
- [ "landscape-rabbitmq-server:nrpe-external-master", "nrpe-host:nrpe-external-master" ]
- [ "landscape-postgresql:juju-info", "filebeat:beats-host" ]
- [ "landscape-postgresql:local-monitors", "nrpe-host:local-monitors" ]
- [ "landscape-postgresql:juju-info", "nrpe-host:general-info" ]
- [ "landscape-haproxy:juju-info", "filebeat:beats-host" ]
- [ "landscape-haproxy:juju-info", "nrpe-host:general-info" ]
- [ "landscape-haproxy:local-monitors", "nrpe-host:local-monitors" ]

3
config/overlays/lma_offers.yaml
View File

@ -1,9 +1,6 @@
applications:
graylog:
offers:
graylog-info:
endpoints:
- juju-info
graylog-beats:
endpoints:
- beats

47
config/overlays/openstack_versioned_overlay_focal.yaml
View File

@ -29,14 +29,17 @@ applications:
charm: cs:cinder-ceph-262 # upgrade to support availability-zone specification
controller-server:
charm: cs:ubuntu-18
lma-server:
charm: cs:ubuntu-18
series: bionic
easyrsa:
charm: cs:~containers/easyrsa-408
elasticsearch:
charm: cs:elasticsearch-52
etcd:
charm: cs:etcd-583
# external-advanced-routing:
# charm: cs:advanced-routing-5
external-advanced-routing:
charm: cs:advanced-routing-5
filebeat:
charm: cs:filebeat-33
glance:
@ -95,10 +98,12 @@ applications:
charm: cs:haproxy-61
landscape-postgresql:
charm: cs:postgresql-233
series: bionic
landscape-rabbitmq-server:
charm: cs:~openstack-charmers-next/rabbitmq-server-438 # attempted fix for LP#1939702
landscape-server:
charm: cs:landscape-server-39
series: bionic
ldap-domain1:
charm: cs:~openstack-charmers/ldap-test-fixture-4
ldap-domain2:
@ -110,31 +115,43 @@ applications:
memcached:
charm: cs:memcached-32
mysql-innodb-cluster:
charm: cs:mysql-innodb-cluster-11
charm: cs:mysql-innodb-cluster-15
aodh-mysql-router:
charm: cs:mysql-router-11
charm: mysql-router
channel: 8.0/stable
keystone-mysql-router:
charm: cs:mysql-router-11
charm: mysql-router
channel: 8.0/stable
cinder-mysql-router:
charm: cs:mysql-router-11
charm: mysql-router
channel: 8.0/stable
glance-mysql-router:
charm: cs:mysql-router-11
charm: mysql-router
channel: 8.0/stable
gnocchi-mysql-router:
charm: cs:mysql-router-11
charm: mysql-router
channel: 8.0/stable
heat-mysql-router:
charm: cs:mysql-router-11
charm: mysql-router
channel: 8.0/stable
nova-cloud-controller-mysql-router:
charm: cs:mysql-router-11
charm: mysql-router
channel: 8.0/stable
neutron-api-mysql-router:
charm: cs:mysql-router-11
charm: mysql-router
channel: 8.0/stable
openstack-dashboard-mysql-router:
charm: cs:mysql-router-11
charm: mysql-router
channel: 8.0/stable
placement-mysql-router:
charm: cs:mysql-router-11
charm: mysql-router
channel: 8.0/stable
vault-mysql-router:
charm: cs:mysql-router-11
charm: mysql-router
channel: 8.0/stable
nagios:
charm: cs:nagios-44
series: bionic
neutron-gateway:
charm: cs:neutron-gateway-291
neutron-openvswitch:
@ -148,8 +165,6 @@ applications:
nova-compute:
charm: nova-compute
channel: "ussuri/edge"
revision: 550
architecture: *charm-arch
series: *charm-series
nrpe-container:
charm: cs:nrpe-73

6
config/overlays/resources.yaml
View File

@ -6,6 +6,12 @@ applications:
resources:
policyd-override: ../resources/keystone.zip
nova-cloud-controller:
options:
use-policyd-override: true
resources:
policyd-override: ../resources/nova.zip
prometheus:
resources:
core: ../resources/core_13308.snap

2028
resources/keystone.yaml
View File

File diff suppressed because it is too large Load Diff

11
resources/nova.yaml Normal file
View File

@ -0,0 +1,11 @@
# default rules
# https://docs.openstack.org/nova/ussuri/configuration/policy.html
context_is_tenantLead: role:tenantLead
os_compute_api:os-admin-actions:reset_state: rule:context_is_tenantLead or rule:system_admin_api
os_compute_api:os-aggregates:index: rule:context_is_tenantLead or rule:system_reader_api
os_compute_api:os-aggregates:show: rule:context_is_tenantLead or rule:system_reader_api
os_compute_api:os-availability-zone:detail: rule:context_is_tenantLead or rule:system_reader_api
os_compute_api:os-extended-server-attributes: rule:context_is_tenantLead or rule:system_admin_api
os_compute_api:os-hosts: rule:context_is_tenantLead or rule:admin_api
os_compute_api:os-hypervisors:servers: rule:context_is_tenantLead or rule:system_reader_api

10
scripts/post-deployment/hosts Normal file
View File

@ -0,0 +1,10 @@
10.0.1.211 aodh.example.com
10.0.1.212 cinder.example.com
10.0.1.213 dashboard.example.com
10.0.1.214 glance.example.com
10.0.1.215 heat.example.com
10.0.1.216 keystone.example.com
10.0.1.217 mysql.example.com
10.0.1.218 neutron.example.com
10.0.1.219 nova.example.com
10.0.1.220 gnocchi.example.com