From 2f2a80be3c2cc62de919f3a2898b3a809b1a58a0 Mon Sep 17 00:00:00 2001 From: to-bar <46519524+to-bar@users.noreply.github.com> Date: Wed, 28 Jul 2021 12:38:08 +0200 Subject: [PATCH 1/5] Fix repmgr upgrade (#2459) * Do not use 'specification' var as task var * Fix backup & restore tasks * Wait for repmgr version propagation to standby * Ensure symlink to config file exists * Use postgresql_ext module --- .../roles/backup/tasks/postgresql.yml | 2 +- .../extensions/replication/extension.yml | 6 ++- .../extensions/replication/repmgr-upgrade.yml | 44 ++++++++++++++----- .../roles/postgresql/templates/repmgr.conf.j2 | 2 +- .../roles/recovery/tasks/postgresql.yml | 11 ++--- 5 files changed, 46 insertions(+), 19 deletions(-) diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/backup/tasks/postgresql.yml b/core/src/epicli/data/common/ansible/playbooks/roles/backup/tasks/postgresql.yml index d4bd207245..6a060d61d5 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/backup/tasks/postgresql.yml +++ b/core/src/epicli/data/common/ansible/playbooks/roles/backup/tasks/postgresql.yml @@ -10,7 +10,7 @@ - name: Check if database is running on node0 database server become: true become_user: postgres - command: "{{ repmgr.pg_bindir[ansible_os_family] }}/pg_isready" + command: "{{ pg.bin_dir[ansible_os_family] }}/pg_isready" register: node0 ignore_errors: True when: groups['postgresql'][0] == inventory_hostname diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/postgresql/tasks/extensions/replication/extension.yml b/core/src/epicli/data/common/ansible/playbooks/roles/postgresql/tasks/extensions/replication/extension.yml index b0aed2a5a1..1b4caa1075 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/postgresql/tasks/extensions/replication/extension.yml +++ b/core/src/epicli/data/common/ansible/playbooks/roles/postgresql/tasks/extensions/replication/extension.yml @@ -76,11 +76,13 @@ pg_bin_dir: "{{ pg.bin_dir[ansible_os_family] }}" pg_data_dir: "{{ pg.data_dir[ansible_os_family] }}" pg_service_name: "{{ pg.service_name[ansible_os_family] }}" + replication_user_name: "{{ specification.extensions.replication.replication_user_name }}" + repmgr_database: "{{ specification.extensions.replication.repmgr_database }}" repmgr_service_name: "{{ repmgr.service_name[ansible_os_family] }}" -# On Ubuntu config file location is not set by package (see https://repmgr.org/docs/4.0/packages-debian-ubuntu.html). +# On Ubuntu config file location is not set by package (see https://repmgr.org/docs/5.2/packages-debian-ubuntu.html). # Create symlink to allow using repmgr commands without specifying config file location (which is custom). -# See https://repmgr.org/docs/4.0/configuration-file.html +# See https://repmgr.org/docs/5.2/configuration-file.html#CONFIGURATION-FILE-LOCATION - name: Extensions | repmgr | Debian specific tasks when: ansible_os_family == 'Debian' block: diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/postgresql/tasks/upgrade/extensions/replication/repmgr-upgrade.yml b/core/src/epicli/data/common/ansible/playbooks/roles/postgresql/tasks/upgrade/extensions/replication/repmgr-upgrade.yml index 7ad8a40463..e641b83d92 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/postgresql/tasks/upgrade/extensions/replication/repmgr-upgrade.yml +++ b/core/src/epicli/data/common/ansible/playbooks/roles/postgresql/tasks/upgrade/extensions/replication/repmgr-upgrade.yml @@ -13,6 +13,16 @@ file: manifest.yml name: postgresql_manifest +# repmgr was introduced with epicli v0.6 but the following symlink was added in v0.7 so this task is to ensure it exists +- name: repmgr for PG {{ pg_version }} | Debian | Ensure symlink to config file exists + file: + src: "{{ upgrade_defaults.repmgr.config_dir[ansible_os_family] }}/repmgr.conf" + dest: /etc/repmgr.conf + state: link + owner: postgres + group: postgres + when: ansible_os_family == 'Debian' + - name: repmgr for PG {{ pg_version }} | Search for primary node become_user: postgres # command prints primary node name (hostname) @@ -126,21 +136,35 @@ pg_bin_dir: "{{ upgrade_defaults.pg.bin_dir[ansible_os_family] }}" pg_data_dir: "{{ upgrade_defaults.pg.data_dir[ansible_os_family] }}" pg_service_name: "{{ upgrade_defaults.pg.service_name[ansible_os_family] }}" + replication_user_name: "{{ postgresql_manifest.specification.extensions.replication.replication_user_name }}" + repmgr_database: "{{ postgresql_manifest.specification.extensions.replication.repmgr_database }}" repmgr_service_name: "{{ upgrade_defaults.repmgr.service_name[ansible_os_family] }}" - specification: - extensions: - replication: - replication_user_name: "{{ postgresql_manifest.specification.extensions.replication.replication_user_name }}" - repmgr_database: "{{ postgresql_manifest.specification.extensions.replication.repmgr_database }}" - -# Step: Execute 'ALTER EXTENSION repmgr UPDATE' (on primary only) -- name: repmgr for PG {{ pg_version }} | Update extension + +# Step: Execute 'ALTER EXTENSION repmgr UPDATE' (on primary only). +# On standby it fails with error "cannot execute ALTER EXTENSION in a read-only transaction". +- name: repmgr for PG {{ pg_version }} | primary | Update extension become_user: postgres - postgresql_query: + postgresql_ext: + name: repmgr db: "{{ postgresql_manifest.specification.extensions.replication.repmgr_database }}" - query: ALTER EXTENSION repmgr UPDATE + version: "{{ _split_version[0] }}.{{ _split_version[1] }}" + vars: + _split_version: "{{ repmgr.version[ansible_os_family].split('.') }}" when: inventory_hostname == find_pg_primary_node.stdout +# Wait for repmgr version propagation to standby +- name: repmgr for PG {{ pg_version }} | standby | Wait for repmgr version sync with primary + become_user: postgres + postgresql_query: + db: "{{ postgresql_manifest.specification.extensions.replication.repmgr_database }}" + query: SELECT installed_version FROM pg_available_extensions WHERE name = 'repmgr' + register: query_repmgr_version + # 'installed_version' keeps only major version (e.g. '5.2') + until: repmgr.version[ansible_os_family] is match(query_repmgr_version.query_result | json_query('[0].installed_version')) + retries: 10 + delay: 1 + when: inventory_hostname != find_pg_primary_node.stdout + # Step: Re-enable repmgr service - name: repmgr for PG {{ pg_version }} | Re-enable repmgr service systemd: diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/postgresql/templates/repmgr.conf.j2 b/core/src/epicli/data/common/ansible/playbooks/roles/postgresql/templates/repmgr.conf.j2 index bedcea6a49..a23ac2cd81 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/postgresql/templates/repmgr.conf.j2 +++ b/core/src/epicli/data/common/ansible/playbooks/roles/postgresql/templates/repmgr.conf.j2 @@ -2,7 +2,7 @@ node_id={{ node_id }} node_name={{ inventory_hostname }} -conninfo='host={{ ansible_default_ipv4.address }} user={{ specification.extensions.replication.replication_user_name }} dbname={{ specification.extensions.replication.repmgr_database }} connect_timeout=2' +conninfo='host={{ ansible_default_ipv4.address }} user={{ replication_user_name }} dbname={{ repmgr_database }} connect_timeout=2' data_directory='{{ pg_data_dir }}' failover=automatic diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/recovery/tasks/postgresql.yml b/core/src/epicli/data/common/ansible/playbooks/roles/recovery/tasks/postgresql.yml index 3c1bcc39ce..27c8a55033 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/recovery/tasks/postgresql.yml +++ b/core/src/epicli/data/common/ansible/playbooks/roles/recovery/tasks/postgresql.yml @@ -9,7 +9,8 @@ /bin/systemctl stop {{ pg.service_name[ansible_os_family] }}, /bin/systemctl restart {{ pg.service_name[ansible_os_family] }}, /bin/systemctl reload {{ pg.service_name[ansible_os_family] }}, - {{ repmgr.bindir[ansible_os_family] }}/repmgr standby follow + /bin/systemctl start {{ repmgr.service_name[ansible_os_family] }}, + /bin/systemctl stop {{ repmgr.service_name[ansible_os_family] }} validate: 'visudo -cf %s' - name: Stop repmgr service @@ -134,7 +135,7 @@ - name: Register primary node in repmgr become: yes become_user: postgres - shell: "{{ repmgr.bindir[ansible_os_family] }}/repmgr -f {{ repmgr.config_dir[ansible_os_family] }}/repmgr.conf + shell: "{{ repmgr.bin_dir[ansible_os_family] }}/repmgr -f {{ repmgr.config_dir[ansible_os_family] }}/repmgr.conf --force --superuser={{ component_vars.specification.extensions.replication.privileged_user_name }} primary register -F" - name: Start repmgr on primary node @@ -200,7 +201,7 @@ - name: Clone content from primary node using repmgr become_user: postgres - shell: "{{ repmgr.bindir[ansible_os_family] }}/repmgr -f {{ repmgr.config_dir[ansible_os_family] }}/repmgr.conf -h {{ hostvars[groups['postgresql'][0]]['ansible_default_ipv4']['address'] }} -U {{ component_vars.specification.extensions.replication.privileged_user_name }} -d {{ component_vars.specification.extensions.replication.repmgr_database }} -p 5432 -F standby clone" + shell: "{{ repmgr.bin_dir[ansible_os_family] }}/repmgr -f {{ repmgr.config_dir[ansible_os_family] }}/repmgr.conf -h {{ hostvars[groups['postgresql'][0]]['ansible_default_ipv4']['address'] }} -U {{ component_vars.specification.extensions.replication.privileged_user_name }} -d {{ component_vars.specification.extensions.replication.repmgr_database }} -p 5432 -F standby clone" - name: Copy cached config files back to database configuration location copy: @@ -217,7 +218,7 @@ - name: Register secondary node to repmgr cluster become_user: postgres - shell: "{{ repmgr.bindir[ansible_os_family] }}/repmgr -f {{ repmgr.config_dir[ansible_os_family] }}/repmgr.conf standby register -F" + shell: "{{ repmgr.bin_dir[ansible_os_family] }}/repmgr -f {{ repmgr.config_dir[ansible_os_family] }}/repmgr.conf standby register -F" - name: Start repmgr service service: @@ -228,7 +229,7 @@ become: true become_user: postgres become_method: sudo - command: "{{ repmgr.bindir[ansible_os_family] }}/repmgr standby follow" + command: "{{ repmgr.bin_dir[ansible_os_family] }}/repmgr standby follow" when: - component_vars.specification.extensions.replication.enabled | default(false) - groups['postgresql'][1] == inventory_hostname From 299105bd8a5fd9ece3873c4a530e63c36f546f25 Mon Sep 17 00:00:00 2001 From: Luuk van Venrooij <11056665+seriva@users.noreply.github.com> Date: Thu, 29 Jul 2021 11:21:32 +0200 Subject: [PATCH 2/5] Added basic configuration type and schema validation. (#2470) Added basic configuration type and schema validation. --- .github/ISSUE_TEMPLATE/feature-request.md | 1 + CHANGELOG-1.2.md | 1 + .../providers/aws/InfrastructureBuilder.py | 2 +- .../cli/engine/schema/SchemaValidator.py | 28 +- .../any/validation/infrastructure/machine.yml | 11 +- .../infrastructure/launch-configuration.yml | 3 - .../infrastructure/default-security-group.yml | 29 +- .../validation/infrastructure/efs-storage.yml | 30 +- .../infrastructure/internet-gateway.yml | 16 +- .../infrastructure/launch-configuration.yml | 53 ++- .../validation/infrastructure/public-key.yml | 10 +- .../infrastructure/resource-group.yml | 10 +- .../route-table-association.yml | 12 +- .../validation/infrastructure/route-table.yml | 23 +- .../infrastructure/security-group-rule.yml | 20 +- .../infrastructure/security-group.yml | 33 +- .../aws/validation/infrastructure/subnet.yml | 16 +- .../infrastructure/virtual-machine.yml | 92 ++++- .../aws/validation/infrastructure/vpc.yml | 18 +- .../infrastructure/availability-set.yml | 4 + .../infrastructure/cloud-init-custom-data.yml | 4 + .../infrastructure/network-interface.yml | 22 +- .../infrastructure/network-security-group.yml | 33 +- .../validation/infrastructure/public-ip.yml | 14 +- .../infrastructure/resource-group.yml | 10 +- .../infrastructure/storage-share.yml | 12 +- ...net-network-security-group-association.yml | 12 +- .../validation/infrastructure/subnet.yml | 12 +- .../infrastructure/virtual-machine.yml | 98 ++++- .../azure/validation/infrastructure/vnet.yml | 10 +- .../configuration/feature-mapping.yml | 54 +-- .../common/defaults/configuration/grafana.yml | 2 +- .../common/defaults/configuration/haproxy.yml | 2 +- .../configuration/kubernetes-master.yml | 2 +- .../validation/configuration/applications.yml | 338 +++++++++++++++- .../validation/configuration/backup.yml | 1 - .../configuration/elasticsearch-curator.yml | 61 ++- .../configuration/elasticsearch.yml | 1 - .../configuration/feature-mapping.yml | 70 +++- .../validation/configuration/filebeat.yml | 30 +- .../validation/configuration/firewall.yml | 200 +++++++++- .../validation/configuration/grafana.yml | 377 +++++++++++++++++- .../configuration/haproxy-exporter.yml | 26 +- .../validation/configuration/haproxy.yml | 57 ++- .../common/validation/configuration/helm.yml | 8 +- .../validation/configuration/ignite.yml | 12 +- .../configuration/image-registry.yml | 73 +++- .../validation/configuration/jmx-exporter.yml | 16 +- .../configuration/kafka-exporter.yml | 30 +- .../common/validation/configuration/kafka.yml | 168 +++++++- .../validation/configuration/kibana.yml | 8 +- .../configuration/kubernetes-master.yml | 4 +- .../configuration/kubernetes-node.yml | 12 +- .../validation/configuration/logging.yml | 46 ++- .../validation/configuration/logstash.yml | 5 +- .../configuration/node-exporter.yml | 51 ++- .../opendistro-for-elasticsearch.yml | 49 ++- .../configuration/postgres-exporter.yml | 26 +- .../validation/configuration/postgresql.yml | 107 ++++- .../validation/configuration/prometheus.yml | 135 ++++++- .../validation/configuration/rabbitmq.yml | 39 +- .../validation/configuration/repository.yml | 28 +- .../configuration/shared-config.yml | 20 +- .../common/validation/configuration/vault.yml | 101 ++++- .../validation/configuration/zookeeper.yml | 11 +- 65 files changed, 2706 insertions(+), 103 deletions(-) delete mode 100644 core/src/epicli/data/common/validation/configuration/elasticsearch.yml diff --git a/.github/ISSUE_TEMPLATE/feature-request.md b/.github/ISSUE_TEMPLATE/feature-request.md index 5511b9374d..d956256915 100644 --- a/.github/ISSUE_TEMPLATE/feature-request.md +++ b/.github/ISSUE_TEMPLATE/feature-request.md @@ -25,6 +25,7 @@ Add any other context or screenshots about the feature request here. * [ ] Changelog updated * [ ] COMPONENTS.md updated / doesn't need to be updated +* [ ] Schema updated / doesn't need to be updated * [ ] Feature has automated tests * [ ] Automated tests passed (QA pipelines) * [ ] apply diff --git a/CHANGELOG-1.2.md b/CHANGELOG-1.2.md index c94af841fd..b82913c9c1 100644 --- a/CHANGELOG-1.2.md +++ b/CHANGELOG-1.2.md @@ -7,6 +7,7 @@ - [#126](https://github.com/epiphany-platform/epiphany/issues/126) - Added default Kibana dashboards - [#2127](https://github.com/epiphany-platform/epiphany/issues/2127) - Allow to specify configuration to be used in upgrade mode - [#2397](https://github.com/epiphany-platform/epiphany/issues/2397) - Restart CoreDNS pods conditionally +- [#195](https://github.com/epiphany-platform/epiphany/issues/195) - Basic configuration type and schema validation ### Fixed diff --git a/core/src/epicli/cli/engine/providers/aws/InfrastructureBuilder.py b/core/src/epicli/cli/engine/providers/aws/InfrastructureBuilder.py index 7978ac5d82..cedf85c0be 100644 --- a/core/src/epicli/cli/engine/providers/aws/InfrastructureBuilder.py +++ b/core/src/epicli/cli/engine/providers/aws/InfrastructureBuilder.py @@ -237,7 +237,7 @@ def add_security_rules_inbound_efs(self, infrastructure, security_group): rule.specification.description = 'NFS inbound for '+subnet.specification.name rule.specification.direction = 'ingress' rule.specification.protocol = 'tcp' - rule.specification.destination_port_range = 2049 + rule.specification.destination_port_range = "2049" rule.specification.source_address_prefix = subnet.specification.cidr_block rule.specification.destination_address_prefix = '*' security_group.specification.rules.append(rule.specification) diff --git a/core/src/epicli/cli/engine/schema/SchemaValidator.py b/core/src/epicli/cli/engine/schema/SchemaValidator.py index a4d21f91cb..cdcd755644 100644 --- a/core/src/epicli/cli/engine/schema/SchemaValidator.py +++ b/core/src/epicli/cli/engine/schema/SchemaValidator.py @@ -1,9 +1,8 @@ -from jsonschema import validate +from jsonschema import validate, Draft7Validator from cli.helpers.data_loader import load_yaml_obj, types from cli.helpers.objdict_helpers import objdict_to_dict, dict_to_objdict from cli.helpers.Step import Step from copy import deepcopy -from cli.helpers.doc_list_helpers import select_single class SchemaValidator(Step): @@ -32,6 +31,15 @@ def get_base_schema(self, kind): schema.properties.kind.pattern = '^(' + kind + ')$' return schema + def validate_document(self, doc, schema): + try: + Draft7Validator.check_schema(schema) + validate(instance=objdict_to_dict(doc), schema=schema) + except Exception as e: + self.logger.error(f'Failed validating: {doc.kind}') + self.logger.error(e) + raise Exception('Schema validation error, see the error above.') + def run_for_individual_documents(self): for doc in self.validation_docs: # Load document schema @@ -46,12 +54,8 @@ def run_for_individual_documents(self): self.logger.warn('No specification validation for ' + doc.kind) # Assert the schema - try: - validate(instance=objdict_to_dict(doc), schema=objdict_to_dict(schema)) - except Exception as e: - self.logger.error(f'Failed validating: {doc.kind}') - self.logger.error(e) - raise Exception('Schema validation error, see the error above.') + schema_dict = objdict_to_dict(schema) + self.validate_document(doc, schema_dict) def run(self): for doc in self.validation_docs: @@ -61,9 +65,5 @@ def run(self): if hasattr(schema['properties']["specification"], '$ref'): if schema['properties']["specification"]['$ref'] == '#/definitions/unvalidated_specification': self.logger.warn('No specification validation for ' + doc.kind) - try: - validate(instance=objdict_to_dict(doc), schema=objdict_to_dict(schema)) - except Exception as e: - self.logger.error(f'Failed validating: {doc.kind}') - self.logger.error(e) - raise Exception('Schema validation error, see the error above.') + schema_dict = objdict_to_dict(schema) + self.validate_document(doc, schema_dict) diff --git a/core/src/epicli/data/any/validation/infrastructure/machine.yml b/core/src/epicli/data/any/validation/infrastructure/machine.yml index 89807aa970..232bbc70c5 100644 --- a/core/src/epicli/data/any/validation/infrastructure/machine.yml +++ b/core/src/epicli/data/any/validation/infrastructure/machine.yml @@ -1 +1,10 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Machine specification schema" +description: "Machine specification schema" +specification: + type: object + properties: + hostname: + type: string + ip: + type: string diff --git a/core/src/epicli/data/aws/defaults/infrastructure/launch-configuration.yml b/core/src/epicli/data/aws/defaults/infrastructure/launch-configuration.yml index d8e6f0057a..e2c4924ca7 100644 --- a/core/src/epicli/data/aws/defaults/infrastructure/launch-configuration.yml +++ b/core/src/epicli/data/aws/defaults/infrastructure/launch-configuration.yml @@ -12,6 +12,3 @@ specification: associate_public_ip: SET_BY_AUTOMATION security_groups: [] # SET_BY_AUTOMATION enable_monitoring: true - - - diff --git a/core/src/epicli/data/aws/validation/infrastructure/default-security-group.yml b/core/src/epicli/data/aws/validation/infrastructure/default-security-group.yml index 89807aa970..5507882c89 100644 --- a/core/src/epicli/data/aws/validation/infrastructure/default-security-group.yml +++ b/core/src/epicli/data/aws/validation/infrastructure/default-security-group.yml @@ -1 +1,28 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Default-security-group specification schema" +description: "Default-security-group specification schema" +type: object +properties: + name: + type: string + vpc_name: + type: string + rules: + type: array + items: + type: object + properties: + name: + type: string + description: + type: string + direction: + type: string + protocol: + type: string + destination_port_range: + type: string + source_address_prefix: + type: string + destination_address_prefix: + type: string diff --git a/core/src/epicli/data/aws/validation/infrastructure/efs-storage.yml b/core/src/epicli/data/aws/validation/infrastructure/efs-storage.yml index 89807aa970..215b923fcc 100644 --- a/core/src/epicli/data/aws/validation/infrastructure/efs-storage.yml +++ b/core/src/epicli/data/aws/validation/infrastructure/efs-storage.yml @@ -1 +1,29 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Efs-storage specification schema" +description: "Efs-storage specification schema" +type: object +properties: + name: + type: string + token: + type: string + encrypted: + type: boolean + performance_mode: + type: string + throughput_mode: + type: string + mount_targets: + type: array + items: + type: object + properties: + name: + type: string + subnet_name: + type: string + security: + type: object + properties: + populate_sg_rules: + type: boolean diff --git a/core/src/epicli/data/aws/validation/infrastructure/internet-gateway.yml b/core/src/epicli/data/aws/validation/infrastructure/internet-gateway.yml index 89807aa970..fe6a32b2bc 100644 --- a/core/src/epicli/data/aws/validation/infrastructure/internet-gateway.yml +++ b/core/src/epicli/data/aws/validation/infrastructure/internet-gateway.yml @@ -1 +1,15 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Internet-gateway specification schema" +description: "Internet-gateway specification schema" +type: object +properties: + name: + type: string + vpc_name: + type: string + cluster_name: + type: string + tag: + type: array + items: + type: string diff --git a/core/src/epicli/data/aws/validation/infrastructure/launch-configuration.yml b/core/src/epicli/data/aws/validation/infrastructure/launch-configuration.yml index 89807aa970..6aa06495fe 100644 --- a/core/src/epicli/data/aws/validation/infrastructure/launch-configuration.yml +++ b/core/src/epicli/data/aws/validation/infrastructure/launch-configuration.yml @@ -1 +1,52 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Launch-configuration specification schema" +description: "Launch-configuration specification schema" +type: object +properties: + name: + type: string + image_id: + type: string + size: + type: string + key_name: + type: string + disks: + type: object + properties: + root: + type: object + properties: + volume_type: + type: string + volume_size: + type: integer + delete_on_termination: + type: boolean + encrypted: + type: boolean + additional_disks: + type: array + items: + type: object + properties: + device_name: + type: string + volume_type: + type: string + volume_size: + type: integer + delete_on_termination: + type: boolean + encrypted: + type: boolean + ebs_optimized: + type: boolean + associate_public_ip: + type: boolean + security_groups: + type: array + items: + - type: string + enable_monitoring: + type: boolean diff --git a/core/src/epicli/data/aws/validation/infrastructure/public-key.yml b/core/src/epicli/data/aws/validation/infrastructure/public-key.yml index 89807aa970..27a9f7bbca 100644 --- a/core/src/epicli/data/aws/validation/infrastructure/public-key.yml +++ b/core/src/epicli/data/aws/validation/infrastructure/public-key.yml @@ -1 +1,9 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Public-key specification schema" +description: "Public-key specification schema" +type: object +properties: + name: + type: string + public_key: + type: string diff --git a/core/src/epicli/data/aws/validation/infrastructure/resource-group.yml b/core/src/epicli/data/aws/validation/infrastructure/resource-group.yml index 89807aa970..9d38a83a81 100644 --- a/core/src/epicli/data/aws/validation/infrastructure/resource-group.yml +++ b/core/src/epicli/data/aws/validation/infrastructure/resource-group.yml @@ -1 +1,9 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Resource-group specification schema" +description: "Resource-group specification schema" +type: object +properties: + name: + type: string + cluster_name: + type: string diff --git a/core/src/epicli/data/aws/validation/infrastructure/route-table-association.yml b/core/src/epicli/data/aws/validation/infrastructure/route-table-association.yml index 89807aa970..e6e0279040 100644 --- a/core/src/epicli/data/aws/validation/infrastructure/route-table-association.yml +++ b/core/src/epicli/data/aws/validation/infrastructure/route-table-association.yml @@ -1 +1,11 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Route-table-association specification schema" +description: "Route-table-association specification schema" +type: object +properties: + name: + type: string + subnet_name: + type: string + route_table_name: + type: string diff --git a/core/src/epicli/data/aws/validation/infrastructure/route-table.yml b/core/src/epicli/data/aws/validation/infrastructure/route-table.yml index 89807aa970..44cd565ec3 100644 --- a/core/src/epicli/data/aws/validation/infrastructure/route-table.yml +++ b/core/src/epicli/data/aws/validation/infrastructure/route-table.yml @@ -1 +1,22 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Route-table specification schema" +description: "Route-table specification schema" +type: object +properties: + name: + type: string + vpc_name: + type: string + route: + type: object + properties: + cidr_block: + type: string + gateway_name: + type: string + tag: + type: array + items: + type: string + cluster_name: + type: string diff --git a/core/src/epicli/data/aws/validation/infrastructure/security-group-rule.yml b/core/src/epicli/data/aws/validation/infrastructure/security-group-rule.yml index 89807aa970..5d6e4fdefa 100644 --- a/core/src/epicli/data/aws/validation/infrastructure/security-group-rule.yml +++ b/core/src/epicli/data/aws/validation/infrastructure/security-group-rule.yml @@ -1 +1,19 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Security-group-rule specification schema" +description: "Security-group-rule specification schema" +type: object +properties: + name: + type: string + protocol: + type: string + description: + type: string + direction: + type: string + destination_port_range: + type: string + source_address_prefix: + type: string + destination_address_prefix: + type: string diff --git a/core/src/epicli/data/aws/validation/infrastructure/security-group.yml b/core/src/epicli/data/aws/validation/infrastructure/security-group.yml index 89807aa970..9023bca08f 100644 --- a/core/src/epicli/data/aws/validation/infrastructure/security-group.yml +++ b/core/src/epicli/data/aws/validation/infrastructure/security-group.yml @@ -1 +1,32 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Security-group specification schema" +description: "Security-group specification schema" +type: object +properties: + vpc_name: + type: string + name: + type: string + cidr_block: + type: string + rules: + type: array + items: + type: object + properties: + name: + type: string + description: + type: string + direction: + type: string + protocol: + type: string + destination_port_range: + type: string + source_address_prefix: + type: string + destination_address_prefix: + type: string + cluster_name: + type: string diff --git a/core/src/epicli/data/aws/validation/infrastructure/subnet.yml b/core/src/epicli/data/aws/validation/infrastructure/subnet.yml index 89807aa970..0d49f682cd 100644 --- a/core/src/epicli/data/aws/validation/infrastructure/subnet.yml +++ b/core/src/epicli/data/aws/validation/infrastructure/subnet.yml @@ -1 +1,15 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Subnet specification schema" +description: "Subnet specification schema" +type: object +properties: + name: + type: string + vpc_name: + type: string + cidr_block: + type: string + cluster_name: + type: string + availability_zone: + type: string diff --git a/core/src/epicli/data/aws/validation/infrastructure/virtual-machine.yml b/core/src/epicli/data/aws/validation/infrastructure/virtual-machine.yml index 89807aa970..f22bd40a68 100644 --- a/core/src/epicli/data/aws/validation/infrastructure/virtual-machine.yml +++ b/core/src/epicli/data/aws/validation/infrastructure/virtual-machine.yml @@ -1 +1,91 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Virtual-machine specification schema" +description: "Virtual-machine specification schema" +type: object +properties: + name: + type: string + count: + type: integer + subnet_names: + type: array + items: + type: string + availability_zones: + type: array + items: + type: string + launch_configuration: + type: string + cluster_name: + type: string + authorized_to_efs: + type: boolean + mount_efs: + type: boolean + tags: + type: array + items: + type: object + properties: + version: + type: string + size: + type: string + os_full_name: + type: string + os_type: + type: string + ebs_optimized: + type: boolean + disks: + type: object + properties: + root: + type: object + properties: + volume_type: + type: string + volume_size: + type: integer + delete_on_termination: + type: boolean + encrypted: + type: boolean + additional_disks: + type: array + items: + type: object + properties: + device_name: + type: string + volume_type: + type: string + volume_size: + type: integer + delete_on_termination: + type: boolean + encrypted: + type: boolean + security: + type: object + properties: + rules: + type: array + items: + type: object + properties: + name: + type: string + description: + type: string + direction: + type: string + protocol: + type: string + destination_port_range: + type: string + source_address_prefix: + type: string + destination_address_prefix: + type: string diff --git a/core/src/epicli/data/aws/validation/infrastructure/vpc.yml b/core/src/epicli/data/aws/validation/infrastructure/vpc.yml index 89807aa970..6af678a4c7 100644 --- a/core/src/epicli/data/aws/validation/infrastructure/vpc.yml +++ b/core/src/epicli/data/aws/validation/infrastructure/vpc.yml @@ -1 +1,17 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Vpc specification schema" +description: "Vpc specification schema" +type: object +properties: + name: + type: string + address_pool: + type: string + instance_tenancy: + type: string + enable_dns_support: + type: boolean + enable_dns_hostnames: + type: boolean + cluster_name: + type: string diff --git a/core/src/epicli/data/azure/validation/infrastructure/availability-set.yml b/core/src/epicli/data/azure/validation/infrastructure/availability-set.yml index c82849cf99..2210c6d43c 100644 --- a/core/src/epicli/data/azure/validation/infrastructure/availability-set.yml +++ b/core/src/epicli/data/azure/validation/infrastructure/availability-set.yml @@ -1,3 +1,7 @@ +"$id": "#/specification" +title: "Availability-set specification schema" +description: "Availability-set specification schema" +type: object required: - platform_fault_domain_count - platform_update_domain_count diff --git a/core/src/epicli/data/azure/validation/infrastructure/cloud-init-custom-data.yml b/core/src/epicli/data/azure/validation/infrastructure/cloud-init-custom-data.yml index bb7ab52b72..4f49590041 100644 --- a/core/src/epicli/data/azure/validation/infrastructure/cloud-init-custom-data.yml +++ b/core/src/epicli/data/azure/validation/infrastructure/cloud-init-custom-data.yml @@ -1,3 +1,7 @@ +"$id": "#/specification" +title: "Cloud-init-custom-data specification schema" +description: "Cloud-init-custom-data specification schema" +type: object properties: enabled: type: boolean diff --git a/core/src/epicli/data/azure/validation/infrastructure/network-interface.yml b/core/src/epicli/data/azure/validation/infrastructure/network-interface.yml index 89807aa970..7ab2eb47f4 100644 --- a/core/src/epicli/data/azure/validation/infrastructure/network-interface.yml +++ b/core/src/epicli/data/azure/validation/infrastructure/network-interface.yml @@ -1 +1,21 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Network-interface specification schema" +description: "Network-interface specification schema" +type: object +properties: + name: + type: string + use_network_security_groups: + type: boolean + security_group_name: + type: string + ip_configuration_name: + type: string + subnet_name: + type: string + use_public_ip: + type: boolean + public_ip_name: + type: string + enable_accelerated_networking: + type: boolean diff --git a/core/src/epicli/data/azure/validation/infrastructure/network-security-group.yml b/core/src/epicli/data/azure/validation/infrastructure/network-security-group.yml index 89807aa970..91bd2c5f5b 100644 --- a/core/src/epicli/data/azure/validation/infrastructure/network-security-group.yml +++ b/core/src/epicli/data/azure/validation/infrastructure/network-security-group.yml @@ -1 +1,32 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Network-security-group specification schema" +description: "Network-security-group specification schema" +type: object +properties: + name: + type: string + rules: + type: array + items: + type: object + properties: + name: + type: string + description: + type: string + priority: + type: integer + direction: + type: string + access: + type: string + protocol: + type: string + source_port_range: + type: string + destination_port_range: + type: string + source_address_prefix: + type: string + destination_address_prefix: + type: string diff --git a/core/src/epicli/data/azure/validation/infrastructure/public-ip.yml b/core/src/epicli/data/azure/validation/infrastructure/public-ip.yml index 89807aa970..cde20e7287 100644 --- a/core/src/epicli/data/azure/validation/infrastructure/public-ip.yml +++ b/core/src/epicli/data/azure/validation/infrastructure/public-ip.yml @@ -1 +1,13 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Public-ip specification schema" +description: "Public-ip specification schema" +type: object +properties: + name: + type: string + allocation_method: + type: string + idle_timeout_in_minutes: + type: integer + sku: + type: string diff --git a/core/src/epicli/data/azure/validation/infrastructure/resource-group.yml b/core/src/epicli/data/azure/validation/infrastructure/resource-group.yml index 89807aa970..39887bdc14 100644 --- a/core/src/epicli/data/azure/validation/infrastructure/resource-group.yml +++ b/core/src/epicli/data/azure/validation/infrastructure/resource-group.yml @@ -1 +1,9 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Resource-group specification schema" +description: "Resource-group specification schema" +type: object +properties: + name: + type: string + region: + type: string diff --git a/core/src/epicli/data/azure/validation/infrastructure/storage-share.yml b/core/src/epicli/data/azure/validation/infrastructure/storage-share.yml index 89807aa970..a09439d678 100644 --- a/core/src/epicli/data/azure/validation/infrastructure/storage-share.yml +++ b/core/src/epicli/data/azure/validation/infrastructure/storage-share.yml @@ -1 +1,11 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Storage-share specification schema" +description: "Storage-share specification schema" +type: object +properties: + name: + type: string + storage_account_name: + type: string + quota: + type: integer diff --git a/core/src/epicli/data/azure/validation/infrastructure/subnet-network-security-group-association.yml b/core/src/epicli/data/azure/validation/infrastructure/subnet-network-security-group-association.yml index 89807aa970..6932697d04 100644 --- a/core/src/epicli/data/azure/validation/infrastructure/subnet-network-security-group-association.yml +++ b/core/src/epicli/data/azure/validation/infrastructure/subnet-network-security-group-association.yml @@ -1 +1,11 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Subnet-network-security-group-association specification schema" +description: "Subnet-network-security-group-association specification schema" +type: object +properties: + name: + type: string + subnet_name: + type: string + security_group_name: + type: string diff --git a/core/src/epicli/data/azure/validation/infrastructure/subnet.yml b/core/src/epicli/data/azure/validation/infrastructure/subnet.yml index 89807aa970..1c19b3187a 100644 --- a/core/src/epicli/data/azure/validation/infrastructure/subnet.yml +++ b/core/src/epicli/data/azure/validation/infrastructure/subnet.yml @@ -1 +1,11 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Subnet specification schema" +description: "Subnet specification schema" +type: object +properties: + name: + type: string + address_prefix: + type: string + security_group_name: + type: string diff --git a/core/src/epicli/data/azure/validation/infrastructure/virtual-machine.yml b/core/src/epicli/data/azure/validation/infrastructure/virtual-machine.yml index 89807aa970..557ac842be 100644 --- a/core/src/epicli/data/azure/validation/infrastructure/virtual-machine.yml +++ b/core/src/epicli/data/azure/validation/infrastructure/virtual-machine.yml @@ -1 +1,97 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Virtual-machine specification schema" +description: "Virtual-machine specification schema" +type: object +properties: + name: + type: string + admin_username: + type: string + admin_password: + type: string + public_key: + type: string + network_interface_name: + type: string + availability_set_name: + type: string + tags: + type: array + items: + items: {} + os_type: + type: string + size: + type: string + use_cloud_init_custom_data: + type: boolean + storage_image_reference: + type: object + properties: + publisher: + type: string + offer: + type: string + sku: + type: string + version: + type: string + storage_os_disk: + type: object + properties: + delete_on_termination: + type: boolean + managed: + type: boolean + caching: + type: string + create_option: + type: string + disk_size_gb: + type: integer + managed_disk_type: + type: string + network_interface: + type: object + properties: + enable_accelerated_networking: + type: boolean + private_ip: + type: 'null' + public_ip: + type: object + properties: + allocation_method: + type: string + idle_timeout_in_minutes: + type: integer + sku: + type: string + security: + type: object + properties: + rules: + type: array + items: + type: object + properties: + name: + type: string + description: + type: string + priority: + type: integer + direction: + type: string + access: + type: string + protocol: + type: string + source_port_range: + type: string + destination_port_range: + type: string + source_address_prefix: + type: string + destination_address_prefix: + type: string diff --git a/core/src/epicli/data/azure/validation/infrastructure/vnet.yml b/core/src/epicli/data/azure/validation/infrastructure/vnet.yml index 89807aa970..db1a88b6d9 100644 --- a/core/src/epicli/data/azure/validation/infrastructure/vnet.yml +++ b/core/src/epicli/data/azure/validation/infrastructure/vnet.yml @@ -1 +1,9 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Vnet specification schema" +description: "Vnet specification schema" +type: object +properties: + name: + type: string + address_space: + type: string diff --git a/core/src/epicli/data/common/defaults/configuration/feature-mapping.yml b/core/src/epicli/data/common/defaults/configuration/feature-mapping.yml index b84b072ff6..9aa514dbc7 100644 --- a/core/src/epicli/data/common/defaults/configuration/feature-mapping.yml +++ b/core/src/epicli/data/common/defaults/configuration/feature-mapping.yml @@ -4,59 +4,59 @@ name: default specification: available_roles: - name: repository - enabled: yes + enabled: true - name: firewall - enabled: yes + enabled: true - name: image-registry - enabled: yes + enabled: true - name: kubernetes-master - enabled: yes + enabled: true - name: kubernetes-node - enabled: yes + enabled: true - name: helm - enabled: yes + enabled: true - name: logging - enabled: yes + enabled: true - name: opendistro-for-elasticsearch - enabled: yes + enabled: true - name: elasticsearch-curator - enabled: yes + enabled: true - name: kibana - enabled: yes + enabled: true - name: filebeat - enabled: yes + enabled: true - name: logstash - enabled: yes + enabled: true - name: prometheus - enabled: yes + enabled: true - name: grafana - enabled: yes + enabled: true - name: node-exporter - enabled: yes + enabled: true - name: jmx-exporter - enabled: yes + enabled: true - name: zookeeper - enabled: yes + enabled: true - name: kafka - enabled: yes + enabled: true - name: rabbitmq - enabled: yes + enabled: true - name: kafka-exporter - enabled: yes + enabled: true - name: postgresql - enabled: yes + enabled: true - name: postgres-exporter - enabled: yes + enabled: true - name: haproxy - enabled: yes + enabled: true - name: haproxy-exporter - enabled: yes + enabled: true - name: vault - enabled: yes + enabled: true - name: applications - enabled: yes + enabled: true - name: ignite - enabled: yes + enabled: true roles_mapping: kafka: diff --git a/core/src/epicli/data/common/defaults/configuration/grafana.yml b/core/src/epicli/data/common/defaults/configuration/grafana.yml index 67623d0067..5a8277ac63 100644 --- a/core/src/epicli/data/common/defaults/configuration/grafana.yml +++ b/core/src/epicli/data/common/defaults/configuration/grafana.yml @@ -183,7 +183,7 @@ specification: # concurrent_render_limit: 5 # Grafana logging configuration - grafana_log: + grafana_log: {} # mode: 'console file' # level: info diff --git a/core/src/epicli/data/common/defaults/configuration/haproxy.yml b/core/src/epicli/data/common/defaults/configuration/haproxy.yml index 495ecd62da..d3c64c5ca7 100644 --- a/core/src/epicli/data/common/defaults/configuration/haproxy.yml +++ b/core/src/epicli/data/common/defaults/configuration/haproxy.yml @@ -17,7 +17,7 @@ specification: frontend: - name: https_front port: 443 - https: yes + https: true backend: - http_back1 backend: # example backend config below diff --git a/core/src/epicli/data/common/defaults/configuration/kubernetes-master.yml b/core/src/epicli/data/common/defaults/configuration/kubernetes-master.yml index c30c7bc8b9..4b7d14f893 100644 --- a/core/src/epicli/data/common/defaults/configuration/kubernetes-master.yml +++ b/core/src/epicli/data/common/defaults/configuration/kubernetes-master.yml @@ -35,7 +35,7 @@ specification: expiration_days: 365 # values greater than 24855 are not recommended renew: false etcd_args: - encrypted: yes + encrypted: true kubeconfig: local: api_server: diff --git a/core/src/epicli/data/common/validation/configuration/applications.yml b/core/src/epicli/data/common/validation/configuration/applications.yml index 89807aa970..38d876773c 100644 --- a/core/src/epicli/data/common/validation/configuration/applications.yml +++ b/core/src/epicli/data/common/validation/configuration/applications.yml @@ -1 +1,337 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Application specification schema" +description: "Application specification schema" +type: object +properties: + applications: + type: array + items: + - type: object + properties: + name: + type: string + enabled: + type: boolean + image_path: + type: string + use_local_image_registry: + type: boolean + namespace: + type: string + service: + type: object + properties: + rest_nodeport: + type: integer + sql_nodeport: + type: integer + thinclients_nodeport: + type: integer + replicas: + type: integer + enabled_plugins: + type: array + items: + - type: string + - type: string + - type: object + properties: + name: + type: string + enabled: + type: boolean + image_path: + type: string + use_local_image_registry: + type: boolean + service: + type: object + properties: + name: + type: string + port: + type: integer + management_port: + type: integer + replicas: + type: integer + namespace: + type: string + rabbitmq: + type: object + properties: + plugins: + type: array + items: + - type: string + - type: string + policies: + type: array + items: + - type: object + properties: + name: + type: string + pattern: + type: string + definitions: + type: object + properties: + ha-mode: + type: string + custom_configurations: + type: array + items: + - type: object + properties: + name: + type: string + value: + type: number + cluster: + type: 'null' + - type: object + properties: + name: + type: string + enabled: + type: boolean + image_path: + type: string + use_local_image_registry: + type: boolean + service: + type: object + properties: + name: + type: string + port: + type: integer + replicas: + type: integer + namespace: + type: string + admin_user: + type: string + admin_password: + type: string + database: + type: object + properties: + name: + type: string + user: + type: string + password: + type: string + - type: object + properties: + name: + type: string + enabled: + type: boolean + image: + type: object + properties: + path: + type: string + debug: + type: boolean + use_local_image_registry: + type: boolean + namespace: + type: string + service: + type: object + properties: + name: + type: string + port: + type: integer + replicas: + type: integer + pod_spec: + type: object + properties: + affinity: + type: object + properties: + podAntiAffinity: + type: object + properties: + preferredDuringSchedulingIgnoredDuringExecution: + type: array + items: + - type: object + properties: + weight: + type: integer + podAffinityTerm: + type: object + properties: + labelSelector: + type: object + properties: + matchExpressions: + type: array + items: + - type: object + properties: + key: + type: string + operator: + type: string + values: + type: array + items: + - type: string + topologyKey: + type: string + nodeSelector: + type: object + tolerations: + type: object + resources: + type: object + properties: + limits: + type: object + properties: + memory: + type: string + requests: + type: object + properties: + cpu: + type: string + memory: + type: string + pgpool: + type: object + properties: + env: + type: object + properties: + PGPOOL_BACKEND_NODES: + type: string + PGPOOL_POSTGRES_USERNAME: + type: string + PGPOOL_SR_CHECK_USER: + type: string + PGPOOL_ADMIN_USERNAME: + type: string + PGPOOL_ENABLE_LOAD_BALANCING: + type: boolean + PGPOOL_MAX_POOL: + type: integer + PGPOOL_POSTGRES_PASSWORD_FILE: + type: string + PGPOOL_SR_CHECK_PASSWORD_FILE: + type: string + PGPOOL_ADMIN_PASSWORD_FILE: + type: string + secrets: + type: object + properties: + pgpool_postgres_password: + type: string + pgpool_sr_check_password: + type: string + pgpool_admin_password: + type: string + pgpool_conf_content_to_append: + type: string + pool_hba_conf: + type: string + - type: object + properties: + name: + type: string + enabled: + type: boolean + image_path: + type: string + init_image_path: + type: string + use_local_image_registry: + type: boolean + namespace: + type: string + service: + type: object + properties: + name: + type: string + port: + type: integer + replicas: + type: integer + resources: + type: object + properties: + requests: + type: object + properties: + cpu: + type: string + memory: + type: string + limits: + type: object + properties: + cpu: + type: string + memory: + type: string + pgbouncer: + type: object + properties: + env: + type: object + properties: + DB_HOST: + type: string + DB_LISTEN_PORT: + type: integer + LISTEN_ADDR: + type: string + LISTEN_PORT: + type: integer + AUTH_FILE: + type: string + AUTH_TYPE: + type: string + MAX_CLIENT_CONN: + type: integer + DEFAULT_POOL_SIZE: + type: integer + RESERVE_POOL_SIZE: + type: integer + POOL_MODE: + type: string + - type: object + properties: + name: + type: string + enabled: + type: boolean + use_local_image_registry: + type: boolean + namespaces: + type: object + properties: + operator: + type: string + watched: + type: array + items: + - type: string + istio: + type: string + istio_spec: + type: object + properties: + profile: + type: string + name: + type: string diff --git a/core/src/epicli/data/common/validation/configuration/backup.yml b/core/src/epicli/data/common/validation/configuration/backup.yml index c61f718127..1f196f6638 100644 --- a/core/src/epicli/data/common/validation/configuration/backup.yml +++ b/core/src/epicli/data/common/validation/configuration/backup.yml @@ -79,4 +79,3 @@ properties: enabled: "$id": "#/properties/specification/properties/components/properties/kubernetes/properties/enabled" type: boolean - diff --git a/core/src/epicli/data/common/validation/configuration/elasticsearch-curator.yml b/core/src/epicli/data/common/validation/configuration/elasticsearch-curator.yml index 89807aa970..906b0afeba 100644 --- a/core/src/epicli/data/common/validation/configuration/elasticsearch-curator.yml +++ b/core/src/epicli/data/common/validation/configuration/elasticsearch-curator.yml @@ -1 +1,60 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Elasticsearch-curator specification schema" +description: "Elasticsearch-curator specification schema" +type: object +properties: + delete_indices_cron_jobs: + type: array + items: + - type: object + properties: + description: + type: string + cron: + type: object + properties: + hour: + type: integer + minute: + type: integer + enabled: + type: boolean + filter_list: + type: array + items: + - type: object + properties: + filtertype: + type: string + unit_count: + type: integer + unit: + type: string + source: + type: string + direction: + type: string + - type: object + properties: + description: + type: string + cron: + type: object + properties: + minute: + type: integer + enabled: + type: boolean + filter_list: + type: array + items: + - type: object + properties: + filtertype: + type: string + disk_space: + type: integer + use_age: + type: boolean + source: + type: string diff --git a/core/src/epicli/data/common/validation/configuration/elasticsearch.yml b/core/src/epicli/data/common/validation/configuration/elasticsearch.yml deleted file mode 100644 index 89807aa970..0000000000 --- a/core/src/epicli/data/common/validation/configuration/elasticsearch.yml +++ /dev/null @@ -1 +0,0 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file diff --git a/core/src/epicli/data/common/validation/configuration/feature-mapping.yml b/core/src/epicli/data/common/validation/configuration/feature-mapping.yml index 89807aa970..ae6cd504b0 100644 --- a/core/src/epicli/data/common/validation/configuration/feature-mapping.yml +++ b/core/src/epicli/data/common/validation/configuration/feature-mapping.yml @@ -1 +1,69 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Feature-mapping specification schema" +description: "Feature-mapping specification schema" +type: object +properties: + available_roles: + type: array + items: + type: object + properties: + name: + type: string + enabled: + type: boolean + roles_mapping: + type: object + properties: + kafka: + type: array + items: + type: string + rabbitmq: + type: array + items: + type: string + logging: + type: array + items: + type: string + load_balancer: + type: array + items: + type: string + monitoring: + type: array + items: + type: string + postgresql: + type: array + items: + type: string + custom: + type: array + items: + type: string + single_machine: + type: array + items: + type: string + kubernetes_master: + type: array + items: + type: string + kubernetes_node: + type: array + items: + type: string + ignite: + type: array + items: + type: string + opendistro_for_elasticsearch: + type: array + items: + type: string + repository: + type: array + items: + type: string diff --git a/core/src/epicli/data/common/validation/configuration/filebeat.yml b/core/src/epicli/data/common/validation/configuration/filebeat.yml index 89807aa970..02c7af95dc 100644 --- a/core/src/epicli/data/common/validation/configuration/filebeat.yml +++ b/core/src/epicli/data/common/validation/configuration/filebeat.yml @@ -1 +1,29 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Filebeat specification schema" +description: "Filebeat specification schema" +type: object +properties: + kibana: + type: object + properties: + dashboards: + type: object + properties: + index: + type: string + enabled: + type: string + disable_helm_chart: + type: boolean + postgresql_input: + type: object + properties: + multiline: + type: object + properties: + pattern: + type: string + negate: + type: boolean + match: + type: string diff --git a/core/src/epicli/data/common/validation/configuration/firewall.yml b/core/src/epicli/data/common/validation/configuration/firewall.yml index 89807aa970..8ab744ab04 100644 --- a/core/src/epicli/data/common/validation/configuration/firewall.yml +++ b/core/src/epicli/data/common/validation/configuration/firewall.yml @@ -1 +1,199 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Firewall specification schema" +description: "Firewall specification schema" +type: object +properties: + Debian: + type: object + properties: + install_firewalld: + type: boolean + firewall_service_enabled: + type: boolean + apply_configuration: + type: boolean + managed_zone_name: + type: string + rules: + type: object + properties: + applications: + type: object + properties: + enabled: + type: boolean + ports: + type: array + items: + type: string + common: + type: object + properties: + enabled: + type: boolean + ports: + type: array + items: + type: string + grafana: + type: object + properties: + enabled: + type: boolean + ports: + type: array + items: + type: string + haproxy: + type: object + properties: + enabled: + type: boolean + ports: + type: array + items: + type: string + haproxy_exporter: + type: object + properties: + enabled: + type: boolean + ports: + type: array + items: + type: string + ignite: + type: object + properties: + enabled: + type: boolean + ports: + type: array + items: + type: string + image_registry: + type: object + properties: + enabled: + type: boolean + ports: + type: array + items: + type: string + jmx_exporter: + type: object + properties: + enabled: + type: boolean + ports: + type: array + items: + type: string + kafka: + type: object + properties: + enabled: + type: boolean + ports: + type: array + items: + type: string + kafka_exporter: + type: object + properties: + enabled: + type: boolean + ports: + type: array + items: + type: string + kibana: + type: object + properties: + enabled: + type: boolean + ports: + type: array + items: + type: string + kubernetes_master: + type: object + properties: + enabled: + type: boolean + ports: + type: array + items: + type: string + kubernetes_node: + type: object + properties: + enabled: + type: boolean + ports: + type: array + items: + type: string + logging: + type: object + properties: + enabled: + type: boolean + ports: + type: array + items: + type: string + node_exporter: + type: object + properties: + enabled: + type: boolean + ports: + type: array + items: + type: string + opendistro_for_elasticsearch: + type: object + properties: + enabled: + type: boolean + ports: + type: array + items: + type: string + postgresql: + type: object + properties: + enabled: + type: boolean + ports: + type: array + items: + type: string + prometheus: + type: object + properties: + enabled: + type: boolean + ports: + type: array + items: + type: string + rabbitmq: + type: object + properties: + enabled: + type: boolean + ports: + type: array + items: + type: string + zookeeper: + type: object + properties: + enabled: + type: boolean + ports: + type: array + items: + type: string diff --git a/core/src/epicli/data/common/validation/configuration/grafana.yml b/core/src/epicli/data/common/validation/configuration/grafana.yml index 89807aa970..d107fe4d41 100644 --- a/core/src/epicli/data/common/validation/configuration/grafana.yml +++ b/core/src/epicli/data/common/validation/configuration/grafana.yml @@ -1 +1,376 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Grafana specification schema" +description: "Grafana specification schema" +type: object +properties: + grafana_logs_dir: + type: string + grafana_data_dir: + type: string + grafana_address: + type: string + grafana_port: + type: integer + grafana_provisioning_synced: + type: boolean + grafana_url: + type: string + grafana_server: + type: object + properties: + protocol: + type: string + enforce_domain: + type: boolean + socket: + type: string + cert_key: + type: string + cert_file: + type: string + enable_gzip: + type: boolean + static_root_path: + type: string + router_logging: + type: boolean + grafana_security: + type: object + properties: + admin_user: + type: string + admin_password: + type: string + secret_key: + type: string + login_remember_days: + type: integer + cookie_username: + type: string + cookie_remember_name: + type: string + disable_gravatar: + type: boolean + data_source_proxy_whitelist: + type: 'null' + grafana_database: + type: object + properties: + type: + type: string + host: + type: string + name: + type: string + user: + type: string + password: + type: string + url: + type: string + ssl_mode: + type: string + path: + type: string + max_idle_conn: + type: integer + max_open_conn: + type: string + log_queries: + type: string + grafana_external_dashboards: + type: array + items: + type: object + properties: + dashboard_id: + type: string + datasource: + type: string + grafana_online_dashboards: + type: array + items: + type: object + properties: + dashboard_id: + type: string + revision_id: + type: string + grafana_dashboards_dir: + type: string + grafana_welcome_email_on_sign_up: + type: boolean + grafana_users: + type: object + properties: + allow_sign_up: + type: boolean + allow_org_create: + type: boolean + auto_assign_org: + type: boolean + auto_assign_org_role: + type: string + login_hint: + type: string + default_theme: + type: string + external_manage_link_url: + type: string + external_manage_link_name: + type: string + external_manage_info: + type: string + grafana_auth: + type: object + properties: + disable_login_form: + type: boolean + disable_signout_menu: + type: boolean + anonymous: + type: object + properties: + org_name: + type: string + org_role: + type: string + ldap: + type: object + properties: + config_file: + type: string + allow_sign_up: + type: boolean + basic: + type: object + properties: + enabled: + type: boolean + grafana_ldap: + type: object + properties: + verbose_logging: + type: boolean + servers: + type: object + properties: + host: + type: string + port: + type: integer + use_ssl: + type: boolean + start_tls: + type: boolean + ssl_skip_verify: + type: boolean + root_ca_cert: + type: string + bind_dn: + type: string + bind_password: + type: string + search_filter: + type: string + search_base_dns: + type: array + items: + type: string + group_search_filter: + type: string + group_search_base_dns: + type: array + items: + type: string + attributes: + type: object + properties: + name: + type: string + surname: + type: string + username: + type: string + member_of: + type: string + email: + type: string + group_mappings: + type: array + items: + type: object + properties: + name: + type: string + id: + type: integer + groups: + type: array + items: + type: object + properties: + group_dn: + type: string + org_role: + type: string + grafana_session: + type: object + properties: + provider: + type: string + provider_config: + type: string + grafana_analytics: + type: object + properties: + reporting_enabled: + type: boolean + google_analytics_ua_id: + type: string + grafana_smtp: + type: object + properties: + host: + type: string + user: + type: string + password: + type: string + from_address: + type: string + grafana_alerting: + type: object + properties: + execute_alerts: + type: boolean + error_or_timeout: + type: string + nodata_or_nullvalues: + type: string + concurrent_render_limit: + type: integer + grafana_log: + type: object + properties: + mode: + type: string + level: + type: string + grafana_metrics: + type: object + properties: + interval_seconds: + type: integer + graphite: + type: object + properties: + address: + type: string + prefix: + type: string + grafana_tracing: + type: object + properties: + address: + type: string + always_included_tag: + type: string + sampler_type: + type: string + sampler_param: + type: integer + grafana_snapshots: + type: object + properties: + external_enabled: + type: boolean + external_snapshot_url: + type: string + external_snapshot_name: + type: string + snapshot_remove_expired: + type: boolean + snapshot_TTL_days: + type: integer + grafana_image_storage: + type: object + properties: + provider: + type: string + key_file: + type: string + bucket: + type: string + path: + type: string + grafana_plugins: + type: array + items: + type: string + grafana_alert_notifications: + type: array + items: + type: object + properties: + name: + type: string + type: + type: string + isDefault: + type: boolean + settings: + type: object + properties: + addresses: + type: string + grafana_datasources: + type: array + items: + type: object + properties: + name: + type: string + type: + type: string + access: + type: string + url: + type: string + basicAuth: + type: boolean + basicAuthUser: + type: string + basicAuthPassword: + type: string + isDefault: + type: boolean + editable: + type: boolean + jsonData: + type: object + properties: + tlsAuth: + type: boolean + tlsAuthWithCACert: + type: boolean + tlsSkipVerify: + type: boolean + grafana_api_keys: + type: array + items: + type: object + properties: + name: + type: string + role: + type: string + grafana_logging: + type: object + properties: + log_rotate: + type: boolean + daily_rotate: + type: boolean + max_days: + type: integer diff --git a/core/src/epicli/data/common/validation/configuration/haproxy-exporter.yml b/core/src/epicli/data/common/validation/configuration/haproxy-exporter.yml index 89807aa970..5466cbc822 100644 --- a/core/src/epicli/data/common/validation/configuration/haproxy-exporter.yml +++ b/core/src/epicli/data/common/validation/configuration/haproxy-exporter.yml @@ -1 +1,25 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Haproxy-exporter specification schema" +description: "Haproxy-exporter specification schema" +type: object +properties: + description: + type: string + web_listen_port: + type: string + config_for_prometheus: + type: object + properties: + exporter_listen_port: + type: string + prometheus_config_dir: + type: string + file_sd_labels: + type: array + items: + type: object + properties: + label: + type: string + value: + type: string diff --git a/core/src/epicli/data/common/validation/configuration/haproxy.yml b/core/src/epicli/data/common/validation/configuration/haproxy.yml index 89807aa970..4e2b5c8400 100644 --- a/core/src/epicli/data/common/validation/configuration/haproxy.yml +++ b/core/src/epicli/data/common/validation/configuration/haproxy.yml @@ -1 +1,56 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Haproxy specification schema" +description: "Haproxy specification schema" +type: object +properties: + logs_max_days: + type: integer + self_signed_certificate_name: + type: string + self_signed_private_key_name: + type: string + self_signed_concatenated_cert_name: + type: string + haproxy_log_path: + type: string + stats: + type: object + properties: + enable: + type: boolean + bind_address: + type: string + uri: + type: string + user: + type: string + password: + type: string + frontend: + type: array + items: + type: object + properties: + name: + type: string + port: + type: integer + https: + type: boolean + backend: + type: array + items: + type: string + backend: + type: array + items: + type: object + properties: + name: + type: string + server_groups: + type: array + items: + type: string + port: + type: integer diff --git a/core/src/epicli/data/common/validation/configuration/helm.yml b/core/src/epicli/data/common/validation/configuration/helm.yml index 89807aa970..777489b9e0 100644 --- a/core/src/epicli/data/common/validation/configuration/helm.yml +++ b/core/src/epicli/data/common/validation/configuration/helm.yml @@ -1 +1,7 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Helm specification schema" +description: "Helm specification schema" +type: object +properties: + apache_epirepo_path: + type: string diff --git a/core/src/epicli/data/common/validation/configuration/ignite.yml b/core/src/epicli/data/common/validation/configuration/ignite.yml index 89807aa970..195e69d462 100644 --- a/core/src/epicli/data/common/validation/configuration/ignite.yml +++ b/core/src/epicli/data/common/validation/configuration/ignite.yml @@ -1 +1,11 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Ignite specification schema" +description: "Ignite specification schema" +type: object +properties: + enabled_plugins: + type: array + items: + type: string + config: + type: string diff --git a/core/src/epicli/data/common/validation/configuration/image-registry.yml b/core/src/epicli/data/common/validation/configuration/image-registry.yml index 89807aa970..aaf08f8f03 100644 --- a/core/src/epicli/data/common/validation/configuration/image-registry.yml +++ b/core/src/epicli/data/common/validation/configuration/image-registry.yml @@ -1 +1,72 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Image-registry specification schema" +description: "Image-registry specification schema" +type: object +properties: + description: + type: string + registry_image: + type: object + properties: + name: + type: string + file_name: + type: string + images_to_load: + type: object + properties: + x86_64: + type: object + properties: + generic: + type: array + items: + type: object + properties: + name: + type: string + file_name: + type: string + current: + type: array + items: + type: object + properties: + name: + type: string + file_name: + type: string + legacy: + type: array + items: + type: object + properties: + name: + type: string + file_name: + type: string + aarch64: + type: object + properties: + generic: + type: array + items: + type: object + properties: + name: + type: string + file_name: + type: string + current: + type: array + items: + type: object + properties: + name: + type: string + file_name: + type: string + legacy: + type: array + items: + items: {} diff --git a/core/src/epicli/data/common/validation/configuration/jmx-exporter.yml b/core/src/epicli/data/common/validation/configuration/jmx-exporter.yml index 89807aa970..1dcfbd2a94 100644 --- a/core/src/epicli/data/common/validation/configuration/jmx-exporter.yml +++ b/core/src/epicli/data/common/validation/configuration/jmx-exporter.yml @@ -1 +1,15 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Jmx-exporter specification schema" +description: "Jmx-exporter specification schema" +type: object +properties: + file_name: + type: string + jmx_path: + type: string + jmx_jars_directory: + type: string + jmx_exporter_user: + type: string + jmx_exporter_group: + type: string diff --git a/core/src/epicli/data/common/validation/configuration/kafka-exporter.yml b/core/src/epicli/data/common/validation/configuration/kafka-exporter.yml index 89807aa970..e98fe687f1 100644 --- a/core/src/epicli/data/common/validation/configuration/kafka-exporter.yml +++ b/core/src/epicli/data/common/validation/configuration/kafka-exporter.yml @@ -1 +1,29 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Kafka-exporter specification schema" +description: "Kafka-exporter specification schema" +type: object +properties: + description: + type: string + web_listen_port: + type: string + config_flags: + type: array + items: + type: string + config_for_prometheus: + type: object + properties: + exporter_listen_port: + type: string + prometheus_config_dir: + type: string + file_sd_labels: + type: array + items: + type: object + properties: + label: + type: string + value: + type: string diff --git a/core/src/epicli/data/common/validation/configuration/kafka.yml b/core/src/epicli/data/common/validation/configuration/kafka.yml index 89807aa970..df937774e2 100644 --- a/core/src/epicli/data/common/validation/configuration/kafka.yml +++ b/core/src/epicli/data/common/validation/configuration/kafka.yml @@ -1 +1,167 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Kafka specification schema" +description: "Kafka specification schema" +type: object +properties: + kafka_var: + type: object + properties: + enabled: + type: boolean + admin: + type: string + admin_pwd: + type: string + javax_net_debug: + type: string + security: + type: object + properties: + ssl: + type: object + properties: + enabled: + type: boolean + port: + type: integer + server: + type: object + properties: + local_cert_download_path: + type: string + keystore_location: + type: string + truststore_location: + type: string + cert_validity: + type: integer + passwords: + type: object + properties: + keystore: + type: string + truststore: + type: string + key: + type: string + endpoint_identification_algorithm: + type: string + client_auth: + type: string + encrypt_at_rest: + type: boolean + inter_broker_protocol: + type: string + authorization: + type: object + properties: + enabled: + type: boolean + authorizer_class_name: + type: string + allow_everyone_if_no_acl_found: + type: boolean + super_users: + type: array + items: + type: string + users: + type: array + items: + type: object + properties: + name: + type: string + topic: + type: string + authentication: + type: object + properties: + enabled: + type: boolean + authentication_method: + type: string + sasl_mechanism_inter_broker_protocol: + type: 'null' + sasl_enabled_mechanisms: + type: string + sha: + type: string + port: + type: integer + min_insync_replicas: + type: integer + default_replication_factor: + type: integer + offsets_topic_replication_factor: + type: integer + num_recovery_threads_per_data_dir: + type: integer + num_replica_fetchers: + type: integer + replica_fetch_max_bytes: + type: integer + replica_socket_receive_buffer_bytes: + type: integer + partitions: + type: integer + log_retention_hours: + type: integer + log_retention_bytes: + type: integer + offset_retention_minutes: + type: integer + heap_opts: + type: string + opts: + type: string + jmx_opts: + type: 'null' + max_incremental_fetch_session_cache_slots: + type: integer + controlled_shutdown_enable: + type: boolean + group: + type: string + user: + type: string + conf_dir: + type: string + data_dir: + type: string + log_dir: + type: string + socket_settings: + type: object + properties: + network_threads: + type: integer + io_threads: + type: integer + send_buffer_bytes: + type: integer + receive_buffer_bytes: + type: integer + request_max_bytes: + type: integer + zookeeper_set_acl: + type: boolean + zookeeper_hosts: + type: string + jmx_exporter_user: + type: string + jmx_exporter_group: + type: string + prometheus_jmx_path: + type: string + prometheus_jmx_exporter_web_listen_port: + type: integer + prometheus_jmx_config: + type: string + prometheus_config_dir: + type: string + prometheus_kafka_jmx_file_sd_labels: + type: object + properties: + job: + type: string diff --git a/core/src/epicli/data/common/validation/configuration/kibana.yml b/core/src/epicli/data/common/validation/configuration/kibana.yml index 89807aa970..17b77c2e15 100644 --- a/core/src/epicli/data/common/validation/configuration/kibana.yml +++ b/core/src/epicli/data/common/validation/configuration/kibana.yml @@ -1 +1,7 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Kibana specification schema" +description: "Kibana specification schema" +type: object +properties: + kibana_log_dir: + type: string diff --git a/core/src/epicli/data/common/validation/configuration/kubernetes-master.yml b/core/src/epicli/data/common/validation/configuration/kubernetes-master.yml index d5484005e7..3404593b1d 100644 --- a/core/src/epicli/data/common/validation/configuration/kubernetes-master.yml +++ b/core/src/epicli/data/common/validation/configuration/kubernetes-master.yml @@ -1,6 +1,6 @@ "$id": "#/specification" -title: "K8s specification schema" -description: "K8s specification schema" +title: "K8s-master specification schema" +description: "K8s-master specification schema" type: object properties: advanced: diff --git a/core/src/epicli/data/common/validation/configuration/kubernetes-node.yml b/core/src/epicli/data/common/validation/configuration/kubernetes-node.yml index 89807aa970..c203483d16 100644 --- a/core/src/epicli/data/common/validation/configuration/kubernetes-node.yml +++ b/core/src/epicli/data/common/validation/configuration/kubernetes-node.yml @@ -1 +1,11 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "K8s-nodes specification schema" +description: "K8s-nodes specification schema" +type: object +properties: + version: + type: string + cni_version: + type: string + node_labels: + type: string diff --git a/core/src/epicli/data/common/validation/configuration/logging.yml b/core/src/epicli/data/common/validation/configuration/logging.yml index 89807aa970..2a434160a0 100644 --- a/core/src/epicli/data/common/validation/configuration/logging.yml +++ b/core/src/epicli/data/common/validation/configuration/logging.yml @@ -1 +1,45 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Logging specification schema" +description: "Logging specification schema" +type: object +properties: + cluster_name: + type: string + admin_password: + type: string + kibanaserver_password: + type: string + kibanaserver_user_active: + type: boolean + logstash_password: + type: string + logstash_user_active: + type: boolean + demo_users_to_remove: + type: array + items: {} + paths: + type: object + properties: + data: + type: string + repo: + type: string + logs: + type: string + jvm_options: + type: object + properties: + Xmx: + type: string + opendistro_security: + type: object + properties: + ssl: + type: object + properties: + transport: + type: object + properties: + enforce_hostname_verification: + type: boolean diff --git a/core/src/epicli/data/common/validation/configuration/logstash.yml b/core/src/epicli/data/common/validation/configuration/logstash.yml index e476595b41..b7e3f6cf9c 100644 --- a/core/src/epicli/data/common/validation/configuration/logstash.yml +++ b/core/src/epicli/data/common/validation/configuration/logstash.yml @@ -1 +1,4 @@ -$ref: '#/definitions/unvalidated_specification' +"$id": "#/specification" +title: "Logstash specification schema" +description: "Logstash specification schema" +type: object diff --git a/core/src/epicli/data/common/validation/configuration/node-exporter.yml b/core/src/epicli/data/common/validation/configuration/node-exporter.yml index 89807aa970..2d65589397 100644 --- a/core/src/epicli/data/common/validation/configuration/node-exporter.yml +++ b/core/src/epicli/data/common/validation/configuration/node-exporter.yml @@ -1 +1,50 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Node-exporter specification schema" +description: "Node-exporter specification schema" +type: object +properties: + disable_helm_chart: + type: boolean + helm_chart_values: + type: object + properties: + service: + type: object + properties: + port: + type: integer + targetPort: + type: integer + files: + type: object + properties: + node_exporter_helm_chart_file_name: + type: string + enabled_collectors: + type: array + items: + type: string + config_flags: + type: array + items: + type: string + web_listen_port: + type: string + web_listen_address: + type: string + config_for_prometheus: + type: object + properties: + exporter_listen_port: + type: string + prometheus_config_dir: + type: string + file_sd_labels: + type: array + items: + type: object + properties: + label: + type: string + value: + type: string diff --git a/core/src/epicli/data/common/validation/configuration/opendistro-for-elasticsearch.yml b/core/src/epicli/data/common/validation/configuration/opendistro-for-elasticsearch.yml index 89807aa970..3992bc36ab 100644 --- a/core/src/epicli/data/common/validation/configuration/opendistro-for-elasticsearch.yml +++ b/core/src/epicli/data/common/validation/configuration/opendistro-for-elasticsearch.yml @@ -1 +1,48 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Opendistro-for-elasticsearch specification schema" +description: "Opendistro-for-elasticsearch specification schema" +type: object +properties: + cluster_name: + type: string + clustered: + type: boolean + admin_password: + type: string + kibanaserver_password: + type: string + kibanaserver_user_active: + type: boolean + logstash_password: + type: string + logstash_user_active: + type: boolean + demo_users_to_remove: + type: array + items: + type: string + paths: + type: object + properties: + data: + type: string + repo: + type: string + logs: + type: string + jvm_options: + type: object + properties: + Xmx: + type: string + opendistro_security: + type: object + properties: + ssl: + type: object + properties: + transport: + type: object + properties: + enforce_hostname_verification: + type: boolean diff --git a/core/src/epicli/data/common/validation/configuration/postgres-exporter.yml b/core/src/epicli/data/common/validation/configuration/postgres-exporter.yml index 89807aa970..e4b9227047 100644 --- a/core/src/epicli/data/common/validation/configuration/postgres-exporter.yml +++ b/core/src/epicli/data/common/validation/configuration/postgres-exporter.yml @@ -1 +1,25 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Postgres-exporter specification schema" +description: "Postgres-exporter specification schema" +type: object +properties: + config_flags: + type: array + items: + type: string + config_for_prometheus: + type: object + properties: + exporter_listen_port: + type: string + prometheus_config_dir: + type: string + file_sd_labels: + type: array + items: + type: object + properties: + label: + type: string + value: + type: string diff --git a/core/src/epicli/data/common/validation/configuration/postgresql.yml b/core/src/epicli/data/common/validation/configuration/postgresql.yml index 89807aa970..f0b22b0dd5 100644 --- a/core/src/epicli/data/common/validation/configuration/postgresql.yml +++ b/core/src/epicli/data/common/validation/configuration/postgresql.yml @@ -1 +1,106 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Postgresql specification schema" +description: "Postgresql specification schema" +type: object +properties: + config_file: + type: object + properties: + parameter_groups: + type: array + items: + type: object + properties: + name: + type: string + subgroups: + type: array + items: + type: object + properties: + name: + type: string + parameters: + type: array + items: + type: object + properties: + name: + type: string + value: + type: + - string + - integer + comment: + type: string + when: + type: string + extensions: + type: object + properties: + pgaudit: + type: object + properties: + enabled: + type: boolean + shared_preload_libraries: + type: array + items: + type: string + config_file_parameters: + type: object + properties: + log_connections: + type: string + log_disconnections: + type: string + log_statement: + type: string + log_line_prefix: + type: string + pgaudit.log: + type: string + pgaudit.log_catalog: + type: string + pgaudit.log_relation: + type: string + pgaudit.log_statement_once: + type: string + pgaudit.log_parameter: + type: string + pgbouncer: + type: object + properties: + enabled: + type: boolean + replication: + type: object + properties: + enabled: + type: boolean + replication_user_name: + type: string + replication_user_password: + type: string + privileged_user_name: + type: string + privileged_user_password: + type: string + repmgr_database: + type: string + shared_preload_libraries: + type: array + items: + type: string + logrotate: + type: object + properties: + pgbouncer: + type: object + properties: + period: + type: string + rotations: + type: integer + postgresql: + type: string diff --git a/core/src/epicli/data/common/validation/configuration/prometheus.yml b/core/src/epicli/data/common/validation/configuration/prometheus.yml index 89807aa970..d7ab835d40 100644 --- a/core/src/epicli/data/common/validation/configuration/prometheus.yml +++ b/core/src/epicli/data/common/validation/configuration/prometheus.yml @@ -1 +1,134 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Prometheus specification schema" +description: "Prometheus specification schema" +type: object +properties: + config_directory: + type: string + storage: + type: object + properties: + data_directory: + type: string + config_flags: + type: array + items: + type: string + metrics_path: + type: string + scrape_interval: + type: string + scrape_timeout: + type: string + evaluation_interval: + type: string + remote_write: + type: array + items: + items: {} + remote_read: + type: array + items: + items: {} + alertmanager: + type: object + properties: + enable: + type: boolean + alert_rules: + type: object + properties: + common: + type: boolean + container: + type: boolean + kafka: + type: boolean + node: + type: boolean + postgresql: + type: boolean + prometheus: + type: boolean + config: + type: object + properties: + global: + type: object + properties: + resolve_timeout: + type: string + smtp_from: + type: string + smtp_smarthost: + type: string + smtp_auth_username: + type: string + smtp_auth_password: + type: string + smtp_require_tls: + type: boolean + route: + type: object + properties: + group_by: + type: array + items: + type: string + group_wait: + type: string + group_interval: + type: string + repeat_interval: + type: string + receiver: + type: string + routes: + type: array + items: + type: object + properties: + match_re: + type: object + properties: + severity: + type: string + receiver: + type: string + continue: + type: boolean + receivers: + type: array + items: + type: object + properties: + name: + type: string + email_configs: + type: array + items: + type: object + properties: + to: + type: string + slack_configs: + type: array + items: + type: object + properties: + api_url: + type: string + pagerduty_configs: + type: array + items: + type: object + properties: + service_key: + type: string + opsgenie_config: + type: object + properties: + api_key: + type: string + api_url: + type: string diff --git a/core/src/epicli/data/common/validation/configuration/rabbitmq.yml b/core/src/epicli/data/common/validation/configuration/rabbitmq.yml index 89807aa970..2fdd3acb01 100644 --- a/core/src/epicli/data/common/validation/configuration/rabbitmq.yml +++ b/core/src/epicli/data/common/validation/configuration/rabbitmq.yml @@ -1 +1,38 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Rabbitmq specification schema" +description: "Rabbitmq specification schema" +type: object +properties: + rabbitmq_user: + type: string + rabbitmq_group: + type: string + stop_service: + type: boolean + logrotate_period: + type: string + logrotate_number: + type: integer + ulimit_open_files: + type: integer + amqp_port: + type: integer + rabbitmq_use_longname: + type: string + rabbitmq_policies: + type: array + items: + items: {} + rabbitmq_plugins: + type: array + items: + items: {} + custom_configurations: + type: array + items: + items: {} + cluster: + type: object + properties: + is_clustered: + type: boolean diff --git a/core/src/epicli/data/common/validation/configuration/repository.yml b/core/src/epicli/data/common/validation/configuration/repository.yml index 89807aa970..319bbe7b42 100644 --- a/core/src/epicli/data/common/validation/configuration/repository.yml +++ b/core/src/epicli/data/common/validation/configuration/repository.yml @@ -1 +1,27 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Repository specification schema" +description: "Repository specification schema" +type: object +properties: + description: + type: string + download_done_flag_expire_minutes: + type: integer + apache_epirepo_path: + type: string + teardown: + type: object + properties: + disable_http_server: + type: boolean + remove: + type: object + properties: + files: + type: boolean + helm_charts: + type: boolean + images: + type: boolean + packages: + type: boolean diff --git a/core/src/epicli/data/common/validation/configuration/shared-config.yml b/core/src/epicli/data/common/validation/configuration/shared-config.yml index 89807aa970..0dfb1a8f9b 100644 --- a/core/src/epicli/data/common/validation/configuration/shared-config.yml +++ b/core/src/epicli/data/common/validation/configuration/shared-config.yml @@ -1 +1,19 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Shared-config specification schema" +description: "Shared-config specification schema" +type: object +properties: + custom_repository_url: + type: string + custom_image_registry_address: + type: string + download_directory: + type: string + vault_location: + type: string + vault_tmp_file_location: + type: string + use_ha_control_plane: + type: boolean + promote_to_ha: + type: boolean diff --git a/core/src/epicli/data/common/validation/configuration/vault.yml b/core/src/epicli/data/common/validation/configuration/vault.yml index 89807aa970..93d5c1b606 100644 --- a/core/src/epicli/data/common/validation/configuration/vault.yml +++ b/core/src/epicli/data/common/validation/configuration/vault.yml @@ -1 +1,100 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Vault specification schema" +description: "Vault specification schema" +type: object +properties: + vault_enabled: + type: boolean + vault_system_user: + type: string + vault_system_group: + type: string + enable_vault_audit_logs: + type: boolean + enable_vault_ui: + type: boolean + vault_script_autounseal: + type: boolean + vault_script_autoconfiguration: + type: boolean + tls_disable: + type: boolean + kubernetes_integration: + type: boolean + kubernetes_configuration: + type: boolean + kubernetes_namespace: + type: string + enable_vault_kubernetes_authentication: + type: boolean + app_secret_path: + type: string + revoke_root_token: + type: boolean + secret_mount_path: + type: string + vault_token_cleanup: + type: boolean + vault_install_dir: + type: string + vault_log_level: + type: string + override_existing_vault_users: + type: boolean + certificate_name: + type: string + private_key_name: + type: string + selfsigned_certificate: + type: object + properties: + country: + type: string + state: + type: string + city: + type: string + company: + type: string + common_name: + type: string + vault_tls_valid_days: + type: integer + vault_users: + type: array + items: + type: object + properties: + name: + type: string + policy: + type: string + files: + type: object + properties: + vault_helm_chart_file_name: + type: string + vault_helm_chart_values: + type: object + properties: + injector: + type: object + properties: + image: + type: object + properties: + repository: + type: string + agentImage: + type: object + properties: + repository: + type: string + server: + type: object + properties: + image: + type: object + properties: + repository: + type: string diff --git a/core/src/epicli/data/common/validation/configuration/zookeeper.yml b/core/src/epicli/data/common/validation/configuration/zookeeper.yml index 89807aa970..eab86b2f04 100644 --- a/core/src/epicli/data/common/validation/configuration/zookeeper.yml +++ b/core/src/epicli/data/common/validation/configuration/zookeeper.yml @@ -1 +1,10 @@ -$ref: '#/definitions/unvalidated_specification' \ No newline at end of file +"$id": "#/specification" +title: "Zookeeper specification schema" +description: "Zookeeper specification schema" +type: object +properties: + static_config_file: + type: object + properties: + configurable_block: + type: string From 114d4b4676e19ce4b76334ff50fc41c1ef7ab06d Mon Sep 17 00:00:00 2001 From: erzetpe <2865776+erzetpe@users.noreply.github.com> Date: Thu, 29 Jul 2021 12:15:01 +0200 Subject: [PATCH 3/5] Python 3 for Centos and RedHat (#2466) * Add python 3 from software collections for RHEL * Install python 3 package * Fix issue with downloading python 3 requirements * Move package to preserve alphabetic order * Add information to changelog * Fix installation packages order --- CHANGELOG-1.2.md | 1 + .../data/common/ansible/playbooks/roles/common/tasks/RedHat.yml | 1 + .../download-requirements/centos-7/requirements.aarch64.txt | 1 + .../files/download-requirements/centos-7/requirements.x86_64.txt | 1 + .../files/download-requirements/redhat-7/requirements.x86_64.txt | 1 + 5 files changed, 5 insertions(+) diff --git a/CHANGELOG-1.2.md b/CHANGELOG-1.2.md index b82913c9c1..cf8655b78b 100644 --- a/CHANGELOG-1.2.md +++ b/CHANGELOG-1.2.md @@ -8,6 +8,7 @@ - [#2127](https://github.com/epiphany-platform/epiphany/issues/2127) - Allow to specify configuration to be used in upgrade mode - [#2397](https://github.com/epiphany-platform/epiphany/issues/2397) - Restart CoreDNS pods conditionally - [#195](https://github.com/epiphany-platform/epiphany/issues/195) - Basic configuration type and schema validation +- [#2434](https://github.com/epiphany-platform/epiphany/issues/2434) - Python 3 installation ### Fixed diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/common/tasks/RedHat.yml b/core/src/epicli/data/common/ansible/playbooks/roles/common/tasks/RedHat.yml index 41220b20aa..1f969005c6 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/common/tasks/RedHat.yml +++ b/core/src/epicli/data/common/ansible/playbooks/roles/common/tasks/RedHat.yml @@ -33,6 +33,7 @@ - net-tools # required by Ansible (module listen_ports_facts) - openssl - python-setuptools + - python3 - rsync - sysstat - tar diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/centos-7/requirements.aarch64.txt b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/centos-7/requirements.aarch64.txt index a882956a60..24ce256cb3 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/centos-7/requirements.aarch64.txt +++ b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/centos-7/requirements.aarch64.txt @@ -92,6 +92,7 @@ python-slip-dbus # for firewalld python-ipaddress python-backports python2-cryptography # for Ansible (certificate modules) +python3-3.6.8 quota # for nfs-utils rabbitmq-server-3.8.9 #rh-haproxy18 diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/centos-7/requirements.x86_64.txt b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/centos-7/requirements.x86_64.txt index b28dc94547..37358fc599 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/centos-7/requirements.x86_64.txt +++ b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/centos-7/requirements.x86_64.txt @@ -93,6 +93,7 @@ python-slip-dbus # for firewalld python-ipaddress python-backports python2-cryptography # for Ansible (certificate modules) +python3-3.6.8 quota # for nfs-utils rabbitmq-server-3.8.9 rh-haproxy18 diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/redhat-7/requirements.x86_64.txt b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/redhat-7/requirements.x86_64.txt index 69b922d905..bcb44ba4f8 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/redhat-7/requirements.x86_64.txt +++ b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/redhat-7/requirements.x86_64.txt @@ -89,6 +89,7 @@ python-pycparser # for python2-cryptography python-setuptools python-slip-dbus # for firewalld python2-cryptography # for Ansible (certificate modules) +python3-3.6.8 quota # for nfs-utils rabbitmq-server-3.8.9 rh-haproxy18 From 253374eb36fbde8b528395f00d280217a29cef72 Mon Sep 17 00:00:00 2001 From: Luuk van Venrooij <11056665+seriva@users.noreply.github.com> Date: Fri, 30 Jul 2021 10:02:34 +0200 Subject: [PATCH 4/5] Minor fixes for validation. (#2474) * Minor fixes for validation --- CHANGELOG-1.2.md | 1 + core/src/epicli/cli/engine/ApplyEngine.py | 5 +++-- .../epicli/cli/engine/schema/SchemaValidator.py | 3 ++- core/src/epicli/cli/helpers/objdict_helpers.py | 15 +++++++++++++++ 4 files changed, 21 insertions(+), 3 deletions(-) diff --git a/CHANGELOG-1.2.md b/CHANGELOG-1.2.md index cf8655b78b..cb97d53b2b 100644 --- a/CHANGELOG-1.2.md +++ b/CHANGELOG-1.2.md @@ -15,6 +15,7 @@ - [#2406](https://github.com/epiphany-platform/epiphany/issues/2406) - [Upgrade] [Filebeat] All settings for multiline feature are lost after upgrade - [#2380](https://github.com/epiphany-platform/epiphany/issues/2380) - Unable to drain nodes with Istio application enabled due to PodDisruptionBudgets - [#2332](https://github.com/epiphany-platform/epiphany/issues/2332) - [Elasticsearch] Error when having multiple VMs and non-clustered mode +- [#2425](https://github.com/epiphany-platform/epiphany/issues/2425) - Feature-mapping - 'enabled: no' do nothing ### Updated diff --git a/core/src/epicli/cli/engine/ApplyEngine.py b/core/src/epicli/cli/engine/ApplyEngine.py index df0e792512..c43960ddeb 100644 --- a/core/src/epicli/cli/engine/ApplyEngine.py +++ b/core/src/epicli/cli/engine/ApplyEngine.py @@ -59,8 +59,9 @@ def process_input_docs(self): if self.cluster_model is None: raise Exception('No cluster model defined in input YAML file') - # Validate input documents - with SchemaValidator(self.cluster_model.provider, self.input_docs) as schema_validator: + # Validate cluster input document. + # Other documents might need more processing (SET_BY_AUTOMATION) so will be validated at a later stage. + with SchemaValidator(self.cluster_model.provider, [self.cluster_model]) as schema_validator: schema_validator.run() def process_infrastructure_docs(self): diff --git a/core/src/epicli/cli/engine/schema/SchemaValidator.py b/core/src/epicli/cli/engine/schema/SchemaValidator.py index cdcd755644..ae1679096d 100644 --- a/core/src/epicli/cli/engine/schema/SchemaValidator.py +++ b/core/src/epicli/cli/engine/schema/SchemaValidator.py @@ -1,6 +1,6 @@ from jsonschema import validate, Draft7Validator from cli.helpers.data_loader import load_yaml_obj, types -from cli.helpers.objdict_helpers import objdict_to_dict, dict_to_objdict +from cli.helpers.objdict_helpers import objdict_to_dict, dict_to_objdict, replace_yesno_with_booleans from cli.helpers.Step import Step from copy import deepcopy @@ -33,6 +33,7 @@ def get_base_schema(self, kind): def validate_document(self, doc, schema): try: + replace_yesno_with_booleans(doc) Draft7Validator.check_schema(schema) validate(instance=objdict_to_dict(doc), schema=schema) except Exception as e: diff --git a/core/src/epicli/cli/helpers/objdict_helpers.py b/core/src/epicli/cli/helpers/objdict_helpers.py index 281bfc68c2..543dce44d9 100644 --- a/core/src/epicli/cli/helpers/objdict_helpers.py +++ b/core/src/epicli/cli/helpers/objdict_helpers.py @@ -52,3 +52,18 @@ def remove_value(d, value): else: if value == v: del d[k] + + +def replace_yesno_with_booleans(d): + if isinstance(d, list): + for dd in d: + replace_yesno_with_booleans(dd) + elif isinstance(d, ObjDict): + for key, val in d.items(): + if isinstance(d[key], str): + if val == 'yes': + d[key] = True + elif val == 'no': + d[key] = False + else: + replace_yesno_with_booleans(d[key]) From 37257a9e9884bffa97f1bbfbc53bcba24fac4506 Mon Sep 17 00:00:00 2001 From: to-bar <46519524+to-bar@users.noreply.github.com> Date: Fri, 30 Jul 2021 14:49:53 +0200 Subject: [PATCH 5/5] Download grafana package from URL (#2475) * Download grafana package from URL * Update changelog --- CHANGELOG-1.2.md | 1 + .../playbooks/roles/grafana/defaults/main.yml | 9 ++++++++ .../grafana/tasks/install-packages-Debian.yml | 5 +++++ .../grafana/tasks/install-packages-RedHat.yml | 7 +++++++ .../playbooks/roles/grafana/tasks/install.yml | 13 ++---------- .../centos-7/add-repositories.multiarch.sh | 14 ------------- .../centos-7/requirements.aarch64.txt | 13 ++++++++---- .../centos-7/requirements.x86_64.txt | 15 ++++++++----- .../redhat-7/add-repositories.multiarch.sh | 14 ------------- .../redhat-7/requirements.x86_64.txt | 15 ++++++++----- .../ubuntu-18.04/add-repositories.sh | 3 --- .../ubuntu-18.04/requirements.x86_64.txt | 21 ++++++++++++------- 12 files changed, 66 insertions(+), 64 deletions(-) create mode 100644 core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/install-packages-Debian.yml create mode 100644 core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/install-packages-RedHat.yml diff --git a/CHANGELOG-1.2.md b/CHANGELOG-1.2.md index cb97d53b2b..2f6f844c56 100644 --- a/CHANGELOG-1.2.md +++ b/CHANGELOG-1.2.md @@ -16,6 +16,7 @@ - [#2380](https://github.com/epiphany-platform/epiphany/issues/2380) - Unable to drain nodes with Istio application enabled due to PodDisruptionBudgets - [#2332](https://github.com/epiphany-platform/epiphany/issues/2332) - [Elasticsearch] Error when having multiple VMs and non-clustered mode - [#2425](https://github.com/epiphany-platform/epiphany/issues/2425) - Feature-mapping - 'enabled: no' do nothing +- [#2449](https://github.com/epiphany-platform/epiphany/issues/2449) - [Grafana] Unable to add Grafana repository ### Updated diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/grafana/defaults/main.yml b/core/src/epicli/data/common/ansible/playbooks/roles/grafana/defaults/main.yml index 6a0d8d8c45..365e55c8f9 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/grafana/defaults/main.yml +++ b/core/src/epicli/data/common/ansible/playbooks/roles/grafana/defaults/main.yml @@ -1,6 +1,15 @@ --- grafana_version: 7.3.5 +grafana_package: + filename: + Debian: + aarch64: null + x86_64: grafana_7.3.5_amd64.deb + RedHat: + aarch64: grafana-7.3.5-1.aarch64.rpm + x86_64: grafana-7.3.5-1.x86_64.rpm + # Should the provisioning be kept synced. If true, previous provisioned objects will be removed if not referenced anymore. grafana_provisioning_synced: "{{ specification.grafana_provisioning_synced }}" diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/install-packages-Debian.yml b/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/install-packages-Debian.yml new file mode 100644 index 0000000000..8ca6933da1 --- /dev/null +++ b/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/install-packages-Debian.yml @@ -0,0 +1,5 @@ +--- +- name: Install Grafana with dependencies + apt: + deb: "{{ _package_url }}" + state: present diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/install-packages-RedHat.yml b/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/install-packages-RedHat.yml new file mode 100644 index 0000000000..7e473d56d6 --- /dev/null +++ b/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/install-packages-RedHat.yml @@ -0,0 +1,7 @@ +--- +- name: Install Grafana with dependencies + yum: + name: "{{ _package_url }}" + state: present + module_defaults: + yum: { lock_timeout: "{{ yum_lock_timeout }}" } diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/install.yml b/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/install.yml index 946fd3c5c2..910f41583d 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/install.yml +++ b/core/src/epicli/data/common/ansible/playbooks/roles/grafana/tasks/install.yml @@ -4,18 +4,9 @@ name: grafana-data state: absent -- name: Install Grafana with dependencies - package: - name: "{{ _packages[ansible_os_family] }}" - state: present +- include_tasks: install-packages-{{ ansible_os_family }}.yml vars: - _packages: - Debian: - - grafana={{ grafana_version }} - RedHat: - - grafana-{{ grafana_version }} - module_defaults: - yum: { lock_timeout: "{{ yum_lock_timeout }}" } + _package_url: "{{ repository_url }}/files/{{ grafana_package.filename[ansible_os_family][ansible_architecture] }}" - name: Recursively chown /etc/grafana (fix permissions) file: diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/centos-7/add-repositories.multiarch.sh b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/centos-7/add-repositories.multiarch.sh index b28df2df1b..acfc192363 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/centos-7/add-repositories.multiarch.sh +++ b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/centos-7/add-repositories.multiarch.sh @@ -44,19 +44,6 @@ enabled=1 EOF ) -GRAFANA_REPO_CONF=$(cat <<'EOF' -[grafana] -name=grafana -baseurl=https://packages.grafana.com/oss/rpm -repo_gpgcheck=1 -enabled=1 -gpgcheck=1 -gpgkey=https://packages.grafana.com/gpg.key -sslverify=1 -sslcacert=/etc/pki/tls/certs/ca-bundle.crt -EOF -) - KUBERNETES_REPO_CONF=$(cat <<'EOF' [kubernetes] name=Kubernetes @@ -114,7 +101,6 @@ fi add_repo_as_file 'elastic-6' "$ELASTIC_6_REPO_CONF" add_repo_as_file 'elasticsearch-7' "$ELASTICSEARCH_7_REPO_CONF" add_repo_as_file 'elasticsearch-curator-5' "$ELASTICSEARCH_CURATOR_REPO_CONF" -add_repo_as_file 'grafana' "$GRAFANA_REPO_CONF" add_repo_as_file 'kubernetes' "$KUBERNETES_REPO_CONF" add_repo_as_file 'opendistroforelasticsearch' "$OPENDISTRO_REPO_CONF" add_repo_as_file 'postgresql-10' "$POSTGRESQL_REPO_CONF" diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/centos-7/requirements.aarch64.txt b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/centos-7/requirements.aarch64.txt index 24ce256cb3..b32912c7c5 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/centos-7/requirements.aarch64.txt +++ b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/centos-7/requirements.aarch64.txt @@ -42,7 +42,6 @@ firewalld fontconfig # for grafana fping gnutls # for cifs-utils -grafana-7.3.5 gssproxy # for nfs-utils htop iftop @@ -130,13 +129,19 @@ kubernetes-cni-0.7.5-0 kubernetes-cni-0.8.6-0 [files] +# --- Packages --- # Github repository for erlang rpm is used since packagecloud repository is limited to a certain number of versions and erlang package from erlang-solutions repository is much more complex and bigger https://packages.erlang-solutions.com/erlang/rpm/centos/7/aarch64/esl-erlang_23.1.5-1~centos~7_arm64.rpm +# Grafana package is not downloaded from repository since it was not reliable (issue #2449) +https://dl.grafana.com/oss/release/grafana-7.3.5-1.aarch64.rpm +# --- Exporters --- https://github.com/prometheus/haproxy_exporter/releases/download/v0.10.0/haproxy_exporter-0.10.0.linux-arm64.tar.gz https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/0.14.0/jmx_prometheus_javaagent-0.14.0.jar -https://archive.apache.org/dist/kafka/2.6.0/kafka_2.12-2.6.0.tgz https://github.com/danielqsj/kafka_exporter/releases/download/v1.2.0/kafka_exporter-1.2.0.linux-arm64.tar.gz https://github.com/prometheus/node_exporter/releases/download/v1.0.1/node_exporter-1.0.1.linux-arm64.tar.gz +https://github.com/prometheus-community/postgres_exporter/releases/download/v0.9.0/postgres_exporter-0.9.0.linux-arm64.tar.gz +# --- Misc --- +https://archive.apache.org/dist/kafka/2.6.0/kafka_2.12-2.6.0.tgz https://github.com/prometheus/prometheus/releases/download/v2.10.0/prometheus-2.10.0.linux-arm64.tar.gz https://github.com/prometheus/alertmanager/releases/download/v0.17.0/alertmanager-0.17.0.linux-arm64.tar.gz https://archive.apache.org/dist/zookeeper/zookeeper-3.5.8/apache-zookeeper-3.5.8-bin.tar.gz @@ -144,10 +149,10 @@ https://archive.apache.org/dist/ignite/2.9.1/apache-ignite-2.9.1-bin.zip https://releases.hashicorp.com/vault/1.7.0/vault_1.7.0_linux_arm64.zip https://get.helm.sh/helm-v3.2.0-linux-arm64.tar.gz https://github.com/hashicorp/vault-helm/archive/v0.11.0.tar.gz -https://github.com/prometheus-community/postgres_exporter/releases/download/v0.9.0/postgres_exporter-0.9.0.linux-arm64.tar.gz +# --- Helm charts --- https://charts.bitnami.com/bitnami/node-exporter-1.1.2.tgz https://helm.elastic.co/helm/filebeat/filebeat-7.9.2.tgz -## Grafana Dashboards +# --- Grafana Dashboards --- # Kubernetes Cluster https://grafana.com/api/dashboards/7249/revisions/1/download grafana_dashboard_7249.json # Kubernetes cluster monitoring (via Prometheus) diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/centos-7/requirements.x86_64.txt b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/centos-7/requirements.x86_64.txt index 37358fc599..b399f3263b 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/centos-7/requirements.x86_64.txt +++ b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/centos-7/requirements.x86_64.txt @@ -43,7 +43,6 @@ firewalld fontconfig # for grafana fping gnutls # for cifs-utils -grafana-7.3.5 gssproxy # for nfs-utils htop iftop @@ -136,13 +135,19 @@ kubernetes-cni-0.7.5-0 kubernetes-cni-0.8.6-0 [files] +# --- Packages --- # Github repository for erlang rpm is used since packagecloud repository is limited to a certain number of versions and erlang package from erlang-solutions repository is much more complex and bigger https://github.com/rabbitmq/erlang-rpm/releases/download/v23.1.5/erlang-23.1.5-1.el7.x86_64.rpm +# Grafana package is not downloaded from repository since it was not reliable (issue #2449) +https://dl.grafana.com/oss/release/grafana-7.3.5-1.x86_64.rpm +# --- Exporters --- https://github.com/prometheus/haproxy_exporter/releases/download/v0.10.0/haproxy_exporter-0.10.0.linux-amd64.tar.gz https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/0.14.0/jmx_prometheus_javaagent-0.14.0.jar -https://archive.apache.org/dist/kafka/2.6.0/kafka_2.12-2.6.0.tgz https://github.com/danielqsj/kafka_exporter/releases/download/v1.2.0/kafka_exporter-1.2.0.linux-amd64.tar.gz https://github.com/prometheus/node_exporter/releases/download/v1.0.1/node_exporter-1.0.1.linux-amd64.tar.gz +https://github.com/prometheus-community/postgres_exporter/releases/download/v0.9.0/postgres_exporter-0.9.0.linux-amd64.tar.gz +# --- Misc --- +https://archive.apache.org/dist/kafka/2.6.0/kafka_2.12-2.6.0.tgz https://github.com/prometheus/prometheus/releases/download/v2.10.0/prometheus-2.10.0.linux-amd64.tar.gz https://github.com/prometheus/alertmanager/releases/download/v0.17.0/alertmanager-0.17.0.linux-amd64.tar.gz https://archive.apache.org/dist/zookeeper/zookeeper-3.5.8/apache-zookeeper-3.5.8-bin.tar.gz @@ -150,10 +155,10 @@ https://archive.apache.org/dist/ignite/2.9.1/apache-ignite-2.9.1-bin.zip https://releases.hashicorp.com/vault/1.7.0/vault_1.7.0_linux_amd64.zip https://get.helm.sh/helm-v3.2.0-linux-amd64.tar.gz https://github.com/hashicorp/vault-helm/archive/v0.11.0.tar.gz -https://github.com/prometheus-community/postgres_exporter/releases/download/v0.9.0/postgres_exporter-0.9.0.linux-amd64.tar.gz -https://charts.bitnami.com/bitnami/node-exporter-1.1.2.tgz +# --- Helm charts --- https://helm.elastic.co/helm/filebeat/filebeat-7.9.2.tgz -## Grafana Dashboards +https://charts.bitnami.com/bitnami/node-exporter-1.1.2.tgz +# --- Grafana Dashboards --- # Kubernetes Cluster https://grafana.com/api/dashboards/7249/revisions/1/download grafana_dashboard_7249.json # Kubernetes cluster monitoring (via Prometheus) diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/redhat-7/add-repositories.multiarch.sh b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/redhat-7/add-repositories.multiarch.sh index b28df2df1b..acfc192363 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/redhat-7/add-repositories.multiarch.sh +++ b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/redhat-7/add-repositories.multiarch.sh @@ -44,19 +44,6 @@ enabled=1 EOF ) -GRAFANA_REPO_CONF=$(cat <<'EOF' -[grafana] -name=grafana -baseurl=https://packages.grafana.com/oss/rpm -repo_gpgcheck=1 -enabled=1 -gpgcheck=1 -gpgkey=https://packages.grafana.com/gpg.key -sslverify=1 -sslcacert=/etc/pki/tls/certs/ca-bundle.crt -EOF -) - KUBERNETES_REPO_CONF=$(cat <<'EOF' [kubernetes] name=Kubernetes @@ -114,7 +101,6 @@ fi add_repo_as_file 'elastic-6' "$ELASTIC_6_REPO_CONF" add_repo_as_file 'elasticsearch-7' "$ELASTICSEARCH_7_REPO_CONF" add_repo_as_file 'elasticsearch-curator-5' "$ELASTICSEARCH_CURATOR_REPO_CONF" -add_repo_as_file 'grafana' "$GRAFANA_REPO_CONF" add_repo_as_file 'kubernetes' "$KUBERNETES_REPO_CONF" add_repo_as_file 'opendistroforelasticsearch' "$OPENDISTRO_REPO_CONF" add_repo_as_file 'postgresql-10' "$POSTGRESQL_REPO_CONF" diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/redhat-7/requirements.x86_64.txt b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/redhat-7/requirements.x86_64.txt index bcb44ba4f8..aa5b052999 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/redhat-7/requirements.x86_64.txt +++ b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/redhat-7/requirements.x86_64.txt @@ -41,7 +41,6 @@ firewalld fontconfig # for grafana fping gnutls # for cifs-utils -grafana-7.3.5 gssproxy # for nfs-utils htop iftop @@ -132,13 +131,19 @@ kubernetes-cni-0.7.5-0 kubernetes-cni-0.8.6-0 [files] +# --- Packages --- # Github repository for erlang rpm is used since packagecloud repository is limited to a certain number of versions and erlang package from erlang-solutions repository is much more complex and bigger https://github.com/rabbitmq/erlang-rpm/releases/download/v23.1.5/erlang-23.1.5-1.el7.x86_64.rpm +# Grafana package is not downloaded from repository since it was not reliable (issue #2449) +https://dl.grafana.com/oss/release/grafana-7.3.5-1.x86_64.rpm +# --- Exporters --- https://github.com/prometheus/haproxy_exporter/releases/download/v0.10.0/haproxy_exporter-0.10.0.linux-amd64.tar.gz https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/0.14.0/jmx_prometheus_javaagent-0.14.0.jar -https://archive.apache.org/dist/kafka/2.6.0/kafka_2.12-2.6.0.tgz https://github.com/danielqsj/kafka_exporter/releases/download/v1.2.0/kafka_exporter-1.2.0.linux-amd64.tar.gz https://github.com/prometheus/node_exporter/releases/download/v1.0.1/node_exporter-1.0.1.linux-amd64.tar.gz +https://github.com/prometheus-community/postgres_exporter/releases/download/v0.9.0/postgres_exporter-0.9.0.linux-amd64.tar.gz +# --- Misc --- +https://archive.apache.org/dist/kafka/2.6.0/kafka_2.12-2.6.0.tgz https://github.com/prometheus/prometheus/releases/download/v2.10.0/prometheus-2.10.0.linux-amd64.tar.gz https://github.com/prometheus/alertmanager/releases/download/v0.17.0/alertmanager-0.17.0.linux-amd64.tar.gz https://archive.apache.org/dist/zookeeper/zookeeper-3.5.8/apache-zookeeper-3.5.8-bin.tar.gz @@ -146,10 +151,10 @@ https://archive.apache.org/dist/ignite/2.9.1/apache-ignite-2.9.1-bin.zip https://releases.hashicorp.com/vault/1.7.0/vault_1.7.0_linux_amd64.zip https://get.helm.sh/helm-v3.2.0-linux-amd64.tar.gz https://github.com/hashicorp/vault-helm/archive/v0.11.0.tar.gz -https://github.com/prometheus-community/postgres_exporter/releases/download/v0.9.0/postgres_exporter-0.9.0.linux-amd64.tar.gz -https://charts.bitnami.com/bitnami/node-exporter-1.1.2.tgz +# --- Helm charts --- https://helm.elastic.co/helm/filebeat/filebeat-7.9.2.tgz -## Grafana Dashboards +https://charts.bitnami.com/bitnami/node-exporter-1.1.2.tgz +# --- Grafana Dashboards --- # Kubernetes Cluster https://grafana.com/api/dashboards/7249/revisions/1/download grafana_dashboard_7249.json # Kubernetes cluster monitoring (via Prometheus) diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/ubuntu-18.04/add-repositories.sh b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/ubuntu-18.04/add-repositories.sh index df644e3e21..d93cbd459e 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/ubuntu-18.04/add-repositories.sh +++ b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/ubuntu-18.04/add-repositories.sh @@ -3,9 +3,6 @@ wget -qO - https://artifacts.elastic.co/GPG-KEY-elasticsearch | apt-key add - echo "deb https://artifacts.elastic.co/packages/oss-6.x/apt stable main" | tee /etc/apt/sources.list.d/elastic-6.x.list -wget -qO - https://packages.grafana.com/gpg.key | apt-key add - -echo "deb https://packages.grafana.com/oss/deb stable main" | tee /etc/apt/sources.list.d/grafana.list - wget -qO - https://packages.cloud.google.com/apt/doc/apt-key.gpg | apt-key add - echo "deb http://apt.kubernetes.io/ kubernetes-xenial main" | tee /etc/apt/sources.list.d/kubernetes.list diff --git a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/ubuntu-18.04/requirements.x86_64.txt b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/ubuntu-18.04/requirements.x86_64.txt index ed215d042f..977fa0d04a 100644 --- a/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/ubuntu-18.04/requirements.x86_64.txt +++ b/core/src/epicli/data/common/ansible/playbooks/roles/repository/files/download-requirements/ubuntu-18.04/requirements.x86_64.txt @@ -44,7 +44,6 @@ filebeat 7.9.2 firewalld fping gnupg2 -grafana 7.3.5 haproxy htop iftop @@ -189,24 +188,30 @@ kubernetes-cni 0.7.5-00 kubernetes-cni 0.8.6-00 [files] +# --- Packages --- +# Switched from APT repo because there was only one (the latest) version available (issue #2262) +https://packages.elastic.co/curator/5/debian9/pool/main/e/elasticsearch-curator/elasticsearch-curator_5.8.3_amd64.deb +# Grafana package is not downloaded from repository since it was not reliable (issue #2449) +https://dl.grafana.com/oss/release/grafana_7.3.5_amd64.deb +# --- Exporters --- +https://github.com/prometheus/haproxy_exporter/releases/download/v0.10.0/haproxy_exporter-0.10.0.linux-amd64.tar.gz https://repo1.maven.org/maven2/io/prometheus/jmx/jmx_prometheus_javaagent/0.14.0/jmx_prometheus_javaagent-0.14.0.jar +https://github.com/danielqsj/kafka_exporter/releases/download/v1.2.0/kafka_exporter-1.2.0.linux-amd64.tar.gz +https://github.com/prometheus/node_exporter/releases/download/v1.0.1/node_exporter-1.0.1.linux-amd64.tar.gz +https://github.com/prometheus-community/postgres_exporter/releases/download/v0.9.0/postgres_exporter-0.9.0.linux-amd64.tar.gz +# --- Misc --- https://archive.apache.org/dist/kafka/2.6.0/kafka_2.12-2.6.0.tgz https://archive.apache.org/dist/zookeeper/zookeeper-3.5.8/apache-zookeeper-3.5.8-bin.tar.gz -https://github.com/danielqsj/kafka_exporter/releases/download/v1.2.0/kafka_exporter-1.2.0.linux-amd64.tar.gz https://github.com/prometheus/alertmanager/releases/download/v0.17.0/alertmanager-0.17.0.linux-amd64.tar.gz -https://github.com/prometheus/haproxy_exporter/releases/download/v0.10.0/haproxy_exporter-0.10.0.linux-amd64.tar.gz -https://github.com/prometheus/node_exporter/releases/download/v1.0.1/node_exporter-1.0.1.linux-amd64.tar.gz https://github.com/prometheus/prometheus/releases/download/v2.10.0/prometheus-2.10.0.linux-amd64.tar.gz https://archive.apache.org/dist/ignite/2.9.1/apache-ignite-2.9.1-bin.zip https://releases.hashicorp.com/vault/1.7.0/vault_1.7.0_linux_amd64.zip https://get.helm.sh/helm-v3.2.0-linux-amd64.tar.gz https://github.com/hashicorp/vault-helm/archive/v0.11.0.tar.gz -https://github.com/prometheus-community/postgres_exporter/releases/download/v0.9.0/postgres_exporter-0.9.0.linux-amd64.tar.gz +# --- Helm charts --- https://charts.bitnami.com/bitnami/node-exporter-1.1.2.tgz https://helm.elastic.co/helm/filebeat/filebeat-7.9.2.tgz -# Switched from APT repo because there was only one (the latest) version available (issue #2262) -https://packages.elastic.co/curator/5/debian9/pool/main/e/elasticsearch-curator/elasticsearch-curator_5.8.3_amd64.deb -## Grafana Dashboards +# --- Grafana Dashboards --- # Kubernetes Cluster https://grafana.com/api/dashboards/7249/revisions/1/download grafana_dashboard_7249.json # Kubernetes cluster monitoring (via Prometheus)