Skip to content

Commit 8aaaabb

Browse files
authored
Merge pull request #13 from fortinet-solutions-cse/v1.3
V1.3
2 parents 62e6ab8 + f46217e commit 8aaaabb

37 files changed

+1982
-66
lines changed

Dockerfile

Lines changed: 9 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -2,11 +2,15 @@
22
#build cmd:
33
# docker build --force-rm -t fortistacks-cli:1.2 .
44
# docker build --force-rm -t fortistacks-cli .
5-
FROM ubuntu:16.04
6-
MAINTAINER Nicolas Thomas <thomnico@gmail.com>
5+
FROM ubuntu:18.04
6+
MAINTAINER Nicolas Thomas <nthomas@fortinet.com>
77
#Update the Ubuntu software repository inside the dockerfile with the 'RUN' command.
8-
# Update Ubuntu Software repository
9-
RUN apt update && apt -y upgrade && apt -y install git python-pip wget zile byobu bash sudo python-virtualenv wget git cloud-image-utils
10-
RUN pip install --upgrade pip && pip install python-novaclient==9.1.1 python-openstackclient python-heatclient
8+
RUN apt-get update && apt-get -y upgrade
9+
ENV DEBIAN_FRONTEND=noninteractive
10+
RUN apt -y install git python-pip wget zile byobu bash sudo python-virtualenv wget git cloud-image-utils python-openstackclient sudo
1111
RUN apt clean
12+
13+
RUN groupadd -r ubuntu && useradd -g ubuntu -G adm,sudo ubuntu -m -p fortinet && \
14+
echo "ubuntu ALL=(ALL) NOPASSWD:ALL" > /etc/sudoers.d/99-nopasswd && chmod 640 /etc/sudoers.d/99-nopasswd
15+
USER ubuntu
1216
CMD ["/bin/bash"]

README-DockerClient.md

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@ Copy your .rc file with the openstack credentials in fortistacks folder.
99

1010
From fortistacks folder:
1111
```shell
12-
docker run -v $PWD:/fortistacks/ -v $HOME/.ssh:/root/.ssh/ --rm -i --name fortistacks-cli -h fortistacks-cli -t thomnico/fortinet-cse:fortistacks-cli-1.2
12+
docker run -v $PWD:/fortistacks/ -v $HOME/.ssh:/home/ubuntu/.ssh/ --rm -i --name fortistacks-cli -h fortistacks-cli -t thomnico/fortinet-cse:fortistacks-cli-1.3
1313
```
1414
Or adapt to your folder layout.
1515

@@ -27,6 +27,6 @@ Check Dockerfile in this folder to see how it is done.
2727
Have to use pinpoint version due to weeks long bugs in openstack clients.
2828

2929
```shell
30-
$ docker run -v $PWD:/fortistacks/ -v $HOME/.ssh:/root/.ssh/ --rm -i --name fortistacks-cli -h fortistacks-cli -t fortistacks-cli:1.2
30+
$ docker run -v $PWD:/fortistacks/ -v $HOME/.ssh:/home/ubuntu/.ssh/ --rm -i --name fortistacks-cli -h fortistacks-cli -t fortistacks-cli:1.3
3131
```
3232

cloudify/config.yaml

Lines changed: 343 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,343 @@
1+
manager:
2+
# The manager's private IP address. This is the address which will be used by
3+
# agent hosts to connect to the Manager's fileserver and message broker.
4+
private_ip: ''
5+
6+
# An IP address by which the Manager is accessible externally, such as via the CLI
7+
# or external clients. If not applicable, provide the same value as "private_ip".
8+
public_ip: ''
9+
10+
# Provide an IP or hostname to be used in the local CLI profile on the manager.
11+
# This might be useful when providing an external certificate.
12+
cli_local_profile_host_name: 'localhost'
13+
14+
######################################################################################
15+
#
16+
# As long as you have set the config entries above, you can install the manager with:
17+
# cfy_manager install
18+
# The rest of the configuration is only required if you need to change the defaults.
19+
#
20+
######################################################################################
21+
22+
# This is set by the installer build script. Changing this will not change the edition
23+
# you are using, but may cause interesting problems.
24+
premium_edition: true
25+
26+
# Sets whether the first time the manager's VM is booted from a Cloudify manager image
27+
# its private IP will be propagated to all relevant configuration files.
28+
set_manager_ip_on_boot: false
29+
security:
30+
# When enabled, the external REST communication will be performed over HTTPS
31+
ssl_enabled: false
32+
33+
# Username and password of the Cloudify Manager administrator.
34+
admin_username: admin
35+
# If admin_password is left blank, a password will be generated for you and provided
36+
# to you at the end of the install process.
37+
admin_password: ''
38+
39+
manager-ip-setter:
40+
sources:
41+
manager_ip_setter_rpm: cloudify-manager-ip-setter-*.rpm
42+
43+
provider_context:
44+
workflows:
45+
# Sets the number of times a failed task will be retried on recoverable error.
46+
task_retries: 60
47+
48+
# Sets the interval between retry attempts in seconds.
49+
task_retry_interval: 15
50+
51+
policy_engine:
52+
start_timeout: 30
53+
54+
# An imported URL is prefix-matched against the key in each entry. If a match is found,
55+
# then the URL prefix is replaced with the value of the corresponding entry.
56+
# That allows serving YAML files from within the manager, even when the imported URL
57+
# points to the external network.
58+
import_resolver:
59+
parameters:
60+
rules:
61+
- {'http://www.getcloudify.org/spec': 'file:///opt/manager/resources/spec'}
62+
- {'http://cloudify.co/spec': 'file:///opt/manager/resources/spec'}
63+
- {'https://www.getcloudify.org/spec': 'file:///opt/manager/resources/spec'}
64+
- {'https://cloudify.co/spec': 'file:///opt/manager/resources/spec'}
65+
66+
agent:
67+
# A dict of network names and IP addresses associated with them.
68+
# By default, there is only a "default" network, with the manager's
69+
# private IP associated with it. This network can be overwritten
70+
networks: {}
71+
broker_port: 5671
72+
min_workers: 2
73+
max_workers: 5
74+
75+
amqpinflux:
76+
sources:
77+
amqpinflux_source_url: cloudify-amqp-influx-*.x86_64.rpm
78+
79+
influxdb:
80+
# An IP Endpoint of your InfluxDB Cluster.
81+
endpoint_ip: ''
82+
sources:
83+
influxdb_source_url: influxdb-0.8.8-1.x86_64.rpm
84+
85+
rabbitmq:
86+
# Sets the username/password to use for clients such as celery to connect to
87+
# the rabbitmq broker. It is recommended that you set both the username and
88+
# password to something reasonably secure.
89+
username: cloudify
90+
password: c10udify
91+
92+
# Sets the File Descriptor limit for the rabbitmq user.
93+
# Not used if an external endpoint is used.
94+
fd_limit: 102400
95+
nodename: cloudify-manager@localhost
96+
sources:
97+
erlang_rpm_source_url: erlang-17.4-1.el6.x86_64.rpm
98+
rabbitmq_rpm_source_url: rabbitmq-server-3.5.3-1.noarch.rpm
99+
cloudify_rabbitmq_package: cloudify-rabbitmq-*.noarch.rpm
100+
101+
policy_metrics:
102+
# Sets the number of milliseconds to wait before a message expires
103+
# in the events queue. Not used if an external endpoint is used.
104+
events_queue_message_ttl: 60000
105+
106+
# Sets the number of messages the events queue can hold. Note this is NOT
107+
# the message byte length! Not used if an external endpoint is used.
108+
# Note that for each of the queue length limit properties, new messages
109+
# will be queued in RabbitMQ and old messages will be deleted once the
110+
# limit is reached! https://www.rabbitmq.com/maxlength.html
111+
events_queue_length_limit: 1000000
112+
113+
# Sets the number of milliseconds to wait before a message expires
114+
# in the logs queue. Not used if an external endpoint is used.
115+
logs_queue_message_ttl: 60000
116+
117+
# Sets the number of messages the logs queue can hold. Note this is NOT
118+
# the message byte length! Not used if an external endpoint is used.
119+
logs_queue_length_limit: 1000000
120+
121+
# Sets the number of milliseconds to wait before a message expires
122+
# in the metrics queues. Not used if an external endpoint is used.
123+
metrics_queue_message_ttl: 60000
124+
125+
# Sets the number of messages the metrics queues can hold. This applies to
126+
# both the queue that amqp-influx pulls from and the ones Riemann pulls
127+
# from. Note this is NOT the message byte length! Not used if an external
128+
# endpoint is used.
129+
metrics_queue_length_limit: 1000000
130+
131+
postgresql:
132+
sources:
133+
libxslt_rpm_url: libxslt-1.1.28-5.el7.x86_64.rpm
134+
ps_libs_rpm_url: postgresql95-libs-9.5.3-2PGDG.rhel7.x86_64.rpm
135+
ps_rpm_url: postgresql95-9.5.3-2PGDG.rhel7.x86_64.rpm
136+
ps_contrib_rpm_url: postgresql95-contrib-9.5.3-2PGDG.rhel7.x86_64.rpm
137+
ps_server_rpm_url: postgresql95-server-9.5.3-2PGDG.rhel7.x86_64.rpm
138+
ps_devel_rpm_url: postgresql95-devel-9.5.3-2PGDG.rhel7.x86_64.rpm
139+
psycopg2_rpm_url: python-psycopg2-2.5.1-3.el7.x86_64.rpm
140+
141+
# Default values for the Postgres DB name, host, username and password
142+
db_name: cloudify_db
143+
host: localhost
144+
username: cloudify
145+
password: cloudify
146+
147+
java:
148+
sources:
149+
java_source_url: jre1.8.0_45-1.8.0_45-fcs.x86_64.rpm
150+
151+
logstash:
152+
sources:
153+
cloudify_logstash_source_url: cloudify-logstash-*.rpm
154+
155+
stage:
156+
# If set to true, Cloudify UI will not be installed
157+
skip_installation: false
158+
sources:
159+
nodejs_source_url: node-v8.9.1-linux-x64.tar.xz
160+
stage_source_url: cloudify-stage-*.tgz
161+
162+
composer:
163+
# If set to true, Cloudify Composer will not be installed
164+
skip_installation: false
165+
sources:
166+
composer_source_url: cloudify-blueprint-composer-*.tgz
167+
168+
python:
169+
# Some plugins installed from sources require compilation - installs a
170+
# compiler and the python headers to allow that.
171+
install_python_compilers: false
172+
173+
# If set to true, python sources (e.g. pip) will be removed when
174+
# uninstalling the Cloudify Manager. NOTE: only set to true if those
175+
# dependencies weren't available before Cloudify Manager installation
176+
remove_on_teardown: false
177+
sources:
178+
pip_source_url: python-pip-7.1.0-1.el7.noarch.rpm
179+
180+
riemann:
181+
sources:
182+
daemonize_source_url: daemonize-1.7.3-7.el7.x86_64.rpm
183+
riemann_source_url: riemann-0.2.6-1.noarch.rpm
184+
cloudify_riemann_url: cloudify-riemann-*.rpm
185+
186+
restservice:
187+
log:
188+
# Logging level for the REST service. Defaults to 'INFO', as 'DEBUG' may
189+
# end up logging sensitive information.
190+
level: INFO
191+
192+
# The size, in MB, that the REST service log file may grow to before it's
193+
# rotated.
194+
file_size: 100
195+
196+
# Number of historical log files to keep when rotating the REST service logs.
197+
files_backup_count: 20
198+
199+
gunicorn:
200+
# The number of gunicorn worker processes for handling requests. If the
201+
# default value (0) is set, then min((2 * cpu_count + 1 processes), 12)
202+
# will be used.
203+
worker_count: 0
204+
205+
# Maximum number of gunicorn workers (if calculated automatically)
206+
max_worker_count: 12
207+
208+
# The maximum number of requests a worker will process before restarting.
209+
# If this is set to zero then the automatic worker restarts are disabled.
210+
max_requests: 1000
211+
212+
ldap:
213+
# LDAP server, admin username, admin password and domain
214+
server: ''
215+
username: ''
216+
password: ''
217+
domain: ''
218+
219+
# True if Active Directory will be used as the LDAP authenticator
220+
is_active_directory: true
221+
222+
# Any extra LDAP information (separated by the `;` sign. e.g. a=1;b=2)
223+
dn_extra: ''
224+
225+
sources:
226+
agents_source_url: cloudify-agents-*.rpm
227+
restservice_source_url: cloudify-rest-service-*.x86_64.rpm
228+
premium_source_url: cloudify-premium-*.x86_64.rpm
229+
230+
# Minimum available memory for running list query on Manager host in MB.
231+
min_available_memory_mb: 100
232+
233+
# Disables insecure REST endpoints
234+
insecure_endpoints_disabled: true
235+
236+
# Port to be used by the REST service
237+
port: 8100
238+
239+
nginx:
240+
sources:
241+
nginx_source_url: nginx-1.13.7-1.el7_4.ngx.x86_64.rpm
242+
243+
mgmtworker:
244+
sources:
245+
mgmtworker_source_url: cloudify-management-worker-*.x86_64.rpm
246+
247+
# Sets the logging level to use for the management workers. This affects the
248+
# logging performed by the manager during the execution of management tasks,
249+
# such as deployment creation and deployment deletion. NOTE: specifying
250+
# "debug" will result in considerable amount of logging activity. Consider
251+
# using "info" (or a more restrictive level) for production environments.
252+
log_level: INFO
253+
254+
# Minimum number of worker processes maintained by the management worker.
255+
min_workers: 2
256+
257+
# Maximum number of worker processes started by the management worker.
258+
max_workers: 100
259+
260+
# Maximum number of manager-side tasks that can be performed concurrently.
261+
# This is a performance measure to avoid deployments' starvation, in case
262+
# a rogue deployment takes over all management workers.
263+
gatekeeper_bucket_size: 25
264+
265+
# Additional environment variables to add to the management worker's service
266+
# file.
267+
extra_env: {}
268+
269+
cli:
270+
sources:
271+
cli_source_url: cloudify-cli-*.x86_64.rpm
272+
273+
sanity:
274+
# If set to true, the sanity blueprint install/uninstall will not be
275+
# performed during Cloudify Manager installation
276+
skip_sanity: true
277+
sources:
278+
sanity_source_url: cloudify-hello-world-example-*.tar.gz
279+
280+
dev:
281+
# Constraints (in standard `pip` constraints format) to pass on to `pip`
282+
# when installing overlays (such as `rest_service_source_url`, `dsl_parser_source_url`
283+
# and so on). Example:
284+
# requests==2.13.0
285+
# requests-toolbelt==0.7.1
286+
pip_constraints: ''
287+
sources:
288+
cloudify_resources_url: ''
289+
amqpinflux_source_url: ''
290+
rest_client_source_url: ''
291+
plugins_common_source_url: ''
292+
script_plugin_source_url: ''
293+
agent_source_url: ''
294+
dsl_parser_source_url: ''
295+
296+
297+
validations:
298+
# If set to true, install/configuration validations will not be performed
299+
skip_validations: false
300+
301+
# These allow to override specific validation values
302+
# NOTE: We do not recommend changing these values unless you know exactly
303+
# what you're doing.
304+
minimum_required_total_physical_memory_in_mb: 3700
305+
306+
# Minimum required disk space on Manager host in GB.
307+
minimum_required_available_disk_space_in_gb: 5
308+
309+
# Python version expected to be found on the machine
310+
expected_python_version: '2.7'
311+
312+
# The only Linux distros fully supported, on which a Cloudify Manager can
313+
# be installed
314+
supported_distros: ['centos', 'redhat']
315+
316+
# The supported versions of the above distros
317+
supported_distro_versions: ['7']
318+
319+
ssl_inputs:
320+
external_cert_path: ''
321+
external_key_path: ''
322+
internal_cert_path: ''
323+
internal_key_path: ''
324+
ca_cert_path: ''
325+
ca_key_path: ''
326+
ca_key_password: ''
327+
328+
usage_collector:
329+
collect_cloudify_uptime:
330+
# True if the uptime collector will be installed
331+
active: true
332+
333+
# Sets the interval between running the uptime collector in hours
334+
interval_in_hours: 2
335+
336+
collect_cloudify_usage:
337+
# True if the usage collector will be installed
338+
active: true
339+
340+
# Sets the interval between running the usage collector in days
341+
interval_in_days: 1
342+
343+
flask_security: {}

0 commit comments

Comments
 (0)