From cb90c8ce484d8e0328a0f2a8250e1c0fa81dd6cb Mon Sep 17 00:00:00 2001 From: Emilien Macchi Date: Wed, 14 Feb 2018 09:32:55 -0800 Subject: [PATCH] Disable SNMP service in all CI jobs Some work is being done in I46fce28926cb5a881f7384948480266712ae75e3 to secure SNMP on a specific network but until then we need to stop opening the services so cloud providers won't report any security issue for TripleO jobs. Change-Id: Icd8a6ddda6152186d6be4a227f6449232fecba5e Related-Bug: #1749324 --- ci/environments/multinode-3nodes-registry.yaml | 1 + ci/environments/multinode-3nodes.yaml | 2 -- ci/environments/multinode-containers.yaml | 2 +- ci/environments/multinode.yaml | 1 - ci/environments/scenario001-multinode-containers.yaml | 2 +- ci/environments/scenario002-multinode-containers.yaml | 2 +- ci/environments/scenario003-multinode-containers.yaml | 2 +- ci/environments/scenario004-multinode-containers.yaml | 2 +- ci/environments/scenario006-multinode-containers.yaml | 2 +- ci/environments/scenario006-multinode.yaml | 2 -- ci/environments/scenario007-multinode-containers.yaml | 2 +- ci/environments/scenario009-multinode.yaml | 3 +-- 12 files changed, 9 insertions(+), 14 deletions(-) diff --git a/ci/environments/multinode-3nodes-registry.yaml b/ci/environments/multinode-3nodes-registry.yaml index 4e4ce23888..3b1136ee4d 100644 --- a/ci/environments/multinode-3nodes-registry.yaml +++ b/ci/environments/multinode-3nodes-registry.yaml @@ -9,6 +9,7 @@ resource_registry: OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml OS::TripleO::Services::MySQL: ../../docker/services/pacemaker/database/mysql.yaml OS::TripleO::Services::Keepalived: OS::Heat::None + OS::TripleO::Services::Snmp: OS::Heat::None OS::TripleO::Tasks::ControllerPreConfig: OS::Heat::None OS::TripleO::Tasks::ControllerPostConfig: OS::Heat::None OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml diff --git a/ci/environments/multinode-3nodes.yaml b/ci/environments/multinode-3nodes.yaml index d99f7bd3d3..a8a74a1cfe 100644 --- a/ci/environments/multinode-3nodes.yaml +++ b/ci/environments/multinode-3nodes.yaml @@ -45,7 +45,6 @@ - OS::TripleO::Services::SwiftProxy - OS::TripleO::Services::SwiftStorage - OS::TripleO::Services::SwiftRingBuilder - - OS::TripleO::Services::Snmp - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall @@ -73,7 +72,6 @@ - OS::TripleO::Services::Memcached - OS::TripleO::Services::Pacemaker - OS::TripleO::Services::Ntp - - OS::TripleO::Services::Snmp - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall diff --git a/ci/environments/multinode-containers.yaml b/ci/environments/multinode-containers.yaml index 5c76e09ff2..cea518f810 100644 --- a/ci/environments/multinode-containers.yaml +++ b/ci/environments/multinode-containers.yaml @@ -8,6 +8,7 @@ resource_registry: OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml OS::TripleO::Services::MySQL: ../../docker/services/pacemaker/database/mysql.yaml OS::TripleO::Services::Keepalived: OS::Heat::None + OS::TripleO::Services::Snmp: OS::Heat::None OS::TripleO::Tasks::ControllerPreConfig: OS::Heat::None OS::TripleO::Tasks::ControllerPostConfig: OS::Heat::None OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml @@ -42,7 +43,6 @@ parameter_defaults: - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::Ntp - OS::TripleO::Services::ContainersLogrotateCrond - - OS::TripleO::Services::Snmp - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::NovaCompute diff --git a/ci/environments/multinode.yaml b/ci/environments/multinode.yaml index 63027075c7..9e739b60f6 100644 --- a/ci/environments/multinode.yaml +++ b/ci/environments/multinode.yaml @@ -48,7 +48,6 @@ parameter_defaults: - OS::TripleO::Services::NovaMetadata - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::Ntp - - OS::TripleO::Services::Snmp - OS::TripleO::Services::Timezone - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt diff --git a/ci/environments/scenario001-multinode-containers.yaml b/ci/environments/scenario001-multinode-containers.yaml index 11388248c3..b5267b42b0 100644 --- a/ci/environments/scenario001-multinode-containers.yaml +++ b/ci/environments/scenario001-multinode-containers.yaml @@ -17,6 +17,7 @@ resource_registry: OS::TripleO::Services::CinderBackup: ../../docker/services/pacemaker/cinder-backup.yaml OS::TripleO::Services::CinderVolume: ../../docker/services/pacemaker/cinder-volume.yaml OS::TripleO::Services::Keepalived: OS::Heat::None + OS::TripleO::Services::Snmp: OS::Heat::None OS::TripleO::Tasks::ControllerPreConfig: OS::Heat::None OS::TripleO::Tasks::ControllerPostConfig: OS::Heat::None OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml @@ -57,7 +58,6 @@ parameter_defaults: - OS::TripleO::Services::NovaMetadata - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::Ntp - - OS::TripleO::Services::Snmp - OS::TripleO::Services::Sshd - OS::TripleO::Services::Securetty - OS::TripleO::Services::Timezone diff --git a/ci/environments/scenario002-multinode-containers.yaml b/ci/environments/scenario002-multinode-containers.yaml index 23f6cdc59b..c9825c5438 100644 --- a/ci/environments/scenario002-multinode-containers.yaml +++ b/ci/environments/scenario002-multinode-containers.yaml @@ -16,6 +16,7 @@ resource_registry: OS::TripleO::Services::CinderVolume: ../../docker/services/pacemaker/cinder-volume.yaml OS::TripleO::Services::BarbicanBackendSimpleCrypto: ../../puppet/services/barbican-backend-simple-crypto.yaml OS::TripleO::Services::Keepalived: OS::Heat::None + OS::TripleO::Services::Snmp: OS::Heat::None OS::TripleO::Tasks::ControllerPreConfig: OS::Heat::None OS::TripleO::Tasks::ControllerPostConfig: OS::Heat::None OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml @@ -52,7 +53,6 @@ parameter_defaults: - OS::TripleO::Services::NovaMetadata - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::Ntp - - OS::TripleO::Services::Snmp - OS::TripleO::Services::Timezone - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt diff --git a/ci/environments/scenario003-multinode-containers.yaml b/ci/environments/scenario003-multinode-containers.yaml index bd7f8c401b..19dd452a85 100644 --- a/ci/environments/scenario003-multinode-containers.yaml +++ b/ci/environments/scenario003-multinode-containers.yaml @@ -14,6 +14,7 @@ resource_registry: OS::TripleO::Services::Clustercheck: ../../docker/services/pacemaker/clustercheck.yaml OS::TripleO::Services::MySQL: ../../docker/services/pacemaker/database/mysql.yaml OS::TripleO::Services::Keepalived: OS::Heat::None + OS::TripleO::Services::Snmp: OS::Heat::None OS::TripleO::Tasks::ControllerPreConfig: OS::Heat::None OS::TripleO::Tasks::ControllerPostConfig: OS::Heat::None OS::TripleO::Tasks::ControllerPostPuppetRestart: ../../extraconfig/tasks/post_puppet_pacemaker_restart.yaml @@ -47,7 +48,6 @@ parameter_defaults: - OS::TripleO::Services::NovaMetadata - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::Ntp - - OS::TripleO::Services::Snmp - OS::TripleO::Services::Timezone - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaMigrationTarget diff --git a/ci/environments/scenario004-multinode-containers.yaml b/ci/environments/scenario004-multinode-containers.yaml index 862936bcd8..c1a322cd22 100644 --- a/ci/environments/scenario004-multinode-containers.yaml +++ b/ci/environments/scenario004-multinode-containers.yaml @@ -32,6 +32,7 @@ resource_registry: OS::TripleO::Services::Redis: ../../docker/services/pacemaker/database/redis.yaml OS::TripleO::Services::MySQL: ../../docker/services/pacemaker/database/mysql.yaml OS::TripleO::Services::Keepalived: OS::Heat::None + OS::TripleO::Services::Snmp: OS::Heat::None # Some infra instances don't pass the ping test but are otherwise working. # Since the OVB jobs also test this functionality we can shut it off here. OS::TripleO::AllNodes::Validation: ../common/all-nodes-validation-disabled.yaml @@ -72,7 +73,6 @@ parameter_defaults: - OS::TripleO::Services::NovaMetadata - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::Ntp - - OS::TripleO::Services::Snmp - OS::TripleO::Services::Timezone - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt diff --git a/ci/environments/scenario006-multinode-containers.yaml b/ci/environments/scenario006-multinode-containers.yaml index f3165f6723..0345a437a0 100644 --- a/ci/environments/scenario006-multinode-containers.yaml +++ b/ci/environments/scenario006-multinode-containers.yaml @@ -5,6 +5,7 @@ resource_registry: OS::TripleO::Services::IronicApi: ../docker/services/ironic-api.yaml OS::TripleO::Services::IronicConductor: ../docker/services/ironic-conductor.yaml OS::TripleO::Services::IronicPxe: ../docker/services/ironic-pxe.yaml + OS::TripleO::Services::Snmp: OS::Heat::None parameter_defaults: ControllerServices: @@ -36,7 +37,6 @@ parameter_defaults: - OS::TripleO::Services::NovaMetadata - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::Ntp - - OS::TripleO::Services::Snmp - OS::TripleO::Services::Sshd - OS::TripleO::Services::Securetty - OS::TripleO::Services::Timezone diff --git a/ci/environments/scenario006-multinode.yaml b/ci/environments/scenario006-multinode.yaml index d784978a5c..3af7deba3a 100644 --- a/ci/environments/scenario006-multinode.yaml +++ b/ci/environments/scenario006-multinode.yaml @@ -39,7 +39,6 @@ parameter_defaults: - OS::TripleO::Services::Docker - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp - - OS::TripleO::Services::Snmp - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall @@ -50,7 +49,6 @@ parameter_defaults: - OS::TripleO::Services::Docker - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp - - OS::TripleO::Services::Snmp - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall diff --git a/ci/environments/scenario007-multinode-containers.yaml b/ci/environments/scenario007-multinode-containers.yaml index a089511b61..03d067bbe5 100644 --- a/ci/environments/scenario007-multinode-containers.yaml +++ b/ci/environments/scenario007-multinode-containers.yaml @@ -15,6 +15,7 @@ resource_registry: # OS::TripleO::Services::Tacker: ../../docker/services/tacker.yaml OS::TripleO::Services::Tacker: ../../puppet/services/tacker.yaml OS::TripleO::Services::Congress: ../../docker/services/congress.yaml + OS::TripleO::Services::Snmp: OS::Heat::None parameter_defaults: ControllerServices: - OS::TripleO::Services::Clustercheck @@ -43,7 +44,6 @@ parameter_defaults: - OS::TripleO::Services::NovaMetadata - OS::TripleO::Services::NovaScheduler - OS::TripleO::Services::Ntp - - OS::TripleO::Services::Snmp - OS::TripleO::Services::Timezone - OS::TripleO::Services::NovaCompute - OS::TripleO::Services::NovaLibvirt diff --git a/ci/environments/scenario009-multinode.yaml b/ci/environments/scenario009-multinode.yaml index ea293df20c..7ec83c6f17 100644 --- a/ci/environments/scenario009-multinode.yaml +++ b/ci/environments/scenario009-multinode.yaml @@ -27,6 +27,7 @@ resource_registry: OS::TripleO::Services::NovaCompute: OS::Heat::None OS::TripleO::Services::NovaLibvirt: OS::Heat::None OS::TripleO::Services::Docker: OS::Heat::None + OS::TripleO::Services::Snmp: OS::Heat::None @@ -34,7 +35,6 @@ parameter_defaults: ControllerServices: - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp - - OS::TripleO::Services::Snmp - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall @@ -44,7 +44,6 @@ parameter_defaults: ComputeServices: - OS::TripleO::Services::Kernel - OS::TripleO::Services::Ntp - - OS::TripleO::Services::Snmp - OS::TripleO::Services::Timezone - OS::TripleO::Services::TripleoPackages - OS::TripleO::Services::TripleoFirewall