From 0f4b0fae644d1c1156e87466d3988d86d6c39a18 Mon Sep 17 00:00:00 2001 From: Clark Boylan Date: Mon, 27 Jan 2014 10:39:10 -0800 Subject: [PATCH] Redo slave manifests for clarity and correctness. The differences between openstack_project::slave, openstack_project::slave_template, and openstack_project::bare_slave were not always clear. Keep openstack_project::slave as the default long running slave manifest, but replace slave_template with a single_use_slave.pp to make it clear where single use slave config begins. Add the ability to toggle automatic upgrades and jenkins sudo rights to this new manifest. Finally, add a more verbose comment to bare_slave explaining what it is useful for (having a jenkins like slave host that doesn't need a firewall or ntp or automatic upgrades). Change-Id: I3989c9e6ad9469f441ca5d3627f7b3b704d8a8da --- doc/source/nodepool.rst | 2 +- manifests/site.pp | 16 ---------- .../files/nodepool/scripts/prepare_node.sh | 8 +++-- .../nodepool/scripts/prepare_node_bare.sh | 3 +- .../nodepool/scripts/prepare_node_devstack.sh | 2 +- .../nodepool/scripts/prepare_node_tripleo.sh | 2 +- .../openstack_project/manifests/bare_slave.pp | 6 ++-- .../manifests/dev_slave_template.pp | 16 ---------- .../manifests/single_use_slave.pp | 30 +++++++++++++++++++ .../manifests/slave_template.pp | 20 ------------- .../openstack_project/manifests/template.pp | 5 +++- 11 files changed, 47 insertions(+), 63 deletions(-) delete mode 100644 modules/openstack_project/manifests/dev_slave_template.pp create mode 100644 modules/openstack_project/manifests/single_use_slave.pp delete mode 100644 modules/openstack_project/manifests/slave_template.pp diff --git a/doc/source/nodepool.rst b/doc/source/nodepool.rst index 106a08650d..dc0a2b4727 100644 --- a/doc/source/nodepool.rst +++ b/doc/source/nodepool.rst @@ -15,7 +15,7 @@ At a Glance * nodepool.openstack.org :Puppet: * :file:`modules/nodepool/` - * :file:`modules/openstack_project/manifests/dev_slave_template.pp` + * :file:`modules/openstack_project/manifests/single_use_slave.pp` :Configuration: * :file:`modules/openstack_project/templates/nodepool/nodepool.yaml.erb` * :file:`modules/openstack_project/files/nodepool/scripts/` diff --git a/manifests/site.pp b/manifests/site.pp index ea6abc056b..c66b463f43 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -556,16 +556,6 @@ node 'pbx.openstack.org' { } } -# A bare machine, but with a jenkins user -node /^.*\.template\.openstack\.org$/ { - include openstack_project::slave_template -} - -# A bare machine, but with a jenkins user -node /^.*dev-.*\.template\.openstack\.org$/ { - include openstack_project::dev_slave_template -} - # A backup machine. Don't run cron or puppet agent on it. node /^ci-backup-.*\.openstack\.org$/ { include openstack_project::backup_server @@ -710,12 +700,6 @@ node /^fedora18-dev\d+\.slave\.openstack\.org$/ { } } -node /^.*\.jclouds\.openstack\.org$/ { - class { 'openstack_project::bare_slave': - certname => 'jclouds.openstack.org', - } -} - node 'openstackid-dev.openstack.org' { class { 'openstack_project::openstackid_dev': sysadmins => hiera('sysadmins'), diff --git a/modules/openstack_project/files/nodepool/scripts/prepare_node.sh b/modules/openstack_project/files/nodepool/scripts/prepare_node.sh index 4482ae1e49..15181dd037 100755 --- a/modules/openstack_project/files/nodepool/scripts/prepare_node.sh +++ b/modules/openstack_project/files/nodepool/scripts/prepare_node.sh @@ -17,8 +17,10 @@ # limitations under the License. HOSTNAME=$1 +SUDO=$2 -sudo hostname $1 + +sudo hostname $HOSTNAME wget https://git.openstack.org/cgit/openstack-infra/config/plain/install_puppet.sh sudo bash -xe install_puppet.sh sudo git clone https://review.openstack.org/p/openstack-infra/config.git \ @@ -26,10 +28,10 @@ sudo git clone https://review.openstack.org/p/openstack-infra/config.git \ sudo /bin/bash /root/config/install_modules.sh if [ -z "$NODEPOOL_SSH_KEY" ] ; then sudo puppet apply --modulepath=/root/config/modules:/etc/puppet/modules \ - -e "class {'openstack_project::slave_template': }" + -e "class {'openstack_project::single_use_slave': sudo => $SUDO, }" else sudo puppet apply --modulepath=/root/config/modules:/etc/puppet/modules \ - -e "class {'openstack_project::slave_template': install_users => false, ssh_key => '$NODEPOOL_SSH_KEY', }" + -e "class {'openstack_project::single_use_slave': install_users => false, sudo => $SUDO, ssh_key => '$NODEPOOL_SSH_KEY', }" fi sudo mkdir -p /opt/git diff --git a/modules/openstack_project/files/nodepool/scripts/prepare_node_bare.sh b/modules/openstack_project/files/nodepool/scripts/prepare_node_bare.sh index 9ce8da6ccd..7209a309b0 100755 --- a/modules/openstack_project/files/nodepool/scripts/prepare_node_bare.sh +++ b/modules/openstack_project/files/nodepool/scripts/prepare_node_bare.sh @@ -18,5 +18,4 @@ HOSTNAME=$1 -./prepare_node.sh $HOSTNAME -sudo puppet apply --modulepath=/root/config/modules:/etc/puppet/modules -e "class {'openstack_project::bare_slave': }" +./prepare_node.sh $HOSTNAME false diff --git a/modules/openstack_project/files/nodepool/scripts/prepare_node_devstack.sh b/modules/openstack_project/files/nodepool/scripts/prepare_node_devstack.sh index 2abc3d46b2..9fef2b36cc 100755 --- a/modules/openstack_project/files/nodepool/scripts/prepare_node_devstack.sh +++ b/modules/openstack_project/files/nodepool/scripts/prepare_node_devstack.sh @@ -18,5 +18,5 @@ HOSTNAME=$1 -./prepare_node.sh $HOSTNAME +./prepare_node.sh $HOSTNAME true sudo -u jenkins -i /opt/nodepool-scripts/prepare_devstack.sh $HOSTNAME diff --git a/modules/openstack_project/files/nodepool/scripts/prepare_node_tripleo.sh b/modules/openstack_project/files/nodepool/scripts/prepare_node_tripleo.sh index a43e2b7a7a..f109a5efc2 100755 --- a/modules/openstack_project/files/nodepool/scripts/prepare_node_tripleo.sh +++ b/modules/openstack_project/files/nodepool/scripts/prepare_node_tripleo.sh @@ -20,5 +20,5 @@ HOSTNAME=$1 # Workaround bug 1270646 during node bootstrapping. sudo ip link set mtu 1458 dev eth0 -./prepare_node.sh $HOSTNAME +./prepare_node.sh $HOSTNAME true sudo -u jenkins -i /opt/nodepool-scripts/prepare_tripleo.sh $HOSTNAME diff --git a/modules/openstack_project/manifests/bare_slave.pp b/modules/openstack_project/manifests/bare_slave.pp index 8b9a4eb294..cce04171c1 100644 --- a/modules/openstack_project/manifests/bare_slave.pp +++ b/modules/openstack_project/manifests/bare_slave.pp @@ -1,5 +1,7 @@ -# bare-bones slaves spun up by jclouds. Specifically need to not set ssh -# login limits, because it screws up jclouds provisioning +# Super simple slave manifest that installs something very +# similar to an OpenStack Jenkins slave but does not need to +# have services managed like firewall, ntp, automatic upgrades, +# and so on. class openstack_project::bare_slave( $certname = $::fqdn, $install_users = true diff --git a/modules/openstack_project/manifests/dev_slave_template.pp b/modules/openstack_project/manifests/dev_slave_template.pp deleted file mode 100644 index f67ad234e8..0000000000 --- a/modules/openstack_project/manifests/dev_slave_template.pp +++ /dev/null @@ -1,16 +0,0 @@ -# == Class: openstack_project::dev_slave_template -# -class openstack_project::dev_slave_template ( - $install_users = true, - $ssh_key = $openstack_project::jenkins_dev_ssh_key -) inherits openstack_project { - class { 'openstack_project::template': - iptables_public_tcp_ports => [], - install_users => $install_users, - } - class { 'jenkins::slave': - ssh_key => $ssh_key, - sudo => true, - bare => true, - } -} diff --git a/modules/openstack_project/manifests/single_use_slave.pp b/modules/openstack_project/manifests/single_use_slave.pp new file mode 100644 index 0000000000..0269afb4e0 --- /dev/null +++ b/modules/openstack_project/manifests/single_use_slave.pp @@ -0,0 +1,30 @@ +# == Class: openstack_project::single_use_slave +# +# This class configures single use Jenkins slaves with a few +# toggleable options. Most importantly sudo rights for the Jenkins +# user are by default off but can be enabled. Also, automatic_upgrades +# are off by default as the assumption is the backing image for +# this single use slaves will be refreshed with new packages +# periodically. +class openstack_project::single_use_slave ( + $certname = $::fqdn, + $install_users = true, + $sudo = false, + $automatic_upgrades = false, + $ssh_key = $openstack_project::jenkins_ssh_key +) inherits openstack_project { + class { 'openstack_project::template': + certname => $certname, + automatic_upgrades => $automatic_upgrades, + install_users => $install_users, + # Port 8000 from the devstack neutron public net to allow + # nova servers to reach heat-api-cfn + iptables_rules4 => + ['-p tcp --dport 8000 -s 172.24.4.0/24 -j ACCEPT'], + } + class { 'jenkins::slave': + ssh_key => $ssh_key, + sudo => $sudo, + bare => true, + } +} diff --git a/modules/openstack_project/manifests/slave_template.pp b/modules/openstack_project/manifests/slave_template.pp deleted file mode 100644 index e0023977e6..0000000000 --- a/modules/openstack_project/manifests/slave_template.pp +++ /dev/null @@ -1,20 +0,0 @@ -# == Class: openstack_project::slave_template -# -class openstack_project::slave_template ( - $install_users = true, - $ssh_key = $openstack_project::jenkins_ssh_key -) inherits openstack_project { - class { 'openstack_project::template': - # Port 8000 from the devstack neutron public net to allow - # nova servers to reach heat-api-cfn - iptables_rules4 => - ['-p tcp --dport 8000 -s 172.24.4.0/24 -j ACCEPT'], - iptables_public_tcp_ports => [], - install_users => $install_users, - } - class { 'jenkins::slave': - ssh_key => $ssh_key, - sudo => true, - bare => true, - } -} diff --git a/modules/openstack_project/manifests/template.pp b/modules/openstack_project/manifests/template.pp index ecd4005f89..b3bbb424f2 100644 --- a/modules/openstack_project/manifests/template.pp +++ b/modules/openstack_project/manifests/template.pp @@ -8,11 +8,14 @@ class openstack_project::template ( $iptables_rules4 = [], $iptables_rules6 = [], $install_users = true, + $automatic_upgrades = true, $certname = $::fqdn ) { include ssh include snmpd - include openstack_project::automatic_upgrades + if $automatic_upgrades == true { + include openstack_project::automatic_upgrades + } class { 'iptables': public_tcp_ports => $iptables_public_tcp_ports,