Redo slave manifests for clarity and correctness.
The differences between openstack_project::slave, openstack_project::slave_template, and openstack_project::bare_slave were not always clear. Keep openstack_project::slave as the default long running slave manifest, but replace slave_template with a single_use_slave.pp to make it clear where single use slave config begins. Add the ability to toggle automatic upgrades and jenkins sudo rights to this new manifest. Finally, add a more verbose comment to bare_slave explaining what it is useful for (having a jenkins like slave host that doesn't need a firewall or ntp or automatic upgrades). Change-Id: I3989c9e6ad9469f441ca5d3627f7b3b704d8a8da
This commit is contained in:
parent
dcee3ce25e
commit
0f4b0fae64
@ -15,7 +15,7 @@ At a Glance
|
||||
* nodepool.openstack.org
|
||||
:Puppet:
|
||||
* :file:`modules/nodepool/`
|
||||
* :file:`modules/openstack_project/manifests/dev_slave_template.pp`
|
||||
* :file:`modules/openstack_project/manifests/single_use_slave.pp`
|
||||
:Configuration:
|
||||
* :file:`modules/openstack_project/templates/nodepool/nodepool.yaml.erb`
|
||||
* :file:`modules/openstack_project/files/nodepool/scripts/`
|
||||
|
@ -556,16 +556,6 @@ node 'pbx.openstack.org' {
|
||||
}
|
||||
}
|
||||
|
||||
# A bare machine, but with a jenkins user
|
||||
node /^.*\.template\.openstack\.org$/ {
|
||||
include openstack_project::slave_template
|
||||
}
|
||||
|
||||
# A bare machine, but with a jenkins user
|
||||
node /^.*dev-.*\.template\.openstack\.org$/ {
|
||||
include openstack_project::dev_slave_template
|
||||
}
|
||||
|
||||
# A backup machine. Don't run cron or puppet agent on it.
|
||||
node /^ci-backup-.*\.openstack\.org$/ {
|
||||
include openstack_project::backup_server
|
||||
@ -710,12 +700,6 @@ node /^fedora18-dev\d+\.slave\.openstack\.org$/ {
|
||||
}
|
||||
}
|
||||
|
||||
node /^.*\.jclouds\.openstack\.org$/ {
|
||||
class { 'openstack_project::bare_slave':
|
||||
certname => 'jclouds.openstack.org',
|
||||
}
|
||||
}
|
||||
|
||||
node 'openstackid-dev.openstack.org' {
|
||||
class { 'openstack_project::openstackid_dev':
|
||||
sysadmins => hiera('sysadmins'),
|
||||
|
@ -17,8 +17,10 @@
|
||||
# limitations under the License.
|
||||
|
||||
HOSTNAME=$1
|
||||
SUDO=$2
|
||||
|
||||
sudo hostname $1
|
||||
|
||||
sudo hostname $HOSTNAME
|
||||
wget https://git.openstack.org/cgit/openstack-infra/config/plain/install_puppet.sh
|
||||
sudo bash -xe install_puppet.sh
|
||||
sudo git clone https://review.openstack.org/p/openstack-infra/config.git \
|
||||
@ -26,10 +28,10 @@ sudo git clone https://review.openstack.org/p/openstack-infra/config.git \
|
||||
sudo /bin/bash /root/config/install_modules.sh
|
||||
if [ -z "$NODEPOOL_SSH_KEY" ] ; then
|
||||
sudo puppet apply --modulepath=/root/config/modules:/etc/puppet/modules \
|
||||
-e "class {'openstack_project::slave_template': }"
|
||||
-e "class {'openstack_project::single_use_slave': sudo => $SUDO, }"
|
||||
else
|
||||
sudo puppet apply --modulepath=/root/config/modules:/etc/puppet/modules \
|
||||
-e "class {'openstack_project::slave_template': install_users => false, ssh_key => '$NODEPOOL_SSH_KEY', }"
|
||||
-e "class {'openstack_project::single_use_slave': install_users => false, sudo => $SUDO, ssh_key => '$NODEPOOL_SSH_KEY', }"
|
||||
fi
|
||||
|
||||
sudo mkdir -p /opt/git
|
||||
|
@ -18,5 +18,4 @@
|
||||
|
||||
HOSTNAME=$1
|
||||
|
||||
./prepare_node.sh $HOSTNAME
|
||||
sudo puppet apply --modulepath=/root/config/modules:/etc/puppet/modules -e "class {'openstack_project::bare_slave': }"
|
||||
./prepare_node.sh $HOSTNAME false
|
||||
|
@ -18,5 +18,5 @@
|
||||
|
||||
HOSTNAME=$1
|
||||
|
||||
./prepare_node.sh $HOSTNAME
|
||||
./prepare_node.sh $HOSTNAME true
|
||||
sudo -u jenkins -i /opt/nodepool-scripts/prepare_devstack.sh $HOSTNAME
|
||||
|
@ -20,5 +20,5 @@ HOSTNAME=$1
|
||||
|
||||
# Workaround bug 1270646 during node bootstrapping.
|
||||
sudo ip link set mtu 1458 dev eth0
|
||||
./prepare_node.sh $HOSTNAME
|
||||
./prepare_node.sh $HOSTNAME true
|
||||
sudo -u jenkins -i /opt/nodepool-scripts/prepare_tripleo.sh $HOSTNAME
|
||||
|
@ -1,5 +1,7 @@
|
||||
# bare-bones slaves spun up by jclouds. Specifically need to not set ssh
|
||||
# login limits, because it screws up jclouds provisioning
|
||||
# Super simple slave manifest that installs something very
|
||||
# similar to an OpenStack Jenkins slave but does not need to
|
||||
# have services managed like firewall, ntp, automatic upgrades,
|
||||
# and so on.
|
||||
class openstack_project::bare_slave(
|
||||
$certname = $::fqdn,
|
||||
$install_users = true
|
||||
|
@ -1,16 +0,0 @@
|
||||
# == Class: openstack_project::dev_slave_template
|
||||
#
|
||||
class openstack_project::dev_slave_template (
|
||||
$install_users = true,
|
||||
$ssh_key = $openstack_project::jenkins_dev_ssh_key
|
||||
) inherits openstack_project {
|
||||
class { 'openstack_project::template':
|
||||
iptables_public_tcp_ports => [],
|
||||
install_users => $install_users,
|
||||
}
|
||||
class { 'jenkins::slave':
|
||||
ssh_key => $ssh_key,
|
||||
sudo => true,
|
||||
bare => true,
|
||||
}
|
||||
}
|
30
modules/openstack_project/manifests/single_use_slave.pp
Normal file
30
modules/openstack_project/manifests/single_use_slave.pp
Normal file
@ -0,0 +1,30 @@
|
||||
# == Class: openstack_project::single_use_slave
|
||||
#
|
||||
# This class configures single use Jenkins slaves with a few
|
||||
# toggleable options. Most importantly sudo rights for the Jenkins
|
||||
# user are by default off but can be enabled. Also, automatic_upgrades
|
||||
# are off by default as the assumption is the backing image for
|
||||
# this single use slaves will be refreshed with new packages
|
||||
# periodically.
|
||||
class openstack_project::single_use_slave (
|
||||
$certname = $::fqdn,
|
||||
$install_users = true,
|
||||
$sudo = false,
|
||||
$automatic_upgrades = false,
|
||||
$ssh_key = $openstack_project::jenkins_ssh_key
|
||||
) inherits openstack_project {
|
||||
class { 'openstack_project::template':
|
||||
certname => $certname,
|
||||
automatic_upgrades => $automatic_upgrades,
|
||||
install_users => $install_users,
|
||||
# Port 8000 from the devstack neutron public net to allow
|
||||
# nova servers to reach heat-api-cfn
|
||||
iptables_rules4 =>
|
||||
['-p tcp --dport 8000 -s 172.24.4.0/24 -j ACCEPT'],
|
||||
}
|
||||
class { 'jenkins::slave':
|
||||
ssh_key => $ssh_key,
|
||||
sudo => $sudo,
|
||||
bare => true,
|
||||
}
|
||||
}
|
@ -1,20 +0,0 @@
|
||||
# == Class: openstack_project::slave_template
|
||||
#
|
||||
class openstack_project::slave_template (
|
||||
$install_users = true,
|
||||
$ssh_key = $openstack_project::jenkins_ssh_key
|
||||
) inherits openstack_project {
|
||||
class { 'openstack_project::template':
|
||||
# Port 8000 from the devstack neutron public net to allow
|
||||
# nova servers to reach heat-api-cfn
|
||||
iptables_rules4 =>
|
||||
['-p tcp --dport 8000 -s 172.24.4.0/24 -j ACCEPT'],
|
||||
iptables_public_tcp_ports => [],
|
||||
install_users => $install_users,
|
||||
}
|
||||
class { 'jenkins::slave':
|
||||
ssh_key => $ssh_key,
|
||||
sudo => true,
|
||||
bare => true,
|
||||
}
|
||||
}
|
@ -8,11 +8,14 @@ class openstack_project::template (
|
||||
$iptables_rules4 = [],
|
||||
$iptables_rules6 = [],
|
||||
$install_users = true,
|
||||
$automatic_upgrades = true,
|
||||
$certname = $::fqdn
|
||||
) {
|
||||
include ssh
|
||||
include snmpd
|
||||
if $automatic_upgrades == true {
|
||||
include openstack_project::automatic_upgrades
|
||||
}
|
||||
|
||||
class { 'iptables':
|
||||
public_tcp_ports => $iptables_public_tcp_ports,
|
||||
|
Loading…
Reference in New Issue
Block a user