Remove salt
We don't really use the salt infrastructure that we set up, which means it's cruft. Go ahead and admit that we don't use it and remove it from our systems. Change-Id: Ic43695719cbad30aded16ac480deb3dfd9b2a110
This commit is contained in:
parent
23fe4a345f
commit
0fb121893d
@ -3,12 +3,11 @@ Create Server
|
||||
|
||||
Note that these instructions assume you're working from this
|
||||
directory on an updated local clone of the repository on the
|
||||
puppetmaster, and that your account is a member of the admin, puppet
|
||||
and salt groups for access to their respective keys::
|
||||
puppetmaster, and that your account is a member of the admin
|
||||
and puppet groups for access to their respective keys::
|
||||
|
||||
sudo adduser $(whoami) admin
|
||||
sudo adduser $(whoami) puppet
|
||||
sudo adduser $(whoami) salt
|
||||
|
||||
(Remember to log out and back into your shell if you add yourself
|
||||
to a group.)
|
||||
@ -32,10 +31,6 @@ To launch a node in the OpenStack Jenkins account (slave nodes)::
|
||||
sudo puppet cert generate $FQDN
|
||||
./launch-node.py $FQDN --image "$IMAGE" --flavor "$FLAVOR"
|
||||
|
||||
There is also a --salt option which can be used to tell the script to
|
||||
automatically configure and enroll the server as a minion on the salt
|
||||
master.
|
||||
|
||||
If you are launching a replacement server, you may skip the generate
|
||||
step and specify the name of an existing puppet cert (as long as the
|
||||
private key is on this host).
|
||||
|
@ -23,7 +23,6 @@ import os
|
||||
import time
|
||||
import traceback
|
||||
import argparse
|
||||
import shutil
|
||||
|
||||
import dns
|
||||
import utils
|
||||
@ -38,9 +37,6 @@ IPV6 = os.environ.get('IPV6', '0') is 1
|
||||
|
||||
SCRIPT_DIR = os.path.dirname(sys.argv[0])
|
||||
|
||||
SALT_MASTER_PKI = os.environ.get('SALT_MASTER_PKI', '/etc/salt/pki/master')
|
||||
SALT_MINION_PKI = os.environ.get('SALT_MINION_PKI', '/etc/salt/pki/minion')
|
||||
|
||||
|
||||
def get_client():
|
||||
args = [NOVA_USERNAME, NOVA_PASSWORD, NOVA_PROJECT_ID, NOVA_URL]
|
||||
@ -56,8 +52,8 @@ def get_client():
|
||||
return client
|
||||
|
||||
|
||||
def bootstrap_server(server, admin_pass, key, cert, environment, name,
|
||||
salt_priv, salt_pub, puppetmaster):
|
||||
def bootstrap_server(
|
||||
server, admin_pass, key, cert, environment, name, puppetmaster):
|
||||
ip = utils.get_public_ip(server)
|
||||
if not ip:
|
||||
raise Exception("Unable to find public ip of server")
|
||||
@ -107,16 +103,6 @@ def bootstrap_server(server, admin_pass, key, cert, environment, name,
|
||||
ssh_client.ssh("chmod 0750 /var/lib/puppet/ssl/private_keys")
|
||||
ssh_client.ssh("chmod 0755 /var/lib/puppet/ssl/public_keys")
|
||||
|
||||
if salt_pub and salt_priv:
|
||||
# Assuming salt-master is running on the puppetmaster
|
||||
shutil.copyfile(salt_pub,
|
||||
os.path.join(SALT_MASTER_PKI, 'minions', name))
|
||||
ssh_client.ssh('mkdir -p {0}'.format(SALT_MINION_PKI))
|
||||
ssh_client.scp(salt_pub,
|
||||
os.path.join(SALT_MINION_PKI, 'minion.pub'))
|
||||
ssh_client.scp(salt_priv,
|
||||
os.path.join(SALT_MINION_PKI, 'minion.pem'))
|
||||
|
||||
for ssldir in ['/var/lib/puppet/ssl/certs/',
|
||||
'/var/lib/puppet/ssl/private_keys/',
|
||||
'/var/lib/puppet/ssl/public_keys/']:
|
||||
@ -138,7 +124,7 @@ def bootstrap_server(server, admin_pass, key, cert, environment, name,
|
||||
|
||||
|
||||
def build_server(
|
||||
client, name, image, flavor, cert, environment, salt, puppetmaster):
|
||||
client, name, image, flavor, cert, environment, puppetmaster):
|
||||
key = None
|
||||
server = None
|
||||
|
||||
@ -159,15 +145,11 @@ def build_server(
|
||||
traceback.print_exc()
|
||||
raise
|
||||
|
||||
salt_priv, salt_pub = (None, None)
|
||||
if salt:
|
||||
salt_priv, salt_pub = utils.add_salt_keypair(
|
||||
SALT_MASTER_PKI, name, 2048)
|
||||
try:
|
||||
admin_pass = server.adminPass
|
||||
server = utils.wait_for_resource(server)
|
||||
bootstrap_server(server, admin_pass, key, cert, environment, name,
|
||||
salt_priv, salt_pub, puppetmaster)
|
||||
puppetmaster)
|
||||
print('UUID=%s\nIPV4=%s\nIPV6=%s\n' % (server.id,
|
||||
server.accessIPv4,
|
||||
server.accessIPv6))
|
||||
@ -197,8 +179,6 @@ def main():
|
||||
parser.add_argument("--cert", dest="cert",
|
||||
help="name of signed puppet certificate file (e.g., "
|
||||
"hostname.example.com.pem)")
|
||||
parser.add_argument("--salt", dest="salt", action="store_true",
|
||||
help="Manage salt keys for this host.")
|
||||
parser.add_argument("--server", dest="server", help="Puppetmaster to use.",
|
||||
default="ci-puppetmaster.openstack.org")
|
||||
options = parser.parse_args()
|
||||
@ -239,7 +219,7 @@ def main():
|
||||
print "Found image", image
|
||||
|
||||
build_server(client, options.name, image, flavor, cert,
|
||||
options.environment, options.salt, options.server)
|
||||
options.environment, options.server)
|
||||
dns.print_dns(client, options.name)
|
||||
|
||||
if __name__ == '__main__':
|
||||
|
@ -30,7 +30,6 @@ try:
|
||||
except:
|
||||
pass
|
||||
import paramiko
|
||||
import salt.crypt
|
||||
|
||||
from sshclient import SSHClient
|
||||
|
||||
@ -136,26 +135,6 @@ def add_keypair(client, name):
|
||||
return key, kp
|
||||
|
||||
|
||||
def add_salt_keypair(keydir, keyname, keysize=2048):
|
||||
'''
|
||||
Generate a key pair for use with Salt
|
||||
'''
|
||||
salt_priv = '{0}.pem'.format(keyname)
|
||||
salt_pub = '{0}.pub'.format(keyname)
|
||||
priv_key = os.path.join(keydir, salt_priv)
|
||||
pub_key = os.path.join(keydir, salt_pub)
|
||||
if not os.path.exists(priv_key) or \
|
||||
not os.path.exists(pub_key):
|
||||
try:
|
||||
os.makedirs(keydir)
|
||||
except OSError:
|
||||
pass
|
||||
priv_key = salt.crypt.gen_keys(keydir, keyname, keysize)
|
||||
path, ext = os.path.splitext(priv_key)
|
||||
pub_key = '{0}.pub'.format(path)
|
||||
return priv_key, pub_key
|
||||
|
||||
|
||||
def wait_for_resource(wait_resource):
|
||||
last_progress = None
|
||||
last_status = None
|
||||
|
@ -162,7 +162,6 @@ node 'ci-puppetmaster.openstack.org' {
|
||||
node 'puppetmaster.openstack.org' {
|
||||
class { 'openstack_project::puppetmaster':
|
||||
root_rsa_key => hiera('puppetmaster_root_rsa_key', 'XXX'),
|
||||
salt => false,
|
||||
update_slave => false,
|
||||
sysadmins => hiera('sysadmins', ['admin']),
|
||||
version => '3.4.',
|
||||
@ -641,14 +640,6 @@ node 'pypi.slave.openstack.org' {
|
||||
}
|
||||
}
|
||||
|
||||
# Node-OS: precise
|
||||
node 'salt-trigger.slave.openstack.org' {
|
||||
include openstack_project
|
||||
class { 'openstack_project::salt_trigger_slave':
|
||||
jenkins_ssh_public_key => $openstack_project::jenkins_ssh_key,
|
||||
}
|
||||
}
|
||||
|
||||
# Node-OS: precise
|
||||
node /^precise-dev\d+.*\.slave\.openstack\.org$/ {
|
||||
include openstack_project
|
||||
|
@ -1,2 +0,0 @@
|
||||
# Allow jenkins user to send Salt messages to the Salt Master
|
||||
jenkins ALL=(ALL) NOPASSWD: /usr/bin/salt-call event.fire_master*
|
@ -2,7 +2,6 @@
|
||||
#
|
||||
class openstack_project::puppetmaster (
|
||||
$root_rsa_key,
|
||||
$salt = true,
|
||||
$update_slave = true,
|
||||
$sysadmins = [],
|
||||
$version = '2.7.',
|
||||
@ -19,13 +18,6 @@ class openstack_project::puppetmaster (
|
||||
ca_server => $ca_server,
|
||||
}
|
||||
|
||||
if ($salt) {
|
||||
class { 'salt':
|
||||
salt_master => 'ci-puppetmaster.openstack.org',
|
||||
}
|
||||
class { 'salt::master': }
|
||||
}
|
||||
|
||||
if ($update_slave) {
|
||||
$cron_command = 'bash /opt/config/production/run_all.sh'
|
||||
logrotate::file { 'updatepuppetmaster':
|
||||
@ -45,6 +37,13 @@ class openstack_project::puppetmaster (
|
||||
$cron_command = 'sleep $((RANDOM\%600)) && cd /opt/config/production && git fetch -q && git reset -q --hard @{u} && ./install_modules.sh && touch manifests/site.pp'
|
||||
}
|
||||
|
||||
class { 'salt':
|
||||
ensure => absent,
|
||||
}
|
||||
class { 'salt::master':
|
||||
ensure => absent,
|
||||
}
|
||||
|
||||
cron { 'updatepuppetmaster':
|
||||
user => 'root',
|
||||
minute => '*/15',
|
||||
|
@ -1,22 +0,0 @@
|
||||
# Slave used for automatically triggering commands on the salt master.
|
||||
#
|
||||
# == Class: openstack_project::salt_trigger_slave
|
||||
#
|
||||
class openstack_project::salt_trigger_slave (
|
||||
$jenkins_ssh_public_key = ''
|
||||
) {
|
||||
|
||||
class { 'openstack_project::slave':
|
||||
ssh_key => $jenkins_ssh_public_key,
|
||||
}
|
||||
|
||||
file { '/etc/sudoers.d/salt-trigger':
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0440',
|
||||
source => 'puppet:///modules/openstack_project/salt-trigger.sudoers',
|
||||
replace => true,
|
||||
}
|
||||
|
||||
}
|
@ -10,12 +10,9 @@ class openstack_project::slave (
|
||||
) {
|
||||
|
||||
include openstack_project
|
||||
include openstack_project::automatic_upgrades
|
||||
include openstack_project::tmpcleanup
|
||||
|
||||
class { 'openstack_project::automatic_upgrades':
|
||||
origins => ['LP-PPA-saltstack-salt precise'],
|
||||
}
|
||||
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [],
|
||||
certname => $certname,
|
||||
@ -28,7 +25,7 @@ class openstack_project::slave (
|
||||
}
|
||||
|
||||
class { 'salt':
|
||||
salt_master => 'ci-puppetmaster.openstack.org',
|
||||
ensure => absent,
|
||||
}
|
||||
|
||||
include jenkins::cgroups
|
||||
|
@ -1,34 +1,46 @@
|
||||
# Class salt
|
||||
#
|
||||
class salt (
|
||||
$ensure = present,
|
||||
$salt_master = $::fqdn
|
||||
) {
|
||||
|
||||
if ($ensure == present) {
|
||||
$running_ensure = running
|
||||
} else {
|
||||
$running_ensure = stopped
|
||||
}
|
||||
|
||||
if ($::osfamily == 'Debian') {
|
||||
include apt
|
||||
|
||||
# Wrap in ! defined checks to allow minion and master installs on the
|
||||
# same host.
|
||||
if ! defined(Apt::Ppa['ppa:saltstack/salt']) {
|
||||
apt::ppa { 'ppa:saltstack/salt': }
|
||||
if ($ensure == present) {
|
||||
if ! defined(Apt::Ppa['ppa:saltstack/salt']) {
|
||||
apt::ppa { 'ppa:saltstack/salt': }
|
||||
}
|
||||
Apt::Ppa['ppa:saltstack/salt'] -> Package['salt-minion']
|
||||
} else {
|
||||
file { '/etc/apt/sources.list.d/saltstack-salt-precise.list':
|
||||
ensure => absent
|
||||
}
|
||||
}
|
||||
|
||||
if ! defined(Package['python-software-properties']) {
|
||||
package { 'python-software-properties':
|
||||
ensure => present,
|
||||
ensure => $ensure,
|
||||
}
|
||||
}
|
||||
|
||||
Apt::Ppa['ppa:saltstack/salt'] -> Package['salt-minion']
|
||||
|
||||
}
|
||||
|
||||
package { 'salt-minion':
|
||||
ensure => present
|
||||
ensure => $ensure
|
||||
}
|
||||
|
||||
file { '/etc/salt/minion':
|
||||
ensure => present,
|
||||
ensure => $ensure,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
@ -38,7 +50,7 @@ class salt (
|
||||
}
|
||||
|
||||
service { 'salt-minion':
|
||||
ensure => running,
|
||||
ensure => $running_ensure,
|
||||
enable => true,
|
||||
require => File['/etc/salt/minion'],
|
||||
subscribe => [
|
||||
|
@ -1,37 +1,47 @@
|
||||
# Class salt::master
|
||||
#
|
||||
class salt::master {
|
||||
class salt::master (
|
||||
$ensure = present,
|
||||
) {
|
||||
|
||||
if ($ensure == present) {
|
||||
$directory_ensure = directory
|
||||
$running_ensure = running
|
||||
} else {
|
||||
$directory_ensure = absent
|
||||
$running_ensure = stopped
|
||||
}
|
||||
|
||||
if ($::osfamily == 'Debian') {
|
||||
include apt
|
||||
|
||||
# Wrap in ! defined checks to allow minion and master installs on the
|
||||
# same host.
|
||||
if ! defined(Apt::Ppa['ppa:saltstack/salt']) {
|
||||
apt::ppa { 'ppa:saltstack/salt': }
|
||||
if ($ensure == present) {
|
||||
if ! defined(Apt::Ppa['ppa:saltstack/salt']) {
|
||||
apt::ppa { 'ppa:saltstack/salt': }
|
||||
}
|
||||
Apt::Ppa['ppa:saltstack/salt'] -> Package['salt-master']
|
||||
}
|
||||
|
||||
if ! defined(Package['python-software-properties']) {
|
||||
package { 'python-software-properties':
|
||||
ensure => present,
|
||||
ensure => $ensure,
|
||||
}
|
||||
}
|
||||
|
||||
Apt::Ppa['ppa:saltstack/salt'] -> Package['salt-master']
|
||||
|
||||
}
|
||||
|
||||
package { 'salt-master':
|
||||
ensure => present
|
||||
ensure => $ensure
|
||||
}
|
||||
|
||||
group { 'salt':
|
||||
ensure => present,
|
||||
ensure => $ensure,
|
||||
system => true,
|
||||
}
|
||||
|
||||
user { 'salt':
|
||||
ensure => present,
|
||||
ensure => $ensure,
|
||||
gid => 'salt',
|
||||
home => '/home/salt',
|
||||
shell => '/bin/bash',
|
||||
@ -40,7 +50,7 @@ class salt::master {
|
||||
}
|
||||
|
||||
file { '/home/salt':
|
||||
ensure => directory,
|
||||
ensure => $directory_ensure,
|
||||
owner => 'salt',
|
||||
group => 'salt',
|
||||
mode => '0755',
|
||||
@ -48,7 +58,7 @@ class salt::master {
|
||||
}
|
||||
|
||||
file { '/etc/salt/master':
|
||||
ensure => present,
|
||||
ensure => $ensure,
|
||||
owner => 'salt',
|
||||
group => 'salt',
|
||||
mode => '0644',
|
||||
@ -58,7 +68,7 @@ class salt::master {
|
||||
}
|
||||
|
||||
file { '/srv/reactor':
|
||||
ensure => directory,
|
||||
ensure => $directory_ensure,
|
||||
owner => 'salt',
|
||||
group => 'salt',
|
||||
mode => '0755',
|
||||
@ -69,7 +79,7 @@ class salt::master {
|
||||
}
|
||||
|
||||
file { '/srv/reactor/tests.sls':
|
||||
ensure => present,
|
||||
ensure => $ensure,
|
||||
owner => 'salt',
|
||||
group => 'salt',
|
||||
mode => '0644',
|
||||
@ -82,7 +92,7 @@ class salt::master {
|
||||
}
|
||||
|
||||
file { '/etc/salt/pki':
|
||||
ensure => directory,
|
||||
ensure => $directory_ensure,
|
||||
owner => 'salt',
|
||||
group => 'salt',
|
||||
mode => '0710',
|
||||
@ -93,7 +103,7 @@ class salt::master {
|
||||
}
|
||||
|
||||
file { '/etc/salt/pki/master':
|
||||
ensure => directory,
|
||||
ensure => $directory_ensure,
|
||||
owner => 'salt',
|
||||
group => 'salt',
|
||||
mode => '0770',
|
||||
@ -101,7 +111,7 @@ class salt::master {
|
||||
}
|
||||
|
||||
file { '/etc/salt/pki/master/minions':
|
||||
ensure => directory,
|
||||
ensure => $directory_ensure,
|
||||
owner => 'salt',
|
||||
group => 'salt',
|
||||
mode => '0775',
|
||||
@ -109,7 +119,7 @@ class salt::master {
|
||||
}
|
||||
|
||||
service { 'salt-master':
|
||||
ensure => running,
|
||||
ensure => $running_ensure,
|
||||
enable => true,
|
||||
require => [
|
||||
User['salt'],
|
||||
|
Loading…
Reference in New Issue
Block a user