Merge "Remove salt"
This commit is contained in:
commit
1d390cc8db
@ -3,12 +3,11 @@ Create Server
|
||||
|
||||
Note that these instructions assume you're working from this
|
||||
directory on an updated local clone of the repository on the
|
||||
puppetmaster, and that your account is a member of the admin, puppet
|
||||
and salt groups for access to their respective keys::
|
||||
puppetmaster, and that your account is a member of the admin
|
||||
and puppet groups for access to their respective keys::
|
||||
|
||||
sudo adduser $(whoami) admin
|
||||
sudo adduser $(whoami) puppet
|
||||
sudo adduser $(whoami) salt
|
||||
|
||||
(Remember to log out and back into your shell if you add yourself
|
||||
to a group.)
|
||||
@ -32,10 +31,6 @@ To launch a node in the OpenStack Jenkins account (slave nodes)::
|
||||
sudo puppet cert generate $FQDN
|
||||
./launch-node.py $FQDN --image "$IMAGE" --flavor "$FLAVOR"
|
||||
|
||||
There is also a --salt option which can be used to tell the script to
|
||||
automatically configure and enroll the server as a minion on the salt
|
||||
master.
|
||||
|
||||
If you are launching a replacement server, you may skip the generate
|
||||
step and specify the name of an existing puppet cert (as long as the
|
||||
private key is on this host).
|
||||
|
@ -23,7 +23,6 @@ import os
|
||||
import time
|
||||
import traceback
|
||||
import argparse
|
||||
import shutil
|
||||
|
||||
import dns
|
||||
import utils
|
||||
@ -38,9 +37,6 @@ IPV6 = os.environ.get('IPV6', '0') is 1
|
||||
|
||||
SCRIPT_DIR = os.path.dirname(sys.argv[0])
|
||||
|
||||
SALT_MASTER_PKI = os.environ.get('SALT_MASTER_PKI', '/etc/salt/pki/master')
|
||||
SALT_MINION_PKI = os.environ.get('SALT_MINION_PKI', '/etc/salt/pki/minion')
|
||||
|
||||
|
||||
def get_client():
|
||||
args = [NOVA_USERNAME, NOVA_PASSWORD, NOVA_PROJECT_ID, NOVA_URL]
|
||||
@ -56,8 +52,8 @@ def get_client():
|
||||
return client
|
||||
|
||||
|
||||
def bootstrap_server(server, admin_pass, key, cert, environment, name,
|
||||
salt_priv, salt_pub, puppetmaster):
|
||||
def bootstrap_server(
|
||||
server, admin_pass, key, cert, environment, name, puppetmaster):
|
||||
ip = utils.get_public_ip(server)
|
||||
if not ip:
|
||||
raise Exception("Unable to find public ip of server")
|
||||
@ -107,16 +103,6 @@ def bootstrap_server(server, admin_pass, key, cert, environment, name,
|
||||
ssh_client.ssh("chmod 0750 /var/lib/puppet/ssl/private_keys")
|
||||
ssh_client.ssh("chmod 0755 /var/lib/puppet/ssl/public_keys")
|
||||
|
||||
if salt_pub and salt_priv:
|
||||
# Assuming salt-master is running on the puppetmaster
|
||||
shutil.copyfile(salt_pub,
|
||||
os.path.join(SALT_MASTER_PKI, 'minions', name))
|
||||
ssh_client.ssh('mkdir -p {0}'.format(SALT_MINION_PKI))
|
||||
ssh_client.scp(salt_pub,
|
||||
os.path.join(SALT_MINION_PKI, 'minion.pub'))
|
||||
ssh_client.scp(salt_priv,
|
||||
os.path.join(SALT_MINION_PKI, 'minion.pem'))
|
||||
|
||||
for ssldir in ['/var/lib/puppet/ssl/certs/',
|
||||
'/var/lib/puppet/ssl/private_keys/',
|
||||
'/var/lib/puppet/ssl/public_keys/']:
|
||||
@ -138,7 +124,7 @@ def bootstrap_server(server, admin_pass, key, cert, environment, name,
|
||||
|
||||
|
||||
def build_server(
|
||||
client, name, image, flavor, cert, environment, salt, puppetmaster):
|
||||
client, name, image, flavor, cert, environment, puppetmaster):
|
||||
key = None
|
||||
server = None
|
||||
|
||||
@ -159,15 +145,11 @@ def build_server(
|
||||
traceback.print_exc()
|
||||
raise
|
||||
|
||||
salt_priv, salt_pub = (None, None)
|
||||
if salt:
|
||||
salt_priv, salt_pub = utils.add_salt_keypair(
|
||||
SALT_MASTER_PKI, name, 2048)
|
||||
try:
|
||||
admin_pass = server.adminPass
|
||||
server = utils.wait_for_resource(server)
|
||||
bootstrap_server(server, admin_pass, key, cert, environment, name,
|
||||
salt_priv, salt_pub, puppetmaster)
|
||||
puppetmaster)
|
||||
print('UUID=%s\nIPV4=%s\nIPV6=%s\n' % (server.id,
|
||||
server.accessIPv4,
|
||||
server.accessIPv6))
|
||||
@ -197,8 +179,6 @@ def main():
|
||||
parser.add_argument("--cert", dest="cert",
|
||||
help="name of signed puppet certificate file (e.g., "
|
||||
"hostname.example.com.pem)")
|
||||
parser.add_argument("--salt", dest="salt", action="store_true",
|
||||
help="Manage salt keys for this host.")
|
||||
parser.add_argument("--server", dest="server", help="Puppetmaster to use.",
|
||||
default="ci-puppetmaster.openstack.org")
|
||||
options = parser.parse_args()
|
||||
@ -239,7 +219,7 @@ def main():
|
||||
print "Found image", image
|
||||
|
||||
build_server(client, options.name, image, flavor, cert,
|
||||
options.environment, options.salt, options.server)
|
||||
options.environment, options.server)
|
||||
dns.print_dns(client, options.name)
|
||||
|
||||
if __name__ == '__main__':
|
||||
|
@ -30,7 +30,6 @@ try:
|
||||
except:
|
||||
pass
|
||||
import paramiko
|
||||
import salt.crypt
|
||||
|
||||
from sshclient import SSHClient
|
||||
|
||||
@ -136,26 +135,6 @@ def add_keypair(client, name):
|
||||
return key, kp
|
||||
|
||||
|
||||
def add_salt_keypair(keydir, keyname, keysize=2048):
|
||||
'''
|
||||
Generate a key pair for use with Salt
|
||||
'''
|
||||
salt_priv = '{0}.pem'.format(keyname)
|
||||
salt_pub = '{0}.pub'.format(keyname)
|
||||
priv_key = os.path.join(keydir, salt_priv)
|
||||
pub_key = os.path.join(keydir, salt_pub)
|
||||
if not os.path.exists(priv_key) or \
|
||||
not os.path.exists(pub_key):
|
||||
try:
|
||||
os.makedirs(keydir)
|
||||
except OSError:
|
||||
pass
|
||||
priv_key = salt.crypt.gen_keys(keydir, keyname, keysize)
|
||||
path, ext = os.path.splitext(priv_key)
|
||||
pub_key = '{0}.pub'.format(path)
|
||||
return priv_key, pub_key
|
||||
|
||||
|
||||
def wait_for_resource(wait_resource):
|
||||
last_progress = None
|
||||
last_status = None
|
||||
|
@ -162,7 +162,6 @@ node 'ci-puppetmaster.openstack.org' {
|
||||
node 'puppetmaster.openstack.org' {
|
||||
class { 'openstack_project::puppetmaster':
|
||||
root_rsa_key => hiera('puppetmaster_root_rsa_key', 'XXX'),
|
||||
salt => false,
|
||||
update_slave => false,
|
||||
sysadmins => hiera('sysadmins', ['admin']),
|
||||
version => '3.4.',
|
||||
@ -641,14 +640,6 @@ node 'pypi.slave.openstack.org' {
|
||||
}
|
||||
}
|
||||
|
||||
# Node-OS: precise
|
||||
node 'salt-trigger.slave.openstack.org' {
|
||||
include openstack_project
|
||||
class { 'openstack_project::salt_trigger_slave':
|
||||
jenkins_ssh_public_key => $openstack_project::jenkins_ssh_key,
|
||||
}
|
||||
}
|
||||
|
||||
# Node-OS: precise
|
||||
node /^precise-dev\d+.*\.slave\.openstack\.org$/ {
|
||||
include openstack_project
|
||||
|
@ -1,2 +0,0 @@
|
||||
# Allow jenkins user to send Salt messages to the Salt Master
|
||||
jenkins ALL=(ALL) NOPASSWD: /usr/bin/salt-call event.fire_master*
|
@ -2,7 +2,6 @@
|
||||
#
|
||||
class openstack_project::puppetmaster (
|
||||
$root_rsa_key,
|
||||
$salt = true,
|
||||
$update_slave = true,
|
||||
$sysadmins = [],
|
||||
$version = '2.7.',
|
||||
@ -19,13 +18,6 @@ class openstack_project::puppetmaster (
|
||||
ca_server => $ca_server,
|
||||
}
|
||||
|
||||
if ($salt) {
|
||||
class { 'salt':
|
||||
salt_master => 'ci-puppetmaster.openstack.org',
|
||||
}
|
||||
class { 'salt::master': }
|
||||
}
|
||||
|
||||
if ($update_slave) {
|
||||
$cron_command = 'bash /opt/config/production/run_all.sh'
|
||||
logrotate::file { 'updatepuppetmaster':
|
||||
@ -45,6 +37,13 @@ class openstack_project::puppetmaster (
|
||||
$cron_command = 'sleep $((RANDOM\%600)) && cd /opt/config/production && git fetch -q && git reset -q --hard @{u} && ./install_modules.sh && touch manifests/site.pp'
|
||||
}
|
||||
|
||||
class { 'salt':
|
||||
ensure => absent,
|
||||
}
|
||||
class { 'salt::master':
|
||||
ensure => absent,
|
||||
}
|
||||
|
||||
cron { 'updatepuppetmaster':
|
||||
user => 'root',
|
||||
minute => '*/15',
|
||||
|
@ -1,22 +0,0 @@
|
||||
# Slave used for automatically triggering commands on the salt master.
|
||||
#
|
||||
# == Class: openstack_project::salt_trigger_slave
|
||||
#
|
||||
class openstack_project::salt_trigger_slave (
|
||||
$jenkins_ssh_public_key = ''
|
||||
) {
|
||||
|
||||
class { 'openstack_project::slave':
|
||||
ssh_key => $jenkins_ssh_public_key,
|
||||
}
|
||||
|
||||
file { '/etc/sudoers.d/salt-trigger':
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0440',
|
||||
source => 'puppet:///modules/openstack_project/salt-trigger.sudoers',
|
||||
replace => true,
|
||||
}
|
||||
|
||||
}
|
@ -10,12 +10,9 @@ class openstack_project::slave (
|
||||
) {
|
||||
|
||||
include openstack_project
|
||||
include openstack_project::automatic_upgrades
|
||||
include openstack_project::tmpcleanup
|
||||
|
||||
class { 'openstack_project::automatic_upgrades':
|
||||
origins => ['LP-PPA-saltstack-salt precise'],
|
||||
}
|
||||
|
||||
class { 'openstack_project::server':
|
||||
iptables_public_tcp_ports => [],
|
||||
certname => $certname,
|
||||
@ -28,7 +25,7 @@ class openstack_project::slave (
|
||||
}
|
||||
|
||||
class { 'salt':
|
||||
salt_master => 'ci-puppetmaster.openstack.org',
|
||||
ensure => absent,
|
||||
}
|
||||
|
||||
include jenkins::cgroups
|
||||
|
@ -1,34 +1,46 @@
|
||||
# Class salt
|
||||
#
|
||||
class salt (
|
||||
$ensure = present,
|
||||
$salt_master = $::fqdn
|
||||
) {
|
||||
|
||||
if ($ensure == present) {
|
||||
$running_ensure = running
|
||||
} else {
|
||||
$running_ensure = stopped
|
||||
}
|
||||
|
||||
if ($::osfamily == 'Debian') {
|
||||
include apt
|
||||
|
||||
# Wrap in ! defined checks to allow minion and master installs on the
|
||||
# same host.
|
||||
if ! defined(Apt::Ppa['ppa:saltstack/salt']) {
|
||||
apt::ppa { 'ppa:saltstack/salt': }
|
||||
if ($ensure == present) {
|
||||
if ! defined(Apt::Ppa['ppa:saltstack/salt']) {
|
||||
apt::ppa { 'ppa:saltstack/salt': }
|
||||
}
|
||||
Apt::Ppa['ppa:saltstack/salt'] -> Package['salt-minion']
|
||||
} else {
|
||||
file { '/etc/apt/sources.list.d/saltstack-salt-precise.list':
|
||||
ensure => absent
|
||||
}
|
||||
}
|
||||
|
||||
if ! defined(Package['python-software-properties']) {
|
||||
package { 'python-software-properties':
|
||||
ensure => present,
|
||||
ensure => $ensure,
|
||||
}
|
||||
}
|
||||
|
||||
Apt::Ppa['ppa:saltstack/salt'] -> Package['salt-minion']
|
||||
|
||||
}
|
||||
|
||||
package { 'salt-minion':
|
||||
ensure => present
|
||||
ensure => $ensure
|
||||
}
|
||||
|
||||
file { '/etc/salt/minion':
|
||||
ensure => present,
|
||||
ensure => $ensure,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
@ -38,7 +50,7 @@ class salt (
|
||||
}
|
||||
|
||||
service { 'salt-minion':
|
||||
ensure => running,
|
||||
ensure => $running_ensure,
|
||||
enable => true,
|
||||
require => File['/etc/salt/minion'],
|
||||
subscribe => [
|
||||
|
@ -1,37 +1,47 @@
|
||||
# Class salt::master
|
||||
#
|
||||
class salt::master {
|
||||
class salt::master (
|
||||
$ensure = present,
|
||||
) {
|
||||
|
||||
if ($ensure == present) {
|
||||
$directory_ensure = directory
|
||||
$running_ensure = running
|
||||
} else {
|
||||
$directory_ensure = absent
|
||||
$running_ensure = stopped
|
||||
}
|
||||
|
||||
if ($::osfamily == 'Debian') {
|
||||
include apt
|
||||
|
||||
# Wrap in ! defined checks to allow minion and master installs on the
|
||||
# same host.
|
||||
if ! defined(Apt::Ppa['ppa:saltstack/salt']) {
|
||||
apt::ppa { 'ppa:saltstack/salt': }
|
||||
if ($ensure == present) {
|
||||
if ! defined(Apt::Ppa['ppa:saltstack/salt']) {
|
||||
apt::ppa { 'ppa:saltstack/salt': }
|
||||
}
|
||||
Apt::Ppa['ppa:saltstack/salt'] -> Package['salt-master']
|
||||
}
|
||||
|
||||
if ! defined(Package['python-software-properties']) {
|
||||
package { 'python-software-properties':
|
||||
ensure => present,
|
||||
ensure => $ensure,
|
||||
}
|
||||
}
|
||||
|
||||
Apt::Ppa['ppa:saltstack/salt'] -> Package['salt-master']
|
||||
|
||||
}
|
||||
|
||||
package { 'salt-master':
|
||||
ensure => present
|
||||
ensure => $ensure
|
||||
}
|
||||
|
||||
group { 'salt':
|
||||
ensure => present,
|
||||
ensure => $ensure,
|
||||
system => true,
|
||||
}
|
||||
|
||||
user { 'salt':
|
||||
ensure => present,
|
||||
ensure => $ensure,
|
||||
gid => 'salt',
|
||||
home => '/home/salt',
|
||||
shell => '/bin/bash',
|
||||
@ -40,7 +50,7 @@ class salt::master {
|
||||
}
|
||||
|
||||
file { '/home/salt':
|
||||
ensure => directory,
|
||||
ensure => $directory_ensure,
|
||||
owner => 'salt',
|
||||
group => 'salt',
|
||||
mode => '0755',
|
||||
@ -48,7 +58,7 @@ class salt::master {
|
||||
}
|
||||
|
||||
file { '/etc/salt/master':
|
||||
ensure => present,
|
||||
ensure => $ensure,
|
||||
owner => 'salt',
|
||||
group => 'salt',
|
||||
mode => '0644',
|
||||
@ -58,7 +68,7 @@ class salt::master {
|
||||
}
|
||||
|
||||
file { '/srv/reactor':
|
||||
ensure => directory,
|
||||
ensure => $directory_ensure,
|
||||
owner => 'salt',
|
||||
group => 'salt',
|
||||
mode => '0755',
|
||||
@ -69,7 +79,7 @@ class salt::master {
|
||||
}
|
||||
|
||||
file { '/srv/reactor/tests.sls':
|
||||
ensure => present,
|
||||
ensure => $ensure,
|
||||
owner => 'salt',
|
||||
group => 'salt',
|
||||
mode => '0644',
|
||||
@ -82,7 +92,7 @@ class salt::master {
|
||||
}
|
||||
|
||||
file { '/etc/salt/pki':
|
||||
ensure => directory,
|
||||
ensure => $directory_ensure,
|
||||
owner => 'salt',
|
||||
group => 'salt',
|
||||
mode => '0710',
|
||||
@ -93,7 +103,7 @@ class salt::master {
|
||||
}
|
||||
|
||||
file { '/etc/salt/pki/master':
|
||||
ensure => directory,
|
||||
ensure => $directory_ensure,
|
||||
owner => 'salt',
|
||||
group => 'salt',
|
||||
mode => '0770',
|
||||
@ -101,7 +111,7 @@ class salt::master {
|
||||
}
|
||||
|
||||
file { '/etc/salt/pki/master/minions':
|
||||
ensure => directory,
|
||||
ensure => $directory_ensure,
|
||||
owner => 'salt',
|
||||
group => 'salt',
|
||||
mode => '0775',
|
||||
@ -109,7 +119,7 @@ class salt::master {
|
||||
}
|
||||
|
||||
service { 'salt-master':
|
||||
ensure => running,
|
||||
ensure => $running_ensure,
|
||||
enable => true,
|
||||
require => [
|
||||
User['salt'],
|
||||
|
Loading…
Reference in New Issue
Block a user