From 2994931fd436d82d257bf09424499c0a83ae58ac Mon Sep 17 00:00:00 2001 From: Jeremy Stanley Date: Wed, 4 Jun 2014 16:00:32 +0000 Subject: [PATCH] Update launch script and instructions * launch/README: Correct outdated references to salt and puppet certs. Modernize the recommended image name. * launch/launch-node.py: When run as root, keep the puppet group on private keys so that they're readable by puppet group members. That way it won't break subsequent runs as non-root following the current instructions in the README file. Modernize the default image name. Change-Id: Ic5034121d4d0df3c096c2e474a9d3d41ec361021 --- launch/README | 14 +++++++------- launch/launch-node.py | 3 ++- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/launch/README b/launch/README index 2105a3eac1..deb7327837 100644 --- a/launch/README +++ b/launch/README @@ -26,23 +26,23 @@ To launch a node in the OpenStack Jenkins account (slave nodes):: . ~root/ci-launch/openstackjenkins-rs-nova.sh export FQDN=slavename.slave.openstack.org nova image-list - export IMAGE='Ubuntu 12.04 LTS (Precise Pangolin)' + export IMAGE='Ubuntu 12.04 LTS (Precise Pangolin) (PVHVM)' nova flavor-list export FLAVOR="8 GB Performance" sudo puppet cert generate $FQDN - ./launch-node.py $FQDN --image "$IMAGE" --flavor "$FLAVOR" --salt + ./launch-node.py $FQDN --image "$IMAGE" --flavor "$FLAVOR" -The --salt option tells the script to automatically configure and enroll -the server as a minion on the salt master. +There is also a --salt option which can be used to tell the script to +automatically configure and enroll the server as a minion on the salt +master. If you are launching a replacement server, you may skip the generate step and specify the name of an existing puppet cert (as long as the private key is on this host). The server name and cert names may be different and the latter can be -specified with --cert if needed (older Jenkins slave types still use -shared certs), but launch-node.py will assume they are the same unless -specified. +specified with --cert if needed, but launch-node.py will assume they +are the same unless specified. Manually add the hostname to DNS (the launch script does not do so automatically). Note that this example assumes you've already diff --git a/launch/launch-node.py b/launch/launch-node.py index d55f22767b..27351b626e 100755 --- a/launch/launch-node.py +++ b/launch/launch-node.py @@ -101,6 +101,7 @@ def bootstrap_server(server, admin_pass, key, cert, environment, name, ssh_client.ssh("mkdir -p /var/lib/puppet/ssl/private_keys") ssh_client.ssh("mkdir -p /var/lib/puppet/ssl/public_keys") ssh_client.ssh("chown -R puppet:root /var/lib/puppet/ssl") + ssh_client.ssh("chown -R puppet:puppet /var/lib/puppet/ssl/private_keys") ssh_client.ssh("chmod 0771 /var/lib/puppet/ssl") ssh_client.ssh("chmod 0755 /var/lib/puppet/ssl/certs") ssh_client.ssh("chmod 0750 /var/lib/puppet/ssl/private_keys") @@ -188,7 +189,7 @@ def main(): parser.add_argument("--flavor", dest="flavor", default='1GB', help="name (or substring) of flavor") parser.add_argument("--image", dest="image", - default="Ubuntu 12.04 LTS (Precise Pangolin)", + default="Ubuntu 12.04 LTS (Precise Pangolin) (PVHVM)", help="image name") parser.add_argument("--environment", dest="environment", default="production",