Merge "Refactor o_p::base into o_p::template"
This commit is contained in:
commit
5fffbc8e05
@ -1,208 +0,0 @@
|
||||
# == Class: openstack_project::base
|
||||
#
|
||||
class openstack_project::base(
|
||||
$certname = $::fqdn,
|
||||
$install_users = true,
|
||||
$pin_puppet = '3.',
|
||||
$ca_server = undef,
|
||||
$puppetmaster_server = 'puppetmaster.openstack.org',
|
||||
) {
|
||||
if ($::osfamily == 'Debian') {
|
||||
include apt
|
||||
}
|
||||
include openstack_project::params
|
||||
include openstack_project::users
|
||||
include sudoers
|
||||
|
||||
case $pin_puppet {
|
||||
'2.7.': {
|
||||
$pin_facter = '1.'
|
||||
$pin_puppetdb = '1.'
|
||||
}
|
||||
/^3\./: {
|
||||
$pin_facter = '2.'
|
||||
$pin_puppetdb = '2.'
|
||||
}
|
||||
default: {
|
||||
fail("Puppet version not supported")
|
||||
}
|
||||
}
|
||||
|
||||
file { '/etc/profile.d/Z98-byobu.sh':
|
||||
ensure => absent,
|
||||
}
|
||||
|
||||
package { 'popularity-contest':
|
||||
ensure => absent,
|
||||
}
|
||||
|
||||
package { 'git':
|
||||
ensure => present,
|
||||
}
|
||||
|
||||
if ($::operatingsystem == 'Fedora') {
|
||||
|
||||
package { 'hiera':
|
||||
ensure => latest,
|
||||
provider => 'gem',
|
||||
}
|
||||
|
||||
exec { 'symlink hiera modules' :
|
||||
command => 'ln -s /usr/local/share/gems/gems/hiera-puppet-* /etc/puppet/modules/',
|
||||
path => '/bin:/usr/bin',
|
||||
subscribe => Package['hiera'],
|
||||
refreshonly => true,
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
package { $::openstack_project::params::packages:
|
||||
ensure => present
|
||||
}
|
||||
|
||||
include pip
|
||||
|
||||
package { 'virtualenv':
|
||||
ensure => latest,
|
||||
provider => pip,
|
||||
require => Class['pip'],
|
||||
}
|
||||
file { '/etc/pip.conf':
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0444',
|
||||
source => 'puppet:///modules/openstack_project/pip.conf',
|
||||
replace => true,
|
||||
}
|
||||
|
||||
if ($install_users) {
|
||||
package { $::openstack_project::params::user_packages:
|
||||
ensure => present
|
||||
}
|
||||
|
||||
realize (
|
||||
User::Virtual::Localuser['mordred'],
|
||||
User::Virtual::Localuser['corvus'],
|
||||
User::Virtual::Localuser['clarkb'],
|
||||
User::Virtual::Localuser['fungi'],
|
||||
User::Virtual::Localuser['slukjanov'],
|
||||
User::Virtual::Localuser['elizabeth'],
|
||||
)
|
||||
}
|
||||
|
||||
if ! defined(File['/root/.ssh']) {
|
||||
file { '/root/.ssh':
|
||||
ensure => directory,
|
||||
mode => '0700',
|
||||
}
|
||||
}
|
||||
|
||||
ssh_authorized_key { 'puppet-remote-2014-04-17':
|
||||
ensure => absent,
|
||||
user => 'root',
|
||||
}
|
||||
ssh_authorized_key { 'puppet-remote-2014-05-24':
|
||||
ensure => absent,
|
||||
user => 'root',
|
||||
}
|
||||
ssh_authorized_key { 'puppet-remote-2014-09-11':
|
||||
ensure => absent,
|
||||
user => 'root',
|
||||
}
|
||||
|
||||
ssh_authorized_key { 'puppet-remote-2014-09-15':
|
||||
ensure => present,
|
||||
user => 'root',
|
||||
type => 'ssh-rsa',
|
||||
key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDSLlN41ftgxkNeUi/kATYPwMPjJdMaSbgokSb9PSkRPZE7GeNai60BCfhu+ky8h5eMe70Bpwb7mQ7GAtHGXPNU1SRBPhMuVN9EYrQbt5KSiwuiTXtQHsWyYrSKtB+XGbl2PhpMQ/TPVtFoL5usxu/MYaakVkCEbt5IbPYNg88/NKPixicJuhi0qsd+l1X1zoc1+Fn87PlwMoIgfLIktwaL8hw9mzqr+pPcDIjCFQQWnjqJVEObOcMstBT20XwKj/ymiH+6p123nnlIHilACJzXhmIZIZO+EGkNF7KyXpcBSfv9efPI+VCE2TOv/scJFdEHtDFkl2kdUBYPC0wQ92rp',
|
||||
options => [
|
||||
'from="puppetmaster.openstack.org"',
|
||||
],
|
||||
require => File['/root/.ssh'],
|
||||
}
|
||||
ssh_authorized_key { '/root/.ssh/authorized_keys':
|
||||
ensure => absent,
|
||||
user => 'root',
|
||||
}
|
||||
|
||||
# Which Puppet do I take?
|
||||
# Take $puppet_version and pin to that version
|
||||
if ($::osfamily == 'Debian') {
|
||||
apt::source { 'puppetlabs':
|
||||
location => 'http://apt.puppetlabs.com',
|
||||
repos => 'main',
|
||||
key => '4BD6EC30',
|
||||
key_server => 'pgp.mit.edu',
|
||||
}
|
||||
|
||||
file { '/etc/apt/apt.conf.d/80retry':
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0444',
|
||||
source => 'puppet:///modules/openstack_project/80retry',
|
||||
replace => true,
|
||||
}
|
||||
|
||||
file { '/etc/apt/apt.conf.d/90no-translations':
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0444',
|
||||
source => 'puppet:///modules/openstack_project/90no-translations',
|
||||
replace => true,
|
||||
}
|
||||
|
||||
file { '/etc/apt/preferences.d/00-puppet.pref':
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0444',
|
||||
content => template('openstack_project/00-puppet.pref.erb'),
|
||||
replace => true,
|
||||
}
|
||||
|
||||
file { '/etc/default/puppet':
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0444',
|
||||
source => 'puppet:///modules/openstack_project/puppet.default',
|
||||
replace => true,
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
if ($::operatingsystem == 'CentOS') {
|
||||
file { '/etc/yum.repos.d/puppetlabs.repo':
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0444',
|
||||
source => 'puppet:///modules/openstack_project/centos-puppetlabs.repo',
|
||||
replace => true,
|
||||
}
|
||||
file { '/etc/yum.conf':
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0444',
|
||||
source => 'puppet:///modules/openstack_project/yum.conf',
|
||||
replace => true,
|
||||
}
|
||||
}
|
||||
|
||||
$puppet_version = $pin_puppet
|
||||
file { '/etc/puppet/puppet.conf':
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0444',
|
||||
content => template('openstack_project/puppet.conf.erb'),
|
||||
replace => true,
|
||||
}
|
||||
|
||||
service { 'puppet':
|
||||
ensure => stopped,
|
||||
}
|
||||
}
|
||||
|
||||
# vim:sw=2:ts=2:expandtab:textwidth=79
|
@ -33,7 +33,7 @@ class openstack_project::puppetdb (
|
||||
|
||||
class { 'puppetdb::database::postgresql':
|
||||
require => [User['postgres'],
|
||||
Class['openstack_project::base'],],
|
||||
Class['openstack_project::template'],],
|
||||
}
|
||||
|
||||
class { '::puppetdb::server':
|
||||
|
@ -17,9 +17,29 @@ class openstack_project::template (
|
||||
$afs = false,
|
||||
$puppetmaster_server = 'puppetmaster.openstack.org',
|
||||
) {
|
||||
|
||||
###########################################################
|
||||
# Classes for all hosts
|
||||
|
||||
include ntp
|
||||
include ssh
|
||||
include snmpd
|
||||
include ssh
|
||||
include sudoers
|
||||
|
||||
include openstack_project::params
|
||||
include openstack_project::users
|
||||
|
||||
class { 'iptables':
|
||||
public_tcp_ports => $iptables_public_tcp_ports,
|
||||
public_udp_ports => $all_udp,
|
||||
rules4 => $iptables_rules4,
|
||||
rules6 => $iptables_rules6,
|
||||
}
|
||||
|
||||
|
||||
###########################################################
|
||||
# Process if ( $high_level_directive ) blocks
|
||||
|
||||
if $automatic_upgrades == true {
|
||||
class { 'openstack_project::automatic_upgrades':
|
||||
origins => ["Puppetlabs:${lsbdistcodename}"],
|
||||
@ -43,35 +63,10 @@ class openstack_project::template (
|
||||
$all_udp = $iptables_public_udp_ports
|
||||
}
|
||||
|
||||
class { 'iptables':
|
||||
public_tcp_ports => $iptables_public_tcp_ports,
|
||||
public_udp_ports => $all_udp,
|
||||
rules4 => $iptables_rules4,
|
||||
rules6 => $iptables_rules6,
|
||||
}
|
||||
|
||||
class { 'openstack_project::base':
|
||||
install_users => $install_users,
|
||||
certname => $certname,
|
||||
pin_puppet => $pin_puppet,
|
||||
ca_server => $ca_server,
|
||||
puppetmaster_server => $puppetmaster_server,
|
||||
}
|
||||
|
||||
package { 'lvm2':
|
||||
ensure => present,
|
||||
}
|
||||
|
||||
package { 'strace':
|
||||
ensure => present,
|
||||
}
|
||||
|
||||
package { 'tcpdump':
|
||||
ensure => present,
|
||||
}
|
||||
|
||||
package { 'rsyslog':
|
||||
ensure => present,
|
||||
if ($install_users) {
|
||||
package { $::openstack_project::params::user_packages:
|
||||
ensure => present
|
||||
}
|
||||
}
|
||||
|
||||
if ($enable_unbound) {
|
||||
@ -80,31 +75,6 @@ class openstack_project::template (
|
||||
}
|
||||
}
|
||||
|
||||
if $::osfamily == 'Debian' {
|
||||
# Make sure dig is installed
|
||||
package { 'dnsutils':
|
||||
ensure => present,
|
||||
}
|
||||
|
||||
# Custom rsyslog config to disable /dev/xconsole noise on Debuntu servers
|
||||
file { '/etc/rsyslog.d/50-default.conf':
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
source =>
|
||||
'puppet:///modules/openstack_project/rsyslog.d_50-default.conf',
|
||||
replace => true,
|
||||
notify => $rsyslog_notify,
|
||||
}
|
||||
|
||||
# Ubuntu installs their whoopsie package by default, but it eats through
|
||||
# memory and we don't need it on servers
|
||||
package { 'whoopsie':
|
||||
ensure => absent,
|
||||
}
|
||||
}
|
||||
|
||||
if ($::in_chroot) {
|
||||
notify { 'rsyslog in chroot':
|
||||
message => 'rsyslog not refreshed, running in chroot',
|
||||
@ -120,6 +90,9 @@ class openstack_project::template (
|
||||
$rsyslog_notify = [ Service['rsyslog'] ]
|
||||
}
|
||||
|
||||
###########################################################
|
||||
# System tweaks
|
||||
|
||||
# Increase syslog message size in order to capture
|
||||
# python tracebacks with syslog.
|
||||
file { '/etc/rsyslog.d/99-maxsize.conf':
|
||||
@ -132,10 +105,257 @@ class openstack_project::template (
|
||||
notify => $rsyslog_notify,
|
||||
}
|
||||
|
||||
if ($::osfamily == 'RedHat') {
|
||||
# Make sure dig is installed
|
||||
package { 'bind-utils':
|
||||
ensure => present,
|
||||
# We don't like byobu
|
||||
file { '/etc/profile.d/Z98-byobu.sh':
|
||||
ensure => absent,
|
||||
}
|
||||
|
||||
if $::osfamily == 'Debian' {
|
||||
|
||||
# Custom rsyslog config to disable /dev/xconsole noise on Debuntu servers
|
||||
file { '/etc/rsyslog.d/50-default.conf':
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
source =>
|
||||
'puppet:///modules/openstack_project/rsyslog.d_50-default.conf',
|
||||
replace => true,
|
||||
notify => $rsyslog_notify,
|
||||
}
|
||||
|
||||
# Ubuntu installs their whoopsie package by default, but it eats through
|
||||
# memory and we don't need it on servers
|
||||
package { 'whoopsie':
|
||||
ensure => absent,
|
||||
}
|
||||
|
||||
package { 'popularity-contest':
|
||||
ensure => absent,
|
||||
}
|
||||
}
|
||||
|
||||
###########################################################
|
||||
# Package resources for all operating systems
|
||||
|
||||
package { 'lvm2':
|
||||
ensure => present,
|
||||
}
|
||||
|
||||
package { 'strace':
|
||||
ensure => present,
|
||||
}
|
||||
|
||||
package { 'tcpdump':
|
||||
ensure => present,
|
||||
}
|
||||
|
||||
package { 'rsyslog':
|
||||
ensure => present,
|
||||
}
|
||||
|
||||
package { 'git':
|
||||
ensure => present,
|
||||
}
|
||||
|
||||
package { $::openstack_project::params::packages:
|
||||
ensure => present
|
||||
}
|
||||
|
||||
###########################################################
|
||||
# Package resources for specific operating systems
|
||||
|
||||
case $::osfamily {
|
||||
'Debian': {
|
||||
include apt
|
||||
|
||||
# Make sure dig is installed
|
||||
package { 'dnsutils':
|
||||
ensure => present,
|
||||
}
|
||||
}
|
||||
'RedHat': {
|
||||
# Make sure dig is installed
|
||||
package { 'bind-utils':
|
||||
ensure => present,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
###########################################################
|
||||
# Manage python/pip
|
||||
|
||||
include pip
|
||||
$desired_virtualenv = '1.11.4'
|
||||
|
||||
if (( versioncmp($::virtualenv_version, $desired_virtualenv) < 0 )) {
|
||||
$virtualenv_ensure = $desired_virtualenv
|
||||
} else {
|
||||
$virtualenv_ensure = present
|
||||
}
|
||||
package { 'virtualenv':
|
||||
ensure => $virtualenv_ensure,
|
||||
provider => pip,
|
||||
require => Class['pip'],
|
||||
}
|
||||
file { '/etc/pip.conf':
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0444',
|
||||
source => 'puppet:///modules/openstack_project/pip.conf',
|
||||
replace => true,
|
||||
}
|
||||
|
||||
###########################################################
|
||||
# Manage Root ssh
|
||||
|
||||
if ! defined(File['/root/.ssh']) {
|
||||
file { '/root/.ssh':
|
||||
ensure => directory,
|
||||
mode => '0700',
|
||||
}
|
||||
}
|
||||
|
||||
ssh_authorized_key { 'puppet-remote-2014-04-17':
|
||||
ensure => absent,
|
||||
user => 'root',
|
||||
}
|
||||
ssh_authorized_key { 'puppet-remote-2014-05-24':
|
||||
ensure => absent,
|
||||
user => 'root',
|
||||
}
|
||||
ssh_authorized_key { 'puppet-remote-2014-09-11':
|
||||
ensure => absent,
|
||||
user => 'root',
|
||||
}
|
||||
|
||||
ssh_authorized_key { 'puppet-remote-2014-09-15':
|
||||
ensure => present,
|
||||
user => 'root',
|
||||
type => 'ssh-rsa',
|
||||
key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDSLlN41ftgxkNeUi/kATYPwMPjJdMaSbgokSb9PSkRPZE7GeNai60BCfhu+ky8h5eMe70Bpwb7mQ7GAtHGXPNU1SRBPhMuVN9EYrQbt5KSiwuiTXtQHsWyYrSKtB+XGbl2PhpMQ/TPVtFoL5usxu/MYaakVkCEbt5IbPYNg88/NKPixicJuhi0qsd+l1X1zoc1+Fn87PlwMoIgfLIktwaL8hw9mzqr+pPcDIjCFQQWnjqJVEObOcMstBT20XwKj/ymiH+6p123nnlIHilACJzXhmIZIZO+EGkNF7KyXpcBSfv9efPI+VCE2TOv/scJFdEHtDFkl2kdUBYPC0wQ92rp',
|
||||
options => [
|
||||
'from="puppetmaster.openstack.org"',
|
||||
],
|
||||
require => File['/root/.ssh'],
|
||||
}
|
||||
ssh_authorized_key { '/root/.ssh/authorized_keys':
|
||||
ensure => absent,
|
||||
user => 'root',
|
||||
}
|
||||
|
||||
###########################################################
|
||||
# Manage Puppet
|
||||
# possible TODO: break this into openstack_project::puppet
|
||||
|
||||
case $pin_puppet {
|
||||
'2.7.': {
|
||||
$pin_facter = '1.'
|
||||
$pin_puppetdb = '1.'
|
||||
}
|
||||
/^3\./: {
|
||||
$pin_facter = '2.'
|
||||
$pin_puppetdb = '2.'
|
||||
}
|
||||
default: {
|
||||
fail("Puppet version not supported")
|
||||
}
|
||||
}
|
||||
|
||||
if ($::operatingsystem == 'Fedora') {
|
||||
|
||||
package { 'hiera':
|
||||
ensure => latest,
|
||||
provider => 'gem',
|
||||
}
|
||||
|
||||
exec { 'symlink hiera modules' :
|
||||
command => 'ln -s /usr/local/share/gems/gems/hiera-puppet-* /etc/puppet/modules/',
|
||||
path => '/bin:/usr/bin',
|
||||
subscribe => Package['hiera'],
|
||||
refreshonly => true,
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
# Which Puppet do I take?
|
||||
# Take $puppet_version and pin to that version
|
||||
if ($::osfamily == 'Debian') {
|
||||
apt::source { 'puppetlabs':
|
||||
location => 'http://apt.puppetlabs.com',
|
||||
repos => 'main',
|
||||
key => '4BD6EC30',
|
||||
key_server => 'pgp.mit.edu',
|
||||
}
|
||||
|
||||
file { '/etc/apt/apt.conf.d/80retry':
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0444',
|
||||
source => 'puppet:///modules/openstack_project/80retry',
|
||||
replace => true,
|
||||
}
|
||||
|
||||
file { '/etc/apt/apt.conf.d/90no-translations':
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0444',
|
||||
source => 'puppet:///modules/openstack_project/90no-translations',
|
||||
replace => true,
|
||||
}
|
||||
|
||||
file { '/etc/apt/preferences.d/00-puppet.pref':
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0444',
|
||||
content => template('openstack_project/00-puppet.pref.erb'),
|
||||
replace => true,
|
||||
}
|
||||
|
||||
file { '/etc/default/puppet':
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0444',
|
||||
source => 'puppet:///modules/openstack_project/puppet.default',
|
||||
replace => true,
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
if ($::operatingsystem == 'CentOS') {
|
||||
file { '/etc/yum.repos.d/puppetlabs.repo':
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0444',
|
||||
source => 'puppet:///modules/openstack_project/centos-puppetlabs.repo',
|
||||
replace => true,
|
||||
}
|
||||
file { '/etc/yum.conf':
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0444',
|
||||
source => 'puppet:///modules/openstack_project/yum.conf',
|
||||
replace => true,
|
||||
}
|
||||
}
|
||||
|
||||
$puppet_version = $pin_puppet
|
||||
file { '/etc/puppet/puppet.conf':
|
||||
ensure => present,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0444',
|
||||
content => template('openstack_project/puppet.conf.erb'),
|
||||
replace => true,
|
||||
}
|
||||
|
||||
service { 'puppet':
|
||||
ensure => stopped,
|
||||
}
|
||||
###########################################################
|
||||
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user