From f6ae3e6b7bf96a74c4bf4c423405d005619ec004 Mon Sep 17 00:00:00 2001 From: Monty Taylor Date: Sun, 5 Aug 2012 13:02:21 -0500 Subject: [PATCH] Use puppetmaster for slaves. Use puppet agent --test for puppet cron. We don't need the private ssh or gpg key on the slaves anymore. We do need the glance testing stuff, so stick that into hiera. Change-Id: If94fc3f150bf569efe9461f80d3565f9825eebce Reviewed-on: https://review.openstack.org/10851 Approved: Monty Taylor Reviewed-by: Monty Taylor Tested-by: Jenkins --- manifests/site.pp | 30 ++++++++-- modules/jenkins/manifests/jenkinsuser.pp | 57 ------------------- .../openstack_project/manifests/bare_slave.pp | 7 ++- modules/openstack_project/manifests/base.pp | 2 +- .../openstack_project/manifests/glancetest.pp | 41 +++++++++++++ .../manifests/puppet_cron.pp | 2 +- modules/openstack_project/manifests/server.pp | 8 ++- modules/openstack_project/manifests/slave.pp | 7 ++- .../openstack_project/manifests/template.pp | 6 +- .../templates/glance_s3.conf.erb | 49 ++++++++++++++++ .../templates/glance_swift.conf.erb | 45 +++++++++++++++ .../templates/puppet.conf.erb | 2 +- 12 files changed, 184 insertions(+), 72 deletions(-) create mode 100644 modules/openstack_project/manifests/glancetest.pp create mode 100644 modules/openstack_project/templates/glance_s3.conf.erb create mode 100644 modules/openstack_project/templates/glance_swift.conf.erb diff --git a/manifests/site.pp b/manifests/site.pp index 04fd9e5f07..4746f0d81a 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -120,7 +120,17 @@ node /^ci-backup-.*\.openstack\.org$/ { # Rollout cgroups to precise slaves. node /^precise.*\.slave\.openstack\.org$/ { include openstack_project::puppet_cron - include openstack_project::slave + class { 'openstack_project::slave': + certname => 'precise.slave.openstack.org', + } + class { 'openstack_project::glancetest': + s3_store_access_key => hiera('s3_store_access_key'), + s3_store_secret_key => hiera('s3_store_secret_key'), + s3_store_secret_key => hiera('s3_store_bucket'), + swift_store_user => hiera('swift_store_user'), + swift_store_key => hiera('swift_store_key'), + swift_store_container => hiera('swift_store_container'), + } include ulimit ulimit::conf { 'limit_jenkins_procs': @@ -132,11 +142,23 @@ node /^precise.*\.slave\.openstack\.org$/ { include jenkins::cgroups } -node /^.*\.slave\.openstack\.org$/ { +node /^oneiric.*\.slave\.openstack\.org$/ { include openstack_project::puppet_cron - include openstack_project::slave + class { 'openstack_project::slave': + certname => 'oneiric.slave.openstack.org', + } + class { 'openstack_project::glancetest': + s3_store_access_key => hiera('s3_store_access_key'), + s3_store_secret_key => hiera('s3_store_secret_key'), + s3_store_secret_key => hiera('s3_store_bucket'), + swift_store_user => hiera('swift_store_user'), + swift_store_key => hiera('swift_store_key'), + swift_store_container => hiera('swift_store_container'), + } } node /^.*\.jclouds\.openstack\.org$/ { - include openstack_project::bare_slave + class { 'openstack_project::bare_slave': + certname => 'jclouds.openstack.org', + } } diff --git a/modules/jenkins/manifests/jenkinsuser.pp b/modules/jenkins/manifests/jenkinsuser.pp index 226addc8cd..89af893df8 100644 --- a/modules/jenkins/manifests/jenkinsuser.pp +++ b/modules/jenkins/manifests/jenkinsuser.pp @@ -125,18 +125,6 @@ class jenkins::jenkinsuser($ensure = present, $sudo = false, $ssh_key) { ], } - file { 'jenkinssshkey': - name => '/home/jenkins/.ssh/id_rsa', - owner => 'jenkins', - group => 'jenkins', - mode => 600, - ensure => 'present', - require => File['jenkinssshdir'], - source => [ - "puppet:///modules/jenkins/slave_private_key", - ], - } - file { 'jenkinsgpgdir': name => '/home/jenkins/.gnupg', owner => 'jenkins', @@ -158,18 +146,6 @@ class jenkins::jenkinsuser($ensure = present, $sudo = false, $ssh_key) { ], } - file { 'jenkinssecring': - name => '/home/jenkins/.gnupg/secring.gpg', - owner => 'jenkins', - group => 'jenkins', - mode => 600, - ensure => 'present', - require => File['jenkinsgpgdir'], - source => [ - "puppet:///modules/jenkins/slave_gpg_key", - ], - } - file { 'jenkinsconfigdir': name => '/home/jenkins/.config', owner => 'jenkins', @@ -179,39 +155,6 @@ class jenkins::jenkinsuser($ensure = present, $sudo = false, $ssh_key) { require => File['jenkinshome'], } - file { 'jenkinsglanceconfigdir': - name => '/home/jenkins/.config/glance', - owner => 'jenkins', - group => 'jenkins', - mode => 700, - ensure => 'directory', - require => File['jenkinsconfigdir'], - } - - file { 'glances3conf': - name => '/home/jenkins/.config/glance/s3.conf', - owner => 'jenkins', - group => 'jenkins', - mode => 400, - ensure => 'present', - require => File['jenkinsglanceconfigdir'], - source => [ - "puppet:///modules/jenkins/glance_s3.conf", - ], - } - - file { 'glanceswiftconf': - name => '/home/jenkins/.config/glance/swift.conf', - owner => 'jenkins', - group => 'jenkins', - mode => 400, - ensure => 'present', - require => File['jenkinsglanceconfigdir'], - source => [ - "puppet:///modules/jenkins/glance_swift.conf", - ], - } - } diff --git a/modules/openstack_project/manifests/bare_slave.pp b/modules/openstack_project/manifests/bare_slave.pp index 740c8cd1ec..77e332d631 100644 --- a/modules/openstack_project/manifests/bare_slave.pp +++ b/modules/openstack_project/manifests/bare_slave.pp @@ -1,8 +1,11 @@ # bare-bones slaves spun up by jclouds. Specifically need to not set ssh # login limits, because it screws up jclouds provisioning -class openstack_project::bare_slave($install_users=true) { +class openstack_project::bare_slave( + $install_users=true, + $certname=$fqdn) { class { 'openstack_project::base': - install_users => $install_users + install_users => $install_users, + certname => $certname, } class { 'jenkins::slave': diff --git a/modules/openstack_project/manifests/base.pp b/modules/openstack_project/manifests/base.pp index d6ced969ff..db27eb3cfe 100644 --- a/modules/openstack_project/manifests/base.pp +++ b/modules/openstack_project/manifests/base.pp @@ -1,4 +1,4 @@ -class openstack_project::base($install_users=true) { +class openstack_project::base($install_users=true, $certname=$fqdn) { include openstack_project::users include sudoers diff --git a/modules/openstack_project/manifests/glancetest.pp b/modules/openstack_project/manifests/glancetest.pp new file mode 100644 index 0000000000..845291d42d --- /dev/null +++ b/modules/openstack_project/manifests/glancetest.pp @@ -0,0 +1,41 @@ +class openstack_project::glancetest( + $s3_store_host="s3.amazonaws.com", + $s3_store_access_key, + $s3_store_secret_key, + $s3_store_bucket, + $swift_store_auth_address="auth.api.rackspacecloud.com/v1.0/", + $swift_store_user, + $swift_store_key, + $swift_store_container, + ) { + + file { 'jenkinsglanceconfigdir': + name => '/home/jenkins/.config/glance', + owner => 'jenkins', + group => 'jenkins', + mode => 700, + ensure => 'directory', + require => Class['::jenkins::jenkinsuser'], + } + + file { 'glances3conf': + name => '/home/jenkins/.config/glance/s3.conf', + owner => 'jenkins', + group => 'jenkins', + mode => 400, + ensure => 'present', + require => File['jenkinsglanceconfigdir'], + content => template('jenkins/glance_s3.conf.erb'), + } + + file { 'glanceswiftconf': + name => '/home/jenkins/.config/glance/swift.conf', + owner => 'jenkins', + group => 'jenkins', + mode => 400, + ensure => 'present', + require => File['jenkinsglanceconfigdir'], + content => template('jenkins/glance_swift.conf.erb'), + } + +} diff --git a/modules/openstack_project/manifests/puppet_cron.pp b/modules/openstack_project/manifests/puppet_cron.pp index acb8317f56..429b030422 100644 --- a/modules/openstack_project/manifests/puppet_cron.pp +++ b/modules/openstack_project/manifests/puppet_cron.pp @@ -8,7 +8,7 @@ class openstack_project::puppet_cron($ensure=present) { ensure => $ensure, user => root, minute => "*/15", - command => 'apt-get update >/dev/null 2>&1 ; sleep $((RANDOM\%600)) && /bin/bash /root/openstack-ci-puppet/run_puppet.sh /root/openstack-ci-puppet', + command => 'apt-get update >/dev/null 2>&1 ; sleep $((RANDOM\%600)) && puppet agent --test --logdest /var/log/manifest.log', environment => "PATH=/var/lib/gems/1.8/bin:/usr/bin:/bin:/usr/sbin:/sbin", } logrotate::file { 'updatepuppet': diff --git a/modules/openstack_project/manifests/server.pp b/modules/openstack_project/manifests/server.pp index 3bcd4e048d..3c5e1e944a 100644 --- a/modules/openstack_project/manifests/server.pp +++ b/modules/openstack_project/manifests/server.pp @@ -1,8 +1,12 @@ # A server that we expect to run for some time -class openstack_project::server ($iptables_public_tcp_ports = []) { +class openstack_project::server ( + $iptables_public_tcp_ports = [], + $certname=$fqdn + ) { include openstack_project class { 'openstack_project::template': - iptables_public_tcp_ports => $iptables_public_tcp_ports + iptables_public_tcp_ports => $iptables_public_tcp_ports, + certname => $certname, } class { 'exim': sysadmin => $openstack_project::sysadmins diff --git a/modules/openstack_project/manifests/slave.pp b/modules/openstack_project/manifests/slave.pp index 9ed7c8bd73..0ac4aae295 100644 --- a/modules/openstack_project/manifests/slave.pp +++ b/modules/openstack_project/manifests/slave.pp @@ -1,9 +1,12 @@ -class openstack_project::slave { +class openstack_project::slave( + $certname=$fqdn + ) { include openstack_project include tmpreaper include unattended_upgrades class { 'openstack_project::server': - iptables_public_tcp_ports => [] + iptables_public_tcp_ports => [], + certname => $cername, } class { 'jenkins::slave': ssh_key => $openstack_project::jenkins_ssh_key diff --git a/modules/openstack_project/manifests/template.pp b/modules/openstack_project/manifests/template.pp index aeb3eccfdd..5a0fa26d5a 100644 --- a/modules/openstack_project/manifests/template.pp +++ b/modules/openstack_project/manifests/template.pp @@ -1,7 +1,8 @@ # A template host with no running services class openstack_project::template ( $iptables_public_tcp_ports, - $install_users = true + $install_users = true, + $certname = $fqdn ) { include ntp include ssh @@ -12,6 +13,7 @@ class openstack_project::template ( public_tcp_ports => $iptables_public_tcp_ports, } class { 'openstack_project::base': - install_users => $install_users + install_users => $install_users, + certname => $certname, } } diff --git a/modules/openstack_project/templates/glance_s3.conf.erb b/modules/openstack_project/templates/glance_s3.conf.erb new file mode 100644 index 0000000000..0f159b1ece --- /dev/null +++ b/modules/openstack_project/templates/glance_s3.conf.erb @@ -0,0 +1,49 @@ +[DEFAULT] +# Which backend store should Glance use by default is not specified +# in a request to add a new image to Glance? Default: 'file' +# Available choices are 'file', 'swift', and 's3' +default_store = s3 + +# ============ S3 Store Options ============================= + +# Address where the S3 authentication service lives +s3_store_host = <%= s3_store_host %> + +# User to authenticate against the S3 authentication service +s3_store_access_key = <%= s3_store_access_key %> + +# Auth key for the user authenticating against the +# S3 authentication service +s3_store_secret_key = <%= s3_store_secret_key %> + +# Container within the account that the account should use +# for storing images in S3. Note that S3 has a flat namespace, +# so you need a unique bucket name for your glance images. An +# easy way to do this is append your AWS access key to "glance". +# S3 buckets in AWS *must* be lowercased, so remember to lowercase +# your AWS access key if you use it in your bucket name below! +s3_store_bucket = <%= s3_store_bucket %> + +# Do we create the bucket if it does not exist? +s3_store_create_bucket_on_put = True + +[pipeline:glance-api] +pipeline = versionnegotiation context apiv1app + +[pipeline:versions] +pipeline = versionsapp + +[app:versionsapp] +paste.app_factory = glance.api.versions:app_factory + +[app:apiv1app] +paste.app_factory = glance.api.v1:app_factory + +[filter:versionnegotiation] +paste.filter_factory = glance.api.middleware.version_negotiation:filter_factory + +[filter:imagecache] +paste.filter_factory = glance.api.middleware.image_cache:filter_factory + +[filter:context] +paste.filter_factory = glance.common.context:filter_factory diff --git a/modules/openstack_project/templates/glance_swift.conf.erb b/modules/openstack_project/templates/glance_swift.conf.erb new file mode 100644 index 0000000000..9c73f8a5a4 --- /dev/null +++ b/modules/openstack_project/templates/glance_swift.conf.erb @@ -0,0 +1,45 @@ +[DEFAULT] +# Which backend store should Glance use by default is not specified +# in a request to add a new image to Glance? Default: 'file' +# Available choices are 'file', 'swift', and 's3' +default_store = swift + +# ============ Swift Store Options ============================= + +# Address where the Swift authentication service lives +swift_store_auth_address = <%= swift_store_auth_address %> + +# User to authenticate against the Swift authentication service +swift_store_user = <%= swift_store_user %> + +# Auth key for the user authenticating against the +# Swift authentication service +swift_store_key = <%= swift_store_key %> + +# Container within the account that the account should use +# for storing images in Swift +swift_store_container = <%= swift_store_container %> + +# Do we create the container if it does not exist? +swift_store_create_container_on_put = False + +[pipeline:glance-api] +pipeline = versionnegotiation context apiv1app + +[pipeline:versions] +pipeline = versionsapp + +[app:versionsapp] +paste.app_factory = glance.api.versions:app_factory + +[app:apiv1app] +paste.app_factory = glance.api.v1:app_factory + +[filter:versionnegotiation] +paste.filter_factory = glance.api.middleware.version_negotiation:filter_factory + +[filter:imagecache] +paste.filter_factory = glance.api.middleware.image_cache:filter_factory + +[filter:context] +paste.filter_factory = glance.common.context:filter_factory diff --git a/modules/openstack_project/templates/puppet.conf.erb b/modules/openstack_project/templates/puppet.conf.erb index 0fa7606484..1c01e9ef66 100644 --- a/modules/openstack_project/templates/puppet.conf.erb +++ b/modules/openstack_project/templates/puppet.conf.erb @@ -6,7 +6,7 @@ rundir=/var/run/puppet factpath=$vardir/lib/facter templatedir=$confdir/templates server=ci-puppetmaster.openstack.org -certname=<%= fqdn %> +certname=<%= certname %> pluginsync=true [master]