system-config/modules/releasestatus/manifests/init.pp
Jeremy Stanley 38961a4236 Force releasestatus to use IPv4 for SSH to Gerrit.
At random, some hosts within Rackspace refuse to send IPv6 packets
with DSCP marker 0x10 (lowdelay). This is the default behavior of
recent OpenSSH servers and clients, and results in SSH sessions
hanging on these hosts. When static.openstack.org was rebuilt a few
months ago, we did not immediately realize it suffered from this
problem as Rackspace thought they'd fixed the issue previously. We
have an open trouble ticket with them for the past several months to
get it addressed properly, but have no resolution yet. In the
meantime, we have this lovely workaround...

* modules/releasestatus/files/ssh_config: New SSH config file forces
IPv4 when connecting to review.openstack.org from the releasestatus
account.

* modules/releasestatus/manifests/init.pp: Installs the new SSH
config file.

Change-Id: I2968fc00750e3a5a23c08a3007318fd2e336b251
Reviewed-on: https://review.openstack.org/30944
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: Elizabeth Krumbach Joseph <lyz@princessleia.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
2013-05-30 21:02:54 +00:00

121 lines
3.3 KiB
Puppet

# Copyright 2013 Thierry Carrez
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Class: releasestatus
#
class releasestatus (
$releasestatus_prvkey_contents = '',
$releasestatus_pubkey_contents = '',
$releasestatus_gerrit_ssh_key = '',
) {
if ! defined(Package['python-launchpadlib']) {
package { 'python-launchpadlib':
ensure => present,
}
}
if ! defined(Package['python-jinja2']) {
package { 'python-jinja2':
ensure => present,
}
}
if ! defined(Package['python-yaml']) {
package { 'python-yaml':
ensure => present,
}
}
group { 'releasestatus':
ensure => present,
}
user { 'releasestatus':
ensure => present,
home => '/var/lib/releasestatus',
shell => '/bin/bash',
gid => 'releasestatus',
managehome => true,
require => Group['releasestatus'],
}
file { '/var/lib/releasestatus':
ensure => directory,
owner => 'releasestatus',
group => 'releasestatus',
mode => '0755',
require => User['releasestatus'],
}
file { '/var/lib/releasestatus/.ssh/':
ensure => directory,
owner => 'releasestatus',
group => 'releasestatus',
mode => '0700',
require => File['/var/lib/releasestatus'],
}
if $releasestatus_prvkey_contents != '' {
file { '/var/lib/releasestatus/.ssh/id_rsa':
owner => 'releasestatus',
group => 'releasestatus',
mode => '0600',
content => $releasestatus_prvkey_contents,
replace => true,
require => File['/var/lib/releasestatus/.ssh/']
}
}
if $releasestatus_pubkey_contents != '' {
file { '/var/lib/releasestatus/.ssh/id_rsa.pub':
owner => 'releasestatus',
group => 'releasestatus',
mode => '0600',
content => $releasestatus_pubkey_contents,
replace => true,
require => File['/var/lib/releasestatus/.ssh/']
}
}
if $releasestatus_gerrit_ssh_key != '' {
file { '/var/lib/releasestatus/.ssh/known_hosts':
owner => 'releasestatus',
group => 'releasestatus',
mode => '0600',
content => "review.openstack.org ${releasestatus_gerrit_ssh_key}",
replace => true,
require => File['/var/lib/releasestatus/.ssh/']
}
}
file { '/var/lib/releasestatus/.ssh/config':
owner => 'releasestatus',
group => 'releasestatus',
mode => '0600',
source => 'puppet:///modules/releasestatus/ssh_config',
replace => true,
require => File['/var/lib/releasestatus/.ssh/']
}
vcsrepo { '/var/lib/releasestatus/releasestatus':
ensure => latest,
provider => git,
source => 'https://github.com/openstack-infra/releasestatus.git',
revision => 'master',
require => File['/var/lib/releasestatus'],
}
}
# vim:sw=2:ts=2:expandtab:textwidth=79