7699226007
We have a set of hostname patterns which is not a thing that ansible supports in inventory files. While we can put hostname patterns into playbooks directly, that does not help us with copying hiera group files since ansible doesn't know about the groups in site.pp and puppet doesn't know about the ansible groups. Instead, do a quick expansion any time the groups.txt file changes and at the end of launch-node. It will be left to admins to run expand-groups.sh whenever they delete a node. Change-Id: I00c60748ddb2d35a3b98f78d828dabebcf065118
Create Server ============= Note that these instructions assume you're working from this directory on an updated local clone of the repository on the puppetmaster, and that your account is a member of the admin and puppet groups for access to their respective keys:: sudo adduser $(whoami) admin sudo adduser $(whoami) puppet (Remember to log out and back into your shell if you add yourself to a group.) To launch a node in the OpenStack CI account (production servers):: . ~root/ci-launch/openstackci-rs-nova.sh export FLAVOR="8 GB Performance" export FQDN=servername.openstack.org sudo puppet cert generate $FQDN cd /opt/system-config/production/launch/ ./launch-node.py $FQDN --flavor "$FLAVOR" To launch a node in the OpenStack Jenkins account (slave nodes):: . ~root/ci-launch/openstackjenkins-rs-nova.sh export FQDN=slavename.slave.openstack.org nova image-list export IMAGE='Ubuntu 12.04 LTS (Precise Pangolin) (PVHVM)' nova flavor-list export FLAVOR="8 GB Performance" sudo puppet cert generate $FQDN ./launch-node.py $FQDN --image "$IMAGE" --flavor "$FLAVOR" If you are launching a replacement server, you may skip the generate step and specify the name of an existing puppet cert (as long as the private key is on this host). The server name and cert names may be different and the latter can be specified with --cert if needed, but launch-node.py will assume they are the same unless specified. Manually add the hostname to DNS (the launch script does not do so automatically). Note that this example assumes you've already exported a relevant FQDN and sourced the appropriate API credentials above. When running outside the official OpenStack CI infrastructure, you will want to pass --server puppetmaster.example.com otherwise the new node wil try to register with puppetmaster.openstack.org - and fail hilariously. In order for Ansible to be able to send out the Puppet updates, you also need the puppetmaster to accept the root SSH key for the new server. So as root on the puppetmaster: ssh root@$FQDN Verify the fingerprint of the new server and type "yes" to accept. Then you can log out. Add DNS Records =============== There are no scripts to automatically handle DNS at the moment due to a lack of library support for the new Rackspace Cloud DNS (with IPv6). However, the launch-node script will print the commands needed to be run to configure DNS for a newly launched server. To see the commands for an existing server, run: ./dns.py $FQDN