From baeb7fb4f9e0d48595f492d7a056ea3db87aeb96 Mon Sep 17 00:00:00 2001 From: Dmitry Nikishov Date: Tue, 26 Jan 2016 09:32:34 -0600 Subject: [PATCH] Introduced versioned cloud_config templates Since the non-root feature, targeted for 9.0, is going to require modification of cloud-config templates, it is reasonable to introduce versioned CC templates. Change-Id: I73548644df7e56a6b35660913e38f802d556f9c3 Blueprint: fuel-nonroot-openstack-nodes --- .../boothook_fuel_8.0_ubuntu.jinja2 | 99 +++++++++++++++++ .../cloud_config_fuel_6.1_ubuntu.jinja2 | 105 ++++++++++++++++++ .../cloud_config_fuel_7.0_ubuntu.jinja2 | 105 ++++++++++++++++++ .../cloud_config_fuel_8.0_ubuntu.jinja2 | 105 ++++++++++++++++++ 4 files changed, 414 insertions(+) create mode 100644 cloud-init-templates/boothook_fuel_8.0_ubuntu.jinja2 create mode 100644 cloud-init-templates/cloud_config_fuel_6.1_ubuntu.jinja2 create mode 100644 cloud-init-templates/cloud_config_fuel_7.0_ubuntu.jinja2 create mode 100644 cloud-init-templates/cloud_config_fuel_8.0_ubuntu.jinja2 diff --git a/cloud-init-templates/boothook_fuel_8.0_ubuntu.jinja2 b/cloud-init-templates/boothook_fuel_8.0_ubuntu.jinja2 new file mode 100644 index 0000000..b526f28 --- /dev/null +++ b/cloud-init-templates/boothook_fuel_8.0_ubuntu.jinja2 @@ -0,0 +1,99 @@ +#cloud-boothook +#!/bin/bash + +function add_str_to_file_if_not_exists { + file=$1 + str=$2 + val=$3 + if ! grep -q "^ *${str}" $file; then + echo $val >> $file + fi +} + +cloud-init-per instance wipe_sources_list_templates /bin/sh -c 'echo | tee /etc/cloud/templates/sources.list.ubuntu.tmpl' + +# configure udev rules + +# udev persistent net +cloud-init-per instance udev_persistent_net1 /etc/init.d/networking stop + +ADMIN_MAC={{ common.admin_mac }} +ADMIN_IF=$(echo {{ common.udevrules }} | sed 's/[,=]/\n/g' | grep "$ADMIN_MAC" | cut -d_ -f2 | head -1) +# Check if we do not already have static config (or interface seems unconfigured) +if [ ! -d "/etc/network/interfaces.d" ]; then + mkdir -p /etc/network/interfaces.d + echo 'source /etc/network/interfaces.d/*' > /etc/network/interfaces +fi +if [ ! -e "/etc/network/interfaces.d/ifcfg-$ADMIN_IF" ]; then + echo -e "auto $ADMIN_IF\niface $ADMIN_IF inet static\n\taddress {{ common.admin_ip }}\n\tnetmask {{ common.admin_mask }}\n\tgateway {{ common.gw }}" > /etc/network/interfaces.d/ifcfg-"$ADMIN_IF" +fi + +cloud-init-per instance udev_persistent_net5 /etc/init.d/networking start + +# end of udev + +#FIXME(agordeev): if operator updates dns settings on masternode after the node had been provisioned, +# cloud-init will start to generate resolv.conf with non-actual data +cloud-init-per instance resolv_conf_mkdir mkdir -p /etc/resolvconf/resolv.conf.d +cloud-init-per instance resolv_conf_remove rm -f /etc/resolv.conf +cloud-init-per instance resolv_conf_head_remove rm -f /etc/resolvconf/resolv.conf.d/head +cloud-init-per instance resolv_conf_header /bin/sh -c 'echo "# re-generated by cloud-init boothook only at the first boot;" | tee /etc/resolv.conf' +cloud-init-per instance resolv_conf_search /bin/sh -c 'echo "search {{ common.search_domain|replace('"','') }}" | tee -a /etc/resolv.conf' +cloud-init-per instance resolv_conf_domain /bin/sh -c 'echo "domain {{ common.search_domain|replace('"','') }}" | tee -a /etc/resolv.conf' +cloud-init-per instance resolv_conf_head_header /bin/sh -c 'echo "# re-generated by cloud-init boothook only at the first boot;" | tee /etc/resolvconf/resolv.conf.d/head' +cloud-init-per instance resolv_conf_head_search /bin/sh -c 'echo "search {{ common.search_domain|replace('"','') }}" | tee -a /etc/resolvconf/resolv.conf.d/head' +cloud-init-per instance resolv_conf_head_domain /bin/sh -c 'echo "domain {{ common.search_domain|replace('"','') }}" | tee -a /etc/resolvconf/resolv.conf.d/head' +cloud-init-per instance resolv_conf_nameserver /bin/sh -c 'echo nameserver {{ common.master_ip|replace('"','') }} | tee -a /etc/resolv.conf' +cloud-init-per instance resolv_conf_head_nameserver /bin/sh -c 'echo nameserver {{ common.master_ip|replace('"','') }} | tee -a /etc/resolvconf/resolv.conf.d/head' + +# configure black module lists +# virt-what should be installed +if [ ! -f /etc/modprobe.d/blacklist-i2c_piix4.conf ]; then + ( (virt-what | fgrep -q "virtualbox") && echo "blacklist i2c_piix4" >> /etc/modprobe.d/blacklist-i2c_piix4.conf || :) && update-initramfs -u -k all + modprobe -r i2c_piix4 +fi + +cloud-init-per instance conntrack_ipv4 /bin/sh -c 'echo nf_conntrack_ipv4 | tee -a /etc/modules' +cloud-init-per instance conntrack_ipv6 /bin/sh -c 'echo nf_conntrack_ipv6 | tee -a /etc/modules' +cloud-init-per instance conntrack_proto_gre /bin/sh -c 'echo nf_conntrack_proto_gre | tee -a /etc/modules' +cloud-init-per instance conntrack_max /bin/sh -c 'echo "net.nf_conntrack_max=1048576" | tee -a /etc/sysctl.conf' +cloud-init-per instance kernel_panic /bin/sh -c 'echo "kernel.panic=60" | tee -a /etc/sysctl.conf' + +cloud-init-per instance conntrack_ipv4_load modprobe nf_conntrack_ipv4 +cloud-init-per instance conntrack_ipv6_load modprobe nf_conntrack_ipv6 +cloud-init-per instance conntrack_proto_gre_load modprobe nf_conntrack_proto_gre +cloud-init-per instance conntrack_max_set sysctl -w "net.nf_conntrack_max=1048576" +cloud-init-per instance kernel_panic_set sysctl -w "kernel.panic=60" + +cloud-init-per instance dhclient /bin/sh -c 'echo "supersede routers 0;" | tee /etc/dhcp/dhclient.conf' + +# ntp sync +# '| tee /dev/null' is needed for returning zero execution code always +cloud-init-per instance stop_ntp /bin/sh -c 'service ntp stop | tee /dev/null' +cloud-init-per instance sync_date ntpdate -t 4 -b {{ common.master_ip }} +cloud-init-per instance sync_hwclock hwclock --systohc + +cloud-init-per instance edit_ntp_conf1 sed -i '/^\s*tinker panic/ d' /etc/ntp.conf +cloud-init-per instance edit_ntp_conf2 sed -i '1 i tinker panic 0' /etc/ntp.conf +cloud-init-per instance edit_ntp_conf_mkdir mkdir -p /var/lib/ntp +cloud-init-per instance edit_ntp_conf_chown_dir chown ntp: /var/lib/ntp +cloud-init-per instance edit_ntp_conf3 /bin/sh -c 'echo 0 | tee /var/lib/ntp/ntp.drift' +cloud-init-per instance edit_ntp_conf_chown_drift chown ntp: /var/lib/ntp/ntp.drift +cloud-init-per instance edit_ntp_conf4 sed -i '/^\s*server/ d' /etc/ntp.conf +cloud-init-per instance edit_ntp_conf5 /bin/sh -c 'echo "server {{ common.master_ip }} burst iburst" | tee -a /etc/ntp.conf' +cloud-init-per instance start_ntp service ntp start + +cloud-init-per instance removeUseDNS sed -i --follow-symlinks -e '/UseDNS/d' /etc/ssh/sshd_config +add_str_to_file_if_not_exists /etc/ssh/sshd_config 'UseDNS' 'UseDNS no' + +cloud-init-per instance gssapi_disable sed -i -e "/^\s*GSSAPICleanupCredentials yes/d" -e "/^\s*GSSAPIAuthentication yes/d" /etc/ssh/sshd_config + +cloud-init-per instance nailgun_agent_0 /bin/sh -c 'echo "rm -f /etc/nailgun-agent/nodiscover" | tee /etc/rc.local' +cloud-init-per instance nailgun_agent_1 /bin/sh -c 'echo "flock -w 0 -o /var/lock/agent.lock -c \"/usr/bin/nailgun-agent >> /var/log/nailgun-agent.log 2>&1\"" | tee -a /etc/rc.local' + +# Copying default bash settings to the root directory +cloud-init-per instance skel_bash cp -f /etc/skel/.bash* /root/ + +cloud-init-per instance hiera_puppet mkdir -p /etc/puppet /var/lib/hiera +cloud-init-per instance touch_puppet touch /var/lib/hiera/common.yaml /etc/puppet/hiera.yaml /var/log/puppet.log +cloud-init-per instance chmod_puppet chmod 600 /var/log/puppet.log diff --git a/cloud-init-templates/cloud_config_fuel_6.1_ubuntu.jinja2 b/cloud-init-templates/cloud_config_fuel_6.1_ubuntu.jinja2 new file mode 100644 index 0000000..757c959 --- /dev/null +++ b/cloud-init-templates/cloud_config_fuel_6.1_ubuntu.jinja2 @@ -0,0 +1,105 @@ +#cloud-config +resize_rootfs: false +growpart: + mode: false +disable_ec2_metadata: true +disable_root: false +user: root +password: r00tme +chpasswd: { expire: false } +ssh_pwauth: false +ssh_authorized_keys: +{% for key in common.ssh_auth_keys %} + - {{ key }} +{% endfor %} + +# set the locale to a given locale +# default: en_US.UTF-8 +locale: en_US.UTF-8 + +timezone: {{ common.timezone }} + +hostname: {{ common.hostname }} +fqdn: {{ common.fqdn }} + + +# add entries to rsyslog configuration +rsyslog: + - filename: 10-log2master.conf + content: | + $template LogToMaster, "<%PRI%>1 %$NOW%T%TIMESTAMP:8:$%Z %HOSTNAME% %APP-NAME% %PROCID% %MSGID% -%msg%\n" + *.* @{{ common.master_ip }};LogToMaster + + +# that module's missing in 0.6.3, but existent for >= 0.7.3 +write_files: + - content: | + --- + url: {{ common.master_url }} + path: /etc/nailgun-agent/config.yaml + - content: target + path: /etc/nailgun_systemtype + +mcollective: + conf: + main_collective: mcollective + collectives: mcollective + libdir: /usr/share/mcollective/plugins + logfile: /var/log/mcollective.log + loglevel: debug + daemonize: 0 + direct_addressing: 1 + ttl: 4294957 + securityprovider: psk + plugin.psk: {{ mcollective.pskey }} + identity: {{ mcollective.identity }} +{% if mcollective.connector == 'stomp' %} + connector = stomp + plugin.stomp.host: {{ mcollective.host }} + plugin.stomp.port: {{ mcollective.port|default(61613) }} + plugin.stomp.user: {{ mcollective.user }} + plugin.stomp.password: {{ mcollective.password }} +{% else %} + connector: rabbitmq + plugin.rabbitmq.vhost: {{ mcollective.vhost }} + plugin.rabbitmq.pool.size: 1 + plugin.rabbitmq.pool.1.host: {{ mcollective.host }} + plugin.rabbitmq.pool.1.port: {{ mcollective.port|default(61613) }} + plugin.rabbitmq.pool.1.user: {{ mcollective.user }} + plugin.rabbitmq.pool.1.password: {{ mcollective.password }} + plugin.rabbitmq.heartbeat_interval: 30 +{% endif %} + factsource: yaml + plugin.yaml: /etc/mcollective/facts.yaml + +puppet: + conf: + main: + logdir: /var/log/puppet + rundir: /var/run/puppet + ssldir: $vardir/ssl + pluginsync: true + prerun_command: /bin/true + postrun_command: /bin/true + agent: + classfile: $vardir/classes.txt + localconfig: $vardir/localconfig + server: {{ puppet.master }} + report: false + configtimeout: 600 + +runcmd: +{% if puppet.enable != 1 %} + - /usr/sbin/invoke-rc.d puppet stop + - /usr/sbin/update-rc.d -f puppet remove +{% endif %} +{% if mcollective.enable != 1 %} + - /usr/sbin/invoke-rc.d mcollective stop + - echo manual > /etc/init/mcollective.override +{% else %} + - rm -f /etc/init/mcollective.override +{% endif %} + - iptables -t filter -F INPUT + - iptables -t filter -F FORWARD + +final_message: "YAY! The system is finally up, after $UPTIME seconds" diff --git a/cloud-init-templates/cloud_config_fuel_7.0_ubuntu.jinja2 b/cloud-init-templates/cloud_config_fuel_7.0_ubuntu.jinja2 new file mode 100644 index 0000000..757c959 --- /dev/null +++ b/cloud-init-templates/cloud_config_fuel_7.0_ubuntu.jinja2 @@ -0,0 +1,105 @@ +#cloud-config +resize_rootfs: false +growpart: + mode: false +disable_ec2_metadata: true +disable_root: false +user: root +password: r00tme +chpasswd: { expire: false } +ssh_pwauth: false +ssh_authorized_keys: +{% for key in common.ssh_auth_keys %} + - {{ key }} +{% endfor %} + +# set the locale to a given locale +# default: en_US.UTF-8 +locale: en_US.UTF-8 + +timezone: {{ common.timezone }} + +hostname: {{ common.hostname }} +fqdn: {{ common.fqdn }} + + +# add entries to rsyslog configuration +rsyslog: + - filename: 10-log2master.conf + content: | + $template LogToMaster, "<%PRI%>1 %$NOW%T%TIMESTAMP:8:$%Z %HOSTNAME% %APP-NAME% %PROCID% %MSGID% -%msg%\n" + *.* @{{ common.master_ip }};LogToMaster + + +# that module's missing in 0.6.3, but existent for >= 0.7.3 +write_files: + - content: | + --- + url: {{ common.master_url }} + path: /etc/nailgun-agent/config.yaml + - content: target + path: /etc/nailgun_systemtype + +mcollective: + conf: + main_collective: mcollective + collectives: mcollective + libdir: /usr/share/mcollective/plugins + logfile: /var/log/mcollective.log + loglevel: debug + daemonize: 0 + direct_addressing: 1 + ttl: 4294957 + securityprovider: psk + plugin.psk: {{ mcollective.pskey }} + identity: {{ mcollective.identity }} +{% if mcollective.connector == 'stomp' %} + connector = stomp + plugin.stomp.host: {{ mcollective.host }} + plugin.stomp.port: {{ mcollective.port|default(61613) }} + plugin.stomp.user: {{ mcollective.user }} + plugin.stomp.password: {{ mcollective.password }} +{% else %} + connector: rabbitmq + plugin.rabbitmq.vhost: {{ mcollective.vhost }} + plugin.rabbitmq.pool.size: 1 + plugin.rabbitmq.pool.1.host: {{ mcollective.host }} + plugin.rabbitmq.pool.1.port: {{ mcollective.port|default(61613) }} + plugin.rabbitmq.pool.1.user: {{ mcollective.user }} + plugin.rabbitmq.pool.1.password: {{ mcollective.password }} + plugin.rabbitmq.heartbeat_interval: 30 +{% endif %} + factsource: yaml + plugin.yaml: /etc/mcollective/facts.yaml + +puppet: + conf: + main: + logdir: /var/log/puppet + rundir: /var/run/puppet + ssldir: $vardir/ssl + pluginsync: true + prerun_command: /bin/true + postrun_command: /bin/true + agent: + classfile: $vardir/classes.txt + localconfig: $vardir/localconfig + server: {{ puppet.master }} + report: false + configtimeout: 600 + +runcmd: +{% if puppet.enable != 1 %} + - /usr/sbin/invoke-rc.d puppet stop + - /usr/sbin/update-rc.d -f puppet remove +{% endif %} +{% if mcollective.enable != 1 %} + - /usr/sbin/invoke-rc.d mcollective stop + - echo manual > /etc/init/mcollective.override +{% else %} + - rm -f /etc/init/mcollective.override +{% endif %} + - iptables -t filter -F INPUT + - iptables -t filter -F FORWARD + +final_message: "YAY! The system is finally up, after $UPTIME seconds" diff --git a/cloud-init-templates/cloud_config_fuel_8.0_ubuntu.jinja2 b/cloud-init-templates/cloud_config_fuel_8.0_ubuntu.jinja2 new file mode 100644 index 0000000..757c959 --- /dev/null +++ b/cloud-init-templates/cloud_config_fuel_8.0_ubuntu.jinja2 @@ -0,0 +1,105 @@ +#cloud-config +resize_rootfs: false +growpart: + mode: false +disable_ec2_metadata: true +disable_root: false +user: root +password: r00tme +chpasswd: { expire: false } +ssh_pwauth: false +ssh_authorized_keys: +{% for key in common.ssh_auth_keys %} + - {{ key }} +{% endfor %} + +# set the locale to a given locale +# default: en_US.UTF-8 +locale: en_US.UTF-8 + +timezone: {{ common.timezone }} + +hostname: {{ common.hostname }} +fqdn: {{ common.fqdn }} + + +# add entries to rsyslog configuration +rsyslog: + - filename: 10-log2master.conf + content: | + $template LogToMaster, "<%PRI%>1 %$NOW%T%TIMESTAMP:8:$%Z %HOSTNAME% %APP-NAME% %PROCID% %MSGID% -%msg%\n" + *.* @{{ common.master_ip }};LogToMaster + + +# that module's missing in 0.6.3, but existent for >= 0.7.3 +write_files: + - content: | + --- + url: {{ common.master_url }} + path: /etc/nailgun-agent/config.yaml + - content: target + path: /etc/nailgun_systemtype + +mcollective: + conf: + main_collective: mcollective + collectives: mcollective + libdir: /usr/share/mcollective/plugins + logfile: /var/log/mcollective.log + loglevel: debug + daemonize: 0 + direct_addressing: 1 + ttl: 4294957 + securityprovider: psk + plugin.psk: {{ mcollective.pskey }} + identity: {{ mcollective.identity }} +{% if mcollective.connector == 'stomp' %} + connector = stomp + plugin.stomp.host: {{ mcollective.host }} + plugin.stomp.port: {{ mcollective.port|default(61613) }} + plugin.stomp.user: {{ mcollective.user }} + plugin.stomp.password: {{ mcollective.password }} +{% else %} + connector: rabbitmq + plugin.rabbitmq.vhost: {{ mcollective.vhost }} + plugin.rabbitmq.pool.size: 1 + plugin.rabbitmq.pool.1.host: {{ mcollective.host }} + plugin.rabbitmq.pool.1.port: {{ mcollective.port|default(61613) }} + plugin.rabbitmq.pool.1.user: {{ mcollective.user }} + plugin.rabbitmq.pool.1.password: {{ mcollective.password }} + plugin.rabbitmq.heartbeat_interval: 30 +{% endif %} + factsource: yaml + plugin.yaml: /etc/mcollective/facts.yaml + +puppet: + conf: + main: + logdir: /var/log/puppet + rundir: /var/run/puppet + ssldir: $vardir/ssl + pluginsync: true + prerun_command: /bin/true + postrun_command: /bin/true + agent: + classfile: $vardir/classes.txt + localconfig: $vardir/localconfig + server: {{ puppet.master }} + report: false + configtimeout: 600 + +runcmd: +{% if puppet.enable != 1 %} + - /usr/sbin/invoke-rc.d puppet stop + - /usr/sbin/update-rc.d -f puppet remove +{% endif %} +{% if mcollective.enable != 1 %} + - /usr/sbin/invoke-rc.d mcollective stop + - echo manual > /etc/init/mcollective.override +{% else %} + - rm -f /etc/init/mcollective.override +{% endif %} + - iptables -t filter -F INPUT + - iptables -t filter -F FORWARD + +final_message: "YAY! The system is finally up, after $UPTIME seconds"