From 6d351b90675df7ae40eb04d52a1003703550d5b7 Mon Sep 17 00:00:00 2001 From: Nikolay Mahotkin Date: Thu, 21 Apr 2016 15:15:42 +0300 Subject: [PATCH] Fixing Nodepool app * Adding credentials configuration to Jenkins app * Fixed nodepool configuration * Added retrieving API token from Jenkins * Providing parameters for configuration of OpenStack cloud * Fixed providing public and private keys to nodepool nodes Change-Id: I5c8be834f33870b9733df0041e96ffe94a9618b4 --- .../Jenkins/package/Classes/Jenkins.yaml | 11 ++++ .../Resources/ConfigureCredentials.template | 19 +++++++ .../scripts/configure_credentials.pp | 4 ++ .../scripts/configure_credentials.sh | 10 ++++ .../files/credentials.xml | 22 ++++++++ .../configure_credentials/manifests/init.pp | 15 +++++ .../package/Resources/scripts/deploy.sh | 1 - .../Nodepool/package/Classes/Nodepool.yaml | 56 ++++++++++++++++++- .../package/Resources/DeployNodepool.template | 7 +-- .../package/Resources/get_api_token.sh | 24 ++++++++ .../Resources/scripts/deploy_nodepool.sh | 8 +-- .../package/Resources/scripts/gen_rsa_key.sh | 14 ----- .../nodepool_configure/manifests/init.pp | 2 + .../templates/nodepool.yaml.erb | 47 ++++++++-------- .../package/Resources/scripts/site.pp | 41 ++++++++++++-- murano-apps/Nodepool/package/UI/ui.yaml | 35 ++++++++++++ murano-apps/Nodepool/package/manifest.yaml | 2 +- 17 files changed, 265 insertions(+), 53 deletions(-) create mode 100644 murano-apps/Jenkins/package/Resources/ConfigureCredentials.template create mode 100644 murano-apps/Jenkins/package/Resources/scripts/configure_credentials.pp create mode 100644 murano-apps/Jenkins/package/Resources/scripts/configure_credentials.sh create mode 100644 murano-apps/Jenkins/package/Resources/scripts/configure_credentials/files/credentials.xml create mode 100644 murano-apps/Jenkins/package/Resources/scripts/configure_credentials/manifests/init.pp create mode 100644 murano-apps/Nodepool/package/Resources/get_api_token.sh delete mode 100644 murano-apps/Nodepool/package/Resources/scripts/gen_rsa_key.sh diff --git a/murano-apps/Jenkins/package/Classes/Jenkins.yaml b/murano-apps/Jenkins/package/Classes/Jenkins.yaml index 73cb316..d0c76d2 100644 --- a/murano-apps/Jenkins/package/Classes/Jenkins.yaml +++ b/murano-apps/Jenkins/package/Classes/Jenkins.yaml @@ -211,6 +211,17 @@ Methods: - $script: $resource.string('upgrade_git_plugin.sh') - $linux.runCommand($.instance.agent, $script) + configureCredentials: + Body: + - $._environment.reporter.report($this, 'Configuring standard SSH credentials for jenkins slaves...') + - $resources: new(sys:Resources) + - $template: $resources.yaml('ConfigureCredentials.template') + - $.instance.agent.call($template, $resources) + + # Return current credentials id. (see scripts/configure_credentials/files/credentials.xml) + - $._environment.reporter.report($this, 'SSH Credentials are configured.') + - Return: '8039f3e0-1eb6-4505-81bc-c616a31fd7d1' + destroy: Body: - $.reportDestroyed() diff --git a/murano-apps/Jenkins/package/Resources/ConfigureCredentials.template b/murano-apps/Jenkins/package/Resources/ConfigureCredentials.template new file mode 100644 index 0000000..a4551df --- /dev/null +++ b/murano-apps/Jenkins/package/Resources/ConfigureCredentials.template @@ -0,0 +1,19 @@ +FormatVersion: 2.1.0 +Version: 1.0.0 +Name: Configure Credentials + +Body: | + return configureCredentials().stdout + +Scripts: + configureCredentials: + Type: Application + Version: 1.0.0 + EntryPoint: configure_credentials.sh + Files: + - configure_credentials/files/credentials.xml + - configure_credentials/manifests/init.pp + - configure_credentials.pp + Options: + captureStdout: true + captureStderr: true \ No newline at end of file diff --git a/murano-apps/Jenkins/package/Resources/scripts/configure_credentials.pp b/murano-apps/Jenkins/package/Resources/scripts/configure_credentials.pp new file mode 100644 index 0000000..3854da8 --- /dev/null +++ b/murano-apps/Jenkins/package/Resources/scripts/configure_credentials.pp @@ -0,0 +1,4 @@ +node default { + class { 'configure_credentials': + } +} diff --git a/murano-apps/Jenkins/package/Resources/scripts/configure_credentials.sh b/murano-apps/Jenkins/package/Resources/scripts/configure_credentials.sh new file mode 100644 index 0000000..dd2b7c0 --- /dev/null +++ b/murano-apps/Jenkins/package/Resources/scripts/configure_credentials.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +# No error if already exists. +mkdir -p /etc/puppet/modules/configure_credentials/manifests/ +mkdir -p /etc/puppet/modules/configure_credentials/files/ + +cp configure_credentials/manifests/init.pp /etc/puppet/modules/configure_credentials/manifests/ +cp configure_credentials/files/credentials.xml /etc/puppet/modules/configure_credentials/files/ + +puppet apply configure_credentials.pp diff --git a/murano-apps/Jenkins/package/Resources/scripts/configure_credentials/files/credentials.xml b/murano-apps/Jenkins/package/Resources/scripts/configure_credentials/files/credentials.xml new file mode 100644 index 0000000..2b12622 --- /dev/null +++ b/murano-apps/Jenkins/package/Resources/scripts/configure_credentials/files/credentials.xml @@ -0,0 +1,22 @@ + + + + + + + + + + GLOBAL + 8039f3e0-1eb6-4505-81bc-c616a31fd7d1 + Standard SSH credentials for jenkins slaves. + jenkins + + + /var/lib/jenkins/.ssh/id_rsa + + + + + + \ No newline at end of file diff --git a/murano-apps/Jenkins/package/Resources/scripts/configure_credentials/manifests/init.pp b/murano-apps/Jenkins/package/Resources/scripts/configure_credentials/manifests/init.pp new file mode 100644 index 0000000..1157fe8 --- /dev/null +++ b/murano-apps/Jenkins/package/Resources/scripts/configure_credentials/manifests/init.pp @@ -0,0 +1,15 @@ +class configure_credentials ( +) { + service { 'jenkins': + ensure => running, + enable => true, + } + file { '/var/lib/jenkins/credentials.xml': + notify => Service['jenkins'], + ensure => present, + owner => 'jenkins', + group => 'jenkins', + mode => '0644', + content => file('configure_credentials/credentials.xml'), + } +} \ No newline at end of file diff --git a/murano-apps/Jenkins/package/Resources/scripts/deploy.sh b/murano-apps/Jenkins/package/Resources/scripts/deploy.sh index d855e1b..21d0cc6 100755 --- a/murano-apps/Jenkins/package/Resources/scripts/deploy.sh +++ b/murano-apps/Jenkins/package/Resources/scripts/deploy.sh @@ -5,4 +5,3 @@ bash gen_rsa_key.sh puppet apply site.pp sudo apt-get install default-jdk -y - diff --git a/murano-apps/Nodepool/package/Classes/Nodepool.yaml b/murano-apps/Nodepool/package/Classes/Nodepool.yaml index 48bae0e..55b9b3f 100644 --- a/murano-apps/Nodepool/package/Classes/Nodepool.yaml +++ b/murano-apps/Nodepool/package/Classes/Nodepool.yaml @@ -5,6 +5,7 @@ Namespaces: sys: io.murano.system ci_cd_pipeline_murano_app: org.openstack.ci_cd_pipeline_murano_app puppet: org.openstack.ci_cd_pipeline_murano_app.puppet + conf: io.murano.configuration Name: Nodepool @@ -17,7 +18,17 @@ Properties: Contract: $.string().notNull() jenkins: Contract: $.class(ci_cd_pipeline_murano_app:Jenkins).notNull() - # TODO(nmakhotkin) Add zuul property. + zuul: + Contract: $.class(ci_cd_pipeline_murano_app:Zuul).notNull() + # Openstack credentials. + authUrl: + Contract: $.string().notNull() + username: + Contract: $.string().notNull() + tenant: + Contract: $.string().notNull() + password: + Contract: $.string().notNull() Methods: .init: @@ -49,6 +60,16 @@ Methods: - $._environment.reporter.report($this, 'Waiting while Jenkins is being deployed...') - $.jenkins.deploy() + - $._environment.reporter.report($this, 'Configure Jenkins gearman plugin...') + - $.jenkins.configureGearmanPlugin($.detectPrimaryIP($.zuul.instance)) + - $._environment.reporter.report($this, 'Gearman plugin is configured.') + + - $credentialsId: $.jenkins.configureCredentials() + - $.instance.setHieraValue('jenkins_credentials_id', $credentialsId) + + - $._environment.reporter.report($this, 'Waiting while Zuul is being deployed...') + - $.zuul.deploy() + - $._environment.reporter.report($this, 'Loading configuration data for nodepool...') - $.createConfiguration() - $resources: new(sys:Resources) @@ -62,13 +83,44 @@ Methods: createConfiguration: Body: + - $jenkinsKey: $.jenkins.instance.getHieraValue('jenkins_ssh_private_key_contents') + - $.instance.setHieraValue( + 'nodepool_ssh_private_key', + $jenkinsKey + ) + - $jenkinsPubKey: $.jenkins.instance.getHieraValue('jenkins_ssh_pubkey_contents') + # Extract only the key itself without 'ssh-rsa' and 'username@fqdn'. + - $jenkinsPubKey: $jenkinsPubKey.split(' ')[1] + + - $.instance.setHieraValue('nodepool_ssh_pubkey', $jenkinsPubKey) - $.instance.setHieraValue('nodepool_mysql_password', 'nodepool') - $.instance.setHieraValue('nodepool_mysql_root_password', 'root') - $.instance.setHieraValue('jenkins_api_user', $.jenkins.ldap.ldapRootUser) - - $.instance.setHieraValue('jenkins_api_key', $.jenkins.ldap.ldapRootPass) + - $.instance.setHieraValue('zuul_host', $.detectPrimaryIP($.zuul.instance)) + + - $.instance.setHieraValue('os_auth_url', $.authUrl) + - $.instance.setHieraValue('os_tenant_name', $.tenant) + - $.instance.setHieraValue('os_username', $.username) + - $.instance.setHieraValue('os_password', $.password) + - $jenkinsHost: $.detectPrimaryIP($.jenkins.instance) + - $.instance.setHieraValue('jenkins_host', $jenkinsHost) + - $netInfo: $._environment.defaultNetworks.environment.describe() + - $.instance.setHieraValue('nodepool_network_uuid', $netInfo.netId) + + # Command to retrieve Jenkins API Token. + - $linux: new(conf:Linux) + - $resource: new(sys:Resources) + - $replacements: + "%USERNAME%": $.jenkins.ldap.ldapRootUser + "%PASSWORD%": $.jenkins.ldap.ldapRootPass + "%JENKINS_HOST%": $jenkinsHost + - $script: $resource.string('get_api_token.sh').replace($replacements) + - $apiKey: $linux.runCommand($.instance.agent, $script).stdout + - $.instance.setHieraValue('jenkins_api_key', $apiKey) + detectPrimaryIP: Arguments: - instance: diff --git a/murano-apps/Nodepool/package/Resources/DeployNodepool.template b/murano-apps/Nodepool/package/Resources/DeployNodepool.template index d3819b3..e0ad0bf 100644 --- a/murano-apps/Nodepool/package/Resources/DeployNodepool.template +++ b/murano-apps/Nodepool/package/Resources/DeployNodepool.template @@ -13,10 +13,9 @@ Scripts: Version: 1.0.0 EntryPoint: deploy_nodepool.sh Files: - - 'gen_rsa_key.sh' - - 'site.pp' - - 'nodepool_configure/templates/nodepool.yaml.erb' - - 'nodepool_configure/manifests/init.pp' + - site.pp + - nodepool_configure/templates/nodepool.yaml.erb + - nodepool_configure/manifests/init.pp Options: captureStdout: false captureStderr: true diff --git a/murano-apps/Nodepool/package/Resources/get_api_token.sh b/murano-apps/Nodepool/package/Resources/get_api_token.sh new file mode 100644 index 0000000..21f2949 --- /dev/null +++ b/murano-apps/Nodepool/package/Resources/get_api_token.sh @@ -0,0 +1,24 @@ +#!/bin/bash + +username="%USERNAME%" +password="%PASSWORD%" +jenkins_host="%JENKINS_HOST%" +cmd="curl --user '$username:$password' http://${jenkins_host}:8080/me/configure | grep -o '\"[0-9a-f]\{32\}\"' | cut -d '\"' -f 2" + +# Jenkins might not be ready at this point. +# Retry logic is used here. +token=$(eval $cmd) +tries=10 + +while [ -z $token ]; do + sleep 20 + token=$(eval $cmd) + + tries=$((tries-1)) + + if [ $tries -lt 1 ]; then + break + fi +done + +echo $token diff --git a/murano-apps/Nodepool/package/Resources/scripts/deploy_nodepool.sh b/murano-apps/Nodepool/package/Resources/scripts/deploy_nodepool.sh index 5b2b16a..65937c3 100644 --- a/murano-apps/Nodepool/package/Resources/scripts/deploy_nodepool.sh +++ b/murano-apps/Nodepool/package/Resources/scripts/deploy_nodepool.sh @@ -2,11 +2,9 @@ logger Deploying Nodepool... -/bin/bash ./gen_rsa_key.sh - -mkdir /etc/puppet/modules/nodepool_configure -mkdir /etc/puppet/modules/nodepool_configure/manifests -mkdir /etc/puppet/modules/nodepool_configure/templates +# No error if already exists. +mkdir -p /etc/puppet/modules/nodepool_configure/manifests +mkdir -p /etc/puppet/modules/nodepool_configure/templates cp nodepool_configure/manifests/init.pp /etc/puppet/modules/nodepool_configure/manifests/ cp nodepool_configure/templates/nodepool.yaml.erb /etc/puppet/modules/nodepool_configure/templates/ diff --git a/murano-apps/Nodepool/package/Resources/scripts/gen_rsa_key.sh b/murano-apps/Nodepool/package/Resources/scripts/gen_rsa_key.sh deleted file mode 100644 index c367c24..0000000 --- a/murano-apps/Nodepool/package/Resources/scripts/gen_rsa_key.sh +++ /dev/null @@ -1,14 +0,0 @@ -#!/bin/bash -logger Generate SSH Private key for nodepool - -datafile='/etc/puppet/hieradata/murano.yaml' - -# -# nodepool ssh key -# -ssh-keygen -t rsa -N "" -f nodepool_ssh.key -q - -content=`cat nodepool_ssh.key` -puppet apply --execute "yaml_setting { 'example': target=>'$datafile', key=>'nodepool_ssh_private_key', value=>'$content', }" - -exit \ No newline at end of file diff --git a/murano-apps/Nodepool/package/Resources/scripts/nodepool_configure/manifests/init.pp b/murano-apps/Nodepool/package/Resources/scripts/nodepool_configure/manifests/init.pp index fb2bb24..aa66cb7 100644 --- a/murano-apps/Nodepool/package/Resources/scripts/nodepool_configure/manifests/init.pp +++ b/murano-apps/Nodepool/package/Resources/scripts/nodepool_configure/manifests/init.pp @@ -1,6 +1,8 @@ class nodepool_configure ( $jenkins_host = undef, + $jenkins_user = undef, $zuul_host = undef, + $net_id = undef, ) { file { '/etc/nodepool/nodepool.yaml': ensure => present, diff --git a/murano-apps/Nodepool/package/Resources/scripts/nodepool_configure/templates/nodepool.yaml.erb b/murano-apps/Nodepool/package/Resources/scripts/nodepool_configure/templates/nodepool.yaml.erb index 1ce65d0..f8785dc 100644 --- a/murano-apps/Nodepool/package/Resources/scripts/nodepool_configure/templates/nodepool.yaml.erb +++ b/murano-apps/Nodepool/package/Resources/scripts/nodepool_configure/templates/nodepool.yaml.erb @@ -5,54 +5,57 @@ images-dir: /opt/nodepool_dib cron: check: '*/15 * * * *' - cleanup: '0 * * * *' - image-update: '30 * * * *' + cleanup: '*/1 * * * *' + image-update: '14 14 * * *' zmq-publishers: - - tcp://localhost:8888 # Jenkins host + - tcp://<%= @jenkins_host %>:8888 # Jenkins host gearman-servers: # Zuul host - - host: localhost + - host: <%= @zuul_host %> port: 4730 diskimages: -- name: ubuntu-trusty - elements: - - ubuntu - - vm - - simple-init - release: trusty - env-vars: + - name: ubuntu-trusty + elements: + - ubuntu + - vm + - growroot + - infra-package-needs + - jenkins-slave + release: trusty + env-vars: + TMPDIR: /opt/dib_tmp DIB_IMAGE_CACHE: /opt/dib_cache + DIB_APT_LOCAL_CACHE: '0' + DIB_DISABLE_APT_CLEANUP: '1' labels: - - name: ubuntu-server - image: ubuntu-trusty-node + - name: ubuntu-trusty + image: ubuntu-trusty min-ready: 2 providers: - name: openstack-provider providers: - name: openstack-provider - keypair: 'nmakhotkin' region-name: 'RegionOne' - username: 'dev-user' - password: 'sw0rdfish' - auth-url: 'http://172.16.167.137:5000/v2.0' - project-name: 'dev' + username: <%= @os_username %> + password: <%= @os_password %> + auth-url: <%= @os_auth_url %> + project-name: <%= @os_tenant_name %> image-type: qcow2 max-servers: 20 use-neutron: true networks: - - name: dev-net - #- id: uuid + - net-id: <%= @net_id %> images: - - name: ubuntu-trusty-node + - name: ubuntu-trusty diskimage: ubuntu-trusty min-ram: 2048 private-key: /home/nodepool/.ssh/id_rsa setup: prepare_node.sh - username: ubuntu + username: jenkins targets: - name: jenkins diff --git a/murano-apps/Nodepool/package/Resources/scripts/site.pp b/murano-apps/Nodepool/package/Resources/scripts/site.pp index 2ea80d4..e7e0d68 100644 --- a/murano-apps/Nodepool/package/Resources/scripts/site.pp +++ b/murano-apps/Nodepool/package/Resources/scripts/site.pp @@ -18,22 +18,55 @@ node default { revision => 'master', vhost_name => $::fqdn, statsd_host => '', + elements_dir => '/etc/project-config/nodepool/elements', + scripts_dir => '/etc/project-config/nodepool/scripts', image_log_document_root => '/var/log/nodepool/image', image_log_periodic_cleanup => true, enable_image_log_via_http => true, - environment => {}, + environment => { + 'NODEPOOL_SSH_KEY' => hiera('nodepool_ssh_pubkey'), + 'NODEPOOL_PRIVATE_SSH_KEY' => hiera('nodepool_ssh_private_key') + }, jenkins_masters => [ { name => 'jenkins', url => sprintf('http://%s:8080', hiera('jenkins_host')), user => hiera('jenkins_api_user', 'username'), - apikey => hiera('jenkins_api_key') + apikey => hiera('jenkins_api_key'), + credentials => hiera('jenkins_credentials_id') } - ] + ], + require => Class['project_config'] } + $os_auth_url = hiera('os_auth_url') + $os_tenant_name = hiera('os_tenant_name') + $os_username = hiera('os_username') + $os_password = hiera('os_password') + class { 'nodepool_configure': jenkins_host => hiera('jenkins_host'), - require => Class['nodepool'] + jenkins_user => hiera('jenkins_api_user'), + zuul_host => hiera('zuul_host'), + net_id => hiera('nodepool_network_uuid'), + require => Class['nodepool'] + } + + exec { 'start_nodepool' : + command => 'service nodepool start', + path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + require => [ + Class['nodepool'], + Class['nodepool_configure'], + ] + } + + exec { 'start_nodepool_builder' : + command => 'service nodepool-builder start', + path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + require => [ + Class['nodepool'], + Class['nodepool_configure'], + ] } } diff --git a/murano-apps/Nodepool/package/UI/ui.yaml b/murano-apps/Nodepool/package/UI/ui.yaml index 3d45793..b6981c1 100644 --- a/murano-apps/Nodepool/package/UI/ui.yaml +++ b/murano-apps/Nodepool/package/UI/ui.yaml @@ -5,6 +5,11 @@ Application: type: org.openstack.ci_cd_pipeline_murano_app.Nodepool name: $.appConfiguration.name jenkins: $.appConfiguration.Jenkins + zuul: $.appConfiguration.Zuul + authUrl: $.openstackConfiguration.authUrl + username: $.openstackConfiguration.username + tenant: $.openstackConfiguration.tenant + password: $.openstackConfiguration.password instance: ?: type: org.openstack.ci_cd_pipeline_murano_app.puppet.PuppetInstance @@ -34,9 +39,39 @@ Forms: required: false - name: Jenkins type: org.openstack.ci_cd_pipeline_murano_app.Jenkins + label: Jenkins required: true description: >- Specify Jenkins. + - name: Zuul + type: org.openstack.ci_cd_pipeline_murano_app.Zuul + label: Zuul + required: true + description: >- + Specify Zuul. + + - openstackConfiguration: + fields: + - name: authUrl + type: string + label: Keystone Auth URL + description: Provide Keystone Auth URL. + initial: http://192.168.0.2:5000/v2.0 + - name: username + type: string + label: Keystone username + description: Provide Keystone username. + initial: admin + - name: tenant + type: string + label: Keystone tenant + description: Provide Keystone tenant name. + initial: admin + - name: password + type: string + description: Provide Keystone password. + label: Keystone password + initial: secret - instanceConfiguration: fields: diff --git a/murano-apps/Nodepool/package/manifest.yaml b/murano-apps/Nodepool/package/manifest.yaml index 839c90d..0cb858f 100644 --- a/murano-apps/Nodepool/package/manifest.yaml +++ b/murano-apps/Nodepool/package/manifest.yaml @@ -17,4 +17,4 @@ Require: org.openstack.ci_cd_pipeline_murano_app.puppet.SystemConfig: org.openstack.ci_cd_pipeline_murano_app.puppet.Puppet: org.openstack.ci_cd_pipeline_murano_app.Jenkins: -# TODO(nmakhotkin): Add zuul to requirements. + org.openstack.ci_cd_pipeline_murano_app.Zuul: