Reorg the roles layout

Put a bunch of subroles under the main 'bootstrap' role
2015-04-06 13:21:34 +02:00 · 2015-04-06 13:21:34 +02:00 · 6ea1d02c76
commit 6ea1d02c76
parent 4b5eb4acb7
12 changed files with 204 additions and 2 deletions
--- a/provision.yml
+++ b/provision.yml
@ -3,4 +3,4 @@
 - hosts: localhost
  connection: local
  roles:
-    - { role: create_openstack_instances }
+    - { role: provision }
--- a/roles/bootstrap/branch_system_config/tasks/main.yml
+++ b/roles/bootstrap/branch_system_config/tasks/main.yml
@ -4,18 +4,20 @@
  args:
    chdir: /opt/system-config/production
  register: checked_out_branch
+  ignore_errors: True

 # Check whether "infra_config" branch exists or not
 - command: git show-ref "infra_config"
  args:
    chdir: /opt/system-config/production
  register: infra_config_branch 
+  ignore_errors: True

 # If "infra_config" branch exists, switch to it
 - command: git checkout infra_config
  args:
    chdir: /opt/system-config/production
-  when: checked_out_branch.rc == 0 and infra_config_branch.rc == 0
+  when: checked_out_branch.stdout != "infra_config" and infra_config_branch.rc == 0

 # Create and switch to "infra_config" branch to put non-upstream fixes and values
 - command: git checkout -b infra_config
--- a/roles/bootstrap/clone_system_config/defaults/main.yaml
+++ b/roles/bootstrap/clone_system_config/defaults/main.yaml
--- a/roles/bootstrap/clone_system_config/tasks/main.yml
+++ b/roles/bootstrap/clone_system_config/tasks/main.yml
--- a/roles/bootstrap/configure_puppetdb/tasks/main.yml
+++ b/roles/bootstrap/configure_puppetdb/tasks/main.yml
--- a/roles/bootstrap/configure_puppetmaster/files/puppetmaster.pp
+++ b/roles/bootstrap/configure_puppetmaster/files/puppetmaster.pp
@ -0,0 +1,196 @@
+# == Class: openstack_project::puppetmaster
+#
+class openstack_project::puppetmaster (
+  $root_rsa_key = 'xxx',
+  $sysadmins = [],
+  $version   = '3.',
+  $ca_server = undef,
+  $puppetdb = true,
+  $puppetdb_server = 'puppetdb.openstack.org',
+  $puppetmaster_server = undef,
+) {
+  include logrotate
+  include openstack_project::params
+
+  class { 'openstack_project::server':
+    iptables_public_tcp_ports => [4505, 4506, 8140],
+    sysadmins                 => $sysadmins,
+    pin_puppet                => $version,
+    ca_server                 => $ca_server,
+    puppetmaster_server       => $puppetmaster_server,
+  }
+
+  file {'/etc/puppet/environments':
+    ensure => directory,
+    owner  => 'root',
+    group  => 'root',
+    mode   => '0755',
+  }
+  file {'/etc/puppet/environments/production':
+    ensure => directory,
+    owner  => 'root',
+    group  => 'root',
+    mode   => '0755',
+  }
+  file {'/etc/puppet/environments/production/environment.conf':
+    ensure => file,
+    owner  => 'root',
+    group  => 'root',
+    mode   => '0644',
+    source => 'puppet:///modules/openstack_project/puppetmaster/production_environment.conf',
+  }
+
+  include ansible
+
+  file { '/etc/ansible/hostfile':
+    ensure  => present,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0644',
+    require => Class['ansible'],
+  }
+
+  cron { 'updatepuppetmaster':
+    user        => 'root',
+    minute      => '*/15',
+    command     => 'flock -n /var/run/puppet/puppet_run_all.lock bash /opt/system-config/production/run_all.sh',
+    environment => 'PATH=/var/lib/gems/1.8/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin',
+  }
+
+  logrotate::file { 'updatepuppetmaster':
+    ensure  => present,
+    log     => '/var/log/puppet_run_all.log',
+    options => ['compress',
+      'copytruncate',
+      'delaycompress',
+      'missingok',
+      'rotate 7',
+      'daily',
+      'notifempty',
+    ],
+    require => Cron['updatepuppetmaster'],
+  }
+
+  cron { 'deleteoldreports':
+    user        => 'root',
+    hour        => '3',
+    minute      => '0',
+    command     => 'sleep $((RANDOM\%600)) && find /var/lib/puppet/reports -name \'*.yaml\' -mtime +7 -execdir rm {} \;',
+    environment => 'PATH=/var/lib/gems/1.8/bin:/usr/bin:/bin:/usr/sbin:/sbin',
+  }
+
+  file { '/etc/puppet/hiera.yaml':
+    ensure  => present,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0555',
+    source  => 'puppet:///modules/openstack_project/puppetmaster/hiera.yaml',
+    replace => true,
+    require => Class['openstack_project::server'],
+  }
+
+  file { '/var/lib/puppet/reports':
+    ensure => directory,
+    owner  => 'puppet',
+    group  => 'puppet',
+    mode   => '0750',
+    }
+
+  if ! defined(File['/root/.ssh']) {
+    file { '/root/.ssh':
+      ensure => directory,
+      mode   => '0700',
+    }
+  }
+
+  file { '/root/.ssh/id_rsa':
+    ensure  => present,
+    mode    => '0400',
+    content => $root_rsa_key,
+  }
+
+# Cloud credentials are stored in this directory for launch-node.py.
+  file { '/root/ci-launch':
+    ensure => directory,
+    owner  => 'root',
+    group  => 'admin',
+    mode   => '0750',
+    }
+
+# For puppet master apache serving.
+  package { 'puppetmaster-passenger':
+    ensure => present,
+  }
+
+  file { '/etc/apache2/sites-available/puppetmaster.conf':
+    ensure  => present,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0600',
+    content => template('openstack_project/puppetmaster/puppetmaster_vhost.conf.erb'),
+    require => Package['puppetmaster-passenger'],
+  }
+
+# To set LANG to utf8, otherwise we get charset errors on manifests
+# with non-ascii chars
+  file { '/etc/apache2/envvars':
+    ensure  => present,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0444',
+    source  => 'puppet:///modules/openstack_project/puppetmaster/envvars.debian',
+    require => Package['puppetmaster-passenger'],
+  }
+
+# For launch/launch-node.py.
+  package { ['python-cinderclient', 'python-novaclient']:
+    ensure   => latest,
+    provider => pip,
+    require  => [Package['python-lxml'], Package['libxslt1-dev']],
+  }
+  package { 'python-paramiko':
+    ensure => present,
+  }
+  package { 'python-lxml':
+    ensure => present,
+  }
+  package { 'libxslt1-dev':
+    ensure => present,
+  }
+
+# Enable puppetdb
+
+  if $puppetdb {
+    class { 'puppetdb::master::config':
+      puppetdb_server              => $puppetdb_server,
+      puppet_service_name          => 'apache2',
+      puppetdb_soft_write_failure  => true,
+      manage_storeconfigs          => false,
+    }
+  }
+
+# Playbooks
+#
+  file { '/etc/ansible/playbooks':
+    ensure  => directory,
+    recurse => true,
+    source  => 'puppet:///modules/openstack_project/ansible/playbooks',
+    require => Class[ansible],
+  }
+
+  file { '/etc/ansible/remote_puppet.yaml':
+    ensure => absent,
+  }
+  file { '/etc/ansible/remote_puppet_afs.yaml':
+    ensure => absent,
+  }
+  file { '/etc/ansible/remote_puppet_else.yaml':
+    ensure => absent,
+  }
+  file { '/etc/ansible/remote_puppet_git.yaml':
+    ensure => absent,
+  }
+  file { '/etc/ansible/clean_workspaces.yaml':
+    ensure => absent,
+  }
+}
--- a/roles/bootstrap/configure_puppetmaster/tasks/main.yml
+++ b/roles/bootstrap/configure_puppetmaster/tasks/main.yml
@ -11,3 +11,5 @@
    puppet apply --modulepath='/opt/system-config/production/modules:/etc/puppet/modules'
    -e 'class {"openstack_project::puppetmaster"':' puppetdb => false }'
  tags: puppet_apply
+
+- copy: src=puppetmaster.pp dest=/opt/system-config/production/modules/openstack_project/manifests
--- a/roles/bootstrap/generate_puppet_certificates/tasks/main.yml
+++ b/roles/bootstrap/generate_puppet_certificates/tasks/main.yml
--- a/roles/bootstrap/install_puppet_and_modules/tasks/main.yml
+++ b/roles/bootstrap/install_puppet_and_modules/tasks/main.yml
--- a/roles/bootstrap/install_required_packages/tasks/main.yml
+++ b/roles/bootstrap/install_required_packages/tasks/main.yml
--- a/roles/provision/tasks/create_openstack_instances.yml
+++ b/roles/provision/tasks/create_openstack_instances.yml
--- a/roles/provision/tasks/main.yml
+++ b/roles/provision/tasks/main.yml
@ -0,0 +1,2 @@
+---
+- include: create_openstack_instances.yml