remove trash

Change-Id: I8fa77d2bd83d6b64d9fd3421c8ab0351a88f69b9
This commit is contained in:
Alexey Elagin 2015-12-14 19:10:55 +03:00
parent 1856c1f334
commit d42ccf87f3
59 changed files with 73 additions and 2500 deletions

View File

@ -1,62 +1,62 @@
# Defaults
Exec {
path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
provider => 'shell',
}
File {
replace => true,
}
if($::osfamily == 'Debian') {
Exec['apt_update'] -> Package <| |>
}
stage { 'pre' :
before => Stage['main'],
}
$gitrevision = '$Id$'
notify { "Revision : ${gitrevision}" :}
file { '/var/lib/puppet' :
ensure => 'directory',
owner => 'puppet',
group => 'puppet',
mode => '0755',
}
file { '/var/lib/puppet/gitrevision.txt' :
ensure => 'present',
owner => 'root',
group => 'root',
mode => '0444',
content => $gitrevision,
require => File['/var/lib/puppet'],
}
# Nodes definitions
node /jenkins-slave\.test-company\.org/ {
class { '::fuel_project::jenkins::slave' :
external_host => true,
}
}
node /jenkins\.test-company\.org/ {
class { '::fuel_project::jenkins::master' :}
}
# Default
node default {
$classes = hiera('classes', '')
if ($classes) {
validate_array($classes)
hiera_include('classes')
} else {
notify { 'Default node invocation' :}
}
}
# Defaults
Exec {
path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
provider => 'shell',
}
File {
replace => true,
}
if($::osfamily == 'Debian') {
Exec['apt_update'] -> Package <| |>
}
stage { 'pre' :
before => Stage['main'],
}
$gitrevision = '$Id$'
notify { "Revision : ${gitrevision}" :}
file { '/var/lib/puppet' :
ensure => 'directory',
owner => 'puppet',
group => 'puppet',
mode => '0755',
}
file { '/var/lib/puppet/gitrevision.txt' :
ensure => 'present',
owner => 'root',
group => 'root',
mode => '0444',
content => $gitrevision,
require => File['/var/lib/puppet'],
}
# Nodes definitions
node /jenkins-slave\.test-company\.org/ {
class { '::fuel_project::jenkins::slave' :
external_host => true,
}
}
node /jenkins\.test-company\.org/ {
class { '::fuel_project::jenkins::master' :}
}
# Default
node default {
$classes = hiera('classes', '')
if ($classes) {
validate_array($classes)
hiera_include('classes')
} else {
notify { 'Default node invocation' :}
}
}

View File

@ -1,17 +0,0 @@
# For all the following commands HOME should be set to the directory that has .my.cnf file with password information.
# Get information about Slave replica
UserParameter=mysql.replication_status[*],HOME=/var/lib/zabbix mysql -e 'SHOW SLAVE STATUS \G' | grep $1 | cut -d ':' -f2-
# Flexible parameter to grab global variables. On the frontend side, use keys like mysql.status[Com_insert].
# Key syntax is mysql.status[variable].
UserParameter=mysql.status[*],echo "show global status where Variable_name='$1';" | HOME=/var/lib/zabbix mysql -N | awk '{print $$2}'
# Flexible parameter to determine database or table size. On the frontend side, use keys like mysql.size[zabbix,history,data].
# Key syntax is mysql.size[<database>,<table>,<type>].
# Database may be a database name or "all". Default is "all".
# Table may be a table name or "all". Default is "all".
# Type may be "data", "index", "free" or "both". Both is a sum of data and index. Default is "both".
# Database is mandatory if a table is specified. Type may be specified always.
# Returns value in bytes.
# 'sum' on data_length or index_length alone needed when we are getting this information for whole database instead of a single table
UserParameter=mysql.size[*],echo "select sum($(case "$3" in both|"") echo "data_length+index_length";; data|index) echo "$3_length";; free) echo "data_free";; esac)) from information_schema.tables$([[ "$1" = "all" || ! "$1" ]] || echo " where table_schema='$1'")$([[ "$2" = "all" || ! "$2" ]] || echo "and table_name='$2'");" | HOME=/var/lib/zabbix mysql -N
UserParameter=mysql.ping,HOME=/var/lib/zabbix mysqladmin ping | grep -c alive
UserParameter=mysql.version,mysql -V

View File

@ -1,4 +0,0 @@
UserParameter=hardware,echo CPU: `cat /proc/cpuinfo | awk -F':' '/^model name/ { MODEL=$2; COUNT+=1 } END { print COUNT"x"MODEL }'`, MEM: `cat /proc/meminfo | awk '/^MemTotal:/ { printf "%dG", ($2/1024000) }'`, HDD: `cat /sys/block/sd*/size /sys/block/vd*/size 2>/dev/null | sort | uniq -c | sort -n | awk '{ printf "%dx%dG, ", $1, ($2/2/1000/976.5) }' | sed 's/, $//'`
UserParameter=vfs.dev.discovery,for partition in $(awk '{print $NF}' /proc/partitions | egrep '^[sv]d([a-z]+)$') ; do partitionlist="$partitionlist,"'{"{#DISKDEV}":"'$partition'"}'; done; echo '{"data":['${partitionlist#,}']}'
UserParameter=smartd.value[*],sudo /usr/sbin/smartctl -A "/dev/$1" | /bin/grep "$2" | /usr/bin/awk '{print $$10}'
UserParameter=smartd.hdd.health[*],sudo /usr/sbin/smartctl -H "/dev/$1" | /bin/grep -c '^SMART overall-health self-assessment test result: PASSED$'

View File

@ -1 +0,0 @@
UserParameter=ssl.certificate.check[*],/usr/local/bin/zabbix_check_certificate.sh -H "$1" -p "$2"

View File

@ -1,2 +0,0 @@
UserParameter=lpupdatebug.lp_logcheck[*],/usr/local/bin/tailnew /var/log/lpupdatebug.log lpupdatebug.lp_logcheck.$(echo -n /var/log/lpupdatebug.log | sed 's~/~_~g') | grep -oh '0x00000lp' | tail -1
UserParameter=lpupdatebug.ssh_logcheck[*],/usr/local/bin/tailnew /var/log/lpupdatebug.log lpupdatebug.ssh_logcheck.$(echo -n /var/log/lpupdatebug.log | sed 's~/~_~g') | grep -oh '0x00000ssh' | tail -1

View File

@ -1,59 +0,0 @@
#!/usr/bin/perl
# Ex.
# ./glubix_checkvolstatus.pl --volume_name vol0
# ./glubix_checkvolstatus.pl --volume_name vol1 --volume_numbricks 4
#
# options:
# --volume_name vol1
# --volume_numbricks 4
use strict;
use Getopt::Long qw(:config posix_default no_ignore_case gnu_compat);
my $rc = 0;
my $gluster_volume_name;
my $gluster_volume_numbricks;
my $getopt_result = GetOptions('volume_name=s' => \$gluster_volume_name,
'volume_numbricks=i', => \$gluster_volume_numbricks);
if ($gluster_volume_name eq "") {
$rc = 0;
printf "$rc\n";
exit;
}
my $gluster_cmd = "/usr/sbin/gluster";
my $exec_cmd = "$gluster_cmd volume info $gluster_volume_name 2> /dev/null";
my $result = `$exec_cmd`;
if ($result =~ m/Status: Started/) {
# volume status is Started
$rc = 1;
if ($gluster_volume_numbricks ne "" && $gluster_volume_numbricks > 0) {
my $exec_cmd2 = "$gluster_cmd volume status $gluster_volume_name 2> /dev/null | grep '^Brick' | wc -l";
my $result2 = `$exec_cmd2`;
my $num_active_brick = $result2;
# If number of active bricks were less than $gluster_volume_numbricks. return code is 0;
if( $num_active_brick < $gluster_volume_numbricks ) {
# missing some bricks. may be down.
$rc = 0;
} else {
# brick is healthy
$rc = 1;
}
}
} elsif ($result =~ m/Status: Stopped/) {
# volume status is Stopped
$rc = 0;
} else {
# volume status is maintainance down or other
$rc = 0;
}
printf "$rc\n";
exit

View File

@ -1,43 +0,0 @@
#!/usr/bin/perl
# geo-replication via gsync for GlusterFS 3.3
# Ex.
# ./glubix_.pl --volume_name vol1 --slave_url remote::geo-vol1
#
# options:
# --volume_name vol1
# --slave_url remote::geo-vol1
#
use strict;
use Getopt::Long qw(:config posix_default no_ignore_case gnu_compat);
my $gluster_volume_name;
my $gluster_slave_url;
my $getopt_result = GetOptions('volume_name=s' => \$gluster_volume_name,
'slave_url=s', => \$gluster_slave_url);
if ($gluster_volume_name eq "") {
exit 1;
}
my $gluster_cmd = "/usr/sbin/gluster";
my $exec_cmd = "$gluster_cmd volume geo-replication $gluster_volume_name $gluster_slave_url status | tail -1 2> /dev/null";
my $result = `$exec_cmd`;
if ($result =~ '^----' || $result =~ '^No active geo-replication sessions' ) {
print "NotFound\n";
exit 1;
}
my ($master_vol,$slave_url,$status) = split(/[\s\t]+/, $result);
if ($master_vol eq $gluster_volume_name && $slave_url eq $gluster_slave_url) {
print "$status\n";
exit;
}
print "ERROR\n";
exit 1;

View File

@ -1,51 +0,0 @@
#!/usr/bin/perl
# geo-replication via gsync for GlusterFS 3.3
# Ex.
# ./glubix_.pl --volume_name vol1 --slave_url remote::geo-vol1
#
# options:
# --volume_name vol1
# --slave_url remote::geo-vol1
#
use strict;
use Getopt::Long qw(:config posix_default no_ignore_case gnu_compat);
my $gluster_volume_name;
my $gluster_slave_url;
my $getopt_result = GetOptions('volume_name=s' => \$gluster_volume_name,
'slave_url=s', => \$gluster_slave_url);
if ($gluster_volume_name eq "") {
exit 1;
}
my $gluster_cmd = "/usr/sbin/gluster";
my $exec_cmd = "$gluster_cmd volume geo-replication $gluster_volume_name $gluster_slave_url status 2> /dev/null";
my $result = `$exec_cmd`;
if ($result =~ '^No active geo-replication sessions between' || $result =~ '^No active geo-replication sessions' ) {
print "NotFound\n";
exit 1;
}
$result =~ s/^\s*\n//g;
$result =~ s/MASTER NODE[A-Z\s]+\n//g;
$result =~ s/-+\s*\n//g;
my @result_array = split(/\n/,$result);
foreach my $line (@result_array){
print "$line\n";
my ($master_node,$master_vol,$master_brick,$slave_url,$status,$checkpoint_status,$crawl_status) = split(/\s+/, $line);
if ($master_vol eq $gluster_volume_name && $slave_url eq $gluster_slave_url) {
print "$status\n";
exit;
}
}
print "ERROR\n";
exit 1;

View File

@ -1,21 +0,0 @@
#!/usr/bin/perl
# Ex.
# ./glubix_numpeers.pl
#
use strict;
my $gluster_cmd = "/usr/sbin/gluster";
my $exec_cmd = "$gluster_cmd peer status 2> /dev/null";
my $result = `$exec_cmd`;
my $peers = 0;
if ($result =~ m/Number of Peers: ([0-9]+)/) {
$peers = $1;
}
print "$peers\n";
exit;

View File

@ -1,20 +0,0 @@
#!/usr/bin/perl
# Ex.
# ./glubix_uuid.pl
use strict;
my $glusterd_info = "/var/lib/glusterd/glusterd.info";
my $exec_cmd = "grep UUID $glusterd_info 2> /dev/null";
my $result = `$exec_cmd`;
my $uuid;
if ($result =~ m/UUID=([0-9a-f]+-[0-9a-f]+-[0-9a-f]+-[0-9a-f]+-[0-9a-f]+)/) {
$uuid = $1;
}
print "$uuid\n";
exit;

View File

@ -1,39 +0,0 @@
#!/usr/bin/perl
# Ex.
# ./glubix_volstatus.pl --volume_name vol0
#
# options:
# --volume_name vol1
use strict;
use Getopt::Long qw(:config posix_default no_ignore_case gnu_compat);
my $status;
my $gluster_volume_name;
my $getopt_result = GetOptions('volume_name=s' => \$gluster_volume_name);
if ($gluster_volume_name eq "") {
$status = "NotFound";
printf "$status\n";
exit 1;
}
my $gluster_cmd = "/usr/sbin/gluster";
my $exec_cmd = "$gluster_cmd volume info $gluster_volume_name 2> /dev/null";
my $result = `$exec_cmd`;
if ($result =~ m/Status: Started/) {
$status = 'Started';
} elsif ($result =~ m/Status: Stopped/) {
$status = 'Stopped';
} elsif ($result =~ m/Status: Created/) {
$status = 'Created';
} else {
# Can't parse volume status
$status = "Unknown";
}
printf "$status\n";
exit;

View File

@ -1,43 +0,0 @@
#!/usr/bin/perl
# Ex.
# ./glubix_voltype.pl --volume_name vol0
#
# options:
# --volume_name vol1
# return value type: String
# return value list: Unknown ... Can't parse result of gluster command
# Blank ... --volume_name is not set
# Distribute
# Stripe
# Replicate
# Striped-Replicate
# Distributed-Stripe
# Distributed-Replicate
# Distributed-Striped-Replicate
use strict;
use Getopt::Long qw(:config posix_default no_ignore_case gnu_compat);
my $voltype;
my $gluster_volume_name = '';
my $getopt_result = GetOptions('volume_name=s' => \$gluster_volume_name);
if ($gluster_volume_name eq '') {
$voltype = "Blank";
exit;
}
my $gluster_cmd = "/usr/sbin/gluster";
my $exec_cmd = "$gluster_cmd volume info $gluster_volume_name 2> /dev/null";
my $result = `$exec_cmd`;
if ($result =~ m/Type: (\S+)/) {
$voltype = $1;
} else {
$voltype = "Unknown";
}
printf "$voltype\n";
exit

View File

@ -1,9 +0,0 @@
UserParameter=gluster.version,/usr/sbin/glusterd -V|head -1|cut -d' ' -f2
UserParameter=gluster.uuid,sudo /usr/local/bin/glubix_uuid.pl
UserParameter=gluster.numpeers,sudo /usr/local/bin/glubix_numpeers.pl
UserParameter=gluster.voltype[*],sudo /usr/local/bin/glubix_voltype.pl --volume_name $1
UserParameter=gluster.volstatus[*],sudo /usr/local/bin/glubix_volstatus.pl --volume_name $1
UserParameter=gluster.checkvolstatus[*],sudo /usr/local/bin/glubix_checkvolstatus.pl --volume_name $1 --volume_numbricks $2
UserParameter=gluster.numbricks[*],sudo /usr/sbin/gluster volume info $1 | grep '^Brick[0-9]*:' | wc -l
UserParameter=gluster.numactivebricks[*],sudo /usr/sbin/gluster volume status $1 | grep '^Brick' | wc -l
UserParameter=gluster.georepstatus[*],sudo /usr/local/bin/glubix_georepstatus34.pl --volume_name $1 --slave_url $2

View File

@ -1,8 +0,0 @@
TIMEOUT 50
TOTALTIMEOUT 9000
ONTIMEOUT local
default local
LABEL local
MENU LABEL Boot local hard drive
LOCALBOOT 0

View File

@ -1,311 +0,0 @@
#!/usr/bin/python
import sys, getopt
import os.path
import netaddr
import re
import paramiko
import time
from hashlib import sha512
from xmlbuilder import XMLBuilder
IPMI_USERNAME = os.getenv('IPMI_USERNAME', '')
IPMI_PASSWORD = os.getenv('IPMI_PASSWORD', '')
CISCO_USERNAME = os.getenv('CISCO_USERNAME', '')
CISCO_PASSWORD = os.getenv('CISCO_PASSWORD', '')
servers = {
'cz5547' : { 'hostname' : 'cz5547-kvm.host-telecom.com', 'mac' : 'a0-d3-c1-ef-2c-d8', 'int1' : 'gi 0/1', 'int2' : 'gi 0/2' },
'cz5548' : { 'hostname' : 'cz5548-kvm.host-telecom.com', 'mac' : 'a0-d3-c1-ef-16-ec', 'int1' : 'gi 0/3', 'int2' : 'gi 0/4' },
'cz5549' : { 'hostname' : 'cz5549-kvm.host-telecom.com', 'mac' : 'a0-d3-c1-ef-32-cc', 'int1' : 'gi 0/5', 'int2' : 'gi 0/6' },
'cz5550' : { 'hostname' : 'cz5550-kvm.host-telecom.com', 'mac' : 'a0-2b-b8-1f-48-4c', 'int1' : 'gi 0/7', 'int2' : 'gi 0/8' },
'cz5551' : { 'hostname' : 'cz5551-kvm.host-telecom.com', 'mac' : 'a0-2b-b8-1f-48-fc', 'int1' : 'gi 0/9', 'int2' : 'gi 0/10' },
'cz5552' : { 'hostname' : 'cz5552-kvm.host-telecom.com', 'mac' : 'a0-2b-b8-1f-4a-88', 'int1' : 'gi 0/11', 'int2' : 'gi 0/12' },
'cz5553' : { 'hostname' : 'cz5553-kvm.host-telecom.com', 'mac' : 'a0-2b-b8-1f-4a-ac', 'int1' : 'gi 0/19', 'int2' : 'gi 0/20' },
'cz5554' : { 'hostname' : 'cz5554-kvm.host-telecom.com', 'mac' : 'a0-2b-b8-1f-4a-90', 'int1' : 'gi 0/21', 'int2' : 'gi 0/22' },
'cz5555' : { 'hostname' : 'cz5555-kvm.host-telecom.com', 'mac' : 'a0-2b-b8-1f-4c-9c', 'int1' : 'gi 0/23', 'int2' : 'gi 0/24' },
'cz5556' : { 'hostname' : 'cz5556-kvm.host-telecom.com', 'mac' : 'a0-2b-b8-1f-4c-48', 'int1' : 'gi 0/31', 'int2' : 'gi 0/32' },
'cz5557' : { 'hostname' : 'cz5557-kvm.host-telecom.com', 'mac' : 'a0-2b-b8-1f-4a-08', 'int1' : 'gi 0/33', 'int2' : 'gi 0/34' },
'cz5558' : { 'hostname' : 'cz5558-kvm.host-telecom.com', 'mac' : 'a0-2b-b8-1f-4c-74', 'int1' : 'gi 0/35', 'int2' : 'gi 0/36' },
'cz5559' : { 'hostname' : 'cz5559-kvm.host-telecom.com', 'mac' : 'a0-2b-b8-1f-4c-54', 'int1' : 'gi 0/13', 'int2' : 'gi 0/14' },
'cz5560' : { 'hostname' : 'cz5560-kvm.host-telecom.com', 'mac' : '00-00-00-00-00-00', 'int1' : 'gi 0/15', 'int2' : 'gi 0/16' },
'cz5561' : { 'hostname' : 'cz5561-kvm.host-telecom.com', 'mac' : 'a0-2b-b8-1f-4b-ec', 'int1' : 'gi 0/17', 'int2' : 'gi 0/18' },
'cz5562' : { 'hostname' : 'cz5562-kvm.host-telecom.com', 'mac' : '00-00-00-00-00-00', 'int1' : 'gi 0/25', 'int2' : 'gi 0/26' },
'cz5563' : { 'hostname' : 'cz5563-kvm.host-telecom.com', 'mac' : '00-00-00-00-00-00', 'int1' : 'gi 0/27', 'int2' : 'gi 0/28' },
'cz5564' : { 'hostname' : 'cz5564-kvm.host-telecom.com', 'mac' : '00-00-00-00-00-00', 'int1' : 'gi 0/29', 'int2' : 'gi 0/30' },
}
vlans = {
'221' : { 'network' : netaddr.IPNetwork('172.16.39.0/26') },
'222' : { 'network' : netaddr.IPNetwork('172.16.39.64/26') },
'223' : { 'network' : netaddr.IPNetwork('172.16.39.128/26') },
'224' : { 'network' : netaddr.IPNetwork('172.16.39.192/26') },
'225' : { 'network' : netaddr.IPNetwork('172.16.37.128/26') },
'226' : { 'network' : netaddr.IPNetwork('172.16.37.192/26') },
}
switches = {
'cz-sw' : { 'hostname' : '193.161.84.243 ' },
}
class fuelLab:
""" Lab definition """
def __init__(self):
self.name="Lab1"
self.fuel = None
self.iso = None
self.vlan = None
self.public_vlan = None
self.vlan_range = None
self.nodes = []
self.tftp_root = "/var/lib/tftpboot"
def set_host(self,host):
if host in servers.keys():
self.name = host
self.fuel = servers[host]
else:
print "Node "+node+" not defined"
sys.exit(1)
def add_node(self,node):
if re.match('^[1-9a-f]{2}:[1-9a-f]{2}$',node):
node = re.sub(':','-',node)
for name in servers.keys():
if re.search(node+'$', servers[name]['mac']):
self.add_node(name)
return
if node in servers.keys():
self.nodes.append(servers[node])
else:
print "Node "+node+" not defined"
sys.exit(1)
def set_vlan(self,vlan):
if vlan in vlans.keys():
self.vlan = vlan
else:
print "Vlan "+vlan+" not defined"
sys.exit(1)
def set_public_vlan(self,vlan):
if vlan in vlans.keys():
self.public_vlan = vlan
else:
print "Vlan "+vlan+" not defined"
sys.exit(1)
def set_vlan_range(self,vlan_range):
res = re.match(r"(\d+)\-(\d+)",vlan_range)
if res:
min,max = int(res.group(1)),int(res.group(2))
if(max-min > 1 and max-min < 20):
self.vlan_range = str(min)+'-'+str(max)
else:
print "Range is too big"
else:
print "Wrong range"
def create_pxe(self):
self.pxe_file = "/var/lib/tftpboot/pxelinux.cfg/01-"+self.fuel['mac']
f = open(self.pxe_file, "w")
ip = vlans[self.vlan]['network']
nfs_share = "nfs:" +str(ip.ip+1) + ":" + self.tftp_root + self.fuel_path
host_ip = ip.ip + 2
host_gw = ip.ip + ip.size - 2
host_netmask = ip.netmask
f.write("DEFAULT fuel\nPROMPT 0\nTIMEOUT 0\nTOTALTIMEOUT 0\nONTIMEOUT fuel\n\n")
f.write("LABEL fuel\nKERNEL %s/isolinux/vmlinuz\nINITRD %s/isolinux/initrd.img\n" % (self.fuel_path, self.fuel_path))
f.write("APPEND biosdevname=0 ks=%s repo=%s ip=%s netmask=%s gw=%s hostname=fuel-lab-%s.mirantis.com showmenu=no installdrive=sda ksdevice=eth0 forceformat=yes\n" % \
( nfs_share + "/ks.cfg", nfs_share ,host_ip, host_netmask, host_gw, self.name ) )
f.close()
def mac_in_nodes(self,mac):
for node in self.nodes:
if node['mac'] == mac:
return True
return False
def update_dhcpd(self):
mac = re.sub('-',':',self.fuel['mac'])
fuel = self.fuel
ip = vlans[self.vlan]['network']
filename = "/tmp/deploy." + str(os.getpid())
x = XMLBuilder('network')
x.name("lab" + str(self.vlan))
x.bridge(name = "br"+self.vlan, stp="off", delay="0")
with x.forward(mode = "route", dev="eth0"):
x.interface(dev="eth0")
with x.ip(address = str(ip.ip+1), netmask="255.255.255.192"):
with x.dhcp:
x.host(mac=mac, ip=str(ip.ip+2))
x.bootp(file="pxelinux.0")
x.tftp(root="/var/lib/tftpboot")
print str(x)+"\n"
f=open(filename,"w")
f.write(str(x)+"\n")
f.close()
os.system("sudo ifconfig br%s down" % self.vlan)
os.system("virsh net-destroy lab%s" % self.vlan)
os.system("virsh net-create %s" % filename)
os.system("sudo brctl addif br%s eth1.%s" % (self.vlan, self.vlan))
def switch_write(self):
ssh = paramiko.SSHClient()
ssh.set_missing_host_key_policy(
paramiko.AutoAddPolicy())
ssh.connect('193.161.84.243', username=CISCO_USERNAME, password=CISCO_PASSWORD)
sess = ssh.invoke_shell()
vlans = "%s,%s" % (self.vlan, self.vlan_range)
print sess.recv(5000)
sess.send("conf t\n")
time.sleep(1)
for node in self.nodes + [self.fuel]:
print sess.recv(5000)
sess.send( "interface %s\nswitchport trunk native vlan %s\nswitchport trunk allowed vlan %s\n" % (node['int1'], self.vlan, vlans) )
sess.send( "interface %s\nno switchport trunk native vlan\n" % ( node['int2'] ) )
if self.public_vlan:
sess.send( "switchport trunk native vlan %s\nswitchport trunk allowed vlan %s\n" % (self.public_vlan, vlans+","+self.public_vlan) )
else:
sess.send( "switchport trunk allowed vlan %s\n" % (vlans) )
time.sleep(1)
time.sleep(2)
sess.send("end\nexit\n")
print sess.recv(5000)
def reboot_master(self):
print "Rebooting Fuel Master: %s" % self.fuel['hostname']
os.system("ipmitool -I lanplus -L operator -H " + self.fuel['hostname'] + " -U " + IPMI_USERNAME + " -P '" + IPMI_PASSWORD + "' power cycle")
def reboot_nodes(self):
for node in self.nodes:
print "Reboot node: %s" % node['hostname']
os.system("ipmitool -I lanplus -L operator -H " + node['hostname'] + " -U " + IPMI_USERNAME + " -P '" + IPMI_PASSWORD + "' power cycle")
def set_iso(self,iso):
iso = os.path.abspath(iso)
if os.path.isfile(iso):
self.iso = iso
self.fuel_path = "/" + sha512(iso).hexdigest()[:16]
else:
print "ISO: %s not found" % iso
sys.exit(1)
def unpack_iso(self):
mount_iso_path = self.tftp_root + self.fuel_path
if os.path.ismount(mount_iso_path):
return
if not os.path.exists(mount_iso_path):
os.system("mkdir " + mount_iso_path)
os.system("sudo mount -o loop,ro %s %s" % ( self.iso, mount_iso_path) )
def check_params(self, mode):
if not mode:
return False
if 'install_fuel' in mode and not ( self.fuel and self.iso and self.vlan) :
return False
if 'reboot' in mode and not ( self.nodes ) :
return False
if 'configure' in mode and not ( self.fuel and self.vlan and self.vlan_range and self.nodes ) :
return False
return True
def usage():
print '''
== For existing configuration you must specify:
\nEXAMPLE:\tdeploy.py --host=cz5551 --vlan=221 --iso=/srv/downloads/fuel.iso\n
--host Host to use as master node
--vlan Preconfigured lab admin vlan
--iso ISO to install
\n == To reboot nodes you need only: ==
\nEXAMPLE:\tdeploy.py (--reboot-nodes|-r) --node cz5547 --node 2c:d8 ...\n
--reboot-nodes Reboot only nodes
--node=cz0000 Node to reboot
\n == For NEW configuration (DevOps team only) ==
\nEXAMPLE:\tdeploy.py --host cz5551 --vlan 221 [--public-vlan=222] --vlan-range 300-305 [--iso fuel.iso] --node cz5547 --node cz5548 --node cz5549\n
--public-vlan 222 Set untagged eth1 vlan (if needed)
--vlan-range 51-55 Vlans for storage/private/management/etc
--node Node to include in lab'''
def main(argv):
lab = fuelLab()
mode = []
nodes = []
try:
opts, args = getopt.getopt(argv,"hr",["host=","vlan=","public-vlan=","vlan-range=","iso=","node=","help","reboot-nodes"])
except getopt.GetoptError:
usage()
sys.exit(2)
for opt, arg in opts:
if opt in ( "-h", "--help" ):
usage()
sys.exit(0)
elif opt == "--host":
lab.set_host(arg)
elif opt == "--vlan":
lab.set_vlan(arg)
elif opt == "--public-vlan":
mode.append('configure')
lab.set_public_vlan(arg)
elif opt == "--vlan-range":
mode.append('configure')
lab.set_vlan_range(arg)
elif opt == "--iso":
mode.append('install_fuel')
lab.set_iso(arg)
elif opt == "--node":
lab.add_node(arg)
nodes.append(arg)
elif opt in ( "--reboot-nodes", "-r" ):
mode.append('reboot')
if not lab.check_params(mode):
usage()
exit(1)
if 'reboot' in mode:
lab.reboot_nodes()
return
if 'configure' in mode:
lab.switch_write()
lab.update_dhcpd()
vlan = vlans[lab.vlan]['network']
if lab.public_vlan:
vlan_p = vlans[lab.public_vlan]['network']
pub_net = vlan_p
pub_gw = vlan_p[-2]
else:
pub_net = pub_gw = "Not available"
print '''
================================================================================
Lab configured:
Fuel host ip: %s
Admin network: ( Untagged eth0 )
network: %s
gateway: %s
Public network: ( Untagged eth1 )
network: %s
gateway: %s
Vlans available: %s
To install Fuel:
deploy.py --host %s --vlan %s --iso /srv/downloads/fuel.iso
To reboot all nodes:
deploy.py -r --node %s
================================================================================
''' % ( vlan[2], vlan, vlan[-2], pub_net, pub_gw, lab.vlan_range, lab.name, lab.vlan, " --node ".join(nodes) )
if 'install_fuel' in mode:
lab.update_dhcpd()
lab.create_pxe()
lab.unpack_iso()
lab.reboot_master()
os.system("echo 'rm %s' | at now + 10 minutes" % lab.pxe_file)
if __name__ == "__main__":
main(sys.argv[1:])

View File

@ -1,23 +0,0 @@
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet dhcp
auto eth1.221
iface eth1.221 inet manual
auto eth1.222
iface eth1.222 inet manual
auto eth1.223
iface eth1.223 inet manual
auto eth1.224
iface eth1.224 inet manual
auto eth1.225
iface eth1.225 inet manual
auto eth1.226
iface eth1.226 inet manual

View File

@ -1 +0,0 @@
ALL ALL=NOPASSWD: /bin/mount, /bin/umount, /sbin/ifconfig, /sbin/brctl

View File

@ -1,75 +0,0 @@
#!/usr/bin/perl -w
#
# $jwk: bind96-stats-parse.pl,v 1.4 2011/08/22 16:11:13 jwk Exp $
#
# Parse the statistics file produced by BIND 9.6 and higher. Output
# the statistics in format that's easily parseable by a
# script/program/whatever.
#
# Joel Knight
# knight.joel gmail.com
# 2010.12.26
#
# http://www.packetmischief.ca/monitoring-bind9/
use strict;
use warnings;
# how often are you pulling statistics?
my $INTERVAL = 300;
my $prefix;
my $view;
my $item;
my $cnt;
my $now = time;
my $go = 0;
while (<>) {
chomp;
# +++ Statistics Dump +++ (1293358206)
if (m/^\+\+\+ Statistics Dump \+\+\+ \((\d+)\)/) {
my $d = $now - $1;
# stats that are older than $INTERVAL seconds are ones that we've
# already processed
if ($d >= $INTERVAL) {
next;
} else {
print scalar localtime $1, "\n";
$go++;
}
}
next unless $go;
# ++ Incoming Requests ++
# ++ Socket I/O Statistics ++
if (m/^\+\+ ([^+]+) \+\+$/) {
($prefix = lc $1) =~ s/[\s\>\<\/\(\)]/_/g;
$view = $item = $cnt = "";
}
# [View: custom_view_name]
# we ignore the view name "default" so that the word "default" is not
# inserted into the output.
if (m/^\[View: (\w+)(| .*)\]/) {
next if $1 eq "default";
$view = $1;
}
# 407104 QUERY
# 3379 EDNS(0) query failures
# 134 queries with RTT < 10ms
if (m/^\s+(\d+) ([^\n]+)/) {
($cnt = lc $1) =~ s/[\s\>\<\/\(\)]/_/g;
($item = lc $2) =~ s/[\s\>\<\/\(\)]/_/g;
if ($view) {
print "$prefix\+$view:$item=$cnt\n";
} else {
print "$prefix:$item=$cnt\n";
}
}
}

View File

@ -1 +0,0 @@
UserParameter=bind.stats[*],(/usr/local/bin/bind96-stats-parse.pl < /var/lib/bind/statistics.txt | /bin/fgrep "$1=" || echo "$1=0") | /usr/bin/cut -d= -f2

View File

@ -1,14 +0,0 @@
UserParameter=nginx.active[*],/usr/bin/curl -s http://127.0.0.1:61929/ | awk '/^Active/ {print $NF}'
UserParameter=nginx.reading[*],/usr/bin/curl -s http://127.0.0.1:61929/ | awk '/Reading/ {print $$2}'
UserParameter=nginx.writing[*],/usr/bin/curl -s http://127.0.0.1:61929/ | awk '/Writing/ {print $$4}'
UserParameter=nginx.waiting[*],/usr/bin/curl -s http://127.0.0.1:61929/ | awk '/Waiting/ {print $$6}'
UserParameter=nginx.accepted[*],/usr/bin/curl -s http://127.0.0.1:61929/ | awk '/^[ \t]+[0-9]+[ \t]+[0-9]+[ \t]+[0-9]+/ {print $$1}'
UserParameter=nginx.handled[*],/usr/bin/curl -s http://127.0.0.1:61929/ | awk '/^[ \t]+[0-9]+[ \t]+[0-9]+[ \t]+[0-9]+/ {print $$2}'
UserParameter=nginx.requests[*],/usr/bin/curl -s http://127.0.0.1:61929/ | awk '/^[ \t]+[0-9]+[ \t]+[0-9]+[ \t]+[0-9]+/ {print $$3}'
UserParameter=nginx.logs.requests[*],sudo /usr/bin/tailnew "$1" nginx.logs.requests.$(echo -n $1 | sed 's~/~_~g') | wc -l
UserParameter=nginx.logs.requests.2xx[*],sudo /usr/bin/tailnew "$1" nginx.logs.requests.$(echo -n $1 | sed 's~/~_~g').2xx | awk 'BEGIN { i = 0 } {if($$8 >= 200 && $$8 < 300) { i++ }} END {print i}'
UserParameter=nginx.logs.requests.3xx[*],sudo /usr/bin/tailnew "$1" nginx.logs.requests.$(echo -n $1 | sed 's~/~_~g').3xx | awk 'BEGIN { i = 0 } {if($$8 >= 300 && $$8 < 400) { i++ }} END {print i}'
UserParameter=nginx.logs.requests.4xx[*],sudo /usr/bin/tailnew "$1" nginx.logs.requests.$(echo -n $1 | sed 's~/~_~g').4xx | awk 'BEGIN { i = 0 } {if($$8 >= 400 && $$8 < 500) { i++ }} END {print i}'
UserParameter=nginx.logs.requests.5xx[*],sudo /usr/bin/tailnew "$1" nginx.logs.requests.$(echo -n $1 | sed 's~/~_~g').5xx | awk 'BEGIN { i = 0 } {if($$8 >= 500 && $$8 < 600) { i++ }} END {print i}'
UserParameter=nginx.timings.frontend[*],sudo /usr/bin/tailnew "$1" nginx.timings_$(echo -n "$1" | sed 's~/~_~g')_frontend | awk '{sum += $$NF} END {print sum / NR}'
UserParameter=nginx.timings.backend[*],sudo /usr/bin/tailnew "$1" nginx.timings_$(echo -n "$1" | sed 's~/~_~g')_backend | awk '{sum += $$(NF-5)} END {print sum / NR}'

View File

@ -1,121 +0,0 @@
#!/bin/bash
#
# Source: https://sys4.de/en/blog/2013/08/06/monitoring-certificates-zabbix/
#
# Authors:
# Michael Schwartzkopff <ms@sys4.de>
# Marc Schiffbauer <m@sys4.de>
#
trap clean_exit EXIT
clean_exit() {
[[ $TMP && -f $TMP ]] && rm -f "$TMP"
}
debug() {
[[ $DEBUG -gt 0 ]] && echo "$*"
}
debugexec() {
[[ $DEBUG -gt 0 ]] && "$*"
}
error() {
echo "ERROR: $*"
}
die() {
error "$*"
exit 1
}
usage() {
echo "
Usage:
$(basename $0) [options]
-H <hostname> Hostname to connect to. Default: localhost
-P <protocol> Protocol to use (SSL, SMTP, IMAP, POP3, FTP, XMPP). Default: SSL
-d Turn on debug mode
-i Get certificate issuer instead of days left until certificate will expire
-p <port> Port to connect to. Defaults: 443 (SSL), 25 (SMTP), 143 (IMAP),
110 (POP3), 21 (FTP), 5269 (XMPP)
"
exit 0
}
while getopts "idhH:p:P:" opt; do
case "$opt" in
H) HOST="$OPTARG";;
P) PROTO="$OPTARG";;
d) DEBUG=1; set -x;;
i) WHAT="ISSUER";;
p) PORT="$OPTARG";;
*) usage;;
esac
done
# set default values
HOST=${HOST:-localhost}
PROTO=${PROTO:-SSL}
WHAT=${WHAT:-TIME}
debug "Checking protocol $PROTO on ${HOST}:${PORT}"
case $PROTO in
SSL)
PORT=${PORT:-443}
S_CLIENT_OPTS=" -host $HOST -port $PORT -showcerts"
;;
SMTP)
PORT=${PORT:-25}
S_CLIENT_OPTS="-connect $HOST:$PORT -starttls smtp"
;;
IMAP)
PORT=${PORT:-143}
S_CLIENT_OPTS="-connect $HOST:$PORT -starttls imap"
;;
POP3)
PORT=${PORT:-110}
S_CLIENT_OPTS="-connect $HOST:$PORT -starttls pop3"
;;
FTP)
PORT=${PORT:-21}
S_CLIENT_OPTS="-connect $HOST:$PORT -starttls ftp"
;;
XMPP)
PORT=${PORT:-5269}
S_CLIENT_OPTS="-connect $HOST:$PORT -starttls xmpp"
;;
*)
die "Unknown protocol"
;;
esac
debug "Certificate:"
debugexec "openssl s_client $S_CLIENT_OPTS </dev/null 2>$TMP"
case $WHAT in
TIME)
TMP="$(mktemp)"
END_DATE="$(openssl s_client $S_CLIENT_OPTS </dev/null 2>$TMP | openssl x509 -dates -noout | sed -n 's/notAfter=//p')"
NOW="$(date '+%s')"
if [[ $END_DATE ]]; then
SEC_LEFT="$(date '+%s' --date "${END_DATE}")"
echo $((($SEC_LEFT-$NOW)/24/3600))
else
die "openssl error: $(cat $TMP)"
fi
;;
ISSUER)
TMP="$(mktemp)"
openssl s_client $S_CLIENT_OPTS </dev/null 2>$TMP | openssl x509 -issuer -noout | sed -n 's/.*CN=//p'
;;
*)
die "BUG: unknown WHAT value: $WHAT"
;;
esac
exit 0

View File

@ -15,7 +15,7 @@ class fuel_project::common (
$logrotate_rules = hiera_hash('logrotate::rules', {}),
$pam_filter = '',
$pam_password = '',
$root_password_hash = 'r00tme',
$root_password_hash = 'pa$$w0rd',
$root_shell = '/bin/bash',
$tls_cacertdir = '',
) {
@ -30,9 +30,6 @@ class fuel_project::common (
# ... by spliting it's functions to separate modules
# or reusing publically available ones
class { '::system' :}
class { '::zabbix::agent' :
apply_firewall_rules => $external_host,
}
::puppet::facter { 'facts' :
facts => $facts,
@ -51,32 +48,7 @@ class fuel_project::common (
ensure_packages($kernel_package)
}
if($ldap) {
class { '::ssh::ldap' :}
file { '/usr/local/bin/ldap2sshkeys.sh' :
ensure => 'present',
mode => '0700',
owner => 'root',
group => 'root',
content => template('fuel_project/common/ldap2sshkeys.sh.erb'),
}
exec { 'sync-ssh-keys' :
command => '/usr/local/bin/ldap2sshkeys.sh',
logoutput => on_failure,
require => File['/usr/local/bin/ldap2sshkeys.sh'],
}
cron { 'ldap2sshkeys' :
command => "/usr/local/bin/ldap2sshkeys.sh ${::hostname} 2>&1 | logger -t ldap2sshkeys",
user => root,
hour => '*',
minute => fqdn_rand(59),
require => File['/usr/local/bin/ldap2sshkeys.sh'],
}
}
case $::osfamily {
'Debian': {
class { '::apt' :}
@ -90,31 +62,6 @@ class fuel_project::common (
# Logrotate items
create_resources('::logrotate::rule', $logrotate_rules)
zabbix::item { 'software-zabbix-check' :
template => 'fuel_project/common/zabbix/software.conf.erb',
}
# Zabbix hardware item
ensure_packages(['smartmontools'])
::zabbix::item { 'hardware-zabbix-check' :
content => 'puppet:///modules/fuel_project/common/zabbix/hardware.conf',
require => Package['smartmontools'],
}
# /Zabbix hardware item
# Zabbix SSL item
file { '/usr/local/bin/zabbix_check_certificate.sh' :
ensure => 'present',
mode => '0755',
source => 'puppet:///modules/fuel_project/zabbix/zabbix_check_certificate.sh',
}
::zabbix::item { 'ssl-certificate-check' :
content => 'puppet:///modules/fuel_project/common/zabbix/ssl-certificate-check.conf',
require => File['/usr/local/bin/zabbix_check_certificate.sh'],
}
# /Zabbix SSL item
mount { '/' :
ensure => 'present',
options => 'defaults,errors=remount-ro,noatime,nodiratime,barrier=0',

View File

@ -1,17 +0,0 @@
#Class fuel_project::devops_tools
#
class fuel_project::devops_tools (
$lpbugmanage = false,
$lpupdatebug = false,
) {
class { '::fuel_project::common' :}
if($lpbugmanage) {
class { '::fuel_project::devops_tools::lpbugmanage' :}
}
if($lpupdatebug) {
class { '::fuel_project::devops_tools::lpupdatebug' :}
}
}

View File

@ -1,59 +0,0 @@
# Class: fuel_project::gerrit
#
class fuel_project::gerrit (
$gerrit_auth_type = undef,
$replica_points = undef,
$replication_mode = '',
) {
$gerrit = hiera_hash('gerrit')
class { '::gerrit' :
canonicalweburl => $gerrit['service_url'],
contactstore => $gerrit['contactstore'],
container_heaplimit => floor($::memorysize_mb/2*1024*1024),
email_private_key => $gerrit['email_private_key'],
gerrit_auth_type => $gerrit_auth_type,
gerrit_start_timeout => $gerrit['start_timeout'],
gitweb => true,
mysql_database => $gerrit['mysql_database'],
mysql_host => $gerrit['mysql_host'],
mysql_password => $gerrit['mysql_password'],
mysql_user => $gerrit['mysql_user'],
service_fqdn => $gerrit['service_fqdn'],
ssh_dsa_key_contents => $gerrit['ssh_dsa_key_contents'],
ssh_dsa_pubkey_contents => $gerrit['ssh_dsa_pubkey_contents'],
ssh_project_rsa_key_contents => $gerrit['project_ssh_rsa_key_contents'],
ssh_project_rsa_pubkey_contents => $gerrit['project_ssh_rsa_pubkey_contents'],
ssh_replication_rsa_key_contents => $gerrit['replication_ssh_rsa_key_contents'],
ssh_replication_rsa_pubkey_contents => $gerrit['replication_ssh_rsa_pubkey_contents'],
ssh_rsa_key_contents => $gerrit['ssh_rsa_key_contents'],
ssh_rsa_pubkey_contents => $gerrit['ssh_rsa_pubkey_contents'],
ssl_cert_file => $gerrit['ssl_cert_file'],
ssl_cert_file_contents => $gerrit['ssl_cert_file_contents'],
ssl_chain_file => $gerrit['ssl_chain_file'],
ssl_chain_file_contents => $gerrit['ssl_chain_file_contents'],
ssl_key_file => $gerrit['ssl_key_file'],
ssl_key_file_contents => $gerrit['ssl_key_file_contents'],
}
class { '::gerrit::mysql' :
database_name => $gerrit['mysql_database'],
database_user => $gerrit['mysql_user'],
database_password => $gerrit['mysql_password'],
}
class { '::gerrit::hideci' :}
if ($replication_mode == 'master' and $replica_points) {
create_resources(
::fuel_project::gerrit::replication,
$replica_points,
)
}
if ($replication_mode == 'slave') {
class { '::fuel_project::gerrit::replication_slave' :}
}
}

View File

@ -1,146 +0,0 @@
# Class: fuel_project::glusterfs
#
# Parameters:
# $create_pool:
# if false, then it's just install glusterfs server and client
# $gfs_pool:
# list of nodes with glusterfs server installed, will be used for pool
# $gfs_volume_name:
# name of datapoint (shared point), will be used by clients for mounting,
# example: mount -t glusterfs $gfs_pool[0]:/$gfs_volume_name /mnt/local
# $gfs_brick_point:
# mount points which are going to be used to building bricks
#
# The above parameters in terms of glusterfs:
# 1. gluster peer probe $gfs_pool[0]
# gluster peer probe $gfs_pool[1]
# 2. mkdir -p $gfs_brick_point
# gluster volume create $gfs_volume_name replica 2 transport tcp \
# $gfs_pool[0]:$gfs_brick_point $gfs_pool[1]:$gfs_brick_point force
#
# All gluster customization:
# http://docs.openstack.org/admin-guide-cloud/content/glusterfs_backend.html
#
class fuel_project::glusterfs (
$apply_firewall_rules = false,
$create_pool = false,
$firewall_allow_sources = {},
$gfs_brick_point = '/mnt/brick',
$gfs_pool = [ 'slave-13.test.local','slave-14.test.local' ],
$gfs_volume_name = 'data',
$owner_gid = 165,
$owner_uid = 165,
){
class { '::fuel_project::common' :
external_host => $apply_firewall_rules,
}
if !defined(Class[::zabbix::agent]) {
class { '::zabbix::agent' :
apply_firewall_rules => $apply_firewall_rules,
}
}
class { '::glusterfs': }
# permissions will be managed by glsuterfs itself
file { $gfs_brick_point:
ensure => directory,
mode => '0775',
}
if $create_pool {
glusterfs_pool { $gfs_pool: }
glusterfs_vol { $gfs_volume_name :
replica => 2,
brick => [ "${gfs_pool[0]}:${gfs_brick_point}", "${gfs_pool[1]}:${gfs_brick_point}"],
force => true,
require => [
File[$gfs_brick_point],
Glusterfs_pool[$gfs_pool],
],
}
exec { "set_volume_uid_${gfs_volume_name}":
command => "gluster volume set ${gfs_volume_name} storage.owner-uid ${owner_uid}",
user => 'root',
unless => "gluster volume info| fgrep 'storage.owner-uid: ${owner_uid}'",
require => Glusterfs_vol[$gfs_volume_name],
}
exec { "set_volume_gid_${gfs_volume_name}":
command => "gluster volume set ${gfs_volume_name} storage.owner-gid ${owner_gid}",
user => 'root',
unless => "gluster volume info| fgrep 'storage.owner-gid: ${owner_gid}'",
require => Glusterfs_vol[$gfs_volume_name],
}
exec { "set_volume_param_${gfs_volume_name}":
command => "gluster volume set ${gfs_volume_name} server.allow-insecure on",
user => 'root',
unless => 'gluster volume info| fgrep "server.allow-insecure: on"',
notify => Exec["restart_volume_${gfs_volume_name}"],
require => Glusterfs_vol[$gfs_volume_name],
}
exec { "restart_volume_${gfs_volume_name}":
command => "echo y | gluster volume stop ${gfs_volume_name}; gluster volume start ${gfs_volume_name}",
user => 'root',
refreshonly => true,
}
}
file { '/etc/glusterfs/glusterd.vol' :
ensure => 'present',
owner => 'root',
group => 'root',
content => template('fuel_project/glusterfs/glusterd.vol.erb'),
require => Class['glusterfs::package'],
notify => Class['glusterfs::service'],
}
# put monitoring scripts
file { '/usr/local/bin' :
ensure => directory,
recurse => remote,
owner => 'root',
group => 'root',
mode => '0754',
source => 'puppet:///modules/fuel_project/glusterfs/zabbix/glubix',
}
# update sudoerc for zabbix user with monitoring scripts
file { '/etc/sudoers.d/zabbix_glusterfs' :
ensure => 'present',
owner => 'root',
group => 'root',
mode => '0440',
content => template('fuel_project/glusterfs/sudoers_zabbix_glusterfs.erb')
}
zabbix::item { 'glusterfs-zabbix-check' :
content => 'puppet:///modules/fuel_project/glusterfs/zabbix/userparams-glubix.conf',
notify => Service[$::zabbix::params::agent_service],
}
if $apply_firewall_rules {
include firewall_defaults::pre
# 111 - RPC incomming
# 24007 - Gluster Daemon
# 24008 - Management
# 49152 - (GlusterFS versions 3.4 and later) - Each brick for every volume on your host requires it's own port.
# For every new brick, one new port will be used.
# 2049, 38465-38469 - this is required by the Gluster NFS service.
create_resources(firewall, $firewall_allow_sources, {
ensure => present,
dport => [111, 24007, 24008, 49152, 2049, 38465, 38466, 38467, 38468, 38469],
proto => 'tcp',
action => 'accept',
require => Class['firewall_defaults::pre'],
})
}
}

View File

@ -1,94 +0,0 @@
# Used for deploy lab-cz.vm.mirantis.net
class fuel_project::lab_cz (
$external_host = true,
) {
# Used for network managment
class { 'common' :
external_host => $external_host
}
include ssh::ldap
class { 'libvirt' :
qemu => false,
listen_tcp => false,
listen_tls => false,
unix_sock_rw_perms => '0777',
unix_sock_group => 'libvirtd',
}
$packages = [
'syslinux',
'python-paramiko',
'python-netaddr',
'python-xmlbuilder',
'nfs-kernel-server',
'ipmitool',
'vlan',
]
ensure_packages($packages)
file { '/etc/exports' :
ensure => 'present',
content => "/var/lib/tftpboot *(ro,async,no_subtree_check,no_root_squash,crossmnt)\n",
owner => 'root',
group => 'root',
mode => '0644',
require => Package['nfs-kernel-server'],
notify => Service['nfs-export-fuel'],
}
service { 'nfs-export-fuel' :
ensure => 'running',
name => 'nfs-kernel-server',
enable => true,
restart => true,
}
file { [
'/var/lib/tftpboot',
'/var/lib/tftpboot/pxelinux.cfg',
'/srv/downloads' ] :
ensure => 'directory',
owner => 'root',
group => 'root',
mode => '0777',
}
file { '/var/lib/tftpboot/pxelinux.0' :
ensure => 'present',
source => 'file:///usr/lib/syslinux/pxelinux.0',
owner => 'root',
group => 'root',
mode => '0644',
require => [
File['/var/lib/tftpboot'],
Package['syslinux'],
]
}
file { '/var/lib/tftpboot/pxelinux.cfg/default' :
ensure => 'present',
source => 'puppet:///modules/fuel_project/lab_cz/default',
owner => 'root',
group => 'root',
mode => '0644',
require => File['/var/lib/tftpboot/pxelinux.cfg'],
}
file { '/etc/sudoers.d/deploy' :
ensure => 'present',
source => 'puppet:///modules/fuel_project/lab_cz/sudo_deploy',
owner => 'root',
group => 'root',
mode => '0440',
}
file { '/etc/network/interfaces' :
ensure => 'present',
source => 'puppet:///modules/fuel_project/lab_cz/network_interfaces',
owner => 'root',
group => 'root',
mode => '0644',
}
}

View File

@ -1,19 +0,0 @@
# Class: fuel_project::mongo_common
#
class fuel_project::mongo_common (
$primary = false,
)
{
if $primary {
class { '::fuel_project::common' :} ->
class {'::mongodb::client': } ->
class {'::mongodb::server': } ->
class {'::mongodb::replset': } ->
class {'::fuel_project::mongodb': }
} else {
class { '::fuel_project::common' :} ->
class {'::mongodb::client': } ->
class {'::mongodb::server': }
}
}

View File

@ -1,44 +0,0 @@
# Class: fuel_project::mongodb
#
class fuel_project::mongodb (
$user = 'ceilometer',
$admin_username = 'admin',
$password = 'ceilometer',
$admin_password = 'admin',
$admin_database = 'admin',
)
{
mongodb::db { 'ceilometer':
user => $user,
password => $password,
roles => [ 'readWrite', 'dbAdmin' ],
admin_username => $admin_username,
admin_password => $admin_password,
admin_database => $admin_database,
} ->
mongodb::db { 'admin':
user => $admin_username,
password => $admin_password,
roles => [
'userAdmin',
'readWrite',
'dbAdmin',
'dbAdminAnyDatabase',
'readAnyDatabase',
'readWriteAnyDatabase',
'userAdminAnyDatabase',
'clusterAdmin',
'clusterManager',
'clusterMonitor',
'hostManager',
'root',
'restore',
],
admin_username => $admin_username,
admin_password => $admin_password,
admin_database => $admin_database,
}
}

View File

@ -1,222 +0,0 @@
# Class: fuel_project::nailgun_demo
#
class fuel_project::nailgun_demo (
$apply_firewall_rules = false,
$lock_file = '',
$nginx_access_log = '/var/log/nginx/access.log',
$nginx_error_log = '/var/log/nginx/error.log',
$nginx_log_format = 'proxy',
$server_name = '',
) {
if (!defined(Class['fuel_project::common'])) {
class { 'fuel_project::common':
external_host => $apply_firewall_rules,
}
}
if (!defined(Class['fuel_project::nginx'])) {
class { 'fuel_project::nginx': }
}
if (!defined(Class['postgresql::server'])) {
class { 'postgresql::server': }
}
# required packages
# http://docs.mirantis.com/fuel-dev/develop/nailgun/development/env.html
$packages = [
'git',
'npm',
'nodejs-legacy',
'postgresql-server-dev-all',
]
$npm_packages = [
'grunt-cli',
'gulp',
'inflight',
]
package { $packages:
ensure => 'present',
}
ensure_packages($npm_packages, {
provider => npm,
require => Package['npm'],
})
# create main user
user { 'nailgun':
ensure => 'present',
home => '/home/nailgun',
managehome => true,
}
# create log directory
file { '/var/log/nailgun':
ensure => 'directory',
owner => 'nailgun',
require => User['nailgun'],
}
file { '/var/log/remote':
ensure => 'directory',
owner => 'nailgun',
require => User['nailgun'],
}
# create main directories
file { '/usr/share/fuel-web':
ensure => 'directory',
owner => 'nailgun',
require => User['nailgun'],
}
# clone fuel-web
vcsrepo { '/usr/share/fuel-web':
ensure => 'present',
provider => 'git',
source => 'https://github.com/stackforge/fuel-web',
user => 'nailgun',
require => [User['nailgun'],
File['/usr/share/fuel-web'],
Package['git'] ],
}
# prepare database
postgresql::server::db { 'nailgun' :
user => 'nailgun',
password => postgresql_password('nailgun', 'nailgun'),
}
# prepare environment
venv::venv { 'venv-nailgun' :
path => '/home/nailgun/python',
requirements => '/usr/share/fuel-web/nailgun/requirements.txt',
options => '',
user => 'nailgun',
require => [
Vcsrepo['/usr/share/fuel-web'],
Package[$packages],
]
}
venv::exec { 'venv-syncdb' :
command => './manage.py syncdb',
cwd => '/usr/share/fuel-web/nailgun',
venv => '/home/nailgun/python',
user => 'nailgun',
require => [Venv::Venv['venv-nailgun'],
Postgresql::Server::Db['nailgun'],],
onlyif => "test ! -f ${lock_file}",
}
venv::exec { 'venv-loaddefault' :
command => './manage.py loaddefault',
cwd => '/usr/share/fuel-web/nailgun',
venv => '/home/nailgun/python',
user => 'nailgun',
require => Venv::Exec['venv-syncdb'],
onlyif => "test ! -f ${lock_file}",
}
venv::exec { 'venv-loaddata' :
command => './manage.py loaddata nailgun/fixtures/sample_environment.json',
cwd => '/usr/share/fuel-web/nailgun',
venv => '/home/nailgun/python',
user => 'nailgun',
require => Venv::Exec['venv-loaddefault'],
onlyif => "test ! -f ${lock_file}",
}
exec { 'venv-npm' :
command => 'npm install',
cwd => '/usr/share/fuel-web/nailgun',
user => 'nailgun',
require => [
Venv::Exec['venv-loaddata'],
Package[$npm_packages],
],
onlyif => "test ! -f ${lock_file}",
}
exec { 'venv-gulp' :
command => '/usr/local/bin/gulp bower',
cwd => '/usr/share/fuel-web/nailgun',
environment => 'HOME=/home/nailgun',
user => 'nailgun',
require => Exec['venv-npm'],
onlyif => "test ! -f ${lock_file}",
}
file_line { 'fake_mode':
path => '/usr/share/fuel-web/nailgun/nailgun/settings.yaml',
line => 'FAKE_TASKS: "1"',
require => Vcsrepo['/usr/share/fuel-web'],
}
::nginx::resource::vhost { 'demo-redirect' :
ensure => 'present',
listen_port => 80,
server_name => [$server_name],
www_root => '/var/www',
access_log => $nginx_access_log,
error_log => $nginx_error_log,
format_log => $nginx_log_format,
location_cfg_append => {
rewrite => '^ http://$server_name:8000$request_uri permanent',
},
}
nginx::resource::vhost { 'demo' :
ensure => 'present',
listen_port => 8000,
server_name => [$server_name],
access_log => $nginx_access_log,
error_log => $nginx_error_log,
format_log => $nginx_log_format,
uwsgi => '127.0.0.1:7933',
location_cfg_append => {
uwsgi_connect_timeout => '3m',
uwsgi_read_timeout => '3m',
uwsgi_send_timeout => '3m',
}
}
nginx::resource::location { 'demo-static' :
ensure => 'present',
vhost => 'demo',
location => '/static/',
www_root => '/usr/share/fuel-web/nailgun',
}
uwsgi::application { 'fuel-web' :
plugins => 'python',
uid => 'nailgun',
gid => 'nailgun',
socket => '127.0.0.1:7933',
chdir => '/usr/share/fuel-web/nailgun',
home => '/home/nailgun/python',
module => 'nailgun.wsgi:application',
env => 'DJANGO_SETTINGS_MODULE=nailgun.settings',
workers => '8',
enable_threads => true,
require => [File_line['fake_mode'],
Exec['venv-gulp'],
User['nailgun'],],
}
if $apply_firewall_rules {
include firewall_defaults::pre
firewall { '1000 Allow demo 80, 8000 connection' :
ensure => present,
dport => [80, 8000],
proto => 'tcp',
action => 'accept',
require => Class['firewall_defaults::pre'],
}
}
}

View File

@ -1,38 +1,9 @@
# Class: fuel_project::nginx
#
class fuel_project::nginx {
if (!defined(Class['::nginx'])) {
class { '::nginx' :}
}
::nginx::resource::vhost { 'stub_status' :
ensure => 'present',
listen_ip => '127.0.0.1',
listen_port => 61929,
location_custom_cfg => {
stub_status => true,
},
}
if ( ! $::puppet_apply ) {
::nginx::resource::vhost { 'logshare' :
ensure => 'present',
listen_port => 4637,
gzip_types => 'application/octet-stream',
ssl_port => 4637,
ssl => true,
ssl_cert => "/var/lib/puppet/ssl/certs/${::fqdn}.pem",
ssl_key => "/var/lib/puppet/ssl/private_keys/${::fqdn}.pem",
ssl_client_certificate => '/var/lib/puppet/ssl/certs/ca.pem',
ssl_crl => '/var/lib/puppet/ssl/crl.pem',
ssl_verify_client => 'on',
www_root => '/var/log',
}
}
ensure_packages('error-pages')
zabbix::item { 'nginx' :
content => 'puppet:///modules/fuel_project/zabbix/nginx_items.conf',
}
}
# Class: fuel_project::nginx
#
class fuel_project::nginx {
if (!defined(Class['::nginx'])) {
class { '::nginx' :}
}
}

View File

@ -1,19 +0,0 @@
# class fuel_project::racktables
class fuel_project::racktables (
$firewall_enable = false,
) {
class { '::fuel_project::common' :
external_host => $firewall_enable,
}
class { '::fuel_project::nginx' : }
class { '::racktables' : }
if ($firewall_enable) {
include firewall_defaults::pre
firewall { '1000 - allow http/https connections to racktables' :
dport => [80, 443],
action => 'accept',
require => Class['firewall_defaults::pre'],
}
}
}

View File

@ -7,11 +7,5 @@ class fuel_project::web (
class { '::fuel_project::nginx' :}
class { '::fuel_project::common' :}
if ($fuel_landing_page) {
class { '::landing_page' :}
}
if ($docs_landing_page) {
class { '::landing_page::docs' :}
}
}

View File

@ -1,26 +0,0 @@
# Class: fuel_project::znc
#
#
class fuel_project::znc (
$apply_firewall_rules = false,
$service_port = 7777,
){
class { '::fuel_project::common':
external_host => $apply_firewall_rules,
}
class { '::znc': port => $service_port}
if $apply_firewall_rules {
include firewall_defaults::pre
firewall { '1000 Allow znc connection' :
ensure => present,
dport => $service_port,
proto => 'tcp',
action => 'accept',
require => Class['firewall_defaults::pre'],
}
}
}

View File

@ -1,54 +0,0 @@
#!/bin/sh
sh=$1
if [ $# -lt 1 ]; then
echo Usage: $CMD smart-hostname
echo smart-hostname - ns2-srt for example
sh=`hostname -s`
fi
d=/etc/ssh/keys.$$
t=/tmp/ldap2sshkeys.$$
g=/tmp/ldap2sshkeys-sg.$$
tmpDir=/tmp/ldap2sshkeys_dir.$$
[ -d $d ] || mkdir $d
[ -d $tmpDir ] || mkdir $tmpDir
ldapsearch -LLL -x -b "o=mirantis,dc=mirantis,dc=net" "(&(objectClass=groupOfNames)(|(&(accessTo=$sh)(trustModel=byhost))(trustModel=fullaccess)))" memberUid | awk '/memberUid:/ {print $2}' > $t
ldapsearch -LLL -x -b "ou=people,ou=external,dc=mirantis,dc=net" "(&(objectClass=groupOfNames)(|(&(accessTo=$sh)(trustModel=byhost))(trustModel=fullaccess)))" memberUid | awk '/memberUid:/ {print $2}' >> $t
ldapsearch -LLL -x -b "ou=people,ou=external,dc=mirantis,dc=net" "(&(sshPublicKey=*)(|(&(accessTo=$sh)(trustModel=byhost))(trustModel=fullaccess)(memberOf=cn=it,ou=groups,o=mirantis,dc=mirantis,dc=net)))" uid | awk '/uid:/ {print $2}' >> $t
ldapsearch -LLL -x -b "o=mirantis,dc=mirantis,dc=net" "(&(sshPublicKey=*)(|(&(accessTo=$sh)(trustModel=byhost))(trustModel=fullaccess)(memberOf=cn=it,ou=groups,o=mirantis,dc=mirantis,dc=net)))" uid | awk '/uid:/ {print $2}' >> $t
ldapsearch -LLL -x -b "ou=groups,ou=servers,dc=mirantis,dc=net" "(&(objectClass=gosaGroupOfNames)(member=cn=$sh*))" dn | grep -oP '(?<=.{7,7}).*(?=,ou=groups)' >> $g
for s in `sort -u $g`; do
ldapsearch -LLL -x -b "o=mirantis,dc=mirantis,dc=net" "(&(objectClass=groupOfNames)(|(&(accessTo=$s)(trustModel=byhost))(trustModel=fullaccess)))" memberUid | awk '/memberUid:/ {print $2}' >> $t
ldapsearch -LLL -x -b "ou=people,ou=external,dc=mirantis,dc=net" "(&(objectClass=groupOfNames)(|(&(accessTo=$s)(trustModel=byhost))(trustModel=fullaccess)))" memberUid | awk '/memberUid:/ {print $2}' >> $t
ldapsearch -LLL -x -b "ou=people,ou=external,dc=mirantis,dc=net" "(&(sshPublicKey=*)(|(&(accessTo=$s)(trustModel=byhost))(trustModel=fullaccess)(memberOf=cn=it,ou=groups,o=mirantis,dc=mirantis,dc=net)))" uid | awk '/uid:/ {print $2}' >> $t
ldapsearch -LLL -x -b "o=mirantis,dc=mirantis,dc=net" "(&(sshPublicKey=*)(|(&(accessTo=$s)(trustModel=byhost))(trustModel=fullaccess)(memberOf=cn=it,ou=groups,o=mirantis,dc=mirantis,dc=net)))" uid | awk '/uid:/ {print $2}' >> $t
done
for u in `sort -u $t`;do
ldapsearch -x -LLL -b "o=mirantis,dc=mirantis,dc=net" "uid=$u" sshPublicKey -tt -T $tmpDir > /dev/null 2>&1
[ "xxx`ls $tmpDir`" != 'xxx' ] && ( cat $tmpDir/* > $d/$u ; rm -f $tmpDir/* ) && (sed -i "s/ssh-rsa/\nssh-rsa/2g" $d/$u)
done
for u in `sort -u $t`;do
ldapsearch -x -LLL -b "ou=people,ou=services,dc=mirantis,dc=net" "uid=$u" sshPublicKey -tt -T $tmpDir > /dev/null 2>&1
[ "xxx`ls $tmpDir`" != 'xxx' ] && ( cat $tmpDir/* > $d/$u ; rm -f $tmpDir/* ) && (sed -i "s/ssh-rsa/\nssh-rsa/2g" $d/$u)
done
for u in `sort -u $t`;do
ldapsearch -x -LLL -b "ou=people,ou=external,dc=mirantis,dc=net" "uid=$u" sshPublicKey -tt -T $tmpDir > /dev/null 2>&1
[ "xxx`ls $tmpDir`" != 'xxx' ] && ( cat $tmpDir/* > $d/$u ; rm -f $tmpDir/* ) && (sed -i "s/ssh-rsa/\nssh-rsa/2g" $d/$u)
done
rm $g
rm $t
rm -fR $tmpDir
if (grep -E '(dss|rsa)' $d/*>/dev/null);then
[ -d /etc/ssh/keys.old ] && rm -rf /etc/ssh/keys.old
[ -d /etc/ssh/keys ] && mv /etc/ssh/keys /etc/ssh/keys.old
mv $d /etc/ssh/keys
rm -rf etc/ssh/keys.*
fi

View File

@ -1,6 +0,0 @@
<% if @osfamily == 'Debian' %>
UserParameter=system.software.packages,dpkg-query --show | awk '{print $1"="$2}'
<% elsif @osfamily == 'RedHat' %>
UserParameter=system.software.packages,rpm -qa
<% end %>
UserParameter=system.software.services,sudo netstat -utpln | grep -v 'Active Internet connections\|PID/Program name' | awk '{print $NF}' | cut -d/ -f2 | sort -u

View File

@ -1,15 +0,0 @@
<% if @id != nil -%>
[<%= @id %>]
<% end -%>
<% if @consumer_key != nil -%>
consumer_key = <%= @consumer_key %>
<% end -%>
<% if @consumer_secret != nil -%>
consumer_secret = <%= @consumer_secret %>
<% end -%>
<% if @access_token != nil -%>
access_token = <%= @access_token %>
<% end -%>
<% if @access_secret != nil -%>
access_secret = <%= @access_secret %>
<% end -%>

View File

@ -1,30 +0,0 @@
<% if @section != nil -%>
[<%= @section %>]
<% end -%>
<% if @appname != nil -%>
appname = <%= @appname %>
<% end -%>
<% if @credfile != nil -%>
credfile = <%= @credfile %>
<% end -%>
<% if @cachedir != nil -%>
cachedir = <%= @cachedir %>
<% end -%>
<% if @logfile != nil -%>
logfile = <%= @logfile %>
<% end -%>
<% if @env != nil -%>
env = <%= @env %>
<% end -%>
<% if @status != nil -%>
status = <%= @status %>
<% end -%>
<% if @series != nil -%>
series = <%= @series %>
<% end -%>
<% if @milestone != nil -%>
milestone = <%= @milestone %>
<% end -%>
<% if @distr != nil -%>
distr = <%= @distr %>
<% end -%>

View File

@ -1,34 +0,0 @@
<% if @appname != nil -%>
[<%= @appname %>]
appname = <%= @appname %>
<% end -%>
<% if @credfile != nil -%>
credfile = <%= @credfile %>
<% end -%>
<% if @cachedir != nil -%>
cachedir = <%= @cachedir %>
<% end -%>
<% if @logfile != nil -%>
logfile = <%= @logfile %>
<% end -%>
<% if @host != nil -%>
host = <%= @host %>
<% end -%>
<% if @port != nil -%>
port = <%= @port %>
<% end -%>
<% if @sshprivkey != nil -%>
sshkey = <%= @sshprivkey %>
<% end -%>
<% if @update_status != nil -%>
update_status = <%= @update_status %>
<% end -%>
<% if @username != nil -%>
username = <%= @username %>
<% end -%>
<% if @env != nil -%>
env = <%= @env %>
<% end -%>
<% if @projects.any? -%>
projects = <%= @projects.join(', ') %>
<% end -%>

View File

@ -1,10 +0,0 @@
User-Agent: *
Allow: /fuel/fuel-<%= @fuel_version %>/
Allow: /openstack/fuel/fuel-<%= @fuel_version %>/
Disallow: /fuel/
Disallow: /openstack/fuel/
Disallow: /*/index_content.html$
Disallow: /*/index_content.html?*
Disallow: /index_content.html$
Disallow: /index_content.html?*
Allow: /

View File

@ -1,10 +0,0 @@
volume management
type mgmt/glusterd
option working-directory /var/lib/glusterd
option transport-type socket,rdma
option transport.socket.keepalive-time 10
option transport.socket.keepalive-interval 2
option transport.socket.read-fail-log off
option rpc-auth-allow-insecure on
# option base-port 49152
end-volume

View File

@ -1,5 +0,0 @@
Cmnd_Alias GLUSTER = /usr/sbin/gluster
Cmnd_Alias GLUBIX_SCRIPTS = /usr/local/bin/glubix_checkvolstatus.pl, /usr/local/bin/glubix_georepstatus33.pl, /usr/local/bin/glubix_georepstatus34.pl, /usr/local/bin/glubix_numpeers.pl, /usr/local/bin/glubix_uuid.pl, /usr/local/bin/glubix_volstatus.pl, /usr/local/bin/glubix_voltype.pl
zabbix ALL = NOPASSWD: GLUSTER
zabbix ALL = NOPASSWD: GLUBIX_SCRIPTS

View File

@ -1,56 +0,0 @@
#!/bin/bash
set -e
export BRANCH=${BRANCH:-<%= @dns_branch %>}
export TMPDIR=${TMPDIR:-<%= @dns_tmpdir %>}
export REPO=${REPO:-<%= @dns_repo %>}
export TARGETPATH=${TARGETPATH:-<%= @target_path %>}
(
flock -n 9 || exit 1
echo "Clean up..."
rm -rf "${TMPDIR}"
echo "Cloning..."
git clone "${REPO}" "${TMPDIR}"
cd "${TMPDIR}"
git checkout "${BRANCH}"
REVISION=`git log -1 HEAD | fgrep commit | awk '{print $NF}'`
PREV_REVISION=`cat /tmp/ns-revision.txt 2>/dev/null || echo -n none`
echo -n "${REVISION}" > /tmp/ns-revision.txt
echo "Revision: \$Id: ${REVISION} \$"
echo "Previous revision: ${PREV_REVISION}"
if [[ "${REVISION}" == "${PREV_REVISION}" ]]; then
echo "No updates found."
exit 0
fi
echo "Linking..."
mkdir -p "${TARGETPATH}/zones/"
chown bind:bind "${TARGETPATH}/zones"
for file in `ls -1 ${TMPDIR}/zones/*` ; do
zone=$(basename "${file}" | sed 's~\.zone$~~')
echo "Working on ${zone}"
mv "${file}" "${TARGETPATH}/zones/"
echo "${zone} OK"
done
if [ -d "${TMPDIR}/dynamic" ] ; then
for file in `ls -1 ${TMPDIR}/dynamic/*` ; do
zone=$(basename "${file}" | sed 's~\.zone$~~')
if ! [ -f "${TARGETPATH}/zones/${zone}.zone" ] ; then
echo "Working on ${zone}"
chown bind:bind "${file}"
mv "${file}" "${TARGETPATH}/zones/"
echo "${zone} OK"
fi
done
fi
echo "Reloading configuration"
/usr/sbin/rndc reload
) 9>/var/lock/ns-update.lock

View File

@ -1,7 +0,0 @@
#!/bin/sh
set -ex
/usr/bin/mysql --defaults-file=<%= @maintenance_script_config -%> \
-e "CALL partition_maintenance_all('zabbix');" \
'zabbix'

View File

@ -1,42 +0,0 @@
#!/bin/bash
#
# Original sources: https://github.com/ericoc/zabbix-slack-alertscript
# Author: https://github.com/ericoc
#
set -e
# Slack incoming web-hook URL and user name
url='<%= @slack_web_hook_url %>'
username='<%= @slack_post_username %>'
## Values received by this script:
# To/Channel = $1 (Slack channel to send the message to, specified in the Zabbix
# web interface)
# Subject = $2 (usually either PROBLEM or RECOVERY)
# Message = $3 (whatever message the Zabbix action sends, preferably something
# like "Zabbix server is unreachable for 5 minutes - Zabbix server (127.0.0.1)")
# Get the Slack channel ($1) and Zabbix subject ($2 - hopefully either PROBLEM
# or RECOVERY)
channel="${1}"
subject="${2}"
# Change message emoji depending on the subject - smile (RECOVERY), frowning
# (PROBLEM), or ghost (for everything else)
if [ "${subject}" == 'OK' ]; then
emoji='<%= @slack_emoji_ok || ':smile:' %>'
elif [ "${subject}" == 'PROBLEM' ]; then
emoji='<%= @slack_emoji_problem || ':frowning:' %>'
else
emoji='<%= @slack_emoji_unknown || ':ghost:' %>'
fi
# The message that we want to send to Slack is the "subject" value ($2 /
# $subject - that we got earlier)
# followed by the message that Zabbix actually sent us ($3)
message="${subject}: ${3}"
# Build our JSON payload and send it as a POST request to the Slack incoming
# web-hook URL
payload="payload={\"channel\": \"${channel}\", \"username\": \"${username}\",\"text\": \"${message}\", \"icon_emoji\": \"${emoji}\"}"
curl -m 5 --data-urlencode "${payload}" "${url}"

View File

@ -1,3 +0,0 @@
#!/bin/sh
/usr/bin/curl -X POST -H "Content-type:application/json" -d "{Id:'${1}', text:'${2}', triggerId:'${3}', playSound:true}" "http://zabbkit.inside.cactussoft.biz/api/messages"

View File

@ -1,160 +0,0 @@
# class racktables
class racktables (
$admin_password = 'racktables',
$db_host = 'localhost',
$db_name = 'racktables',
$db_password = 'racktables',
$db_username = 'racktables',
$ldap_options = undef,
$nginx_access_log = '/var/log/nginx/access.log',
$nginx_error_log = '/var/log/nginx/error.log',
$nginx_log_format = undef,
$require_local_account = true,
$service_fqdn = 'racktables.test.local',
$ssl_cert_content = '',
$ssl_cert_filename = '/etc/ssl/racktables.crt',
$ssl_key_content = '',
$ssl_key_filename = '/etc/ssl/racktables.key',
$user_auth_src = 'database',
) {
$php_modules = [ 'mysql', 'ldap', 'gd', 'cli' ]
$www_root = '/usr/share/racktables/wwwroot'
class { '::php::fpm::daemon' : }
::php::module { $php_modules : }
::nginx::resource::vhost { 'racktables-server' :
ensure => 'present',
listen_port => 80,
ssl => false,
server_name => [$service_fqdn, $::fqdn],
access_log => $nginx_access_log,
error_log => $nginx_error_log,
format_log => $nginx_log_format,
use_default_location => false,
require => Package['racktables'],
}
if ($ssl_cert_content and $ssl_key_content) {
$ssl = true
file { $ssl_cert_filename :
ensure => 'present',
mode => '0600',
owner => 'root',
content => $ssl_cert_content,
}
file { $ssl_key_filename :
ensure => 'present',
mode => '0600',
owner => 'root',
content => $ssl_key_content,
}
Nginx::Resource::Vhost <| title == 'racktables-server' |>{
ssl => true,
ssl_cert => $ssl_cert_filename,
ssl_key => $ssl_key_filename,
listen_port => 443,
ssl_port => 443,
}
::nginx::resource::vhost { 'racktables-redirect' :
ensure => 'present',
server_name => [$service_fqdn],
listen_port => 80,
www_root => $www_root,
access_log => $nginx_access_log,
error_log => $nginx_error_log,
format_log => $nginx_log_format,
location_cfg_append => {
return => "301 https://${service_fqdn}\$request_uri",
},
require => Package['racktables'],
}
}
user { 'racktables' :
ensure => 'present',
shell => '/usr/sbin/nologin',
home => '/var/www',
}
package { 'racktables' :
ensure => 'present',
}
class { '::mysql::server' : }
class { '::mysql::server::account_security' :}
::mysql::db { $db_name :
user => $db_username,
password => $db_password,
host => $db_host,
grant => ['all'],
charset => 'utf8',
require => [
Class['::mysql::server'],
Class['::mysql::server::account_security'],
],
}
::nginx::resource::location { 'racktables-server-static' :
vhost => 'racktables-server',
location => '/',
www_root => $www_root,
ssl => $ssl,
ssl_only => $ssl,
}
::nginx::resource::location { 'racktables-server-php' :
vhost => 'racktables-server',
location => '~ \.php$',
fastcgi => '127.0.0.1:9001',
www_root => $www_root,
ssl => $ssl,
ssl_only => $ssl,
}
::php::fpm::conf { 'www':
listen => '127.0.0.1:9001',
user => 'racktables',
php_value => {
post_max_size => 16M,
max_execution_time => 300,
max_input_time => 300,
'date.timezone' => UTC,
'cgi.fix_pathinfo' => 1,
},
require => [
Class['::nginx'],
User['racktables'],
],
}
file { '/usr/share/racktables/wwwroot/inc/secret.php' :
ensure => 'present',
owner => 'racktables',
group => 'racktables',
mode => '0400',
content => template('racktables/secret.php.erb'),
require => Package['racktables'],
notify => Exec['php /usr/share/racktables/initdb.php'],
}
file { '/usr/share/racktables/initdb.php' :
ensure => 'present',
owner => 'root',
group => 'root',
mode => '0644',
content => template('racktables/initdb.php.erb'),
require => Package['racktables'],
}
exec { 'php /usr/share/racktables/initdb.php' :
command => 'php /usr/share/racktables/initdb.php',
cwd => '/usr/share/racktables/',
require => [
Php::Module[$php_modules],
Package['racktables'],
File['/usr/share/racktables/initdb.php'],
File['/usr/share/racktables/wwwroot/inc/secret.php']
],
refreshonly => true,
}
}

View File

@ -1,14 +0,0 @@
<?php
require_once 'wwwroot/inc/pre-init.php';
require_once 'wwwroot/inc/dictionary.php';
require_once 'wwwroot/inc/config.php';
require_once 'wwwroot/inc/install.php';
init_database_static();
connect_to_db_or_die();
global $dbxlink;
$hash = sha1 ('<%= @admin_password %>');
$query = "INSERT INTO `UserAccount` (`user_id`, `user_name`, `user_password_hash`, `user_realname`) VALUES (1,'admin','${hash}','RackTables Administrator') ON DUPLICATE KEY UPDATE";
$result = $dbxlink->exec ($query);
?>

View File

@ -1,16 +0,0 @@
<?php
$pdo_dsn = 'mysql:host=<%= @db_host %>;dbname=<%= @db_name %>';
$db_username = '<%= @db_username %>';
$db_password = '<%= @db_password %>';
$user_auth_src = '<%= @user_auth_src %>';
$require_local_account = <%= @require_local_account ? 'TRUE' : 'FALSE' -%>;
<% if @ldap_options -%>
$LDAP_options = array(
<% @ldap_options.each {|key,value| -%>
'<%= key -%>' => '<%= value -%>',
<% } -%>
);
<% end -%>
?>

View File

@ -1,10 +0,0 @@
# Class: ssh::authorized_keys
class ssh::authorized_keys {
$keys = hiera_hash('ssh::authorized_keys::keys', {})
create_resources(ssh_authorized_key,
$keys, {
ensure => present,
user => 'root'
}
)
}

View File

@ -1,10 +0,0 @@
# Class: ssh::banner
#
class ssh::banner {
file { '/etc/banner' :
owner => 'root',
group => 'root',
mode => '0400',
content => template('ssh/banners/mirantis.net_ldap.erb')
}
}

View File

@ -1,21 +0,0 @@
# Define: ssh::known_host
#
define ssh::known_host (
$host = $title,
$overwrite = true,
$port = 22,
$user = 'root',
) {
if ($overwrite) {
$cmd = "ssh-keyscan -p ${port} -H ${host} > ~${user}/.ssh/known_hosts"
$unless = '/bin/false'
} else {
$cmd = "ssh-keyscan -p ${port} -H ${host} >> ~${user}/.ssh/known_hosts"
$unless = "ssh-keygen -F ${host} -f ~${user}/.ssh/known_hosts"
}
exec { $cmd:
user => $user,
logoutput => 'on_failure',
unless => $unless,
}
}

View File

@ -1,68 +0,0 @@
# Class: ssh::ldap
#
class ssh::ldap (
$bind_policy = $ssh::params::bind_policy,
$ldap_base = '',
$ldap_ignore_users = $ssh::params::ldap_ignore_users,
$ldap_uri = '',
$pam_filter = '',
$pam_password = $ssh::params::pam_password,
$sudoers_base = '',
$tls_cacertdir = '',
) {
include ssh::params
include ssh::banner
include ssh::sshd
$ldap_packages = $ssh::params::ldap_packages
package { $ldap_packages :
ensure => 'present',
}
file { '/etc/ldap.conf':
ensure => 'present',
mode => '0600',
owner => 'root',
group => 'root',
content => template('ssh/ldap.conf.erb'),
}
file { '/etc/ldap/ldap.conf' :
ensure => 'link',
target => '/etc/ldap.conf',
}
file { '/etc/nsswitch.conf':
ensure => 'present',
mode => '0644',
owner => 'root',
group => 'root',
content => template('ssh/nsswitch.conf.erb'),
notify => Service['nscd'],
}
file { '/etc/pam.d/common-session' :
ensure => 'present',
mode => '0644',
owner => 'root',
group => 'root',
content => template('ssh/common-session.erb'),
}
service { 'nscd' :
ensure => running,
enable => true,
hasstatus => true,
hasrestart => false,
}
Class['ssh::sshd']->
Package[$ldap_packages]->
File['/etc/ldap.conf']->
File['/etc/ldap/ldap.conf']->
File['/etc/nsswitch.conf']->
File['/etc/pam.d/common-session']->
Service['nscd']
}

View File

@ -1,33 +0,0 @@
# Class: ssh::params
#
class ssh::params {
$apply_firewall_rules = false
$bind_policy = 'soft'
$firewall_allow_sources = {}
$ldap_ignore_users = 'backup,bin,daemon,games,gnats,irc,landscape,libuuid,list,lp,mail,man,messagebus,mysql,nagios,news,ntp,postfix,proxy,puppet,root,sshd,sync,sys,syslog,uucp,whoopsie,www-data,zabbix'
$pam_password = 'md5'
$packages = [
'openssh-server'
]
$ldap_packages = [
'ldap-utils',
'libpam-ldap',
'nscd',
]
case $::osfamily {
'RedHat': {
$service = 'sshd'
}
'Debian': {
$service = 'ssh'
}
default: {
fatal("Unknown osfamily: ${::osfamily}. Probaly your OS is unsupported.")
}
}
$sshd_config = '/etc/ssh/sshd_config'
}

View File

@ -1,44 +0,0 @@
# Class: ssh::sshd
#
class ssh::sshd (
$apply_firewall_rules = $::ssh::params::apply_firewall_rules,
$firewall_allow_sources = $::ssh::params::firewall_allow_sources,
$password_authentication = false,
$sftp_group = 'sftpusers',
) {
include ssh::params
$packages = $ssh::params::packages
$service = $ssh::params::service
$sshd_config = $ssh::params::sshd_config
package { $packages :
ensure => latest,
}
file { $sshd_config :
ensure => 'present',
mode => '0644',
owner => 'root',
group => 'root',
content => template('ssh/sshd_config.erb'),
notify => Service[$service],
}
service { $service :
ensure => 'running',
enable => true,
hasstatus => true,
hasrestart => false,
}
if ($apply_firewall_rules) {
include firewall_defaults::pre
create_resources(firewall, $firewall_allow_sources, {
dport => 22,
action => 'accept',
require => Class['firewall_defaults::pre'],
})
}
}

View File

@ -1,12 +0,0 @@
/* *\
Welcome to the Fuel server <%= @fqdn %>
All granted users could be authenticated via LDAP
If you'd like to authenticate with public keys,
please use auth.mirantis.com to upload your key
On any questions please do not hesitate to contact
--
devops@mirantis.com
\* */

View File

@ -1,28 +0,0 @@
#
# /etc/pam.d/common-session - session-related modules common to all services
#
# This file is included from other service-specific PAM config files,
# and should contain a list of modules that define tasks to be performed
# at the start and end of sessions of *any* kind (both interactive and
# non-interactive).
#
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
# To take advantage of this, it is recommended that you configure any
# local modules either before or after the default block, and use
# pam-auth-update to manage selection of other modules. See
# pam-auth-update(8) for details.
# here are the per-package modules (the "Primary" block)
session [default=1] pam_permit.so
# here's the fallback if no module succeeds
session requisite pam_deny.so
# prime the stack with a positive return value if there isn't one already;
# this avoids us returning an error just because nothing sets a success code
# since the modules above will each just jump around
session required pam_permit.so
# and here are more per-package modules (the "Additional" block)
session required pam_unix.so
session optional pam_mkhomedir.so skel=/etc/skel/ umask=0027
session optional pam_ldap.so
session optional pam_ck_connector.so nox11
# end of pam-auth-update config

View File

@ -1,19 +0,0 @@
#
# LDAP Defaults
#
# See ldap.conf(5) for details
# This file should be world readable but not world writable.
URI <%= @ldap_uri %>
BASE <%= @ldap_base %>
TLS_CACERTDIR <%= @tls_cacertdir %>
pam_password <%= @pam_password %>
pam_filter <%= @pam_filter %>
sudoers_base <%= @sudoers_base %>
uri <%= @ldap_uri %>
bind_policy <%= @bind_policy %>
<% if @ldap_ignore_users %>
nss_initgroups_ignoreusers <%= @ldap_ignore_users %>
<% end %>

View File

@ -1,64 +0,0 @@
#
# /etc/nsswitch.conf
#
# An example Name Service Switch config file. This file should be
# sorted with the most-used services at the beginning.
#
# The entry '[NOTFOUND=return]' means that the search for an
# entry should stop if the search in the previous entry turned
# up nothing. Note that if the search failed due to some other reason
# (like no NIS server responding) then the search continues with the
# next entry.
#
# Legal entries are:
#
# nisplus or nis+ Use NIS+ (NIS version 3)
# nis or yp Use NIS (NIS version 2), also called YP
# dns Use DNS (Domain Name Service)
# files Use the local files
# db Use the local database (.db) files
# compat Use NIS on compat mode
# hesiod Use Hesiod for user lookups
# [NOTFOUND=return] Stop searching if not found so far
#
# To use db, put the "db" in front of "files" for entries you want to be
# looked up first in the databases
#
# Example:
#passwd: db files nisplus nis
#shadow: db files nisplus nis
#group: db files nisplus nis
passwd: files ldap
shadow: files ldap
group: files ldap
#hosts: db files nisplus nis dns
hosts: files dns
# Example - obey only what nisplus tells us...
#services: nisplus [NOTFOUND=return] files
#networks: nisplus [NOTFOUND=return] files
#protocols: nisplus [NOTFOUND=return] files
#rpc: nisplus [NOTFOUND=return] files
#ethers: nisplus [NOTFOUND=return] files
#netmasks: nisplus [NOTFOUND=return] files
bootparams: nisplus [NOTFOUND=return] files
ethers: files
netmasks: files
networks: files
protocols: files
rpc: files
services: files
netgroup: files ldap
publickey: nisplus
automount: files ldap
aliases: files nisplus
sudoers: files ldap

View File

@ -1,59 +0,0 @@
Port 22
ListenAddress ::
ListenAddress 0.0.0.0
Protocol 2
Banner /etc/banner
HostKey /etc/ssh/ssh_host_rsa_key
HostKey /etc/ssh/ssh_host_dsa_key
<% if @osfamily == 'Debian' %>
HostKey /etc/ssh/ssh_host_ecdsa_key
<% end %>
UsePrivilegeSeparation yes
KeyRegenerationInterval 3600
ServerKeyBits 768
SyslogFacility AUTH
LogLevel INFO
LoginGraceTime 120
PermitRootLogin without-password
StrictModes yes
RSAAuthentication yes
PubkeyAuthentication yes
IgnoreRhosts yes
RhostsRSAAuthentication no
HostbasedAuthentication no
PermitEmptyPasswords no
ChallengeResponseAuthentication no
PasswordAuthentication <%= @password_authentication ? 'yes' : 'no' %>
X11Forwarding yes
X11DisplayOffset 10
PermitTunnel yes
PrintMotd no
PrintLastLog yes
TCPKeepAlive yes
UseDNS no
AcceptEnv LANG LC_*
Subsystem sftp internal-sftp
UsePAM yes
<% if @osfamily == 'Debian' %>
AuthorizedKeysFile /etc/ssh/keys/%u .ssh/authorized_keys
<% else %>
AuthorizedKeysFile %h/.ssh/authorized_keys
<% end -%>
<% if @sftp_group != '' -%>
Match Group <%= @sftp_group %>
AllowTCPForwarding no
X11Forwarding no
ForceCommand internal-sftp
<% end -%>