remove trash
Change-Id: I8fa77d2bd83d6b64d9fd3421c8ab0351a88f69b9
This commit is contained in:
parent
1856c1f334
commit
d42ccf87f3
124
puppet-manifests/manifests/site.pp → puppet-manifests/manifests/init.pp
Normal file → Executable file
124
puppet-manifests/manifests/site.pp → puppet-manifests/manifests/init.pp
Normal file → Executable file
|
@ -1,62 +1,62 @@
|
|||
# Defaults
|
||||
|
||||
Exec {
|
||||
path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
|
||||
provider => 'shell',
|
||||
}
|
||||
|
||||
File {
|
||||
replace => true,
|
||||
}
|
||||
|
||||
if($::osfamily == 'Debian') {
|
||||
Exec['apt_update'] -> Package <| |>
|
||||
}
|
||||
|
||||
stage { 'pre' :
|
||||
before => Stage['main'],
|
||||
}
|
||||
|
||||
$gitrevision = '$Id$'
|
||||
|
||||
notify { "Revision : ${gitrevision}" :}
|
||||
|
||||
file { '/var/lib/puppet' :
|
||||
ensure => 'directory',
|
||||
owner => 'puppet',
|
||||
group => 'puppet',
|
||||
mode => '0755',
|
||||
}
|
||||
|
||||
file { '/var/lib/puppet/gitrevision.txt' :
|
||||
ensure => 'present',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0444',
|
||||
content => $gitrevision,
|
||||
require => File['/var/lib/puppet'],
|
||||
}
|
||||
|
||||
|
||||
# Nodes definitions
|
||||
|
||||
node /jenkins-slave\.test-company\.org/ {
|
||||
class { '::fuel_project::jenkins::slave' :
|
||||
external_host => true,
|
||||
}
|
||||
}
|
||||
|
||||
node /jenkins\.test-company\.org/ {
|
||||
class { '::fuel_project::jenkins::master' :}
|
||||
}
|
||||
|
||||
# Default
|
||||
node default {
|
||||
$classes = hiera('classes', '')
|
||||
if ($classes) {
|
||||
validate_array($classes)
|
||||
hiera_include('classes')
|
||||
} else {
|
||||
notify { 'Default node invocation' :}
|
||||
}
|
||||
}
|
||||
# Defaults
|
||||
|
||||
Exec {
|
||||
path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin',
|
||||
provider => 'shell',
|
||||
}
|
||||
|
||||
File {
|
||||
replace => true,
|
||||
}
|
||||
|
||||
if($::osfamily == 'Debian') {
|
||||
Exec['apt_update'] -> Package <| |>
|
||||
}
|
||||
|
||||
stage { 'pre' :
|
||||
before => Stage['main'],
|
||||
}
|
||||
|
||||
$gitrevision = '$Id$'
|
||||
|
||||
notify { "Revision : ${gitrevision}" :}
|
||||
|
||||
file { '/var/lib/puppet' :
|
||||
ensure => 'directory',
|
||||
owner => 'puppet',
|
||||
group => 'puppet',
|
||||
mode => '0755',
|
||||
}
|
||||
|
||||
file { '/var/lib/puppet/gitrevision.txt' :
|
||||
ensure => 'present',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0444',
|
||||
content => $gitrevision,
|
||||
require => File['/var/lib/puppet'],
|
||||
}
|
||||
|
||||
|
||||
# Nodes definitions
|
||||
|
||||
node /jenkins-slave\.test-company\.org/ {
|
||||
class { '::fuel_project::jenkins::slave' :
|
||||
external_host => true,
|
||||
}
|
||||
}
|
||||
|
||||
node /jenkins\.test-company\.org/ {
|
||||
class { '::fuel_project::jenkins::master' :}
|
||||
}
|
||||
|
||||
# Default
|
||||
node default {
|
||||
$classes = hiera('classes', '')
|
||||
if ($classes) {
|
||||
validate_array($classes)
|
||||
hiera_include('classes')
|
||||
} else {
|
||||
notify { 'Default node invocation' :}
|
||||
}
|
||||
}
|
|
@ -1,17 +0,0 @@
|
|||
# For all the following commands HOME should be set to the directory that has .my.cnf file with password information.
|
||||
# Get information about Slave replica
|
||||
UserParameter=mysql.replication_status[*],HOME=/var/lib/zabbix mysql -e 'SHOW SLAVE STATUS \G' | grep $1 | cut -d ':' -f2-
|
||||
# Flexible parameter to grab global variables. On the frontend side, use keys like mysql.status[Com_insert].
|
||||
# Key syntax is mysql.status[variable].
|
||||
UserParameter=mysql.status[*],echo "show global status where Variable_name='$1';" | HOME=/var/lib/zabbix mysql -N | awk '{print $$2}'
|
||||
# Flexible parameter to determine database or table size. On the frontend side, use keys like mysql.size[zabbix,history,data].
|
||||
# Key syntax is mysql.size[<database>,<table>,<type>].
|
||||
# Database may be a database name or "all". Default is "all".
|
||||
# Table may be a table name or "all". Default is "all".
|
||||
# Type may be "data", "index", "free" or "both". Both is a sum of data and index. Default is "both".
|
||||
# Database is mandatory if a table is specified. Type may be specified always.
|
||||
# Returns value in bytes.
|
||||
# 'sum' on data_length or index_length alone needed when we are getting this information for whole database instead of a single table
|
||||
UserParameter=mysql.size[*],echo "select sum($(case "$3" in both|"") echo "data_length+index_length";; data|index) echo "$3_length";; free) echo "data_free";; esac)) from information_schema.tables$([[ "$1" = "all" || ! "$1" ]] || echo " where table_schema='$1'")$([[ "$2" = "all" || ! "$2" ]] || echo "and table_name='$2'");" | HOME=/var/lib/zabbix mysql -N
|
||||
UserParameter=mysql.ping,HOME=/var/lib/zabbix mysqladmin ping | grep -c alive
|
||||
UserParameter=mysql.version,mysql -V
|
|
@ -1,4 +0,0 @@
|
|||
UserParameter=hardware,echo CPU: `cat /proc/cpuinfo | awk -F':' '/^model name/ { MODEL=$2; COUNT+=1 } END { print COUNT"x"MODEL }'`, MEM: `cat /proc/meminfo | awk '/^MemTotal:/ { printf "%dG", ($2/1024000) }'`, HDD: `cat /sys/block/sd*/size /sys/block/vd*/size 2>/dev/null | sort | uniq -c | sort -n | awk '{ printf "%dx%dG, ", $1, ($2/2/1000/976.5) }' | sed 's/, $//'`
|
||||
UserParameter=vfs.dev.discovery,for partition in $(awk '{print $NF}' /proc/partitions | egrep '^[sv]d([a-z]+)$') ; do partitionlist="$partitionlist,"'{"{#DISKDEV}":"'$partition'"}'; done; echo '{"data":['${partitionlist#,}']}'
|
||||
UserParameter=smartd.value[*],sudo /usr/sbin/smartctl -A "/dev/$1" | /bin/grep "$2" | /usr/bin/awk '{print $$10}'
|
||||
UserParameter=smartd.hdd.health[*],sudo /usr/sbin/smartctl -H "/dev/$1" | /bin/grep -c '^SMART overall-health self-assessment test result: PASSED$'
|
|
@ -1 +0,0 @@
|
|||
UserParameter=ssl.certificate.check[*],/usr/local/bin/zabbix_check_certificate.sh -H "$1" -p "$2"
|
|
@ -1,2 +0,0 @@
|
|||
UserParameter=lpupdatebug.lp_logcheck[*],/usr/local/bin/tailnew /var/log/lpupdatebug.log lpupdatebug.lp_logcheck.$(echo -n /var/log/lpupdatebug.log | sed 's~/~_~g') | grep -oh '0x00000lp' | tail -1
|
||||
UserParameter=lpupdatebug.ssh_logcheck[*],/usr/local/bin/tailnew /var/log/lpupdatebug.log lpupdatebug.ssh_logcheck.$(echo -n /var/log/lpupdatebug.log | sed 's~/~_~g') | grep -oh '0x00000ssh' | tail -1
|
|
@ -1,59 +0,0 @@
|
|||
#!/usr/bin/perl
|
||||
# Ex.
|
||||
# ./glubix_checkvolstatus.pl --volume_name vol0
|
||||
# ./glubix_checkvolstatus.pl --volume_name vol1 --volume_numbricks 4
|
||||
#
|
||||
# options:
|
||||
# --volume_name vol1
|
||||
# --volume_numbricks 4
|
||||
|
||||
use strict;
|
||||
use Getopt::Long qw(:config posix_default no_ignore_case gnu_compat);
|
||||
|
||||
my $rc = 0;
|
||||
my $gluster_volume_name;
|
||||
my $gluster_volume_numbricks;
|
||||
|
||||
my $getopt_result = GetOptions('volume_name=s' => \$gluster_volume_name,
|
||||
'volume_numbricks=i', => \$gluster_volume_numbricks);
|
||||
|
||||
if ($gluster_volume_name eq "") {
|
||||
$rc = 0;
|
||||
printf "$rc\n";
|
||||
exit;
|
||||
}
|
||||
|
||||
my $gluster_cmd = "/usr/sbin/gluster";
|
||||
my $exec_cmd = "$gluster_cmd volume info $gluster_volume_name 2> /dev/null";
|
||||
|
||||
my $result = `$exec_cmd`;
|
||||
|
||||
if ($result =~ m/Status: Started/) {
|
||||
# volume status is Started
|
||||
$rc = 1;
|
||||
|
||||
if ($gluster_volume_numbricks ne "" && $gluster_volume_numbricks > 0) {
|
||||
my $exec_cmd2 = "$gluster_cmd volume status $gluster_volume_name 2> /dev/null | grep '^Brick' | wc -l";
|
||||
my $result2 = `$exec_cmd2`;
|
||||
|
||||
my $num_active_brick = $result2;
|
||||
|
||||
# If number of active bricks were less than $gluster_volume_numbricks. return code is 0;
|
||||
if( $num_active_brick < $gluster_volume_numbricks ) {
|
||||
# missing some bricks. may be down.
|
||||
$rc = 0;
|
||||
} else {
|
||||
# brick is healthy
|
||||
$rc = 1;
|
||||
}
|
||||
}
|
||||
} elsif ($result =~ m/Status: Stopped/) {
|
||||
# volume status is Stopped
|
||||
$rc = 0;
|
||||
} else {
|
||||
# volume status is maintainance down or other
|
||||
$rc = 0;
|
||||
}
|
||||
|
||||
printf "$rc\n";
|
||||
exit
|
|
@ -1,43 +0,0 @@
|
|||
#!/usr/bin/perl
|
||||
# geo-replication via gsync for GlusterFS 3.3
|
||||
# Ex.
|
||||
# ./glubix_.pl --volume_name vol1 --slave_url remote::geo-vol1
|
||||
#
|
||||
# options:
|
||||
# --volume_name vol1
|
||||
# --slave_url remote::geo-vol1
|
||||
#
|
||||
|
||||
use strict;
|
||||
use Getopt::Long qw(:config posix_default no_ignore_case gnu_compat);
|
||||
|
||||
my $gluster_volume_name;
|
||||
my $gluster_slave_url;
|
||||
|
||||
my $getopt_result = GetOptions('volume_name=s' => \$gluster_volume_name,
|
||||
'slave_url=s', => \$gluster_slave_url);
|
||||
|
||||
if ($gluster_volume_name eq "") {
|
||||
exit 1;
|
||||
}
|
||||
|
||||
my $gluster_cmd = "/usr/sbin/gluster";
|
||||
my $exec_cmd = "$gluster_cmd volume geo-replication $gluster_volume_name $gluster_slave_url status | tail -1 2> /dev/null";
|
||||
|
||||
my $result = `$exec_cmd`;
|
||||
|
||||
if ($result =~ '^----' || $result =~ '^No active geo-replication sessions' ) {
|
||||
print "NotFound\n";
|
||||
exit 1;
|
||||
}
|
||||
|
||||
my ($master_vol,$slave_url,$status) = split(/[\s\t]+/, $result);
|
||||
|
||||
if ($master_vol eq $gluster_volume_name && $slave_url eq $gluster_slave_url) {
|
||||
print "$status\n";
|
||||
exit;
|
||||
}
|
||||
|
||||
print "ERROR\n";
|
||||
exit 1;
|
||||
|
|
@ -1,51 +0,0 @@
|
|||
#!/usr/bin/perl
|
||||
# geo-replication via gsync for GlusterFS 3.3
|
||||
# Ex.
|
||||
# ./glubix_.pl --volume_name vol1 --slave_url remote::geo-vol1
|
||||
#
|
||||
# options:
|
||||
# --volume_name vol1
|
||||
# --slave_url remote::geo-vol1
|
||||
#
|
||||
|
||||
use strict;
|
||||
use Getopt::Long qw(:config posix_default no_ignore_case gnu_compat);
|
||||
|
||||
my $gluster_volume_name;
|
||||
my $gluster_slave_url;
|
||||
|
||||
my $getopt_result = GetOptions('volume_name=s' => \$gluster_volume_name,
|
||||
'slave_url=s', => \$gluster_slave_url);
|
||||
|
||||
if ($gluster_volume_name eq "") {
|
||||
exit 1;
|
||||
}
|
||||
|
||||
my $gluster_cmd = "/usr/sbin/gluster";
|
||||
my $exec_cmd = "$gluster_cmd volume geo-replication $gluster_volume_name $gluster_slave_url status 2> /dev/null";
|
||||
|
||||
my $result = `$exec_cmd`;
|
||||
|
||||
if ($result =~ '^No active geo-replication sessions between' || $result =~ '^No active geo-replication sessions' ) {
|
||||
print "NotFound\n";
|
||||
exit 1;
|
||||
}
|
||||
|
||||
$result =~ s/^\s*\n//g;
|
||||
$result =~ s/MASTER NODE[A-Z\s]+\n//g;
|
||||
$result =~ s/-+\s*\n//g;
|
||||
|
||||
my @result_array = split(/\n/,$result);
|
||||
foreach my $line (@result_array){
|
||||
print "$line\n";
|
||||
my ($master_node,$master_vol,$master_brick,$slave_url,$status,$checkpoint_status,$crawl_status) = split(/\s+/, $line);
|
||||
|
||||
if ($master_vol eq $gluster_volume_name && $slave_url eq $gluster_slave_url) {
|
||||
print "$status\n";
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
print "ERROR\n";
|
||||
exit 1;
|
||||
|
|
@ -1,21 +0,0 @@
|
|||
#!/usr/bin/perl
|
||||
# Ex.
|
||||
# ./glubix_numpeers.pl
|
||||
#
|
||||
|
||||
use strict;
|
||||
|
||||
my $gluster_cmd = "/usr/sbin/gluster";
|
||||
my $exec_cmd = "$gluster_cmd peer status 2> /dev/null";
|
||||
|
||||
my $result = `$exec_cmd`;
|
||||
|
||||
my $peers = 0;
|
||||
|
||||
if ($result =~ m/Number of Peers: ([0-9]+)/) {
|
||||
$peers = $1;
|
||||
}
|
||||
|
||||
print "$peers\n";
|
||||
|
||||
exit;
|
|
@ -1,20 +0,0 @@
|
|||
#!/usr/bin/perl
|
||||
# Ex.
|
||||
# ./glubix_uuid.pl
|
||||
|
||||
use strict;
|
||||
|
||||
my $glusterd_info = "/var/lib/glusterd/glusterd.info";
|
||||
my $exec_cmd = "grep UUID $glusterd_info 2> /dev/null";
|
||||
|
||||
my $result = `$exec_cmd`;
|
||||
|
||||
my $uuid;
|
||||
|
||||
if ($result =~ m/UUID=([0-9a-f]+-[0-9a-f]+-[0-9a-f]+-[0-9a-f]+-[0-9a-f]+)/) {
|
||||
$uuid = $1;
|
||||
}
|
||||
|
||||
print "$uuid\n";
|
||||
|
||||
exit;
|
|
@ -1,39 +0,0 @@
|
|||
#!/usr/bin/perl
|
||||
# Ex.
|
||||
# ./glubix_volstatus.pl --volume_name vol0
|
||||
#
|
||||
# options:
|
||||
# --volume_name vol1
|
||||
|
||||
use strict;
|
||||
use Getopt::Long qw(:config posix_default no_ignore_case gnu_compat);
|
||||
|
||||
my $status;
|
||||
my $gluster_volume_name;
|
||||
|
||||
my $getopt_result = GetOptions('volume_name=s' => \$gluster_volume_name);
|
||||
|
||||
if ($gluster_volume_name eq "") {
|
||||
$status = "NotFound";
|
||||
printf "$status\n";
|
||||
exit 1;
|
||||
}
|
||||
|
||||
my $gluster_cmd = "/usr/sbin/gluster";
|
||||
my $exec_cmd = "$gluster_cmd volume info $gluster_volume_name 2> /dev/null";
|
||||
|
||||
my $result = `$exec_cmd`;
|
||||
|
||||
if ($result =~ m/Status: Started/) {
|
||||
$status = 'Started';
|
||||
} elsif ($result =~ m/Status: Stopped/) {
|
||||
$status = 'Stopped';
|
||||
} elsif ($result =~ m/Status: Created/) {
|
||||
$status = 'Created';
|
||||
} else {
|
||||
# Can't parse volume status
|
||||
$status = "Unknown";
|
||||
}
|
||||
|
||||
printf "$status\n";
|
||||
exit;
|
|
@ -1,43 +0,0 @@
|
|||
#!/usr/bin/perl
|
||||
# Ex.
|
||||
# ./glubix_voltype.pl --volume_name vol0
|
||||
#
|
||||
# options:
|
||||
# --volume_name vol1
|
||||
# return value type: String
|
||||
# return value list: Unknown ... Can't parse result of gluster command
|
||||
# Blank ... --volume_name is not set
|
||||
# Distribute
|
||||
# Stripe
|
||||
# Replicate
|
||||
# Striped-Replicate
|
||||
# Distributed-Stripe
|
||||
# Distributed-Replicate
|
||||
# Distributed-Striped-Replicate
|
||||
|
||||
use strict;
|
||||
use Getopt::Long qw(:config posix_default no_ignore_case gnu_compat);
|
||||
|
||||
my $voltype;
|
||||
my $gluster_volume_name = '';
|
||||
|
||||
my $getopt_result = GetOptions('volume_name=s' => \$gluster_volume_name);
|
||||
|
||||
if ($gluster_volume_name eq '') {
|
||||
$voltype = "Blank";
|
||||
exit;
|
||||
}
|
||||
|
||||
my $gluster_cmd = "/usr/sbin/gluster";
|
||||
my $exec_cmd = "$gluster_cmd volume info $gluster_volume_name 2> /dev/null";
|
||||
|
||||
my $result = `$exec_cmd`;
|
||||
|
||||
if ($result =~ m/Type: (\S+)/) {
|
||||
$voltype = $1;
|
||||
} else {
|
||||
$voltype = "Unknown";
|
||||
}
|
||||
|
||||
printf "$voltype\n";
|
||||
exit
|
|
@ -1,9 +0,0 @@
|
|||
UserParameter=gluster.version,/usr/sbin/glusterd -V|head -1|cut -d' ' -f2
|
||||
UserParameter=gluster.uuid,sudo /usr/local/bin/glubix_uuid.pl
|
||||
UserParameter=gluster.numpeers,sudo /usr/local/bin/glubix_numpeers.pl
|
||||
UserParameter=gluster.voltype[*],sudo /usr/local/bin/glubix_voltype.pl --volume_name $1
|
||||
UserParameter=gluster.volstatus[*],sudo /usr/local/bin/glubix_volstatus.pl --volume_name $1
|
||||
UserParameter=gluster.checkvolstatus[*],sudo /usr/local/bin/glubix_checkvolstatus.pl --volume_name $1 --volume_numbricks $2
|
||||
UserParameter=gluster.numbricks[*],sudo /usr/sbin/gluster volume info $1 | grep '^Brick[0-9]*:' | wc -l
|
||||
UserParameter=gluster.numactivebricks[*],sudo /usr/sbin/gluster volume status $1 | grep '^Brick' | wc -l
|
||||
UserParameter=gluster.georepstatus[*],sudo /usr/local/bin/glubix_georepstatus34.pl --volume_name $1 --slave_url $2
|
|
@ -1,8 +0,0 @@
|
|||
TIMEOUT 50
|
||||
TOTALTIMEOUT 9000
|
||||
ONTIMEOUT local
|
||||
default local
|
||||
|
||||
LABEL local
|
||||
MENU LABEL Boot local hard drive
|
||||
LOCALBOOT 0
|
|
@ -1,311 +0,0 @@
|
|||
#!/usr/bin/python
|
||||
|
||||
import sys, getopt
|
||||
import os.path
|
||||
import netaddr
|
||||
import re
|
||||
import paramiko
|
||||
import time
|
||||
from hashlib import sha512
|
||||
from xmlbuilder import XMLBuilder
|
||||
|
||||
IPMI_USERNAME = os.getenv('IPMI_USERNAME', '')
|
||||
IPMI_PASSWORD = os.getenv('IPMI_PASSWORD', '')
|
||||
|
||||
CISCO_USERNAME = os.getenv('CISCO_USERNAME', '')
|
||||
CISCO_PASSWORD = os.getenv('CISCO_PASSWORD', '')
|
||||
|
||||
servers = {
|
||||
'cz5547' : { 'hostname' : 'cz5547-kvm.host-telecom.com', 'mac' : 'a0-d3-c1-ef-2c-d8', 'int1' : 'gi 0/1', 'int2' : 'gi 0/2' },
|
||||
'cz5548' : { 'hostname' : 'cz5548-kvm.host-telecom.com', 'mac' : 'a0-d3-c1-ef-16-ec', 'int1' : 'gi 0/3', 'int2' : 'gi 0/4' },
|
||||
'cz5549' : { 'hostname' : 'cz5549-kvm.host-telecom.com', 'mac' : 'a0-d3-c1-ef-32-cc', 'int1' : 'gi 0/5', 'int2' : 'gi 0/6' },
|
||||
'cz5550' : { 'hostname' : 'cz5550-kvm.host-telecom.com', 'mac' : 'a0-2b-b8-1f-48-4c', 'int1' : 'gi 0/7', 'int2' : 'gi 0/8' },
|
||||
'cz5551' : { 'hostname' : 'cz5551-kvm.host-telecom.com', 'mac' : 'a0-2b-b8-1f-48-fc', 'int1' : 'gi 0/9', 'int2' : 'gi 0/10' },
|
||||
'cz5552' : { 'hostname' : 'cz5552-kvm.host-telecom.com', 'mac' : 'a0-2b-b8-1f-4a-88', 'int1' : 'gi 0/11', 'int2' : 'gi 0/12' },
|
||||
'cz5553' : { 'hostname' : 'cz5553-kvm.host-telecom.com', 'mac' : 'a0-2b-b8-1f-4a-ac', 'int1' : 'gi 0/19', 'int2' : 'gi 0/20' },
|
||||
'cz5554' : { 'hostname' : 'cz5554-kvm.host-telecom.com', 'mac' : 'a0-2b-b8-1f-4a-90', 'int1' : 'gi 0/21', 'int2' : 'gi 0/22' },
|
||||
'cz5555' : { 'hostname' : 'cz5555-kvm.host-telecom.com', 'mac' : 'a0-2b-b8-1f-4c-9c', 'int1' : 'gi 0/23', 'int2' : 'gi 0/24' },
|
||||
'cz5556' : { 'hostname' : 'cz5556-kvm.host-telecom.com', 'mac' : 'a0-2b-b8-1f-4c-48', 'int1' : 'gi 0/31', 'int2' : 'gi 0/32' },
|
||||
'cz5557' : { 'hostname' : 'cz5557-kvm.host-telecom.com', 'mac' : 'a0-2b-b8-1f-4a-08', 'int1' : 'gi 0/33', 'int2' : 'gi 0/34' },
|
||||
'cz5558' : { 'hostname' : 'cz5558-kvm.host-telecom.com', 'mac' : 'a0-2b-b8-1f-4c-74', 'int1' : 'gi 0/35', 'int2' : 'gi 0/36' },
|
||||
'cz5559' : { 'hostname' : 'cz5559-kvm.host-telecom.com', 'mac' : 'a0-2b-b8-1f-4c-54', 'int1' : 'gi 0/13', 'int2' : 'gi 0/14' },
|
||||
'cz5560' : { 'hostname' : 'cz5560-kvm.host-telecom.com', 'mac' : '00-00-00-00-00-00', 'int1' : 'gi 0/15', 'int2' : 'gi 0/16' },
|
||||
'cz5561' : { 'hostname' : 'cz5561-kvm.host-telecom.com', 'mac' : 'a0-2b-b8-1f-4b-ec', 'int1' : 'gi 0/17', 'int2' : 'gi 0/18' },
|
||||
'cz5562' : { 'hostname' : 'cz5562-kvm.host-telecom.com', 'mac' : '00-00-00-00-00-00', 'int1' : 'gi 0/25', 'int2' : 'gi 0/26' },
|
||||
'cz5563' : { 'hostname' : 'cz5563-kvm.host-telecom.com', 'mac' : '00-00-00-00-00-00', 'int1' : 'gi 0/27', 'int2' : 'gi 0/28' },
|
||||
'cz5564' : { 'hostname' : 'cz5564-kvm.host-telecom.com', 'mac' : '00-00-00-00-00-00', 'int1' : 'gi 0/29', 'int2' : 'gi 0/30' },
|
||||
}
|
||||
|
||||
vlans = {
|
||||
'221' : { 'network' : netaddr.IPNetwork('172.16.39.0/26') },
|
||||
'222' : { 'network' : netaddr.IPNetwork('172.16.39.64/26') },
|
||||
'223' : { 'network' : netaddr.IPNetwork('172.16.39.128/26') },
|
||||
'224' : { 'network' : netaddr.IPNetwork('172.16.39.192/26') },
|
||||
'225' : { 'network' : netaddr.IPNetwork('172.16.37.128/26') },
|
||||
'226' : { 'network' : netaddr.IPNetwork('172.16.37.192/26') },
|
||||
}
|
||||
|
||||
switches = {
|
||||
'cz-sw' : { 'hostname' : '193.161.84.243 ' },
|
||||
}
|
||||
|
||||
class fuelLab:
|
||||
""" Lab definition """
|
||||
def __init__(self):
|
||||
self.name="Lab1"
|
||||
self.fuel = None
|
||||
self.iso = None
|
||||
self.vlan = None
|
||||
self.public_vlan = None
|
||||
self.vlan_range = None
|
||||
self.nodes = []
|
||||
self.tftp_root = "/var/lib/tftpboot"
|
||||
|
||||
def set_host(self,host):
|
||||
if host in servers.keys():
|
||||
self.name = host
|
||||
self.fuel = servers[host]
|
||||
else:
|
||||
print "Node "+node+" not defined"
|
||||
sys.exit(1)
|
||||
|
||||
def add_node(self,node):
|
||||
if re.match('^[1-9a-f]{2}:[1-9a-f]{2}$',node):
|
||||
node = re.sub(':','-',node)
|
||||
for name in servers.keys():
|
||||
if re.search(node+'$', servers[name]['mac']):
|
||||
self.add_node(name)
|
||||
return
|
||||
if node in servers.keys():
|
||||
self.nodes.append(servers[node])
|
||||
else:
|
||||
print "Node "+node+" not defined"
|
||||
sys.exit(1)
|
||||
|
||||
def set_vlan(self,vlan):
|
||||
if vlan in vlans.keys():
|
||||
self.vlan = vlan
|
||||
else:
|
||||
print "Vlan "+vlan+" not defined"
|
||||
sys.exit(1)
|
||||
|
||||
def set_public_vlan(self,vlan):
|
||||
if vlan in vlans.keys():
|
||||
self.public_vlan = vlan
|
||||
else:
|
||||
print "Vlan "+vlan+" not defined"
|
||||
sys.exit(1)
|
||||
|
||||
def set_vlan_range(self,vlan_range):
|
||||
res = re.match(r"(\d+)\-(\d+)",vlan_range)
|
||||
if res:
|
||||
min,max = int(res.group(1)),int(res.group(2))
|
||||
if(max-min > 1 and max-min < 20):
|
||||
self.vlan_range = str(min)+'-'+str(max)
|
||||
else:
|
||||
print "Range is too big"
|
||||
else:
|
||||
print "Wrong range"
|
||||
|
||||
def create_pxe(self):
|
||||
self.pxe_file = "/var/lib/tftpboot/pxelinux.cfg/01-"+self.fuel['mac']
|
||||
f = open(self.pxe_file, "w")
|
||||
ip = vlans[self.vlan]['network']
|
||||
nfs_share = "nfs:" +str(ip.ip+1) + ":" + self.tftp_root + self.fuel_path
|
||||
host_ip = ip.ip + 2
|
||||
host_gw = ip.ip + ip.size - 2
|
||||
host_netmask = ip.netmask
|
||||
f.write("DEFAULT fuel\nPROMPT 0\nTIMEOUT 0\nTOTALTIMEOUT 0\nONTIMEOUT fuel\n\n")
|
||||
f.write("LABEL fuel\nKERNEL %s/isolinux/vmlinuz\nINITRD %s/isolinux/initrd.img\n" % (self.fuel_path, self.fuel_path))
|
||||
f.write("APPEND biosdevname=0 ks=%s repo=%s ip=%s netmask=%s gw=%s hostname=fuel-lab-%s.mirantis.com showmenu=no installdrive=sda ksdevice=eth0 forceformat=yes\n" % \
|
||||
( nfs_share + "/ks.cfg", nfs_share ,host_ip, host_netmask, host_gw, self.name ) )
|
||||
f.close()
|
||||
|
||||
def mac_in_nodes(self,mac):
|
||||
for node in self.nodes:
|
||||
if node['mac'] == mac:
|
||||
return True
|
||||
return False
|
||||
|
||||
def update_dhcpd(self):
|
||||
mac = re.sub('-',':',self.fuel['mac'])
|
||||
fuel = self.fuel
|
||||
ip = vlans[self.vlan]['network']
|
||||
filename = "/tmp/deploy." + str(os.getpid())
|
||||
x = XMLBuilder('network')
|
||||
x.name("lab" + str(self.vlan))
|
||||
x.bridge(name = "br"+self.vlan, stp="off", delay="0")
|
||||
with x.forward(mode = "route", dev="eth0"):
|
||||
x.interface(dev="eth0")
|
||||
with x.ip(address = str(ip.ip+1), netmask="255.255.255.192"):
|
||||
with x.dhcp:
|
||||
x.host(mac=mac, ip=str(ip.ip+2))
|
||||
x.bootp(file="pxelinux.0")
|
||||
x.tftp(root="/var/lib/tftpboot")
|
||||
print str(x)+"\n"
|
||||
f=open(filename,"w")
|
||||
f.write(str(x)+"\n")
|
||||
f.close()
|
||||
os.system("sudo ifconfig br%s down" % self.vlan)
|
||||
os.system("virsh net-destroy lab%s" % self.vlan)
|
||||
os.system("virsh net-create %s" % filename)
|
||||
os.system("sudo brctl addif br%s eth1.%s" % (self.vlan, self.vlan))
|
||||
|
||||
def switch_write(self):
|
||||
ssh = paramiko.SSHClient()
|
||||
ssh.set_missing_host_key_policy(
|
||||
paramiko.AutoAddPolicy())
|
||||
ssh.connect('193.161.84.243', username=CISCO_USERNAME, password=CISCO_PASSWORD)
|
||||
sess = ssh.invoke_shell()
|
||||
vlans = "%s,%s" % (self.vlan, self.vlan_range)
|
||||
print sess.recv(5000)
|
||||
sess.send("conf t\n")
|
||||
time.sleep(1)
|
||||
for node in self.nodes + [self.fuel]:
|
||||
print sess.recv(5000)
|
||||
sess.send( "interface %s\nswitchport trunk native vlan %s\nswitchport trunk allowed vlan %s\n" % (node['int1'], self.vlan, vlans) )
|
||||
sess.send( "interface %s\nno switchport trunk native vlan\n" % ( node['int2'] ) )
|
||||
if self.public_vlan:
|
||||
sess.send( "switchport trunk native vlan %s\nswitchport trunk allowed vlan %s\n" % (self.public_vlan, vlans+","+self.public_vlan) )
|
||||
else:
|
||||
sess.send( "switchport trunk allowed vlan %s\n" % (vlans) )
|
||||
time.sleep(1)
|
||||
time.sleep(2)
|
||||
sess.send("end\nexit\n")
|
||||
print sess.recv(5000)
|
||||
|
||||
def reboot_master(self):
|
||||
print "Rebooting Fuel Master: %s" % self.fuel['hostname']
|
||||
os.system("ipmitool -I lanplus -L operator -H " + self.fuel['hostname'] + " -U " + IPMI_USERNAME + " -P '" + IPMI_PASSWORD + "' power cycle")
|
||||
|
||||
def reboot_nodes(self):
|
||||
for node in self.nodes:
|
||||
print "Reboot node: %s" % node['hostname']
|
||||
os.system("ipmitool -I lanplus -L operator -H " + node['hostname'] + " -U " + IPMI_USERNAME + " -P '" + IPMI_PASSWORD + "' power cycle")
|
||||
|
||||
def set_iso(self,iso):
|
||||
iso = os.path.abspath(iso)
|
||||
if os.path.isfile(iso):
|
||||
self.iso = iso
|
||||
self.fuel_path = "/" + sha512(iso).hexdigest()[:16]
|
||||
else:
|
||||
print "ISO: %s not found" % iso
|
||||
sys.exit(1)
|
||||
|
||||
def unpack_iso(self):
|
||||
mount_iso_path = self.tftp_root + self.fuel_path
|
||||
if os.path.ismount(mount_iso_path):
|
||||
return
|
||||
if not os.path.exists(mount_iso_path):
|
||||
os.system("mkdir " + mount_iso_path)
|
||||
os.system("sudo mount -o loop,ro %s %s" % ( self.iso, mount_iso_path) )
|
||||
|
||||
def check_params(self, mode):
|
||||
if not mode:
|
||||
return False
|
||||
if 'install_fuel' in mode and not ( self.fuel and self.iso and self.vlan) :
|
||||
return False
|
||||
if 'reboot' in mode and not ( self.nodes ) :
|
||||
return False
|
||||
if 'configure' in mode and not ( self.fuel and self.vlan and self.vlan_range and self.nodes ) :
|
||||
return False
|
||||
return True
|
||||
|
||||
|
||||
|
||||
def usage():
|
||||
print '''
|
||||
== For existing configuration you must specify:
|
||||
\nEXAMPLE:\tdeploy.py --host=cz5551 --vlan=221 --iso=/srv/downloads/fuel.iso\n
|
||||
--host Host to use as master node
|
||||
--vlan Preconfigured lab admin vlan
|
||||
--iso ISO to install
|
||||
\n == To reboot nodes you need only: ==
|
||||
\nEXAMPLE:\tdeploy.py (--reboot-nodes|-r) --node cz5547 --node 2c:d8 ...\n
|
||||
--reboot-nodes Reboot only nodes
|
||||
--node=cz0000 Node to reboot
|
||||
\n == For NEW configuration (DevOps team only) ==
|
||||
\nEXAMPLE:\tdeploy.py --host cz5551 --vlan 221 [--public-vlan=222] --vlan-range 300-305 [--iso fuel.iso] --node cz5547 --node cz5548 --node cz5549\n
|
||||
--public-vlan 222 Set untagged eth1 vlan (if needed)
|
||||
--vlan-range 51-55 Vlans for storage/private/management/etc
|
||||
--node Node to include in lab'''
|
||||
|
||||
def main(argv):
|
||||
lab = fuelLab()
|
||||
mode = []
|
||||
nodes = []
|
||||
try:
|
||||
opts, args = getopt.getopt(argv,"hr",["host=","vlan=","public-vlan=","vlan-range=","iso=","node=","help","reboot-nodes"])
|
||||
except getopt.GetoptError:
|
||||
usage()
|
||||
sys.exit(2)
|
||||
for opt, arg in opts:
|
||||
if opt in ( "-h", "--help" ):
|
||||
usage()
|
||||
sys.exit(0)
|
||||
elif opt == "--host":
|
||||
lab.set_host(arg)
|
||||
elif opt == "--vlan":
|
||||
lab.set_vlan(arg)
|
||||
elif opt == "--public-vlan":
|
||||
mode.append('configure')
|
||||
lab.set_public_vlan(arg)
|
||||
elif opt == "--vlan-range":
|
||||
mode.append('configure')
|
||||
lab.set_vlan_range(arg)
|
||||
elif opt == "--iso":
|
||||
mode.append('install_fuel')
|
||||
lab.set_iso(arg)
|
||||
elif opt == "--node":
|
||||
lab.add_node(arg)
|
||||
nodes.append(arg)
|
||||
elif opt in ( "--reboot-nodes", "-r" ):
|
||||
mode.append('reboot')
|
||||
|
||||
if not lab.check_params(mode):
|
||||
usage()
|
||||
exit(1)
|
||||
|
||||
if 'reboot' in mode:
|
||||
lab.reboot_nodes()
|
||||
return
|
||||
if 'configure' in mode:
|
||||
lab.switch_write()
|
||||
lab.update_dhcpd()
|
||||
vlan = vlans[lab.vlan]['network']
|
||||
if lab.public_vlan:
|
||||
vlan_p = vlans[lab.public_vlan]['network']
|
||||
pub_net = vlan_p
|
||||
pub_gw = vlan_p[-2]
|
||||
else:
|
||||
pub_net = pub_gw = "Not available"
|
||||
print '''
|
||||
================================================================================
|
||||
Lab configured:
|
||||
|
||||
Fuel host ip: %s
|
||||
Admin network: ( Untagged eth0 )
|
||||
network: %s
|
||||
gateway: %s
|
||||
Public network: ( Untagged eth1 )
|
||||
network: %s
|
||||
gateway: %s
|
||||
Vlans available: %s
|
||||
|
||||
To install Fuel:
|
||||
deploy.py --host %s --vlan %s --iso /srv/downloads/fuel.iso
|
||||
|
||||
To reboot all nodes:
|
||||
deploy.py -r --node %s
|
||||
================================================================================
|
||||
''' % ( vlan[2], vlan, vlan[-2], pub_net, pub_gw, lab.vlan_range, lab.name, lab.vlan, " --node ".join(nodes) )
|
||||
|
||||
if 'install_fuel' in mode:
|
||||
lab.update_dhcpd()
|
||||
lab.create_pxe()
|
||||
lab.unpack_iso()
|
||||
lab.reboot_master()
|
||||
os.system("echo 'rm %s' | at now + 10 minutes" % lab.pxe_file)
|
||||
|
||||
if __name__ == "__main__":
|
||||
main(sys.argv[1:])
|
|
@ -1,23 +0,0 @@
|
|||
auto lo
|
||||
iface lo inet loopback
|
||||
|
||||
auto eth0
|
||||
iface eth0 inet dhcp
|
||||
|
||||
auto eth1.221
|
||||
iface eth1.221 inet manual
|
||||
|
||||
auto eth1.222
|
||||
iface eth1.222 inet manual
|
||||
|
||||
auto eth1.223
|
||||
iface eth1.223 inet manual
|
||||
|
||||
auto eth1.224
|
||||
iface eth1.224 inet manual
|
||||
|
||||
auto eth1.225
|
||||
iface eth1.225 inet manual
|
||||
|
||||
auto eth1.226
|
||||
iface eth1.226 inet manual
|
|
@ -1 +0,0 @@
|
|||
ALL ALL=NOPASSWD: /bin/mount, /bin/umount, /sbin/ifconfig, /sbin/brctl
|
|
@ -1,75 +0,0 @@
|
|||
#!/usr/bin/perl -w
|
||||
#
|
||||
# $jwk: bind96-stats-parse.pl,v 1.4 2011/08/22 16:11:13 jwk Exp $
|
||||
#
|
||||
# Parse the statistics file produced by BIND 9.6 and higher. Output
|
||||
# the statistics in format that's easily parseable by a
|
||||
# script/program/whatever.
|
||||
#
|
||||
# Joel Knight
|
||||
# knight.joel gmail.com
|
||||
# 2010.12.26
|
||||
#
|
||||
# http://www.packetmischief.ca/monitoring-bind9/
|
||||
|
||||
|
||||
use strict;
|
||||
use warnings;
|
||||
|
||||
# how often are you pulling statistics?
|
||||
my $INTERVAL = 300;
|
||||
|
||||
my $prefix;
|
||||
my $view;
|
||||
my $item;
|
||||
my $cnt;
|
||||
|
||||
my $now = time;
|
||||
|
||||
my $go = 0;
|
||||
|
||||
while (<>) {
|
||||
chomp;
|
||||
# +++ Statistics Dump +++ (1293358206)
|
||||
if (m/^\+\+\+ Statistics Dump \+\+\+ \((\d+)\)/) {
|
||||
my $d = $now - $1;
|
||||
# stats that are older than $INTERVAL seconds are ones that we've
|
||||
# already processed
|
||||
if ($d >= $INTERVAL) {
|
||||
next;
|
||||
} else {
|
||||
print scalar localtime $1, "\n";
|
||||
$go++;
|
||||
}
|
||||
}
|
||||
|
||||
next unless $go;
|
||||
|
||||
# ++ Incoming Requests ++
|
||||
# ++ Socket I/O Statistics ++
|
||||
if (m/^\+\+ ([^+]+) \+\+$/) {
|
||||
($prefix = lc $1) =~ s/[\s\>\<\/\(\)]/_/g;
|
||||
$view = $item = $cnt = "";
|
||||
}
|
||||
# [View: custom_view_name]
|
||||
# we ignore the view name "default" so that the word "default" is not
|
||||
# inserted into the output.
|
||||
if (m/^\[View: (\w+)(| .*)\]/) {
|
||||
next if $1 eq "default";
|
||||
$view = $1;
|
||||
}
|
||||
|
||||
# 407104 QUERY
|
||||
# 3379 EDNS(0) query failures
|
||||
# 134 queries with RTT < 10ms
|
||||
if (m/^\s+(\d+) ([^\n]+)/) {
|
||||
($cnt = lc $1) =~ s/[\s\>\<\/\(\)]/_/g;
|
||||
($item = lc $2) =~ s/[\s\>\<\/\(\)]/_/g;
|
||||
|
||||
if ($view) {
|
||||
print "$prefix\+$view:$item=$cnt\n";
|
||||
} else {
|
||||
print "$prefix:$item=$cnt\n";
|
||||
}
|
||||
}
|
||||
}
|
|
@ -1 +0,0 @@
|
|||
UserParameter=bind.stats[*],(/usr/local/bin/bind96-stats-parse.pl < /var/lib/bind/statistics.txt | /bin/fgrep "$1=" || echo "$1=0") | /usr/bin/cut -d= -f2
|
|
@ -1,14 +0,0 @@
|
|||
UserParameter=nginx.active[*],/usr/bin/curl -s http://127.0.0.1:61929/ | awk '/^Active/ {print $NF}'
|
||||
UserParameter=nginx.reading[*],/usr/bin/curl -s http://127.0.0.1:61929/ | awk '/Reading/ {print $$2}'
|
||||
UserParameter=nginx.writing[*],/usr/bin/curl -s http://127.0.0.1:61929/ | awk '/Writing/ {print $$4}'
|
||||
UserParameter=nginx.waiting[*],/usr/bin/curl -s http://127.0.0.1:61929/ | awk '/Waiting/ {print $$6}'
|
||||
UserParameter=nginx.accepted[*],/usr/bin/curl -s http://127.0.0.1:61929/ | awk '/^[ \t]+[0-9]+[ \t]+[0-9]+[ \t]+[0-9]+/ {print $$1}'
|
||||
UserParameter=nginx.handled[*],/usr/bin/curl -s http://127.0.0.1:61929/ | awk '/^[ \t]+[0-9]+[ \t]+[0-9]+[ \t]+[0-9]+/ {print $$2}'
|
||||
UserParameter=nginx.requests[*],/usr/bin/curl -s http://127.0.0.1:61929/ | awk '/^[ \t]+[0-9]+[ \t]+[0-9]+[ \t]+[0-9]+/ {print $$3}'
|
||||
UserParameter=nginx.logs.requests[*],sudo /usr/bin/tailnew "$1" nginx.logs.requests.$(echo -n $1 | sed 's~/~_~g') | wc -l
|
||||
UserParameter=nginx.logs.requests.2xx[*],sudo /usr/bin/tailnew "$1" nginx.logs.requests.$(echo -n $1 | sed 's~/~_~g').2xx | awk 'BEGIN { i = 0 } {if($$8 >= 200 && $$8 < 300) { i++ }} END {print i}'
|
||||
UserParameter=nginx.logs.requests.3xx[*],sudo /usr/bin/tailnew "$1" nginx.logs.requests.$(echo -n $1 | sed 's~/~_~g').3xx | awk 'BEGIN { i = 0 } {if($$8 >= 300 && $$8 < 400) { i++ }} END {print i}'
|
||||
UserParameter=nginx.logs.requests.4xx[*],sudo /usr/bin/tailnew "$1" nginx.logs.requests.$(echo -n $1 | sed 's~/~_~g').4xx | awk 'BEGIN { i = 0 } {if($$8 >= 400 && $$8 < 500) { i++ }} END {print i}'
|
||||
UserParameter=nginx.logs.requests.5xx[*],sudo /usr/bin/tailnew "$1" nginx.logs.requests.$(echo -n $1 | sed 's~/~_~g').5xx | awk 'BEGIN { i = 0 } {if($$8 >= 500 && $$8 < 600) { i++ }} END {print i}'
|
||||
UserParameter=nginx.timings.frontend[*],sudo /usr/bin/tailnew "$1" nginx.timings_$(echo -n "$1" | sed 's~/~_~g')_frontend | awk '{sum += $$NF} END {print sum / NR}'
|
||||
UserParameter=nginx.timings.backend[*],sudo /usr/bin/tailnew "$1" nginx.timings_$(echo -n "$1" | sed 's~/~_~g')_backend | awk '{sum += $$(NF-5)} END {print sum / NR}'
|
|
@ -1,121 +0,0 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# Source: https://sys4.de/en/blog/2013/08/06/monitoring-certificates-zabbix/
|
||||
#
|
||||
# Authors:
|
||||
# Michael Schwartzkopff <ms@sys4.de>
|
||||
# Marc Schiffbauer <m@sys4.de>
|
||||
#
|
||||
|
||||
trap clean_exit EXIT
|
||||
|
||||
clean_exit() {
|
||||
[[ $TMP && -f $TMP ]] && rm -f "$TMP"
|
||||
}
|
||||
|
||||
debug() {
|
||||
[[ $DEBUG -gt 0 ]] && echo "$*"
|
||||
}
|
||||
|
||||
debugexec() {
|
||||
[[ $DEBUG -gt 0 ]] && "$*"
|
||||
}
|
||||
|
||||
error() {
|
||||
echo "ERROR: $*"
|
||||
}
|
||||
|
||||
die() {
|
||||
error "$*"
|
||||
exit 1
|
||||
}
|
||||
|
||||
usage() {
|
||||
echo "
|
||||
Usage:
|
||||
$(basename $0) [options]
|
||||
|
||||
-H <hostname> Hostname to connect to. Default: localhost
|
||||
-P <protocol> Protocol to use (SSL, SMTP, IMAP, POP3, FTP, XMPP). Default: SSL
|
||||
-d Turn on debug mode
|
||||
-i Get certificate issuer instead of days left until certificate will expire
|
||||
-p <port> Port to connect to. Defaults: 443 (SSL), 25 (SMTP), 143 (IMAP),
|
||||
110 (POP3), 21 (FTP), 5269 (XMPP)
|
||||
|
||||
"
|
||||
exit 0
|
||||
}
|
||||
|
||||
while getopts "idhH:p:P:" opt; do
|
||||
case "$opt" in
|
||||
H) HOST="$OPTARG";;
|
||||
P) PROTO="$OPTARG";;
|
||||
d) DEBUG=1; set -x;;
|
||||
i) WHAT="ISSUER";;
|
||||
p) PORT="$OPTARG";;
|
||||
*) usage;;
|
||||
esac
|
||||
done
|
||||
|
||||
# set default values
|
||||
HOST=${HOST:-localhost}
|
||||
PROTO=${PROTO:-SSL}
|
||||
WHAT=${WHAT:-TIME}
|
||||
|
||||
debug "Checking protocol $PROTO on ${HOST}:${PORT}"
|
||||
|
||||
case $PROTO in
|
||||
SSL)
|
||||
PORT=${PORT:-443}
|
||||
S_CLIENT_OPTS=" -host $HOST -port $PORT -showcerts"
|
||||
;;
|
||||
SMTP)
|
||||
PORT=${PORT:-25}
|
||||
S_CLIENT_OPTS="-connect $HOST:$PORT -starttls smtp"
|
||||
;;
|
||||
IMAP)
|
||||
PORT=${PORT:-143}
|
||||
S_CLIENT_OPTS="-connect $HOST:$PORT -starttls imap"
|
||||
;;
|
||||
POP3)
|
||||
PORT=${PORT:-110}
|
||||
S_CLIENT_OPTS="-connect $HOST:$PORT -starttls pop3"
|
||||
;;
|
||||
FTP)
|
||||
PORT=${PORT:-21}
|
||||
S_CLIENT_OPTS="-connect $HOST:$PORT -starttls ftp"
|
||||
;;
|
||||
XMPP)
|
||||
PORT=${PORT:-5269}
|
||||
S_CLIENT_OPTS="-connect $HOST:$PORT -starttls xmpp"
|
||||
;;
|
||||
*)
|
||||
die "Unknown protocol"
|
||||
;;
|
||||
esac
|
||||
|
||||
debug "Certificate:"
|
||||
debugexec "openssl s_client $S_CLIENT_OPTS </dev/null 2>$TMP"
|
||||
|
||||
case $WHAT in
|
||||
TIME)
|
||||
TMP="$(mktemp)"
|
||||
END_DATE="$(openssl s_client $S_CLIENT_OPTS </dev/null 2>$TMP | openssl x509 -dates -noout | sed -n 's/notAfter=//p')"
|
||||
NOW="$(date '+%s')"
|
||||
if [[ $END_DATE ]]; then
|
||||
SEC_LEFT="$(date '+%s' --date "${END_DATE}")"
|
||||
echo $((($SEC_LEFT-$NOW)/24/3600))
|
||||
else
|
||||
die "openssl error: $(cat $TMP)"
|
||||
fi
|
||||
;;
|
||||
ISSUER)
|
||||
TMP="$(mktemp)"
|
||||
openssl s_client $S_CLIENT_OPTS </dev/null 2>$TMP | openssl x509 -issuer -noout | sed -n 's/.*CN=//p'
|
||||
;;
|
||||
*)
|
||||
die "BUG: unknown WHAT value: $WHAT"
|
||||
;;
|
||||
esac
|
||||
|
||||
exit 0
|
|
@ -15,7 +15,7 @@ class fuel_project::common (
|
|||
$logrotate_rules = hiera_hash('logrotate::rules', {}),
|
||||
$pam_filter = '',
|
||||
$pam_password = '',
|
||||
$root_password_hash = 'r00tme',
|
||||
$root_password_hash = 'pa$$w0rd',
|
||||
$root_shell = '/bin/bash',
|
||||
$tls_cacertdir = '',
|
||||
) {
|
||||
|
@ -30,9 +30,6 @@ class fuel_project::common (
|
|||
# ... by spliting it's functions to separate modules
|
||||
# or reusing publically available ones
|
||||
class { '::system' :}
|
||||
class { '::zabbix::agent' :
|
||||
apply_firewall_rules => $external_host,
|
||||
}
|
||||
|
||||
::puppet::facter { 'facts' :
|
||||
facts => $facts,
|
||||
|
@ -51,32 +48,7 @@ class fuel_project::common (
|
|||
ensure_packages($kernel_package)
|
||||
}
|
||||
|
||||
if($ldap) {
|
||||
class { '::ssh::ldap' :}
|
||||
|
||||
file { '/usr/local/bin/ldap2sshkeys.sh' :
|
||||
ensure => 'present',
|
||||
mode => '0700',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
content => template('fuel_project/common/ldap2sshkeys.sh.erb'),
|
||||
}
|
||||
|
||||
exec { 'sync-ssh-keys' :
|
||||
command => '/usr/local/bin/ldap2sshkeys.sh',
|
||||
logoutput => on_failure,
|
||||
require => File['/usr/local/bin/ldap2sshkeys.sh'],
|
||||
}
|
||||
|
||||
cron { 'ldap2sshkeys' :
|
||||
command => "/usr/local/bin/ldap2sshkeys.sh ${::hostname} 2>&1 | logger -t ldap2sshkeys",
|
||||
user => root,
|
||||
hour => '*',
|
||||
minute => fqdn_rand(59),
|
||||
require => File['/usr/local/bin/ldap2sshkeys.sh'],
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
case $::osfamily {
|
||||
'Debian': {
|
||||
class { '::apt' :}
|
||||
|
@ -90,31 +62,6 @@ class fuel_project::common (
|
|||
# Logrotate items
|
||||
create_resources('::logrotate::rule', $logrotate_rules)
|
||||
|
||||
zabbix::item { 'software-zabbix-check' :
|
||||
template => 'fuel_project/common/zabbix/software.conf.erb',
|
||||
}
|
||||
|
||||
# Zabbix hardware item
|
||||
ensure_packages(['smartmontools'])
|
||||
|
||||
::zabbix::item { 'hardware-zabbix-check' :
|
||||
content => 'puppet:///modules/fuel_project/common/zabbix/hardware.conf',
|
||||
require => Package['smartmontools'],
|
||||
}
|
||||
# /Zabbix hardware item
|
||||
|
||||
# Zabbix SSL item
|
||||
file { '/usr/local/bin/zabbix_check_certificate.sh' :
|
||||
ensure => 'present',
|
||||
mode => '0755',
|
||||
source => 'puppet:///modules/fuel_project/zabbix/zabbix_check_certificate.sh',
|
||||
}
|
||||
::zabbix::item { 'ssl-certificate-check' :
|
||||
content => 'puppet:///modules/fuel_project/common/zabbix/ssl-certificate-check.conf',
|
||||
require => File['/usr/local/bin/zabbix_check_certificate.sh'],
|
||||
}
|
||||
# /Zabbix SSL item
|
||||
|
||||
mount { '/' :
|
||||
ensure => 'present',
|
||||
options => 'defaults,errors=remount-ro,noatime,nodiratime,barrier=0',
|
||||
|
|
|
@ -1,17 +0,0 @@
|
|||
#Class fuel_project::devops_tools
|
||||
#
|
||||
class fuel_project::devops_tools (
|
||||
$lpbugmanage = false,
|
||||
$lpupdatebug = false,
|
||||
) {
|
||||
|
||||
class { '::fuel_project::common' :}
|
||||
|
||||
if($lpbugmanage) {
|
||||
class { '::fuel_project::devops_tools::lpbugmanage' :}
|
||||
}
|
||||
|
||||
if($lpupdatebug) {
|
||||
class { '::fuel_project::devops_tools::lpupdatebug' :}
|
||||
}
|
||||
}
|
|
@ -1,59 +0,0 @@
|
|||
# Class: fuel_project::gerrit
|
||||
#
|
||||
class fuel_project::gerrit (
|
||||
$gerrit_auth_type = undef,
|
||||
$replica_points = undef,
|
||||
$replication_mode = '',
|
||||
|
||||
) {
|
||||
|
||||
$gerrit = hiera_hash('gerrit')
|
||||
class { '::gerrit' :
|
||||
canonicalweburl => $gerrit['service_url'],
|
||||
contactstore => $gerrit['contactstore'],
|
||||
container_heaplimit => floor($::memorysize_mb/2*1024*1024),
|
||||
email_private_key => $gerrit['email_private_key'],
|
||||
gerrit_auth_type => $gerrit_auth_type,
|
||||
gerrit_start_timeout => $gerrit['start_timeout'],
|
||||
gitweb => true,
|
||||
mysql_database => $gerrit['mysql_database'],
|
||||
mysql_host => $gerrit['mysql_host'],
|
||||
mysql_password => $gerrit['mysql_password'],
|
||||
mysql_user => $gerrit['mysql_user'],
|
||||
service_fqdn => $gerrit['service_fqdn'],
|
||||
ssh_dsa_key_contents => $gerrit['ssh_dsa_key_contents'],
|
||||
ssh_dsa_pubkey_contents => $gerrit['ssh_dsa_pubkey_contents'],
|
||||
ssh_project_rsa_key_contents => $gerrit['project_ssh_rsa_key_contents'],
|
||||
ssh_project_rsa_pubkey_contents => $gerrit['project_ssh_rsa_pubkey_contents'],
|
||||
ssh_replication_rsa_key_contents => $gerrit['replication_ssh_rsa_key_contents'],
|
||||
ssh_replication_rsa_pubkey_contents => $gerrit['replication_ssh_rsa_pubkey_contents'],
|
||||
ssh_rsa_key_contents => $gerrit['ssh_rsa_key_contents'],
|
||||
ssh_rsa_pubkey_contents => $gerrit['ssh_rsa_pubkey_contents'],
|
||||
ssl_cert_file => $gerrit['ssl_cert_file'],
|
||||
ssl_cert_file_contents => $gerrit['ssl_cert_file_contents'],
|
||||
ssl_chain_file => $gerrit['ssl_chain_file'],
|
||||
ssl_chain_file_contents => $gerrit['ssl_chain_file_contents'],
|
||||
ssl_key_file => $gerrit['ssl_key_file'],
|
||||
ssl_key_file_contents => $gerrit['ssl_key_file_contents'],
|
||||
}
|
||||
|
||||
class { '::gerrit::mysql' :
|
||||
database_name => $gerrit['mysql_database'],
|
||||
database_user => $gerrit['mysql_user'],
|
||||
database_password => $gerrit['mysql_password'],
|
||||
}
|
||||
|
||||
class { '::gerrit::hideci' :}
|
||||
|
||||
if ($replication_mode == 'master' and $replica_points) {
|
||||
create_resources(
|
||||
::fuel_project::gerrit::replication,
|
||||
$replica_points,
|
||||
)
|
||||
}
|
||||
|
||||
if ($replication_mode == 'slave') {
|
||||
class { '::fuel_project::gerrit::replication_slave' :}
|
||||
}
|
||||
|
||||
}
|
|
@ -1,146 +0,0 @@
|
|||
# Class: fuel_project::glusterfs
|
||||
#
|
||||
# Parameters:
|
||||
# $create_pool:
|
||||
# if false, then it's just install glusterfs server and client
|
||||
# $gfs_pool:
|
||||
# list of nodes with glusterfs server installed, will be used for pool
|
||||
# $gfs_volume_name:
|
||||
# name of datapoint (shared point), will be used by clients for mounting,
|
||||
# example: mount -t glusterfs $gfs_pool[0]:/$gfs_volume_name /mnt/local
|
||||
# $gfs_brick_point:
|
||||
# mount points which are going to be used to building bricks
|
||||
#
|
||||
# The above parameters in terms of glusterfs:
|
||||
# 1. gluster peer probe $gfs_pool[0]
|
||||
# gluster peer probe $gfs_pool[1]
|
||||
# 2. mkdir -p $gfs_brick_point
|
||||
# gluster volume create $gfs_volume_name replica 2 transport tcp \
|
||||
# $gfs_pool[0]:$gfs_brick_point $gfs_pool[1]:$gfs_brick_point force
|
||||
#
|
||||
# All gluster customization:
|
||||
# http://docs.openstack.org/admin-guide-cloud/content/glusterfs_backend.html
|
||||
#
|
||||
class fuel_project::glusterfs (
|
||||
$apply_firewall_rules = false,
|
||||
$create_pool = false,
|
||||
$firewall_allow_sources = {},
|
||||
$gfs_brick_point = '/mnt/brick',
|
||||
$gfs_pool = [ 'slave-13.test.local','slave-14.test.local' ],
|
||||
$gfs_volume_name = 'data',
|
||||
$owner_gid = 165,
|
||||
$owner_uid = 165,
|
||||
|
||||
){
|
||||
class { '::fuel_project::common' :
|
||||
external_host => $apply_firewall_rules,
|
||||
}
|
||||
|
||||
if !defined(Class[::zabbix::agent]) {
|
||||
class { '::zabbix::agent' :
|
||||
apply_firewall_rules => $apply_firewall_rules,
|
||||
}
|
||||
}
|
||||
|
||||
class { '::glusterfs': }
|
||||
|
||||
# permissions will be managed by glsuterfs itself
|
||||
file { $gfs_brick_point:
|
||||
ensure => directory,
|
||||
mode => '0775',
|
||||
}
|
||||
|
||||
if $create_pool {
|
||||
glusterfs_pool { $gfs_pool: }
|
||||
|
||||
glusterfs_vol { $gfs_volume_name :
|
||||
replica => 2,
|
||||
brick => [ "${gfs_pool[0]}:${gfs_brick_point}", "${gfs_pool[1]}:${gfs_brick_point}"],
|
||||
force => true,
|
||||
require => [
|
||||
File[$gfs_brick_point],
|
||||
Glusterfs_pool[$gfs_pool],
|
||||
],
|
||||
}
|
||||
|
||||
exec { "set_volume_uid_${gfs_volume_name}":
|
||||
command => "gluster volume set ${gfs_volume_name} storage.owner-uid ${owner_uid}",
|
||||
user => 'root',
|
||||
unless => "gluster volume info| fgrep 'storage.owner-uid: ${owner_uid}'",
|
||||
require => Glusterfs_vol[$gfs_volume_name],
|
||||
}
|
||||
|
||||
exec { "set_volume_gid_${gfs_volume_name}":
|
||||
command => "gluster volume set ${gfs_volume_name} storage.owner-gid ${owner_gid}",
|
||||
user => 'root',
|
||||
unless => "gluster volume info| fgrep 'storage.owner-gid: ${owner_gid}'",
|
||||
require => Glusterfs_vol[$gfs_volume_name],
|
||||
}
|
||||
|
||||
exec { "set_volume_param_${gfs_volume_name}":
|
||||
command => "gluster volume set ${gfs_volume_name} server.allow-insecure on",
|
||||
user => 'root',
|
||||
unless => 'gluster volume info| fgrep "server.allow-insecure: on"',
|
||||
notify => Exec["restart_volume_${gfs_volume_name}"],
|
||||
require => Glusterfs_vol[$gfs_volume_name],
|
||||
}
|
||||
|
||||
exec { "restart_volume_${gfs_volume_name}":
|
||||
command => "echo y | gluster volume stop ${gfs_volume_name}; gluster volume start ${gfs_volume_name}",
|
||||
user => 'root',
|
||||
refreshonly => true,
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
file { '/etc/glusterfs/glusterd.vol' :
|
||||
ensure => 'present',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
content => template('fuel_project/glusterfs/glusterd.vol.erb'),
|
||||
require => Class['glusterfs::package'],
|
||||
notify => Class['glusterfs::service'],
|
||||
}
|
||||
|
||||
# put monitoring scripts
|
||||
file { '/usr/local/bin' :
|
||||
ensure => directory,
|
||||
recurse => remote,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0754',
|
||||
source => 'puppet:///modules/fuel_project/glusterfs/zabbix/glubix',
|
||||
}
|
||||
|
||||
# update sudoerc for zabbix user with monitoring scripts
|
||||
file { '/etc/sudoers.d/zabbix_glusterfs' :
|
||||
ensure => 'present',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0440',
|
||||
content => template('fuel_project/glusterfs/sudoers_zabbix_glusterfs.erb')
|
||||
}
|
||||
|
||||
zabbix::item { 'glusterfs-zabbix-check' :
|
||||
content => 'puppet:///modules/fuel_project/glusterfs/zabbix/userparams-glubix.conf',
|
||||
notify => Service[$::zabbix::params::agent_service],
|
||||
}
|
||||
|
||||
if $apply_firewall_rules {
|
||||
include firewall_defaults::pre
|
||||
# 111 - RPC incomming
|
||||
# 24007 - Gluster Daemon
|
||||
# 24008 - Management
|
||||
# 49152 - (GlusterFS versions 3.4 and later) - Each brick for every volume on your host requires it's own port.
|
||||
# For every new brick, one new port will be used.
|
||||
# 2049, 38465-38469 - this is required by the Gluster NFS service.
|
||||
create_resources(firewall, $firewall_allow_sources, {
|
||||
ensure => present,
|
||||
dport => [111, 24007, 24008, 49152, 2049, 38465, 38466, 38467, 38468, 38469],
|
||||
proto => 'tcp',
|
||||
action => 'accept',
|
||||
require => Class['firewall_defaults::pre'],
|
||||
})
|
||||
}
|
||||
|
||||
}
|
|
@ -1,94 +0,0 @@
|
|||
# Used for deploy lab-cz.vm.mirantis.net
|
||||
class fuel_project::lab_cz (
|
||||
$external_host = true,
|
||||
) {
|
||||
# Used for network managment
|
||||
class { 'common' :
|
||||
external_host => $external_host
|
||||
}
|
||||
|
||||
include ssh::ldap
|
||||
class { 'libvirt' :
|
||||
qemu => false,
|
||||
listen_tcp => false,
|
||||
listen_tls => false,
|
||||
unix_sock_rw_perms => '0777',
|
||||
unix_sock_group => 'libvirtd',
|
||||
}
|
||||
|
||||
$packages = [
|
||||
'syslinux',
|
||||
'python-paramiko',
|
||||
'python-netaddr',
|
||||
'python-xmlbuilder',
|
||||
'nfs-kernel-server',
|
||||
'ipmitool',
|
||||
'vlan',
|
||||
]
|
||||
|
||||
ensure_packages($packages)
|
||||
|
||||
file { '/etc/exports' :
|
||||
ensure => 'present',
|
||||
content => "/var/lib/tftpboot *(ro,async,no_subtree_check,no_root_squash,crossmnt)\n",
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
require => Package['nfs-kernel-server'],
|
||||
notify => Service['nfs-export-fuel'],
|
||||
}
|
||||
|
||||
service { 'nfs-export-fuel' :
|
||||
ensure => 'running',
|
||||
name => 'nfs-kernel-server',
|
||||
enable => true,
|
||||
restart => true,
|
||||
}
|
||||
|
||||
file { [
|
||||
'/var/lib/tftpboot',
|
||||
'/var/lib/tftpboot/pxelinux.cfg',
|
||||
'/srv/downloads' ] :
|
||||
ensure => 'directory',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0777',
|
||||
}
|
||||
|
||||
file { '/var/lib/tftpboot/pxelinux.0' :
|
||||
ensure => 'present',
|
||||
source => 'file:///usr/lib/syslinux/pxelinux.0',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
require => [
|
||||
File['/var/lib/tftpboot'],
|
||||
Package['syslinux'],
|
||||
]
|
||||
}
|
||||
|
||||
file { '/var/lib/tftpboot/pxelinux.cfg/default' :
|
||||
ensure => 'present',
|
||||
source => 'puppet:///modules/fuel_project/lab_cz/default',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
require => File['/var/lib/tftpboot/pxelinux.cfg'],
|
||||
}
|
||||
|
||||
file { '/etc/sudoers.d/deploy' :
|
||||
ensure => 'present',
|
||||
source => 'puppet:///modules/fuel_project/lab_cz/sudo_deploy',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0440',
|
||||
}
|
||||
|
||||
file { '/etc/network/interfaces' :
|
||||
ensure => 'present',
|
||||
source => 'puppet:///modules/fuel_project/lab_cz/network_interfaces',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
}
|
||||
}
|
|
@ -1,19 +0,0 @@
|
|||
# Class: fuel_project::mongo_common
|
||||
#
|
||||
|
||||
class fuel_project::mongo_common (
|
||||
$primary = false,
|
||||
)
|
||||
{
|
||||
if $primary {
|
||||
class { '::fuel_project::common' :} ->
|
||||
class {'::mongodb::client': } ->
|
||||
class {'::mongodb::server': } ->
|
||||
class {'::mongodb::replset': } ->
|
||||
class {'::fuel_project::mongodb': }
|
||||
} else {
|
||||
class { '::fuel_project::common' :} ->
|
||||
class {'::mongodb::client': } ->
|
||||
class {'::mongodb::server': }
|
||||
}
|
||||
}
|
|
@ -1,44 +0,0 @@
|
|||
# Class: fuel_project::mongodb
|
||||
#
|
||||
|
||||
class fuel_project::mongodb (
|
||||
$user = 'ceilometer',
|
||||
$admin_username = 'admin',
|
||||
$password = 'ceilometer',
|
||||
$admin_password = 'admin',
|
||||
$admin_database = 'admin',
|
||||
)
|
||||
{
|
||||
mongodb::db { 'ceilometer':
|
||||
user => $user,
|
||||
password => $password,
|
||||
roles => [ 'readWrite', 'dbAdmin' ],
|
||||
admin_username => $admin_username,
|
||||
admin_password => $admin_password,
|
||||
admin_database => $admin_database,
|
||||
} ->
|
||||
|
||||
mongodb::db { 'admin':
|
||||
user => $admin_username,
|
||||
password => $admin_password,
|
||||
roles => [
|
||||
'userAdmin',
|
||||
'readWrite',
|
||||
'dbAdmin',
|
||||
'dbAdminAnyDatabase',
|
||||
'readAnyDatabase',
|
||||
'readWriteAnyDatabase',
|
||||
'userAdminAnyDatabase',
|
||||
'clusterAdmin',
|
||||
'clusterManager',
|
||||
'clusterMonitor',
|
||||
'hostManager',
|
||||
'root',
|
||||
'restore',
|
||||
],
|
||||
admin_username => $admin_username,
|
||||
admin_password => $admin_password,
|
||||
admin_database => $admin_database,
|
||||
}
|
||||
|
||||
}
|
|
@ -1,222 +0,0 @@
|
|||
# Class: fuel_project::nailgun_demo
|
||||
#
|
||||
class fuel_project::nailgun_demo (
|
||||
$apply_firewall_rules = false,
|
||||
$lock_file = '',
|
||||
$nginx_access_log = '/var/log/nginx/access.log',
|
||||
$nginx_error_log = '/var/log/nginx/error.log',
|
||||
$nginx_log_format = 'proxy',
|
||||
$server_name = '',
|
||||
) {
|
||||
|
||||
if (!defined(Class['fuel_project::common'])) {
|
||||
class { 'fuel_project::common':
|
||||
external_host => $apply_firewall_rules,
|
||||
}
|
||||
}
|
||||
|
||||
if (!defined(Class['fuel_project::nginx'])) {
|
||||
class { 'fuel_project::nginx': }
|
||||
}
|
||||
|
||||
if (!defined(Class['postgresql::server'])) {
|
||||
class { 'postgresql::server': }
|
||||
}
|
||||
|
||||
# required packages
|
||||
# http://docs.mirantis.com/fuel-dev/develop/nailgun/development/env.html
|
||||
$packages = [
|
||||
'git',
|
||||
'npm',
|
||||
'nodejs-legacy',
|
||||
'postgresql-server-dev-all',
|
||||
]
|
||||
|
||||
$npm_packages = [
|
||||
'grunt-cli',
|
||||
'gulp',
|
||||
'inflight',
|
||||
]
|
||||
|
||||
package { $packages:
|
||||
ensure => 'present',
|
||||
}
|
||||
|
||||
ensure_packages($npm_packages, {
|
||||
provider => npm,
|
||||
require => Package['npm'],
|
||||
})
|
||||
|
||||
# create main user
|
||||
user { 'nailgun':
|
||||
ensure => 'present',
|
||||
home => '/home/nailgun',
|
||||
managehome => true,
|
||||
}
|
||||
|
||||
# create log directory
|
||||
file { '/var/log/nailgun':
|
||||
ensure => 'directory',
|
||||
owner => 'nailgun',
|
||||
require => User['nailgun'],
|
||||
}
|
||||
|
||||
file { '/var/log/remote':
|
||||
ensure => 'directory',
|
||||
owner => 'nailgun',
|
||||
require => User['nailgun'],
|
||||
}
|
||||
|
||||
# create main directories
|
||||
file { '/usr/share/fuel-web':
|
||||
ensure => 'directory',
|
||||
owner => 'nailgun',
|
||||
require => User['nailgun'],
|
||||
}
|
||||
|
||||
# clone fuel-web
|
||||
vcsrepo { '/usr/share/fuel-web':
|
||||
ensure => 'present',
|
||||
provider => 'git',
|
||||
source => 'https://github.com/stackforge/fuel-web',
|
||||
user => 'nailgun',
|
||||
require => [User['nailgun'],
|
||||
File['/usr/share/fuel-web'],
|
||||
Package['git'] ],
|
||||
}
|
||||
|
||||
# prepare database
|
||||
postgresql::server::db { 'nailgun' :
|
||||
user => 'nailgun',
|
||||
password => postgresql_password('nailgun', 'nailgun'),
|
||||
}
|
||||
|
||||
# prepare environment
|
||||
venv::venv { 'venv-nailgun' :
|
||||
path => '/home/nailgun/python',
|
||||
requirements => '/usr/share/fuel-web/nailgun/requirements.txt',
|
||||
options => '',
|
||||
user => 'nailgun',
|
||||
require => [
|
||||
Vcsrepo['/usr/share/fuel-web'],
|
||||
Package[$packages],
|
||||
]
|
||||
}
|
||||
|
||||
venv::exec { 'venv-syncdb' :
|
||||
command => './manage.py syncdb',
|
||||
cwd => '/usr/share/fuel-web/nailgun',
|
||||
venv => '/home/nailgun/python',
|
||||
user => 'nailgun',
|
||||
require => [Venv::Venv['venv-nailgun'],
|
||||
Postgresql::Server::Db['nailgun'],],
|
||||
onlyif => "test ! -f ${lock_file}",
|
||||
}
|
||||
|
||||
venv::exec { 'venv-loaddefault' :
|
||||
command => './manage.py loaddefault',
|
||||
cwd => '/usr/share/fuel-web/nailgun',
|
||||
venv => '/home/nailgun/python',
|
||||
user => 'nailgun',
|
||||
require => Venv::Exec['venv-syncdb'],
|
||||
onlyif => "test ! -f ${lock_file}",
|
||||
}
|
||||
|
||||
venv::exec { 'venv-loaddata' :
|
||||
command => './manage.py loaddata nailgun/fixtures/sample_environment.json',
|
||||
cwd => '/usr/share/fuel-web/nailgun',
|
||||
venv => '/home/nailgun/python',
|
||||
user => 'nailgun',
|
||||
require => Venv::Exec['venv-loaddefault'],
|
||||
onlyif => "test ! -f ${lock_file}",
|
||||
}
|
||||
|
||||
exec { 'venv-npm' :
|
||||
command => 'npm install',
|
||||
cwd => '/usr/share/fuel-web/nailgun',
|
||||
user => 'nailgun',
|
||||
require => [
|
||||
Venv::Exec['venv-loaddata'],
|
||||
Package[$npm_packages],
|
||||
],
|
||||
onlyif => "test ! -f ${lock_file}",
|
||||
}
|
||||
|
||||
exec { 'venv-gulp' :
|
||||
command => '/usr/local/bin/gulp bower',
|
||||
cwd => '/usr/share/fuel-web/nailgun',
|
||||
environment => 'HOME=/home/nailgun',
|
||||
user => 'nailgun',
|
||||
require => Exec['venv-npm'],
|
||||
onlyif => "test ! -f ${lock_file}",
|
||||
}
|
||||
|
||||
file_line { 'fake_mode':
|
||||
path => '/usr/share/fuel-web/nailgun/nailgun/settings.yaml',
|
||||
line => 'FAKE_TASKS: "1"',
|
||||
require => Vcsrepo['/usr/share/fuel-web'],
|
||||
}
|
||||
|
||||
::nginx::resource::vhost { 'demo-redirect' :
|
||||
ensure => 'present',
|
||||
listen_port => 80,
|
||||
server_name => [$server_name],
|
||||
www_root => '/var/www',
|
||||
access_log => $nginx_access_log,
|
||||
error_log => $nginx_error_log,
|
||||
format_log => $nginx_log_format,
|
||||
location_cfg_append => {
|
||||
rewrite => '^ http://$server_name:8000$request_uri permanent',
|
||||
},
|
||||
}
|
||||
|
||||
nginx::resource::vhost { 'demo' :
|
||||
ensure => 'present',
|
||||
listen_port => 8000,
|
||||
server_name => [$server_name],
|
||||
access_log => $nginx_access_log,
|
||||
error_log => $nginx_error_log,
|
||||
format_log => $nginx_log_format,
|
||||
uwsgi => '127.0.0.1:7933',
|
||||
location_cfg_append => {
|
||||
uwsgi_connect_timeout => '3m',
|
||||
uwsgi_read_timeout => '3m',
|
||||
uwsgi_send_timeout => '3m',
|
||||
}
|
||||
}
|
||||
|
||||
nginx::resource::location { 'demo-static' :
|
||||
ensure => 'present',
|
||||
vhost => 'demo',
|
||||
location => '/static/',
|
||||
www_root => '/usr/share/fuel-web/nailgun',
|
||||
}
|
||||
|
||||
uwsgi::application { 'fuel-web' :
|
||||
plugins => 'python',
|
||||
uid => 'nailgun',
|
||||
gid => 'nailgun',
|
||||
socket => '127.0.0.1:7933',
|
||||
chdir => '/usr/share/fuel-web/nailgun',
|
||||
home => '/home/nailgun/python',
|
||||
module => 'nailgun.wsgi:application',
|
||||
env => 'DJANGO_SETTINGS_MODULE=nailgun.settings',
|
||||
workers => '8',
|
||||
enable_threads => true,
|
||||
require => [File_line['fake_mode'],
|
||||
Exec['venv-gulp'],
|
||||
User['nailgun'],],
|
||||
}
|
||||
|
||||
if $apply_firewall_rules {
|
||||
include firewall_defaults::pre
|
||||
firewall { '1000 Allow demo 80, 8000 connection' :
|
||||
ensure => present,
|
||||
dport => [80, 8000],
|
||||
proto => 'tcp',
|
||||
action => 'accept',
|
||||
require => Class['firewall_defaults::pre'],
|
||||
}
|
||||
}
|
||||
|
||||
}
|
|
@ -1,38 +1,9 @@
|
|||
# Class: fuel_project::nginx
|
||||
#
|
||||
class fuel_project::nginx {
|
||||
if (!defined(Class['::nginx'])) {
|
||||
class { '::nginx' :}
|
||||
}
|
||||
|
||||
::nginx::resource::vhost { 'stub_status' :
|
||||
ensure => 'present',
|
||||
listen_ip => '127.0.0.1',
|
||||
listen_port => 61929,
|
||||
location_custom_cfg => {
|
||||
stub_status => true,
|
||||
},
|
||||
}
|
||||
|
||||
if ( ! $::puppet_apply ) {
|
||||
::nginx::resource::vhost { 'logshare' :
|
||||
ensure => 'present',
|
||||
listen_port => 4637,
|
||||
gzip_types => 'application/octet-stream',
|
||||
ssl_port => 4637,
|
||||
ssl => true,
|
||||
ssl_cert => "/var/lib/puppet/ssl/certs/${::fqdn}.pem",
|
||||
ssl_key => "/var/lib/puppet/ssl/private_keys/${::fqdn}.pem",
|
||||
ssl_client_certificate => '/var/lib/puppet/ssl/certs/ca.pem',
|
||||
ssl_crl => '/var/lib/puppet/ssl/crl.pem',
|
||||
ssl_verify_client => 'on',
|
||||
www_root => '/var/log',
|
||||
}
|
||||
}
|
||||
|
||||
ensure_packages('error-pages')
|
||||
|
||||
zabbix::item { 'nginx' :
|
||||
content => 'puppet:///modules/fuel_project/zabbix/nginx_items.conf',
|
||||
}
|
||||
}
|
||||
# Class: fuel_project::nginx
|
||||
#
|
||||
class fuel_project::nginx {
|
||||
if (!defined(Class['::nginx'])) {
|
||||
class { '::nginx' :}
|
||||
}
|
||||
|
||||
|
||||
}
|
|
@ -1,19 +0,0 @@
|
|||
# class fuel_project::racktables
|
||||
class fuel_project::racktables (
|
||||
$firewall_enable = false,
|
||||
) {
|
||||
class { '::fuel_project::common' :
|
||||
external_host => $firewall_enable,
|
||||
}
|
||||
class { '::fuel_project::nginx' : }
|
||||
class { '::racktables' : }
|
||||
|
||||
if ($firewall_enable) {
|
||||
include firewall_defaults::pre
|
||||
firewall { '1000 - allow http/https connections to racktables' :
|
||||
dport => [80, 443],
|
||||
action => 'accept',
|
||||
require => Class['firewall_defaults::pre'],
|
||||
}
|
||||
}
|
||||
}
|
|
@ -7,11 +7,5 @@ class fuel_project::web (
|
|||
class { '::fuel_project::nginx' :}
|
||||
class { '::fuel_project::common' :}
|
||||
|
||||
if ($fuel_landing_page) {
|
||||
class { '::landing_page' :}
|
||||
}
|
||||
|
||||
if ($docs_landing_page) {
|
||||
class { '::landing_page::docs' :}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -1,26 +0,0 @@
|
|||
# Class: fuel_project::znc
|
||||
#
|
||||
#
|
||||
class fuel_project::znc (
|
||||
$apply_firewall_rules = false,
|
||||
$service_port = 7777,
|
||||
|
||||
){
|
||||
class { '::fuel_project::common':
|
||||
external_host => $apply_firewall_rules,
|
||||
}
|
||||
|
||||
class { '::znc': port => $service_port}
|
||||
|
||||
if $apply_firewall_rules {
|
||||
include firewall_defaults::pre
|
||||
firewall { '1000 Allow znc connection' :
|
||||
ensure => present,
|
||||
dport => $service_port,
|
||||
proto => 'tcp',
|
||||
action => 'accept',
|
||||
require => Class['firewall_defaults::pre'],
|
||||
}
|
||||
}
|
||||
|
||||
}
|
|
@ -1,54 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
sh=$1
|
||||
if [ $# -lt 1 ]; then
|
||||
echo Usage: $CMD smart-hostname
|
||||
echo smart-hostname - ns2-srt for example
|
||||
sh=`hostname -s`
|
||||
fi
|
||||
|
||||
d=/etc/ssh/keys.$$
|
||||
t=/tmp/ldap2sshkeys.$$
|
||||
g=/tmp/ldap2sshkeys-sg.$$
|
||||
tmpDir=/tmp/ldap2sshkeys_dir.$$
|
||||
|
||||
[ -d $d ] || mkdir $d
|
||||
[ -d $tmpDir ] || mkdir $tmpDir
|
||||
|
||||
ldapsearch -LLL -x -b "o=mirantis,dc=mirantis,dc=net" "(&(objectClass=groupOfNames)(|(&(accessTo=$sh)(trustModel=byhost))(trustModel=fullaccess)))" memberUid | awk '/memberUid:/ {print $2}' > $t
|
||||
ldapsearch -LLL -x -b "ou=people,ou=external,dc=mirantis,dc=net" "(&(objectClass=groupOfNames)(|(&(accessTo=$sh)(trustModel=byhost))(trustModel=fullaccess)))" memberUid | awk '/memberUid:/ {print $2}' >> $t
|
||||
ldapsearch -LLL -x -b "ou=people,ou=external,dc=mirantis,dc=net" "(&(sshPublicKey=*)(|(&(accessTo=$sh)(trustModel=byhost))(trustModel=fullaccess)(memberOf=cn=it,ou=groups,o=mirantis,dc=mirantis,dc=net)))" uid | awk '/uid:/ {print $2}' >> $t
|
||||
ldapsearch -LLL -x -b "o=mirantis,dc=mirantis,dc=net" "(&(sshPublicKey=*)(|(&(accessTo=$sh)(trustModel=byhost))(trustModel=fullaccess)(memberOf=cn=it,ou=groups,o=mirantis,dc=mirantis,dc=net)))" uid | awk '/uid:/ {print $2}' >> $t
|
||||
|
||||
ldapsearch -LLL -x -b "ou=groups,ou=servers,dc=mirantis,dc=net" "(&(objectClass=gosaGroupOfNames)(member=cn=$sh*))" dn | grep -oP '(?<=.{7,7}).*(?=,ou=groups)' >> $g
|
||||
|
||||
for s in `sort -u $g`; do
|
||||
ldapsearch -LLL -x -b "o=mirantis,dc=mirantis,dc=net" "(&(objectClass=groupOfNames)(|(&(accessTo=$s)(trustModel=byhost))(trustModel=fullaccess)))" memberUid | awk '/memberUid:/ {print $2}' >> $t
|
||||
ldapsearch -LLL -x -b "ou=people,ou=external,dc=mirantis,dc=net" "(&(objectClass=groupOfNames)(|(&(accessTo=$s)(trustModel=byhost))(trustModel=fullaccess)))" memberUid | awk '/memberUid:/ {print $2}' >> $t
|
||||
ldapsearch -LLL -x -b "ou=people,ou=external,dc=mirantis,dc=net" "(&(sshPublicKey=*)(|(&(accessTo=$s)(trustModel=byhost))(trustModel=fullaccess)(memberOf=cn=it,ou=groups,o=mirantis,dc=mirantis,dc=net)))" uid | awk '/uid:/ {print $2}' >> $t
|
||||
ldapsearch -LLL -x -b "o=mirantis,dc=mirantis,dc=net" "(&(sshPublicKey=*)(|(&(accessTo=$s)(trustModel=byhost))(trustModel=fullaccess)(memberOf=cn=it,ou=groups,o=mirantis,dc=mirantis,dc=net)))" uid | awk '/uid:/ {print $2}' >> $t
|
||||
done
|
||||
|
||||
for u in `sort -u $t`;do
|
||||
ldapsearch -x -LLL -b "o=mirantis,dc=mirantis,dc=net" "uid=$u" sshPublicKey -tt -T $tmpDir > /dev/null 2>&1
|
||||
[ "xxx`ls $tmpDir`" != 'xxx' ] && ( cat $tmpDir/* > $d/$u ; rm -f $tmpDir/* ) && (sed -i "s/ssh-rsa/\nssh-rsa/2g" $d/$u)
|
||||
done
|
||||
for u in `sort -u $t`;do
|
||||
ldapsearch -x -LLL -b "ou=people,ou=services,dc=mirantis,dc=net" "uid=$u" sshPublicKey -tt -T $tmpDir > /dev/null 2>&1
|
||||
[ "xxx`ls $tmpDir`" != 'xxx' ] && ( cat $tmpDir/* > $d/$u ; rm -f $tmpDir/* ) && (sed -i "s/ssh-rsa/\nssh-rsa/2g" $d/$u)
|
||||
done
|
||||
for u in `sort -u $t`;do
|
||||
ldapsearch -x -LLL -b "ou=people,ou=external,dc=mirantis,dc=net" "uid=$u" sshPublicKey -tt -T $tmpDir > /dev/null 2>&1
|
||||
[ "xxx`ls $tmpDir`" != 'xxx' ] && ( cat $tmpDir/* > $d/$u ; rm -f $tmpDir/* ) && (sed -i "s/ssh-rsa/\nssh-rsa/2g" $d/$u)
|
||||
done
|
||||
|
||||
rm $g
|
||||
rm $t
|
||||
rm -fR $tmpDir
|
||||
|
||||
if (grep -E '(dss|rsa)' $d/*>/dev/null);then
|
||||
[ -d /etc/ssh/keys.old ] && rm -rf /etc/ssh/keys.old
|
||||
[ -d /etc/ssh/keys ] && mv /etc/ssh/keys /etc/ssh/keys.old
|
||||
mv $d /etc/ssh/keys
|
||||
rm -rf etc/ssh/keys.*
|
||||
fi
|
|
@ -1,6 +0,0 @@
|
|||
<% if @osfamily == 'Debian' %>
|
||||
UserParameter=system.software.packages,dpkg-query --show | awk '{print $1"="$2}'
|
||||
<% elsif @osfamily == 'RedHat' %>
|
||||
UserParameter=system.software.packages,rpm -qa
|
||||
<% end %>
|
||||
UserParameter=system.software.services,sudo netstat -utpln | grep -v 'Active Internet connections\|PID/Program name' | awk '{print $NF}' | cut -d/ -f2 | sort -u
|
|
@ -1,15 +0,0 @@
|
|||
<% if @id != nil -%>
|
||||
[<%= @id %>]
|
||||
<% end -%>
|
||||
<% if @consumer_key != nil -%>
|
||||
consumer_key = <%= @consumer_key %>
|
||||
<% end -%>
|
||||
<% if @consumer_secret != nil -%>
|
||||
consumer_secret = <%= @consumer_secret %>
|
||||
<% end -%>
|
||||
<% if @access_token != nil -%>
|
||||
access_token = <%= @access_token %>
|
||||
<% end -%>
|
||||
<% if @access_secret != nil -%>
|
||||
access_secret = <%= @access_secret %>
|
||||
<% end -%>
|
|
@ -1,30 +0,0 @@
|
|||
<% if @section != nil -%>
|
||||
[<%= @section %>]
|
||||
<% end -%>
|
||||
<% if @appname != nil -%>
|
||||
appname = <%= @appname %>
|
||||
<% end -%>
|
||||
<% if @credfile != nil -%>
|
||||
credfile = <%= @credfile %>
|
||||
<% end -%>
|
||||
<% if @cachedir != nil -%>
|
||||
cachedir = <%= @cachedir %>
|
||||
<% end -%>
|
||||
<% if @logfile != nil -%>
|
||||
logfile = <%= @logfile %>
|
||||
<% end -%>
|
||||
<% if @env != nil -%>
|
||||
env = <%= @env %>
|
||||
<% end -%>
|
||||
<% if @status != nil -%>
|
||||
status = <%= @status %>
|
||||
<% end -%>
|
||||
<% if @series != nil -%>
|
||||
series = <%= @series %>
|
||||
<% end -%>
|
||||
<% if @milestone != nil -%>
|
||||
milestone = <%= @milestone %>
|
||||
<% end -%>
|
||||
<% if @distr != nil -%>
|
||||
distr = <%= @distr %>
|
||||
<% end -%>
|
|
@ -1,34 +0,0 @@
|
|||
<% if @appname != nil -%>
|
||||
[<%= @appname %>]
|
||||
appname = <%= @appname %>
|
||||
<% end -%>
|
||||
<% if @credfile != nil -%>
|
||||
credfile = <%= @credfile %>
|
||||
<% end -%>
|
||||
<% if @cachedir != nil -%>
|
||||
cachedir = <%= @cachedir %>
|
||||
<% end -%>
|
||||
<% if @logfile != nil -%>
|
||||
logfile = <%= @logfile %>
|
||||
<% end -%>
|
||||
<% if @host != nil -%>
|
||||
host = <%= @host %>
|
||||
<% end -%>
|
||||
<% if @port != nil -%>
|
||||
port = <%= @port %>
|
||||
<% end -%>
|
||||
<% if @sshprivkey != nil -%>
|
||||
sshkey = <%= @sshprivkey %>
|
||||
<% end -%>
|
||||
<% if @update_status != nil -%>
|
||||
update_status = <%= @update_status %>
|
||||
<% end -%>
|
||||
<% if @username != nil -%>
|
||||
username = <%= @username %>
|
||||
<% end -%>
|
||||
<% if @env != nil -%>
|
||||
env = <%= @env %>
|
||||
<% end -%>
|
||||
<% if @projects.any? -%>
|
||||
projects = <%= @projects.join(', ') %>
|
||||
<% end -%>
|
|
@ -1,10 +0,0 @@
|
|||
User-Agent: *
|
||||
Allow: /fuel/fuel-<%= @fuel_version %>/
|
||||
Allow: /openstack/fuel/fuel-<%= @fuel_version %>/
|
||||
Disallow: /fuel/
|
||||
Disallow: /openstack/fuel/
|
||||
Disallow: /*/index_content.html$
|
||||
Disallow: /*/index_content.html?*
|
||||
Disallow: /index_content.html$
|
||||
Disallow: /index_content.html?*
|
||||
Allow: /
|
|
@ -1,10 +0,0 @@
|
|||
volume management
|
||||
type mgmt/glusterd
|
||||
option working-directory /var/lib/glusterd
|
||||
option transport-type socket,rdma
|
||||
option transport.socket.keepalive-time 10
|
||||
option transport.socket.keepalive-interval 2
|
||||
option transport.socket.read-fail-log off
|
||||
option rpc-auth-allow-insecure on
|
||||
# option base-port 49152
|
||||
end-volume
|
|
@ -1,5 +0,0 @@
|
|||
Cmnd_Alias GLUSTER = /usr/sbin/gluster
|
||||
Cmnd_Alias GLUBIX_SCRIPTS = /usr/local/bin/glubix_checkvolstatus.pl, /usr/local/bin/glubix_georepstatus33.pl, /usr/local/bin/glubix_georepstatus34.pl, /usr/local/bin/glubix_numpeers.pl, /usr/local/bin/glubix_uuid.pl, /usr/local/bin/glubix_volstatus.pl, /usr/local/bin/glubix_voltype.pl
|
||||
|
||||
zabbix ALL = NOPASSWD: GLUSTER
|
||||
zabbix ALL = NOPASSWD: GLUBIX_SCRIPTS
|
|
@ -1,56 +0,0 @@
|
|||
#!/bin/bash
|
||||
|
||||
set -e
|
||||
|
||||
export BRANCH=${BRANCH:-<%= @dns_branch %>}
|
||||
export TMPDIR=${TMPDIR:-<%= @dns_tmpdir %>}
|
||||
export REPO=${REPO:-<%= @dns_repo %>}
|
||||
export TARGETPATH=${TARGETPATH:-<%= @target_path %>}
|
||||
|
||||
(
|
||||
flock -n 9 || exit 1
|
||||
echo "Clean up..."
|
||||
rm -rf "${TMPDIR}"
|
||||
|
||||
echo "Cloning..."
|
||||
git clone "${REPO}" "${TMPDIR}"
|
||||
cd "${TMPDIR}"
|
||||
git checkout "${BRANCH}"
|
||||
|
||||
REVISION=`git log -1 HEAD | fgrep commit | awk '{print $NF}'`
|
||||
PREV_REVISION=`cat /tmp/ns-revision.txt 2>/dev/null || echo -n none`
|
||||
echo -n "${REVISION}" > /tmp/ns-revision.txt
|
||||
|
||||
echo "Revision: \$Id: ${REVISION} \$"
|
||||
echo "Previous revision: ${PREV_REVISION}"
|
||||
|
||||
if [[ "${REVISION}" == "${PREV_REVISION}" ]]; then
|
||||
echo "No updates found."
|
||||
exit 0
|
||||
fi
|
||||
|
||||
echo "Linking..."
|
||||
mkdir -p "${TARGETPATH}/zones/"
|
||||
chown bind:bind "${TARGETPATH}/zones"
|
||||
for file in `ls -1 ${TMPDIR}/zones/*` ; do
|
||||
zone=$(basename "${file}" | sed 's~\.zone$~~')
|
||||
echo "Working on ${zone}"
|
||||
mv "${file}" "${TARGETPATH}/zones/"
|
||||
echo "${zone} OK"
|
||||
done
|
||||
|
||||
if [ -d "${TMPDIR}/dynamic" ] ; then
|
||||
for file in `ls -1 ${TMPDIR}/dynamic/*` ; do
|
||||
zone=$(basename "${file}" | sed 's~\.zone$~~')
|
||||
if ! [ -f "${TARGETPATH}/zones/${zone}.zone" ] ; then
|
||||
echo "Working on ${zone}"
|
||||
chown bind:bind "${file}"
|
||||
mv "${file}" "${TARGETPATH}/zones/"
|
||||
echo "${zone} OK"
|
||||
fi
|
||||
done
|
||||
fi
|
||||
|
||||
echo "Reloading configuration"
|
||||
/usr/sbin/rndc reload
|
||||
) 9>/var/lock/ns-update.lock
|
|
@ -1,7 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -ex
|
||||
|
||||
/usr/bin/mysql --defaults-file=<%= @maintenance_script_config -%> \
|
||||
-e "CALL partition_maintenance_all('zabbix');" \
|
||||
'zabbix'
|
|
@ -1,42 +0,0 @@
|
|||
#!/bin/bash
|
||||
#
|
||||
# Original sources: https://github.com/ericoc/zabbix-slack-alertscript
|
||||
# Author: https://github.com/ericoc
|
||||
#
|
||||
set -e
|
||||
|
||||
# Slack incoming web-hook URL and user name
|
||||
url='<%= @slack_web_hook_url %>'
|
||||
username='<%= @slack_post_username %>'
|
||||
|
||||
## Values received by this script:
|
||||
# To/Channel = $1 (Slack channel to send the message to, specified in the Zabbix
|
||||
# web interface)
|
||||
# Subject = $2 (usually either PROBLEM or RECOVERY)
|
||||
# Message = $3 (whatever message the Zabbix action sends, preferably something
|
||||
# like "Zabbix server is unreachable for 5 minutes - Zabbix server (127.0.0.1)")
|
||||
|
||||
# Get the Slack channel ($1) and Zabbix subject ($2 - hopefully either PROBLEM
|
||||
# or RECOVERY)
|
||||
channel="${1}"
|
||||
subject="${2}"
|
||||
|
||||
# Change message emoji depending on the subject - smile (RECOVERY), frowning
|
||||
# (PROBLEM), or ghost (for everything else)
|
||||
if [ "${subject}" == 'OK' ]; then
|
||||
emoji='<%= @slack_emoji_ok || ':smile:' %>'
|
||||
elif [ "${subject}" == 'PROBLEM' ]; then
|
||||
emoji='<%= @slack_emoji_problem || ':frowning:' %>'
|
||||
else
|
||||
emoji='<%= @slack_emoji_unknown || ':ghost:' %>'
|
||||
fi
|
||||
|
||||
# The message that we want to send to Slack is the "subject" value ($2 /
|
||||
# $subject - that we got earlier)
|
||||
# followed by the message that Zabbix actually sent us ($3)
|
||||
message="${subject}: ${3}"
|
||||
|
||||
# Build our JSON payload and send it as a POST request to the Slack incoming
|
||||
# web-hook URL
|
||||
payload="payload={\"channel\": \"${channel}\", \"username\": \"${username}\",\"text\": \"${message}\", \"icon_emoji\": \"${emoji}\"}"
|
||||
curl -m 5 --data-urlencode "${payload}" "${url}"
|
|
@ -1,3 +0,0 @@
|
|||
#!/bin/sh
|
||||
|
||||
/usr/bin/curl -X POST -H "Content-type:application/json" -d "{Id:'${1}', text:'${2}', triggerId:'${3}', playSound:true}" "http://zabbkit.inside.cactussoft.biz/api/messages"
|
|
@ -1,160 +0,0 @@
|
|||
# class racktables
|
||||
class racktables (
|
||||
$admin_password = 'racktables',
|
||||
$db_host = 'localhost',
|
||||
$db_name = 'racktables',
|
||||
$db_password = 'racktables',
|
||||
$db_username = 'racktables',
|
||||
$ldap_options = undef,
|
||||
$nginx_access_log = '/var/log/nginx/access.log',
|
||||
$nginx_error_log = '/var/log/nginx/error.log',
|
||||
$nginx_log_format = undef,
|
||||
$require_local_account = true,
|
||||
$service_fqdn = 'racktables.test.local',
|
||||
$ssl_cert_content = '',
|
||||
$ssl_cert_filename = '/etc/ssl/racktables.crt',
|
||||
$ssl_key_content = '',
|
||||
$ssl_key_filename = '/etc/ssl/racktables.key',
|
||||
$user_auth_src = 'database',
|
||||
) {
|
||||
$php_modules = [ 'mysql', 'ldap', 'gd', 'cli' ]
|
||||
$www_root = '/usr/share/racktables/wwwroot'
|
||||
|
||||
class { '::php::fpm::daemon' : }
|
||||
::php::module { $php_modules : }
|
||||
|
||||
::nginx::resource::vhost { 'racktables-server' :
|
||||
ensure => 'present',
|
||||
listen_port => 80,
|
||||
ssl => false,
|
||||
server_name => [$service_fqdn, $::fqdn],
|
||||
access_log => $nginx_access_log,
|
||||
error_log => $nginx_error_log,
|
||||
format_log => $nginx_log_format,
|
||||
use_default_location => false,
|
||||
require => Package['racktables'],
|
||||
}
|
||||
|
||||
if ($ssl_cert_content and $ssl_key_content) {
|
||||
$ssl = true
|
||||
file { $ssl_cert_filename :
|
||||
ensure => 'present',
|
||||
mode => '0600',
|
||||
owner => 'root',
|
||||
content => $ssl_cert_content,
|
||||
}
|
||||
file { $ssl_key_filename :
|
||||
ensure => 'present',
|
||||
mode => '0600',
|
||||
owner => 'root',
|
||||
content => $ssl_key_content,
|
||||
}
|
||||
Nginx::Resource::Vhost <| title == 'racktables-server' |>{
|
||||
ssl => true,
|
||||
ssl_cert => $ssl_cert_filename,
|
||||
ssl_key => $ssl_key_filename,
|
||||
listen_port => 443,
|
||||
ssl_port => 443,
|
||||
}
|
||||
::nginx::resource::vhost { 'racktables-redirect' :
|
||||
ensure => 'present',
|
||||
server_name => [$service_fqdn],
|
||||
listen_port => 80,
|
||||
www_root => $www_root,
|
||||
access_log => $nginx_access_log,
|
||||
error_log => $nginx_error_log,
|
||||
format_log => $nginx_log_format,
|
||||
location_cfg_append => {
|
||||
return => "301 https://${service_fqdn}\$request_uri",
|
||||
},
|
||||
require => Package['racktables'],
|
||||
}
|
||||
}
|
||||
|
||||
user { 'racktables' :
|
||||
ensure => 'present',
|
||||
shell => '/usr/sbin/nologin',
|
||||
home => '/var/www',
|
||||
}
|
||||
package { 'racktables' :
|
||||
ensure => 'present',
|
||||
}
|
||||
|
||||
class { '::mysql::server' : }
|
||||
class { '::mysql::server::account_security' :}
|
||||
::mysql::db { $db_name :
|
||||
user => $db_username,
|
||||
password => $db_password,
|
||||
host => $db_host,
|
||||
grant => ['all'],
|
||||
charset => 'utf8',
|
||||
require => [
|
||||
Class['::mysql::server'],
|
||||
Class['::mysql::server::account_security'],
|
||||
],
|
||||
}
|
||||
|
||||
::nginx::resource::location { 'racktables-server-static' :
|
||||
vhost => 'racktables-server',
|
||||
location => '/',
|
||||
www_root => $www_root,
|
||||
ssl => $ssl,
|
||||
ssl_only => $ssl,
|
||||
}
|
||||
|
||||
::nginx::resource::location { 'racktables-server-php' :
|
||||
vhost => 'racktables-server',
|
||||
location => '~ \.php$',
|
||||
fastcgi => '127.0.0.1:9001',
|
||||
www_root => $www_root,
|
||||
ssl => $ssl,
|
||||
ssl_only => $ssl,
|
||||
}
|
||||
|
||||
::php::fpm::conf { 'www':
|
||||
listen => '127.0.0.1:9001',
|
||||
user => 'racktables',
|
||||
php_value => {
|
||||
post_max_size => 16M,
|
||||
max_execution_time => 300,
|
||||
max_input_time => 300,
|
||||
'date.timezone' => UTC,
|
||||
'cgi.fix_pathinfo' => 1,
|
||||
},
|
||||
require => [
|
||||
Class['::nginx'],
|
||||
User['racktables'],
|
||||
],
|
||||
}
|
||||
|
||||
file { '/usr/share/racktables/wwwroot/inc/secret.php' :
|
||||
ensure => 'present',
|
||||
owner => 'racktables',
|
||||
group => 'racktables',
|
||||
mode => '0400',
|
||||
content => template('racktables/secret.php.erb'),
|
||||
require => Package['racktables'],
|
||||
notify => Exec['php /usr/share/racktables/initdb.php'],
|
||||
}
|
||||
|
||||
file { '/usr/share/racktables/initdb.php' :
|
||||
ensure => 'present',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0644',
|
||||
content => template('racktables/initdb.php.erb'),
|
||||
require => Package['racktables'],
|
||||
}
|
||||
|
||||
exec { 'php /usr/share/racktables/initdb.php' :
|
||||
command => 'php /usr/share/racktables/initdb.php',
|
||||
cwd => '/usr/share/racktables/',
|
||||
require => [
|
||||
Php::Module[$php_modules],
|
||||
Package['racktables'],
|
||||
File['/usr/share/racktables/initdb.php'],
|
||||
File['/usr/share/racktables/wwwroot/inc/secret.php']
|
||||
],
|
||||
refreshonly => true,
|
||||
}
|
||||
}
|
|
@ -1,14 +0,0 @@
|
|||
<?php
|
||||
require_once 'wwwroot/inc/pre-init.php';
|
||||
require_once 'wwwroot/inc/dictionary.php';
|
||||
require_once 'wwwroot/inc/config.php';
|
||||
require_once 'wwwroot/inc/install.php';
|
||||
|
||||
init_database_static();
|
||||
connect_to_db_or_die();
|
||||
|
||||
global $dbxlink;
|
||||
$hash = sha1 ('<%= @admin_password %>');
|
||||
$query = "INSERT INTO `UserAccount` (`user_id`, `user_name`, `user_password_hash`, `user_realname`) VALUES (1,'admin','${hash}','RackTables Administrator') ON DUPLICATE KEY UPDATE";
|
||||
$result = $dbxlink->exec ($query);
|
||||
?>
|
|
@ -1,16 +0,0 @@
|
|||
<?php
|
||||
$pdo_dsn = 'mysql:host=<%= @db_host %>;dbname=<%= @db_name %>';
|
||||
$db_username = '<%= @db_username %>';
|
||||
$db_password = '<%= @db_password %>';
|
||||
$user_auth_src = '<%= @user_auth_src %>';
|
||||
$require_local_account = <%= @require_local_account ? 'TRUE' : 'FALSE' -%>;
|
||||
|
||||
<% if @ldap_options -%>
|
||||
$LDAP_options = array(
|
||||
<% @ldap_options.each {|key,value| -%>
|
||||
'<%= key -%>' => '<%= value -%>',
|
||||
<% } -%>
|
||||
);
|
||||
<% end -%>
|
||||
|
||||
?>
|
|
@ -1,10 +0,0 @@
|
|||
# Class: ssh::authorized_keys
|
||||
class ssh::authorized_keys {
|
||||
$keys = hiera_hash('ssh::authorized_keys::keys', {})
|
||||
create_resources(ssh_authorized_key,
|
||||
$keys, {
|
||||
ensure => present,
|
||||
user => 'root'
|
||||
}
|
||||
)
|
||||
}
|
|
@ -1,10 +0,0 @@
|
|||
# Class: ssh::banner
|
||||
#
|
||||
class ssh::banner {
|
||||
file { '/etc/banner' :
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0400',
|
||||
content => template('ssh/banners/mirantis.net_ldap.erb')
|
||||
}
|
||||
}
|
|
@ -1,21 +0,0 @@
|
|||
# Define: ssh::known_host
|
||||
#
|
||||
define ssh::known_host (
|
||||
$host = $title,
|
||||
$overwrite = true,
|
||||
$port = 22,
|
||||
$user = 'root',
|
||||
) {
|
||||
if ($overwrite) {
|
||||
$cmd = "ssh-keyscan -p ${port} -H ${host} > ~${user}/.ssh/known_hosts"
|
||||
$unless = '/bin/false'
|
||||
} else {
|
||||
$cmd = "ssh-keyscan -p ${port} -H ${host} >> ~${user}/.ssh/known_hosts"
|
||||
$unless = "ssh-keygen -F ${host} -f ~${user}/.ssh/known_hosts"
|
||||
}
|
||||
exec { $cmd:
|
||||
user => $user,
|
||||
logoutput => 'on_failure',
|
||||
unless => $unless,
|
||||
}
|
||||
}
|
|
@ -1,68 +0,0 @@
|
|||
# Class: ssh::ldap
|
||||
#
|
||||
class ssh::ldap (
|
||||
$bind_policy = $ssh::params::bind_policy,
|
||||
$ldap_base = '',
|
||||
$ldap_ignore_users = $ssh::params::ldap_ignore_users,
|
||||
$ldap_uri = '',
|
||||
$pam_filter = '',
|
||||
$pam_password = $ssh::params::pam_password,
|
||||
$sudoers_base = '',
|
||||
$tls_cacertdir = '',
|
||||
) {
|
||||
include ssh::params
|
||||
|
||||
include ssh::banner
|
||||
include ssh::sshd
|
||||
|
||||
$ldap_packages = $ssh::params::ldap_packages
|
||||
|
||||
package { $ldap_packages :
|
||||
ensure => 'present',
|
||||
}
|
||||
|
||||
file { '/etc/ldap.conf':
|
||||
ensure => 'present',
|
||||
mode => '0600',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
content => template('ssh/ldap.conf.erb'),
|
||||
}
|
||||
|
||||
file { '/etc/ldap/ldap.conf' :
|
||||
ensure => 'link',
|
||||
target => '/etc/ldap.conf',
|
||||
}
|
||||
|
||||
file { '/etc/nsswitch.conf':
|
||||
ensure => 'present',
|
||||
mode => '0644',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
content => template('ssh/nsswitch.conf.erb'),
|
||||
notify => Service['nscd'],
|
||||
}
|
||||
|
||||
file { '/etc/pam.d/common-session' :
|
||||
ensure => 'present',
|
||||
mode => '0644',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
content => template('ssh/common-session.erb'),
|
||||
}
|
||||
|
||||
service { 'nscd' :
|
||||
ensure => running,
|
||||
enable => true,
|
||||
hasstatus => true,
|
||||
hasrestart => false,
|
||||
}
|
||||
|
||||
Class['ssh::sshd']->
|
||||
Package[$ldap_packages]->
|
||||
File['/etc/ldap.conf']->
|
||||
File['/etc/ldap/ldap.conf']->
|
||||
File['/etc/nsswitch.conf']->
|
||||
File['/etc/pam.d/common-session']->
|
||||
Service['nscd']
|
||||
}
|
|
@ -1,33 +0,0 @@
|
|||
# Class: ssh::params
|
||||
#
|
||||
class ssh::params {
|
||||
$apply_firewall_rules = false
|
||||
$bind_policy = 'soft'
|
||||
$firewall_allow_sources = {}
|
||||
$ldap_ignore_users = 'backup,bin,daemon,games,gnats,irc,landscape,libuuid,list,lp,mail,man,messagebus,mysql,nagios,news,ntp,postfix,proxy,puppet,root,sshd,sync,sys,syslog,uucp,whoopsie,www-data,zabbix'
|
||||
$pam_password = 'md5'
|
||||
|
||||
$packages = [
|
||||
'openssh-server'
|
||||
]
|
||||
|
||||
$ldap_packages = [
|
||||
'ldap-utils',
|
||||
'libpam-ldap',
|
||||
'nscd',
|
||||
]
|
||||
|
||||
case $::osfamily {
|
||||
'RedHat': {
|
||||
$service = 'sshd'
|
||||
}
|
||||
'Debian': {
|
||||
$service = 'ssh'
|
||||
}
|
||||
default: {
|
||||
fatal("Unknown osfamily: ${::osfamily}. Probaly your OS is unsupported.")
|
||||
}
|
||||
}
|
||||
|
||||
$sshd_config = '/etc/ssh/sshd_config'
|
||||
}
|
|
@ -1,44 +0,0 @@
|
|||
# Class: ssh::sshd
|
||||
#
|
||||
class ssh::sshd (
|
||||
$apply_firewall_rules = $::ssh::params::apply_firewall_rules,
|
||||
$firewall_allow_sources = $::ssh::params::firewall_allow_sources,
|
||||
$password_authentication = false,
|
||||
$sftp_group = 'sftpusers',
|
||||
) {
|
||||
include ssh::params
|
||||
|
||||
$packages = $ssh::params::packages
|
||||
$service = $ssh::params::service
|
||||
$sshd_config = $ssh::params::sshd_config
|
||||
|
||||
package { $packages :
|
||||
ensure => latest,
|
||||
}
|
||||
|
||||
file { $sshd_config :
|
||||
ensure => 'present',
|
||||
mode => '0644',
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
content => template('ssh/sshd_config.erb'),
|
||||
notify => Service[$service],
|
||||
}
|
||||
|
||||
service { $service :
|
||||
ensure => 'running',
|
||||
enable => true,
|
||||
hasstatus => true,
|
||||
hasrestart => false,
|
||||
}
|
||||
|
||||
if ($apply_firewall_rules) {
|
||||
include firewall_defaults::pre
|
||||
create_resources(firewall, $firewall_allow_sources, {
|
||||
dport => 22,
|
||||
action => 'accept',
|
||||
require => Class['firewall_defaults::pre'],
|
||||
})
|
||||
}
|
||||
|
||||
}
|
|
@ -1,12 +0,0 @@
|
|||
|
||||
/* *\
|
||||
Welcome to the Fuel server <%= @fqdn %>
|
||||
All granted users could be authenticated via LDAP
|
||||
|
||||
If you'd like to authenticate with public keys,
|
||||
please use auth.mirantis.com to upload your key
|
||||
|
||||
On any questions please do not hesitate to contact
|
||||
--
|
||||
devops@mirantis.com
|
||||
\* */
|
|
@ -1,28 +0,0 @@
|
|||
#
|
||||
# /etc/pam.d/common-session - session-related modules common to all services
|
||||
#
|
||||
# This file is included from other service-specific PAM config files,
|
||||
# and should contain a list of modules that define tasks to be performed
|
||||
# at the start and end of sessions of *any* kind (both interactive and
|
||||
# non-interactive).
|
||||
#
|
||||
# As of pam 1.0.1-6, this file is managed by pam-auth-update by default.
|
||||
# To take advantage of this, it is recommended that you configure any
|
||||
# local modules either before or after the default block, and use
|
||||
# pam-auth-update to manage selection of other modules. See
|
||||
# pam-auth-update(8) for details.
|
||||
|
||||
# here are the per-package modules (the "Primary" block)
|
||||
session [default=1] pam_permit.so
|
||||
# here's the fallback if no module succeeds
|
||||
session requisite pam_deny.so
|
||||
# prime the stack with a positive return value if there isn't one already;
|
||||
# this avoids us returning an error just because nothing sets a success code
|
||||
# since the modules above will each just jump around
|
||||
session required pam_permit.so
|
||||
# and here are more per-package modules (the "Additional" block)
|
||||
session required pam_unix.so
|
||||
session optional pam_mkhomedir.so skel=/etc/skel/ umask=0027
|
||||
session optional pam_ldap.so
|
||||
session optional pam_ck_connector.so nox11
|
||||
# end of pam-auth-update config
|
|
@ -1,19 +0,0 @@
|
|||
#
|
||||
# LDAP Defaults
|
||||
#
|
||||
|
||||
# See ldap.conf(5) for details
|
||||
# This file should be world readable but not world writable.
|
||||
|
||||
URI <%= @ldap_uri %>
|
||||
BASE <%= @ldap_base %>
|
||||
TLS_CACERTDIR <%= @tls_cacertdir %>
|
||||
|
||||
pam_password <%= @pam_password %>
|
||||
pam_filter <%= @pam_filter %>
|
||||
sudoers_base <%= @sudoers_base %>
|
||||
uri <%= @ldap_uri %>
|
||||
bind_policy <%= @bind_policy %>
|
||||
<% if @ldap_ignore_users %>
|
||||
nss_initgroups_ignoreusers <%= @ldap_ignore_users %>
|
||||
<% end %>
|
|
@ -1,64 +0,0 @@
|
|||
#
|
||||
# /etc/nsswitch.conf
|
||||
#
|
||||
# An example Name Service Switch config file. This file should be
|
||||
# sorted with the most-used services at the beginning.
|
||||
#
|
||||
# The entry '[NOTFOUND=return]' means that the search for an
|
||||
# entry should stop if the search in the previous entry turned
|
||||
# up nothing. Note that if the search failed due to some other reason
|
||||
# (like no NIS server responding) then the search continues with the
|
||||
# next entry.
|
||||
#
|
||||
# Legal entries are:
|
||||
#
|
||||
# nisplus or nis+ Use NIS+ (NIS version 3)
|
||||
# nis or yp Use NIS (NIS version 2), also called YP
|
||||
# dns Use DNS (Domain Name Service)
|
||||
# files Use the local files
|
||||
# db Use the local database (.db) files
|
||||
# compat Use NIS on compat mode
|
||||
# hesiod Use Hesiod for user lookups
|
||||
# [NOTFOUND=return] Stop searching if not found so far
|
||||
#
|
||||
|
||||
# To use db, put the "db" in front of "files" for entries you want to be
|
||||
# looked up first in the databases
|
||||
#
|
||||
# Example:
|
||||
#passwd: db files nisplus nis
|
||||
#shadow: db files nisplus nis
|
||||
#group: db files nisplus nis
|
||||
|
||||
passwd: files ldap
|
||||
shadow: files ldap
|
||||
group: files ldap
|
||||
|
||||
#hosts: db files nisplus nis dns
|
||||
hosts: files dns
|
||||
|
||||
# Example - obey only what nisplus tells us...
|
||||
#services: nisplus [NOTFOUND=return] files
|
||||
#networks: nisplus [NOTFOUND=return] files
|
||||
#protocols: nisplus [NOTFOUND=return] files
|
||||
#rpc: nisplus [NOTFOUND=return] files
|
||||
#ethers: nisplus [NOTFOUND=return] files
|
||||
#netmasks: nisplus [NOTFOUND=return] files
|
||||
|
||||
bootparams: nisplus [NOTFOUND=return] files
|
||||
|
||||
ethers: files
|
||||
netmasks: files
|
||||
networks: files
|
||||
protocols: files
|
||||
rpc: files
|
||||
services: files
|
||||
|
||||
netgroup: files ldap
|
||||
|
||||
publickey: nisplus
|
||||
|
||||
automount: files ldap
|
||||
aliases: files nisplus
|
||||
|
||||
sudoers: files ldap
|
|
@ -1,59 +0,0 @@
|
|||
Port 22
|
||||
ListenAddress ::
|
||||
ListenAddress 0.0.0.0
|
||||
Protocol 2
|
||||
|
||||
Banner /etc/banner
|
||||
|
||||
HostKey /etc/ssh/ssh_host_rsa_key
|
||||
HostKey /etc/ssh/ssh_host_dsa_key
|
||||
<% if @osfamily == 'Debian' %>
|
||||
HostKey /etc/ssh/ssh_host_ecdsa_key
|
||||
<% end %>
|
||||
UsePrivilegeSeparation yes
|
||||
|
||||
KeyRegenerationInterval 3600
|
||||
ServerKeyBits 768
|
||||
|
||||
SyslogFacility AUTH
|
||||
LogLevel INFO
|
||||
|
||||
LoginGraceTime 120
|
||||
PermitRootLogin without-password
|
||||
StrictModes yes
|
||||
|
||||
RSAAuthentication yes
|
||||
PubkeyAuthentication yes
|
||||
|
||||
IgnoreRhosts yes
|
||||
RhostsRSAAuthentication no
|
||||
HostbasedAuthentication no
|
||||
PermitEmptyPasswords no
|
||||
ChallengeResponseAuthentication no
|
||||
PasswordAuthentication <%= @password_authentication ? 'yes' : 'no' %>
|
||||
|
||||
X11Forwarding yes
|
||||
X11DisplayOffset 10
|
||||
PermitTunnel yes
|
||||
PrintMotd no
|
||||
PrintLastLog yes
|
||||
TCPKeepAlive yes
|
||||
UseDNS no
|
||||
|
||||
AcceptEnv LANG LC_*
|
||||
|
||||
Subsystem sftp internal-sftp
|
||||
|
||||
UsePAM yes
|
||||
<% if @osfamily == 'Debian' %>
|
||||
AuthorizedKeysFile /etc/ssh/keys/%u .ssh/authorized_keys
|
||||
<% else %>
|
||||
AuthorizedKeysFile %h/.ssh/authorized_keys
|
||||
<% end -%>
|
||||
|
||||
<% if @sftp_group != '' -%>
|
||||
Match Group <%= @sftp_group %>
|
||||
AllowTCPForwarding no
|
||||
X11Forwarding no
|
||||
ForceCommand internal-sftp
|
||||
<% end -%>
|
Loading…
Reference in New Issue