From 55303f4bb8956091a37e30415fc4a94d646ae1c2 Mon Sep 17 00:00:00 2001 From: Ricardo Carrillo Cruz Date: Mon, 13 Apr 2015 14:23:22 +0200 Subject: [PATCH] Major refactor Decoupled several things from bootstrap roles into subroles and added several default and group variables --- bootstrap.yml | 18 --- bootstrap_puppet_infra_nodes.yml | 7 + bootstrap_puppetmaster.yml | 7 + common.yml | 7 + deploy_hiera.yml | 7 + deploy_site_pp.yml | 6 + gerrit.yml | 0 group_vars/all.yml | 4 + infra_config.yml | 2 +- jenkins.yml | 0 nodepool.yml | 0 provision.yml | 6 - provision_infra_servers.yml | 6 + roles/bootstrap/defaults/main.yaml | 2 - .../bootstrap/tasks/branch_system_config.yml | 26 --- roles/bootstrap/tasks/clone_system_config.yml | 6 - .../tasks/generate_puppet_certificates.yml | 9 -- .../tasks/main.yml | 13 ++ .../templates/puppet.conf.j2 | 17 ++ .../tasks/clone_system_config.yml | 8 + .../tasks/configure_puppetdb.yml | 0 .../tasks/configure_puppetmaster.yml | 6 +- .../tasks/install_puppet_and_modules.yml | 0 .../tasks/install_required_packages.yml | 3 + roles/bootstrap_puppetmaster/tasks/main.yml | 5 + .../tasks/main.yml} | 0 .../files/generate_hiera_common.py | 20 +++ roles/deploy_hiera/tasks/main.yml | 15 ++ .../tasks/clone_system_config_locally.yml | 8 + roles/deploy_site_pp/tasks/commit_push.yml | 9 ++ .../tasks/create_temp_folder.yml | 2 + .../deploy_site_pp/tasks/generate_site_pp.yml | 3 + roles/deploy_site_pp/tasks/main.yml | 5 + roles/deploy_site_pp/templates/site.pp.j2 | 150 ++++++++++++++++++ roles/provision/tasks/main.yml | 2 - .../defaults/main.yaml | 32 ++++ .../tasks/main.yml} | 3 +- roles/run_puppet_infra_nodes/tasks/main.yml | 5 + roles/set_hostnames/tasks/main.yml | 2 +- roles/sign_infra_nodes_certs/tasks/main.yml | 4 + run_puppet_infra_nodes.yml | 7 + set_hostnames.yml | 7 + sign_infra_nodes_certs.yml | 7 + site.yml | 13 +- zuul.yml | 0 45 files changed, 379 insertions(+), 80 deletions(-) delete mode 100644 bootstrap.yml create mode 100644 bootstrap_puppet_infra_nodes.yml create mode 100644 bootstrap_puppetmaster.yml create mode 100644 common.yml create mode 100644 deploy_hiera.yml create mode 100644 deploy_site_pp.yml create mode 100644 gerrit.yml create mode 100644 group_vars/all.yml create mode 100644 jenkins.yml create mode 100644 nodepool.yml delete mode 100644 provision.yml create mode 100644 provision_infra_servers.yml delete mode 100644 roles/bootstrap/defaults/main.yaml delete mode 100644 roles/bootstrap/tasks/branch_system_config.yml delete mode 100644 roles/bootstrap/tasks/clone_system_config.yml delete mode 100644 roles/bootstrap/tasks/generate_puppet_certificates.yml create mode 100644 roles/bootstrap_puppet_infra_nodes/tasks/main.yml create mode 100644 roles/bootstrap_puppet_infra_nodes/templates/puppet.conf.j2 create mode 100644 roles/bootstrap_puppetmaster/tasks/clone_system_config.yml rename roles/{bootstrap => bootstrap_puppetmaster}/tasks/configure_puppetdb.yml (100%) rename roles/{bootstrap => bootstrap_puppetmaster}/tasks/configure_puppetmaster.yml (64%) rename roles/{bootstrap => bootstrap_puppetmaster}/tasks/install_puppet_and_modules.yml (100%) create mode 100644 roles/bootstrap_puppetmaster/tasks/install_required_packages.yml create mode 100644 roles/bootstrap_puppetmaster/tasks/main.yml rename roles/{bootstrap/tasks/install_required_packages.yml => common/tasks/main.yml} (100%) create mode 100644 roles/deploy_hiera/files/generate_hiera_common.py create mode 100644 roles/deploy_hiera/tasks/main.yml create mode 100644 roles/deploy_site_pp/tasks/clone_system_config_locally.yml create mode 100644 roles/deploy_site_pp/tasks/commit_push.yml create mode 100644 roles/deploy_site_pp/tasks/create_temp_folder.yml create mode 100644 roles/deploy_site_pp/tasks/generate_site_pp.yml create mode 100644 roles/deploy_site_pp/tasks/main.yml create mode 100644 roles/deploy_site_pp/templates/site.pp.j2 delete mode 100644 roles/provision/tasks/main.yml create mode 100644 roles/provision_infra_servers/defaults/main.yaml rename roles/{provision/tasks/create_openstack_instances.yml => provision_infra_servers/tasks/main.yml} (93%) create mode 100644 roles/run_puppet_infra_nodes/tasks/main.yml create mode 100644 roles/sign_infra_nodes_certs/tasks/main.yml create mode 100644 run_puppet_infra_nodes.yml create mode 100644 set_hostnames.yml create mode 100644 sign_infra_nodes_certs.yml create mode 100644 zuul.yml diff --git a/bootstrap.yml b/bootstrap.yml deleted file mode 100644 index fefaacc..0000000 --- a/bootstrap.yml +++ /dev/null @@ -1,18 +0,0 @@ ---- -# file: bootstrap.yml -- hosts: infra - user: ubuntu - sudo: true - roles: - - { role: set_hostnames } - -- hosts: meta-infra_type_puppetmaster - user: ubuntu - sudo: true - roles: - - { role: install_required_packages } - - { role: clone_system_config } - - { role: branch_system_config } - - { role: install_puppet_and_modules } - - { role: configure_puppetmaster } - - { role: generate_puppet_certificates } diff --git a/bootstrap_puppet_infra_nodes.yml b/bootstrap_puppet_infra_nodes.yml new file mode 100644 index 0000000..b01e589 --- /dev/null +++ b/bootstrap_puppet_infra_nodes.yml @@ -0,0 +1,7 @@ +--- +# file: bootstrap_puppet_infra_nodes.yml +- hosts: infra:!meta-infra_type_puppetmaster + user: ubuntu + sudo: true + roles: + - { role: bootstrap_puppet_infra_nodes } diff --git a/bootstrap_puppetmaster.yml b/bootstrap_puppetmaster.yml new file mode 100644 index 0000000..e9a58dd --- /dev/null +++ b/bootstrap_puppetmaster.yml @@ -0,0 +1,7 @@ +--- +# file: bootstrap_puppetmaster.yml +- hosts: meta-infra_type_puppetmaster + user: ubuntu + sudo: true + roles: + - { role: bootstrap_puppetmaster } diff --git a/common.yml b/common.yml new file mode 100644 index 0000000..ab33f54 --- /dev/null +++ b/common.yml @@ -0,0 +1,7 @@ +--- +# file: set_hostnames.yml +- hosts: infra + user: ubuntu + sudo: true + roles: + - { role: common } diff --git a/deploy_hiera.yml b/deploy_hiera.yml new file mode 100644 index 0000000..93b57c0 --- /dev/null +++ b/deploy_hiera.yml @@ -0,0 +1,7 @@ +--- +# file: deploy_hiera.yml +- hosts: meta-infra_type_puppetmaster + user: ubuntu + sudo: true + roles: + - { role: deploy_hiera } diff --git a/deploy_site_pp.yml b/deploy_site_pp.yml new file mode 100644 index 0000000..f2234de --- /dev/null +++ b/deploy_site_pp.yml @@ -0,0 +1,6 @@ +--- +# file: deploy_site_pp.yml +- hosts: localhost + connection: local + roles: + - { role: deploy_site_pp } diff --git a/gerrit.yml b/gerrit.yml new file mode 100644 index 0000000..e69de29 diff --git a/group_vars/all.yml b/group_vars/all.yml new file mode 100644 index 0000000..c2435a0 --- /dev/null +++ b/group_vars/all.yml @@ -0,0 +1,4 @@ +--- +system_config_repo_url: git@github.com:rcarrillocruz/system-config.git +system_config_repo_https_url: https://github.com/rcarrillocruz/system-config.git +system_config_branch: infra_config diff --git a/infra_config.yml b/infra_config.yml index 0460da4..768a3bb 100644 --- a/infra_config.yml +++ b/infra_config.yml @@ -1,5 +1,5 @@ --- -infra_config: +infra_servers: - name: puppetdb.infra.test.rcarrillocruz.cloud image: 9d25fe2d-cf31-4b05-8c58-f238ec78e633 flavor: standard.small diff --git a/jenkins.yml b/jenkins.yml new file mode 100644 index 0000000..e69de29 diff --git a/nodepool.yml b/nodepool.yml new file mode 100644 index 0000000..e69de29 diff --git a/provision.yml b/provision.yml deleted file mode 100644 index 931d2ff..0000000 --- a/provision.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -# file: provision.yml -- hosts: localhost - connection: local - roles: - - { role: provision } diff --git a/provision_infra_servers.yml b/provision_infra_servers.yml new file mode 100644 index 0000000..cea731d --- /dev/null +++ b/provision_infra_servers.yml @@ -0,0 +1,6 @@ +--- +# file: provision_infra_servers.yml +- hosts: localhost + connection: local + roles: + - { role: provision_infra_servers } diff --git a/roles/bootstrap/defaults/main.yaml b/roles/bootstrap/defaults/main.yaml deleted file mode 100644 index 5d40c39..0000000 --- a/roles/bootstrap/defaults/main.yaml +++ /dev/null @@ -1,2 +0,0 @@ ---- -system_config_repo_url: https://git.openstack.org/openstack-infra/system-config diff --git a/roles/bootstrap/tasks/branch_system_config.yml b/roles/bootstrap/tasks/branch_system_config.yml deleted file mode 100644 index 9f95daa..0000000 --- a/roles/bootstrap/tasks/branch_system_config.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Check checked-out branch -- command: git rev-parse --abbrev-ref HEAD - args: - chdir: /opt/system-config/production - register: checked_out_branch - ignore_errors: True - -# Check whether "infra_config" branch exists or not -- command: git show-ref "infra_config" - args: - chdir: /opt/system-config/production - register: infra_config_branch - ignore_errors: True - -# If "infra_config" branch exists, switch to it -- command: git checkout infra_config - args: - chdir: /opt/system-config/production - when: checked_out_branch.stdout != "infra_config" and infra_config_branch.rc == 0 - -# Create and switch to "infra_config" branch to put non-upstream fixes and values -- command: git checkout -b infra_config - args: - chdir: /opt/system-config/production - when: infra_config_branch.rc != 0 diff --git a/roles/bootstrap/tasks/clone_system_config.yml b/roles/bootstrap/tasks/clone_system_config.yml deleted file mode 100644 index 468e4f5..0000000 --- a/roles/bootstrap/tasks/clone_system_config.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -# Clone system-config -- git: repo="{{ system_config_repo_url }}" - dest=/opt/system-config/production - version=master - tags: clone_system_config diff --git a/roles/bootstrap/tasks/generate_puppet_certificates.yml b/roles/bootstrap/tasks/generate_puppet_certificates.yml deleted file mode 100644 index cf1e104..0000000 --- a/roles/bootstrap/tasks/generate_puppet_certificates.yml +++ /dev/null @@ -1,9 +0,0 @@ ---- -# Generate puppet certificates for infra servers -- name: Generate puppet certificates for infra servers - command: puppet cert generate "{{ item }}" - args: - creates: "/var/lib/puppet/ssl/certs/{{ item }}.pem" - when: item != inventory_hostname - with_items: groups['infra'] - tags: generate_puppet_certificates diff --git a/roles/bootstrap_puppet_infra_nodes/tasks/main.yml b/roles/bootstrap_puppet_infra_nodes/tasks/main.yml new file mode 100644 index 0000000..6f058a6 --- /dev/null +++ b/roles/bootstrap_puppet_infra_nodes/tasks/main.yml @@ -0,0 +1,13 @@ +--- +# Update packages +- apt: update_cache=yes + +# Install puppet +- apt: name=puppet + +# Deploy puppet.conf template +- template: src=puppet.conf.j2 dest=/etc/puppet/puppet.conf + +# Run puppet agent to request certificate +- command: puppet agent --test + ignore_errors: True diff --git a/roles/bootstrap_puppet_infra_nodes/templates/puppet.conf.j2 b/roles/bootstrap_puppet_infra_nodes/templates/puppet.conf.j2 new file mode 100644 index 0000000..cfe6b8e --- /dev/null +++ b/roles/bootstrap_puppet_infra_nodes/templates/puppet.conf.j2 @@ -0,0 +1,17 @@ +[main] +server={{ groups['meta-infra_type_puppetmaster'][0] }} +certname={{ inventory_hostname }} +logdir=/var/log/puppet +vardir=/var/lib/puppet +ssldir=/var/lib/puppet/ssl +rundir=/var/run/puppet +factpath=$vardir/lib/facter +templatedir=$confdir/templates +prerun_command=/etc/puppet/etckeeper-commit-pre +postrun_command=/etc/puppet/etckeeper-commit-post + +[master] +# These are needed when the puppetmaster is run by passenger +# and can safely be removed if webrick is used. +ssl_client_header = SSL_CLIENT_S_DN +ssl_client_verify_header = SSL_CLIENT_VERIFY diff --git a/roles/bootstrap_puppetmaster/tasks/clone_system_config.yml b/roles/bootstrap_puppetmaster/tasks/clone_system_config.yml new file mode 100644 index 0000000..3f9cfd9 --- /dev/null +++ b/roles/bootstrap_puppetmaster/tasks/clone_system_config.yml @@ -0,0 +1,8 @@ +--- +# Clone system-config +- git: repo="{{ system_config_repo_https_url }}" + dest=/opt/system-config/production + accept_hostkey=True + version="{{ system_config_branch }}" + force=True + tags: clone_system_config diff --git a/roles/bootstrap/tasks/configure_puppetdb.yml b/roles/bootstrap_puppetmaster/tasks/configure_puppetdb.yml similarity index 100% rename from roles/bootstrap/tasks/configure_puppetdb.yml rename to roles/bootstrap_puppetmaster/tasks/configure_puppetdb.yml diff --git a/roles/bootstrap/tasks/configure_puppetmaster.yml b/roles/bootstrap_puppetmaster/tasks/configure_puppetmaster.yml similarity index 64% rename from roles/bootstrap/tasks/configure_puppetmaster.yml rename to roles/bootstrap_puppetmaster/tasks/configure_puppetmaster.yml index 6d2b082..73d9557 100644 --- a/roles/bootstrap/tasks/configure_puppetmaster.yml +++ b/roles/bootstrap_puppetmaster/tasks/configure_puppetmaster.yml @@ -9,7 +9,7 @@ # Puppet apply the puppetmaster manifest - command: > puppet apply --modulepath='/opt/system-config/production/modules:/etc/puppet/modules' - -e 'class {"openstack_project::puppetmaster"':' puppetdb => false }' + -e 'class {"openstack_project::puppetmaster"':' + puppetmaster_server => "{{ inventory_hostname }}", + puppetdb => false }' tags: puppet_apply - -- copy: src=puppetmaster.pp dest=/opt/system-config/production/modules/openstack_project/manifests diff --git a/roles/bootstrap/tasks/install_puppet_and_modules.yml b/roles/bootstrap_puppetmaster/tasks/install_puppet_and_modules.yml similarity index 100% rename from roles/bootstrap/tasks/install_puppet_and_modules.yml rename to roles/bootstrap_puppetmaster/tasks/install_puppet_and_modules.yml diff --git a/roles/bootstrap_puppetmaster/tasks/install_required_packages.yml b/roles/bootstrap_puppetmaster/tasks/install_required_packages.yml new file mode 100644 index 0000000..3bf2a61 --- /dev/null +++ b/roles/bootstrap_puppetmaster/tasks/install_required_packages.yml @@ -0,0 +1,3 @@ +--- +# Install git +- apt: name=git diff --git a/roles/bootstrap_puppetmaster/tasks/main.yml b/roles/bootstrap_puppetmaster/tasks/main.yml new file mode 100644 index 0000000..52e50f4 --- /dev/null +++ b/roles/bootstrap_puppetmaster/tasks/main.yml @@ -0,0 +1,5 @@ +--- +- include: install_required_packages.yml +- include: clone_system_config.yml +- include: install_puppet_and_modules.yml +- include: configure_puppetmaster.yml diff --git a/roles/bootstrap/tasks/install_required_packages.yml b/roles/common/tasks/main.yml similarity index 100% rename from roles/bootstrap/tasks/install_required_packages.yml rename to roles/common/tasks/main.yml diff --git a/roles/deploy_hiera/files/generate_hiera_common.py b/roles/deploy_hiera/files/generate_hiera_common.py new file mode 100644 index 0000000..7873995 --- /dev/null +++ b/roles/deploy_hiera/files/generate_hiera_common.py @@ -0,0 +1,20 @@ +#!/usr/bin/env python + +import yaml +import paramiko +import StringIO + +KEY_LENGTH = 2048 +HIERA_SSH_PARAMS = ['puppetmaster_root_rsa_key'] +HIERA_COMMON_YAML_FILE = '/etc/puppet/hieradata/production/common.yaml' + +out = StringIO.StringIO() +d = {} + +for h in HIERA_SSH_PARAMS: + k = paramiko.RSAKey.generate(KEY_LENGTH) + k.write_private_key(out) + d[h] = out.getvalue() + +with open(HIERA_COMMON_YAML_FILE, "w") as f: + yaml.safe_dump(d, f, explicit_start=True, default_flow_style=False) diff --git a/roles/deploy_hiera/tasks/main.yml b/roles/deploy_hiera/tasks/main.yml new file mode 100644 index 0000000..2931da0 --- /dev/null +++ b/roles/deploy_hiera/tasks/main.yml @@ -0,0 +1,15 @@ +--- +# Update apt cache +- apt: update_cache=yes + +# Install python-paramiko +- apt: name=python-paramiko + +- file: path=/etc/puppet/hieradata state=directory + +- file: path=/etc/puppet/hieradata/production state=directory + +- file: path=/etc/puppet/hieradata/production/fqdn state=directory + +# Generate hiera common.yaml values +- script: generate_hiera_common.py creates=/etc/puppet/hieradata/production/common.yaml diff --git a/roles/deploy_site_pp/tasks/clone_system_config_locally.yml b/roles/deploy_site_pp/tasks/clone_system_config_locally.yml new file mode 100644 index 0000000..3159b21 --- /dev/null +++ b/roles/deploy_site_pp/tasks/clone_system_config_locally.yml @@ -0,0 +1,8 @@ +--- +# Clone system-config locally in the command machine +- git: repo="{{ system_config_repo_url }}" + dest=/tmp/infra-ansible/system-config/production + version="{{ system_config_branch }}" + accept_hostkey=True + force=True + tags: clone_system_config_locally diff --git a/roles/deploy_site_pp/tasks/commit_push.yml b/roles/deploy_site_pp/tasks/commit_push.yml new file mode 100644 index 0000000..4e93206 --- /dev/null +++ b/roles/deploy_site_pp/tasks/commit_push.yml @@ -0,0 +1,9 @@ +--- +- command: git commit -a -m "deploy_site_pp commit from infra-ansible" + args: + chdir: /tmp/infra-ansible/system-config/production + ignore_errors: True + +- command: git push origin {{ system_config_branch }} + args: + chdir: /tmp/infra-ansible/system-config/production diff --git a/roles/deploy_site_pp/tasks/create_temp_folder.yml b/roles/deploy_site_pp/tasks/create_temp_folder.yml new file mode 100644 index 0000000..a976931 --- /dev/null +++ b/roles/deploy_site_pp/tasks/create_temp_folder.yml @@ -0,0 +1,2 @@ +--- +- file: path=/tmp/infra-ansible state=directory diff --git a/roles/deploy_site_pp/tasks/generate_site_pp.yml b/roles/deploy_site_pp/tasks/generate_site_pp.yml new file mode 100644 index 0000000..96ce1be --- /dev/null +++ b/roles/deploy_site_pp/tasks/generate_site_pp.yml @@ -0,0 +1,3 @@ +--- +# Generate site.pp +- template: src=site.pp.j2 dest=/tmp/infra-ansible/system-config/production/manifests/site.pp diff --git a/roles/deploy_site_pp/tasks/main.yml b/roles/deploy_site_pp/tasks/main.yml new file mode 100644 index 0000000..6148144 --- /dev/null +++ b/roles/deploy_site_pp/tasks/main.yml @@ -0,0 +1,5 @@ +--- +- include: create_temp_folder.yml +- include: clone_system_config_locally.yml +- include: generate_site_pp.yml +- include: commit_push.yml diff --git a/roles/deploy_site_pp/templates/site.pp.j2 b/roles/deploy_site_pp/templates/site.pp.j2 new file mode 100644 index 0000000..6b6824c --- /dev/null +++ b/roles/deploy_site_pp/templates/site.pp.j2 @@ -0,0 +1,150 @@ +# +# Top-level variables +# +# There must not be any whitespace between this comment and the variables or +# in between any two variables in order for them to be correctly parsed and +# passed around in test.sh +# + +# +# Default: should at least behave like an openstack server +# +node default { + class { 'openstack_project::server': + sysadmins => hiera('sysadmins', []), + } +} + +# +# Long lived servers: +# +node 'review-dev.openstack.org' { + class { 'openstack_project::review_dev': + project_config_repo => 'https://git.openstack.org/openstack-infra/project-config', + github_oauth_token => hiera('gerrit_dev_github_token', 'XXX'), + github_project_username => hiera('github_dev_project_username', 'username'), + github_project_password => hiera('github_dev_project_password', 'XXX'), + mysql_host => hiera('gerrit_dev_mysql_host', 'localhost'), + mysql_password => hiera('gerrit_dev_mysql_password', 'XXX'), + email_private_key => hiera('gerrit_dev_email_private_key', 'XXX'), + contactstore_appsec => hiera('gerrit_dev_contactstore_appsec', 'XXX'), + contactstore_pubkey => hiera('gerrit_dev_contactstore_pubkey', 'XXX'), + ssh_dsa_key_contents => hiera('gerrit_dev_ssh_dsa_key_contents', 'XXX'), + ssh_dsa_pubkey_contents => hiera('gerrit_dev_ssh_dsa_pubkey_contents', 'XXX'), + ssh_rsa_key_contents => hiera('gerrit_dev_ssh_rsa_key_contents', 'XXX'), + ssh_rsa_pubkey_contents => hiera('gerrit_dev_ssh_rsa_pubkey_contents', 'XXX'), + ssh_project_rsa_key_contents => hiera('gerrit_dev_project_ssh_rsa_key_contents', 'XXX'), + ssh_project_rsa_pubkey_contents => hiera('gerrit_dev_project_ssh_rsa_pubkey_contents', 'XXX'), + lp_sync_consumer_key => hiera('gerrit_dev_lp_consumer_key', 'XXX'), + lp_sync_token => hiera('gerrit_dev_lp_access_token', 'XXX'), + lp_sync_secret => hiera('gerrit_dev_lp_access_secret', 'XXX'), + sysadmins => hiera('sysadmins', []), + } +} + +node '{{ groups['meta-infra_type_jenkins'][0] }}' { + $group = "jenkins" + class { 'openstack_project::jenkins': + project_config_repo => 'https://git.openstack.org/openstack-infra/project-config', + jenkins_jobs_password => hiera('jenkins_jobs_password', 'XXX'), + jenkins_ssh_private_key => hiera('jenkins_ssh_private_key_contents', 'XXX'), + ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem', + ssl_key_file => '/etc/ssl/private/ssl-cert-snakeoil.key', + ssl_chain_file => '', + sysadmins => hiera('sysadmins', []), + zmq_event_receivers => ['{{ groups['meta-infra_type_nodepool'][0] }}'], + } +} + +node '{{ groups['meta-infra_type_puppetmaster'][0] }}' { + class { 'openstack_project::puppetmaster': + root_rsa_key => hiera('puppetmaster_root_rsa_key', 'XXX'), + sysadmins => hiera('sysadmins', []), + version => '3.6.', + puppetmaster_server => '{{ groups['meta-infra_type_puppetmaster'][0] }}', + puppetdb => false, + } +} + +node 'puppetdb.openstack.org' { + class { 'openstack_project::puppetdb': + sysadmins => hiera('sysadmins', []), + } +} + +node 'nodepool.openstack.org' { + class { 'openstack_project::nodepool_prod': + project_config_repo => 'https://git.openstack.org/openstack-infra/project-config', + mysql_password => hiera('nodepool_mysql_password', 'XXX'), + mysql_root_password => hiera('nodepool_mysql_root_password', 'XXX'), + nodepool_ssh_private_key => hiera('jenkins_ssh_private_key_contents', 'XXX'), + sysadmins => hiera('sysadmins', []), + statsd_host => 'graphite.openstack.org', + jenkins_api_user => hiera('jenkins_api_user', 'username'), + jenkins_api_key => hiera('jenkins_api_key', 'XXX'), + jenkins_credentials_id => hiera('jenkins_credentials_id', 'XXX'), + rackspace_username => hiera('nodepool_rackspace_username', 'username'), + rackspace_password => hiera('nodepool_rackspace_password', 'XXX'), + rackspace_project => hiera('nodepool_rackspace_project', 'project'), + hpcloud_username => hiera('nodepool_hpcloud_username', 'username'), + hpcloud_password => hiera('nodepool_hpcloud_password', 'XXX'), + hpcloud_project => hiera('nodepool_hpcloud_project', 'project'), + tripleo_username => hiera('nodepool_tripleo_username', 'username'), + tripleo_password => hiera('nodepool_tripleo_password', 'XXX'), + tripleo_project => hiera('nodepool_tripleo_project', 'project'), + } +} + +node /^zm\d+\.openstack\.org$/ { + $group = "zuul-merger" + class { 'openstack_project::zuul_merger': + gearman_server => 'zuul.openstack.org', + gerrit_server => 'review.openstack.org', + gerrit_user => 'jenkins', + gerrit_ssh_host_key => hiera('gerrit_ssh_rsa_pubkey_contents', 'XXX'), + zuul_ssh_private_key => hiera('zuul_ssh_private_key_contents', 'XXX'), + sysadmins => hiera('sysadmins', []), + } +} + +node 'zuul-dev.openstack.org' { + class { 'openstack_project::zuul_dev': + project_config_repo => 'https://git.openstack.org/openstack-infra/project-config', + gerrit_server => 'review-dev.openstack.org', + gerrit_user => 'jenkins', + gerrit_ssh_host_key => hiera('gerrit_dev_ssh_rsa_pubkey_contents', 'XXX'), + zuul_ssh_private_key => hiera('zuul_dev_ssh_private_key_contents', 'XXX'), + url_pattern => 'http://logs.openstack.org/{build.parameters[LOG_PATH]}', + zuul_url => 'http://zuul-dev.openstack.org/p', + sysadmins => hiera('sysadmins', []), + statsd_host => 'graphite.openstack.org', + gearman_workers => [ + 'jenkins.openstack.org', + 'jenkins01.openstack.org', + 'jenkins02.openstack.org', + 'jenkins03.openstack.org', + 'jenkins04.openstack.org', + 'jenkins05.openstack.org', + 'jenkins06.openstack.org', + 'jenkins07.openstack.org', + 'jenkins-dev.openstack.org', + ], + } +} + +node 'pypi.slave.openstack.org' { + include openstack_project + class { 'openstack_project::pypi_slave': + pypi_username => 'openstackci', + pypi_password => hiera('pypi_password', 'XXX'), + jenkins_ssh_public_key => $openstack_project::jenkins_ssh_key, + jenkinsci_username => hiera('jenkins_ci_org_user', 'username'), + jenkinsci_password => hiera('jenkins_ci_org_password', 'XXX'), + mavencentral_username => hiera('mavencentral_org_user', 'username'), + mavencentral_password => hiera('mavencentral_org_password', 'XXX'), + puppet_forge_username => hiera('puppet_forge_username', 'username'), + puppet_forge_password => hiera('puppet_forge_password', 'XXX'), + } +} + +# vim:sw=2:ts=2:expandtab:textwidth=79 diff --git a/roles/provision/tasks/main.yml b/roles/provision/tasks/main.yml deleted file mode 100644 index 0f86183..0000000 --- a/roles/provision/tasks/main.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -- include: create_openstack_instances.yml diff --git a/roles/provision_infra_servers/defaults/main.yaml b/roles/provision_infra_servers/defaults/main.yaml new file mode 100644 index 0000000..ea7c5ea --- /dev/null +++ b/roles/provision_infra_servers/defaults/main.yaml @@ -0,0 +1,32 @@ +--- +infra_servers: + - name: puppetdb.infra.test.rcarrillocruz.cloud + image: 9d25fe2d-cf31-4b05-8c58-f238ec78e633 + flavor: standard.small + net_name: infra-test-network + infra_type: puppetdb + - name: puppetmaster.infra.test.rcarrillocruz.cloud + image: 9d25fe2d-cf31-4b05-8c58-f238ec78e633 + flavor: standard.small + net_name: infra-test-network + infra_type: puppetmaster + - name: zuul.infra.test.rcarrillocruz.cloud + image: 9d25fe2d-cf31-4b05-8c58-f238ec78e633 + flavor: standard.small + net_name: infra-test-network + infra_type: zuul + - name: jenkins.infra.test.rcarrillocruz.cloud + image: 9d25fe2d-cf31-4b05-8c58-f238ec78e633 + flavor: standard.small + net_name: infra-test-network + infra_type: jenkins + - name: gerrit.infra.test.rcarrillocruz.cloud + image: 9d25fe2d-cf31-4b05-8c58-f238ec78e633 + flavor: standard.small + net_name: infra-test-network + infra_type: gerrit + - name: nodepool.infra.test.rcarrillocruz.cloud + image: 9d25fe2d-cf31-4b05-8c58-f238ec78e633 + flavor: standard.small + net_name: infra-test-network + infra_type: nodepool diff --git a/roles/provision/tasks/create_openstack_instances.yml b/roles/provision_infra_servers/tasks/main.yml similarity index 93% rename from roles/provision/tasks/create_openstack_instances.yml rename to roles/provision_infra_servers/tasks/main.yml index 4e0584d..047a775 100644 --- a/roles/provision/tasks/create_openstack_instances.yml +++ b/roles/provision_infra_servers/tasks/main.yml @@ -1,3 +1,4 @@ +--- - name: Create OpenStack instances os_server: state: present @@ -16,4 +17,4 @@ meta: group: infra infra_type: "{{ item.infra_type }}" - with_items: infra_config + with_items: infra_servers diff --git a/roles/run_puppet_infra_nodes/tasks/main.yml b/roles/run_puppet_infra_nodes/tasks/main.yml new file mode 100644 index 0000000..1cadcb2 --- /dev/null +++ b/roles/run_puppet_infra_nodes/tasks/main.yml @@ -0,0 +1,5 @@ +--- +- command: puppet agent --enable + +- command: puppet agent --test + ignore_errors: True diff --git a/roles/set_hostnames/tasks/main.yml b/roles/set_hostnames/tasks/main.yml index cafb7be..1d0ca93 100644 --- a/roles/set_hostnames/tasks/main.yml +++ b/roles/set_hostnames/tasks/main.yml @@ -9,7 +9,7 @@ - name: Add all infra hosts to /etc/hosts lineinfile: dest=/etc/hosts - line='{{ hostvars[item].ansible_default_ipv4.address }} {{ item }} {{ item.split('.', 1)[0] }}' + line='{{ hostvars[item]['openstack']['private_v4'] }} {{ item }} {{ item.split('.', 1)[0] }}' insertafter='^127\.0\.0\.1' state=present with_items: groups['infra'] diff --git a/roles/sign_infra_nodes_certs/tasks/main.yml b/roles/sign_infra_nodes_certs/tasks/main.yml new file mode 100644 index 0000000..04f0b4a --- /dev/null +++ b/roles/sign_infra_nodes_certs/tasks/main.yml @@ -0,0 +1,4 @@ +--- +- command: puppet cert sign {{ item }} creates=/var/lib/puppet/ssl/ca/signed/{{ item }}.pem + when: item != inventory_hostname + with_items: groups['infra'] diff --git a/run_puppet_infra_nodes.yml b/run_puppet_infra_nodes.yml new file mode 100644 index 0000000..ae2f99d --- /dev/null +++ b/run_puppet_infra_nodes.yml @@ -0,0 +1,7 @@ +--- +# file: run_puppet_infra_nodes +- hosts: infra:!meta-infra_type_puppetmaster + user: ubuntu + sudo: true + roles: + - { role: run_puppet_infra_nodes } diff --git a/set_hostnames.yml b/set_hostnames.yml new file mode 100644 index 0000000..5408ff2 --- /dev/null +++ b/set_hostnames.yml @@ -0,0 +1,7 @@ +--- +# file: set_hostnames.yml +- hosts: infra + user: ubuntu + sudo: true + roles: + - { role: set_hostnames } diff --git a/sign_infra_nodes_certs.yml b/sign_infra_nodes_certs.yml new file mode 100644 index 0000000..adee7af --- /dev/null +++ b/sign_infra_nodes_certs.yml @@ -0,0 +1,7 @@ +--- +# file: sign_infra_nodes_certs +- hosts: meta-infra_type_puppetmaster + user: ubuntu + sudo: true + roles: + - { role: sign_infra_nodes_certs } diff --git a/site.yml b/site.yml index 511a953..3bfffe9 100644 --- a/site.yml +++ b/site.yml @@ -1,7 +1,10 @@ --- # file: site.yml -- include: provision.yml -- include: bootstrap.yml -#- include: gerrit -#- include: jenkins -#- include: nodepool +- include: provision_infra_servers.yml +- include: set_hostnames.yml +- include: deploy_site_pp.yml +- include: deploy_hiera.yml +- include: bootstrap_puppetmaster.yml +- include: bootstrap_puppet_infra_nodes.yml +- include: sign_infra_nodes_certs.yml +- include: run_puppet_infra_nodes.yml diff --git a/zuul.yml b/zuul.yml new file mode 100644 index 0000000..e69de29