From 682d0f14b44119df93741d8421792437ccaf0dd1 Mon Sep 17 00:00:00 2001 From: Ricardo Carrillo Cruz Date: Wed, 5 Aug 2015 12:02:55 +0200 Subject: [PATCH] Remove dependency from system-config Instead of reusing system-config, just use Hiera as ENC --- README.md | 4 +- pre_puppet_gerrit.yml => bootstrap_gerrit.yml | 4 +- bootstrap_puppet_infra_nodes.yml | 1 - deploy_hiera.yml | 8 - deploy_system_config.yml | 7 - group_vars/all.yml | 1 - nodepool.yml | 0 post_puppet_gerrit.yml | 8 - post_puppet_jenkins.yml | 8 - requirements.txt | 1 + .../tasks/main.yml | 2 + .../tasks/main.yml | 36 +++-- .../files/generate_hiera_common.py | 33 ++++ roles/bootstrap_puppetmaster/files/hiera.yaml | 8 + roles/bootstrap_puppetmaster/files/site.pp | 1 + .../tasks/configure_puppetmaster.yml | 15 -- .../tasks/install_puppet_and_modules.yml | 8 - roles/bootstrap_puppetmaster/tasks/main.yml | 66 +++++++- .../tasks/rsync_system_config.yml | 6 - .../templates/gerrit.yaml.j2 | 8 + .../templates/puppet.conf.j2 | 16 ++ .../templates/zuul.yaml.j2 | 12 ++ roles/common/tasks/main.yml | 8 +- .../tasks/clone_system_config_locally.yml | 29 ---- .../tasks/commit_changes.yml | 5 - .../tasks/create_temp_folder.yml | 2 - .../tasks/generate_site_pp.yml | 3 - roles/deploy_system_config/tasks/main.yml | 5 - .../deploy_system_config/templates/site.pp.j2 | 146 ------------------ roles/post_puppet_gerrit/tasks/main.yml | 26 ---- roles/post_puppet_jenkins/tasks/main.yml | 22 --- roles/set_hostnames/tasks/main.yml | 3 +- run.sh | 3 + run_puppet_infra_nodes.yml | 8 - sign_infra_nodes_certs.yml | 8 - site.yml | 8 +- 36 files changed, 178 insertions(+), 351 deletions(-) rename pre_puppet_gerrit.yml => bootstrap_gerrit.yml (58%) delete mode 100644 deploy_hiera.yml delete mode 100644 deploy_system_config.yml delete mode 100644 nodepool.yml delete mode 100644 post_puppet_gerrit.yml delete mode 100644 post_puppet_jenkins.yml rename roles/{pre_puppet_gerrit => bootstrap_gerrit}/tasks/main.yml (93%) create mode 100644 roles/bootstrap_puppetmaster/files/generate_hiera_common.py create mode 100644 roles/bootstrap_puppetmaster/files/hiera.yaml create mode 100644 roles/bootstrap_puppetmaster/files/site.pp delete mode 100644 roles/bootstrap_puppetmaster/tasks/configure_puppetmaster.yml delete mode 100644 roles/bootstrap_puppetmaster/tasks/install_puppet_and_modules.yml delete mode 100644 roles/bootstrap_puppetmaster/tasks/rsync_system_config.yml create mode 100644 roles/bootstrap_puppetmaster/templates/gerrit.yaml.j2 create mode 100644 roles/bootstrap_puppetmaster/templates/puppet.conf.j2 create mode 100644 roles/bootstrap_puppetmaster/templates/zuul.yaml.j2 delete mode 100644 roles/deploy_system_config/tasks/clone_system_config_locally.yml delete mode 100644 roles/deploy_system_config/tasks/commit_changes.yml delete mode 100644 roles/deploy_system_config/tasks/create_temp_folder.yml delete mode 100644 roles/deploy_system_config/tasks/generate_site_pp.yml delete mode 100644 roles/deploy_system_config/tasks/main.yml delete mode 100644 roles/deploy_system_config/templates/site.pp.j2 delete mode 100644 roles/post_puppet_gerrit/tasks/main.yml delete mode 100644 roles/post_puppet_jenkins/tasks/main.yml create mode 100755 run.sh delete mode 100644 run_puppet_infra_nodes.yml delete mode 100644 sign_infra_nodes_certs.yml diff --git a/README.md b/README.md index aa0a2f5..a426ad1 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ Instructions 1. Run ``bash setup_env.sh`` 2. Run ``source /opt/stack/ansible/hacking/env-setup`` +3. Source your OpenStack cloud environment variables rc file 3. Run ``cp infra_config.yml.sample infra_config.yml`` 4. Edit infra_config.yml and put your environment values -5. Run ``ansible-playbook -i /plugins/inventory/openstack.py -e "@infra_config.yml" provision_infra_servers.yml`` -6. Run ``ansible-playbook -i /plugins/inventory/openstack.py -e "@infra_config.yml" site.yml`` +5. Run ``bash run.sh`` diff --git a/pre_puppet_gerrit.yml b/bootstrap_gerrit.yml similarity index 58% rename from pre_puppet_gerrit.yml rename to bootstrap_gerrit.yml index 9bbbe7f..c08881c 100644 --- a/pre_puppet_gerrit.yml +++ b/bootstrap_gerrit.yml @@ -1,8 +1,8 @@ --- -# file: pre_puppet_gerrit.yml +# file: boostrap_gerrit.yml - hosts: meta-infra_type_gerrit gather_facts: no user: ubuntu sudo: true roles: - - { role: pre_puppet_gerrit } + - { role: bootstrap_gerrit } diff --git a/bootstrap_puppet_infra_nodes.yml b/bootstrap_puppet_infra_nodes.yml index 4b2dcd5..84922e2 100644 --- a/bootstrap_puppet_infra_nodes.yml +++ b/bootstrap_puppet_infra_nodes.yml @@ -1,7 +1,6 @@ --- # file: bootstrap_puppet_infra_nodes.yml - hosts: infra:!meta-infra_type_puppetmaster - gather_facts: no user: ubuntu sudo: true roles: diff --git a/deploy_hiera.yml b/deploy_hiera.yml deleted file mode 100644 index b9b18de..0000000 --- a/deploy_hiera.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -# file: deploy_hiera.yml -- hosts: meta-infra_type_puppetmaster - gather_facts: no - user: ubuntu - sudo: true - roles: - - { role: deploy_hiera } diff --git a/deploy_system_config.yml b/deploy_system_config.yml deleted file mode 100644 index edfd0b5..0000000 --- a/deploy_system_config.yml +++ /dev/null @@ -1,7 +0,0 @@ ---- -# file: deploy_system_config.yml -- hosts: localhost - gather_facts: no - connection: local - roles: - - { role: deploy_system_config } diff --git a/group_vars/all.yml b/group_vars/all.yml index ebcc0a6..ed97d53 100644 --- a/group_vars/all.yml +++ b/group_vars/all.yml @@ -1,2 +1 @@ --- -system_config_branch: infra_config diff --git a/nodepool.yml b/nodepool.yml deleted file mode 100644 index e69de29..0000000 diff --git a/post_puppet_gerrit.yml b/post_puppet_gerrit.yml deleted file mode 100644 index d7061e2..0000000 --- a/post_puppet_gerrit.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -# file: post_puppet_gerrit.yml -- hosts: meta-infra_type_gerrit - gather_facts: no - user: ubuntu - sudo: true - roles: - - { role: post_puppet_gerrit } diff --git a/post_puppet_jenkins.yml b/post_puppet_jenkins.yml deleted file mode 100644 index 79fa7bd..0000000 --- a/post_puppet_jenkins.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -# file: post_puppet_jenkins.yml -- hosts: meta-infra_type_jenkins - gather_facts: no - user: ubuntu - sudo: true - roles: - - { role: post_puppet_jenkins } diff --git a/requirements.txt b/requirements.txt index 951cb0e..2ecc9a4 100644 --- a/requirements.txt +++ b/requirements.txt @@ -1,3 +1,4 @@ shade shade-ansible jinja2 +docker-py diff --git a/roles/pre_puppet_gerrit/tasks/main.yml b/roles/bootstrap_gerrit/tasks/main.yml similarity index 93% rename from roles/pre_puppet_gerrit/tasks/main.yml rename to roles/bootstrap_gerrit/tasks/main.yml index 442798e..e9e5a70 100644 --- a/roles/pre_puppet_gerrit/tasks/main.yml +++ b/roles/bootstrap_gerrit/tasks/main.yml @@ -8,6 +8,8 @@ - apt: name=python-mysqldb state=present +- apt: name=haveged state=present + - mysql_db: name=reviewdb state=present - service: name=mysql state=running enabled=yes diff --git a/roles/bootstrap_puppet_infra_node/tasks/main.yml b/roles/bootstrap_puppet_infra_node/tasks/main.yml index 134b206..3c7c689 100644 --- a/roles/bootstrap_puppet_infra_node/tasks/main.yml +++ b/roles/bootstrap_puppet_infra_node/tasks/main.yml @@ -1,22 +1,26 @@ --- -# Update packages -- apt: update_cache=yes +- name: Get deb package for Puppetlabs repository + get_url: > + url=https://apt.puppetlabs.com/puppetlabs-release-{{ansible_distribution_release}}.deb + dest=/tmp/puppetlabs-release-{{ansible_distribution_release}}.deb -# Download install_puppet.sh from system-config -- get_url: - url=https://git.openstack.org/cgit/openstack-infra/system-config/plain/install_puppet.sh - dest=/tmp/install_puppet.sh +- name: Install Puppetlabs repository deb package + apt: deb=/tmp/puppetlabs-release-{{ansible_distribution_release}}.deb -# Install puppet -- command: bash -x /tmp/install_puppet.sh - tags: install_puppet +- name: Install Puppet package after updating cache + apt: name=puppet update_cache=yes -# Deploy puppet.conf template -- template: src=puppet.conf.j2 dest=/etc/puppet/puppet.conf +- name: Deploy /etc/puppet.conf template + template: src=puppet.conf.j2 dest=/etc/puppet/puppet.conf -# Set puppet service running -- service: name=puppet enabled=yes state=started +- name: Start puppet agent service + service: name=puppet enabled=yes state=started -# Run puppet agent to request certificate -- command: puppet agent --test - ignore_errors: True +- name: Enable puppet agent, as it is disabled upon installation + command: puppet agent --enable + +- name: Install pip from Ubuntu (some classes do not install it properly) + apt: name=python-pip + +- name: Run puppet agent to apply configuration + puppet: diff --git a/roles/bootstrap_puppetmaster/files/generate_hiera_common.py b/roles/bootstrap_puppetmaster/files/generate_hiera_common.py new file mode 100644 index 0000000..c6283b6 --- /dev/null +++ b/roles/bootstrap_puppetmaster/files/generate_hiera_common.py @@ -0,0 +1,33 @@ +#!/usr/bin/env python + +import paramiko +import random +import string +import StringIO +import yaml + +KEY_LENGTH = 2048 +HIERA_SSH_PARAMS = [('puppetmaster_root_rsa_key', 'puppetmaster_root_rsa_pub_key'), + ('jenkins_ssh_private_key', 'jenkins_ssh_public_key'), + ('zuul_ssh_private_key_contents', 'zuul_ssh_public_key_contents'), + ('gerrit_ssh_rsa_key_contents', 'gerrit_ssh_rsa_pubkey_contents'), + ('gerrit_project_ssh_rsa_key_contents', 'gerrit_project_ssh_rsa_pubkey_contents')] +HIERA_PASSWORD_PARAMS = ['jenkins_jobs_password', 'gerrit_mysql_password'] +HIERA_COMMON_YAML_FILE = '/etc/puppet/hieradata/production/common.yaml' + +d = {} + +for h in HIERA_SSH_PARAMS: + out = StringIO.StringIO() + k = paramiko.RSAKey.generate(KEY_LENGTH) + k.write_private_key(out) + d[h[0]] = out.getvalue() + d[h[1]] = k.get_name() + ' ' + k.get_base64() + out.close() + +for h in HIERA_PASSWORD_PARAMS: + d[h] = ''.join(random.choice(string.ascii_uppercase + string.digits) for _ in range(12)) + + +with open(HIERA_COMMON_YAML_FILE, "w") as f: + yaml.safe_dump(d, f, explicit_start=True, default_flow_style=False) diff --git a/roles/bootstrap_puppetmaster/files/hiera.yaml b/roles/bootstrap_puppetmaster/files/hiera.yaml new file mode 100644 index 0000000..edb8743 --- /dev/null +++ b/roles/bootstrap_puppetmaster/files/hiera.yaml @@ -0,0 +1,8 @@ +--- +:hierarchy: + - "fqdn/%{::fqdn}" + - common +:backends: + - yaml +:yaml: + :datadir: '/etc/puppet/hieradata/%{environment}' diff --git a/roles/bootstrap_puppetmaster/files/site.pp b/roles/bootstrap_puppetmaster/files/site.pp new file mode 100644 index 0000000..c6c29ab --- /dev/null +++ b/roles/bootstrap_puppetmaster/files/site.pp @@ -0,0 +1 @@ +hiera_include('classes', []) diff --git a/roles/bootstrap_puppetmaster/tasks/configure_puppetmaster.yml b/roles/bootstrap_puppetmaster/tasks/configure_puppetmaster.yml deleted file mode 100644 index f7994b5..0000000 --- a/roles/bootstrap_puppetmaster/tasks/configure_puppetmaster.yml +++ /dev/null @@ -1,15 +0,0 @@ ---- -# Install puppetmaster packages -- apt: name={{ item }} state=installed - with_items: - - puppetmaster-passenger - - hiera - - hiera-puppet - -# Puppet apply the puppetmaster manifest -- command: > - puppet apply --modulepath='/opt/system-config/production/modules:/etc/puppet/modules' - /opt/system-config/production/manifests/site.pp - tags: puppet_apply - -- service: name=puppet enabled=yes state=started diff --git a/roles/bootstrap_puppetmaster/tasks/install_puppet_and_modules.yml b/roles/bootstrap_puppetmaster/tasks/install_puppet_and_modules.yml deleted file mode 100644 index 33d4982..0000000 --- a/roles/bootstrap_puppetmaster/tasks/install_puppet_and_modules.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -# Install puppet -- command: bash /opt/system-config/production/install_puppet.sh - tags: install_puppet - -# Install puppet modules -- command: bash /opt/system-config/production/install_modules.sh - tags: install_puppet_modules diff --git a/roles/bootstrap_puppetmaster/tasks/main.yml b/roles/bootstrap_puppetmaster/tasks/main.yml index c0f04e8..bfad55a 100644 --- a/roles/bootstrap_puppetmaster/tasks/main.yml +++ b/roles/bootstrap_puppetmaster/tasks/main.yml @@ -1,4 +1,64 @@ --- -- include: rsync_system_config.yml -- include: install_puppet_and_modules.yml -- include: configure_puppetmaster.yml +- name: Install required packages + apt: name={{ item }} state=installed + with_items: + - puppet + - puppetmaster-passenger + - puppetmaster + - python-paramiko + +- name: Download install_modules.sh script + get_url: > + url=https://git.openstack.org/cgit/openstack-infra/system-config/plain/install_modules.sh + dest=/tmp/install_modules.sh + +- name: Download modules.env file required by install_modules.sh + get_url: > + url=https://git.openstack.org/cgit/openstack-infra/system-config/plain/modules.env + dest=/tmp/modules.env + +- name: Run install_modules.sh to install all openstack-infra Puppet modules + command: bash /tmp/install_modules.sh + +- name: Deploy /etc/puppet.conf template + template: src=puppet.conf.j2 dest=/etc/puppet/puppet.conf + +- name: Copy top-level site.pp to /etc/puppet/manifests + copy: src=site.pp dest=/etc/puppet/manifests + +- name: Create /etc/puppet/hieradata folder + file: path=/etc/puppet/hieradata state=directory + +- name: Create /etc/puppet/hieradata/production folder + file: path=/etc/puppet/hieradata/production state=directory + +- name: Create /etc/puppet/hieradata/production/fqdn folder + file: path=/etc/puppet/hieradata/production/fqdn state=directory + +- name: Copy hiera.yaml to /etc/puppet/ + copy: src=hiera.yaml dest=/etc/puppet + +- name: Run generate_hiera_common.py to populate common.yaml + script: generate_hiera_common.py + +- name: Deploy Gerrit server template for hiera + template: > + src=gerrit.yaml.j2 + dest=/etc/puppet/hieradata/production/fqdn/{{ groups['meta-infra_type_gerrit'][0] }}.yaml + +- name: Deploy Zuul server template for hiera + template: > + src=zuul.yaml.j2 + dest=/etc/puppet/hieradata/production/fqdn/{{ groups['meta-infra_type_zuul'][0] }}.yaml + +- name: Start puppet agent service + service: name=puppet enabled=yes state=started + +- name: Start puppet agent + service: name=puppetmaster enabled=yes state=started + +- name: Enable puppet agent, as it is disabled upon installation + command: puppet agent --enable + +- name: Run puppet agent to apply configuration + puppet: diff --git a/roles/bootstrap_puppetmaster/tasks/rsync_system_config.yml b/roles/bootstrap_puppetmaster/tasks/rsync_system_config.yml deleted file mode 100644 index c5fc287..0000000 --- a/roles/bootstrap_puppetmaster/tasks/rsync_system_config.yml +++ /dev/null @@ -1,6 +0,0 @@ ---- -- file: path=/opt/system-config state=directory - -# Synchronize system-config from local to dest machine -- synchronize: src=/tmp/infra-ansible/system-config/production dest=/opt/system-config/ - tags: rsync_system_config diff --git a/roles/bootstrap_puppetmaster/templates/gerrit.yaml.j2 b/roles/bootstrap_puppetmaster/templates/gerrit.yaml.j2 new file mode 100644 index 0000000..bd163cb --- /dev/null +++ b/roles/bootstrap_puppetmaster/templates/gerrit.yaml.j2 @@ -0,0 +1,8 @@ +--- +classes: + - gerrit + +gerrit::mysql_password: "%{hiera('gerrit_mysql_password')}" +gerrit::gerrit_auth_type: DEVELOPMENT_BECOME_ANY_ACCOUNT +gerrit::war: http://tarballs.openstack.org/ci/gerrit/gerrit-v2.10.2.23.039a170.war +gerrit::secondary_index: true diff --git a/roles/bootstrap_puppetmaster/templates/puppet.conf.j2 b/roles/bootstrap_puppetmaster/templates/puppet.conf.j2 new file mode 100644 index 0000000..1c631f6 --- /dev/null +++ b/roles/bootstrap_puppetmaster/templates/puppet.conf.j2 @@ -0,0 +1,16 @@ +[main] +server={{ groups['meta-infra_type_puppetmaster'][0] }} +certname={{ inventory_hostname }} +logdir=/var/log/puppet +vardir=/var/lib/puppet +ssldir=/var/lib/puppet/ssl +rundir=/var/run/puppet +factpath=$vardir/lib/facter +templatedir=$confdir/templates + +[master] +# These are needed when the puppetmaster is run by passenger +# and can safely be removed if webrick is used. +ssl_client_header = SSL_CLIENT_S_DN +ssl_client_verify_header = SSL_CLIENT_VERIFY +autosign = true diff --git a/roles/bootstrap_puppetmaster/templates/zuul.yaml.j2 b/roles/bootstrap_puppetmaster/templates/zuul.yaml.j2 new file mode 100644 index 0000000..30fbc69 --- /dev/null +++ b/roles/bootstrap_puppetmaster/templates/zuul.yaml.j2 @@ -0,0 +1,12 @@ +--- +classes: + - project_config + - zuul + - zuul::server + +project_config::url: git://git.openstack.org/openstack-infra/project-config +zuul::gerrit_server: {{ groups['meta-infra_type_gerrit'][0] }} +zuul::gerrit_user: gerrit +zuul::zuul_ssh_private_key: "%{hiera(zuul_ssh_private_key_contents)}" +zuul::zuul_url: http://{{ groups['meta-infra_type_zuul'][0] }}/p +zuul::server::layout_dir: "%{::project_config::zuul_layout_dir}" diff --git a/roles/common/tasks/main.yml b/roles/common/tasks/main.yml index 8b18828..0da35c9 100644 --- a/roles/common/tasks/main.yml +++ b/roles/common/tasks/main.yml @@ -1,6 +1,6 @@ --- -# Update packages -- apt: update_cache=yes +- name: Update packages + apt: update_cache=yes -# Install git -- apt: name=git +- name: Install git package + apt: name=git diff --git a/roles/deploy_system_config/tasks/clone_system_config_locally.yml b/roles/deploy_system_config/tasks/clone_system_config_locally.yml deleted file mode 100644 index c858bfc..0000000 --- a/roles/deploy_system_config/tasks/clone_system_config_locally.yml +++ /dev/null @@ -1,29 +0,0 @@ ---- -# Clone system-config locally in the command machine -- git: repo="{{ system_config_repo_url }}" - dest=/tmp/infra-ansible/system-config/production - version=master - accept_hostkey=True - force=True - tags: clone_system_config_locally - -- command: git symbolic-ref --short -q HEAD - args: - chdir: /tmp/infra-ansible/system-config/production - register: checked_out_branch - -- command: git show-ref --verify --quiet refs/heads/"{{ system_config_branch }}" - args: - chdir: /tmp/infra-ansible/system-config/production - register: system_config_branch_exists - ignore_errors: True - -- command: git checkout -b "{{ system_config_branch }}" - args: - chdir: /tmp/infra-ansible/system-config/production - when: system_config_branch_exists|failed - -- command: git checkout "{{ system_config_branch }}" - args: - chdir: /tmp/infra-ansible/system-config/production - when: system_config_branch_exists|success and checked_out_branch.stdout != "{{ system_config_branch }}" diff --git a/roles/deploy_system_config/tasks/commit_changes.yml b/roles/deploy_system_config/tasks/commit_changes.yml deleted file mode 100644 index a9cd4d3..0000000 --- a/roles/deploy_system_config/tasks/commit_changes.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- command: git commit -a -m "deploy_system_config commit from infra-ansible" - args: - chdir: /tmp/infra-ansible/system-config/production - ignore_errors: True diff --git a/roles/deploy_system_config/tasks/create_temp_folder.yml b/roles/deploy_system_config/tasks/create_temp_folder.yml deleted file mode 100644 index a976931..0000000 --- a/roles/deploy_system_config/tasks/create_temp_folder.yml +++ /dev/null @@ -1,2 +0,0 @@ ---- -- file: path=/tmp/infra-ansible state=directory diff --git a/roles/deploy_system_config/tasks/generate_site_pp.yml b/roles/deploy_system_config/tasks/generate_site_pp.yml deleted file mode 100644 index 96ce1be..0000000 --- a/roles/deploy_system_config/tasks/generate_site_pp.yml +++ /dev/null @@ -1,3 +0,0 @@ ---- -# Generate site.pp -- template: src=site.pp.j2 dest=/tmp/infra-ansible/system-config/production/manifests/site.pp diff --git a/roles/deploy_system_config/tasks/main.yml b/roles/deploy_system_config/tasks/main.yml deleted file mode 100644 index 49fa433..0000000 --- a/roles/deploy_system_config/tasks/main.yml +++ /dev/null @@ -1,5 +0,0 @@ ---- -- include: create_temp_folder.yml -- include: clone_system_config_locally.yml -- include: generate_site_pp.yml -- include: commit_changes.yml diff --git a/roles/deploy_system_config/templates/site.pp.j2 b/roles/deploy_system_config/templates/site.pp.j2 deleted file mode 100644 index a8b604a..0000000 --- a/roles/deploy_system_config/templates/site.pp.j2 +++ /dev/null @@ -1,146 +0,0 @@ -# -# Top-level variables -# -# There must not be any whitespace between this comment and the variables or -# in between any two variables in order for them to be correctly parsed and -# passed around in test.sh -# - -# -# Default: should at least behave like an openstack server -# -node default { - class { 'openstack_project::server': - sysadmins => hiera('sysadmins', []), - } -} - -# -# Long lived servers: -# -node '{{ groups['meta-infra_type_gerrit'][0] }}' { - class { 'openstack_project::gerrit': - ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem', - ssl_key_file => '/etc/ssl/private/ssl-cert-snakeoil.key', - ssl_chain_file => '', - mysql_host => hiera('gerrit_mysql_host', 'localhost'), - mysql_password => hiera('gerrit_mysql_password', 'XXX'), - email_private_key => hiera('gerrit_email_private_key', 'XXX'), - email => 'review@infra-ansible.cloud', - contactstore => false, - acls_dir => $::project_config::gerrit_acls_dir, - notify_impact_file => $::project_config::gerrit_notify_impact_file, - projects_file => $::project_config::jeepyb_project_file, - ssh_rsa_key_contents => hiera('gerrit_ssh_rsa_key_contents', 'XXX'), - ssh_rsa_pubkey_contents => hiera('gerrit_ssh_rsa_pubkey_contents', 'XXX'), - ssh_project_rsa_key_contents => hiera('gerrit_project_ssh_rsa_key_contents', 'XXX'), - ssh_project_rsa_pubkey_contents => hiera('gerrit_project_ssh_rsa_pubkey_contents', 'XXX'), - sysadmins => hiera('sysadmins', []), - database_poollimit => '150', - container_heaplimit => '8g', - core_packedgitopenfiles => '4096', - core_packedgitlimit => '400m', - core_packedgitwindowsize => '16k', - sshd_threads => '100', - httpd_maxwait => '5000min', - war => 'http://tarballs.openstack.org/ci/gerrit/gerrit-v2.8.4.19.4548330.war', - testmode => true, - replication => [ - { - name => 'local', - url => 'file:///opt/lib/git/', - replicationDelay => '1', - threads => '4', - mirror => true, - }, - ], - } - - class { 'project_config': - url => 'https://git.openstack.org/openstack-infra/project-config', - } -} - -node '{{ groups['meta-infra_type_jenkins'][0] }}' { - $group = "jenkins" - class { 'openstack_project::jenkins': - project_config_repo => 'https://git.openstack.org/openstack-infra/project-config', - jenkins_jobs_password => hiera('jenkins_jobs_password', 'XXX'), - jenkins_ssh_private_key => hiera('jenkins_ssh_private_key_contents', 'XXX'), - ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem', - ssl_key_file => '/etc/ssl/private/ssl-cert-snakeoil.key', - ssl_chain_file => '', - sysadmins => hiera('sysadmins', []), - zmq_event_receivers => ['{{ groups['meta-infra_type_nodepool'][0] }}'], - } -} - -node '{{ groups['meta-infra_type_puppetmaster'][0] }}' { - class { 'openstack_project::puppetmaster': - root_rsa_key => hiera('puppetmaster_root_rsa_key', 'XXX'), - sysadmins => hiera('sysadmins', []), - version => '3.6.', - puppetmaster_server => '{{ groups['meta-infra_type_puppetmaster'][0] }}', - puppetdb => false, - } -} - -node 'puppetdb.openstack.org' { - class { 'openstack_project::puppetdb': - sysadmins => hiera('sysadmins', []), - } -} - -node 'nodepool.openstack.org' { - class { 'openstack_project::nodepool_prod': - project_config_repo => 'https://git.openstack.org/openstack-infra/project-config', - mysql_password => hiera('nodepool_mysql_password', 'XXX'), - mysql_root_password => hiera('nodepool_mysql_root_password', 'XXX'), - nodepool_ssh_private_key => hiera('jenkins_ssh_private_key_contents', 'XXX'), - sysadmins => hiera('sysadmins', []), - statsd_host => 'graphite.openstack.org', - jenkins_api_user => hiera('jenkins_api_user', 'username'), - jenkins_api_key => hiera('jenkins_api_key', 'XXX'), - jenkins_credentials_id => hiera('jenkins_credentials_id', 'XXX'), - rackspace_username => hiera('nodepool_rackspace_username', 'username'), - rackspace_password => hiera('nodepool_rackspace_password', 'XXX'), - rackspace_project => hiera('nodepool_rackspace_project', 'project'), - hpcloud_username => hiera('nodepool_hpcloud_username', 'username'), - hpcloud_password => hiera('nodepool_hpcloud_password', 'XXX'), - hpcloud_project => hiera('nodepool_hpcloud_project', 'project'), - tripleo_username => hiera('nodepool_tripleo_username', 'username'), - tripleo_password => hiera('nodepool_tripleo_password', 'XXX'), - tripleo_project => hiera('nodepool_tripleo_project', 'project'), - } -} - -node /^zm\d+\.openstack\.org$/ { - $group = "zuul-merger" - class { 'openstack_project::zuul_merger': - gearman_server => 'zuul.openstack.org', - gerrit_server => 'review.openstack.org', - gerrit_user => 'jenkins', - gerrit_ssh_host_key => hiera('gerrit_ssh_rsa_pubkey_contents', 'XXX'), - zuul_ssh_private_key => hiera('zuul_ssh_private_key_contents', 'XXX'), - sysadmins => hiera('sysadmins', []), - } -} - -node '{{ groups['meta-infra_type_zuul'][0] }}' { - class { 'openstack_project::zuul_prod': - project_config_repo => 'https://git.openstack.org/openstack-infra/project-config', - gerrit_server => '{{ groups['meta-infra_type_gerrit'][0]}} ', - gerrit_user => 'jenkins', - gerrit_ssh_host_key => hiera('gerrit_ssh_rsa_pubkey_contents', 'XXX'), - zuul_ssh_private_key => hiera('zuul_ssh_private_key_contents', 'XXX'), - url_pattern => 'http://logs.openstack.org/{build.parameters[LOG_PATH]}', - zuul_url => 'http://{{ groups['meta-infra_type_zuul'][0] }}/p', - sysadmins => hiera('sysadmins', []), - statsd_host => '', - gearman_workers => [ - '{{ groups['meta-infra_type_jenkins'][0] }}', - ], - } -} - -# vim:sw=2:ts=2:expandtab:textwidth=79 diff --git a/roles/post_puppet_gerrit/tasks/main.yml b/roles/post_puppet_gerrit/tasks/main.yml deleted file mode 100644 index fd120c4..0000000 --- a/roles/post_puppet_gerrit/tasks/main.yml +++ /dev/null @@ -1,26 +0,0 @@ ---- -# Enable ssh agent forwarding with sudo -- lineinfile: dest=/etc/sudoers state=present regexp='^Defaults env_keep\+\=SSH_AUTH_SOCK' line='Defaults env_keep+=SSH_AUTH_SOCK' - -- pause: - prompt: | - Please login to "{{ groups['meta-infra_type_gerrit'][0] }}" - with your OpenID, set your user preferences and enter - your user account name - register: gerrit_prompt_var - -- command: hiera -c /etc/puppet/hiera.yaml zuul_ssh_public_key_contents environment=production - delegate_to: "{{ groups['meta-infra_type_puppetmaster'][0] }}" - register: zuul_ssh_public_key_contents - -- command: hiera -c /etc/puppet/hiera.yaml gerrit_project_ssh_rsa_pubkey_contents environment=production - delegate_to: "{{ groups['meta-infra_type_puppetmaster'][0] }}" - register: gerrit_project_ssh_rsa_pubkey_contents - -- command: ssh -p 29418 -o StrictHostKeyChecking=no "{{ gerrit_prompt_var.user_input }}"@localhost gerrit create-group "'Project Bootstrappers'" - -- command: ssh -p 29418 -o StrictHostKeyChecking=no "{{ gerrit_prompt_var.user_input }}"@localhost gerrit create-group "'Continuous Integration Tools'" - -- command: ssh -p 29418 -o StrictHostKeyChecking=no "{{ gerrit_prompt_var.user_input }}"@localhost gerrit create-account --group "'Continuous Integration Tools'" --group Administrators --full-name "'Project Creator'" --email creator@infra-ansible."{{ domainname }}" --ssh-key "'{{ gerrit_project_ssh_rsa_pubkey_contents.stdout }}'" openstack-project-creator - -- command: ssh -p 29418 -o StrictHostKeyChecking=no "{{ gerrit_prompt_var.user_input }}"@localhost gerrit create-account --group "'Continuous Integration Tools'" --group "'Non-Interactive Users'" --full-name "'Zuul'" --email zuul@infra-ansible."{{ domainname }}" --ssh-key "'{{ zuul_ssh_public_key_contents.stdout }}'" jenkins diff --git a/roles/post_puppet_jenkins/tasks/main.yml b/roles/post_puppet_jenkins/tasks/main.yml deleted file mode 100644 index 1a1c8b0..0000000 --- a/roles/post_puppet_jenkins/tasks/main.yml +++ /dev/null @@ -1,22 +0,0 @@ ---- -# Get JJB user password from Hiera -- command: hiera -c /etc/puppet/hiera.yaml jenkins_jobs_password environment=production - delegate_to: "{{ groups['meta-infra_type_puppetmaster'][0] }}" - register: jenkins_jobs_password - no_log: True - -# Download Jenkins CLI -- get_url: url=http://localhost:8080/jnlpJars/jenkins-cli.jar dest=/tmp/jenkins-cli.jar - register: result - until: result|success - retries: 5 - delay: 10 - -# Create JJB user -- shell: echo 'hpsr=new hudson.security.HudsonPrivateSecurityRealm(false); hpsr.createAccount("gerrig", "{{ jenkins_jobs_password }}")' | java -jar /tmp/jenkins-cli.jar -s http://localhost:8080 groovy = - no_log: True - -# Trigger jenkins-jobs update in fire&forget mode, since it takes a long time to complete -- command: jenkins-jobs update /etc/jenkins_jobs/config --delete-old - async: 3600 - poll: 0 diff --git a/roles/set_hostnames/tasks/main.yml b/roles/set_hostnames/tasks/main.yml index 1d0ca93..00bf696 100644 --- a/roles/set_hostnames/tasks/main.yml +++ b/roles/set_hostnames/tasks/main.yml @@ -3,7 +3,8 @@ # Inspired by: # https://github.com/ansible/ansible/pull/8482) # https://gist.github.com/rothgar/8793800 -- hostname: name="{{ inventory_hostname.split('.', 1)[0] }}" +- name: Set /etc/hostname + hostname: name="{{ inventory_hostname.split('.', 1)[0] }}" # " lovely lonely double-quote for fixing vim highlighting diff --git a/run.sh b/run.sh new file mode 100755 index 0000000..02b1643 --- /dev/null +++ b/run.sh @@ -0,0 +1,3 @@ +#!/bin/bash +ansible-playbook -i hosts provision_infra_servers.yml -e "@infra_config.yml" +ansible-playbook -i /opt/stack/ansible/contrib/inventory/openstack.py site.yml -e "@infra_config.yml" diff --git a/run_puppet_infra_nodes.yml b/run_puppet_infra_nodes.yml deleted file mode 100644 index b991049..0000000 --- a/run_puppet_infra_nodes.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -# file: run_puppet_infra_nodes -- hosts: infra:!meta-infra_type_puppetmaster - gather_facts: no - user: ubuntu - sudo: true - roles: - - { role: run_puppet_infra_nodes } diff --git a/sign_infra_nodes_certs.yml b/sign_infra_nodes_certs.yml deleted file mode 100644 index fd29a91..0000000 --- a/sign_infra_nodes_certs.yml +++ /dev/null @@ -1,8 +0,0 @@ ---- -# file: sign_infra_nodes_certs -- hosts: meta-infra_type_puppetmaster - gather_facts: no - user: ubuntu - sudo: true - roles: - - { role: sign_infra_nodes_certs } diff --git a/site.yml b/site.yml index 08b82e4..23085e2 100644 --- a/site.yml +++ b/site.yml @@ -2,12 +2,6 @@ # file: site.yml - include: common.yml - include: set_hostnames.yml -- include: deploy_system_config.yml -- include: deploy_hiera.yml - include: bootstrap_puppetmaster.yml +- include: bootstrap_gerrit.yml - include: bootstrap_puppet_infra_nodes.yml -- include: sign_infra_nodes_certs.yml -- include: pre_puppet_gerrit.yml -- include: run_puppet_infra_nodes.yml -- include: post_puppet_gerrit.yml -- include: post_puppet_jenkins.yml