Commit Graph

60 Commits

Author SHA1 Message Date
Andreas Jaeger 797016c54b Retire repository
Fuel (from openstack namespace) and fuel-ccp (in x namespace)
repositories are unused and ready to retire.

This change removes all content from the repository and adds the usual
README file to point out that the repository is retired following the
process from
https://docs.openstack.org/infra/manual/drivers.html#retiring-a-project

See also
http://lists.openstack.org/pipermail/openstack-discuss/2019-December/011647.html

Depends-On: https://review.opendev.org/699362
Change-Id: Icc6a810696788e65e9afd8be691400d4d39de313
2019-12-18 09:38:51 +01:00
Georgy Kibardin 5877315c7f Configure mcollective identity in startup scripts
As a part of handing over control over mcollective from nailgun agent to
startup scripts lets get rid of of nodiscover file flag and perform
mcollective configuration and start

Change-Id: Ia2f984570b38642b1090f6483ed3fa78958550c5
Partial-Bug: #1585671
2017-02-09 14:33:48 +00:00
Jenkins 451c4b8402 Merge "Revert "Ignore heartbeats lock fails"" 2016-12-28 11:42:18 +00:00
Georgy Kibardin f15987c3f2 Revert "Ignore heartbeats lock fails"
It seems that there are at least two level of ruby-stomp brokenness and
the fact that the mutex in original commit is locked actually means
there is no heartbeat received in time and we need to do something about
this.

This reverts commit b50241a7b2.

Closes-Bug: #1644618
Change-Id: I8351abaf0078b094bff2aa20994575c15aec213b
2016-12-27 09:33:51 +00:00
Jenkins 907b7962f2 Merge "Ignore heartbeats lock fails" 2016-09-14 12:58:01 +00:00
Georgy Kibardin b50241a7b2 Ignore heartbeats lock fails
Stomp heartbeat handling is quite poorly designed. It happens in a
separate thread which sleeps, then tries to read a heartbeat if reading
mutex is acquired by message receiving thread it fails and increases
lock failure count. Upon reaching the limit (in our packets it is 2 by
default) it forcibly closes the connetion causing reconnect. Setting the
value to 0 turns the feature off.

Change-Id: I2187ce69508c530073582c542c963014acc5123a
Closes-Bug: #1613246
Closes-Bug: #1298262
2016-09-13 18:46:21 +03:00
Alexander Gordeev da7a578473 Configure admin NIC prior the first system boot
Having admin NIC confugured in the middle of system booting
is very fragile and error-prone approach.
It's better to configure it ahead of first booting time.

Also, there's no need for freaky networking restarting inside of
cloud-init boothooks anymore.

Change-Id: I4c278341e8b40eb8d9b100bed1d9a650f27b5c5b
Related-Bug: #1583815
2016-08-16 18:29:09 +03:00
Jenkins 04d1223717 Merge "enable mcollective (restart)" 2016-07-29 08:46:01 +00:00
dmburmistrov e5434510c9 enable mcollective (restart)
mcollective service is masked on early
stages, so restating it in cc_mcollective.py
actually does nothing. We have to restart it
when service is explicitely unmasked, what
is done in runcmd section.

blueprint: mos-xenial

Change-Id: I6ef54e45b5c06f136fe44d2d0e0932b77f752d13
2016-07-28 17:37:15 +00:00
Dmitry Teselkin 197be0294e Mcollective should be daemonized
In Xenial we use upstream mcollective with native
systemd service unit. This unit requires mcollective
to daemonize itself when started (Type=forking), so
we need to fix this in cloud-init config.

Change-Id: I39b64cae329b6515e42ac4e92f03ef9e64ec0d31
blueprint: mos-xenial
2016-07-20 11:21:51 +03:00
Ivan Suzdal 348eec834f Add systemctl support for runcmd
Also for now enabled/disabled actions is
identic for both puppet and mcollective

Change-Id: I818faeb38348bd1c09eec44b194ce3f665f09e96
2016-07-08 13:02:31 +00:00
Ivan Suzdal 12331234b8 Add shebang into rc.local
Systemd failed to start rc-local service
due to unknown exec format

blueprint: mos-xenial

Change-Id: Ifc59a75bd3018da108b79843fec6c717df0a319e
2016-07-01 18:02:38 +03:00
Maksim Malchuk 39fe69492c Run console on the serial port if required
This commit adds the ability to use IPMI SOL console when the nodes
provisioned with an option 'console=ttySx' or 'console=ttySx,speed',
where x is 0 for the COM1 and 1 for COM2. If speed parameter doesn't
provided so 9600 used as default. This feature can be used for the
bootstrap nodes too.

DocImpact
Closes-Bug: #1544820
Change-Id: I210001c5692281add2439843f4ad69d65c8f6e17
Signed-off-by: Maksim Malchuk <mmalchuk@mirantis.com>
2016-05-24 18:43:53 +03:00
Jenkins ebff0b0ba1 Merge "Use same rsyslog config files for remote logging" 2016-05-13 14:32:18 +00:00
Maksim Malchuk 9967f88e0a Use same rsyslog config files for remote logging
The cloud-init should use the same filenames for the rsyslog remote
logging as used in the fuel-library templates which would be
overwritten during the deployment by the puppet. This is partially
fix the problem with duplicate messages sent from slave nodes to the
Fuel master node rsyslog.

Change-Id: Ib95db5545889e8ae2b86dcf787c4adb7413d5698
Partial-Bug: #1579081
Partial-Bug: #1580200
Signed-off-by: Maksim Malchuk <mmalchuk@mirantis.com>
2016-05-12 20:27:42 +03:00
Dmitry Guryanov 8f5c03dcac change configdrive format to ConfigDrive version 2
We put configdrive with is9660 filesystem to a
partition on a hard disk. New hard disks may have
4K sectors, but blocksize of iso9660 fs is 2K so
it will not work.

To fix this bug we should use another filesystem (ext2)
and another config drive format (files, directory
structure), because NoCloud format, which is currently
used support only vfat and iso9660 filesystems.

Change-Id: Ia0f244f19bab3dfaceef8a092ad03667675a5557
Closes-Bug: #1544818
2016-04-28 18:06:18 +00:00
Jenkins 927da285b6 Merge "Disable stringify_facts on managed nodes" 2016-03-24 14:17:16 +00:00
Bartłomiej Piotrowski f862fb86ad Disable stringify_facts on managed nodes
By default Puppet enables stringify_facts. It can lead to weird behavior,
assuming a fact, that supposedly returns an array. E.g.:

Facter: ["/", "/boot", "/var", "/var/log"]
As exposed in Puppet: "[\"/\", \"/boot\", \"/var\", \"/var/log\"]"

It is already disabled in Puppet 4, so it makes sense to do it now to save
us from possible problems in the future.

Change-Id: Ib70ae937165ddb2968c9e4346434f18778b31714
Closes-Bug: 1526782
2016-03-24 12:28:49 +01:00
Anil Belur 2c93034a2b Fixes #1553236 - remove plain text passwords in cloud-init templates
The cloud-config uses a `plain_text_passwd: {{ user.password }}` which
could create potential security issues.

Therefore the cloud-config file, requires the 'plain text password'
replaced with a 'hashed password'.

Closes-bug: #1553236
Change-Id: Ic0c5992b5302f84819498ccd311cf19224142fa5
Signed-off-by: Anil Belur <askb23@gmail.com>
2016-03-22 14:09:04 +00:00
Jenkins fde8da5c9c Merge "Create non-root user account during image build process" 2016-03-02 13:50:21 +00:00
Dmitry Nikishov 70f767066e Create non-root user account during image build process
Extended Nailgun data driver to parse new ks_meta keys.

Extended Ubuntu cloud-init config template to create a non-root
account. Root login is being disabled, however, this setting
will only be effective until osnailyfacter::ssh puppet class
will have been evaluated during deployment as it overrides
sshd_config values. This means, that PermitRootLogin should be
managed by library as well.

Blueprint: fuel-nonroot-openstack-nodes
Depends-On: Ia18305e07d07377886783c3b3e44abe93cef2da5

Change-Id: I69831fe0327ef9ac55bed99301d2c3732b87ed88
2016-03-02 05:56:49 -06:00
Dmitry Nikishov 11e535e6e3 Introduced versioned cloud_config templates
Since the non-root feature, targeted for 9.0, is going to require
modification of cloud-config templates, it is reasonable to introduce
versioned CC templates.

Change-Id: I73548644df7e56a6b35660913e38f802d556f9c3
Blueprint: fuel-nonroot-openstack-nodes
2016-02-17 03:31:41 -06:00
slava cf4b9fc5f3 Do not restart mcollective service if it's enabled
Change-Id: I3aa199a2a2afca3229d2b3cb2cf5f6d30c641c6b
Closes-Bug: #1536924
2016-01-29 14:34:01 +03:00
Jenkins de350f39ce Merge "Add processing of 'identity' parameter for mcollective config" 2015-12-18 13:46:27 +00:00
Maksim Malchuk d910cb6655 Blacklist didn't work if running VirtualBox
This commit fixes blacklist procedure if running VirtualBox because with
version 5.0 of VirtualBox the 'virt-what' reports several hypervisors,
such as "virtualbox" and "kvm".

Change-Id: Ifba124c4c89fe08f573a56cdf71165309bfd5709
Partial-Bug: #1523526
2015-12-17 16:17:52 +03:00
Artem Roma 066334291a Add processing of 'identity' parameter for mcollective config
Nailgun-agent provided the parameter for the config and restarts
mcollective after update. But in some cases (see description of the
related bug) such behavior may cause deployment failure. So now the data
is supplied by astute in provision info and is placed into config on its
creation as other parameters.

Change-Id: I3670e571c13808da2b54bd6238d228e7cdb0ef96
Related-Bug: #1518306
Depends-On: I753eb76ed9c3b80f249c0c4b86ef48ef49274990
2015-12-15 07:05:55 +00:00
alexz 6356e90686 Fix trusty based slave bootstrap
* Sync fix-configs-on-startup with fuel-main/bootstrap
* Due wrong permission for trusty/etc\usr folders, after
rsync's files into chroot system - ntp fails to run due Access Denied
error
* fix ubuntu cloud-init hook for ntp.drift
* nailgun-agent runs only from cron
* fix file permission for trusty bootstrap
* add 'psmisc' for fuel-agent requirements
  Centos7 don't install it by default, otherwise mcollective
  container - which used for IBP

Change-Id: Ifecbc4220df8ae77f7373d4b342aa1e72deb9059
Closes-Bug: #1522406
2015-12-07 17:26:25 +02:00
Jenkins 2892f44d28 Merge "Disable launching etckeeper each puppet run" 2015-10-22 09:59:05 +00:00
Kyrylo Galanov 34de47281d Disable launching etckeeper each puppet run
etckeeper is not installed or configured on deployed nodes, so it should
be replaced with a dummy command that will return 0

Change-Id: I0ced09f9cedcdb81eb3281168fed8b15f61d1e99
Closes-bug: #1504191
2015-10-20 16:00:48 +03:00
Peter Zhurba 57e08df4fa Fix cloud-init rsyslog format template
Change-Id: I4b200434f5363e2f0d9108d5f2499c2ecd7fef8c
Closes-bug: #1498438
2015-10-15 15:46:15 +03:00
Alexander Gordeev 4352af292b Add versioning for cloud-init templates
Since cloud-init templates may vary from one release to another,
fuel-agent should be able to choose appropriate version according to
environment version provided in provision data.

Due to matter of changes, only boothook templates were affected,
the rest of templates haven't been changed yet.

* add templates from 6.1/stable
* add templates from 7.0/stable
* rename meta-data to meta_data

Change-Id: I03f9c304edb387435747c5f59d83516e8adcce9f
Closes-Bug: #1478549
Depends-On: I81b50863a58de10ee33c8064b38fc92ef7e1d86a
2015-09-22 18:07:38 +03:00
Sergey Kulanov 27d296042d Fix path to nailgun-agent
nailgun-agent package was updated and agent was renamed to
nailgun-agent [1, 2]. So we need to update path both for
CentOS and Ubuntu packages

[1]. https://github.com/stackforge/fuel-nailgun-agent/blob/master/specs/fuel-nailgun-agent.spec#L37
[2]. https://github.com/stackforge/fuel-nailgun-agent/blob/master/debian/rules#L12

Change-Id: I26207927a67ffd6f1f340ad717bcf291af4874ea
Closes-bug: #1492449
2015-09-07 23:39:58 +03:00
Bartłomiej Piotrowski bb3e019711 Make /var/log/puppet.log readable only to root
This file is currently world-readable and exposes all passwords used for
deployment, including OpenStack services and MySQL database.

Change-Id: I0be5ffd806ddf708344205fe374f716e4cd2d831
Closes-bug: 1486399
2015-08-20 12:24:29 +02:00
Jenkins 4e9fe5563e Merge "Load nf_conntrack_proto_gre kernel module default" 2015-07-20 12:53:47 +00:00
Sam Stoelinga cdb13c5dde Load nf_conntrack_proto_gre kernel module default
Add nf_conntrack_proto_gre to the default loaded modules
for CentOS and Ubuntu. This enables VMs on OpenStack
that use GRE to provide GRE connectivity over floating
IPs.

Closes-bug: #1474210

Change-Id: I265a30d698396bcce64b139dfa8696a440cc2a3b
2015-07-20 14:40:43 +08:00
Oleksiy Molchanov fca0ea6535 Add errors=panic to rootfs
* Add errors=panic to rootfs in order to panic and
not to go to 'ro' when there are any errors on the disk
* Set parameter kernel.panic in sysctl to 60 (By default,
the kernel will not reboot after a panic, but this option
will cause a kernel reboot after 60 seconds.)

Doc-Impact

Change-Id: Ib24f13d3cbbf792e7ee81a9b4054e084f4ec1b5e
Closes-Bug: 1371689
2015-07-14 18:49:03 +03:00
Jenkins f50b1b5bf4 Merge "IBP: configure mcollectived to NOT daemonize on Ubuntu" 2015-05-29 12:49:04 +00:00
Alexei Sheplyakov 08a7f41280 IBP: configure mcollectived to NOT daemonize on Ubuntu
sys v init scripts are inherently racy since creating a PID file takes
a while. In particular collectived needs about 0.6 seconds to daemonize
itself and create its PID file. If the service gets restarted in this
interval the second instance of the daemon gets started without stopping
the previous one. Apparently mcollectived gets restarted very often during
the final phase of IBP. Hence get rid of sys V init script and use
upstart job to manage mcollectived.

Merge-After: https://review.fuel-infra.org/7093
Closes-Bug: #1454741
Change-Id: Ie74539a068f33c485573645e6a2f88bd0972b59b
2015-05-29 14:26:33 +03:00
Alex Schultz e7ffd040eb Save iptables after flushing during cloud-init
The iptables rules should be saved after being flushed as part of the
cloud-init process. If the reboot plugin is used, the default CentOS
rules are loaded on boot because we are not saving the cleared set of
rules. This can cause some network configurations to break.
Ubuntu is not impacted as they do not have any 'default' rules.

Change-Id: I49842cd833a736f318dd237f07be2267dbfb27ab
Closes-Bug: 1459733
2015-05-28 15:20:10 -05:00
Alexei Sheplyakov 8af039fec4 IBP: configure mcollectived so it daemonizes itself
The server.cfg shipped with mcollective package tells mcollectived to
daemonize itself, and the config generated by cloud init tells it to run
in the background (assuming that the init script is responsible for
daemonization). This mismatch breaks PID file: start-stop-daemon forks,
detaches, records its pid, and runs mcollectived which daemonizes again.
As a result the PID recored in the PID file is wrong so subsequent
start/restart/stop action can't find the previously launched process
and starts an extra instance of mcollective.

In order to solve the problem
1) fix the init script (assuming that mcollectived daemonizes itself)
2) generate a proper server.cfg (with daemonize=1 statement)

Related-Bug: #1454741
Merge-After: https://review.fuel-infra.org/6760
Change-Id: I1b9ddc2d8ec790b5a6cb1095e32559cf506c48e7
2015-05-20 16:18:07 +03:00
Jenkins 6740122c70 Merge "Restart mcollective at the end of cloud-init magic" 2015-05-19 16:23:59 +00:00
Vladimir Kozhukalov 787b97eac0 Restart mcollective at the end of cloud-init magic
We use mcollective cloud-init module to configure
mcollective service. This module runs the command
'service mcollective start' which does nothing
if the service is already running (which is the actual case).
So, we can end up with mcollective unable to see
config file changed made by cloud-init and hence
prevent mcollective from being able to connect to
rabbit.

This patch restarts mcollective at the end of cloud-init run.

Closes-Bug: #1455489
Change-Id: I9ea122acc168120596bf48f378e92874936bcbe1
2015-05-19 15:06:41 +03:00
Vladimir Kozhukalov 6b2ea2fbbb Prevent nailgun-agent/cloud-init collision
This patch prevents nailgun-agent from doing anything
until cloud-init has finished its magic.

/etc/nailgun-agent/nodiscover file is created during provisioning stage
and then it is removed in /etc/rc.local which guarantees
that nailgun-agent doesn't change mcollective config at the
same time when cloud-init does this. Otherwise, we can
end up with corrupted mcollective config.

Related-Patch: I5fca4ca39abdc273f6958f2643fae6c5c99fba68
Change-Id: If8d1252e6d351ad073de26afc13a19de76f531fb
Closes-Bug: #1449186
2015-05-19 12:07:52 +03:00
Alex Schultz 60aefaaf51 Ensure mcollective starts on boot for CentOS
Change-Id: I7963dac00795245eb32ec9ad6e57ff7220fd95a4
Closes-Bug: 1443291
2015-04-17 23:31:56 +00:00
Vladimir Kozhukalov d5a462f099 IBP: fixed configuring admin interface for centos
Change-Id: Ibb0123ceb9a05cb5bd8db1a4f44d51cc92bbe2fa
Closes-Bug: #1439150
2015-04-01 19:59:53 +03:00
Alexander Gordeev 9da0b2b0b8 Handle arbitrary gw for node in fuel-agent
Add what was missing. Default gateway could be not only equal to master IP.

Closes-Bug: #1405664
Change-Id: I8f8a7a4a69ada5898a66b6211c185ad30b84a7e7
2015-03-06 17:48:41 +03:00
Vladimir Kozhukalov 3ab2a665b5 IBP: removed repo preconfiguration from cloud-init
New deployment task flow assumes we have the
deployment stage which configures repos on a node
just before running puppet. So, we don't need to
perform this repo pre-configuration in fuel agent
any more.

Change-Id: Ib3ffc2944d20470476fe800a1bf95382780a4bf9
Implements: blueprint consume-external-ubuntu
2015-03-05 15:43:27 +00:00
Alexander Gordeev 05f9614d16 [IBP] move udev rules manipulating out of cloud-init
We need to create udev rules prior the first boot. It's significally
easier to inject files and less magic required.

Change-Id: Iaa4dddad0efe5ac41f6b1284a8c4aa85066e39a9
Closes-Bug: #1420885
2015-02-24 16:30:43 +03:00
Alexander Gordeev 1c012b4dc7 [IBP] Fix idempotency issues in cloud-init boothooks
script named 'cloud-init-per' is written in bash and can't work with
pipes correctly. So, long command lines with pipes should be
converted to a single command, eg:

/bin/sh -c 'echo command | tee /etc/file'

Without that, all those incorrectly handled commands will empty files
on the every next boot after the first boot.

Change-Id: Ib49a21cde42264320ada882c9e06a4a0e09badfa
Closes-Bug: #1420396
2015-02-12 19:34:55 +03:00
Alexander Gordeev e303c87582 [IBP] Fix udev 70-net-persistent.rules filling
It's related to deployment snippents backporting to cloud-init.
Snippet works with kernel parameter 'udevrules' passed during booting to
/proc/cmdline.

Image based installation doesn't use /proc/cmdline for getting this data.
And it was containing redundant for that case 'grep udevrules' in the scripted
line. It was creating empty file for every time. After removing it, the issue
becomes completely resolved.

Change-Id: I0fb3c5bb99960c71bb4e9299da144ea9ca7479fc
Closes-Bug: #1419769
2015-02-09 17:10:27 +03:00