Redo slave manifests for clarity and correctness.

The differences between openstack_project::slave, openstack_project::slave_template, and openstack_project::bare_slave were not always clear. Keep openstack_project::slave as the default long running slave manifest, but replace slave_template with a single_use_slave.pp to make it clear where single use slave config begins. Add the ability to toggle automatic upgrades and jenkins sudo rights to this new manifest. Finally, add a more verbose comment to bare_slave explaining what it is useful for (having a jenkins like slave host that doesn't need a firewall or ntp or automatic upgrades). Change-Id: I3989c9e6ad9469f441ca5d3627f7b3b704d8a8da
2014-01-27 10:39:10 -08:00 · 2014-01-27 10:39:10 -08:00 · 0f4b0fae64
parent dcee3ce25e
commit 0f4b0fae64
11 changed files with 47 additions and 63 deletions
--- a/doc/source/nodepool.rst
+++ b/doc/source/nodepool.rst
@ -15,7 +15,7 @@ At a Glance
  * nodepool.openstack.org
 :Puppet:
  * :file:`modules/nodepool/`
-  * :file:`modules/openstack_project/manifests/dev_slave_template.pp`
+  * :file:`modules/openstack_project/manifests/single_use_slave.pp`
 :Configuration:
  * :file:`modules/openstack_project/templates/nodepool/nodepool.yaml.erb`
  * :file:`modules/openstack_project/files/nodepool/scripts/`
--- a/manifests/site.pp
+++ b/manifests/site.pp
@ -556,16 +556,6 @@ node 'pbx.openstack.org' {
  }
 }

-# A bare machine, but with a jenkins user
-node /^.*\.template\.openstack\.org$/ {
-  include openstack_project::slave_template
-}
-
-# A bare machine, but with a jenkins user
-node /^.*dev-.*\.template\.openstack\.org$/ {
-  include openstack_project::dev_slave_template
-}
-
 # A backup machine.  Don't run cron or puppet agent on it.
 node /^ci-backup-.*\.openstack\.org$/ {
  include openstack_project::backup_server
@ -710,12 +700,6 @@ node /^fedora18-dev\d+\.slave\.openstack\.org$/ {
  }
 }

-node /^.*\.jclouds\.openstack\.org$/ {
-  class { 'openstack_project::bare_slave':
-    certname => 'jclouds.openstack.org',
-  }
-}
-
 node 'openstackid-dev.openstack.org' {
  class { 'openstack_project::openstackid_dev':
    sysadmins            => hiera('sysadmins'),
--- a/modules/openstack_project/files/nodepool/scripts/prepare_node.sh
+++ b/modules/openstack_project/files/nodepool/scripts/prepare_node.sh
@ -17,8 +17,10 @@
 # limitations under the License.

 HOSTNAME=$1
+SUDO=$2

-sudo hostname $1
+
+sudo hostname $HOSTNAME
 wget https://git.openstack.org/cgit/openstack-infra/config/plain/install_puppet.sh
 sudo bash -xe install_puppet.sh
 sudo git clone https://review.openstack.org/p/openstack-infra/config.git \
@ -26,10 +28,10 @@ sudo git clone https://review.openstack.org/p/openstack-infra/config.git \
 sudo /bin/bash /root/config/install_modules.sh
 if [ -z "$NODEPOOL_SSH_KEY" ] ; then
    sudo puppet apply --modulepath=/root/config/modules:/etc/puppet/modules \
-	-e "class {'openstack_project::slave_template': }"
+	-e "class {'openstack_project::single_use_slave': sudo => $SUDO, }"
 else
    sudo puppet apply --modulepath=/root/config/modules:/etc/puppet/modules \
-	-e "class {'openstack_project::slave_template': install_users => false, ssh_key => '$NODEPOOL_SSH_KEY', }"
+	-e "class {'openstack_project::single_use_slave': install_users => false, sudo => $SUDO, ssh_key => '$NODEPOOL_SSH_KEY', }"
 fi

 sudo mkdir -p /opt/git
--- a/modules/openstack_project/files/nodepool/scripts/prepare_node_bare.sh
+++ b/modules/openstack_project/files/nodepool/scripts/prepare_node_bare.sh
@ -18,5 +18,4 @@

 HOSTNAME=$1

-./prepare_node.sh $HOSTNAME
-sudo puppet apply --modulepath=/root/config/modules:/etc/puppet/modules -e "class {'openstack_project::bare_slave': }"
+./prepare_node.sh $HOSTNAME false
--- a/modules/openstack_project/files/nodepool/scripts/prepare_node_devstack.sh
+++ b/modules/openstack_project/files/nodepool/scripts/prepare_node_devstack.sh
@ -18,5 +18,5 @@

 HOSTNAME=$1

-./prepare_node.sh $HOSTNAME
+./prepare_node.sh $HOSTNAME true
 sudo -u jenkins -i /opt/nodepool-scripts/prepare_devstack.sh $HOSTNAME
--- a/modules/openstack_project/files/nodepool/scripts/prepare_node_tripleo.sh
+++ b/modules/openstack_project/files/nodepool/scripts/prepare_node_tripleo.sh
@ -20,5 +20,5 @@ HOSTNAME=$1

 # Workaround bug 1270646 during node bootstrapping.
 sudo ip link set mtu 1458 dev eth0
-./prepare_node.sh $HOSTNAME
+./prepare_node.sh $HOSTNAME true
 sudo -u jenkins -i /opt/nodepool-scripts/prepare_tripleo.sh $HOSTNAME
--- a/modules/openstack_project/manifests/bare_slave.pp
+++ b/modules/openstack_project/manifests/bare_slave.pp
@ -1,5 +1,7 @@
-# bare-bones slaves spun up by jclouds. Specifically need to not set ssh
-# login limits, because it screws up jclouds provisioning
+# Super simple slave manifest that installs something very
+# similar to an OpenStack Jenkins slave but does not need to
+# have services managed like firewall, ntp, automatic upgrades,
+# and so on.
 class openstack_project::bare_slave(
  $certname = $::fqdn,
  $install_users = true
--- a/modules/openstack_project/manifests/dev_slave_template.pp
+++ b/modules/openstack_project/manifests/dev_slave_template.pp
@ -1,16 +0,0 @@
-# == Class: openstack_project::dev_slave_template
-#
-class openstack_project::dev_slave_template (
-  $install_users = true,
-  $ssh_key = $openstack_project::jenkins_dev_ssh_key
-) inherits openstack_project {
-  class { 'openstack_project::template':
-    iptables_public_tcp_ports => [],
-    install_users             => $install_users,
-  }
-  class { 'jenkins::slave':
-    ssh_key => $ssh_key,
-    sudo    => true,
-    bare    => true,
-  }
-}
--- a/modules/openstack_project/manifests/single_use_slave.pp
+++ b/modules/openstack_project/manifests/single_use_slave.pp
@ -0,0 +1,30 @@
+# == Class: openstack_project::single_use_slave
+#
+# This class configures single use Jenkins slaves with a few
+# toggleable options. Most importantly sudo rights for the Jenkins
+# user are by default off but can be enabled. Also, automatic_upgrades
+# are off by default as the assumption is the backing image for
+# this single use slaves will be refreshed with new packages
+# periodically.
+class openstack_project::single_use_slave (
+  $certname = $::fqdn,
+  $install_users = true,
+  $sudo = false,
+  $automatic_upgrades = false,
+  $ssh_key = $openstack_project::jenkins_ssh_key
+) inherits openstack_project {
+  class { 'openstack_project::template':
+    certname           => $certname,
+    automatic_upgrades => $automatic_upgrades,
+    install_users      => $install_users,
+    # Port 8000 from the devstack neutron public net to allow
+    # nova servers to reach heat-api-cfn
+    iptables_rules4    =>
+      ['-p tcp --dport 8000 -s 172.24.4.0/24 -j ACCEPT'],
+  }
+  class { 'jenkins::slave':
+    ssh_key => $ssh_key,
+    sudo    => $sudo,
+    bare    => true,
+  }
+}
--- a/modules/openstack_project/manifests/slave_template.pp
+++ b/modules/openstack_project/manifests/slave_template.pp
@ -1,20 +0,0 @@
-# == Class: openstack_project::slave_template
-#
-class openstack_project::slave_template (
-  $install_users = true,
-  $ssh_key = $openstack_project::jenkins_ssh_key
-) inherits openstack_project {
-  class { 'openstack_project::template':
-    # Port 8000 from the devstack neutron public net to allow
-    # nova servers to reach heat-api-cfn
-    iptables_rules4           =>
-      ['-p tcp --dport 8000 -s 172.24.4.0/24 -j ACCEPT'],
-    iptables_public_tcp_ports => [],
-    install_users             => $install_users,
-  }
-  class { 'jenkins::slave':
-    ssh_key => $ssh_key,
-    sudo    => true,
-    bare    => true,
-  }
-}
--- a/modules/openstack_project/manifests/template.pp
+++ b/modules/openstack_project/manifests/template.pp
@ -8,11 +8,14 @@ class openstack_project::template (
  $iptables_rules4           = [],
  $iptables_rules6           = [],
  $install_users = true,
+  $automatic_upgrades = true,
  $certname = $::fqdn
 ) {
  include ssh
  include snmpd
-  include openstack_project::automatic_upgrades
+  if $automatic_upgrades == true {
+    include openstack_project::automatic_upgrades
+  }

  class { 'iptables':
    public_tcp_ports => $iptables_public_tcp_ports,