diff --git a/murano-apps/CiCd2/package/Classes/CiCd2.yaml b/murano-apps/CiCd2/package/Classes/CiCd2.yaml new file mode 100644 index 0000000..70e635d --- /dev/null +++ b/murano-apps/CiCd2/package/Classes/CiCd2.yaml @@ -0,0 +1,181 @@ +Namespaces: + =: org.openstack.ci_cd_pipeline_murano_app.v2 + std: io.murano + res: io.murano.resources + sys: io.murano.system + cicd: org.openstack.ci_cd_pipeline_murano_app + puppet: org.openstack.ci_cd_pipeline_murano_app.puppet + net: org.openstack.ci_cd_pipeline_murano_app.utils.net + conf: io.murano.configuration + +Name: CiCd2 + +Extends: std:Application + +Properties: + nodes: + Default: ['review', 'jenkins', 'openldap'] + Contract: [$.string().notNull()] + Usage: Const + + server: + Contract: $.class(puppet:PuppetInstance) + Usage: InOut + + clients: + Contract: + - $.class(puppet:PuppetClient) + Usage: InOut + + name: + Contract: $.string().notNull() + Default: 'CiCd2' + + puppetfileLink: + Contract: $.string().notNull() + Default: 'https://raw.githubusercontent.com/akhivin/cicd-dependencies/master/Puppetfile' + + master: + Contract: $.class(puppet:PuppetServer) + Usage: InOut + + clientsByName: + Contract: {} + Usage: InOut + + mainManifestPath: + Default: '/etc/puppet/environments/production/manifests/site.pp' + Usage: Const + Contract: $.string().notNull() + + flavor: + Contract: $.string().notNull() + + osImage: + Contract: $.string().notNull() + + keyPair: + Contract: $.string().notNull() + + availabilityZone: + Contract: $.string().notNull() + +Methods: + .init: + Body: + - $._environment: $.find(std:Environment).require() + + deploy: + Body: + - $._environment.reporter.report($this, + 'Using Puppetfile to install dependencies={0}'.format( + $this.puppetfileLink)) + + - $._environment.reporter.report($this, 'Nodes list={0}'.format($this.nodes)) + + - $rules: + - FromPort: 1 + ToPort: 65535 + IpProtocol: tcp + External: false + - FromPort: 1 + ToPort: 65535 + IpProtocol: tcp + External: true + + - $this._environment.securityGroupManager.addGroupIngress( + rules => $rules) + + # Deploy node for master and slave nodes in pararallel + - Parallel: + - If: $.server = null + Then: + - $this.server: new(puppet:PuppetInstance, $this._environment, + name => 'master', + flavor => $this.flavor, + image => $this.osImage, + keyname => $this.keyPair, + availabilityZone => $this.availabilityZone, + assignFloatingIp => true) + - $this.server.deploy() + + - If: len($this.clients) = 0 + Then: + - $this.clients: $this.nodes.select( + new(puppet:PuppetClient, + $this._environment, + instance => new( + puppet:PuppetInstance, + $this._environment, + name => concat('puppet_', $), + flavor => $this.flavor, + image => $this.osImage, + keyname => $this.keyPair, + availabilityZone => $this.availabilityZone, + assignFloatingIp => true), + role => $)) + + - $this.clients.pselect($.instance.deploy()) + + - $this.clientsByName: dict($this.clients.select([$.role, $])) + + - $this.master: new(puppet:PuppetServer, + masterInstance => $this.server, + environment => $this._environment, + manifest => $this.mainManifestPath) + + # add every node with the role assigned to it + - $this.clients.select( + $this.master.addClient($)) + + - $this.master.configure() + + - $._environment.reporter.report($this, 'Preparing data for Gerrit') + + - $gerritConfigurator: new(GerritConfigurator) + - $gerritConfigurator.configure($this.master.masterInstance) + + - $._environment.reporter.report($this, 'Preparing data for Jenkins') + + - $jenkinsConfigurator: new(JenkinsConfigurator) + - $jenkinsConfigurator.configure($this.master.masterInstance) + + - $._environment.reporter.report($this, 'Preparing data for LDAP') + + - $ldapConfigurator: new(LdapConfigurator) + - $ldapConfigurator.configure($this.master.masterInstance) + + - $this._environment.reporter.report($this, 'Installing dependencies') + + - $this.master.installDependencies( + environment => 'production', + puppetfileLink => $this.puppetfileLink) + + - $resources: new(sys:Resources) + - $mainManifestContent: $resources.string('scripts/site.pp') + - new(conf:Linux).putFile( + $this.server.agent, + $mainManifestContent, + $this.mainManifestPath) + + - $this._environment.reporter.report($this, 'Running manifests') + - $this.applyManifests() + + applyManifests: + Usage: Action + Body: + - $this.master.runPuppetAgents() + - $this.printInfo() + + printInfo: + Usage: Action + Body: + # Murano does not guarantee an order the lines to be printed + # at the same time it's impossible to print multiline messages. + # See LP#1611019 + - $this._environment.reporter.report($this, + "Dependencies={0}".format($this.puppetfileLink)) + - $this.clients.select($this._environment.reporter.report($this, + '{0} can be accessed on {1}'.format( + $.role, + $.instance.floatingIpAddress))) diff --git a/murano-apps/CiCd2/package/Classes/Configurator.yaml b/murano-apps/CiCd2/package/Classes/Configurator.yaml new file mode 100644 index 0000000..03515e3 --- /dev/null +++ b/murano-apps/CiCd2/package/Classes/Configurator.yaml @@ -0,0 +1,22 @@ +Namespaces: + =: org.openstack.ci_cd_pipeline_murano_app.v2 + std: io.murano + sys: io.murano.system + ci_cd_pipeline_murano_app: org.openstack.ci_cd_pipeline_murano_app + puppet: org.openstack.ci_cd_pipeline_murano_app.puppet + conf: io.murano.configuration + +Name: Configurator + +Properties: + config: + Contract: {} + Usage: InOut + +Methods: + configure: + Arguments: + instance: + Contract: $.class(puppet:PuppetInstance).notNull() + Body: + - $instance.putHieraData($this.config) diff --git a/murano-apps/CiCd2/package/Classes/GerritConfigurator.yaml b/murano-apps/CiCd2/package/Classes/GerritConfigurator.yaml new file mode 100644 index 0000000..3cb6a5d --- /dev/null +++ b/murano-apps/CiCd2/package/Classes/GerritConfigurator.yaml @@ -0,0 +1,252 @@ +Namespaces: + =: org.openstack.ci_cd_pipeline_murano_app.v2 + std: io.murano + sys: io.murano.system + ci_cd_pipeline_murano_app: org.openstack.ci_cd_pipeline_murano_app + puppet: org.openstack.ci_cd_pipeline_murano_app.puppet + conf: io.murano.configuration + +Name: GerritConfigurator + +Extends: Configurator + +Methods: + .init: + Body: + - $this.config: + gerrit_acls_dir: /etc/project-config/gerrit/acls + gerrit_db_password: P@ssw0rd + gerrit_db_root_password: P@ssw0rd + gerrit_db_user: gerrit2 + gerrit_mysql_host: localhost + gerrit_contactstore_appsec: dummy content. to be done + gerrit_contactstore_pubkey: dummy content. to be done + gerrit_email_private_key: dummy content. to be done + gerrit_github_token: '' + gerrit_lp_access_secret: dummy content. to be done + gerrit_lp_access_token: dummy content. to be done + gerrit_lp_consumer_key: dummy content. to be done + gerrit_notify_impact_file: /etc/project-config/gerrit/notify_impact.yaml + gerrit_replication_ssh_rsa_pubkey_contents: dummy content. to be done + gerrit_rest_token_private_key: dummy content. to be done + gerrit_ssh_dsa_key_contents: | + -----BEGIN RSA PRIVATE KEY----- + MIIEowIBAAKCAQEA1llEntYbWCti+IxYKV7SyPhrkRwhubl0to70knBrZgzVSnUu + ofupwd7wlTXzVOlvd7/2mEIEqKHBXTN4tdMbH8Sjx1SxefjNQRHAaBwtCOG0jFB4 + K1uMnT9u46xy9mKGqoPt96XqNjPsJ+Tq9q2wbUYAfAOZlPeoB1D7tH3S3LzYbSNi + SH3cDp2ALO9iAdILzD9a0qm8PyE7PErqeesIwctQUHyXlM9f9pOlOecjMPB6iUhb + /IIUKca+Nrn0lVmPSo+kk/vQE9lLq7VX3aqitH6HIhD+ndcRMyngkV+sOsgMCOkK + ct9PTOVjVtNqsh69NIAnP66eiYTS3F1EAIfeqQIDAQABAoIBAQDON8Xf9mcKVXt7 + WjJ7YsHyHaYHToRX1UenVzOPK174KEKPxttddexlG6JkOypmt8rI78NDysgGoNCS + ZTGt5HMFBj73R9ETYr2962EsCGd/Uv5LvCNQu1w18NAzdDaKOlIK/LBWAKarDRsX + apJvTr0c9CsFJMV+XyGmIFB43lCekcHokvnVZBWUa6LmqBHN+ACIuSK0GSBGulzl + 3vZnRQfusi+R0OMXY4Fg1Dyyk5Ji0mOrWWAOyD7yhRc7LsOvw59cwE0ii4ryn4Yp + JQ/r8LqpjvFWO2r5HnfCs7vqIWqDcRNoSY4v6iQeLyYyRypkO0HBV4TFPcaOQeMU + cE6BZuqBAoGBAO7QXVqhiALm7gJ53J1RYdfL2X8d0MkRYuWHftT7IgmiTpHA0SoI + vQNe8oneHb53oBK6hpZWtSw1E0a6+m6qu+zSpvA9fhVtsnrdRPoNjHhRBaOdrLjl + EVzxsEw3IjvMHjl8JWk6ILIpxGQlGHeMA0ZP9Kd6KbMNmTnf9hieFg1ZAoGBAOXG + Lx5X2w8kOrnwiGLzqOsIXH1WlAv1bg7UkaHTwmj8X8gnzLOhFb2gM7ThNT+3svPr + E6DSKkBUzD48yVuCcRsZgaxS2bYHILGY0acblyD62sGgO8dye/mwSsqPk9uoqC2+ + obu2bD+UpaeGSmsiafbomZZqko0AwZjzv8eU8qHRAoGAH2V1YHzsDLWfhOPQhT41 + xtEd/wBEeqq2fcaafhWmG+4itjbLSONtNgw9hrKU5n2DpfKvzwQHPZCcwCfE1NfN + bQ0ktWDgOqD5Xf3JG7a8SPUd8KzCEGzNI5MCwoJdFc94CcawhG0H72ReVWwrE0xt + AclxOLNu2ANpqZowGHxwGcECgYAdfwR7c7HGTtNPHUaU1Uyg51DgMiYNJvN66eTM + DmANlCBDlIBdqtccoZ0hoitww4cwcsPxSCluWrRhZPJAUg1s+ihAU95o1J9ozQJU + 3mDXNfyxEH28C8FIe04OlMHZV9xHCwq+Cxv4SX++cqnI+QD7Vj6pJYMsoKU5mkjL + OR6wkQKBgBDb3tFexviFbOgc/zrauvbBid2tPBT6rZSNIeiHYA5F6POZqyxhkOBB + 0HA8ALlhb3WphJjSmz39m/5xXRG+JItHnRQ2Pwguq7TkC6O+Dxz2McX+bTkqf/hw + avC69UgihdlJmz+r8ztklEn9fR+I56gWwt6R8YIKOCvKSvDwsJ7g + -----END RSA PRIVATE KEY----- + gerrit_ssh_dsa_pubkey_contents: | + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDWWUSe1htYK2L4jFgpXtLI+GuRH + CG5uXS2jvSScGtmDNVKdS6h+6nB3vCVNfNU6W93v/aYQgSoocFdM3i10xsfxKPHVL + F5+M1BEcBoHC0I4bSMUHgrW4ydP27jrHL2Yoaqg+33peo2M+wn5Or2rbBtRgB8A5m + U96gHUPu0fdLcvNhtI2JIfdwOnYAs72IB0gvMP1rSqbw/ITs8Sup56wjBy1BQfJeU + z1/2k6U55yMw8HqJSFv8ghQpxr42ufSVWY9Kj6ST+9AT2UurtVfdqqK0fociEP6d1 + xEzKeCRX6w6yAwI6Qpy309M5WNW02qyHr00gCc/rp6JhNLcXUQAh96p + root@murano-mfgoqiqtst28ql-ggg-gerrit-wtowtwnqoz76 + gerrit_ssh_rsa_key_contents: | + -----BEGIN RSA PRIVATE KEY----- + MIIEpQIBAAKCAQEAw3S1FFrPx6IWCtJBpxxXx0/LPGOOcqBMEf6AhAhcgV8Pbon0 + xeT2che4Xe7l651KHgM2KbjwlmpQcXB98q5edyk8i/Q6o2u7cLM0rgq3XvNil4ao + V3yz2zKyPhx4YqBRxl7g+qA+EXo9RJxXuZSlyeiw2GJgmWYST/nD7MeBOOh+htmj + FgTSnkvVJgElNh+LgDMLmRI5IGmqG/Y+BNpW6yawXHJJepOtz52Fee8xEQTKyJhZ + TPoRRRyR9bcIXTOsYVaqQ/D2HutTOtgh/txFyAzYKfoa2DKFPXF1P2Y0bHnAfDsv + v3AOSKZ40ZfXujjFDi+GEqywZR1B80EEaPxnpQIDAQABAoIBAHgr+2Gma/XL/E1u + 9JqwXG/Y6ZYZh+2GDP9LQOzszyNjtPM7stkxayy+1MY8KfTxYi6NvvFsGdABUbBN + f8KD3uTY37cU1DDB/h7Or+cKA7BHaCjNzBbuPw7YXqq9im7pLx4OG7k8aK0KQT07 + +tvJPx2jCYghBE+MaFnvsLyV9SdtBTuvUsaL/zTQPwua3DDsbIiTztyOtiJuHJXX + iRiJ70r9q0HwB5FKvCi1t0u2QuevSt6vzp1TQ1TE0y9hGcf1O38KtsF5kUBWBZcZ + FO59fATTuBCMihDCGEbxd3NAbUBYGG3hT5NrMzZ0LKwRw0ADWxJfa+np5oBvtnVp + gHA1ugECgYEA//+0/Eh28JpKN4w+Xmnqr3A3hMYELUI5HD86GMNTJP2qmZrkE0Fr + 21Juo4QXShzQ2sdn5Bo6LkxYfyRfGtdgdynn1k5RGR1kP0fE76N3kVBbLcEnHsAB + PpFnlWgfjI1ifB6O2jlXMmpb9iFOuUTdyxd50KD7Wsu1kI89ZnH6KcECgYEAw3Tu + WnMkTiTK9yUgpDyxtJogZ6CcwzeNvOpERzUh8ynzCKq9LbbSbLMsnu/FvZGfr57S + ucGCUaVlmaVwuUd3n0OeAkYbJqDvx+SzFXCCVWHNXEMba9QCADuS82ROsiIsV6ea + FAEA0F78yiynthZ4pvQDSyHVNxaqWJo7xLwMjuUCgYEA+dy865hW7tPJKJprrX83 + nvCqX59eKEaAs39K1yyeFHa6cp5pihnKihDVCCg/CwlBGKiUUGEA9HtzzPTVFr+s + 2eI+9D8QjLDRTaphH3yvkVebBveFlU/WZxlIvt0YHflJbNfumjRpVT3WcE9mJRKA + YF+Td/wIGUDHAEeuqDUK9IECgYEAqedWXqfick9HY6kRg9MCwrSL4KjcPFJpUkPu + UFvehCr+CZWp1zgqGLVz30EcihoxTo9oLHMLHoABHpuSrmxyjq5Phzh714tkhEXI + aqWflirrQf1Ps97aUmt25T5Xrj9IfnXB2Qu6MmevpOtGamGERdStnDzvw/Be6aBA + vladMAUCgYEAqBuQnwblpRU0Z9PKy7ZvbX0fVUQEcRMb3kfFnRcgDDe+w+2tRg+w + 55sX+SDEV0awiZO/aAecMyrrCjq0LPeu+zqb/09RkCN8MvbABCCeu0RgvWxRBJ0K + KqjD5fkzBytJ3VrBtlaJnYAP+g+96dSCYnfhujCeU2/lrt3tsyUOeC4= + -----END RSA PRIVATE KEY----- + gerrit_ssh_project_rsa_pubkey_contents: "\ + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDDdLUUWs/HohYK0kGnHFfHT8s8Y\ + 45yoEwR/oCECFyBXw9uifTF5PZyF7hd7uXrnUoeAzYpuPCWalBxcH3yrl53KTyL9D\ + qja7twszSuCrde82KXhqhXfLPbMrI+HHhioFHGXuD6oD4Rej1EnFe5lKXJ6LDYYmC\ + ZZhJP+cPsx4E46H6G2aMWBNKeS9UmASU2H4uAMwuZEjkgaaob9j4E2lbrJrBcckl6\ + k63PnYV57zERBMrImFlM+hFFHJH1twhdM6xhVqpD8PYe61M62CH+3EXIDNgp+hrYM\ + oU9cXU/ZjRsecB8Oy+/cA5IpnjRl9e6OMUOL4YSrLBlHUHzQQRo/Gel \ + root@murano-mfgoqiqtst28ql-ggg-gerrit-wtowtwnqoz76" + gerrit_project_ssh_rsa_key_contents: | + -----BEGIN RSA PRIVATE KEY----- + MIIEogIBAAKCAQEAvfqOmY3HI9tX43ihF0C0l7acXirbOEE+THX/IUV0XT/ArPPM + 5l0G71f6mzUxAIhHBw1X0yQqJgrM8cGSe8bTg8J6ciakQHt2SG4wghxr7nZFEqAS + NNoaFtE0hPguA1ZU36kkPuoxXWFKuhxnrkvo6Spj488JZ7mmUyVSUQ2tnYBAqQNH + 3D7bqJ8hBTDRhk+RKEt6GXiT+O1f65eSqmS/eDFh9k7Pkd2DfhrSefGTMEwYTapQ + 9CX+GZImkERXbUaeTwSqbEVrw6QMknnhKVAj5qk7+ao35ICCeKbFnuKpUfSkO2+4 + fgPyMtjoiwCQ7/T87tQjxMszNQJxHlvT7dAkiwIDAQABAoIBADnwNxsnfQs3ctdh + y6c+yZTXUVr6sP64DxrchaGNAA8MSWO1utCqoFnQOBKrpzUlWpwQ+q7fAae2dYhp + Y5YyLgGqBxPXKxKrVIiEanDT4CrKkQg8HzFVLs20odLHqajE5H+Nows4+zMiX9rg + nNIwPmkVz38DfjfPC6Wh5Tfo9wDoPMWSTgljn9Ugl/5kW3fgT/2/hENupP/xyPyh + qKuxU4d8LlMvp7Q9ySGSriRouDTq8LYYsrQ+KeruUyRHYR/z44m45gHfB4id+Qtl + iDJ6MDrGFds/+07CkIxUMMDmzq1heXYb+Ct+DZWbRk+ztQVwEGzQdu+CSYUo9YeY + QJ9mF0kCgYEA4Owy5I2EwbR/+Pbcm4+u7UJIRB1Repp+pZPVTbQwIto3xJD9dC7O + +lVIHnPQSE3hQiAYxqNGwv60Qk9A0b0rx0B+L7U1mGliqiUNfVZB+gDYVTGodxJI + pZkPjO/WxTD4fSJ3/BU62ZSpXWKvYFu8BC+l+OJ626l86M3hNoDbMr8CgYEA2DpY + 8UdnqgZa9P1GzWFjQGpavinrBcO8gD0pFztEno22UoN7Tj82euzBIkOZVknbAP7q + VIWN6KTL6GVoiUussermVx+qvLL8KOnPevgNu2AKtc+NkxYAYs+5e44Lhmu08MHT + wPnZioOPG4iB50MlDnVeDFltrDPKj34kuDMRHTUCgYBqJQ2fbmnIQDZkd5uEjjov + Haic/HkHMwGxgiKXmQFecT0ANqxlt/FVkgmG1YDlnls/qYYHt+Yc/7Zx1JTyZiPS + 1Ey4lvvEAXfec735+EsKgHuXOOgXyTkfbSw5hrYEOSgLZcjZ3er344BJ4diB0MjZ + 8OKSoc74+vNHqmEuJ4FKYQKBgEN4oXxYja5uYT+FMOyxcOkOxtYD+oRH+bACZaoM + InNfQP8qa/WUoAlnizSH53cXgLEk2jYZnphzo/UWf7In3PF/nPSeuwY6y5hwrP9w + G8jWRUFKTKETAnfS3cwCHPKK9WES+mKDFDC2sJck13Q0bYG/eeNcnG5ZkuGHuSmJ + NdPpAoGAL4pU3AuxtiV/25jiOHiTar/s16q9k/lL2qMYesG2Ur7AyCK6NoZm6yx+ + 9222HL//J1xrdA9EZKdFJ7Z0slI3pAHkqH2y4hjF35OgilHkEuQoFHcKxtxAnIHj + mEjbeTfSZBv1K40wz7h/0lBrTOONC6xqzR75f5W5W/SBAs7nJ8w= + -----END RSA PRIVATE KEY----- + gerrit_project_ssh_rsa_pubkey_contents: "\ + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9+o6Zjccj21fjeKEXQLSXtpxeK\ + ts4QT5Mdf8hRXRdP8Cs88zmXQbvV/qbNTEAiEcHDVfTJComCszxwZJ7xtODwnpyJq\ + RAe3ZIbjCCHGvudkUSoBI02hoW0TSE+C4DVlTfqSQ+6jFdYUq6HGeuS+jpKmPjzwl\ + nuaZTJVJRDa2dgECpA0fcPtuonyEFMNGGT5EoS3oZeJP47V/rl5KqZL94MWH2Ts+R\ + 3YN+GtJ58ZMwTBhNqlD0Jf4ZkiaQRFdtRp5PBKpsRWvDpAySeeEpUCPmqTv5qjfkg\ + IJ4psWe4qlR9KQ7b7h+A/Iy2OiLAJDv9Pzu1CPEyzM1AnEeW9Pt0CSL \ + root@murano-mfgoqiqtst28ql-ggg-gerrit-wtowtwnqoz76" + gerrit_ssh_rsa_pubkey_contents: "\ + ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQC9+o6Zjccj21fjeKEXQLSXtpxeK\ + ts4QT5Mdf8hRXRdP8Cs88zmXQbvV/qbNTEAiEcHDVfTJComCszxwZJ7xtODwnpyJq\ + RAe3ZIbjCCHGvudkUSoBI02hoW0TSE+C4DVlTfqSQ+6jFdYUq6HGeuS+jpKmPjzwl\ + nuaZTJVJRDa2dgECpA0fcPtuonyEFMNGGT5EoS3oZeJP47V/rl5KqZL94MWH2Ts+R\ + 3YN+GtJ58ZMwTBhNqlD0Jf4ZkiaQRFdtRp5PBKpsRWvDpAySeeEpUCPmqTv5qjfkg\ + IJ4psWe4qlR9KQ7b7h+A/Iy2OiLAJDv9Pzu1CPEyzM1AnEeW9Pt0CSL \ + root@murano-mfgoqiqtst28ql-ggg-gerrit-wtowtwnqoz76" + gerrit_ssl_chain_file_contents: '' + gerrit_ssl_cert_file_contents: | + -----BEGIN CERTIFICATE----- + MIIF2TCCA8GgAwIBAgIJAKT56AcRAOjoMA0GCSqGSIb3DQEBCwUAMIGCMQswCQYD + VQQGEwJVUzEPMA0GA1UECAwGRGVuaWFsMRQwEgYDVQQHDAtTcHJpbmdmaWVsZDEM + MAoGA1UECgwDRGlzMT4wPAYDVQQDDDVtdS10bHRvamlyZGMzNDgyMmMtdW5qYXdp + cmRjMzA2NTItZ2Vycml0LXpmbGg0ZWVnc2JjcTAeFw0xNjA4MDIxMTEwMDBaFw0x + NzA4MDIxMTEwMDBaMIGCMQswCQYDVQQGEwJVUzEPMA0GA1UECAwGRGVuaWFsMRQw + EgYDVQQHDAtTcHJpbmdmaWVsZDEMMAoGA1UECgwDRGlzMT4wPAYDVQQDDDVtdS10 + bHRvamlyZGMzNDgyMmMtdW5qYXdpcmRjMzA2NTItZ2Vycml0LXpmbGg0ZWVnc2Jj + cTCCAiIwDQYJKoZIhvcNAQEBBQADggIPADCCAgoCggIBAMeqpOPOTALPmXK8FdrR + JAUDu/q5q8oPSfuCh5XTApLjchf+z1+UNFm6beYALJAyKYEWmjKwfQGc3Inga3CF + 03/JIVes87DxR6ajy2eGRQbhfniocAs9h5Mkuh9/yVrBiSRK2V1CBUD7mf6xuMU0 + FujOUlMFvqmP3yyow7n3HbulQoVXajVd1dHej41t9Da1kUfEqDLEbKaJmvDZ/ghZ + I59fU48WftEtV3KtzwGXuLRpnyge0/SFEp6BizQVruFmRdm44wV0vyus5HW1/aVO + rFZalUNSB52CM8iJLdS5PxDK0yPMtGYXaf2lfwFiqA49WfJqdnOOeEeLl5YC6J43 + 1G2gaiVCvwKDUpwGH1iPLE2H2Ge3czNMUOBMEgxY8FVdduw2xH7Tu+c4rRH5e6iY + 1OqthdYLrW7dg3rCMqMWFxsNkT28iFCKGbkOCQht7I2Ye9479yOVyWhanLB1q1ln + 9wRqq2UvQNSD2vFAlcfVZDQLoEQNorAGUeB9JHEUezK53+b/vuBOfGr9zYsV5sAM + zth9x58bRoUbqD5KDyeSFS7kgYUnFRxvwMgxXK8PFU09HwTD/mT5sLPLRLCVdmei + g6pthjWyMMicM/lKt4iTfVOUomrzWpbtFClj03wNRfRCcgEROllbK6YLeJYv4X+U + mASWuNWmq934NtIuUq8K7WOpAgMBAAGjUDBOMB0GA1UdDgQWBBTE82EgNWmfetQ3 + elvD1VuojPjP0DAfBgNVHSMEGDAWgBTE82EgNWmfetQ3elvD1VuojPjP0DAMBgNV + HRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4ICAQCEMHpKdKOafk0w6stw8gKjGzOE + BzvFcM9dIL5cfC7az7xeAoFnUVyrk/KR1m+Xx0BPoLgqc/Z53H6eVtFh8DP9mVeI + BYBj5lfCwxr+lkkU/la5ZrkS1izv/TJIP/Jx1rPwv0ttapWpDoeLATJeCs2iYFr0 + JUjXf/SahYn6p4zxs3KUoECYKd/WeCJd77rn4JMKkjPidCxlHicvGwrzJCc8KyxX + P1n1mbqBH0TBcBGd8p7iwY8c+sZWKnSJwvcAGL1aG7++GxAkmjUkkANWUZsAQ1fo + n5BOzRj5qRax0Vfcj46vcHzhGobtWXwMqpHhqNa55pqAEF1/cOLkvOxBW/QDOhxK + u2QNUj30kq4uh/HfPLPchO1Y5JN/5D/YTcDaSHNOlsALYnJz/79IQLeghfkbNVLm + gwiZaNfmmIl7vCpxPzmaJD+IKX8CYen2I3uA8O/EqRYKZL4+YQ6/Sk5GKsygK296 + uJ7CG6DvrQirRyPFLOIJSfkCdWGGkGubLHyd8WByACx8BB4pzmjANldcCeC1GuZo + xDymezysHusnPcHwAMKw5Hnl/FTQNe14CxGxN6QF8GcxBIX0fc7L52GLu5nWgXJi + 1fZY52bgTKvKvFYsuoKiRw6az1fL77aoQgYFZ53d5i0qtNLuFnbIPeOpPq3BmjlD + PeTnL3b75F2lCXpl3g== + -----END CERTIFICATE----- + gerrit_ssl_key_file_contents: | + -----BEGIN RSA PRIVATE KEY----- + MIIJKAIBAAKCAgEAx6qk485MAs+ZcrwV2tEkBQO7+rmryg9J+4KHldMCkuNyF/7P + X5Q0Wbpt5gAskDIpgRaaMrB9AZzcieBrcIXTf8khV6zzsPFHpqPLZ4ZFBuF+eKhw + Cz2HkyS6H3/JWsGJJErZXUIFQPuZ/rG4xTQW6M5SUwW+qY/fLKjDufcdu6VChVdq + NV3V0d6PjW30NrWRR8SoMsRspoma8Nn+CFkjn19TjxZ+0S1Xcq3PAZe4tGmfKB7T + 9IUSnoGLNBWu4WZF2bjjBXS/K6zkdbX9pU6sVlqVQ1IHnYIzyIkt1Lk/EMrTI8y0 + Zhdp/aV/AWKoDj1Z8mp2c454R4uXlgLonjfUbaBqJUK/AoNSnAYfWI8sTYfYZ7dz + M0xQ4EwSDFjwVV127DbEftO75zitEfl7qJjU6q2F1gutbt2DesIyoxYXGw2RPbyI + UIoZuQ4JCG3sjZh73jv3I5XJaFqcsHWrWWf3BGqrZS9A1IPa8UCVx9VkNAugRA2i + sAZR4H0kcRR7Mrnf5v++4E58av3NixXmwAzO2H3HnxtGhRuoPkoPJ5IVLuSBhScV + HG/AyDFcrw8VTT0fBMP+ZPmws8tEsJV2Z6KDqm2GNbIwyJwz+Uq3iJN9U5SiavNa + lu0UKWPTfA1F9EJyARE6WVsrpgt4li/hf5SYBJa41aar3fg20i5SrwrtY6kCAwEA + AQKCAgEAj9lxUm6edKf8dZzsYemrebFnDQwXqEu7kWhJJrgPcqRK3t7FqKat0Ldv + 1fTqJjj9jfMqxLpCVZcdjHgS7856weW2D+Sa7S/n3zbCpKMnt/1dkLBJiM+bjXc4 + YNk/yBMHKw6B655VCqw6FjUUWX9dwfxjc00AQElXEGXGHYTb9wTpGAgSjMA9/CXM + ZqiA+al2Ma6NP4YkgRdCeaOUUY9nCrszCDO8yhdQmV5/dTZJ7DDsaYtMSS5Wa7wI + /k1g4SM9z85UQOoLkPvO3L9xLlev8cbxIr9GnUPg6ulqC4gq135I/9HLZoIX6pYB + Go5pZVjuJKhvDnHmViVL4NfXn6W5dLqkmcpH+JIX7OZ/RXcobN6CjMR36jsalj05 + NMVwefnd319cMnMV51K0RJQKKkl+r+5qus+SB/NtzWbPaemo37WoSGIxsHeKhUne + hYn7VwvbqQjq+DjLrqlIREFbdSCl9x7a+Rmpl0ujISSDUD6aD6+6PPE7sMUNS4Uy + rZOUgY5kdFJFttUxMEx025slzroddkU0MakCts164ZsM8tNu87vDHMffk1EETrQ0 + QYKGFRz5XJ7aFB4D2WnaO250lA7HqwBvzc1z6hLnoeqoljHGCWgZryiVJTYYhkVZ + ktexEq746thMW2ONHO/69RZGz1qRuFmgmYGIhU3hjvXrAx30TwECggEBAPf1VoTc + e4eFiOXq3lYMolYO9ITy1O+C+4XwjTEUvaYvIjZ61uqGKOOwjPNoEKqbJw0n1Noz + Yn3CrlZSkTV4Uj7OaS1pMg0dDh9F8SLLGAPbJZbfdRWphzot9MfW2kpzsCLWQDpN + BTb7XEidtiJjzLYf/RY/lvfgqyodXp7Yl+SIccdq6fdsabFbhcdkBoyfKcpczVF1 + lXAZf/53lc8O5WswAXfwQANjcfNRz19FWFlRCbOF+pJHTs7tdrVq85kaQaq+kEC7 + s+EwQuBQVr3bvBEVjqEnKD+fM2AInRsFU6cgGkJJREMMU6/jPsvEfMeKy/1UYFno + X+YSJJemztogL30CggEBAM4kXbZT+yyjhtv0CzwVq61ov8J7QeReaYvWcmkm+1X9 + p31RoIqFJnjsx0GB3LQkHLwRybQ5/GHkA7438aTVj0zaQ3Sx4tc8Azh6qGFrtkHa + eGzFFtczW5dUX9hW2NYOsdukyAWuOxo9z2WY4Nkz2xeuXBI7nZtVysgQQKnY+Cky + UGbFjkR0WGicfBFYE6J5KGWh3mHdmk6NXDw+v6aPkuStmMqp4BBH/3Ip0AjzTy4o + aMJFppCTKvZVzzZGQZ3dV13q4FyKjeI3Y7rv6I+k6hw2w9hhVc5Y9dpTobGaLyMb + oSQtnTS0LrgaY4eHmLKseo36x4cMf8VrOSESGvVslJ0CggEAWcwZtyf5/IxZlZpH + RrZwm+Xym6stfkfbOxhwqZOvUt3C8CPwbSKE8GBhy0ymrIJf1B3WsebmBlFYvZ5N + RCX88w3hfTaZj7I0CRNVTppqagsVQ9xNFLk+Zc161lxy1X+sDBG3VOXLu6uwMgQb + j7zAyDwxdbs1uzM8CZZ1S+V4rKTVP7jyXk5+wGI6wojw7kA97DFLkfKZWe2CMu+v + 6zqjzvulrH/vTsrW252HEiOU6VO1xbQBmLQGUF4jHXRMH+goW+ODbk4LyMOnlIDD + ySIoq6845he+Nbw76M11x/FX6DByEgtikz2FmS8c8MKJxeH4GhhShHzpLfLoGZup + UclSKQKCAQBD7o4HUMOcIUOG5nRxV37cxYEz+ORs+oPztja72kHHQ7DXRngOTfSw + su6y8rWlk6T4gTAkOVuncrmdDNiQBmST4fWK1jg3z6oMCbfFavaD2xgGWCi/wEf1 + pbN0GqKYX/1SsYnM/W6yph3bkDbAvSr9MdNbmtPEZdBOf7SfhEW7Zb5DL+VDP8gG + qVLlcE4AI8chPueG/r0kF8eGfvMvU28H9wE8ACE7nE5c89R/rpawUla7drJ+QFFP + HlYLv7lN6awp4gYP2QUKwFAYQYk1FRalN5LwkprxRjW2vgqx+WqBOlCvGG0O+jXP + K7sS5ad3cgltEnCAW6kbiMspz8qciCytAoIBAEl8pwafzHKuTdIfAMkYN1WkTMbF + zAcnwCginEMoww91CjxUFzRaq0ILjlE3QaWswioOCZxXv71ab+oTVc5eL0m7x1GW + fUtmtTRiJ3H5c+BBvfqhqmqokcgZlwbH8zfxJ37TGXSz2KE6yeaEpixeANAZvzHY + AJ5e3BziSjB+mhgytwytuaT1ghFHywOOMy5sjtD/nQrN2ivuIuJm77dHWVQL2zhg + RCpeFmqsgn6HFntS0muAsX53H9ZdXdTwuFsncrWyUry+OUXyNyl0kJ7n4hAyWBx3 + AtLuF1QaFciCcDiIPmkmPxXzfzYVFKdzBcpXbj9O66ExEnbfCLU8JCqHwS8= + -----END RSA PRIVATE KEY-----' + gerrit_war_url: https://gerrit-releases.storage.googleapis.com/gerrit-2.12.3.war + gerrit_gerritbot_password: P@ssw0rd + gerritbot_ssh_rsa_pubkey_contents: dummy content. to be done + gerritbot_ssh_rsa_key_contents: dummy content. to be done + gerrit_mysql_password: P@ssw0rd + github_project_password: dummy content. to be done + github_project_username: mirademo + jeepyb_project_file: /etc/project-config/gerrit/projects.yaml + project_config_config_dir: /etc/project-config/ + project_config_repo: https://review.fuel-infra.org/open-paas/project-config + ssh_replication_rsa_key_contents: dummy content. to be done + gerrit_replication_ssh_rsa_key_contents: dummy content. to be done + swift_store_key: dummy content. to be done + swift_store_user: dummy content. to be done + welcome_message_gerrit_ssh_private_key: dummy content. to be done + welcome_message_gerrit_ssh_public_key: dummy content. to be done + gerrit_host: gerrit diff --git a/murano-apps/CiCd2/package/Classes/JenkinsConfigurator.yaml b/murano-apps/CiCd2/package/Classes/JenkinsConfigurator.yaml new file mode 100644 index 0000000..7e36071 --- /dev/null +++ b/murano-apps/CiCd2/package/Classes/JenkinsConfigurator.yaml @@ -0,0 +1,97 @@ +Namespaces: + =: org.openstack.ci_cd_pipeline_murano_app.v2 + std: io.murano + sys: io.murano.system + ci_cd_pipeline_murano_app: org.openstack.ci_cd_pipeline_murano_app + puppet: org.openstack.ci_cd_pipeline_murano_app.puppet + conf: io.murano.configuration + +Name: JenkinsConfigurator + +Extends: Configurator + +Methods: + .init: + Body: + - $this.config: + git_user: user + git_user_email: email@example.com + jenkins_ssh_private_key_contents: '-----BEGIN RSA PRIVATE KEY----- + + MIIEowIBAAKCAQEAxqtDb4g3BAzWe+NyF5NdHagTa/H3s3beMl8x6vZNv1FcXpnX + + Ub+WfohdOc+josFmzuFZ+M+tNAw6YW7i2BKaVb/WC4brFZER5CAao365XfQWbfPK + + YHmKqhiOuBDBs2N3TGz717th3r1uzpXd8IoIgogTEwi0QFLWls1MlqIakT7NTEJ3 + + lOw6GfKVli4PjUxHx/+P/ippMnHrU/HWln3tUM6BXoUoqttiEEPmNzp+q/lKJmFB + + ddBENzBvFcGHqQ10oSxyrNLwnwjgV3vf2kflW8I2wE0vcBHUYI5OGHkdL17O4adj + + bzSvDh3pqQfLRNYfB/PBxAPtauZyQ3Q0LtK63QIDAQABAoIBAGoRmil8AlOJPyJZ + + 5tordXWV/PiO8X7BohQmuxIFerEAkV54qHse3QylZZCuCWGl/GvL6StsRb8aIDlQ + + 6JAQLpJFn9P7rpuPHow7j71mtTUyUp9Vn+EuQxhZkCk52REbs9/79+HQS4qOfRCS + + 9zGroKuAVx68cPA+yg8tgQyTc7fDbCTJ5mnOgwUxcyHTpsyIz+Z/0eitWa4OsFNj + + iYwvRw0vdnlPkQPO1ti4hjOh8LvJZseSVXWR/VfPKBQRes8V7hpLsHK9EzDDNUhz + + tc103fXWLY3z+LG8wK+kbjbbhISOKhPg0DbcTUe92s708cRPI5c/fDCYOb8CAbJo + + PiPrg8kCgYEA9189kS+Hk7ayocakzfQ2voFjpb2FjQ5SXNP940/tbWec5MFkX7zW + + t8EB+CEc8lz6HgRrxsK6neeShx02SvbVIkwoXYDjcEzqgCv7ltbJT8gb0hTqnDgN + + ja28Flm29TxdFxcHQU5ZZhBNSnEl9PdB3+a3NFwSge7Lm/fuoQG9s78CgYEAzZko + + lJnjgoZk7U3tmmNewV5B8yzDdFN430WkdVVlYezN6Bz1oWlJHMyqMj6eKtPCPMrQ + + DklDuLSyO1qdpz9rsEIRbB3GSAPf2X4YggOqSC3R0+ReU6vATc6hPjQSN2ahNdZ0 + + 90z4djiSXsUL0C1o4DgORejpv/NdEwwTGVA3yGMCgYA78n6vEn+ekmXTwpnpt0cU + + /7IwVi9pMZFQIaejUJlPLA7feOZkNRUrzsA1a4DiUxnh8FxV/JbQ8W+XAsNHg22/ + + NAmML1HuwxUJHp+HvGFoziu/y4XXedX/AZ1VJUSrRYehstj1QJF1pHm2kpkKNmlm + + Yzj+nVl213HMSFcx+YQJbQKBgQCU6qOfBtvoVcnSrIg2NFWUv94K8dhccH1zUvEs + + 337AcBIwVpF/qVAAoSmBnSNZJ+pfuBL81gpMRe122kqosmIg16ng4qwUy2GfGhtM + + SLVU9IMv9BBykEuIz+qwsGylXhvUcBJmcYThtFYoeJb24X0+Mrv73Rk6JF69Bhjr + + U9QjuwKBgArBLvnkM2SoryzW1aGDqltFEV6vaRIm7Q396QuEBAGR/+XYqtuwMhvv + + pjw6gGkQc+qSlt/ruGY9LQXuLCw4NH/L0RFcHjsaM8a7lQegf77bzmIapHHfcxmC + + gschAFtpRuctLGt+2QlZi7Fc9ZTM59XComT8Moi3rFzGNOfKWksR + + -----END RSA PRIVATE KEY-----' + jenkins_ssh_pubkey_contents: list( + "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDGq0NviDcEDNZ743IXk10dqBNr", + "8fezdt4yXzHq9k2/UVxemddRv5Z+iF05z6OiwWbO4Vn4z600DDphbuLYEppVv9YL", + "husVkRHkIBqjfrld9BZt88pgeYqqGI64EMGzY3dMbPvXu2HevW7Old3wigiCiBMT", + "CLRAUtaWzUyWohqRPs1MQneU7DoZ8pWWLg+NTEfH/4/+KmkycetT8daWfe1QzoFe", + "hSiq22IQQ+Y3On6r+UomYUF10EQ3MG8VwYepDXShLHKs0vCfCOBXe9/aR+VbwjbA", + "TS9wEdRgjk4YeR0vXs7hp2NvNK8OHempB8tE1h8H88HEA+1q5nJDdDQu0rrd ", + "root@murano-mfgoqiqtst28ql-ggg-jenkins-mjkge7nxw5f3").join('') + jenkins_jobs_password: '' + + # + # Project-config local repo + # + getProjectConfigRepo: + Body: + - Return: format( + 'https://{0}/open-paas/project-config', + $this.instance.ipAddresses[0]) + + # + # Switch to newly created project-config repo + # + _switchProjectConfig: + Body: + - $.instance.setHieraValue( + 'project_config_repo', $.getProjectConfigRepo()) diff --git a/murano-apps/CiCd2/package/Classes/LdapConfigurator.yaml b/murano-apps/CiCd2/package/Classes/LdapConfigurator.yaml new file mode 100644 index 0000000..fb45fd3 --- /dev/null +++ b/murano-apps/CiCd2/package/Classes/LdapConfigurator.yaml @@ -0,0 +1,26 @@ +Namespaces: + =: org.openstack.ci_cd_pipeline_murano_app.v2 + std: io.murano + sys: io.murano.system + ci_cd_pipeline_murano_app: org.openstack.ci_cd_pipeline_murano_app + puppet: org.openstack.ci_cd_pipeline_murano_app.puppet + conf: io.murano.configuration + +Name: LdapConfigurator + +Extends: Configurator + +Methods: + .init: + Body: + - $this.config: + ldap::client::ssl_cert: '' + ldap::client::uri: localhost + ldap::server::rootpw: Openst@ck0 + ldap_dc: infra + ldap_domain: infra.local + ldap_password: P@ssw0rd + ldap_root_password: Openst@ck0 + ldap_root_user: root + ldap_user: user + ldap_ip: openldap diff --git a/murano-apps/CiCd2/package/Resources/scripts/site.pp b/murano-apps/CiCd2/package/Resources/scripts/site.pp new file mode 100644 index 0000000..d84ea6e --- /dev/null +++ b/murano-apps/CiCd2/package/Resources/scripts/site.pp @@ -0,0 +1,202 @@ +# +# Top-level variables +# +# There must not be any whitespace between this comment and the variables or +# in between any two variables in order for them to be correctly parsed and +# passed around in test.sh +# + +# +# Default: should at least behave like an openstack server +# +node default { + # class { 'openstack_project::server': + # # TODO: 8140 should be only open on the puppet master + # iptables_public_tcp_ports => [8140], + # sysadmins => hiera('sysadmins', []), + # } +} + +# +# Long lived servers: +# +# Node-OS: trusty +node 'review' { + $project_config_repo = hiera('project_config_repo') + + + + class { 'openstack_project::server': + iptables_public_tcp_ports => [80, 443, 8081, 29418], + sysadmins => hiera('sysadmins', []), + certname => 'review', + ca_server => 'puppet', + puppetmaster_server => 'puppet', + enable_unbound => false, + manage_exim => false, + } + + class { '::mysql::server': + root_password => hiera('gerrit_db_root_password'), + remove_default_accounts => true, + } + mysql::db { 'reviewdb': + user => hiera('gerrit_db_user'), + password => hiera('gerrit_db_password'), + host => 'localhost', + grant => ['all'], + } + + class { 'openstack_project::review': + project_config_repo => $project_config_repo, + projects_config => 'openstack_project/review.projects.ini.erb', + # projects_file => hiera('jeepyb_project_file'), + github_oauth_token => hiera('gerrit_github_token'), + github_project_username => hiera('github_project_username', 'username'), + github_project_password => hiera('github_project_password'), + mysql_host => hiera('gerrit_mysql_host', 'localhost'), + mysql_password => hiera('gerrit_mysql_password'), + email_private_key => hiera('gerrit_email_private_key'), + token_private_key => hiera('gerrit_rest_token_private_key'), + # gerritbot_password => hiera('gerrit_gerritbot_password'), + # gerritbot_ssh_rsa_key_contents => hiera('gerritbot_ssh_rsa_key_contents'), + # gerritbot_ssh_rsa_pubkey_contents => hiera('gerritbot_ssh_rsa_pubkey_contents'), + ssl_cert_file_contents => hiera('gerrit_ssl_cert_file_contents'), + ssl_key_file_contents => hiera('gerrit_ssl_key_file_contents'), + # ssl_chain_file_contents => hiera('gerrit_ssl_chain_file_contents'), + ssl_chain_file => '', + ssl_chain_file_contents => '', + ssh_dsa_key_contents => hiera('gerrit_ssh_dsa_key_contents'), + ssh_dsa_pubkey_contents => hiera('gerrit_ssh_dsa_pubkey_contents'), + ssh_rsa_key_contents => hiera('gerrit_ssh_rsa_key_contents'), + ssh_rsa_pubkey_contents => hiera('gerrit_ssh_rsa_pubkey_contents'), + ssh_project_rsa_key_contents => hiera('gerrit_project_ssh_rsa_key_contents'), + ssh_project_rsa_pubkey_contents => hiera('gerrit_project_ssh_rsa_pubkey_contents'), + ssh_welcome_rsa_key_contents => hiera('welcome_message_gerrit_ssh_private_key'), + ssh_welcome_rsa_pubkey_contents => hiera('welcome_message_gerrit_ssh_public_key'), + ssh_replication_rsa_key_contents => hiera('gerrit_replication_ssh_rsa_key_contents'), + ssh_replication_rsa_pubkey_contents => hiera('gerrit_replication_ssh_rsa_pubkey_contents'), + lp_sync_consumer_key => hiera('gerrit_lp_consumer_key'), + lp_sync_token => hiera('gerrit_lp_access_token'), + lp_sync_secret => hiera('gerrit_lp_access_secret'), + contactstore_appsec => hiera('gerrit_contactstore_appsec'), + contactstore_pubkey => hiera('gerrit_contactstore_pubkey'), + swift_username => hiera('swift_store_user', 'username'), + swift_password => hiera('swift_store_key'), + + require => [ + # Package['build-essential'], + # Package['libssl-dev'], + # Package['libffi-dev'], + # Package['python-dev'], + Class['::mysql::server'], + ] + } + + exec { 'openstack_project::gerrit': + command => "/usr/bin/git remote set-url origin $project_config_repo", + cwd => "/etc/project-config/", + require => [ + Class['project_config'], + ], + } +} + +# Node-OS: precise +node jenkins { + package { 'unzip': + ensure => present + } + + class { 'openstack_project::server': + iptables_public_tcp_ports => [80, 443, 8080], + sysadmins => hiera('sysadmins', []), + certname => 'jenkins', + ca_server => 'puppet', + puppetmaster_server => 'puppet', + } + class { 'openstack_project::jenkins': + vhost_name => 'jenkins', + jenkins_password => hiera('jenkins_jobs_password'), + jenkins_ssh_private_key => hiera('jenkins_ssh_private_key_contents'), + ssl_cert_file => '/etc/ssl/certs/ssl-cert-snakeoil.pem', + ssl_key_file => '/etc/ssl/private/ssl-cert-snakeoil.key', + ssl_chain_file => '', + jenkins_username => 'gerrit', + serveradmin => 'jenkins@example.com', + project_config_repo => hiera('project_config_repo'), + project_config_base => '', + } +} + + +node openldap { + + $dc = hiera("ldap_dc") + $dn = domain2dn(hiera("ldap_domain")) + $user = hiera('ldap_root_user') + + class { 'ldap::server': + suffix => $dn, + rootdn => "cn=$user,$dn", + rootpw => hiera('ldap_root_password'), + log_level => 1, + } + + class { 'ldap::client': + uri => 'ldap://openldap', + base => "$dn", + } + + $ldap_defaults = { + ensure => present, + host => 'openldap', + base => "$dn", + port => 389, + ssl => false, + username => "cn=root,${dn}", + password => hiera('ldap_root_password') + } + + $ldap_entries = { + "$dn" =>{ + attributes => { + dc => "$dc", + objectClass => ['top','domain'], + description => 'Tree root' + }, + }, + "ou=users,$dn" =>{ + attributes => { + ou => "users", + objectClass=>['top', 'organizationalUnit'], + description=> "Users for ${dn}", + } + }, + "uid=user,ou=users,$dn" =>{ + attributes => { + cn => "user", + uid => "user", + sn => "user", + uidNumber => 1001, + gidNumber => 1001, + objectClass=> [ + 'top', + 'posixAccount', + 'shadowAccount', + 'iNetOrgPerson', + 'organizationalPerson'], + description=> "User", + gecos => "user@$dn", + homeDirectory => "/home/user", + userPassword=> sha1digest(hiera('ldap_password')), + shadowLastChange=> "0", + shadowMax => "0", + shadowWarning=> "0", + mail => "mail@example.com" + } + }, + } + + create_resources('ldap_entry', $ldap_entries,$ldap_defaults) +} diff --git a/murano-apps/CiCd2/package/UI/ui.yaml b/murano-apps/CiCd2/package/UI/ui.yaml new file mode 100644 index 0000000..6905d40 --- /dev/null +++ b/murano-apps/CiCd2/package/UI/ui.yaml @@ -0,0 +1,56 @@ +Version: 2 + +Application: + ?: + type: org.openstack.ci_cd_pipeline_murano_app.v2.CiCdEnvironment + systemConfigUrl: $.appConfiguration.systemConfigUrl + + flavor: $.instanceConfiguration.flavor + osImage: $.instanceConfiguration.osImage + keyPair: $.instanceConfiguration.keyPair + availabilityZone: $.instanceConfiguration.availabilityZone + +Forms: + - appConfiguration: + fields: + - name: name + type: string + initial: CICD2 + label: Application name + descriptionTitle: + description: + + - instanceConfiguration: + fields: + - name: title + type: string + required: false + hidden: true + description: Specify some instance parameters on which the application would be created + - name: flavor + type: flavor + label: Instance flavor + description: >- + Select registered in Openstack flavor. Consider that application performance + depends on this parameter. + initial: m1.medium + required: false + - name: osImage + type: image + imageType: linux + label: Instance image + description: >- + Select a valid image for the application. Image should already be prepared and + registered in glance. + - name: keyPair + type: keypair + label: Key Pair + description: >- + Select a Key Pair to control access to instances. You can login to + instances using this KeyPair after the deployment of application. + required: false + - name: availabilityZone + type: azone + label: Availability zone + description: Select availability zone where the application would be installed. + required: false diff --git a/murano-apps/CiCd2/package/logo.png b/murano-apps/CiCd2/package/logo.png new file mode 100644 index 0000000..f81c532 Binary files /dev/null and b/murano-apps/CiCd2/package/logo.png differ diff --git a/murano-apps/CiCd2/package/manifest.yaml b/murano-apps/CiCd2/package/manifest.yaml new file mode 100644 index 0000000..860ea17 --- /dev/null +++ b/murano-apps/CiCd2/package/manifest.yaml @@ -0,0 +1,23 @@ +Format: 1.2 +Type: Application +FullName: org.openstack.ci_cd_pipeline_murano_app.v2.CiCd2 +Name: CiCd2 +Description: | + The One-click CI/CD installer. This application uses Puppet master to deploy + applications set + +Author: 'Mirantis, Inc' +Tags: [Server, Puppet, CI] +UI: ui.yaml +Logo: logo.png +Classes: + org.openstack.ci_cd_pipeline_murano_app.v2.CiCdEnvironment: CiCd2.yaml + org.openstack.ci_cd_pipeline_murano_app.v2.Configurator: Configurator.yaml + org.openstack.ci_cd_pipeline_murano_app.v2.GerritConfigurator: GerritConfigurator.yaml + org.openstack.ci_cd_pipeline_murano_app.v2.JenkinsConfigurator: JenkinsConfigurator.yaml + org.openstack.ci_cd_pipeline_murano_app.v2.NodepoolConfigurator: NodepoolConfigurator.yaml + org.openstack.ci_cd_pipeline_murano_app.v2.LdapConfigurator: LdapConfigurator.yaml +Require: + org.openstack.ci_cd_pipeline_murano_app.utils.CiCdUtils: + org.openstack.ci_cd_pipeline_murano_app.puppet.Puppet: + org.openstack.ci_cd_pipeline_murano_app.puppet.SystemConfig: diff --git a/murano-apps/Puppet/package/Classes/PuppetClient.yaml b/murano-apps/Puppet/package/Classes/PuppetClient.yaml index cdc69d3..0ef74cb 100644 --- a/murano-apps/Puppet/package/Classes/PuppetClient.yaml +++ b/murano-apps/Puppet/package/Classes/PuppetClient.yaml @@ -19,7 +19,7 @@ Name: PuppetClient Properties: instance: - Contract: $.class('org.openstack.ci_cd_pipeline_murano_app.puppet.PuppetInstance').notNull() + Contract: $.class(PuppetInstance).notNull() role: Contract: $.string().notNull() @@ -42,6 +42,27 @@ Methods: - $res: new(conf:Linux).runCommand( agent => $this.instance.agent, command => 'puppet agent --test', - ignoreErrors => true).stdout + ignoreErrors => true, + captureStdout => false, + captureStderr => false).stdout + + - Return: $res + + # + # Run puppet agent. + # Get manifest from the server and apply it + # + runPuppetAgent: + Body: + - $command: > + puppet agent --config /etc/puppet/puppet.conf + --onetime --no-daemonize --verbose --no-splay + + - $res: new(conf:Linux).runCommand( + agent => $this.instance.agent, + command => $command, + ignoreErrors => false, + captureStdout => false, + captureStderr => true).stdout - Return: $res diff --git a/murano-apps/Puppet/package/Classes/PuppetInstance.yaml b/murano-apps/Puppet/package/Classes/PuppetInstance.yaml index acd1659..e950cb4 100644 --- a/murano-apps/Puppet/package/Classes/PuppetInstance.yaml +++ b/murano-apps/Puppet/package/Classes/PuppetInstance.yaml @@ -47,7 +47,8 @@ Methods: installPuppet: Body: - $._environment.reporter.report($this, - 'Install puppet on instance "{0}" with id {1}'.format($.name, $.openstackId)) + 'Install puppet on instance "{0}" with id {1}'.format( + $.name, $.openstackId)) - $resources: new(sys:Resources) - $template: $resources.yaml('InstallPuppet.template') - $.agent.call($template, $resources) @@ -180,3 +181,7 @@ Methods: - $template: $resources.yaml('ApplyManifest.template').bind($parameters) - Return: $this.agent.call($template, $resources, $timeout) + + runPuppetAgents: + Body: + - $this.clients.pselect( $.agentRun()) diff --git a/murano-apps/Puppet/package/Classes/PuppetServer.yaml b/murano-apps/Puppet/package/Classes/PuppetServer.yaml index 49d6128..937d3d5 100644 --- a/murano-apps/Puppet/package/Classes/PuppetServer.yaml +++ b/murano-apps/Puppet/package/Classes/PuppetServer.yaml @@ -63,7 +63,8 @@ Methods: Body: - $this._hosts: new(net:Hosts) - $this._hosts.addHostByInstance($this.masterInstance, 'puppet') - - $this.clients.pselect($this._hosts.addHostByInstance($.instance, $.role)) + - $this.clients.pselect( + $this._hosts.addHostByInstance($.instance, $.role)) - $this._hosts.applyTo($this.masterInstance) - $this.clients.pselect($this._hosts.applyTo($.instance)) @@ -118,3 +119,7 @@ Methods: environment => $environment, puppetfile => $puppetfileLink)) - Return: $this.masterInstance.agent.call($template, $resources) + + runPuppetAgents: + Body: + - $this.clients.select($.runPuppetAgent()) diff --git a/murano-apps/Puppet/package/Resources/InstallDependencies.template b/murano-apps/Puppet/package/Resources/InstallDependencies.template index 3883966..3ca29f0 100644 --- a/murano-apps/Puppet/package/Resources/InstallDependencies.template +++ b/murano-apps/Puppet/package/Resources/InstallDependencies.template @@ -16,6 +16,10 @@ Scripts: EntryPoint: 'server/install_dependencies.sh' Files: [] Options: - captureStdout: true - captureStderr: true + # The amout of information printed by script can be huge. + # More than Murano allows to collect. + # Thus we are forced to set "captureStdout" to false + captureStdout: false + # the same + captureStderr: false verifyExitcode: true