diff --git a/puppet-manifests/manifests/site.pp b/puppet-manifests/manifests/init.pp old mode 100644 new mode 100755 similarity index 94% rename from puppet-manifests/manifests/site.pp rename to puppet-manifests/manifests/init.pp index 61bbdef..ac1f968 --- a/puppet-manifests/manifests/site.pp +++ b/puppet-manifests/manifests/init.pp @@ -1,62 +1,62 @@ -# Defaults - -Exec { - path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', - provider => 'shell', -} - -File { - replace => true, -} - -if($::osfamily == 'Debian') { - Exec['apt_update'] -> Package <| |> -} - -stage { 'pre' : - before => Stage['main'], -} - -$gitrevision = '$Id$' - -notify { "Revision : ${gitrevision}" :} - -file { '/var/lib/puppet' : - ensure => 'directory', - owner => 'puppet', - group => 'puppet', - mode => '0755', -} - -file { '/var/lib/puppet/gitrevision.txt' : - ensure => 'present', - owner => 'root', - group => 'root', - mode => '0444', - content => $gitrevision, - require => File['/var/lib/puppet'], -} - - -# Nodes definitions - -node /jenkins-slave\.test-company\.org/ { - class { '::fuel_project::jenkins::slave' : - external_host => true, - } -} - -node /jenkins\.test-company\.org/ { - class { '::fuel_project::jenkins::master' :} -} - -# Default -node default { - $classes = hiera('classes', '') - if ($classes) { - validate_array($classes) - hiera_include('classes') - } else { - notify { 'Default node invocation' :} - } -} +# Defaults + +Exec { + path => '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin', + provider => 'shell', +} + +File { + replace => true, +} + +if($::osfamily == 'Debian') { + Exec['apt_update'] -> Package <| |> +} + +stage { 'pre' : + before => Stage['main'], +} + +$gitrevision = '$Id$' + +notify { "Revision : ${gitrevision}" :} + +file { '/var/lib/puppet' : + ensure => 'directory', + owner => 'puppet', + group => 'puppet', + mode => '0755', +} + +file { '/var/lib/puppet/gitrevision.txt' : + ensure => 'present', + owner => 'root', + group => 'root', + mode => '0444', + content => $gitrevision, + require => File['/var/lib/puppet'], +} + + +# Nodes definitions + +node /jenkins-slave\.test-company\.org/ { + class { '::fuel_project::jenkins::slave' : + external_host => true, + } +} + +node /jenkins\.test-company\.org/ { + class { '::fuel_project::jenkins::master' :} +} + +# Default +node default { + $classes = hiera('classes', '') + if ($classes) { + validate_array($classes) + hiera_include('classes') + } else { + notify { 'Default node invocation' :} + } +} \ No newline at end of file diff --git a/puppet-manifests/modules/fuel_project/files/apps/monitoring/mysql/mysql_items.conf b/puppet-manifests/modules/fuel_project/files/apps/monitoring/mysql/mysql_items.conf deleted file mode 100644 index fe69cc1..0000000 --- a/puppet-manifests/modules/fuel_project/files/apps/monitoring/mysql/mysql_items.conf +++ /dev/null @@ -1,17 +0,0 @@ -# For all the following commands HOME should be set to the directory that has .my.cnf file with password information. -# Get information about Slave replica -UserParameter=mysql.replication_status[*],HOME=/var/lib/zabbix mysql -e 'SHOW SLAVE STATUS \G' | grep $1 | cut -d ':' -f2- -# Flexible parameter to grab global variables. On the frontend side, use keys like mysql.status[Com_insert]. -# Key syntax is mysql.status[variable]. -UserParameter=mysql.status[*],echo "show global status where Variable_name='$1';" | HOME=/var/lib/zabbix mysql -N | awk '{print $$2}' -# Flexible parameter to determine database or table size. On the frontend side, use keys like mysql.size[zabbix,history,data]. -# Key syntax is mysql.size[,,]. -# Database may be a database name or "all". Default is "all". -# Table may be a table name or "all". Default is "all". -# Type may be "data", "index", "free" or "both". Both is a sum of data and index. Default is "both". -# Database is mandatory if a table is specified. Type may be specified always. -# Returns value in bytes. -# 'sum' on data_length or index_length alone needed when we are getting this information for whole database instead of a single table -UserParameter=mysql.size[*],echo "select sum($(case "$3" in both|"") echo "data_length+index_length";; data|index) echo "$3_length";; free) echo "data_free";; esac)) from information_schema.tables$([[ "$1" = "all" || ! "$1" ]] || echo " where table_schema='$1'")$([[ "$2" = "all" || ! "$2" ]] || echo "and table_name='$2'");" | HOME=/var/lib/zabbix mysql -N -UserParameter=mysql.ping,HOME=/var/lib/zabbix mysqladmin ping | grep -c alive -UserParameter=mysql.version,mysql -V diff --git a/puppet-manifests/modules/fuel_project/files/common/zabbix/hardware.conf b/puppet-manifests/modules/fuel_project/files/common/zabbix/hardware.conf deleted file mode 100644 index 1b45150..0000000 --- a/puppet-manifests/modules/fuel_project/files/common/zabbix/hardware.conf +++ /dev/null @@ -1,4 +0,0 @@ -UserParameter=hardware,echo CPU: `cat /proc/cpuinfo | awk -F':' '/^model name/ { MODEL=$2; COUNT+=1 } END { print COUNT"x"MODEL }'`, MEM: `cat /proc/meminfo | awk '/^MemTotal:/ { printf "%dG", ($2/1024000) }'`, HDD: `cat /sys/block/sd*/size /sys/block/vd*/size 2>/dev/null | sort | uniq -c | sort -n | awk '{ printf "%dx%dG, ", $1, ($2/2/1000/976.5) }' | sed 's/, $//'` -UserParameter=vfs.dev.discovery,for partition in $(awk '{print $NF}' /proc/partitions | egrep '^[sv]d([a-z]+)$') ; do partitionlist="$partitionlist,"'{"{#DISKDEV}":"'$partition'"}'; done; echo '{"data":['${partitionlist#,}']}' -UserParameter=smartd.value[*],sudo /usr/sbin/smartctl -A "/dev/$1" | /bin/grep "$2" | /usr/bin/awk '{print $$10}' -UserParameter=smartd.hdd.health[*],sudo /usr/sbin/smartctl -H "/dev/$1" | /bin/grep -c '^SMART overall-health self-assessment test result: PASSED$' diff --git a/puppet-manifests/modules/fuel_project/files/common/zabbix/ssl-certificate-check.conf b/puppet-manifests/modules/fuel_project/files/common/zabbix/ssl-certificate-check.conf deleted file mode 100644 index d2ec3ca..0000000 --- a/puppet-manifests/modules/fuel_project/files/common/zabbix/ssl-certificate-check.conf +++ /dev/null @@ -1 +0,0 @@ -UserParameter=ssl.certificate.check[*],/usr/local/bin/zabbix_check_certificate.sh -H "$1" -p "$2" diff --git a/puppet-manifests/modules/fuel_project/files/devops_tools/userparams-lpupdatebug.conf b/puppet-manifests/modules/fuel_project/files/devops_tools/userparams-lpupdatebug.conf deleted file mode 100644 index 5f1573c..0000000 --- a/puppet-manifests/modules/fuel_project/files/devops_tools/userparams-lpupdatebug.conf +++ /dev/null @@ -1,2 +0,0 @@ -UserParameter=lpupdatebug.lp_logcheck[*],/usr/local/bin/tailnew /var/log/lpupdatebug.log lpupdatebug.lp_logcheck.$(echo -n /var/log/lpupdatebug.log | sed 's~/~_~g') | grep -oh '0x00000lp' | tail -1 -UserParameter=lpupdatebug.ssh_logcheck[*],/usr/local/bin/tailnew /var/log/lpupdatebug.log lpupdatebug.ssh_logcheck.$(echo -n /var/log/lpupdatebug.log | sed 's~/~_~g') | grep -oh '0x00000ssh' | tail -1 \ No newline at end of file diff --git a/puppet-manifests/modules/fuel_project/files/glusterfs/zabbix/glubix/glubix_checkvolstatus.pl b/puppet-manifests/modules/fuel_project/files/glusterfs/zabbix/glubix/glubix_checkvolstatus.pl deleted file mode 100755 index 21e33e2..0000000 --- a/puppet-manifests/modules/fuel_project/files/glusterfs/zabbix/glubix/glubix_checkvolstatus.pl +++ /dev/null @@ -1,59 +0,0 @@ -#!/usr/bin/perl -# Ex. -# ./glubix_checkvolstatus.pl --volume_name vol0 -# ./glubix_checkvolstatus.pl --volume_name vol1 --volume_numbricks 4 -# -# options: -# --volume_name vol1 -# --volume_numbricks 4 - -use strict; -use Getopt::Long qw(:config posix_default no_ignore_case gnu_compat); - -my $rc = 0; -my $gluster_volume_name; -my $gluster_volume_numbricks; - -my $getopt_result = GetOptions('volume_name=s' => \$gluster_volume_name, - 'volume_numbricks=i', => \$gluster_volume_numbricks); - -if ($gluster_volume_name eq "") { - $rc = 0; - printf "$rc\n"; - exit; -} - -my $gluster_cmd = "/usr/sbin/gluster"; -my $exec_cmd = "$gluster_cmd volume info $gluster_volume_name 2> /dev/null"; - -my $result = `$exec_cmd`; - -if ($result =~ m/Status: Started/) { - # volume status is Started - $rc = 1; - - if ($gluster_volume_numbricks ne "" && $gluster_volume_numbricks > 0) { - my $exec_cmd2 = "$gluster_cmd volume status $gluster_volume_name 2> /dev/null | grep '^Brick' | wc -l"; - my $result2 = `$exec_cmd2`; - - my $num_active_brick = $result2; - - # If number of active bricks were less than $gluster_volume_numbricks. return code is 0; - if( $num_active_brick < $gluster_volume_numbricks ) { - # missing some bricks. may be down. - $rc = 0; - } else { - # brick is healthy - $rc = 1; - } - } -} elsif ($result =~ m/Status: Stopped/) { - # volume status is Stopped - $rc = 0; -} else { - # volume status is maintainance down or other - $rc = 0; -} - -printf "$rc\n"; -exit diff --git a/puppet-manifests/modules/fuel_project/files/glusterfs/zabbix/glubix/glubix_georepstatus33.pl b/puppet-manifests/modules/fuel_project/files/glusterfs/zabbix/glubix/glubix_georepstatus33.pl deleted file mode 100755 index 7eb2a8c..0000000 --- a/puppet-manifests/modules/fuel_project/files/glusterfs/zabbix/glubix/glubix_georepstatus33.pl +++ /dev/null @@ -1,43 +0,0 @@ -#!/usr/bin/perl -# geo-replication via gsync for GlusterFS 3.3 -# Ex. -# ./glubix_.pl --volume_name vol1 --slave_url remote::geo-vol1 -# -# options: -# --volume_name vol1 -# --slave_url remote::geo-vol1 -# - -use strict; -use Getopt::Long qw(:config posix_default no_ignore_case gnu_compat); - -my $gluster_volume_name; -my $gluster_slave_url; - -my $getopt_result = GetOptions('volume_name=s' => \$gluster_volume_name, - 'slave_url=s', => \$gluster_slave_url); - -if ($gluster_volume_name eq "") { - exit 1; -} - -my $gluster_cmd = "/usr/sbin/gluster"; -my $exec_cmd = "$gluster_cmd volume geo-replication $gluster_volume_name $gluster_slave_url status | tail -1 2> /dev/null"; - -my $result = `$exec_cmd`; - -if ($result =~ '^----' || $result =~ '^No active geo-replication sessions' ) { - print "NotFound\n"; - exit 1; -} - -my ($master_vol,$slave_url,$status) = split(/[\s\t]+/, $result); - -if ($master_vol eq $gluster_volume_name && $slave_url eq $gluster_slave_url) { - print "$status\n"; - exit; -} - -print "ERROR\n"; -exit 1; - diff --git a/puppet-manifests/modules/fuel_project/files/glusterfs/zabbix/glubix/glubix_georepstatus34.pl b/puppet-manifests/modules/fuel_project/files/glusterfs/zabbix/glubix/glubix_georepstatus34.pl deleted file mode 100755 index 6c73c3a..0000000 --- a/puppet-manifests/modules/fuel_project/files/glusterfs/zabbix/glubix/glubix_georepstatus34.pl +++ /dev/null @@ -1,51 +0,0 @@ -#!/usr/bin/perl -# geo-replication via gsync for GlusterFS 3.3 -# Ex. -# ./glubix_.pl --volume_name vol1 --slave_url remote::geo-vol1 -# -# options: -# --volume_name vol1 -# --slave_url remote::geo-vol1 -# - -use strict; -use Getopt::Long qw(:config posix_default no_ignore_case gnu_compat); - -my $gluster_volume_name; -my $gluster_slave_url; - -my $getopt_result = GetOptions('volume_name=s' => \$gluster_volume_name, - 'slave_url=s', => \$gluster_slave_url); - -if ($gluster_volume_name eq "") { - exit 1; -} - -my $gluster_cmd = "/usr/sbin/gluster"; -my $exec_cmd = "$gluster_cmd volume geo-replication $gluster_volume_name $gluster_slave_url status 2> /dev/null"; - -my $result = `$exec_cmd`; - -if ($result =~ '^No active geo-replication sessions between' || $result =~ '^No active geo-replication sessions' ) { - print "NotFound\n"; - exit 1; -} - -$result =~ s/^\s*\n//g; -$result =~ s/MASTER NODE[A-Z\s]+\n//g; -$result =~ s/-+\s*\n//g; - -my @result_array = split(/\n/,$result); -foreach my $line (@result_array){ - print "$line\n"; - my ($master_node,$master_vol,$master_brick,$slave_url,$status,$checkpoint_status,$crawl_status) = split(/\s+/, $line); - - if ($master_vol eq $gluster_volume_name && $slave_url eq $gluster_slave_url) { - print "$status\n"; - exit; - } -} - -print "ERROR\n"; -exit 1; - diff --git a/puppet-manifests/modules/fuel_project/files/glusterfs/zabbix/glubix/glubix_numpeers.pl b/puppet-manifests/modules/fuel_project/files/glusterfs/zabbix/glubix/glubix_numpeers.pl deleted file mode 100755 index 0bbcdec..0000000 --- a/puppet-manifests/modules/fuel_project/files/glusterfs/zabbix/glubix/glubix_numpeers.pl +++ /dev/null @@ -1,21 +0,0 @@ -#!/usr/bin/perl -# Ex. -# ./glubix_numpeers.pl -# - -use strict; - -my $gluster_cmd = "/usr/sbin/gluster"; -my $exec_cmd = "$gluster_cmd peer status 2> /dev/null"; - -my $result = `$exec_cmd`; - -my $peers = 0; - -if ($result =~ m/Number of Peers: ([0-9]+)/) { - $peers = $1; -} - -print "$peers\n"; - -exit; diff --git a/puppet-manifests/modules/fuel_project/files/glusterfs/zabbix/glubix/glubix_uuid.pl b/puppet-manifests/modules/fuel_project/files/glusterfs/zabbix/glubix/glubix_uuid.pl deleted file mode 100755 index d8e7a9d..0000000 --- a/puppet-manifests/modules/fuel_project/files/glusterfs/zabbix/glubix/glubix_uuid.pl +++ /dev/null @@ -1,20 +0,0 @@ -#!/usr/bin/perl -# Ex. -# ./glubix_uuid.pl - -use strict; - -my $glusterd_info = "/var/lib/glusterd/glusterd.info"; -my $exec_cmd = "grep UUID $glusterd_info 2> /dev/null"; - -my $result = `$exec_cmd`; - -my $uuid; - -if ($result =~ m/UUID=([0-9a-f]+-[0-9a-f]+-[0-9a-f]+-[0-9a-f]+-[0-9a-f]+)/) { - $uuid = $1; -} - -print "$uuid\n"; - -exit; diff --git a/puppet-manifests/modules/fuel_project/files/glusterfs/zabbix/glubix/glubix_volstatus.pl b/puppet-manifests/modules/fuel_project/files/glusterfs/zabbix/glubix/glubix_volstatus.pl deleted file mode 100755 index e7bc46e..0000000 --- a/puppet-manifests/modules/fuel_project/files/glusterfs/zabbix/glubix/glubix_volstatus.pl +++ /dev/null @@ -1,39 +0,0 @@ -#!/usr/bin/perl -# Ex. -# ./glubix_volstatus.pl --volume_name vol0 -# -# options: -# --volume_name vol1 - -use strict; -use Getopt::Long qw(:config posix_default no_ignore_case gnu_compat); - -my $status; -my $gluster_volume_name; - -my $getopt_result = GetOptions('volume_name=s' => \$gluster_volume_name); - -if ($gluster_volume_name eq "") { - $status = "NotFound"; - printf "$status\n"; - exit 1; -} - -my $gluster_cmd = "/usr/sbin/gluster"; -my $exec_cmd = "$gluster_cmd volume info $gluster_volume_name 2> /dev/null"; - -my $result = `$exec_cmd`; - -if ($result =~ m/Status: Started/) { - $status = 'Started'; -} elsif ($result =~ m/Status: Stopped/) { - $status = 'Stopped'; -} elsif ($result =~ m/Status: Created/) { - $status = 'Created'; -} else { - # Can't parse volume status - $status = "Unknown"; -} - -printf "$status\n"; -exit; diff --git a/puppet-manifests/modules/fuel_project/files/glusterfs/zabbix/glubix/glubix_voltype.pl b/puppet-manifests/modules/fuel_project/files/glusterfs/zabbix/glubix/glubix_voltype.pl deleted file mode 100755 index 25c81ef..0000000 --- a/puppet-manifests/modules/fuel_project/files/glusterfs/zabbix/glubix/glubix_voltype.pl +++ /dev/null @@ -1,43 +0,0 @@ -#!/usr/bin/perl -# Ex. -# ./glubix_voltype.pl --volume_name vol0 -# -# options: -# --volume_name vol1 -# return value type: String -# return value list: Unknown ... Can't parse result of gluster command -# Blank ... --volume_name is not set -# Distribute -# Stripe -# Replicate -# Striped-Replicate -# Distributed-Stripe -# Distributed-Replicate -# Distributed-Striped-Replicate - -use strict; -use Getopt::Long qw(:config posix_default no_ignore_case gnu_compat); - -my $voltype; -my $gluster_volume_name = ''; - -my $getopt_result = GetOptions('volume_name=s' => \$gluster_volume_name); - -if ($gluster_volume_name eq '') { - $voltype = "Blank"; - exit; -} - -my $gluster_cmd = "/usr/sbin/gluster"; -my $exec_cmd = "$gluster_cmd volume info $gluster_volume_name 2> /dev/null"; - -my $result = `$exec_cmd`; - -if ($result =~ m/Type: (\S+)/) { - $voltype = $1; -} else { - $voltype = "Unknown"; -} - -printf "$voltype\n"; -exit diff --git a/puppet-manifests/modules/fuel_project/files/glusterfs/zabbix/userparams-glubix.conf b/puppet-manifests/modules/fuel_project/files/glusterfs/zabbix/userparams-glubix.conf deleted file mode 100644 index 42433a2..0000000 --- a/puppet-manifests/modules/fuel_project/files/glusterfs/zabbix/userparams-glubix.conf +++ /dev/null @@ -1,9 +0,0 @@ -UserParameter=gluster.version,/usr/sbin/glusterd -V|head -1|cut -d' ' -f2 -UserParameter=gluster.uuid,sudo /usr/local/bin/glubix_uuid.pl -UserParameter=gluster.numpeers,sudo /usr/local/bin/glubix_numpeers.pl -UserParameter=gluster.voltype[*],sudo /usr/local/bin/glubix_voltype.pl --volume_name $1 -UserParameter=gluster.volstatus[*],sudo /usr/local/bin/glubix_volstatus.pl --volume_name $1 -UserParameter=gluster.checkvolstatus[*],sudo /usr/local/bin/glubix_checkvolstatus.pl --volume_name $1 --volume_numbricks $2 -UserParameter=gluster.numbricks[*],sudo /usr/sbin/gluster volume info $1 | grep '^Brick[0-9]*:' | wc -l -UserParameter=gluster.numactivebricks[*],sudo /usr/sbin/gluster volume status $1 | grep '^Brick' | wc -l -UserParameter=gluster.georepstatus[*],sudo /usr/local/bin/glubix_georepstatus34.pl --volume_name $1 --slave_url $2 diff --git a/puppet-manifests/modules/fuel_project/files/lab_cz/default b/puppet-manifests/modules/fuel_project/files/lab_cz/default deleted file mode 100644 index 25f88a9..0000000 --- a/puppet-manifests/modules/fuel_project/files/lab_cz/default +++ /dev/null @@ -1,8 +0,0 @@ -TIMEOUT 50 -TOTALTIMEOUT 9000 -ONTIMEOUT local -default local - -LABEL local - MENU LABEL Boot local hard drive - LOCALBOOT 0 diff --git a/puppet-manifests/modules/fuel_project/files/lab_cz/deploy.py b/puppet-manifests/modules/fuel_project/files/lab_cz/deploy.py deleted file mode 100755 index d2b3d54..0000000 --- a/puppet-manifests/modules/fuel_project/files/lab_cz/deploy.py +++ /dev/null @@ -1,311 +0,0 @@ -#!/usr/bin/python - -import sys, getopt -import os.path -import netaddr -import re -import paramiko -import time -from hashlib import sha512 -from xmlbuilder import XMLBuilder - -IPMI_USERNAME = os.getenv('IPMI_USERNAME', '') -IPMI_PASSWORD = os.getenv('IPMI_PASSWORD', '') - -CISCO_USERNAME = os.getenv('CISCO_USERNAME', '') -CISCO_PASSWORD = os.getenv('CISCO_PASSWORD', '') - -servers = { - 'cz5547' : { 'hostname' : 'cz5547-kvm.host-telecom.com', 'mac' : 'a0-d3-c1-ef-2c-d8', 'int1' : 'gi 0/1', 'int2' : 'gi 0/2' }, - 'cz5548' : { 'hostname' : 'cz5548-kvm.host-telecom.com', 'mac' : 'a0-d3-c1-ef-16-ec', 'int1' : 'gi 0/3', 'int2' : 'gi 0/4' }, - 'cz5549' : { 'hostname' : 'cz5549-kvm.host-telecom.com', 'mac' : 'a0-d3-c1-ef-32-cc', 'int1' : 'gi 0/5', 'int2' : 'gi 0/6' }, - 'cz5550' : { 'hostname' : 'cz5550-kvm.host-telecom.com', 'mac' : 'a0-2b-b8-1f-48-4c', 'int1' : 'gi 0/7', 'int2' : 'gi 0/8' }, - 'cz5551' : { 'hostname' : 'cz5551-kvm.host-telecom.com', 'mac' : 'a0-2b-b8-1f-48-fc', 'int1' : 'gi 0/9', 'int2' : 'gi 0/10' }, - 'cz5552' : { 'hostname' : 'cz5552-kvm.host-telecom.com', 'mac' : 'a0-2b-b8-1f-4a-88', 'int1' : 'gi 0/11', 'int2' : 'gi 0/12' }, - 'cz5553' : { 'hostname' : 'cz5553-kvm.host-telecom.com', 'mac' : 'a0-2b-b8-1f-4a-ac', 'int1' : 'gi 0/19', 'int2' : 'gi 0/20' }, - 'cz5554' : { 'hostname' : 'cz5554-kvm.host-telecom.com', 'mac' : 'a0-2b-b8-1f-4a-90', 'int1' : 'gi 0/21', 'int2' : 'gi 0/22' }, - 'cz5555' : { 'hostname' : 'cz5555-kvm.host-telecom.com', 'mac' : 'a0-2b-b8-1f-4c-9c', 'int1' : 'gi 0/23', 'int2' : 'gi 0/24' }, - 'cz5556' : { 'hostname' : 'cz5556-kvm.host-telecom.com', 'mac' : 'a0-2b-b8-1f-4c-48', 'int1' : 'gi 0/31', 'int2' : 'gi 0/32' }, - 'cz5557' : { 'hostname' : 'cz5557-kvm.host-telecom.com', 'mac' : 'a0-2b-b8-1f-4a-08', 'int1' : 'gi 0/33', 'int2' : 'gi 0/34' }, - 'cz5558' : { 'hostname' : 'cz5558-kvm.host-telecom.com', 'mac' : 'a0-2b-b8-1f-4c-74', 'int1' : 'gi 0/35', 'int2' : 'gi 0/36' }, - 'cz5559' : { 'hostname' : 'cz5559-kvm.host-telecom.com', 'mac' : 'a0-2b-b8-1f-4c-54', 'int1' : 'gi 0/13', 'int2' : 'gi 0/14' }, - 'cz5560' : { 'hostname' : 'cz5560-kvm.host-telecom.com', 'mac' : '00-00-00-00-00-00', 'int1' : 'gi 0/15', 'int2' : 'gi 0/16' }, - 'cz5561' : { 'hostname' : 'cz5561-kvm.host-telecom.com', 'mac' : 'a0-2b-b8-1f-4b-ec', 'int1' : 'gi 0/17', 'int2' : 'gi 0/18' }, - 'cz5562' : { 'hostname' : 'cz5562-kvm.host-telecom.com', 'mac' : '00-00-00-00-00-00', 'int1' : 'gi 0/25', 'int2' : 'gi 0/26' }, - 'cz5563' : { 'hostname' : 'cz5563-kvm.host-telecom.com', 'mac' : '00-00-00-00-00-00', 'int1' : 'gi 0/27', 'int2' : 'gi 0/28' }, - 'cz5564' : { 'hostname' : 'cz5564-kvm.host-telecom.com', 'mac' : '00-00-00-00-00-00', 'int1' : 'gi 0/29', 'int2' : 'gi 0/30' }, -} - -vlans = { - '221' : { 'network' : netaddr.IPNetwork('172.16.39.0/26') }, - '222' : { 'network' : netaddr.IPNetwork('172.16.39.64/26') }, - '223' : { 'network' : netaddr.IPNetwork('172.16.39.128/26') }, - '224' : { 'network' : netaddr.IPNetwork('172.16.39.192/26') }, - '225' : { 'network' : netaddr.IPNetwork('172.16.37.128/26') }, - '226' : { 'network' : netaddr.IPNetwork('172.16.37.192/26') }, -} - -switches = { - 'cz-sw' : { 'hostname' : '193.161.84.243 ' }, -} - -class fuelLab: - """ Lab definition """ - def __init__(self): - self.name="Lab1" - self.fuel = None - self.iso = None - self.vlan = None - self.public_vlan = None - self.vlan_range = None - self.nodes = [] - self.tftp_root = "/var/lib/tftpboot" - - def set_host(self,host): - if host in servers.keys(): - self.name = host - self.fuel = servers[host] - else: - print "Node "+node+" not defined" - sys.exit(1) - - def add_node(self,node): - if re.match('^[1-9a-f]{2}:[1-9a-f]{2}$',node): - node = re.sub(':','-',node) - for name in servers.keys(): - if re.search(node+'$', servers[name]['mac']): - self.add_node(name) - return - if node in servers.keys(): - self.nodes.append(servers[node]) - else: - print "Node "+node+" not defined" - sys.exit(1) - - def set_vlan(self,vlan): - if vlan in vlans.keys(): - self.vlan = vlan - else: - print "Vlan "+vlan+" not defined" - sys.exit(1) - - def set_public_vlan(self,vlan): - if vlan in vlans.keys(): - self.public_vlan = vlan - else: - print "Vlan "+vlan+" not defined" - sys.exit(1) - - def set_vlan_range(self,vlan_range): - res = re.match(r"(\d+)\-(\d+)",vlan_range) - if res: - min,max = int(res.group(1)),int(res.group(2)) - if(max-min > 1 and max-min < 20): - self.vlan_range = str(min)+'-'+str(max) - else: - print "Range is too big" - else: - print "Wrong range" - - def create_pxe(self): - self.pxe_file = "/var/lib/tftpboot/pxelinux.cfg/01-"+self.fuel['mac'] - f = open(self.pxe_file, "w") - ip = vlans[self.vlan]['network'] - nfs_share = "nfs:" +str(ip.ip+1) + ":" + self.tftp_root + self.fuel_path - host_ip = ip.ip + 2 - host_gw = ip.ip + ip.size - 2 - host_netmask = ip.netmask - f.write("DEFAULT fuel\nPROMPT 0\nTIMEOUT 0\nTOTALTIMEOUT 0\nONTIMEOUT fuel\n\n") - f.write("LABEL fuel\nKERNEL %s/isolinux/vmlinuz\nINITRD %s/isolinux/initrd.img\n" % (self.fuel_path, self.fuel_path)) - f.write("APPEND biosdevname=0 ks=%s repo=%s ip=%s netmask=%s gw=%s hostname=fuel-lab-%s.mirantis.com showmenu=no installdrive=sda ksdevice=eth0 forceformat=yes\n" % \ - ( nfs_share + "/ks.cfg", nfs_share ,host_ip, host_netmask, host_gw, self.name ) ) - f.close() - - def mac_in_nodes(self,mac): - for node in self.nodes: - if node['mac'] == mac: - return True - return False - - def update_dhcpd(self): - mac = re.sub('-',':',self.fuel['mac']) - fuel = self.fuel - ip = vlans[self.vlan]['network'] - filename = "/tmp/deploy." + str(os.getpid()) - x = XMLBuilder('network') - x.name("lab" + str(self.vlan)) - x.bridge(name = "br"+self.vlan, stp="off", delay="0") - with x.forward(mode = "route", dev="eth0"): - x.interface(dev="eth0") - with x.ip(address = str(ip.ip+1), netmask="255.255.255.192"): - with x.dhcp: - x.host(mac=mac, ip=str(ip.ip+2)) - x.bootp(file="pxelinux.0") - x.tftp(root="/var/lib/tftpboot") - print str(x)+"\n" - f=open(filename,"w") - f.write(str(x)+"\n") - f.close() - os.system("sudo ifconfig br%s down" % self.vlan) - os.system("virsh net-destroy lab%s" % self.vlan) - os.system("virsh net-create %s" % filename) - os.system("sudo brctl addif br%s eth1.%s" % (self.vlan, self.vlan)) - - def switch_write(self): - ssh = paramiko.SSHClient() - ssh.set_missing_host_key_policy( - paramiko.AutoAddPolicy()) - ssh.connect('193.161.84.243', username=CISCO_USERNAME, password=CISCO_PASSWORD) - sess = ssh.invoke_shell() - vlans = "%s,%s" % (self.vlan, self.vlan_range) - print sess.recv(5000) - sess.send("conf t\n") - time.sleep(1) - for node in self.nodes + [self.fuel]: - print sess.recv(5000) - sess.send( "interface %s\nswitchport trunk native vlan %s\nswitchport trunk allowed vlan %s\n" % (node['int1'], self.vlan, vlans) ) - sess.send( "interface %s\nno switchport trunk native vlan\n" % ( node['int2'] ) ) - if self.public_vlan: - sess.send( "switchport trunk native vlan %s\nswitchport trunk allowed vlan %s\n" % (self.public_vlan, vlans+","+self.public_vlan) ) - else: - sess.send( "switchport trunk allowed vlan %s\n" % (vlans) ) - time.sleep(1) - time.sleep(2) - sess.send("end\nexit\n") - print sess.recv(5000) - - def reboot_master(self): - print "Rebooting Fuel Master: %s" % self.fuel['hostname'] - os.system("ipmitool -I lanplus -L operator -H " + self.fuel['hostname'] + " -U " + IPMI_USERNAME + " -P '" + IPMI_PASSWORD + "' power cycle") - - def reboot_nodes(self): - for node in self.nodes: - print "Reboot node: %s" % node['hostname'] - os.system("ipmitool -I lanplus -L operator -H " + node['hostname'] + " -U " + IPMI_USERNAME + " -P '" + IPMI_PASSWORD + "' power cycle") - - def set_iso(self,iso): - iso = os.path.abspath(iso) - if os.path.isfile(iso): - self.iso = iso - self.fuel_path = "/" + sha512(iso).hexdigest()[:16] - else: - print "ISO: %s not found" % iso - sys.exit(1) - - def unpack_iso(self): - mount_iso_path = self.tftp_root + self.fuel_path - if os.path.ismount(mount_iso_path): - return - if not os.path.exists(mount_iso_path): - os.system("mkdir " + mount_iso_path) - os.system("sudo mount -o loop,ro %s %s" % ( self.iso, mount_iso_path) ) - - def check_params(self, mode): - if not mode: - return False - if 'install_fuel' in mode and not ( self.fuel and self.iso and self.vlan) : - return False - if 'reboot' in mode and not ( self.nodes ) : - return False - if 'configure' in mode and not ( self.fuel and self.vlan and self.vlan_range and self.nodes ) : - return False - return True - - - -def usage(): - print ''' - == For existing configuration you must specify: -\nEXAMPLE:\tdeploy.py --host=cz5551 --vlan=221 --iso=/srv/downloads/fuel.iso\n - --host Host to use as master node - --vlan Preconfigured lab admin vlan - --iso ISO to install -\n == To reboot nodes you need only: == -\nEXAMPLE:\tdeploy.py (--reboot-nodes|-r) --node cz5547 --node 2c:d8 ...\n - --reboot-nodes Reboot only nodes - --node=cz0000 Node to reboot -\n == For NEW configuration (DevOps team only) == -\nEXAMPLE:\tdeploy.py --host cz5551 --vlan 221 [--public-vlan=222] --vlan-range 300-305 [--iso fuel.iso] --node cz5547 --node cz5548 --node cz5549\n - --public-vlan 222 Set untagged eth1 vlan (if needed) - --vlan-range 51-55 Vlans for storage/private/management/etc - --node Node to include in lab''' - -def main(argv): - lab = fuelLab() - mode = [] - nodes = [] - try: - opts, args = getopt.getopt(argv,"hr",["host=","vlan=","public-vlan=","vlan-range=","iso=","node=","help","reboot-nodes"]) - except getopt.GetoptError: - usage() - sys.exit(2) - for opt, arg in opts: - if opt in ( "-h", "--help" ): - usage() - sys.exit(0) - elif opt == "--host": - lab.set_host(arg) - elif opt == "--vlan": - lab.set_vlan(arg) - elif opt == "--public-vlan": - mode.append('configure') - lab.set_public_vlan(arg) - elif opt == "--vlan-range": - mode.append('configure') - lab.set_vlan_range(arg) - elif opt == "--iso": - mode.append('install_fuel') - lab.set_iso(arg) - elif opt == "--node": - lab.add_node(arg) - nodes.append(arg) - elif opt in ( "--reboot-nodes", "-r" ): - mode.append('reboot') - - if not lab.check_params(mode): - usage() - exit(1) - - if 'reboot' in mode: - lab.reboot_nodes() - return - if 'configure' in mode: - lab.switch_write() - lab.update_dhcpd() - vlan = vlans[lab.vlan]['network'] - if lab.public_vlan: - vlan_p = vlans[lab.public_vlan]['network'] - pub_net = vlan_p - pub_gw = vlan_p[-2] - else: - pub_net = pub_gw = "Not available" - print ''' -================================================================================ -Lab configured: - -Fuel host ip: %s -Admin network: ( Untagged eth0 ) - network: %s - gateway: %s -Public network: ( Untagged eth1 ) - network: %s - gateway: %s -Vlans available: %s - -To install Fuel: - deploy.py --host %s --vlan %s --iso /srv/downloads/fuel.iso - -To reboot all nodes: - deploy.py -r --node %s -================================================================================ - ''' % ( vlan[2], vlan, vlan[-2], pub_net, pub_gw, lab.vlan_range, lab.name, lab.vlan, " --node ".join(nodes) ) - - if 'install_fuel' in mode: - lab.update_dhcpd() - lab.create_pxe() - lab.unpack_iso() - lab.reboot_master() - os.system("echo 'rm %s' | at now + 10 minutes" % lab.pxe_file) - -if __name__ == "__main__": - main(sys.argv[1:]) diff --git a/puppet-manifests/modules/fuel_project/files/lab_cz/network_interfaces b/puppet-manifests/modules/fuel_project/files/lab_cz/network_interfaces deleted file mode 100644 index 19bafb5..0000000 --- a/puppet-manifests/modules/fuel_project/files/lab_cz/network_interfaces +++ /dev/null @@ -1,23 +0,0 @@ -auto lo -iface lo inet loopback - -auto eth0 -iface eth0 inet dhcp - -auto eth1.221 -iface eth1.221 inet manual - -auto eth1.222 -iface eth1.222 inet manual - -auto eth1.223 -iface eth1.223 inet manual - -auto eth1.224 -iface eth1.224 inet manual - -auto eth1.225 -iface eth1.225 inet manual - -auto eth1.226 -iface eth1.226 inet manual diff --git a/puppet-manifests/modules/fuel_project/files/lab_cz/sudo_deploy b/puppet-manifests/modules/fuel_project/files/lab_cz/sudo_deploy deleted file mode 100644 index d33a798..0000000 --- a/puppet-manifests/modules/fuel_project/files/lab_cz/sudo_deploy +++ /dev/null @@ -1 +0,0 @@ -ALL ALL=NOPASSWD: /bin/mount, /bin/umount, /sbin/ifconfig, /sbin/brctl diff --git a/puppet-manifests/modules/fuel_project/files/ns/bind96-stats-parse.pl b/puppet-manifests/modules/fuel_project/files/ns/bind96-stats-parse.pl deleted file mode 100644 index 4b55e08..0000000 --- a/puppet-manifests/modules/fuel_project/files/ns/bind96-stats-parse.pl +++ /dev/null @@ -1,75 +0,0 @@ -#!/usr/bin/perl -w -# -# $jwk: bind96-stats-parse.pl,v 1.4 2011/08/22 16:11:13 jwk Exp $ -# -# Parse the statistics file produced by BIND 9.6 and higher. Output -# the statistics in format that's easily parseable by a -# script/program/whatever. -# -# Joel Knight -# knight.joel gmail.com -# 2010.12.26 -# -# http://www.packetmischief.ca/monitoring-bind9/ - - -use strict; -use warnings; - -# how often are you pulling statistics? -my $INTERVAL = 300; - -my $prefix; -my $view; -my $item; -my $cnt; - -my $now = time; - -my $go = 0; - -while (<>) { - chomp; - # +++ Statistics Dump +++ (1293358206) - if (m/^\+\+\+ Statistics Dump \+\+\+ \((\d+)\)/) { - my $d = $now - $1; - # stats that are older than $INTERVAL seconds are ones that we've - # already processed - if ($d >= $INTERVAL) { - next; - } else { - print scalar localtime $1, "\n"; - $go++; - } - } - - next unless $go; - - # ++ Incoming Requests ++ - # ++ Socket I/O Statistics ++ - if (m/^\+\+ ([^+]+) \+\+$/) { - ($prefix = lc $1) =~ s/[\s\>\<\/\(\)]/_/g; - $view = $item = $cnt = ""; - } - # [View: custom_view_name] - # we ignore the view name "default" so that the word "default" is not - # inserted into the output. - if (m/^\[View: (\w+)(| .*)\]/) { - next if $1 eq "default"; - $view = $1; - } - - # 407104 QUERY - # 3379 EDNS(0) query failures - # 134 queries with RTT < 10ms - if (m/^\s+(\d+) ([^\n]+)/) { - ($cnt = lc $1) =~ s/[\s\>\<\/\(\)]/_/g; - ($item = lc $2) =~ s/[\s\>\<\/\(\)]/_/g; - - if ($view) { - print "$prefix\+$view:$item=$cnt\n"; - } else { - print "$prefix:$item=$cnt\n"; - } - } -} diff --git a/puppet-manifests/modules/fuel_project/files/ns/zabbix_bind.conf b/puppet-manifests/modules/fuel_project/files/ns/zabbix_bind.conf deleted file mode 100644 index 920904f..0000000 --- a/puppet-manifests/modules/fuel_project/files/ns/zabbix_bind.conf +++ /dev/null @@ -1 +0,0 @@ -UserParameter=bind.stats[*],(/usr/local/bin/bind96-stats-parse.pl < /var/lib/bind/statistics.txt | /bin/fgrep "$1=" || echo "$1=0") | /usr/bin/cut -d= -f2 diff --git a/puppet-manifests/modules/fuel_project/files/zabbix/nginx_items.conf b/puppet-manifests/modules/fuel_project/files/zabbix/nginx_items.conf deleted file mode 100644 index 5c3d100..0000000 --- a/puppet-manifests/modules/fuel_project/files/zabbix/nginx_items.conf +++ /dev/null @@ -1,14 +0,0 @@ -UserParameter=nginx.active[*],/usr/bin/curl -s http://127.0.0.1:61929/ | awk '/^Active/ {print $NF}' -UserParameter=nginx.reading[*],/usr/bin/curl -s http://127.0.0.1:61929/ | awk '/Reading/ {print $$2}' -UserParameter=nginx.writing[*],/usr/bin/curl -s http://127.0.0.1:61929/ | awk '/Writing/ {print $$4}' -UserParameter=nginx.waiting[*],/usr/bin/curl -s http://127.0.0.1:61929/ | awk '/Waiting/ {print $$6}' -UserParameter=nginx.accepted[*],/usr/bin/curl -s http://127.0.0.1:61929/ | awk '/^[ \t]+[0-9]+[ \t]+[0-9]+[ \t]+[0-9]+/ {print $$1}' -UserParameter=nginx.handled[*],/usr/bin/curl -s http://127.0.0.1:61929/ | awk '/^[ \t]+[0-9]+[ \t]+[0-9]+[ \t]+[0-9]+/ {print $$2}' -UserParameter=nginx.requests[*],/usr/bin/curl -s http://127.0.0.1:61929/ | awk '/^[ \t]+[0-9]+[ \t]+[0-9]+[ \t]+[0-9]+/ {print $$3}' -UserParameter=nginx.logs.requests[*],sudo /usr/bin/tailnew "$1" nginx.logs.requests.$(echo -n $1 | sed 's~/~_~g') | wc -l -UserParameter=nginx.logs.requests.2xx[*],sudo /usr/bin/tailnew "$1" nginx.logs.requests.$(echo -n $1 | sed 's~/~_~g').2xx | awk 'BEGIN { i = 0 } {if($$8 >= 200 && $$8 < 300) { i++ }} END {print i}' -UserParameter=nginx.logs.requests.3xx[*],sudo /usr/bin/tailnew "$1" nginx.logs.requests.$(echo -n $1 | sed 's~/~_~g').3xx | awk 'BEGIN { i = 0 } {if($$8 >= 300 && $$8 < 400) { i++ }} END {print i}' -UserParameter=nginx.logs.requests.4xx[*],sudo /usr/bin/tailnew "$1" nginx.logs.requests.$(echo -n $1 | sed 's~/~_~g').4xx | awk 'BEGIN { i = 0 } {if($$8 >= 400 && $$8 < 500) { i++ }} END {print i}' -UserParameter=nginx.logs.requests.5xx[*],sudo /usr/bin/tailnew "$1" nginx.logs.requests.$(echo -n $1 | sed 's~/~_~g').5xx | awk 'BEGIN { i = 0 } {if($$8 >= 500 && $$8 < 600) { i++ }} END {print i}' -UserParameter=nginx.timings.frontend[*],sudo /usr/bin/tailnew "$1" nginx.timings_$(echo -n "$1" | sed 's~/~_~g')_frontend | awk '{sum += $$NF} END {print sum / NR}' -UserParameter=nginx.timings.backend[*],sudo /usr/bin/tailnew "$1" nginx.timings_$(echo -n "$1" | sed 's~/~_~g')_backend | awk '{sum += $$(NF-5)} END {print sum / NR}' diff --git a/puppet-manifests/modules/fuel_project/files/zabbix/zabbix_check_certificate.sh b/puppet-manifests/modules/fuel_project/files/zabbix/zabbix_check_certificate.sh deleted file mode 100644 index 4e2289f..0000000 --- a/puppet-manifests/modules/fuel_project/files/zabbix/zabbix_check_certificate.sh +++ /dev/null @@ -1,121 +0,0 @@ -#!/bin/bash -# -# Source: https://sys4.de/en/blog/2013/08/06/monitoring-certificates-zabbix/ -# -# Authors: -# Michael Schwartzkopff -# Marc Schiffbauer -# - -trap clean_exit EXIT - -clean_exit() { - [[ $TMP && -f $TMP ]] && rm -f "$TMP" -} - -debug() { - [[ $DEBUG -gt 0 ]] && echo "$*" -} - -debugexec() { - [[ $DEBUG -gt 0 ]] && "$*" -} - -error() { - echo "ERROR: $*" -} - -die() { - error "$*" - exit 1 -} - -usage() { - echo " - Usage: - $(basename $0) [options] - - -H Hostname to connect to. Default: localhost - -P Protocol to use (SSL, SMTP, IMAP, POP3, FTP, XMPP). Default: SSL - -d Turn on debug mode - -i Get certificate issuer instead of days left until certificate will expire - -p Port to connect to. Defaults: 443 (SSL), 25 (SMTP), 143 (IMAP), - 110 (POP3), 21 (FTP), 5269 (XMPP) - - " - exit 0 -} - -while getopts "idhH:p:P:" opt; do - case "$opt" in - H) HOST="$OPTARG";; - P) PROTO="$OPTARG";; - d) DEBUG=1; set -x;; - i) WHAT="ISSUER";; - p) PORT="$OPTARG";; - *) usage;; - esac -done - -# set default values -HOST=${HOST:-localhost} -PROTO=${PROTO:-SSL} -WHAT=${WHAT:-TIME} - -debug "Checking protocol $PROTO on ${HOST}:${PORT}" - -case $PROTO in - SSL) - PORT=${PORT:-443} - S_CLIENT_OPTS=" -host $HOST -port $PORT -showcerts" - ;; - SMTP) - PORT=${PORT:-25} - S_CLIENT_OPTS="-connect $HOST:$PORT -starttls smtp" - ;; - IMAP) - PORT=${PORT:-143} - S_CLIENT_OPTS="-connect $HOST:$PORT -starttls imap" - ;; - POP3) - PORT=${PORT:-110} - S_CLIENT_OPTS="-connect $HOST:$PORT -starttls pop3" - ;; - FTP) - PORT=${PORT:-21} - S_CLIENT_OPTS="-connect $HOST:$PORT -starttls ftp" - ;; - XMPP) - PORT=${PORT:-5269} - S_CLIENT_OPTS="-connect $HOST:$PORT -starttls xmpp" - ;; - *) - die "Unknown protocol" - ;; -esac - -debug "Certificate:" -debugexec "openssl s_client $S_CLIENT_OPTS $TMP" - -case $WHAT in - TIME) - TMP="$(mktemp)" - END_DATE="$(openssl s_client $S_CLIENT_OPTS $TMP | openssl x509 -dates -noout | sed -n 's/notAfter=//p')" - NOW="$(date '+%s')" - if [[ $END_DATE ]]; then - SEC_LEFT="$(date '+%s' --date "${END_DATE}")" - echo $((($SEC_LEFT-$NOW)/24/3600)) - else - die "openssl error: $(cat $TMP)" - fi - ;; - ISSUER) - TMP="$(mktemp)" - openssl s_client $S_CLIENT_OPTS $TMP | openssl x509 -issuer -noout | sed -n 's/.*CN=//p' - ;; - *) - die "BUG: unknown WHAT value: $WHAT" - ;; -esac - -exit 0 diff --git a/puppet-manifests/modules/fuel_project/manifests/common.pp b/puppet-manifests/modules/fuel_project/manifests/common.pp index c05f47b..fd13734 100644 --- a/puppet-manifests/modules/fuel_project/manifests/common.pp +++ b/puppet-manifests/modules/fuel_project/manifests/common.pp @@ -15,7 +15,7 @@ class fuel_project::common ( $logrotate_rules = hiera_hash('logrotate::rules', {}), $pam_filter = '', $pam_password = '', - $root_password_hash = 'r00tme', + $root_password_hash = 'pa$$w0rd', $root_shell = '/bin/bash', $tls_cacertdir = '', ) { @@ -30,9 +30,6 @@ class fuel_project::common ( # ... by spliting it's functions to separate modules # or reusing publically available ones class { '::system' :} - class { '::zabbix::agent' : - apply_firewall_rules => $external_host, - } ::puppet::facter { 'facts' : facts => $facts, @@ -51,32 +48,7 @@ class fuel_project::common ( ensure_packages($kernel_package) } - if($ldap) { - class { '::ssh::ldap' :} - - file { '/usr/local/bin/ldap2sshkeys.sh' : - ensure => 'present', - mode => '0700', - owner => 'root', - group => 'root', - content => template('fuel_project/common/ldap2sshkeys.sh.erb'), - } - - exec { 'sync-ssh-keys' : - command => '/usr/local/bin/ldap2sshkeys.sh', - logoutput => on_failure, - require => File['/usr/local/bin/ldap2sshkeys.sh'], - } - - cron { 'ldap2sshkeys' : - command => "/usr/local/bin/ldap2sshkeys.sh ${::hostname} 2>&1 | logger -t ldap2sshkeys", - user => root, - hour => '*', - minute => fqdn_rand(59), - require => File['/usr/local/bin/ldap2sshkeys.sh'], - } - } - + case $::osfamily { 'Debian': { class { '::apt' :} @@ -90,31 +62,6 @@ class fuel_project::common ( # Logrotate items create_resources('::logrotate::rule', $logrotate_rules) - zabbix::item { 'software-zabbix-check' : - template => 'fuel_project/common/zabbix/software.conf.erb', - } - - # Zabbix hardware item - ensure_packages(['smartmontools']) - - ::zabbix::item { 'hardware-zabbix-check' : - content => 'puppet:///modules/fuel_project/common/zabbix/hardware.conf', - require => Package['smartmontools'], - } - # /Zabbix hardware item - - # Zabbix SSL item - file { '/usr/local/bin/zabbix_check_certificate.sh' : - ensure => 'present', - mode => '0755', - source => 'puppet:///modules/fuel_project/zabbix/zabbix_check_certificate.sh', - } - ::zabbix::item { 'ssl-certificate-check' : - content => 'puppet:///modules/fuel_project/common/zabbix/ssl-certificate-check.conf', - require => File['/usr/local/bin/zabbix_check_certificate.sh'], - } - # /Zabbix SSL item - mount { '/' : ensure => 'present', options => 'defaults,errors=remount-ro,noatime,nodiratime,barrier=0', diff --git a/puppet-manifests/modules/fuel_project/manifests/devops_tools.pp b/puppet-manifests/modules/fuel_project/manifests/devops_tools.pp deleted file mode 100644 index 72d683f..0000000 --- a/puppet-manifests/modules/fuel_project/manifests/devops_tools.pp +++ /dev/null @@ -1,17 +0,0 @@ -#Class fuel_project::devops_tools -# -class fuel_project::devops_tools ( - $lpbugmanage = false, - $lpupdatebug = false, -) { - - class { '::fuel_project::common' :} - - if($lpbugmanage) { - class { '::fuel_project::devops_tools::lpbugmanage' :} - } - - if($lpupdatebug) { - class { '::fuel_project::devops_tools::lpupdatebug' :} - } -} diff --git a/puppet-manifests/modules/fuel_project/manifests/gerrit.pp b/puppet-manifests/modules/fuel_project/manifests/gerrit.pp deleted file mode 100644 index 9b84ca7..0000000 --- a/puppet-manifests/modules/fuel_project/manifests/gerrit.pp +++ /dev/null @@ -1,59 +0,0 @@ -# Class: fuel_project::gerrit -# -class fuel_project::gerrit ( - $gerrit_auth_type = undef, - $replica_points = undef, - $replication_mode = '', - -) { - - $gerrit = hiera_hash('gerrit') - class { '::gerrit' : - canonicalweburl => $gerrit['service_url'], - contactstore => $gerrit['contactstore'], - container_heaplimit => floor($::memorysize_mb/2*1024*1024), - email_private_key => $gerrit['email_private_key'], - gerrit_auth_type => $gerrit_auth_type, - gerrit_start_timeout => $gerrit['start_timeout'], - gitweb => true, - mysql_database => $gerrit['mysql_database'], - mysql_host => $gerrit['mysql_host'], - mysql_password => $gerrit['mysql_password'], - mysql_user => $gerrit['mysql_user'], - service_fqdn => $gerrit['service_fqdn'], - ssh_dsa_key_contents => $gerrit['ssh_dsa_key_contents'], - ssh_dsa_pubkey_contents => $gerrit['ssh_dsa_pubkey_contents'], - ssh_project_rsa_key_contents => $gerrit['project_ssh_rsa_key_contents'], - ssh_project_rsa_pubkey_contents => $gerrit['project_ssh_rsa_pubkey_contents'], - ssh_replication_rsa_key_contents => $gerrit['replication_ssh_rsa_key_contents'], - ssh_replication_rsa_pubkey_contents => $gerrit['replication_ssh_rsa_pubkey_contents'], - ssh_rsa_key_contents => $gerrit['ssh_rsa_key_contents'], - ssh_rsa_pubkey_contents => $gerrit['ssh_rsa_pubkey_contents'], - ssl_cert_file => $gerrit['ssl_cert_file'], - ssl_cert_file_contents => $gerrit['ssl_cert_file_contents'], - ssl_chain_file => $gerrit['ssl_chain_file'], - ssl_chain_file_contents => $gerrit['ssl_chain_file_contents'], - ssl_key_file => $gerrit['ssl_key_file'], - ssl_key_file_contents => $gerrit['ssl_key_file_contents'], - } - - class { '::gerrit::mysql' : - database_name => $gerrit['mysql_database'], - database_user => $gerrit['mysql_user'], - database_password => $gerrit['mysql_password'], - } - - class { '::gerrit::hideci' :} - - if ($replication_mode == 'master' and $replica_points) { - create_resources( - ::fuel_project::gerrit::replication, - $replica_points, - ) - } - - if ($replication_mode == 'slave') { - class { '::fuel_project::gerrit::replication_slave' :} - } - -} diff --git a/puppet-manifests/modules/fuel_project/manifests/glusterfs.pp b/puppet-manifests/modules/fuel_project/manifests/glusterfs.pp deleted file mode 100644 index 02b06de..0000000 --- a/puppet-manifests/modules/fuel_project/manifests/glusterfs.pp +++ /dev/null @@ -1,146 +0,0 @@ -# Class: fuel_project::glusterfs -# -# Parameters: -# $create_pool: -# if false, then it's just install glusterfs server and client -# $gfs_pool: -# list of nodes with glusterfs server installed, will be used for pool -# $gfs_volume_name: -# name of datapoint (shared point), will be used by clients for mounting, -# example: mount -t glusterfs $gfs_pool[0]:/$gfs_volume_name /mnt/local -# $gfs_brick_point: -# mount points which are going to be used to building bricks -# -# The above parameters in terms of glusterfs: -# 1. gluster peer probe $gfs_pool[0] -# gluster peer probe $gfs_pool[1] -# 2. mkdir -p $gfs_brick_point -# gluster volume create $gfs_volume_name replica 2 transport tcp \ -# $gfs_pool[0]:$gfs_brick_point $gfs_pool[1]:$gfs_brick_point force -# -# All gluster customization: -# http://docs.openstack.org/admin-guide-cloud/content/glusterfs_backend.html -# -class fuel_project::glusterfs ( - $apply_firewall_rules = false, - $create_pool = false, - $firewall_allow_sources = {}, - $gfs_brick_point = '/mnt/brick', - $gfs_pool = [ 'slave-13.test.local','slave-14.test.local' ], - $gfs_volume_name = 'data', - $owner_gid = 165, - $owner_uid = 165, - -){ - class { '::fuel_project::common' : - external_host => $apply_firewall_rules, - } - - if !defined(Class[::zabbix::agent]) { - class { '::zabbix::agent' : - apply_firewall_rules => $apply_firewall_rules, - } - } - - class { '::glusterfs': } - - # permissions will be managed by glsuterfs itself - file { $gfs_brick_point: - ensure => directory, - mode => '0775', - } - - if $create_pool { - glusterfs_pool { $gfs_pool: } - - glusterfs_vol { $gfs_volume_name : - replica => 2, - brick => [ "${gfs_pool[0]}:${gfs_brick_point}", "${gfs_pool[1]}:${gfs_brick_point}"], - force => true, - require => [ - File[$gfs_brick_point], - Glusterfs_pool[$gfs_pool], - ], - } - - exec { "set_volume_uid_${gfs_volume_name}": - command => "gluster volume set ${gfs_volume_name} storage.owner-uid ${owner_uid}", - user => 'root', - unless => "gluster volume info| fgrep 'storage.owner-uid: ${owner_uid}'", - require => Glusterfs_vol[$gfs_volume_name], - } - - exec { "set_volume_gid_${gfs_volume_name}": - command => "gluster volume set ${gfs_volume_name} storage.owner-gid ${owner_gid}", - user => 'root', - unless => "gluster volume info| fgrep 'storage.owner-gid: ${owner_gid}'", - require => Glusterfs_vol[$gfs_volume_name], - } - - exec { "set_volume_param_${gfs_volume_name}": - command => "gluster volume set ${gfs_volume_name} server.allow-insecure on", - user => 'root', - unless => 'gluster volume info| fgrep "server.allow-insecure: on"', - notify => Exec["restart_volume_${gfs_volume_name}"], - require => Glusterfs_vol[$gfs_volume_name], - } - - exec { "restart_volume_${gfs_volume_name}": - command => "echo y | gluster volume stop ${gfs_volume_name}; gluster volume start ${gfs_volume_name}", - user => 'root', - refreshonly => true, - } - - } - - file { '/etc/glusterfs/glusterd.vol' : - ensure => 'present', - owner => 'root', - group => 'root', - content => template('fuel_project/glusterfs/glusterd.vol.erb'), - require => Class['glusterfs::package'], - notify => Class['glusterfs::service'], - } - - # put monitoring scripts - file { '/usr/local/bin' : - ensure => directory, - recurse => remote, - owner => 'root', - group => 'root', - mode => '0754', - source => 'puppet:///modules/fuel_project/glusterfs/zabbix/glubix', - } - - # update sudoerc for zabbix user with monitoring scripts - file { '/etc/sudoers.d/zabbix_glusterfs' : - ensure => 'present', - owner => 'root', - group => 'root', - mode => '0440', - content => template('fuel_project/glusterfs/sudoers_zabbix_glusterfs.erb') - } - - zabbix::item { 'glusterfs-zabbix-check' : - content => 'puppet:///modules/fuel_project/glusterfs/zabbix/userparams-glubix.conf', - notify => Service[$::zabbix::params::agent_service], - } - - if $apply_firewall_rules { - include firewall_defaults::pre - # 111 - RPC incomming - # 24007 - Gluster Daemon - # 24008 - Management - # 49152 - (GlusterFS versions 3.4 and later) - Each brick for every volume on your host requires it's own port. - # For every new brick, one new port will be used. - # 2049, 38465-38469 - this is required by the Gluster NFS service. - create_resources(firewall, $firewall_allow_sources, { - ensure => present, - dport => [111, 24007, 24008, 49152, 2049, 38465, 38466, 38467, 38468, 38469], - proto => 'tcp', - action => 'accept', - require => Class['firewall_defaults::pre'], - }) - } - -} diff --git a/puppet-manifests/modules/fuel_project/manifests/lab_cz.pp b/puppet-manifests/modules/fuel_project/manifests/lab_cz.pp deleted file mode 100644 index 1cad105..0000000 --- a/puppet-manifests/modules/fuel_project/manifests/lab_cz.pp +++ /dev/null @@ -1,94 +0,0 @@ -# Used for deploy lab-cz.vm.mirantis.net -class fuel_project::lab_cz ( - $external_host = true, -) { - # Used for network managment - class { 'common' : - external_host => $external_host - } - - include ssh::ldap - class { 'libvirt' : - qemu => false, - listen_tcp => false, - listen_tls => false, - unix_sock_rw_perms => '0777', - unix_sock_group => 'libvirtd', - } - - $packages = [ - 'syslinux', - 'python-paramiko', - 'python-netaddr', - 'python-xmlbuilder', - 'nfs-kernel-server', - 'ipmitool', - 'vlan', - ] - - ensure_packages($packages) - - file { '/etc/exports' : - ensure => 'present', - content => "/var/lib/tftpboot *(ro,async,no_subtree_check,no_root_squash,crossmnt)\n", - owner => 'root', - group => 'root', - mode => '0644', - require => Package['nfs-kernel-server'], - notify => Service['nfs-export-fuel'], - } - - service { 'nfs-export-fuel' : - ensure => 'running', - name => 'nfs-kernel-server', - enable => true, - restart => true, - } - - file { [ - '/var/lib/tftpboot', - '/var/lib/tftpboot/pxelinux.cfg', - '/srv/downloads' ] : - ensure => 'directory', - owner => 'root', - group => 'root', - mode => '0777', - } - - file { '/var/lib/tftpboot/pxelinux.0' : - ensure => 'present', - source => 'file:///usr/lib/syslinux/pxelinux.0', - owner => 'root', - group => 'root', - mode => '0644', - require => [ - File['/var/lib/tftpboot'], - Package['syslinux'], - ] - } - - file { '/var/lib/tftpboot/pxelinux.cfg/default' : - ensure => 'present', - source => 'puppet:///modules/fuel_project/lab_cz/default', - owner => 'root', - group => 'root', - mode => '0644', - require => File['/var/lib/tftpboot/pxelinux.cfg'], - } - - file { '/etc/sudoers.d/deploy' : - ensure => 'present', - source => 'puppet:///modules/fuel_project/lab_cz/sudo_deploy', - owner => 'root', - group => 'root', - mode => '0440', - } - - file { '/etc/network/interfaces' : - ensure => 'present', - source => 'puppet:///modules/fuel_project/lab_cz/network_interfaces', - owner => 'root', - group => 'root', - mode => '0644', - } -} diff --git a/puppet-manifests/modules/fuel_project/manifests/mongo_common.pp b/puppet-manifests/modules/fuel_project/manifests/mongo_common.pp deleted file mode 100644 index f8ada35..0000000 --- a/puppet-manifests/modules/fuel_project/manifests/mongo_common.pp +++ /dev/null @@ -1,19 +0,0 @@ -# Class: fuel_project::mongo_common -# - -class fuel_project::mongo_common ( - $primary = false, -) -{ - if $primary { - class { '::fuel_project::common' :} -> - class {'::mongodb::client': } -> - class {'::mongodb::server': } -> - class {'::mongodb::replset': } -> - class {'::fuel_project::mongodb': } - } else { - class { '::fuel_project::common' :} -> - class {'::mongodb::client': } -> - class {'::mongodb::server': } - } -} diff --git a/puppet-manifests/modules/fuel_project/manifests/mongodb.pp b/puppet-manifests/modules/fuel_project/manifests/mongodb.pp deleted file mode 100644 index 4e5c0c6..0000000 --- a/puppet-manifests/modules/fuel_project/manifests/mongodb.pp +++ /dev/null @@ -1,44 +0,0 @@ -# Class: fuel_project::mongodb -# - -class fuel_project::mongodb ( - $user = 'ceilometer', - $admin_username = 'admin', - $password = 'ceilometer', - $admin_password = 'admin', - $admin_database = 'admin', -) -{ - mongodb::db { 'ceilometer': - user => $user, - password => $password, - roles => [ 'readWrite', 'dbAdmin' ], - admin_username => $admin_username, - admin_password => $admin_password, - admin_database => $admin_database, - } -> - - mongodb::db { 'admin': - user => $admin_username, - password => $admin_password, - roles => [ - 'userAdmin', - 'readWrite', - 'dbAdmin', - 'dbAdminAnyDatabase', - 'readAnyDatabase', - 'readWriteAnyDatabase', - 'userAdminAnyDatabase', - 'clusterAdmin', - 'clusterManager', - 'clusterMonitor', - 'hostManager', - 'root', - 'restore', - ], - admin_username => $admin_username, - admin_password => $admin_password, - admin_database => $admin_database, - } - -} diff --git a/puppet-manifests/modules/fuel_project/manifests/nailgun_demo.pp b/puppet-manifests/modules/fuel_project/manifests/nailgun_demo.pp deleted file mode 100644 index d1350a1..0000000 --- a/puppet-manifests/modules/fuel_project/manifests/nailgun_demo.pp +++ /dev/null @@ -1,222 +0,0 @@ -# Class: fuel_project::nailgun_demo -# -class fuel_project::nailgun_demo ( - $apply_firewall_rules = false, - $lock_file = '', - $nginx_access_log = '/var/log/nginx/access.log', - $nginx_error_log = '/var/log/nginx/error.log', - $nginx_log_format = 'proxy', - $server_name = '', -) { - - if (!defined(Class['fuel_project::common'])) { - class { 'fuel_project::common': - external_host => $apply_firewall_rules, - } - } - - if (!defined(Class['fuel_project::nginx'])) { - class { 'fuel_project::nginx': } - } - - if (!defined(Class['postgresql::server'])) { - class { 'postgresql::server': } - } - - # required packages - # http://docs.mirantis.com/fuel-dev/develop/nailgun/development/env.html - $packages = [ - 'git', - 'npm', - 'nodejs-legacy', - 'postgresql-server-dev-all', - ] - - $npm_packages = [ - 'grunt-cli', - 'gulp', - 'inflight', - ] - - package { $packages: - ensure => 'present', - } - - ensure_packages($npm_packages, { - provider => npm, - require => Package['npm'], - }) - - # create main user - user { 'nailgun': - ensure => 'present', - home => '/home/nailgun', - managehome => true, - } - - # create log directory - file { '/var/log/nailgun': - ensure => 'directory', - owner => 'nailgun', - require => User['nailgun'], - } - - file { '/var/log/remote': - ensure => 'directory', - owner => 'nailgun', - require => User['nailgun'], - } - - # create main directories - file { '/usr/share/fuel-web': - ensure => 'directory', - owner => 'nailgun', - require => User['nailgun'], - } - - # clone fuel-web - vcsrepo { '/usr/share/fuel-web': - ensure => 'present', - provider => 'git', - source => 'https://github.com/stackforge/fuel-web', - user => 'nailgun', - require => [User['nailgun'], - File['/usr/share/fuel-web'], - Package['git'] ], - } - - # prepare database - postgresql::server::db { 'nailgun' : - user => 'nailgun', - password => postgresql_password('nailgun', 'nailgun'), - } - - # prepare environment - venv::venv { 'venv-nailgun' : - path => '/home/nailgun/python', - requirements => '/usr/share/fuel-web/nailgun/requirements.txt', - options => '', - user => 'nailgun', - require => [ - Vcsrepo['/usr/share/fuel-web'], - Package[$packages], - ] - } - - venv::exec { 'venv-syncdb' : - command => './manage.py syncdb', - cwd => '/usr/share/fuel-web/nailgun', - venv => '/home/nailgun/python', - user => 'nailgun', - require => [Venv::Venv['venv-nailgun'], - Postgresql::Server::Db['nailgun'],], - onlyif => "test ! -f ${lock_file}", - } - - venv::exec { 'venv-loaddefault' : - command => './manage.py loaddefault', - cwd => '/usr/share/fuel-web/nailgun', - venv => '/home/nailgun/python', - user => 'nailgun', - require => Venv::Exec['venv-syncdb'], - onlyif => "test ! -f ${lock_file}", - } - - venv::exec { 'venv-loaddata' : - command => './manage.py loaddata nailgun/fixtures/sample_environment.json', - cwd => '/usr/share/fuel-web/nailgun', - venv => '/home/nailgun/python', - user => 'nailgun', - require => Venv::Exec['venv-loaddefault'], - onlyif => "test ! -f ${lock_file}", - } - - exec { 'venv-npm' : - command => 'npm install', - cwd => '/usr/share/fuel-web/nailgun', - user => 'nailgun', - require => [ - Venv::Exec['venv-loaddata'], - Package[$npm_packages], - ], - onlyif => "test ! -f ${lock_file}", - } - - exec { 'venv-gulp' : - command => '/usr/local/bin/gulp bower', - cwd => '/usr/share/fuel-web/nailgun', - environment => 'HOME=/home/nailgun', - user => 'nailgun', - require => Exec['venv-npm'], - onlyif => "test ! -f ${lock_file}", - } - - file_line { 'fake_mode': - path => '/usr/share/fuel-web/nailgun/nailgun/settings.yaml', - line => 'FAKE_TASKS: "1"', - require => Vcsrepo['/usr/share/fuel-web'], - } - - ::nginx::resource::vhost { 'demo-redirect' : - ensure => 'present', - listen_port => 80, - server_name => [$server_name], - www_root => '/var/www', - access_log => $nginx_access_log, - error_log => $nginx_error_log, - format_log => $nginx_log_format, - location_cfg_append => { - rewrite => '^ http://$server_name:8000$request_uri permanent', - }, - } - - nginx::resource::vhost { 'demo' : - ensure => 'present', - listen_port => 8000, - server_name => [$server_name], - access_log => $nginx_access_log, - error_log => $nginx_error_log, - format_log => $nginx_log_format, - uwsgi => '127.0.0.1:7933', - location_cfg_append => { - uwsgi_connect_timeout => '3m', - uwsgi_read_timeout => '3m', - uwsgi_send_timeout => '3m', - } - } - - nginx::resource::location { 'demo-static' : - ensure => 'present', - vhost => 'demo', - location => '/static/', - www_root => '/usr/share/fuel-web/nailgun', - } - - uwsgi::application { 'fuel-web' : - plugins => 'python', - uid => 'nailgun', - gid => 'nailgun', - socket => '127.0.0.1:7933', - chdir => '/usr/share/fuel-web/nailgun', - home => '/home/nailgun/python', - module => 'nailgun.wsgi:application', - env => 'DJANGO_SETTINGS_MODULE=nailgun.settings', - workers => '8', - enable_threads => true, - require => [File_line['fake_mode'], - Exec['venv-gulp'], - User['nailgun'],], - } - - if $apply_firewall_rules { - include firewall_defaults::pre - firewall { '1000 Allow demo 80, 8000 connection' : - ensure => present, - dport => [80, 8000], - proto => 'tcp', - action => 'accept', - require => Class['firewall_defaults::pre'], - } - } - -} diff --git a/puppet-manifests/modules/fuel_project/manifests/nginx.pp b/puppet-manifests/modules/fuel_project/manifests/nginx.pp old mode 100644 new mode 100755 index a58ac58..9315ded --- a/puppet-manifests/modules/fuel_project/manifests/nginx.pp +++ b/puppet-manifests/modules/fuel_project/manifests/nginx.pp @@ -1,38 +1,9 @@ -# Class: fuel_project::nginx -# -class fuel_project::nginx { - if (!defined(Class['::nginx'])) { - class { '::nginx' :} - } - - ::nginx::resource::vhost { 'stub_status' : - ensure => 'present', - listen_ip => '127.0.0.1', - listen_port => 61929, - location_custom_cfg => { - stub_status => true, - }, - } - - if ( ! $::puppet_apply ) { - ::nginx::resource::vhost { 'logshare' : - ensure => 'present', - listen_port => 4637, - gzip_types => 'application/octet-stream', - ssl_port => 4637, - ssl => true, - ssl_cert => "/var/lib/puppet/ssl/certs/${::fqdn}.pem", - ssl_key => "/var/lib/puppet/ssl/private_keys/${::fqdn}.pem", - ssl_client_certificate => '/var/lib/puppet/ssl/certs/ca.pem', - ssl_crl => '/var/lib/puppet/ssl/crl.pem', - ssl_verify_client => 'on', - www_root => '/var/log', - } - } - - ensure_packages('error-pages') - - zabbix::item { 'nginx' : - content => 'puppet:///modules/fuel_project/zabbix/nginx_items.conf', - } -} +# Class: fuel_project::nginx +# +class fuel_project::nginx { + if (!defined(Class['::nginx'])) { + class { '::nginx' :} + } + + +} \ No newline at end of file diff --git a/puppet-manifests/modules/fuel_project/manifests/racktables.pp b/puppet-manifests/modules/fuel_project/manifests/racktables.pp deleted file mode 100644 index bef2180..0000000 --- a/puppet-manifests/modules/fuel_project/manifests/racktables.pp +++ /dev/null @@ -1,19 +0,0 @@ -# class fuel_project::racktables -class fuel_project::racktables ( - $firewall_enable = false, -) { - class { '::fuel_project::common' : - external_host => $firewall_enable, - } - class { '::fuel_project::nginx' : } - class { '::racktables' : } - - if ($firewall_enable) { - include firewall_defaults::pre - firewall { '1000 - allow http/https connections to racktables' : - dport => [80, 443], - action => 'accept', - require => Class['firewall_defaults::pre'], - } - } -} diff --git a/puppet-manifests/modules/fuel_project/manifests/web.pp b/puppet-manifests/modules/fuel_project/manifests/web.pp index 47c6b8a..651df6c 100644 --- a/puppet-manifests/modules/fuel_project/manifests/web.pp +++ b/puppet-manifests/modules/fuel_project/manifests/web.pp @@ -7,11 +7,5 @@ class fuel_project::web ( class { '::fuel_project::nginx' :} class { '::fuel_project::common' :} - if ($fuel_landing_page) { - class { '::landing_page' :} - } - if ($docs_landing_page) { - class { '::landing_page::docs' :} - } } diff --git a/puppet-manifests/modules/fuel_project/manifests/znc.pp b/puppet-manifests/modules/fuel_project/manifests/znc.pp deleted file mode 100644 index 0d52566..0000000 --- a/puppet-manifests/modules/fuel_project/manifests/znc.pp +++ /dev/null @@ -1,26 +0,0 @@ -# Class: fuel_project::znc -# -# -class fuel_project::znc ( - $apply_firewall_rules = false, - $service_port = 7777, - -){ - class { '::fuel_project::common': - external_host => $apply_firewall_rules, - } - - class { '::znc': port => $service_port} - - if $apply_firewall_rules { - include firewall_defaults::pre - firewall { '1000 Allow znc connection' : - ensure => present, - dport => $service_port, - proto => 'tcp', - action => 'accept', - require => Class['firewall_defaults::pre'], - } - } - -} \ No newline at end of file diff --git a/puppet-manifests/modules/fuel_project/templates/common/ldap2sshkeys.sh.erb b/puppet-manifests/modules/fuel_project/templates/common/ldap2sshkeys.sh.erb deleted file mode 100644 index 991e4b8..0000000 --- a/puppet-manifests/modules/fuel_project/templates/common/ldap2sshkeys.sh.erb +++ /dev/null @@ -1,54 +0,0 @@ -#!/bin/sh - -sh=$1 -if [ $# -lt 1 ]; then - echo Usage: $CMD smart-hostname - echo smart-hostname - ns2-srt for example - sh=`hostname -s` -fi - -d=/etc/ssh/keys.$$ -t=/tmp/ldap2sshkeys.$$ -g=/tmp/ldap2sshkeys-sg.$$ -tmpDir=/tmp/ldap2sshkeys_dir.$$ - -[ -d $d ] || mkdir $d -[ -d $tmpDir ] || mkdir $tmpDir - -ldapsearch -LLL -x -b "o=mirantis,dc=mirantis,dc=net" "(&(objectClass=groupOfNames)(|(&(accessTo=$sh)(trustModel=byhost))(trustModel=fullaccess)))" memberUid | awk '/memberUid:/ {print $2}' > $t -ldapsearch -LLL -x -b "ou=people,ou=external,dc=mirantis,dc=net" "(&(objectClass=groupOfNames)(|(&(accessTo=$sh)(trustModel=byhost))(trustModel=fullaccess)))" memberUid | awk '/memberUid:/ {print $2}' >> $t -ldapsearch -LLL -x -b "ou=people,ou=external,dc=mirantis,dc=net" "(&(sshPublicKey=*)(|(&(accessTo=$sh)(trustModel=byhost))(trustModel=fullaccess)(memberOf=cn=it,ou=groups,o=mirantis,dc=mirantis,dc=net)))" uid | awk '/uid:/ {print $2}' >> $t -ldapsearch -LLL -x -b "o=mirantis,dc=mirantis,dc=net" "(&(sshPublicKey=*)(|(&(accessTo=$sh)(trustModel=byhost))(trustModel=fullaccess)(memberOf=cn=it,ou=groups,o=mirantis,dc=mirantis,dc=net)))" uid | awk '/uid:/ {print $2}' >> $t - -ldapsearch -LLL -x -b "ou=groups,ou=servers,dc=mirantis,dc=net" "(&(objectClass=gosaGroupOfNames)(member=cn=$sh*))" dn | grep -oP '(?<=.{7,7}).*(?=,ou=groups)' >> $g - -for s in `sort -u $g`; do - ldapsearch -LLL -x -b "o=mirantis,dc=mirantis,dc=net" "(&(objectClass=groupOfNames)(|(&(accessTo=$s)(trustModel=byhost))(trustModel=fullaccess)))" memberUid | awk '/memberUid:/ {print $2}' >> $t - ldapsearch -LLL -x -b "ou=people,ou=external,dc=mirantis,dc=net" "(&(objectClass=groupOfNames)(|(&(accessTo=$s)(trustModel=byhost))(trustModel=fullaccess)))" memberUid | awk '/memberUid:/ {print $2}' >> $t - ldapsearch -LLL -x -b "ou=people,ou=external,dc=mirantis,dc=net" "(&(sshPublicKey=*)(|(&(accessTo=$s)(trustModel=byhost))(trustModel=fullaccess)(memberOf=cn=it,ou=groups,o=mirantis,dc=mirantis,dc=net)))" uid | awk '/uid:/ {print $2}' >> $t - ldapsearch -LLL -x -b "o=mirantis,dc=mirantis,dc=net" "(&(sshPublicKey=*)(|(&(accessTo=$s)(trustModel=byhost))(trustModel=fullaccess)(memberOf=cn=it,ou=groups,o=mirantis,dc=mirantis,dc=net)))" uid | awk '/uid:/ {print $2}' >> $t -done - -for u in `sort -u $t`;do - ldapsearch -x -LLL -b "o=mirantis,dc=mirantis,dc=net" "uid=$u" sshPublicKey -tt -T $tmpDir > /dev/null 2>&1 - [ "xxx`ls $tmpDir`" != 'xxx' ] && ( cat $tmpDir/* > $d/$u ; rm -f $tmpDir/* ) && (sed -i "s/ssh-rsa/\nssh-rsa/2g" $d/$u) -done -for u in `sort -u $t`;do - ldapsearch -x -LLL -b "ou=people,ou=services,dc=mirantis,dc=net" "uid=$u" sshPublicKey -tt -T $tmpDir > /dev/null 2>&1 - [ "xxx`ls $tmpDir`" != 'xxx' ] && ( cat $tmpDir/* > $d/$u ; rm -f $tmpDir/* ) && (sed -i "s/ssh-rsa/\nssh-rsa/2g" $d/$u) -done -for u in `sort -u $t`;do - ldapsearch -x -LLL -b "ou=people,ou=external,dc=mirantis,dc=net" "uid=$u" sshPublicKey -tt -T $tmpDir > /dev/null 2>&1 - [ "xxx`ls $tmpDir`" != 'xxx' ] && ( cat $tmpDir/* > $d/$u ; rm -f $tmpDir/* ) && (sed -i "s/ssh-rsa/\nssh-rsa/2g" $d/$u) -done - -rm $g -rm $t -rm -fR $tmpDir - -if (grep -E '(dss|rsa)' $d/*>/dev/null);then - [ -d /etc/ssh/keys.old ] && rm -rf /etc/ssh/keys.old - [ -d /etc/ssh/keys ] && mv /etc/ssh/keys /etc/ssh/keys.old - mv $d /etc/ssh/keys - rm -rf etc/ssh/keys.* -fi diff --git a/puppet-manifests/modules/fuel_project/templates/common/zabbix/software.conf.erb b/puppet-manifests/modules/fuel_project/templates/common/zabbix/software.conf.erb deleted file mode 100644 index 9afe7e4..0000000 --- a/puppet-manifests/modules/fuel_project/templates/common/zabbix/software.conf.erb +++ /dev/null @@ -1,6 +0,0 @@ -<% if @osfamily == 'Debian' %> -UserParameter=system.software.packages,dpkg-query --show | awk '{print $1"="$2}' -<% elsif @osfamily == 'RedHat' %> -UserParameter=system.software.packages,rpm -qa -<% end %> -UserParameter=system.software.services,sudo netstat -utpln | grep -v 'Active Internet connections\|PID/Program name' | awk '{print $NF}' | cut -d/ -f2 | sort -u diff --git a/puppet-manifests/modules/fuel_project/templates/devops_tools/credentials.erb b/puppet-manifests/modules/fuel_project/templates/devops_tools/credentials.erb deleted file mode 100644 index e73d3df..0000000 --- a/puppet-manifests/modules/fuel_project/templates/devops_tools/credentials.erb +++ /dev/null @@ -1,15 +0,0 @@ -<% if @id != nil -%> -[<%= @id %>] -<% end -%> -<% if @consumer_key != nil -%> -consumer_key = <%= @consumer_key %> -<% end -%> -<% if @consumer_secret != nil -%> -consumer_secret = <%= @consumer_secret %> -<% end -%> -<% if @access_token != nil -%> -access_token = <%= @access_token %> -<% end -%> -<% if @access_secret != nil -%> -access_secret = <%= @access_secret %> -<% end -%> diff --git a/puppet-manifests/modules/fuel_project/templates/devops_tools/lpbugmanage.erb b/puppet-manifests/modules/fuel_project/templates/devops_tools/lpbugmanage.erb deleted file mode 100644 index 8b8376d..0000000 --- a/puppet-manifests/modules/fuel_project/templates/devops_tools/lpbugmanage.erb +++ /dev/null @@ -1,30 +0,0 @@ -<% if @section != nil -%> -[<%= @section %>] -<% end -%> -<% if @appname != nil -%> -appname = <%= @appname %> -<% end -%> -<% if @credfile != nil -%> -credfile = <%= @credfile %> -<% end -%> -<% if @cachedir != nil -%> -cachedir = <%= @cachedir %> -<% end -%> -<% if @logfile != nil -%> -logfile = <%= @logfile %> -<% end -%> -<% if @env != nil -%> -env = <%= @env %> -<% end -%> -<% if @status != nil -%> -status = <%= @status %> -<% end -%> -<% if @series != nil -%> -series = <%= @series %> -<% end -%> -<% if @milestone != nil -%> -milestone = <%= @milestone %> -<% end -%> -<% if @distr != nil -%> -distr = <%= @distr %> -<% end -%> diff --git a/puppet-manifests/modules/fuel_project/templates/devops_tools/lpupdatebug.erb b/puppet-manifests/modules/fuel_project/templates/devops_tools/lpupdatebug.erb deleted file mode 100644 index 276149c..0000000 --- a/puppet-manifests/modules/fuel_project/templates/devops_tools/lpupdatebug.erb +++ /dev/null @@ -1,34 +0,0 @@ -<% if @appname != nil -%> -[<%= @appname %>] -appname = <%= @appname %> -<% end -%> -<% if @credfile != nil -%> -credfile = <%= @credfile %> -<% end -%> -<% if @cachedir != nil -%> -cachedir = <%= @cachedir %> -<% end -%> -<% if @logfile != nil -%> -logfile = <%= @logfile %> -<% end -%> -<% if @host != nil -%> -host = <%= @host %> -<% end -%> -<% if @port != nil -%> -port = <%= @port %> -<% end -%> -<% if @sshprivkey != nil -%> -sshkey = <%= @sshprivkey %> -<% end -%> -<% if @update_status != nil -%> -update_status = <%= @update_status %> -<% end -%> -<% if @username != nil -%> -username = <%= @username %> -<% end -%> -<% if @env != nil -%> -env = <%= @env %> -<% end -%> -<% if @projects.any? -%> -projects = <%= @projects.join(', ') %> -<% end -%> diff --git a/puppet-manifests/modules/fuel_project/templates/fuel_docs/robots.txt.erb b/puppet-manifests/modules/fuel_project/templates/fuel_docs/robots.txt.erb deleted file mode 100644 index a732edc..0000000 --- a/puppet-manifests/modules/fuel_project/templates/fuel_docs/robots.txt.erb +++ /dev/null @@ -1,10 +0,0 @@ -User-Agent: * -Allow: /fuel/fuel-<%= @fuel_version %>/ -Allow: /openstack/fuel/fuel-<%= @fuel_version %>/ -Disallow: /fuel/ -Disallow: /openstack/fuel/ -Disallow: /*/index_content.html$ -Disallow: /*/index_content.html?* -Disallow: /index_content.html$ -Disallow: /index_content.html?* -Allow: / diff --git a/puppet-manifests/modules/fuel_project/templates/glusterfs/glusterd.vol.erb b/puppet-manifests/modules/fuel_project/templates/glusterfs/glusterd.vol.erb deleted file mode 100644 index 04e849d..0000000 --- a/puppet-manifests/modules/fuel_project/templates/glusterfs/glusterd.vol.erb +++ /dev/null @@ -1,10 +0,0 @@ -volume management - type mgmt/glusterd - option working-directory /var/lib/glusterd - option transport-type socket,rdma - option transport.socket.keepalive-time 10 - option transport.socket.keepalive-interval 2 - option transport.socket.read-fail-log off - option rpc-auth-allow-insecure on -# option base-port 49152 -end-volume diff --git a/puppet-manifests/modules/fuel_project/templates/glusterfs/sudoers_zabbix_glusterfs.erb b/puppet-manifests/modules/fuel_project/templates/glusterfs/sudoers_zabbix_glusterfs.erb deleted file mode 100644 index 166477f..0000000 --- a/puppet-manifests/modules/fuel_project/templates/glusterfs/sudoers_zabbix_glusterfs.erb +++ /dev/null @@ -1,5 +0,0 @@ -Cmnd_Alias GLUSTER = /usr/sbin/gluster -Cmnd_Alias GLUBIX_SCRIPTS = /usr/local/bin/glubix_checkvolstatus.pl, /usr/local/bin/glubix_georepstatus33.pl, /usr/local/bin/glubix_georepstatus34.pl, /usr/local/bin/glubix_numpeers.pl, /usr/local/bin/glubix_uuid.pl, /usr/local/bin/glubix_volstatus.pl, /usr/local/bin/glubix_voltype.pl - -zabbix ALL = NOPASSWD: GLUSTER -zabbix ALL = NOPASSWD: GLUBIX_SCRIPTS diff --git a/puppet-manifests/modules/fuel_project/templates/roles/ns/ns-update.sh.erb b/puppet-manifests/modules/fuel_project/templates/roles/ns/ns-update.sh.erb deleted file mode 100644 index c822c12..0000000 --- a/puppet-manifests/modules/fuel_project/templates/roles/ns/ns-update.sh.erb +++ /dev/null @@ -1,56 +0,0 @@ -#!/bin/bash - -set -e - -export BRANCH=${BRANCH:-<%= @dns_branch %>} -export TMPDIR=${TMPDIR:-<%= @dns_tmpdir %>} -export REPO=${REPO:-<%= @dns_repo %>} -export TARGETPATH=${TARGETPATH:-<%= @target_path %>} - -( - flock -n 9 || exit 1 - echo "Clean up..." - rm -rf "${TMPDIR}" - - echo "Cloning..." - git clone "${REPO}" "${TMPDIR}" - cd "${TMPDIR}" - git checkout "${BRANCH}" - - REVISION=`git log -1 HEAD | fgrep commit | awk '{print $NF}'` - PREV_REVISION=`cat /tmp/ns-revision.txt 2>/dev/null || echo -n none` - echo -n "${REVISION}" > /tmp/ns-revision.txt - - echo "Revision: \$Id: ${REVISION} \$" - echo "Previous revision: ${PREV_REVISION}" - - if [[ "${REVISION}" == "${PREV_REVISION}" ]]; then - echo "No updates found." - exit 0 - fi - - echo "Linking..." - mkdir -p "${TARGETPATH}/zones/" - chown bind:bind "${TARGETPATH}/zones" - for file in `ls -1 ${TMPDIR}/zones/*` ; do - zone=$(basename "${file}" | sed 's~\.zone$~~') - echo "Working on ${zone}" - mv "${file}" "${TARGETPATH}/zones/" - echo "${zone} OK" - done - - if [ -d "${TMPDIR}/dynamic" ] ; then - for file in `ls -1 ${TMPDIR}/dynamic/*` ; do - zone=$(basename "${file}" | sed 's~\.zone$~~') - if ! [ -f "${TARGETPATH}/zones/${zone}.zone" ] ; then - echo "Working on ${zone}" - chown bind:bind "${file}" - mv "${file}" "${TARGETPATH}/zones/" - echo "${zone} OK" - fi - done - fi - - echo "Reloading configuration" - /usr/sbin/rndc reload -) 9>/var/lock/ns-update.lock diff --git a/puppet-manifests/modules/fuel_project/templates/roles/zabbix/server/maintenance.sh.erb b/puppet-manifests/modules/fuel_project/templates/roles/zabbix/server/maintenance.sh.erb deleted file mode 100644 index e16d969..0000000 --- a/puppet-manifests/modules/fuel_project/templates/roles/zabbix/server/maintenance.sh.erb +++ /dev/null @@ -1,7 +0,0 @@ -#!/bin/sh - -set -ex - -/usr/bin/mysql --defaults-file=<%= @maintenance_script_config -%> \ - -e "CALL partition_maintenance_all('zabbix');" \ - 'zabbix' diff --git a/puppet-manifests/modules/fuel_project/templates/zabbix/slack.sh.erb b/puppet-manifests/modules/fuel_project/templates/zabbix/slack.sh.erb deleted file mode 100644 index 7a706aa..0000000 --- a/puppet-manifests/modules/fuel_project/templates/zabbix/slack.sh.erb +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/bash -# -# Original sources: https://github.com/ericoc/zabbix-slack-alertscript -# Author: https://github.com/ericoc -# -set -e - -# Slack incoming web-hook URL and user name -url='<%= @slack_web_hook_url %>' -username='<%= @slack_post_username %>' - -## Values received by this script: -# To/Channel = $1 (Slack channel to send the message to, specified in the Zabbix -# web interface) -# Subject = $2 (usually either PROBLEM or RECOVERY) -# Message = $3 (whatever message the Zabbix action sends, preferably something -# like "Zabbix server is unreachable for 5 minutes - Zabbix server (127.0.0.1)") - -# Get the Slack channel ($1) and Zabbix subject ($2 - hopefully either PROBLEM -# or RECOVERY) -channel="${1}" -subject="${2}" - -# Change message emoji depending on the subject - smile (RECOVERY), frowning -# (PROBLEM), or ghost (for everything else) -if [ "${subject}" == 'OK' ]; then - emoji='<%= @slack_emoji_ok || ':smile:' %>' -elif [ "${subject}" == 'PROBLEM' ]; then - emoji='<%= @slack_emoji_problem || ':frowning:' %>' -else - emoji='<%= @slack_emoji_unknown || ':ghost:' %>' -fi - -# The message that we want to send to Slack is the "subject" value ($2 / - # $subject - that we got earlier) -# followed by the message that Zabbix actually sent us ($3) -message="${subject}: ${3}" - -# Build our JSON payload and send it as a POST request to the Slack incoming -# web-hook URL -payload="payload={\"channel\": \"${channel}\", \"username\": \"${username}\",\"text\": \"${message}\", \"icon_emoji\": \"${emoji}\"}" -curl -m 5 --data-urlencode "${payload}" "${url}" diff --git a/puppet-manifests/modules/fuel_project/templates/zabbix/zabbkit.sh.erb b/puppet-manifests/modules/fuel_project/templates/zabbix/zabbkit.sh.erb deleted file mode 100644 index a42ac29..0000000 --- a/puppet-manifests/modules/fuel_project/templates/zabbix/zabbkit.sh.erb +++ /dev/null @@ -1,3 +0,0 @@ -#!/bin/sh - -/usr/bin/curl -X POST -H "Content-type:application/json" -d "{Id:'${1}', text:'${2}', triggerId:'${3}', playSound:true}" "http://zabbkit.inside.cactussoft.biz/api/messages" diff --git a/puppet-manifests/modules/racktables/manifests/init.pp b/puppet-manifests/modules/racktables/manifests/init.pp deleted file mode 100644 index 8b8e087..0000000 --- a/puppet-manifests/modules/racktables/manifests/init.pp +++ /dev/null @@ -1,160 +0,0 @@ -# class racktables -class racktables ( - $admin_password = 'racktables', - $db_host = 'localhost', - $db_name = 'racktables', - $db_password = 'racktables', - $db_username = 'racktables', - $ldap_options = undef, - $nginx_access_log = '/var/log/nginx/access.log', - $nginx_error_log = '/var/log/nginx/error.log', - $nginx_log_format = undef, - $require_local_account = true, - $service_fqdn = 'racktables.test.local', - $ssl_cert_content = '', - $ssl_cert_filename = '/etc/ssl/racktables.crt', - $ssl_key_content = '', - $ssl_key_filename = '/etc/ssl/racktables.key', - $user_auth_src = 'database', -) { - $php_modules = [ 'mysql', 'ldap', 'gd', 'cli' ] - $www_root = '/usr/share/racktables/wwwroot' - - class { '::php::fpm::daemon' : } - ::php::module { $php_modules : } - - ::nginx::resource::vhost { 'racktables-server' : - ensure => 'present', - listen_port => 80, - ssl => false, - server_name => [$service_fqdn, $::fqdn], - access_log => $nginx_access_log, - error_log => $nginx_error_log, - format_log => $nginx_log_format, - use_default_location => false, - require => Package['racktables'], - } - - if ($ssl_cert_content and $ssl_key_content) { - $ssl = true - file { $ssl_cert_filename : - ensure => 'present', - mode => '0600', - owner => 'root', - content => $ssl_cert_content, - } - file { $ssl_key_filename : - ensure => 'present', - mode => '0600', - owner => 'root', - content => $ssl_key_content, - } - Nginx::Resource::Vhost <| title == 'racktables-server' |>{ - ssl => true, - ssl_cert => $ssl_cert_filename, - ssl_key => $ssl_key_filename, - listen_port => 443, - ssl_port => 443, - } - ::nginx::resource::vhost { 'racktables-redirect' : - ensure => 'present', - server_name => [$service_fqdn], - listen_port => 80, - www_root => $www_root, - access_log => $nginx_access_log, - error_log => $nginx_error_log, - format_log => $nginx_log_format, - location_cfg_append => { - return => "301 https://${service_fqdn}\$request_uri", - }, - require => Package['racktables'], - } - } - - user { 'racktables' : - ensure => 'present', - shell => '/usr/sbin/nologin', - home => '/var/www', - } - package { 'racktables' : - ensure => 'present', - } - - class { '::mysql::server' : } - class { '::mysql::server::account_security' :} - ::mysql::db { $db_name : - user => $db_username, - password => $db_password, - host => $db_host, - grant => ['all'], - charset => 'utf8', - require => [ - Class['::mysql::server'], - Class['::mysql::server::account_security'], - ], - } - - ::nginx::resource::location { 'racktables-server-static' : - vhost => 'racktables-server', - location => '/', - www_root => $www_root, - ssl => $ssl, - ssl_only => $ssl, - } - - ::nginx::resource::location { 'racktables-server-php' : - vhost => 'racktables-server', - location => '~ \.php$', - fastcgi => '127.0.0.1:9001', - www_root => $www_root, - ssl => $ssl, - ssl_only => $ssl, - } - - ::php::fpm::conf { 'www': - listen => '127.0.0.1:9001', - user => 'racktables', - php_value => { - post_max_size => 16M, - max_execution_time => 300, - max_input_time => 300, - 'date.timezone' => UTC, - 'cgi.fix_pathinfo' => 1, - }, - require => [ - Class['::nginx'], - User['racktables'], - ], - } - - file { '/usr/share/racktables/wwwroot/inc/secret.php' : - ensure => 'present', - owner => 'racktables', - group => 'racktables', - mode => '0400', - content => template('racktables/secret.php.erb'), - require => Package['racktables'], - notify => Exec['php /usr/share/racktables/initdb.php'], - } - - file { '/usr/share/racktables/initdb.php' : - ensure => 'present', - owner => 'root', - group => 'root', - mode => '0644', - content => template('racktables/initdb.php.erb'), - require => Package['racktables'], - } - - exec { 'php /usr/share/racktables/initdb.php' : - command => 'php /usr/share/racktables/initdb.php', - cwd => '/usr/share/racktables/', - require => [ - Php::Module[$php_modules], - Package['racktables'], - File['/usr/share/racktables/initdb.php'], - File['/usr/share/racktables/wwwroot/inc/secret.php'] - ], - refreshonly => true, - } -} diff --git a/puppet-manifests/modules/racktables/templates/initdb.php.erb b/puppet-manifests/modules/racktables/templates/initdb.php.erb deleted file mode 100644 index c1793ac..0000000 --- a/puppet-manifests/modules/racktables/templates/initdb.php.erb +++ /dev/null @@ -1,14 +0,0 @@ -'); -$query = "INSERT INTO `UserAccount` (`user_id`, `user_name`, `user_password_hash`, `user_realname`) VALUES (1,'admin','${hash}','RackTables Administrator') ON DUPLICATE KEY UPDATE"; -$result = $dbxlink->exec ($query); -?> diff --git a/puppet-manifests/modules/racktables/templates/secret.php.erb b/puppet-manifests/modules/racktables/templates/secret.php.erb deleted file mode 100644 index e9bd5c9..0000000 --- a/puppet-manifests/modules/racktables/templates/secret.php.erb +++ /dev/null @@ -1,16 +0,0 @@ -;dbname=<%= @db_name %>'; -$db_username = '<%= @db_username %>'; -$db_password = '<%= @db_password %>'; -$user_auth_src = '<%= @user_auth_src %>'; -$require_local_account = <%= @require_local_account ? 'TRUE' : 'FALSE' -%>; - -<% if @ldap_options -%> -$LDAP_options = array( - <% @ldap_options.each {|key,value| -%> - '<%= key -%>' => '<%= value -%>', - <% } -%> -); -<% end -%> - -?> diff --git a/puppet-manifests/modules/ssh/manifests/authorized_keys.pp b/puppet-manifests/modules/ssh/manifests/authorized_keys.pp deleted file mode 100644 index 93e09a4..0000000 --- a/puppet-manifests/modules/ssh/manifests/authorized_keys.pp +++ /dev/null @@ -1,10 +0,0 @@ -# Class: ssh::authorized_keys -class ssh::authorized_keys { - $keys = hiera_hash('ssh::authorized_keys::keys', {}) - create_resources(ssh_authorized_key, - $keys, { - ensure => present, - user => 'root' - } - ) -} diff --git a/puppet-manifests/modules/ssh/manifests/banner.pp b/puppet-manifests/modules/ssh/manifests/banner.pp deleted file mode 100644 index 48e01ff..0000000 --- a/puppet-manifests/modules/ssh/manifests/banner.pp +++ /dev/null @@ -1,10 +0,0 @@ -# Class: ssh::banner -# -class ssh::banner { - file { '/etc/banner' : - owner => 'root', - group => 'root', - mode => '0400', - content => template('ssh/banners/mirantis.net_ldap.erb') - } -} diff --git a/puppet-manifests/modules/ssh/manifests/known_host.pp b/puppet-manifests/modules/ssh/manifests/known_host.pp deleted file mode 100644 index 3b343d6..0000000 --- a/puppet-manifests/modules/ssh/manifests/known_host.pp +++ /dev/null @@ -1,21 +0,0 @@ -# Define: ssh::known_host -# -define ssh::known_host ( - $host = $title, - $overwrite = true, - $port = 22, - $user = 'root', -) { - if ($overwrite) { - $cmd = "ssh-keyscan -p ${port} -H ${host} > ~${user}/.ssh/known_hosts" - $unless = '/bin/false' - } else { - $cmd = "ssh-keyscan -p ${port} -H ${host} >> ~${user}/.ssh/known_hosts" - $unless = "ssh-keygen -F ${host} -f ~${user}/.ssh/known_hosts" - } - exec { $cmd: - user => $user, - logoutput => 'on_failure', - unless => $unless, - } -} diff --git a/puppet-manifests/modules/ssh/manifests/ldap.pp b/puppet-manifests/modules/ssh/manifests/ldap.pp deleted file mode 100644 index 8d8be26..0000000 --- a/puppet-manifests/modules/ssh/manifests/ldap.pp +++ /dev/null @@ -1,68 +0,0 @@ -# Class: ssh::ldap -# -class ssh::ldap ( - $bind_policy = $ssh::params::bind_policy, - $ldap_base = '', - $ldap_ignore_users = $ssh::params::ldap_ignore_users, - $ldap_uri = '', - $pam_filter = '', - $pam_password = $ssh::params::pam_password, - $sudoers_base = '', - $tls_cacertdir = '', -) { - include ssh::params - - include ssh::banner - include ssh::sshd - - $ldap_packages = $ssh::params::ldap_packages - - package { $ldap_packages : - ensure => 'present', - } - - file { '/etc/ldap.conf': - ensure => 'present', - mode => '0600', - owner => 'root', - group => 'root', - content => template('ssh/ldap.conf.erb'), - } - - file { '/etc/ldap/ldap.conf' : - ensure => 'link', - target => '/etc/ldap.conf', - } - - file { '/etc/nsswitch.conf': - ensure => 'present', - mode => '0644', - owner => 'root', - group => 'root', - content => template('ssh/nsswitch.conf.erb'), - notify => Service['nscd'], - } - - file { '/etc/pam.d/common-session' : - ensure => 'present', - mode => '0644', - owner => 'root', - group => 'root', - content => template('ssh/common-session.erb'), - } - - service { 'nscd' : - ensure => running, - enable => true, - hasstatus => true, - hasrestart => false, - } - - Class['ssh::sshd']-> - Package[$ldap_packages]-> - File['/etc/ldap.conf']-> - File['/etc/ldap/ldap.conf']-> - File['/etc/nsswitch.conf']-> - File['/etc/pam.d/common-session']-> - Service['nscd'] -} diff --git a/puppet-manifests/modules/ssh/manifests/params.pp b/puppet-manifests/modules/ssh/manifests/params.pp deleted file mode 100644 index 02553bc..0000000 --- a/puppet-manifests/modules/ssh/manifests/params.pp +++ /dev/null @@ -1,33 +0,0 @@ -# Class: ssh::params -# -class ssh::params { - $apply_firewall_rules = false - $bind_policy = 'soft' - $firewall_allow_sources = {} - $ldap_ignore_users = 'backup,bin,daemon,games,gnats,irc,landscape,libuuid,list,lp,mail,man,messagebus,mysql,nagios,news,ntp,postfix,proxy,puppet,root,sshd,sync,sys,syslog,uucp,whoopsie,www-data,zabbix' - $pam_password = 'md5' - - $packages = [ - 'openssh-server' - ] - - $ldap_packages = [ - 'ldap-utils', - 'libpam-ldap', - 'nscd', - ] - - case $::osfamily { - 'RedHat': { - $service = 'sshd' - } - 'Debian': { - $service = 'ssh' - } - default: { - fatal("Unknown osfamily: ${::osfamily}. Probaly your OS is unsupported.") - } - } - - $sshd_config = '/etc/ssh/sshd_config' -} diff --git a/puppet-manifests/modules/ssh/manifests/sshd.pp b/puppet-manifests/modules/ssh/manifests/sshd.pp deleted file mode 100644 index 9c1f222..0000000 --- a/puppet-manifests/modules/ssh/manifests/sshd.pp +++ /dev/null @@ -1,44 +0,0 @@ -# Class: ssh::sshd -# -class ssh::sshd ( - $apply_firewall_rules = $::ssh::params::apply_firewall_rules, - $firewall_allow_sources = $::ssh::params::firewall_allow_sources, - $password_authentication = false, - $sftp_group = 'sftpusers', -) { - include ssh::params - - $packages = $ssh::params::packages - $service = $ssh::params::service - $sshd_config = $ssh::params::sshd_config - - package { $packages : - ensure => latest, - } - - file { $sshd_config : - ensure => 'present', - mode => '0644', - owner => 'root', - group => 'root', - content => template('ssh/sshd_config.erb'), - notify => Service[$service], - } - - service { $service : - ensure => 'running', - enable => true, - hasstatus => true, - hasrestart => false, - } - - if ($apply_firewall_rules) { - include firewall_defaults::pre - create_resources(firewall, $firewall_allow_sources, { - dport => 22, - action => 'accept', - require => Class['firewall_defaults::pre'], - }) - } - -} diff --git a/puppet-manifests/modules/ssh/templates/banners/mirantis.net_ldap.erb b/puppet-manifests/modules/ssh/templates/banners/mirantis.net_ldap.erb deleted file mode 100644 index 43dddc5..0000000 --- a/puppet-manifests/modules/ssh/templates/banners/mirantis.net_ldap.erb +++ /dev/null @@ -1,12 +0,0 @@ - -/* *\ - Welcome to the Fuel server <%= @fqdn %> - All granted users could be authenticated via LDAP - - If you'd like to authenticate with public keys, - please use auth.mirantis.com to upload your key - - On any questions please do not hesitate to contact - -- - devops@mirantis.com -\* */ diff --git a/puppet-manifests/modules/ssh/templates/common-session.erb b/puppet-manifests/modules/ssh/templates/common-session.erb deleted file mode 100644 index 51ab0e6..0000000 --- a/puppet-manifests/modules/ssh/templates/common-session.erb +++ /dev/null @@ -1,28 +0,0 @@ -# -# /etc/pam.d/common-session - session-related modules common to all services -# -# This file is included from other service-specific PAM config files, -# and should contain a list of modules that define tasks to be performed -# at the start and end of sessions of *any* kind (both interactive and -# non-interactive). -# -# As of pam 1.0.1-6, this file is managed by pam-auth-update by default. -# To take advantage of this, it is recommended that you configure any -# local modules either before or after the default block, and use -# pam-auth-update to manage selection of other modules. See -# pam-auth-update(8) for details. - -# here are the per-package modules (the "Primary" block) -session [default=1] pam_permit.so -# here's the fallback if no module succeeds -session requisite pam_deny.so -# prime the stack with a positive return value if there isn't one already; -# this avoids us returning an error just because nothing sets a success code -# since the modules above will each just jump around -session required pam_permit.so -# and here are more per-package modules (the "Additional" block) -session required pam_unix.so -session optional pam_mkhomedir.so skel=/etc/skel/ umask=0027 -session optional pam_ldap.so -session optional pam_ck_connector.so nox11 -# end of pam-auth-update config diff --git a/puppet-manifests/modules/ssh/templates/ldap.conf.erb b/puppet-manifests/modules/ssh/templates/ldap.conf.erb deleted file mode 100644 index 8311845..0000000 --- a/puppet-manifests/modules/ssh/templates/ldap.conf.erb +++ /dev/null @@ -1,19 +0,0 @@ -# -# LDAP Defaults -# - -# See ldap.conf(5) for details -# This file should be world readable but not world writable. - -URI <%= @ldap_uri %> -BASE <%= @ldap_base %> -TLS_CACERTDIR <%= @tls_cacertdir %> - -pam_password <%= @pam_password %> -pam_filter <%= @pam_filter %> -sudoers_base <%= @sudoers_base %> -uri <%= @ldap_uri %> -bind_policy <%= @bind_policy %> -<% if @ldap_ignore_users %> -nss_initgroups_ignoreusers <%= @ldap_ignore_users %> -<% end %> diff --git a/puppet-manifests/modules/ssh/templates/nsswitch.conf.erb b/puppet-manifests/modules/ssh/templates/nsswitch.conf.erb deleted file mode 100644 index 3f89b22..0000000 --- a/puppet-manifests/modules/ssh/templates/nsswitch.conf.erb +++ /dev/null @@ -1,64 +0,0 @@ -# -# /etc/nsswitch.conf -# -# An example Name Service Switch config file. This file should be -# sorted with the most-used services at the beginning. -# -# The entry '[NOTFOUND=return]' means that the search for an -# entry should stop if the search in the previous entry turned -# up nothing. Note that if the search failed due to some other reason -# (like no NIS server responding) then the search continues with the -# next entry. -# -# Legal entries are: -# -# nisplus or nis+ Use NIS+ (NIS version 3) -# nis or yp Use NIS (NIS version 2), also called YP -# dns Use DNS (Domain Name Service) -# files Use the local files -# db Use the local database (.db) files -# compat Use NIS on compat mode -# hesiod Use Hesiod for user lookups -# [NOTFOUND=return] Stop searching if not found so far -# - -# To use db, put the "db" in front of "files" for entries you want to be -# looked up first in the databases -# -# Example: -#passwd: db files nisplus nis -#shadow: db files nisplus nis -#group: db files nisplus nis - -passwd: files ldap -shadow: files ldap -group: files ldap - -#hosts: db files nisplus nis dns -hosts: files dns - -# Example - obey only what nisplus tells us... -#services: nisplus [NOTFOUND=return] files -#networks: nisplus [NOTFOUND=return] files -#protocols: nisplus [NOTFOUND=return] files -#rpc: nisplus [NOTFOUND=return] files -#ethers: nisplus [NOTFOUND=return] files -#netmasks: nisplus [NOTFOUND=return] files - -bootparams: nisplus [NOTFOUND=return] files - -ethers: files -netmasks: files -networks: files -protocols: files -rpc: files -services: files - -netgroup: files ldap - -publickey: nisplus - -automount: files ldap -aliases: files nisplus - -sudoers: files ldap diff --git a/puppet-manifests/modules/ssh/templates/sshd_config.erb b/puppet-manifests/modules/ssh/templates/sshd_config.erb deleted file mode 100644 index 496f264..0000000 --- a/puppet-manifests/modules/ssh/templates/sshd_config.erb +++ /dev/null @@ -1,59 +0,0 @@ -Port 22 -ListenAddress :: -ListenAddress 0.0.0.0 -Protocol 2 - -Banner /etc/banner - -HostKey /etc/ssh/ssh_host_rsa_key -HostKey /etc/ssh/ssh_host_dsa_key -<% if @osfamily == 'Debian' %> -HostKey /etc/ssh/ssh_host_ecdsa_key -<% end %> -UsePrivilegeSeparation yes - -KeyRegenerationInterval 3600 -ServerKeyBits 768 - -SyslogFacility AUTH -LogLevel INFO - -LoginGraceTime 120 -PermitRootLogin without-password -StrictModes yes - -RSAAuthentication yes -PubkeyAuthentication yes - -IgnoreRhosts yes -RhostsRSAAuthentication no -HostbasedAuthentication no -PermitEmptyPasswords no -ChallengeResponseAuthentication no -PasswordAuthentication <%= @password_authentication ? 'yes' : 'no' %> - -X11Forwarding yes -X11DisplayOffset 10 -PermitTunnel yes -PrintMotd no -PrintLastLog yes -TCPKeepAlive yes -UseDNS no - -AcceptEnv LANG LC_* - -Subsystem sftp internal-sftp - -UsePAM yes -<% if @osfamily == 'Debian' %> -AuthorizedKeysFile /etc/ssh/keys/%u .ssh/authorized_keys -<% else %> -AuthorizedKeysFile %h/.ssh/authorized_keys -<% end -%> - -<% if @sftp_group != '' -%> -Match Group <%= @sftp_group %> - AllowTCPForwarding no - X11Forwarding no - ForceCommand internal-sftp -<% end -%>