From 67bcce274f4ded8c1d923888970cd93de4e2ce01 Mon Sep 17 00:00:00 2001 From: "James E. Blair" Date: Tue, 11 Oct 2011 09:04:04 -0500 Subject: [PATCH] Updates from new baremetal configuration. Add orchestra configuration. Remove tarmac dependency from jenkins slaves. Add devstack repo to jenkins slave checkout. Use jenkins public key in cloud-init. Remove wheel group (not defined in base oneiric). Clean up sudoers. Git rid of wheel group dependency. Git rid of editor link (which may be dangling) and doesn't really have anything to do with sudo anyway. Write localrc for devstack with passwords for mysql and rabbitmq. Install devstack apt depends on install so they make it into the LVM snapshot. Add mysql password to a snippet file for the preseed. Add python-unittest2 to jenkins slaves. Add more passwords to localrc. Update syslog config on server. Fix subscribed exec for cobbler sync. Update syslog permissions. Don't log local messages to the orchestra dir. Add rsyslog sudo perms for jenkins. Make jenkins ignore known_hosts. Remove known_hosts file, add .ssh/config file that ignores known_hosts. Change-Id: Ic1842e5ea6778e8c52857f3441872459bfc05b2c --- manifests/site.pp | 5 + modules/jenkins_slave/files/known_hosts | 12 -- modules/jenkins_slave/files/ssh_config | 3 + .../jenkins_slave/manifests/devstackrepo.pp | 51 ++++++ modules/jenkins_slave/manifests/init.pp | 5 + .../jenkins_slave/manifests/jenkinsuser.pp | 6 +- modules/jenkins_slave/templates/localrc.erb | 5 + modules/orchestra/files/99-orchestra.conf | 19 +++ modules/orchestra/files/dnsmasq.template | 22 +++ .../orchestra/files/openstack-test.preseed | 146 ++++++++++++++++++ modules/orchestra/files/openstack_cloud_init | 39 +++++ .../files/openstack_module_blacklist | 7 + .../orchestra/files/openstack_network_sleep | 7 + .../orchestra/files/orchestra-jenkins-sudoers | 1 + modules/orchestra/manifests/init.pp | 95 ++++++++++++ .../templates/openstack_mysql_password.erb | 1 + 16 files changed, 409 insertions(+), 15 deletions(-) delete mode 100644 modules/jenkins_slave/files/known_hosts create mode 100644 modules/jenkins_slave/files/ssh_config create mode 100644 modules/jenkins_slave/manifests/devstackrepo.pp create mode 100644 modules/jenkins_slave/templates/localrc.erb create mode 100644 modules/orchestra/files/99-orchestra.conf create mode 100644 modules/orchestra/files/dnsmasq.template create mode 100644 modules/orchestra/files/openstack-test.preseed create mode 100644 modules/orchestra/files/openstack_cloud_init create mode 100644 modules/orchestra/files/openstack_module_blacklist create mode 100644 modules/orchestra/files/openstack_network_sleep create mode 100644 modules/orchestra/files/orchestra-jenkins-sudoers create mode 100644 modules/orchestra/manifests/init.pp create mode 100644 modules/orchestra/templates/openstack_mysql_password.erb diff --git a/manifests/site.pp b/manifests/site.pp index 5fefb3635e..8997ad5c0a 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -156,3 +156,8 @@ node /^.*\.slave\.openstack\.org$/ { node /^driver(\d+)\.1918\.openstack\.org$/ { include openstack_jenkins_slave } + +node /^deploy(\d+)\.1918\.openstack\.org$/ { + include openstack_jenkins_slave + include orchestra +} diff --git a/modules/jenkins_slave/files/known_hosts b/modules/jenkins_slave/files/known_hosts deleted file mode 100644 index fff0053d2d..0000000000 --- a/modules/jenkins_slave/files/known_hosts +++ /dev/null @@ -1,12 +0,0 @@ -|1|OJlmbqcf6hDyGiueyGvlkVtsnbM=|gZmRc6ICJ93qm9k07K7kavNQeK8= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDtdLzDzG6qmejiZq5BxDqxkN71W08xuQWVZ+6784SpsXTUujKT49lNCXmH+IHijsRaigU9cVFkWErVez0Q+NtUe077c5s50zCrL7EwH5/aiwaYklHF566TO7ctOJBLLsoVOUlJGpUAjM4veG9XMz0KhTP9qYK3zqNOcPV++551bQu1rc3kR8R8C/etmP60zMhVkUAdgyPWFZbmKlrBv1SxIpvjSo5STZzSRS7DK5/D9BaWS3zOcl5Pqtv0FVjm83dmQJxMPEjFo8e0T4Gq/noxYafQse4811/Ucmxj8J5rlJchakfxJz827w3MWYR4Ku+X3QAy/deBuvzUn3z35Zwr -|1|ED5cPaPlxg4p6tThq+iwQw9DWzk=|hyynBHmEAf8RTalBpTfvpX1Ijek= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDtdLzDzG6qmejiZq5BxDqxkN71W08xuQWVZ+6784SpsXTUujKT49lNCXmH+IHijsRaigU9cVFkWErVez0Q+NtUe077c5s50zCrL7EwH5/aiwaYklHF566TO7ctOJBLLsoVOUlJGpUAjM4veG9XMz0KhTP9qYK3zqNOcPV++551bQu1rc3kR8R8C/etmP60zMhVkUAdgyPWFZbmKlrBv1SxIpvjSo5STZzSRS7DK5/D9BaWS3zOcl5Pqtv0FVjm83dmQJxMPEjFo8e0T4Gq/noxYafQse4811/Ucmxj8J5rlJchakfxJz827w3MWYR4Ku+X3QAy/deBuvzUn3z35Zwr -|1|d48JkTFKcmd4eghssuYGuEWY6FQ=|/4kjP4ZiLs77IR4pXcv2XNPRfK8= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfTQI130c6KPnRwy4KPMV+Ky9vJPSH/uwydojqcyAeKCGniGuF0Cyrye+UUvM0+KjOJ2H+Ekhy+A0Mg3v06W3PXbNCwxwvvS81tfJMse0rR1s0cjz77bWGuGeGxli6GP/HPlbjP0arGf0hkze1U9z/IyXrawoiVuWQUcQKelJtAqbloT1LheZUY35BPkC84W79hnhB3yRt6WrSjoxeUFaWVvWwZPpD7jMd2/0GED3pqofGz2Y4DS1/TqFFr5euoHe7iIQ/ihC0SyDDVbL9lqHxjsCtNzAwfu48mUCikA6lLGZJNFGGBFQNCvF2WZZLFXpzEsneqE+9pDpHIel/uqAd -|1|ZFufFQSCH/y6vuXL8ybMHMScEnM=|JAiydwN4g2Ombg70QCLJS/iJRJA= ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDfTQI130c6KPnRwy4KPMV+Ky9vJPSH/uwydojqcyAeKCGniGuF0Cyrye+UUvM0+KjOJ2H+Ekhy+A0Mg3v06W3PXbNCwxwvvS81tfJMse0rR1s0cjz77bWGuGeGxli6GP/HPlbjP0arGf0hkze1U9z/IyXrawoiVuWQUcQKelJtAqbloT1LheZUY35BPkC84W79hnhB3yRt6WrSjoxeUFaWVvWwZPpD7jMd2/0GED3pqofGz2Y4DS1/TqFFr5euoHe7iIQ/ihC0SyDDVbL9lqHxjsCtNzAwfu48mUCikA6lLGZJNFGGBFQNCvF2WZZLFXpzEsneqE+9pDpHIel/uqAd -|1|Ry9u6UxPjjoPBUxNiZGz6my7tHw=|A0GH7yoL1kIQkoYnqBlFgZuZtG0= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEApuXd4MHTfr1qLXWeClxTTQYZQblCA+nHvbjAjowkEd2Y4kpvntJOVewoSwa22zTbiYSmmssCuCkFHwcpnZBZN5qMWewjizav30WfeyLR5Kng5qucxmFAEkNJjCJiu194wRNKu0cD99Uk/6X/AfsWGLgmL5pa5UFk62aW+iZLUQ8= -|1|vwunqZw+G2e5xwtXILhLOz6pjb8=|qEULUEPyFkTeryerpNeBUI/QnhI= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAIEApuXd4MHTfr1qLXWeClxTTQYZQblCA+nHvbjAjowkEd2Y4kpvntJOVewoSwa22zTbiYSmmssCuCkFHwcpnZBZN5qMWewjizav30WfeyLR5Kng5qucxmFAEkNJjCJiu194wRNKu0cD99Uk/6X/AfsWGLgmL5pa5UFk62aW+iZLUQ8= -|1|ytXkA4wWSyLrZZD6D7V3Smo/PPc=|M8aG/CqJpLxigEzjvlelwYqCSdY= ssh-rsa -AAAAB3NzaC1yc2EAAAABIwAAAQEA2IRFQLSdatUw9Ecev8CCB5yUfINcn/QIt9mZ1TSiLqBM2MDJKS8XRCsIp7jevWBGEZQjW2Mu5M5s6+1dDHlwy77hr+dmUM0YFvDs/En3f/QbB+HCn0nNNGmAcw0S9GLyNVyGjFbvkxwe/V7b+TiNKrX+Z2mZSeytCHDcb8QUYgdrEINRbjg0LpUdANL8kp/1krz1r1y4fsjl28PceYLn9qZEJxmz0mUPS5MDAMvHy3Q4nTfGQiEAm6sG42W41I8TU/FU0/YvMZ3ylWTesAgStQr16R3SLxHjbkrOK87agnJvEDIo6mHFFYvdnNWB5TqMHB8k9J/IUYYBc7r4YCutMw== -|1|3z9pqCTiW3ULR7/46LAvFkfc/gY=|qG2wIrr1VyupSYUyMFEK5Zl8DBI= ssh-rsa -AAAAB3NzaC1yc2EAAAABIwAAAQEA2IRFQLSdatUw9Ecev8CCB5yUfINcn/QIt9mZ1TSiLqBM2MDJKS8XRCsIp7jevWBGEZQjW2Mu5M5s6+1dDHlwy77hr+dmUM0YFvDs/En3f/QbB+HCn0nNNGmAcw0S9GLyNVyGjFbvkxwe/V7b+TiNKrX+Z2mZSeytCHDcb8QUYgdrEINRbjg0LpUdANL8kp/1krz1r1y4fsjl28PceYLn9qZEJxmz0mUPS5MDAMvHy3Q4nTfGQiEAm6sG42W41I8TU/FU0/YvMZ3ylWTesAgStQr16R3SLxHjbkrOK87agnJvEDIo6mHFFYvdnNWB5TqMHB8k9J/IUYYBc7r4YCutMw== -|1|bsQTFPPGPVkpa+nblTNYl11Cxl0=|sC7XEp28VJ/tlnLGq4m6XNTjgNk= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2IRFQLSdatUw9Ecev8CCB5yUfINcn/QIt9mZ1TSiLqBM2MDJKS8XRCsIp7jevWBGEZQjW2Mu5M5s6+1dDHlwy77hr+dmUM0YFvDs/En3f/QbB+HCn0nNNGmAcw0S9GLyNVyGjFbvkxwe/V7b+TiNKrX+Z2mZSeytCHDcb8QUYgdrEINRbjg0LpUdANL8kp/1krz1r1y4fsjl28PceYLn9qZEJxmz0mUPS5MDAMvHy3Q4nTfGQiEAm6sG42W41I8TU/FU0/YvMZ3ylWTesAgStQr16R3SLxHjbkrOK87agnJvEDIo6mHFFYvdnNWB5TqMHB8k9J/IUYYBc7r4YCutMw== -|1|HenNrBbEm/2XlEXSblgTan10DJQ=|ZgegoeenOwfY/SsHbhYkDjGlM4E= ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA2IRFQLSdatUw9Ecev8CCB5yUfINcn/QIt9mZ1TSiLqBM2MDJKS8XRCsIp7jevWBGEZQjW2Mu5M5s6+1dDHlwy77hr+dmUM0YFvDs/En3f/QbB+HCn0nNNGmAcw0S9GLyNVyGjFbvkxwe/V7b+TiNKrX+Z2mZSeytCHDcb8QUYgdrEINRbjg0LpUdANL8kp/1krz1r1y4fsjl28PceYLn9qZEJxmz0mUPS5MDAMvHy3Q4nTfGQiEAm6sG42W41I8TU/FU0/YvMZ3ylWTesAgStQr16R3SLxHjbkrOK87agnJvEDIo6mHFFYvdnNWB5TqMHB8k9J/IUYYBc7r4YCutMw== diff --git a/modules/jenkins_slave/files/ssh_config b/modules/jenkins_slave/files/ssh_config new file mode 100644 index 0000000000..bccc9c965a --- /dev/null +++ b/modules/jenkins_slave/files/ssh_config @@ -0,0 +1,3 @@ +UserKnownHostsFile=/dev/null +StrictHostKeyChecking=no +LogLevel=ERROR diff --git a/modules/jenkins_slave/manifests/devstackrepo.pp b/modules/jenkins_slave/manifests/devstackrepo.pp new file mode 100644 index 0000000000..c1b3713aed --- /dev/null +++ b/modules/jenkins_slave/manifests/devstackrepo.pp @@ -0,0 +1,51 @@ +define devstackrepo($ensure = present) { + $repo_there = "test -d /home/jenkins/devstack" + $mysql_pass = $orchestra::mysql_pass + $rabbit_pass = generate('/usr/bin/openssl', 'rand', '-hex', '12') + case $ensure { + present: { + exec { "Clone devstack git repo": + path => "/usr/sbin:/usr/bin:/sbin:/bin", + environment => "HOME=/home/jenkins", + command => "sudo -H -u jenkins -i git clone git://github.com/jeblair/devstack.git /home/jenkins/devstack", + user => "root", + group => "root", + unless => "$repo_there", + logoutput => on_failure, + } + file { '/home/jenkins/devstack/localrc': + owner => 'root', + group => 'root', + mode => 444, + ensure => 'present', + content => template('jenkins_slave/localrc.erb'), + replace => 'false', + require => [Exec["Clone devstack git repo"], + File["/var/lib/cobbler/snippets/openstack_mysql_password"], + ] + } + exec { "Update devstack git repo": + path => "/usr/sbin:/usr/bin:/sbin:/bin", + environment => "HOME=/home/jenkins", + command => "sudo -H -u jenkins -i bash -c 'cd /home/jenkins/devstack && git pull'", + user => "root", + group => "root", + onlyif => "$repo_there", + logoutput => on_failure, + } + } + absent: { + exec { "Remove OpenStack git repo": + path => "/usr/sbin:/usr/bin:/sbin:/bin", + environment => "HOME=/root", + command => "rm -rf /home/jenkins/devstack", + user => "root", + group => "root", + onlyif => "$repo_there", + } + } + default: { + fail "Invalid 'ensure' value '$ensure' for devstackrepo" + } + } +} diff --git a/modules/jenkins_slave/manifests/init.pp b/modules/jenkins_slave/manifests/init.pp index fda2b240ff..cfe5110f95 100644 --- a/modules/jenkins_slave/manifests/init.pp +++ b/modules/jenkins_slave/manifests/init.pp @@ -9,6 +9,11 @@ class jenkins_slave { require => [ Package[git], Jenkinsuser[jenkins] ], } + devstackrepo { "devstack": + ensure => present, + require => [ Package[git], Jenkinsuser[jenkins] ], + } + apt::ppa { "ppa:openstack-ci/build-depends": ensure => present } diff --git a/modules/jenkins_slave/manifests/jenkinsuser.pp b/modules/jenkins_slave/manifests/jenkinsuser.pp index 0254726fc5..2ba9fc3edb 100644 --- a/modules/jenkins_slave/manifests/jenkinsuser.pp +++ b/modules/jenkins_slave/manifests/jenkinsuser.pp @@ -104,15 +104,15 @@ define jenkinsuser($ensure = present) { ], } - file { 'jenkinsknownhosts': - name => '/home/jenkins/.ssh/known_hosts', + file { 'jenkinssshconfig': + name => '/home/jenkins/.ssh/config', owner => 'jenkins', group => 'jenkins', mode => 640, ensure => 'present', require => File['jenkinssshdir'], source => [ - "puppet:///modules/jenkins_slave/known_hosts", + "puppet:///modules/jenkins_slave/ssh_config", ], } diff --git a/modules/jenkins_slave/templates/localrc.erb b/modules/jenkins_slave/templates/localrc.erb new file mode 100644 index 0000000000..ef0b11d280 --- /dev/null +++ b/modules/jenkins_slave/templates/localrc.erb @@ -0,0 +1,5 @@ +# This file is managed by puppet. + +MYSQL_PASS=<%= mysql_pass -%> +RABBIT_PASSWORD=secret +ADMIN_PASSWORD=secret \ No newline at end of file diff --git a/modules/orchestra/files/99-orchestra.conf b/modules/orchestra/files/99-orchestra.conf new file mode 100644 index 0000000000..f35b3b6d1a --- /dev/null +++ b/modules/orchestra/files/99-orchestra.conf @@ -0,0 +1,19 @@ +# Enable the udp server for installation logging +$ModLoad imudp +$UDPServerRun 514 + +$ModLoad imtcp # load TCP listener +$InputTCPMaxSessions 500 +$InputTCPServerRun 10514 # start up listener at port 10514 +$MaxMessageSize 32k + +# Message templating +$template DYNsyslog,"/var/log/orchestra/rsyslog/%FROMHOST%/syslog" +$FileCreateMode 0644 + +if \ + $fromhost-ip != '127.0.0.1' \ +then ?DYNsyslog +& ~ +$FileCreateMode 0640 + diff --git a/modules/orchestra/files/dnsmasq.template b/modules/orchestra/files/dnsmasq.template new file mode 100644 index 0000000000..1c683e63fc --- /dev/null +++ b/modules/orchestra/files/dnsmasq.template @@ -0,0 +1,22 @@ +# Cobbler generated configuration file for dnsmasq +# $date +# + +# resolve.conf .. ? +#no-poll +#enable-dbus +read-ethers +addn-hosts = /var/lib/cobbler/cobbler_hosts +#domain= +dhcp-ignore=tag:!known + +dhcp-range=10.14.247.42,10.14.247.45 +dhcp-option=3,10.14.247.33 +dhcp-lease-max=1000 +dhcp-authoritative +dhcp-boot=pxelinux.0 +dhcp-boot=net:normalarch,pxelinux.0 +dhcp-boot=net:ia64,$elilo + +$insert_cobbler_system_definitions + diff --git a/modules/orchestra/files/openstack-test.preseed b/modules/orchestra/files/openstack-test.preseed new file mode 100644 index 0000000000..8ea21dfec2 --- /dev/null +++ b/modules/orchestra/files/openstack-test.preseed @@ -0,0 +1,146 @@ +# Orchestra - Ubuntu Server Installation +# * Minimal install +# * Cloud-init for bare-metal +# * Grab meta-data and user-data from cobbler server in a late command + +# d-i debian-installer/add-kernel-opts string --verbose + +# Locale +d-i debian-installer/locale string en_US.UTF-8 + +# No splash +d-i debian-installer/splash boolean false + +# Keyboard layout +d-i console-setup/ask_detect boolean false +d-i console-setup/layoutcode string us +d-i console-setup/variantcode string + +# Network configuration +d-i netcfg/get_nameservers string +d-i netcfg/get_ipaddress string +d-i netcfg/get_netmask string 255.255.255.0 +d-i netcfg/get_gateway string +d-i netcfg/confirm_static boolean true + +# Local clock (set to UTC and use ntp) +d-i clock-setup/utc boolean true +d-i clock-setup/ntp boolean true +d-i clock-setup/ntp-server string ntp.ubuntu.com + +# Partitioning +d-i partman-auto/method string lvm +d-i partman-lvm/device_remove_lvm boolean true +d-i partman-md/device_remove_md boolean true +d-i partman-lvm/confirm boolean true +d-i partman-auto-lvm/guided_size string 20GB +d-i partman-auto-lvm/new_vg_name string main +d-i partman-partitioning/confirm_write_new_label boolean true +d-i partman/choose_partition select finish +d-i partman/confirm boolean true +d-i partman/confirm_nooverwrite boolean true +d-i partman-lvm/confirm_nooverwrite boolean true +d-i partman-md/confirm boolean true +d-i partman/default_filesystem string ext4 + +d-i partman-auto/expert_recipe string \ + boot-root :: \ + 40 300 300 ext3 \ + $primary{ } \ + $bootable{ } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext3 } \ + mountpoint{ /boot } \ + . \ + 2000 10000 1000000000 ext4 \ + $lvmok{ } \ + method{ format } format{ } \ + use_filesystem{ } filesystem{ ext4 } \ + mountpoint{ / } \ + . \ + 8000 8000 200% linux-swap \ + $lvmok{ } \ + method{ swap } format{ } \ + . + + +# Use server kernel +d-i base-installer/kernel/image string linux-server + +# User Setup +d-i passwd/root-login boolean false +d-i passwd/make-user boolean true +d-i passwd/user-fullname string ubuntu +d-i passwd/username string ubuntu +d-i passwd/user-password-crypted password $6$.1eHH0iY$ArGzKX2YeQ3G6U.mlOO3A.NaL22Ewgz8Fi4qqz.Ns7EMKjEJRIW2Pm/TikDptZpuu7I92frytmk5YeL.9fRY4. +d-i passwd/user-uid string +d-i user-setup/allow-password-weak boolean false +d-i user-setup/encrypt-home boolean false +d-i passwd/user-default-groups string adm cdrom dialout lpadmin plugdev sambashare + +# APT +$SNIPPET('orchestra_proxy') + +# By default the installer requires that repositories be authenticated +# using a known gpg key. This setting can be used to disable that +# authentication. Warning: Insecure, not recommended. +d-i debian-installer/allow_unauthenticated string false + +# Lang +d-i pkgsel/language-packs multiselect en +d-i pkgsel/update-policy select none +d-i pkgsel/updatedb boolean true + +# Boot-loader +d-i grub-installer/skip boolean false +d-i lilo-installer/skip boolean false +d-i grub-installer/only_debian boolean true +d-i grub-installer/with_other_os boolean true +d-i finish-install/keep-consoles boolean false +d-i finish-install/reboot_in_progress note + +# Eject cdrom +d-i cdrom-detect/eject boolean true + +# Do not halt/poweroff after install +d-i debian-installer/exit/halt boolean false +d-i debian-installer/exit/poweroff boolean false + +d-i pkgsel/include string debconf byobu capistrano cloud-init openssh-server \ + python-software-properties vim \ + apache2 libapache2-mod-wsgi python-dateutil python-anyjson pep8 pylint \ + python-pip screen unzip wget psmisc git-core lsof openssh-server \ + vim-nox locate python-virtualenv python-unittest2 python-eventlet \ + python-routes python-greenlet python-argparse python-sqlalchemy \ + python-wsgiref python-pastedeploy python-xattr python-setuptools \ + python-dev python-lxml python-pastescript python-pastedeploy \ + python-paste sqlite3 python-pysqlite2 python-sqlalchemy python-webob \ + python-greenlet python-routes libldap2-dev libsasl2-dev dnsmasq-base \ + kpartx mysql-server python-mysqldb kvm gawk iptables ebtables sqlite3 \ + sudo kvm libvirt-bin vlan curl rabbitmq-server socat python-mox \ + python-paste python-migrate python-gflags python-greenlet \ + python-libvirt python-libxml2 python-routes python-netaddr \ + python-pastedeploy python-eventlet python-cheetah python-carrot \ + python-tempita python-sqlalchemy python-suds python-lockfile \ + python-m2crypto python-boto python-numpy mysql-common mysql-client-5.1 \ + erlang-base erlang-ssl erlang-nox erlang-inets erlang-mnesia \ + libhtml-template-perl gettext-base libavahi-client3 libxml2-utils \ + libpciaccess0 libparted0debian1 + +mysql-server-5.1 mysql-server/root_password password $SNIPPET('openstack_mysql_password') +mysql-server-5.1 mysql-server/root_password_again password $SNIPPET('openstack_mysql_password') +mysql-server-5.1 mysql-server/start_on_boot boolean true + +# Set cloud-init data source to manual seeding +cloud-init cloud-init/datasources multiselect NoCloud + +# Set rsyslog server +$SNIPPET('orchestra_rsyslog_client_config') + +# JuJu post scripts. Executes late command and disables PXE +d-i preseed/late_command string true && \ + $SNIPPET('openstack_cloud_init') && \ + $SNIPPET('openstack_module_blacklist') && \ + $SNIPPET('orchestra_rsyslog_obtain_keys') && \ + $SNIPPET('orchestra_disable_pxe') && \ + true diff --git a/modules/orchestra/files/openstack_cloud_init b/modules/orchestra/files/openstack_cloud_init new file mode 100644 index 0000000000..036735911c --- /dev/null +++ b/modules/orchestra/files/openstack_cloud_init @@ -0,0 +1,39 @@ +#set http_server=$getVar('$http_server', 'true') +<% +import orchestra.utils.cloudinit +import base64 + +cfg = """#cloud-config +apt_update: false +apt_upgrade: false +disable_root: false +output: {all: '| tee -a /var/log/cloud-init-output.log'} +runcmd: + - echo "cloud init waiting" + - sleep 60 + - sudo apt-get -y install kexec-tools + - sudo sed -i /etc/default/kexec -e s/LOAD_KEXEC=false/LOAD_KEXEC=true/ + - sudo mkdir /var/spool/rsyslog + - sudo chown syslog.syslog /var/spool/rsyslog + - echo "\$ModLoad imuxsock" > /tmp/rsyslog.conf + - echo "\$WorkDirectory /var/spool/rsyslog" >> /tmp/rsyslog.conf + - echo "\$MaxMessageSize 32k" >> /tmp/rsyslog.conf + - echo "\$ActionQueueType LinkedList" >> /tmp/rsyslog.conf + - echo "\$ActionQueueFileName srvrfwd" >> /tmp/rsyslog.conf + - echo "\$ActionResumeRetryCount -1" >> /tmp/rsyslog.conf + - echo "\$ActionQueueSaveOnShutdown on" >> /tmp/rsyslog.conf + - echo "*.* @@%s:10514" >> /tmp/rsyslog.conf + - sudo mv /tmp/rsyslog.conf /etc/rsyslog.d/10-remote.conf + - sudo chown root.root /etc/rsyslog.d/10-remote.conf + - sudo lvrename /dev/main/root orig_root + - sudo lvcreate -L20G -s -n root /dev/main/orig_root + - reboot +ssh_authorized_keys: + - ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtioTW2wh3mBRuj+R0Jyb/mLt5sjJ8dEvYyA8zfur1dnqEt5uQNLacW4fHBDFWJoLHfhdfbvray5wWMAcIuGEiAA2WEH23YzgIbyArCSI+z7gB3SET8zgff25ukXlN+1mBSrKWxIza+tB3NU62WbtO6hmelwvSkZ3d7SDfHxrc4zEpmHDuMhxALl8e1idqYzNA+1EhZpbcaf720mX+KD3oszmY2lqD1OkKMquRSD0USXPGlH3HK11MTeCArKRHMgTdIlVeqvYH0v0Wd1w/8mbXgHxfGzMYS1Ej0fzzJ0PC5z5rOqsMqY1X2aC1KlHIFLAeSf4Cx0JNlSpYSrlZ/RoiQ== hudson@hudson +""" % http_server + +user_data = orchestra.utils.cloudinit.get_user_data_late_command(base64.b64encode(cfg)) + +%> \ +$orchestra.utils.cloudinit.get_meta_data_late_command($getVar('$uid', 'true'), $getVar('$hostname', 'true')) \ && \ +$user_data \ diff --git a/modules/orchestra/files/openstack_module_blacklist b/modules/orchestra/files/openstack_module_blacklist new file mode 100644 index 0000000000..458649e9a7 --- /dev/null +++ b/modules/orchestra/files/openstack_module_blacklist @@ -0,0 +1,7 @@ +<% +import orchestra.utils.cloudinit +script = 'echo "blacklist xgifb" > /etc/modprobe.d/blacklist-xgifb.conf' + +blacklist = orchestra.utils.cloudinit._KSMETA_LATE_COMMAND_TEMPLATE % (orchestra.utils.cloudinit.base64_gzip(script), "blacklist") +%> \ +$blacklist \ \ No newline at end of file diff --git a/modules/orchestra/files/openstack_network_sleep b/modules/orchestra/files/openstack_network_sleep new file mode 100644 index 0000000000..dcd03f9a4a --- /dev/null +++ b/modules/orchestra/files/openstack_network_sleep @@ -0,0 +1,7 @@ +<% +import orchestra.utils.cloudinit +script = 'echo " pre-up sleep 60" >> /etc/network/interfaces' + +networksleep = orchestra.utils.cloudinit._KSMETA_LATE_COMMAND_TEMPLATE % (orchestra.utils.cloudinit.base64_gzip(script), "network-sleep") +%> \ +$networksleep \ \ No newline at end of file diff --git a/modules/orchestra/files/orchestra-jenkins-sudoers b/modules/orchestra/files/orchestra-jenkins-sudoers new file mode 100644 index 0000000000..8874c21e3f --- /dev/null +++ b/modules/orchestra/files/orchestra-jenkins-sudoers @@ -0,0 +1 @@ +jenkins ALL = NOPASSWD: /usr/bin/cobbler, /sbin/restart rsyslog, /bin/rm -f /var/log/orchestra/rsyslog/* diff --git a/modules/orchestra/manifests/init.pp b/modules/orchestra/manifests/init.pp new file mode 100644 index 0000000000..6b4a007432 --- /dev/null +++ b/modules/orchestra/manifests/init.pp @@ -0,0 +1,95 @@ +class orchestra { + $mysql_pass = generate('/usr/bin/openssl', 'rand', '-hex', '12') + package { ipmitool: ensure => present } + package { ubuntu-orchestra-server: ensure => present } + exec { cobbler-sync: + command => "/usr/bin/cobbler sync", + logoutput => true, + refreshonly => true, + subscribe => [ + File["/etc/cobbler/dnsmasq.template"], + File["/var/lib/cobbler/snippets/openstack_module_blacklist"], + File["/var/lib/cobbler/snippets/openstack_cloud_init"], + File["/var/lib/cobbler/snippets/openstack_network_sleep"], + File["/var/lib/cobbler/snippets/openstack_mysql_password"], + File["/var/lib/cobbler/kickstarts/openstack-test.preseed"], + ], + } + exec { rsyslog-restart: + command => "/sbin/restart rsyslog", + logoutput => true, + refreshonly => true, + subscribe => [ + File["/etc/rsyslog.d/99-orchestra.conf"], + ], + } + file { '/var/lib/cobbler/snippets/openstack_mysql_password': + owner => 'root', + group => 'root', + mode => 444, + ensure => 'present', + content => template('orchestra/openstack_mysql_password.erb'), + replace => 'false', + } + file { "/etc/cobbler/dnsmasq.template": + owner => 'root', + group => 'root', + mode => 444, + ensure => 'present', + source => "puppet:///modules/orchestra/dnsmasq.template", + replace => 'true', + require => Package["ubuntu-orchestra-server"], + } + file { "/var/lib/cobbler/snippets/openstack_module_blacklist": + owner => 'root', + group => 'root', + mode => 444, + ensure => 'present', + source => "puppet:///modules/orchestra/openstack_module_blacklist", + replace => 'true', + require => Package["ubuntu-orchestra-server"], + } + file { "/var/lib/cobbler/snippets/openstack_cloud_init": + owner => 'root', + group => 'root', + mode => 444, + ensure => 'present', + source => "puppet:///modules/orchestra/openstack_cloud_init", + replace => 'true', + require => Package["ubuntu-orchestra-server"], + } + file { "/var/lib/cobbler/snippets/openstack_network_sleep": + owner => 'root', + group => 'root', + mode => 444, + ensure => 'present', + source => "puppet:///modules/orchestra/openstack_network_sleep", + replace => 'true', + require => Package["ubuntu-orchestra-server"], + } + file { "/var/lib/cobbler/kickstarts/openstack-test.preseed": + owner => 'root', + group => 'root', + mode => 444, + ensure => 'present', + source => "puppet:///modules/orchestra/openstack-test.preseed", + replace => 'true', + require => Package["ubuntu-orchestra-server"], + } + file { "/etc/sudoers.d/orchestra-jenkins": + owner => 'root', + group => 'root', + mode => 440, + ensure => 'present', + source => "puppet:///modules/orchestra/orchestra-jenkins-sudoers", + replace => 'true', + } + file { "/etc/rsyslog.d/99-orchestra.conf": + owner => 'root', + group => 'root', + mode => 440, + ensure => 'present', + source => "puppet:///modules/orchestra/99-orchestra.conf", + replace => 'true', + } +} diff --git a/modules/orchestra/templates/openstack_mysql_password.erb b/modules/orchestra/templates/openstack_mysql_password.erb new file mode 100644 index 0000000000..74e0472ccd --- /dev/null +++ b/modules/orchestra/templates/openstack_mysql_password.erb @@ -0,0 +1 @@ +<%= mysql_pass -%>