Add examples directory

To help people get started running this puppet, let's provide a set of
DIB elements and libvirt templates to help set up a mock development
environment.

Change-Id: Ife8e253ba0429bedb924fde5a12f5be9e23dc163

examples/README.rst

@@ -0,0 +1,77 @@
+InfraCloud Development
+======================
+
+This example provides a set of DIB elements, libvirt templates, and
+instructions for creating a local development environment that simulates the
+InfraCloud production environment. This means the networking and everything
+ansible sets up in preparation for running puppet apply, including a dummy
+hiera database. It also includes a script to do a short smoke test.
+
+Setup
+-----
+
+These instructions assume libvirt and disk-image-builder are already installed,
+and that there is a public SSH key in ~/.ssh/id_rsa.pub for the devuser element
+to copy.
+
+Create two disk images::
+
+  export DIB_DEV_USER_PWDLESS_SUDO=yes
+  export ELEMENTS_PATH=$HOME/infracloud-development/elements
+  DIB_ROLE=controller disk-image-create -u ubuntu devuser system-config puppet \
+    motd smoke-test infracloud-static-net vm cloud-init-nocloud \
+    -o "/tmp/infracloud-controller.qcow2" --image-size 20 \
+    -p git,vim,vlan,bridge-utils
+  DIB_ROLE=compute disk-image-create -u ubuntu devuser system-config puppet \
+    motd infracloud-static-net vm cloud-init-nocloud \
+    -o "/tmp/infracloud-compute.qcow2" --image-size 20 \
+    -p git,vim,vlan,bridge-utils
+
+These images have static IP addresses and hostnames baked into them. This
+simulates the production environment for most purposes but avoids too much
+complexity setting up local networks.
+
+Define the network::
+
+  virsh net-define definitions/network.xml
+
+Start the network::
+
+  virsh net-start public
+
+Define the VMs::
+
+  virsh define definitions/controller.xml
+  virsh define definitions/compute.xml
+
+Start the VMs::
+
+  virsh start controller
+  virsh start compute
+
+Puppet
+------
+
+SSH into the controller::
+
+  source functions/sshvm
+  sshvm controller
+
+Apply any puppet changes you're testing to /etc/puppet/modules/infracloud or
+/opt/system-config/production.
+
+Run puppet apply::
+
+  puppet apply /opt/system-config/production/manifests/site.pp
+
+Do the same on the compute node once the controller is finished::
+
+  sshvm compute
+  puppet apply /opt/system-config/production/manifests/site.pp
+
+Test
+----
+
+Run the smoke test script::
+
+  bash -ex /opt/smoke-test

examples/definitions/compute.xml

@@ -0,0 +1,52 @@
+<domain type='kvm'>
+  <name>compute</name>
+  <memory unit='MiB'>4096</memory>
+  <vcpu>1</vcpu>
+  <os>
+    <type arch='x86_64'>hvm</type>
+    <boot dev='hd'/>
+    <bootmenu enable='no'/>
+  </os>
+  <features>
+    <acpi/>
+    <apic/>
+    <pae/>
+  </features>
+  <clock offset='utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>restart</on_crash>
+  <devices>
+    <emulator>/usr/bin/kvm-spice</emulator>
+    <disk type='file' device='disk'>
+      <driver name='qemu' type='qcow2' cache='unsafe'/>
+      <source file='/tmp/infracloud-compute.qcow2'/>
+      <target dev='sda' bus='sata'/>
+      <address type='drive' controller='0' bus='0' unit='0'/>
+    </disk>
+    <controller type='ide' index='0'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
+    </controller>
+    <input type='mouse' bus='ps2'/>
+    <graphics type='vnc' port='-1' autoport='yes'/>
+    <video>
+      <model type='cirrus' vram='9216' heads='1'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
+    </video>
+    <memballoon model='virtio'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
+    </memballoon>
+    <interface type='network'>
+      <source network='public'/>
+      <mac address='52:54:00:3d:68:45' />
+      <model type='virtio'/>
+    </interface>
+    <serial type='pty'>
+      <target port='0'/>
+    </serial>
+    <console type='pty'>
+      <target type='serial' port='0'/>
+    </console>
+  </devices>
+</domain>
+

examples/definitions/controller.xml

@@ -0,0 +1,52 @@
+<domain type='kvm'>
+  <name>controller</name>
+  <memory unit='MiB'>4096</memory>
+  <vcpu>1</vcpu>
+  <os>
+    <type arch='x86_64'>hvm</type>
+    <boot dev='hd'/>
+    <bootmenu enable='no'/>
+  </os>
+  <features>
+    <acpi/>
+    <apic/>
+    <pae/>
+  </features>
+  <clock offset='utc'/>
+  <on_poweroff>destroy</on_poweroff>
+  <on_reboot>restart</on_reboot>
+  <on_crash>restart</on_crash>
+  <devices>
+    <emulator>/usr/bin/kvm-spice</emulator>
+    <disk type='file' device='disk'>
+      <driver name='qemu' type='qcow2' cache='unsafe'/>
+      <source file='/tmp/infracloud-controller.qcow2'/>
+      <target dev='sda' bus='sata'/>
+      <address type='drive' controller='0' bus='0' unit='0'/>
+    </disk>
+    <controller type='ide' index='0'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x01' function='0x1'/>
+    </controller>
+    <input type='mouse' bus='ps2'/>
+    <graphics type='vnc' port='-1' autoport='yes'/>
+    <video>
+      <model type='cirrus' vram='9216' heads='1'/>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x02' function='0x0'/>
+    </video>
+    <memballoon model='virtio'>
+      <address type='pci' domain='0x0000' bus='0x00' slot='0x07' function='0x0'/>
+    </memballoon>
+    <interface type='network'>
+      <source network='public'/>
+      <mac address='52:54:00:04:24:dc'/>
+      <model type='virtio'/>
+    </interface>
+    <serial type='pty'>
+      <target port='0'/>
+    </serial>
+    <console type='pty'>
+      <target type='serial' port='0'/>
+    </console>
+  </devices>
+</domain>
+

examples/definitions/network.xml

@@ -0,0 +1,13 @@
+<network connections='1'>
+  <name>public</name>
+  <forward mode='nat'>
+    <nat>
+      <port start='1024' end='65535'/>
+    </nat>
+  </forward>
+  <ip address='192.168.25.1' netmask='255.255.255.0'>
+    <dhcp>
+      <range start='192.168.25.2' end='192.168.25.254'/>
+    </dhcp>
+  </ip>
+</network>

examples/elements/infracloud-static-net/element-deps

@@ -0,0 +1 @@
+install-static

examples/elements/infracloud-static-net/post-install.d/05-set-hostname

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+set -ux
+
+if [ "$DIB_ROLE" == "controller" ] ; then
+  HOSTNAME="controller00"
+elif [ "$DIB_ROLE" == "compute" ] ; then
+  HOSTNAME="compute000"
+else
+  echo "DIB_ROLE must be either 'controller' or 'compute'."
+  exit 1
+fi
+
+echo $HOSTNAME > /etc/hostname

examples/elements/infracloud-static-net/post-install.d/10-set-ips

@@ -0,0 +1,34 @@
+#!/bin/bash
+
+set -u
+
+if [ "$DIB_ROLE" == "controller" ] ; then
+  ip="192.168.25.4"
+elif [ "$DIB_ROLE" == "compute" ] ; then
+  ip="192.168.25.5"
+else
+  echo "DIB_ROLE must be either 'controller' or 'compute'."
+  exit 1
+fi
+
+cat > /etc/network/interfaces <<EOF
+auto lo
+iface lo inet loopback
+
+auto eth2
+iface eth2 inet dhcp
+
+auto eth2.25
+iface eth2.25 inet manual
+vlan-raw-device eth2
+
+auto br-vlan25
+iface br-vlan25 inet static
+address $ip
+netmask 255.255.255.0
+gateway 192.168.25.1
+bridge_ports eth2.25
+bridge_hello 2
+bridge_maxage 12
+bridge_stp off
+EOF

examples/elements/infracloud-static-net/static/etc/hosts

@@ -0,0 +1,3 @@
+127.0.0.1 localhost
+192.168.25.4 controller00.hpuswest.ic.openstack.org controller00
+192.168.25.5 compute000.hpuswest.ic.openstack.org compute000

examples/elements/infracloud-static-net/static/etc/udev/rules.d/76-persistent-net-generator.rules

@@ -0,0 +1,2 @@
+SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="52:54:00:04:24:dc", KERNEL=="eth*", DRIVERS=="?*", ATTR{dev_id}=="0x0", ATTR{type}=="1", NAME="eth2"
+SUBSYSTEM=="net", ACTION=="add", ATTR{address}=="52:54:00:3d:68:45", KERNEL=="eth*", DRIVERS=="?*", ATTR{dev_id}=="0x0", ATTR{type}=="1", NAME="eth2"

examples/elements/motd/element-deps

@@ -0,0 +1 @@
+install-static

examples/elements/motd/static/etc/motd

@@ -0,0 +1,7 @@
+######################################################################
+#                                                                    #
+#  Run this:                                                         #
+#                                                                    #
+#  sudo puppet apply /opt/system-config/production/manifests/site.pp #
+#                                                                    #
+######################################################################

examples/elements/puppet/element-deps

@@ -0,0 +1 @@
+system-config

examples/elements/puppet/install.d/15-install-puppet

@@ -0,0 +1,6 @@
+#!/bin/bash
+
+set -x
+
+/opt/system-config/production/install_puppet.sh
+/opt/system-config/production/install_modules.sh

examples/elements/puppet/static/etc/puppet/environments/production/environment.conf

@@ -0,0 +1,2 @@
+manifest = /opt/system-config/production/manifests/site.pp
+modulepath = $basemodulepath:modules:/opt/system-config/production/modules

examples/elements/puppet/static/etc/puppet/hiera.yaml

@@ -0,0 +1,14 @@
+---
+:hierarchy:
+  # Use private hieradata first
+  - "hieradata/%{::environment}/fqdn/%{::fqdn}"
+  - "hieradata/%{::environment}/group/%{group}" # no :: because group is set at nodescope
+  - "hieradata/%{::environment}/common"
+  # Use public hieradata second, also be environmentally aware
+  - "%{::environment}/hiera/fqdn/%{::fqdn}"
+  - "%{::environment}/hiera/group/%{group}" # no :: because group is set at nodescope
+  - "%{::environment}/hiera/common"
+:backends:
+  - yaml
+:yaml:
+  :datadir: "/opt/system-config/"

examples/elements/puppet/static/etc/puppet/puppet.conf

@@ -0,0 +1,9 @@
+[main]
+logdir=/var/log/puppet
+vardir=/var/lib/puppet
+ssldir=/var/lib/puppet/ssl
+rundir=/var/run/puppet
+basemodulepath=/etc/puppet/modules
+environmentpath = /etc/puppet/environments
+data_binding_terminus = none
+hiera_config = /etc/puppet/hiera.yaml

examples/elements/puppet/static/opt/system-config/hieradata/production/common.yaml

@@ -0,0 +1,51 @@
+---
+ironic_db_password: XXX
+bifrost_mysql_password: XXX
+keystone_rabbit_password: XXX
+neutron_rabbit_password: XXX
+nova_rabbit_password: XXX
+keystone_mysql_password: XXX
+glance_mysql_password: XXX
+nova_mysql_password: XXX
+neutron_mysql_password: XXX
+infracloud_mysql_password: XXX
+keystone_admin_password: XXX
+glance_admin_password: XXX
+neutron_admin_password: XXX
+nova_admin_password: XXX
+keystone_admin_token: XXX
+openstackci_infracloud_password: XXX
+openstackjenkins_infracloud_password: XXX
+# subject=/C=US/ST=Some-State/O=OpenStack Infra Fake Cert/CN=controller00.hpuswest.ic.openstack.org
+ssl_key_file_contents: |
+  -----BEGIN RSA PRIVATE KEY-----
+  MIICXAIBAAKBgQDQIm6WkLzUTzJEK0T9hLvzPTtywR/doQK+/ItViDNBkm1SqA2A
+  7gORn/eDpryJ4ETi+oSE1Xg54+X3cRnHJN5xeTMGpP6yn/fkEVmdLWJNyox+wC98
+  nWoLYcvWTS+hIy339yA4NMxzXa/Hp168jMu1vsPQDFQDW+4aR62X/06UWwIDAQAB
+  AoGBAJe7UkWflJluduWtaaksN9y2mf0pf3KR66+R6n3bQgqeleY5L0b7vUxPgyDN
+  0ArvnSifmzY/bVs+oirGoBVG8oYT4p/1peKbSc2S78Ugh9CaR/BOtsrfwsUOJoE5
+  +0N0iZO14wOb54AZkcLIC6tDE2FhrywXLaHx6aJHm9u51ovJAkEA8ybpUxSrjR+J
+  MktuS/BnTnTvIB6bk0Gn6CIuZALs9sz6kBKo3b76drOuN9YAarIHABaJIL81LPi+
+  /hZGPoXjTQJBANsh180Gjw8iko+NtWW2izpvTeBWWyU1P9Jwr2pEi6qN4Tc+NGEV
+  J+xLpqyZc28kkA10tiDcDvYi/dgTiY4lskcCQHgARDbUhLXpUnSX9Z9UzidSXpGj
+  iXRresp91BdXukszbpWcH+sQTdw3YUv9OcduhTXt6U9YDo5bVSdhJtnEiiECQEJz
+  lt+j14o9b7h8vr+jhcEos7MOPQGhjkMgzPEq7DfCYsO/515xbfPoVRkOR8Uyj0Sl
+  Wf3I/fiCT/xQoGws3k0CQEgMq/8WNK3c6BG4LviqP2++GNm9mwYvZIz+mDlnjHvR
+  ZbKDbwWy2wYp2n/7WknIQS0o1CmcDXYAYgr4IPgLrfw=
+  -----END RSA PRIVATE KEY-----
+infracloud_hpuswest_ssl_cert_file_contents: |
+  -----BEGIN CERTIFICATE-----
+  MIICZTCCAc4CCQDF0vhjB9rjdTANBgkqhkiG9w0BAQsFADB3MQswCQYDVQQGEwJV
+  UzETMBEGA1UECAwKU29tZS1TdGF0ZTEiMCAGA1UECgwZT3BlblN0YWNrIEluZnJh
+  IEZha2UgQ2VydDEvMC0GA1UEAwwmY29udHJvbGxlcjAwLmhwdXN3ZXN0LmljLm9w
+  ZW5zdGFjay5vcmcwHhcNMTYwMjE1MjI1MTA1WhcNMTcwMjE0MjI1MTA1WjB3MQsw
+  CQYDVQQGEwJVUzETMBEGA1UECAwKU29tZS1TdGF0ZTEiMCAGA1UECgwZT3BlblN0
+  YWNrIEluZnJhIEZha2UgQ2VydDEvMC0GA1UEAwwmY29udHJvbGxlcjAwLmhwdXN3
+  ZXN0LmljLm9wZW5zdGFjay5vcmcwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGB
+  ANAibpaQvNRPMkQrRP2Eu/M9O3LBH92hAr78i1WIM0GSbVKoDYDuA5Gf94OmvIng
+  ROL6hITVeDnj5fdxGcck3nF5Mwak/rKf9+QRWZ0tYk3KjH7AL3ydagthy9ZNL6Ej
+  Lff3IDg0zHNdr8enXryMy7W+w9AMVANb7hpHrZf/TpRbAgMBAAEwDQYJKoZIhvcN
+  AQELBQADgYEAmqKsBH/c53P66zMJaoup8i2t4V+P0TWEVvKoxXMl1I2Cqahk1TZh
+  L2bb8x0gKs7Q8fQ7hWA785JvUBrTMhpqkGkhNERyaVQIhHHwTgzSoOp8Cs+16sy8
+  FzJrVWIctN7qHXhK0r2R+wKEHc+J7FruoLhKGerFrLv4vgsR+rgObrk=
+  -----END CERTIFICATE-----

examples/elements/smoke-test/element-deps

@@ -0,0 +1 @@
+install-static

examples/elements/smoke-test/static/opt/smoke-test

@@ -0,0 +1,66 @@
+#/bin/bash -ex
+cleanup()
+{
+  if [ "$?" -ne 0 ] ; then
+    echo "FAILED"
+  fi
+  if openstack image list | grep cirros ; then
+    openstack image delete cirros
+  fi
+  if openstack keypair list | grep controller ; then
+    openstack keypair delete controller
+  fi
+  if openstack server list | grep test ; then
+    openstack server delete test
+  fi
+}
+
+export OS_TENANT_NAME='openstack' 
+export OS_USERNAME='admin' 
+export OS_PASSWORD='XXX'
+export OS_AUTH_URL='https://controller00.hpuswest.ic.openstack.org:5000/v3'
+export OS_PROJECT_DOMAIN_NAME=default
+export OS_USER_DOMAIN_NAME=default
+export OS_IDENTITY_API_VERSION=3
+export OS_AUTH_TYPE=v3password
+
+trap cleanup EXIT
+
+openstack project list
+openstack user list
+openstack service list
+openstack endpoint list
+
+nova list
+nova image-list
+nova flavor-list
+nova keypair-list
+
+if nova service-list | grep down ; then
+  exit 1
+fi
+
+glance image-list
+
+neutron net-list
+neutron subnet-list
+
+openstack image create --copy-from http://download.cirros-cloud.net/0.3.1/cirros-0.3.1-x86_64-disk.img \
+                       --public \
+                       --container-format bare \
+                       --disk-format qcow2 \
+                       cirros
+sleep 3
+openstack image list --long | grep cirros | grep active
+
+if [ ! -e ~/.ssh/id_rsa.pub ] ; then
+  ssh-keygen -f ~/.ssh/id_rsa -q -N ""
+fi
+nova keypair-add --pub-key ~/.ssh/id_rsa.pub controller
+nova keypair-list
+
+nova boot --flavor 1 --image cirros --key-name controller test
+sleep 8
+nova list | grep test | grep ACTIVE
+
+echo "Success!"

examples/elements/system-config/element-deps

@@ -0,0 +1 @@
+source-repositories

examples/elements/system-config/source-repository-system-config

@@ -0,0 +1 @@
+system-config git /opt/system-config/production https://git.openstack.org/openstack-infra/system-config

examples/functions/sshvm

@@ -0,0 +1,37 @@
+#!/bin/bash
+
+ssh_cmd() {
+  local vm_ip=$1
+  shift
+  ssh devuser@${vm_ip} -o StrictHostKeyChecking=no "$*"
+}
+
+sshvm() {
+  local vm_name=$1
+  shift
+  local vm_mac=$(virsh dumpxml $vm_name | grep -m 1 'mac address' | cut -d "'" -f 2)
+  local vm_ip=$(arp -n | grep -m 1 $vm_mac | cut -d ' ' -f 1)
+  local tries=2
+  while [ $tries -ge 0 ] ; do
+    if [ -n "$vm_ip" ] ; then
+      local error=$(ssh_cmd $vm_ip true 2>&1) # Check for connection refused and try again
+      if [[ ! $error =~ .*Connection\ refused.* ]] ; then
+        echo "SSHing to $vm_ip"
+        ssh_cmd $vm_ip "$*"
+        break
+      else
+        echo "SSH is not ready yet. Trying again in 5 seconds."
+        sleep 5
+      fi
+    else
+      if [ $tries -eq 0 ] ; then
+        echo "Could not reach VM."
+      else
+        echo "VM is not ready yet. Trying $tries more time(s) in 15 seconds."
+        sleep 15
+      fi
+      vm_ip=$(arp -n | grep $vm_mac | cut -d ' ' -f 1)
+      tries=$(echo "${tries}-1" | bc)
+    fi
+  done
+}