opendev/system-config
Code Issues Proposed changes

Merge "Remove salt"

Browse Source
This commit is contained in:
Jenkins 2014-07-05 18:07:55 +00:00 committed by Gerrit Code Review
commit 1d390cc8db
10 changed files with 64 additions and 125 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
launch/README
View File

@ -3,12 +3,11 @@ Create Server
Note that these instructions assume you're working from this Note that these instructions assume you're working from this
directory on an updated local clone of the repository on the directory on an updated local clone of the repository on the
puppetmaster, and that your account is a member of the admin, puppet puppetmaster, and that your account is a member of the admin
and salt groups for access to their respective keys:: and puppet groups for access to their respective keys::
sudo adduser $(whoami) admin sudo adduser $(whoami) admin
sudo adduser $(whoami) puppet sudo adduser $(whoami) puppet
sudo adduser $(whoami) salt
(Remember to log out and back into your shell if you add yourself (Remember to log out and back into your shell if you add yourself
to a group.) to a group.)
@ -32,10 +31,6 @@ To launch a node in the OpenStack Jenkins account (slave nodes)::
sudo puppet cert generate $FQDN sudo puppet cert generate $FQDN
./launch-node.py $FQDN --image "$IMAGE" --flavor "$FLAVOR" ./launch-node.py $FQDN --image "$IMAGE" --flavor "$FLAVOR"
There is also a --salt option which can be used to tell the script to
automatically configure and enroll the server as a minion on the salt
master.
If you are launching a replacement server, you may skip the generate If you are launching a replacement server, you may skip the generate
step and specify the name of an existing puppet cert (as long as the step and specify the name of an existing puppet cert (as long as the
private key is on this host). private key is on this host).

30
launch/launch-node.py
View File

@ -23,7 +23,6 @@ import os
import time import time
import traceback import traceback
import argparse import argparse
import shutil
import dns import dns
import utils import utils
@ -38,9 +37,6 @@ IPV6 = os.environ.get('IPV6', '0') is 1
SCRIPT_DIR = os.path.dirname(sys.argv[0]) SCRIPT_DIR = os.path.dirname(sys.argv[0])
SALT_MASTER_PKI = os.environ.get('SALT_MASTER_PKI', '/etc/salt/pki/master')
SALT_MINION_PKI = os.environ.get('SALT_MINION_PKI', '/etc/salt/pki/minion')
def get_client(): def get_client():
args = [NOVA_USERNAME, NOVA_PASSWORD, NOVA_PROJECT_ID, NOVA_URL] args = [NOVA_USERNAME, NOVA_PASSWORD, NOVA_PROJECT_ID, NOVA_URL]
@ -56,8 +52,8 @@ def get_client():
return client return client
def bootstrap_server(server, admin_pass, key, cert, environment, name, def bootstrap_server(
salt_priv, salt_pub, puppetmaster): server, admin_pass, key, cert, environment, name, puppetmaster):
ip = utils.get_public_ip(server) ip = utils.get_public_ip(server)
if not ip: if not ip:
raise Exception("Unable to find public ip of server") raise Exception("Unable to find public ip of server")
@ -107,16 +103,6 @@ def bootstrap_server(server, admin_pass, key, cert, environment, name,
ssh_client.ssh("chmod 0750 /var/lib/puppet/ssl/private_keys") ssh_client.ssh("chmod 0750 /var/lib/puppet/ssl/private_keys")
ssh_client.ssh("chmod 0755 /var/lib/puppet/ssl/public_keys") ssh_client.ssh("chmod 0755 /var/lib/puppet/ssl/public_keys")
if salt_pub and salt_priv:
# Assuming salt-master is running on the puppetmaster
shutil.copyfile(salt_pub,
os.path.join(SALT_MASTER_PKI, 'minions', name))
ssh_client.ssh('mkdir -p {0}'.format(SALT_MINION_PKI))
ssh_client.scp(salt_pub,
os.path.join(SALT_MINION_PKI, 'minion.pub'))
ssh_client.scp(salt_priv,
os.path.join(SALT_MINION_PKI, 'minion.pem'))
for ssldir in ['/var/lib/puppet/ssl/certs/', for ssldir in ['/var/lib/puppet/ssl/certs/',
'/var/lib/puppet/ssl/private_keys/', '/var/lib/puppet/ssl/private_keys/',
'/var/lib/puppet/ssl/public_keys/']: '/var/lib/puppet/ssl/public_keys/']:
@ -138,7 +124,7 @@ def bootstrap_server(server, admin_pass, key, cert, environment, name,
def build_server( def build_server(
client, name, image, flavor, cert, environment, salt, puppetmaster): client, name, image, flavor, cert, environment, puppetmaster):
key = None key = None
server = None server = None
@ -159,15 +145,11 @@ def build_server(
traceback.print_exc() traceback.print_exc()
raise raise
salt_priv, salt_pub = (None, None)
if salt:
salt_priv, salt_pub = utils.add_salt_keypair(
SALT_MASTER_PKI, name, 2048)
try: try:
admin_pass = server.adminPass admin_pass = server.adminPass
server = utils.wait_for_resource(server) server = utils.wait_for_resource(server)
bootstrap_server(server, admin_pass, key, cert, environment, name, bootstrap_server(server, admin_pass, key, cert, environment, name,
salt_priv, salt_pub, puppetmaster) puppetmaster)
print('UUID=%s\nIPV4=%s\nIPV6=%s\n' % (server.id, print('UUID=%s\nIPV4=%s\nIPV6=%s\n' % (server.id,
server.accessIPv4, server.accessIPv4,
server.accessIPv6)) server.accessIPv6))
@ -197,8 +179,6 @@ def main():
parser.add_argument("--cert", dest="cert", parser.add_argument("--cert", dest="cert",
help="name of signed puppet certificate file (e.g., " help="name of signed puppet certificate file (e.g., "
"hostname.example.com.pem)") "hostname.example.com.pem)")
parser.add_argument("--salt", dest="salt", action="store_true",
help="Manage salt keys for this host.")
parser.add_argument("--server", dest="server", help="Puppetmaster to use.", parser.add_argument("--server", dest="server", help="Puppetmaster to use.",
default="ci-puppetmaster.openstack.org") default="ci-puppetmaster.openstack.org")
options = parser.parse_args() options = parser.parse_args()
@ -239,7 +219,7 @@ def main():
print "Found image", image print "Found image", image
build_server(client, options.name, image, flavor, cert, build_server(client, options.name, image, flavor, cert,
options.environment, options.salt, options.server) options.environment, options.server)
dns.print_dns(client, options.name) dns.print_dns(client, options.name)
if __name__ == '__main__': if __name__ == '__main__':

21
launch/utils.py
View File

@ -30,7 +30,6 @@ try:
except: except:
pass pass
import paramiko import paramiko
import salt.crypt
from sshclient import SSHClient from sshclient import SSHClient
@ -136,26 +135,6 @@ def add_keypair(client, name):
return key, kp return key, kp
def add_salt_keypair(keydir, keyname, keysize=2048):
'''
Generate a key pair for use with Salt
'''
salt_priv = '{0}.pem'.format(keyname)
salt_pub = '{0}.pub'.format(keyname)
priv_key = os.path.join(keydir, salt_priv)
pub_key = os.path.join(keydir, salt_pub)
if not os.path.exists(priv_key) or \
not os.path.exists(pub_key):
try:
os.makedirs(keydir)
except OSError:
pass
priv_key = salt.crypt.gen_keys(keydir, keyname, keysize)
path, ext = os.path.splitext(priv_key)
pub_key = '{0}.pub'.format(path)
return priv_key, pub_key
def wait_for_resource(wait_resource): def wait_for_resource(wait_resource):
last_progress = None last_progress = None
last_status = None last_status = None

9
manifests/site.pp
View File

@ -162,7 +162,6 @@ node 'ci-puppetmaster.openstack.org' {
node 'puppetmaster.openstack.org' { node 'puppetmaster.openstack.org' {
class { 'openstack_project::puppetmaster': class { 'openstack_project::puppetmaster':
root_rsa_key => hiera('puppetmaster_root_rsa_key', 'XXX'), root_rsa_key => hiera('puppetmaster_root_rsa_key', 'XXX'),
salt => false,
update_slave => false, update_slave => false,
sysadmins => hiera('sysadmins', ['admin']), sysadmins => hiera('sysadmins', ['admin']),
version => '3.4.', version => '3.4.',
@ -641,14 +640,6 @@ node 'pypi.slave.openstack.org' {
} }
} }
# Node-OS: precise
node 'salt-trigger.slave.openstack.org' {
include openstack_project
class { 'openstack_project::salt_trigger_slave':
jenkins_ssh_public_key => $openstack_project::jenkins_ssh_key,
}
}
# Node-OS: precise # Node-OS: precise
node /^precise-dev\d+.*\.slave\.openstack\.org$/ { node /^precise-dev\d+.*\.slave\.openstack\.org$/ {
include openstack_project include openstack_project

2
modules/openstack_project/files/salt-trigger.sudoers
View File

@ -1,2 +0,0 @@
# Allow jenkins user to send Salt messages to the Salt Master
jenkins ALL=(ALL) NOPASSWD: /usr/bin/salt-call event.fire_master*

15
modules/openstack_project/manifests/puppetmaster.pp
View File

@ -2,7 +2,6 @@
# #
class openstack_project::puppetmaster ( class openstack_project::puppetmaster (
$root_rsa_key, $root_rsa_key,
$salt = true,
$update_slave = true, $update_slave = true,
$sysadmins = [], $sysadmins = [],
$version = '2.7.', $version = '2.7.',
@ -19,13 +18,6 @@ class openstack_project::puppetmaster (
ca_server => $ca_server, ca_server => $ca_server,
} }
if ($salt) {
class { 'salt':
salt_master => 'ci-puppetmaster.openstack.org',
}
class { 'salt::master': }
}
if ($update_slave) { if ($update_slave) {
$cron_command = 'bash /opt/config/production/run_all.sh' $cron_command = 'bash /opt/config/production/run_all.sh'
logrotate::file { 'updatepuppetmaster': logrotate::file { 'updatepuppetmaster':
@ -45,6 +37,13 @@ class openstack_project::puppetmaster (
$cron_command = 'sleep $((RANDOM\%600)) && cd /opt/config/production && git fetch -q && git reset -q --hard @{u} && ./install_modules.sh && touch manifests/site.pp' $cron_command = 'sleep $((RANDOM\%600)) && cd /opt/config/production && git fetch -q && git reset -q --hard @{u} && ./install_modules.sh && touch manifests/site.pp'
} }
class { 'salt':
ensure => absent,
}
class { 'salt::master':
ensure => absent,
}
cron { 'updatepuppetmaster': cron { 'updatepuppetmaster':
user => 'root', user => 'root',
minute => '*/15', minute => '*/15',

22
modules/openstack_project/manifests/salt_trigger_slave.pp
View File

@ -1,22 +0,0 @@
# Slave used for automatically triggering commands on the salt master.
#
# == Class: openstack_project::salt_trigger_slave
#
class openstack_project::salt_trigger_slave (
$jenkins_ssh_public_key = ''
) {
class { 'openstack_project::slave':
ssh_key => $jenkins_ssh_public_key,
}
file { '/etc/sudoers.d/salt-trigger':
ensure => present,
owner => 'root',
group => 'root',
mode => '0440',
source => 'puppet:///modules/openstack_project/salt-trigger.sudoers',
replace => true,
}
}

7
modules/openstack_project/manifests/slave.pp
View File

@ -10,12 +10,9 @@ class openstack_project::slave (
) { ) {
include openstack_project include openstack_project
include openstack_project::automatic_upgrades
include openstack_project::tmpcleanup include openstack_project::tmpcleanup
class { 'openstack_project::automatic_upgrades':
origins => ['LP-PPA-saltstack-salt precise'],
}
class { 'openstack_project::server': class { 'openstack_project::server':
iptables_public_tcp_ports => [], iptables_public_tcp_ports => [],
certname => $certname, certname => $certname,
@ -28,7 +25,7 @@ class openstack_project::slave (
} }
class { 'salt': class { 'salt':
salt_master => 'ci-puppetmaster.openstack.org', ensure => absent,
} }
include jenkins::cgroups include jenkins::cgroups

28
modules/salt/manifests/init.pp
View File

@ -1,34 +1,46 @@
# Class salt # Class salt
# #
class salt ( class salt (
$ensure = present,
$salt_master = $::fqdn $salt_master = $::fqdn
) { ) {
if ($ensure == present) {
$running_ensure = running
} else {
$running_ensure = stopped
}
if ($::osfamily == 'Debian') { if ($::osfamily == 'Debian') {
include apt include apt
# Wrap in ! defined checks to allow minion and master installs on the # Wrap in ! defined checks to allow minion and master installs on the
# same host. # same host.
if ! defined(Apt::Ppa['ppa:saltstack/salt']) { if ($ensure == present) {
apt::ppa { 'ppa:saltstack/salt': } if ! defined(Apt::Ppa['ppa:saltstack/salt']) {
apt::ppa { 'ppa:saltstack/salt': }
}
Apt::Ppa['ppa:saltstack/salt'] -> Package['salt-minion']
} else {
file { '/etc/apt/sources.list.d/saltstack-salt-precise.list':
ensure => absent
}
} }
if ! defined(Package['python-software-properties']) { if ! defined(Package['python-software-properties']) {
package { 'python-software-properties': package { 'python-software-properties':
ensure => present, ensure => $ensure,
} }
} }
Apt::Ppa['ppa:saltstack/salt'] -> Package['salt-minion']
} }
package { 'salt-minion': package { 'salt-minion':
ensure => present ensure => $ensure
} }
file { '/etc/salt/minion': file { '/etc/salt/minion':
ensure => present, ensure => $ensure,
owner => 'root', owner => 'root',
group => 'root', group => 'root',
mode => '0644', mode => '0644',
@ -38,7 +50,7 @@ class salt (
} }
service { 'salt-minion': service { 'salt-minion':
ensure => running, ensure => $running_ensure,
enable => true, enable => true,
require => File['/etc/salt/minion'], require => File['/etc/salt/minion'],
subscribe => [ subscribe => [

46
modules/salt/manifests/master.pp
View File

@ -1,37 +1,47 @@
# Class salt::master # Class salt::master
# #
class salt::master { class salt::master (
$ensure = present,
) {
if ($ensure == present) {
$directory_ensure = directory
$running_ensure = running
} else {
$directory_ensure = absent
$running_ensure = stopped
}
if ($::osfamily == 'Debian') { if ($::osfamily == 'Debian') {
include apt include apt
# Wrap in ! defined checks to allow minion and master installs on the # Wrap in ! defined checks to allow minion and master installs on the
# same host. # same host.
if ! defined(Apt::Ppa['ppa:saltstack/salt']) { if ($ensure == present) {
apt::ppa { 'ppa:saltstack/salt': } if ! defined(Apt::Ppa['ppa:saltstack/salt']) {
apt::ppa { 'ppa:saltstack/salt': }
}
Apt::Ppa['ppa:saltstack/salt'] -> Package['salt-master']
} }
if ! defined(Package['python-software-properties']) { if ! defined(Package['python-software-properties']) {
package { 'python-software-properties': package { 'python-software-properties':
ensure => present, ensure => $ensure,
} }
} }
Apt::Ppa['ppa:saltstack/salt'] -> Package['salt-master']
} }
package { 'salt-master': package { 'salt-master':
ensure => present ensure => $ensure
} }
group { 'salt': group { 'salt':
ensure => present, ensure => $ensure,
system => true, system => true,
} }
user { 'salt': user { 'salt':
ensure => present, ensure => $ensure,
gid => 'salt', gid => 'salt',
home => '/home/salt', home => '/home/salt',
shell => '/bin/bash', shell => '/bin/bash',
@ -40,7 +50,7 @@ class salt::master {
} }
file { '/home/salt': file { '/home/salt':
ensure => directory, ensure => $directory_ensure,
owner => 'salt', owner => 'salt',
group => 'salt', group => 'salt',
mode => '0755', mode => '0755',
@ -48,7 +58,7 @@ class salt::master {
} }
file { '/etc/salt/master': file { '/etc/salt/master':
ensure => present, ensure => $ensure,
owner => 'salt', owner => 'salt',
group => 'salt', group => 'salt',
mode => '0644', mode => '0644',
@ -58,7 +68,7 @@ class salt::master {
} }
file { '/srv/reactor': file { '/srv/reactor':
ensure => directory, ensure => $directory_ensure,
owner => 'salt', owner => 'salt',
group => 'salt', group => 'salt',
mode => '0755', mode => '0755',
@ -69,7 +79,7 @@ class salt::master {
} }
file { '/srv/reactor/tests.sls': file { '/srv/reactor/tests.sls':
ensure => present, ensure => $ensure,
owner => 'salt', owner => 'salt',
group => 'salt', group => 'salt',
mode => '0644', mode => '0644',
@ -82,7 +92,7 @@ class salt::master {
} }
file { '/etc/salt/pki': file { '/etc/salt/pki':
ensure => directory, ensure => $directory_ensure,
owner => 'salt', owner => 'salt',
group => 'salt', group => 'salt',
mode => '0710', mode => '0710',
@ -93,7 +103,7 @@ class salt::master {
} }
file { '/etc/salt/pki/master': file { '/etc/salt/pki/master':
ensure => directory, ensure => $directory_ensure,
owner => 'salt', owner => 'salt',
group => 'salt', group => 'salt',
mode => '0770', mode => '0770',
@ -101,7 +111,7 @@ class salt::master {
} }
file { '/etc/salt/pki/master/minions': file { '/etc/salt/pki/master/minions':
ensure => directory, ensure => $directory_ensure,
owner => 'salt', owner => 'salt',
group => 'salt', group => 'salt',
mode => '0775', mode => '0775',
@ -109,7 +119,7 @@ class salt::master {
} }
service { 'salt-master': service { 'salt-master':
ensure => running, ensure => $running_ensure,
enable => true, enable => true,
require => [ require => [
User['salt'], User['salt'],