opendev/system-config
Code Issues Proposed changes

Merge "Remove salt"

Browse Source
This commit is contained in:
Jenkins 2014-07-05 18:07:55 +00:00 committed by Gerrit Code Review
commit 1d390cc8db
10 changed files with 64 additions and 125 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
launch/README
View File

@ -3,12 +3,11 @@ Create Server
Note that these instructions assume you're working from this
directory on an updated local clone of the repository on the
puppetmaster, and that your account is a member of the admin, puppet
and salt groups for access to their respective keys::
puppetmaster, and that your account is a member of the admin
and puppet groups for access to their respective keys::
sudo adduser $(whoami) admin
sudo adduser $(whoami) puppet
sudo adduser $(whoami) salt
(Remember to log out and back into your shell if you add yourself
to a group.)
@ -32,10 +31,6 @@ To launch a node in the OpenStack Jenkins account (slave nodes)::
sudo puppet cert generate $FQDN
./launch-node.py $FQDN --image "$IMAGE" --flavor "$FLAVOR"
There is also a --salt option which can be used to tell the script to
automatically configure and enroll the server as a minion on the salt
master.
If you are launching a replacement server, you may skip the generate
step and specify the name of an existing puppet cert (as long as the
private key is on this host).

30
launch/launch-node.py
View File

@ -23,7 +23,6 @@ import os
import time
import traceback
import argparse
import shutil
import dns
import utils
@ -38,9 +37,6 @@ IPV6 = os.environ.get('IPV6', '0') is 1
SCRIPT_DIR = os.path.dirname(sys.argv[0])
SALT_MASTER_PKI = os.environ.get('SALT_MASTER_PKI', '/etc/salt/pki/master')
SALT_MINION_PKI = os.environ.get('SALT_MINION_PKI', '/etc/salt/pki/minion')
def get_client():
args = [NOVA_USERNAME, NOVA_PASSWORD, NOVA_PROJECT_ID, NOVA_URL]
@ -56,8 +52,8 @@ def get_client():
return client
def bootstrap_server(server, admin_pass, key, cert, environment, name,
salt_priv, salt_pub, puppetmaster):
def bootstrap_server(
server, admin_pass, key, cert, environment, name, puppetmaster):
ip = utils.get_public_ip(server)
if not ip:
raise Exception("Unable to find public ip of server")
@ -107,16 +103,6 @@ def bootstrap_server(server, admin_pass, key, cert, environment, name,
ssh_client.ssh("chmod 0750 /var/lib/puppet/ssl/private_keys")
ssh_client.ssh("chmod 0755 /var/lib/puppet/ssl/public_keys")
if salt_pub and salt_priv:
# Assuming salt-master is running on the puppetmaster
shutil.copyfile(salt_pub,
os.path.join(SALT_MASTER_PKI, 'minions', name))
ssh_client.ssh('mkdir -p {0}'.format(SALT_MINION_PKI))
ssh_client.scp(salt_pub,
os.path.join(SALT_MINION_PKI, 'minion.pub'))
ssh_client.scp(salt_priv,
os.path.join(SALT_MINION_PKI, 'minion.pem'))
for ssldir in ['/var/lib/puppet/ssl/certs/',
'/var/lib/puppet/ssl/private_keys/',
'/var/lib/puppet/ssl/public_keys/']:
@ -138,7 +124,7 @@ def bootstrap_server(server, admin_pass, key, cert, environment, name,
def build_server(
client, name, image, flavor, cert, environment, salt, puppetmaster):
client, name, image, flavor, cert, environment, puppetmaster):
key = None
server = None
@ -159,15 +145,11 @@ def build_server(
traceback.print_exc()
raise
salt_priv, salt_pub = (None, None)
if salt:
salt_priv, salt_pub = utils.add_salt_keypair(
SALT_MASTER_PKI, name, 2048)
try:
admin_pass = server.adminPass
server = utils.wait_for_resource(server)
bootstrap_server(server, admin_pass, key, cert, environment, name,
salt_priv, salt_pub, puppetmaster)
puppetmaster)
print('UUID=%s\nIPV4=%s\nIPV6=%s\n' % (server.id,
server.accessIPv4,
server.accessIPv6))
@ -197,8 +179,6 @@ def main():
parser.add_argument("--cert", dest="cert",
help="name of signed puppet certificate file (e.g., "
"hostname.example.com.pem)")
parser.add_argument("--salt", dest="salt", action="store_true",
help="Manage salt keys for this host.")
parser.add_argument("--server", dest="server", help="Puppetmaster to use.",
default="ci-puppetmaster.openstack.org")
options = parser.parse_args()
@ -239,7 +219,7 @@ def main():
print "Found image", image
build_server(client, options.name, image, flavor, cert,
options.environment, options.salt, options.server)
options.environment, options.server)
dns.print_dns(client, options.name)
if __name__ == '__main__':

21
launch/utils.py
View File

@ -30,7 +30,6 @@ try:
except:
pass
import paramiko
import salt.crypt
from sshclient import SSHClient
@ -136,26 +135,6 @@ def add_keypair(client, name):
return key, kp
def add_salt_keypair(keydir, keyname, keysize=2048):
'''
Generate a key pair for use with Salt
'''
salt_priv = '{0}.pem'.format(keyname)
salt_pub = '{0}.pub'.format(keyname)
priv_key = os.path.join(keydir, salt_priv)
pub_key = os.path.join(keydir, salt_pub)
if not os.path.exists(priv_key) or \
not os.path.exists(pub_key):
try:
os.makedirs(keydir)
except OSError:
pass
priv_key = salt.crypt.gen_keys(keydir, keyname, keysize)
path, ext = os.path.splitext(priv_key)
pub_key = '{0}.pub'.format(path)
return priv_key, pub_key
def wait_for_resource(wait_resource):
last_progress = None
last_status = None

9
manifests/site.pp
View File

@ -162,7 +162,6 @@ node 'ci-puppetmaster.openstack.org' {
node 'puppetmaster.openstack.org' {
class { 'openstack_project::puppetmaster':
root_rsa_key => hiera('puppetmaster_root_rsa_key', 'XXX'),
salt => false,
update_slave => false,
sysadmins => hiera('sysadmins', ['admin']),
version => '3.4.',
@ -641,14 +640,6 @@ node 'pypi.slave.openstack.org' {
}
}
# Node-OS: precise
node 'salt-trigger.slave.openstack.org' {
include openstack_project
class { 'openstack_project::salt_trigger_slave':
jenkins_ssh_public_key => $openstack_project::jenkins_ssh_key,
}
}
# Node-OS: precise
node /^precise-dev\d+.*\.slave\.openstack\.org$/ {
include openstack_project

2
modules/openstack_project/files/salt-trigger.sudoers
View File

@ -1,2 +0,0 @@
# Allow jenkins user to send Salt messages to the Salt Master
jenkins ALL=(ALL) NOPASSWD: /usr/bin/salt-call event.fire_master*

15
modules/openstack_project/manifests/puppetmaster.pp
View File

@ -2,7 +2,6 @@
#
class openstack_project::puppetmaster (
$root_rsa_key,
$salt = true,
$update_slave = true,
$sysadmins = [],
$version = '2.7.',
@ -19,13 +18,6 @@ class openstack_project::puppetmaster (
ca_server => $ca_server,
}
if ($salt) {
class { 'salt':
salt_master => 'ci-puppetmaster.openstack.org',
}
class { 'salt::master': }
}
if ($update_slave) {
$cron_command = 'bash /opt/config/production/run_all.sh'
logrotate::file { 'updatepuppetmaster':
@ -45,6 +37,13 @@ class openstack_project::puppetmaster (
$cron_command = 'sleep $((RANDOM\%600)) && cd /opt/config/production && git fetch -q && git reset -q --hard @{u} && ./install_modules.sh && touch manifests/site.pp'
}
class { 'salt':
ensure => absent,
}
class { 'salt::master':
ensure => absent,
}
cron { 'updatepuppetmaster':
user => 'root',
minute => '*/15',

22
modules/openstack_project/manifests/salt_trigger_slave.pp
View File

@ -1,22 +0,0 @@
# Slave used for automatically triggering commands on the salt master.
#
# == Class: openstack_project::salt_trigger_slave
#
class openstack_project::salt_trigger_slave (
$jenkins_ssh_public_key = ''
) {
class { 'openstack_project::slave':
ssh_key => $jenkins_ssh_public_key,
}
file { '/etc/sudoers.d/salt-trigger':
ensure => present,
owner => 'root',
group => 'root',
mode => '0440',
source => 'puppet:///modules/openstack_project/salt-trigger.sudoers',
replace => true,
}
}

7
modules/openstack_project/manifests/slave.pp
View File

@ -10,12 +10,9 @@ class openstack_project::slave (
) {
include openstack_project
include openstack_project::automatic_upgrades
include openstack_project::tmpcleanup
class { 'openstack_project::automatic_upgrades':
origins => ['LP-PPA-saltstack-salt precise'],
}
class { 'openstack_project::server':
iptables_public_tcp_ports => [],
certname => $certname,
@ -28,7 +25,7 @@ class openstack_project::slave (
}
class { 'salt':
salt_master => 'ci-puppetmaster.openstack.org',
ensure => absent,
}
include jenkins::cgroups

24
modules/salt/manifests/init.pp
View File

@ -1,34 +1,46 @@
# Class salt
#
class salt (
$ensure = present,
$salt_master = $::fqdn
) {
if ($ensure == present) {
$running_ensure = running
} else {
$running_ensure = stopped
}
if ($::osfamily == 'Debian') {
include apt
# Wrap in ! defined checks to allow minion and master installs on the
# same host.
if ($ensure == present) {
if ! defined(Apt::Ppa['ppa:saltstack/salt']) {
apt::ppa { 'ppa:saltstack/salt': }
}
Apt::Ppa['ppa:saltstack/salt'] -> Package['salt-minion']
} else {
file { '/etc/apt/sources.list.d/saltstack-salt-precise.list':
ensure => absent
}
}
if ! defined(Package['python-software-properties']) {
package { 'python-software-properties':
ensure => present,
ensure => $ensure,
}
}
Apt::Ppa['ppa:saltstack/salt'] -> Package['salt-minion']
}
package { 'salt-minion':
ensure => present
ensure => $ensure
}
file { '/etc/salt/minion':
ensure => present,
ensure => $ensure,
owner => 'root',
group => 'root',
mode => '0644',
@ -38,7 +50,7 @@ class salt (
}
service { 'salt-minion':
ensure => running,
ensure => $running_ensure,
enable => true,
require => File['/etc/salt/minion'],
subscribe => [

42
modules/salt/manifests/master.pp
View File

@ -1,37 +1,47 @@
# Class salt::master
#
class salt::master {
class salt::master (
$ensure = present,
) {
if ($ensure == present) {
$directory_ensure = directory
$running_ensure = running
} else {
$directory_ensure = absent
$running_ensure = stopped
}
if ($::osfamily == 'Debian') {
include apt
# Wrap in ! defined checks to allow minion and master installs on the
# same host.
if ($ensure == present) {
if ! defined(Apt::Ppa['ppa:saltstack/salt']) {
apt::ppa { 'ppa:saltstack/salt': }
}
Apt::Ppa['ppa:saltstack/salt'] -> Package['salt-master']
}
if ! defined(Package['python-software-properties']) {
package { 'python-software-properties':
ensure => present,
ensure => $ensure,
}
}
Apt::Ppa['ppa:saltstack/salt'] -> Package['salt-master']
}
package { 'salt-master':
ensure => present
ensure => $ensure
}
group { 'salt':
ensure => present,
ensure => $ensure,
system => true,
}
user { 'salt':
ensure => present,
ensure => $ensure,
gid => 'salt',
home => '/home/salt',
shell => '/bin/bash',
@ -40,7 +50,7 @@ class salt::master {
}
file { '/home/salt':
ensure => directory,
ensure => $directory_ensure,
owner => 'salt',
group => 'salt',
mode => '0755',
@ -48,7 +58,7 @@ class salt::master {
}
file { '/etc/salt/master':
ensure => present,
ensure => $ensure,
owner => 'salt',
group => 'salt',
mode => '0644',
@ -58,7 +68,7 @@ class salt::master {
}
file { '/srv/reactor':
ensure => directory,
ensure => $directory_ensure,
owner => 'salt',
group => 'salt',
mode => '0755',
@ -69,7 +79,7 @@ class salt::master {
}
file { '/srv/reactor/tests.sls':
ensure => present,
ensure => $ensure,
owner => 'salt',
group => 'salt',
mode => '0644',
@ -82,7 +92,7 @@ class salt::master {
}
file { '/etc/salt/pki':
ensure => directory,
ensure => $directory_ensure,
owner => 'salt',
group => 'salt',
mode => '0710',
@ -93,7 +103,7 @@ class salt::master {
}
file { '/etc/salt/pki/master':
ensure => directory,
ensure => $directory_ensure,
owner => 'salt',
group => 'salt',
mode => '0770',
@ -101,7 +111,7 @@ class salt::master {
}
file { '/etc/salt/pki/master/minions':
ensure => directory,
ensure => $directory_ensure,
owner => 'salt',
group => 'salt',
mode => '0775',
@ -109,7 +119,7 @@ class salt::master {
}
service { 'salt-master':
ensure => running,
ensure => $running_ensure,
enable => true,
require => [
User['salt'],