Turn off cron and document hiera.

Change-Id: I7a2db915d8849894a6b218980df6371378f0c77a
2012-07-20 12:38:54 -07:00 · 2012-07-20 12:38:54 -07:00 · 6e27eede4a
commit 6e27eede4a
parent 35f209edff
5 changed files with 66 additions and 71 deletions
--- a/doc/index.rst
+++ b/doc/index.rst
@ -23,7 +23,6 @@ Howtos:
   :maxdepth: 2

   third_party
-   stackforge

 Contents:

--- a/doc/puppet.rst
+++ b/doc/puppet.rst
@ -4,9 +4,10 @@ Puppet Master
 Overview
 --------

-Instead of using a cron job, StackForge uses a puppet master to host the puppet
-manifests and modules.  The other nodes then connect to this as puppet agents
-to get their configuration.
+Puppet agent is a mechanism use to pull puppet manifests and configuration
+from a centralized master. This means there is only one place that needs to
+hold secure information such as passwords, and only one location for the git
+repo holding the modules.

 Puppet Master
 -------------
@ -19,12 +20,12 @@ ship the data to the clients.  To install this:
  sudo apt-get install puppet puppetmaster-passenger

 Files for puppet master are stored in a git repo clone at
-``/opt/openstack-ci-puppet``.  In StackForge we have a ``root`` cron job that
+``/opt/openstack-ci-puppet``.  We have a ``root`` cron job that
 automatically populates these from our puppet git repository as follows:

 .. code-block:: bash

-  */15 * * * * sleep $((RANDOM\%600)) && cd /opt/openstack-ci-puppet && /usr/bin/git pull -q
+  \*/15 * * * * sleep $((RANDOM\%600)) && cd /opt/openstack-ci-puppet && /usr/bin/git pull -q

 The ``/etc/puppet/puppet.conf`` file then needs updating to point to the
 manifest and modules as follows:
@ -38,13 +39,49 @@ manifest and modules as follows:
   ssl_client_verify_header = SSL_CLIENT_VERIFY
   manifestdir=/opt/openstack-ci-puppet/manifests
   modulepath=/opt/openstack-ci-puppet/modules
-   manifest=$manifestdir/stackforge.pp
+   manifest=$manifestdir/site.pp

+Hiera
+-----
+
+Hiera is used to maintain secret information on the puppetmaster.
+
+We want to install hiera from puppetlabs' apt repo, but we don't want to get
+on the puppet upgrade train - so the process is as follows:
+
+.. code-block:: bash
+
+    echo "deb http://apt.puppetlabs.com precise devel" > /etc/apt/sources.list.d/puppetlabs.list
+    apt-get update
+    apt-get install hiera hiera-puppet
+    rm /etc/apt/sources.list.d/puppetlabs.list
+    apt-get update
+
+Hiera uses a systemwide configuration file in ``/etc/puppet/hiera.yaml``
+which tells is where to find subsequent configuration files.
+
+.. code-block:: yaml
+
+    ---
+    :hierarchy:
+      - %{operatingsystem}
+      - common
+    :backends:
+      - yaml
+    :yaml:
+      :datadir: '/etc/puppet/hieradata/%{environment}'
+
+This setup supports multiple configuration. The two sets of environments
+that OpenStack CI users are ``production`` and ``development``. ``production``
+is the default is and the environment used when nothing else is specified.
+Then the configuration needs to be placed into common.yaml in
+``/etc/puppet/hieradata/production`` and ``/etc/puppet/hieradata/development``.
+The values are simple key-value pairs in yaml format.

 Adding a node
 -------------

-On the new server connecting to the puppet master:
+On the new server connecting (for example, review.openstack.org) to the puppet master:

 .. code-block:: bash

@ -63,8 +100,8 @@ of the puppet master with the following additions to ``/etc/puppet/puppet.conf``
 .. code-block:: ini

   [main]
-   server=puppet.stackforge.org
-   certname=review.stackforge.org
+   server=ci-puppetmaster.openstack.org
+   certname=review.openstack.org

 The cert signing process needs to be started with:

@ -81,13 +118,13 @@ On the puppet master:

 You should get a list of entries similar to the one below::

-  review.stackforge.org  (44:18:BB:DF:08:50:62:70:17:07:82:1F:D5:70:0E:BF)
+  review.openstack.org  (44:18:BB:DF:08:50:62:70:17:07:82:1F:D5:70:0E:BF)

 If you see the new node there you can sign its cert on the puppet master with:

 .. code-block:: bash

-  sudo puppet cert sign review.stackforge.org
+  sudo puppet cert sign review.openstack.org

 Finally on the puppet agent you need to start the agent daemon:

--- a/doc/puppet_modules.rst
+++ b/doc/puppet_modules.rst
@ -179,16 +179,16 @@ manifest:
 .. code-block:: ruby

  class { 'gerrit':
-    canonicalweburl => "https://review.stackforge.org/",
-    email => "review@stackforge.org",
-    github_projects => [ {
-                         name => 'stackforge/MRaaS',
-                         close_pull => 'true'
-                         } ],
-    logo => 'stackforge.png'
+    canonicalweburl => "https://review.openstack.org/",
+    email => "review@openstack.org",
+    github_projects => [
+      'openstack/nova',
+      'stackforge/MRaaS',
+      ],
+    logo => 'openstack.png'
  }

-Most of these options are self-explanitory.  The github_projects is a list of
+Most of these options are self-explanitory.  The ``github_projects`` is a list of
 all projects in GitHub which are managed by the gerrit server.

 Skinning
--- a/doc/stackforge.rst
+++ b/doc/stackforge.rst
@ -1,41 +0,0 @@
-HOWTO: Add a Project to StackForge
-==================================
-
-Overview
--------
-
-StackForge is a Gerrit review and Jenkins CI setup similar to that of the main
-OpenStack project but for use with projects that are not under the main
-OpenStack umbrella.
-
-Any project can be added to StackForge as long as it is related to OpenStack in
-some way.
-
-Launchpad
---------
-
-All the developers of the project need to sign up to Launchpad and a team is
-needed for the core project reviewers to join.  This team also needs to be
-a sub-team of the `OpenStack team <https://launchpad.net/~openstack>`_ so that
-Gerrit will be able to see it.
-
-GitHub
------
-
-If you already have a branch on GitHub for the project this will need moving to
-the StackForge GitHub organization.  Otherwise a new branch will need creating
-for you.  The OpenStack Core Infrastructure team can assist in this.
-
-Jenkins and Gerrit
------------------
-
-Until the setup is more automated the OpenStack Core Infrastructure team will
-need to do the Jenkins and Gerrit portion of the setup too.  If you project is
-Python based we have a `Project Testing Interface <http://wiki.openstack.org/ProjectTestingInterface>`_ that we prefer you use.  Otherwise please let the CI
-team know the testing requirements for Jenkins.
-
-Contacting the CI Team
----------------------
-
-The best way to get the CI team to help with the above steps is to `file a CI bug <https://bugs.launchpad.net/openstack-ci>`_.  We are also available on the
-#openstack-infra IRC channel or to the `CI Admins email address <mailto:openstack-ci-admins@lists.launchpad.net>`_.
--- a/manifests/site.pp
+++ b/manifests/site.pp
@ -117,7 +117,7 @@ node default {
 # thus, set it to 5000minutes until the bug is fixed.

 node "review.openstack.org" {
-  include openstack_cron
+  include remove_openstack_cron
  class { 'openstack_server':
    iptables_public_tcp_ports => [80, 443, 29418]
  }
@ -273,7 +273,7 @@ node "review.openstack.org" {
 }

 node "gerrit-dev.openstack.org", "review-dev.openstack.org" {
-  include openstack_cron
+  include remove_openstack_cron
  class { 'openstack_server':
    iptables_public_tcp_ports => [80, 443, 29418]
  }
@ -300,7 +300,7 @@ node "gerrit-dev.openstack.org", "review-dev.openstack.org" {
 }

 node "jenkins.openstack.org" {
-  include openstack_cron
+  include remove_openstack_cron
  class { 'openstack_server':
    iptables_public_tcp_ports => [80, 443, 4155]
  }
@ -369,7 +369,7 @@ node "jenkins.openstack.org" {
 }

 node "jenkins-dev.openstack.org" {
-  include openstack_cron
+  include remove_openstack_cron
  class { 'openstack_server':
    iptables_public_tcp_ports => [80, 443, 4155]
  } 
@ -387,7 +387,7 @@ node "jenkins-dev.openstack.org" {
 }

 node "community.openstack.org" {
-  include openstack_cron
+  include remove_openstack_cron
  class { 'openstack_server':
    iptables_public_tcp_ports => [80, 443, 8099, 8080]
  }
@ -411,7 +411,7 @@ node "ci-puppetmaster.openstack.org" {
 }

 node "lists.openstack.org" {
-  include openstack_cron
+  include remove_openstack_cron

  # Using openstack_template instead of openstack_server
  # because the exim config on this machine is almost certainly
@ -439,7 +439,7 @@ node "lists.openstack.org" {
 }

 node "docs.openstack.org" {
-  include openstack_cron
+  include remove_openstack_cron
  class { 'openstack_server':
    iptables_public_tcp_ports => []
  }
@ -494,7 +494,7 @@ node "eavesdrop.openstack.org" {
 }

 node "pypi.openstack.org" {
-  include openstack_cron
+  include remove_openstack_cron

  # include jenkins slave so that build deps are there for the pip download
  class { 'jenkins_slave':
@ -529,7 +529,7 @@ node "pypi.openstack.org" {
 }

 node 'etherpad.openstack.org' {
-  include openstack_cron
+  include remove_openstack_cron
  class { 'openstack_server':
    iptables_public_tcp_ports => [22, 80, 443]
  }
@ -546,7 +546,7 @@ node 'etherpad.openstack.org' {
 }

 node 'wiki.openstack.org' {
-  include openstack_cron
+  include remove_openstack_cron
  class { 'openstack_server':
    iptables_public_tcp_ports => [80, 443]
  }