Turn off cron and document hiera.
Change-Id: I7a2db915d8849894a6b218980df6371378f0c77a
This commit is contained in:
parent
35f209edff
commit
6e27eede4a
@ -23,7 +23,6 @@ Howtos:
|
|||||||
:maxdepth: 2
|
:maxdepth: 2
|
||||||
|
|
||||||
third_party
|
third_party
|
||||||
stackforge
|
|
||||||
|
|
||||||
Contents:
|
Contents:
|
||||||
|
|
||||||
|
@ -4,9 +4,10 @@ Puppet Master
|
|||||||
Overview
|
Overview
|
||||||
--------
|
--------
|
||||||
|
|
||||||
Instead of using a cron job, StackForge uses a puppet master to host the puppet
|
Puppet agent is a mechanism use to pull puppet manifests and configuration
|
||||||
manifests and modules. The other nodes then connect to this as puppet agents
|
from a centralized master. This means there is only one place that needs to
|
||||||
to get their configuration.
|
hold secure information such as passwords, and only one location for the git
|
||||||
|
repo holding the modules.
|
||||||
|
|
||||||
Puppet Master
|
Puppet Master
|
||||||
-------------
|
-------------
|
||||||
@ -19,12 +20,12 @@ ship the data to the clients. To install this:
|
|||||||
sudo apt-get install puppet puppetmaster-passenger
|
sudo apt-get install puppet puppetmaster-passenger
|
||||||
|
|
||||||
Files for puppet master are stored in a git repo clone at
|
Files for puppet master are stored in a git repo clone at
|
||||||
``/opt/openstack-ci-puppet``. In StackForge we have a ``root`` cron job that
|
``/opt/openstack-ci-puppet``. We have a ``root`` cron job that
|
||||||
automatically populates these from our puppet git repository as follows:
|
automatically populates these from our puppet git repository as follows:
|
||||||
|
|
||||||
.. code-block:: bash
|
.. code-block:: bash
|
||||||
|
|
||||||
*/15 * * * * sleep $((RANDOM\%600)) && cd /opt/openstack-ci-puppet && /usr/bin/git pull -q
|
\*/15 * * * * sleep $((RANDOM\%600)) && cd /opt/openstack-ci-puppet && /usr/bin/git pull -q
|
||||||
|
|
||||||
The ``/etc/puppet/puppet.conf`` file then needs updating to point to the
|
The ``/etc/puppet/puppet.conf`` file then needs updating to point to the
|
||||||
manifest and modules as follows:
|
manifest and modules as follows:
|
||||||
@ -38,13 +39,49 @@ manifest and modules as follows:
|
|||||||
ssl_client_verify_header = SSL_CLIENT_VERIFY
|
ssl_client_verify_header = SSL_CLIENT_VERIFY
|
||||||
manifestdir=/opt/openstack-ci-puppet/manifests
|
manifestdir=/opt/openstack-ci-puppet/manifests
|
||||||
modulepath=/opt/openstack-ci-puppet/modules
|
modulepath=/opt/openstack-ci-puppet/modules
|
||||||
manifest=$manifestdir/stackforge.pp
|
manifest=$manifestdir/site.pp
|
||||||
|
|
||||||
|
Hiera
|
||||||
|
-----
|
||||||
|
|
||||||
|
Hiera is used to maintain secret information on the puppetmaster.
|
||||||
|
|
||||||
|
We want to install hiera from puppetlabs' apt repo, but we don't want to get
|
||||||
|
on the puppet upgrade train - so the process is as follows:
|
||||||
|
|
||||||
|
.. code-block:: bash
|
||||||
|
|
||||||
|
echo "deb http://apt.puppetlabs.com precise devel" > /etc/apt/sources.list.d/puppetlabs.list
|
||||||
|
apt-get update
|
||||||
|
apt-get install hiera hiera-puppet
|
||||||
|
rm /etc/apt/sources.list.d/puppetlabs.list
|
||||||
|
apt-get update
|
||||||
|
|
||||||
|
Hiera uses a systemwide configuration file in ``/etc/puppet/hiera.yaml``
|
||||||
|
which tells is where to find subsequent configuration files.
|
||||||
|
|
||||||
|
.. code-block:: yaml
|
||||||
|
|
||||||
|
---
|
||||||
|
:hierarchy:
|
||||||
|
- %{operatingsystem}
|
||||||
|
- common
|
||||||
|
:backends:
|
||||||
|
- yaml
|
||||||
|
:yaml:
|
||||||
|
:datadir: '/etc/puppet/hieradata/%{environment}'
|
||||||
|
|
||||||
|
This setup supports multiple configuration. The two sets of environments
|
||||||
|
that OpenStack CI users are ``production`` and ``development``. ``production``
|
||||||
|
is the default is and the environment used when nothing else is specified.
|
||||||
|
Then the configuration needs to be placed into common.yaml in
|
||||||
|
``/etc/puppet/hieradata/production`` and ``/etc/puppet/hieradata/development``.
|
||||||
|
The values are simple key-value pairs in yaml format.
|
||||||
|
|
||||||
Adding a node
|
Adding a node
|
||||||
-------------
|
-------------
|
||||||
|
|
||||||
On the new server connecting to the puppet master:
|
On the new server connecting (for example, review.openstack.org) to the puppet master:
|
||||||
|
|
||||||
.. code-block:: bash
|
.. code-block:: bash
|
||||||
|
|
||||||
@ -63,8 +100,8 @@ of the puppet master with the following additions to ``/etc/puppet/puppet.conf``
|
|||||||
.. code-block:: ini
|
.. code-block:: ini
|
||||||
|
|
||||||
[main]
|
[main]
|
||||||
server=puppet.stackforge.org
|
server=ci-puppetmaster.openstack.org
|
||||||
certname=review.stackforge.org
|
certname=review.openstack.org
|
||||||
|
|
||||||
The cert signing process needs to be started with:
|
The cert signing process needs to be started with:
|
||||||
|
|
||||||
@ -81,13 +118,13 @@ On the puppet master:
|
|||||||
|
|
||||||
You should get a list of entries similar to the one below::
|
You should get a list of entries similar to the one below::
|
||||||
|
|
||||||
review.stackforge.org (44:18:BB:DF:08:50:62:70:17:07:82:1F:D5:70:0E:BF)
|
review.openstack.org (44:18:BB:DF:08:50:62:70:17:07:82:1F:D5:70:0E:BF)
|
||||||
|
|
||||||
If you see the new node there you can sign its cert on the puppet master with:
|
If you see the new node there you can sign its cert on the puppet master with:
|
||||||
|
|
||||||
.. code-block:: bash
|
.. code-block:: bash
|
||||||
|
|
||||||
sudo puppet cert sign review.stackforge.org
|
sudo puppet cert sign review.openstack.org
|
||||||
|
|
||||||
Finally on the puppet agent you need to start the agent daemon:
|
Finally on the puppet agent you need to start the agent daemon:
|
||||||
|
|
||||||
|
@ -179,16 +179,16 @@ manifest:
|
|||||||
.. code-block:: ruby
|
.. code-block:: ruby
|
||||||
|
|
||||||
class { 'gerrit':
|
class { 'gerrit':
|
||||||
canonicalweburl => "https://review.stackforge.org/",
|
canonicalweburl => "https://review.openstack.org/",
|
||||||
email => "review@stackforge.org",
|
email => "review@openstack.org",
|
||||||
github_projects => [ {
|
github_projects => [
|
||||||
name => 'stackforge/MRaaS',
|
'openstack/nova',
|
||||||
close_pull => 'true'
|
'stackforge/MRaaS',
|
||||||
} ],
|
],
|
||||||
logo => 'stackforge.png'
|
logo => 'openstack.png'
|
||||||
}
|
}
|
||||||
|
|
||||||
Most of these options are self-explanitory. The github_projects is a list of
|
Most of these options are self-explanitory. The ``github_projects`` is a list of
|
||||||
all projects in GitHub which are managed by the gerrit server.
|
all projects in GitHub which are managed by the gerrit server.
|
||||||
|
|
||||||
Skinning
|
Skinning
|
||||||
|
@ -1,41 +0,0 @@
|
|||||||
HOWTO: Add a Project to StackForge
|
|
||||||
==================================
|
|
||||||
|
|
||||||
Overview
|
|
||||||
--------
|
|
||||||
|
|
||||||
StackForge is a Gerrit review and Jenkins CI setup similar to that of the main
|
|
||||||
OpenStack project but for use with projects that are not under the main
|
|
||||||
OpenStack umbrella.
|
|
||||||
|
|
||||||
Any project can be added to StackForge as long as it is related to OpenStack in
|
|
||||||
some way.
|
|
||||||
|
|
||||||
Launchpad
|
|
||||||
---------
|
|
||||||
|
|
||||||
All the developers of the project need to sign up to Launchpad and a team is
|
|
||||||
needed for the core project reviewers to join. This team also needs to be
|
|
||||||
a sub-team of the `OpenStack team <https://launchpad.net/~openstack>`_ so that
|
|
||||||
Gerrit will be able to see it.
|
|
||||||
|
|
||||||
GitHub
|
|
||||||
------
|
|
||||||
|
|
||||||
If you already have a branch on GitHub for the project this will need moving to
|
|
||||||
the StackForge GitHub organization. Otherwise a new branch will need creating
|
|
||||||
for you. The OpenStack Core Infrastructure team can assist in this.
|
|
||||||
|
|
||||||
Jenkins and Gerrit
|
|
||||||
------------------
|
|
||||||
|
|
||||||
Until the setup is more automated the OpenStack Core Infrastructure team will
|
|
||||||
need to do the Jenkins and Gerrit portion of the setup too. If you project is
|
|
||||||
Python based we have a `Project Testing Interface <http://wiki.openstack.org/ProjectTestingInterface>`_ that we prefer you use. Otherwise please let the CI
|
|
||||||
team know the testing requirements for Jenkins.
|
|
||||||
|
|
||||||
Contacting the CI Team
|
|
||||||
----------------------
|
|
||||||
|
|
||||||
The best way to get the CI team to help with the above steps is to `file a CI bug <https://bugs.launchpad.net/openstack-ci>`_. We are also available on the
|
|
||||||
#openstack-infra IRC channel or to the `CI Admins email address <mailto:openstack-ci-admins@lists.launchpad.net>`_.
|
|
@ -117,7 +117,7 @@ node default {
|
|||||||
# thus, set it to 5000minutes until the bug is fixed.
|
# thus, set it to 5000minutes until the bug is fixed.
|
||||||
|
|
||||||
node "review.openstack.org" {
|
node "review.openstack.org" {
|
||||||
include openstack_cron
|
include remove_openstack_cron
|
||||||
class { 'openstack_server':
|
class { 'openstack_server':
|
||||||
iptables_public_tcp_ports => [80, 443, 29418]
|
iptables_public_tcp_ports => [80, 443, 29418]
|
||||||
}
|
}
|
||||||
@ -273,7 +273,7 @@ node "review.openstack.org" {
|
|||||||
}
|
}
|
||||||
|
|
||||||
node "gerrit-dev.openstack.org", "review-dev.openstack.org" {
|
node "gerrit-dev.openstack.org", "review-dev.openstack.org" {
|
||||||
include openstack_cron
|
include remove_openstack_cron
|
||||||
class { 'openstack_server':
|
class { 'openstack_server':
|
||||||
iptables_public_tcp_ports => [80, 443, 29418]
|
iptables_public_tcp_ports => [80, 443, 29418]
|
||||||
}
|
}
|
||||||
@ -300,7 +300,7 @@ node "gerrit-dev.openstack.org", "review-dev.openstack.org" {
|
|||||||
}
|
}
|
||||||
|
|
||||||
node "jenkins.openstack.org" {
|
node "jenkins.openstack.org" {
|
||||||
include openstack_cron
|
include remove_openstack_cron
|
||||||
class { 'openstack_server':
|
class { 'openstack_server':
|
||||||
iptables_public_tcp_ports => [80, 443, 4155]
|
iptables_public_tcp_ports => [80, 443, 4155]
|
||||||
}
|
}
|
||||||
@ -369,7 +369,7 @@ node "jenkins.openstack.org" {
|
|||||||
}
|
}
|
||||||
|
|
||||||
node "jenkins-dev.openstack.org" {
|
node "jenkins-dev.openstack.org" {
|
||||||
include openstack_cron
|
include remove_openstack_cron
|
||||||
class { 'openstack_server':
|
class { 'openstack_server':
|
||||||
iptables_public_tcp_ports => [80, 443, 4155]
|
iptables_public_tcp_ports => [80, 443, 4155]
|
||||||
}
|
}
|
||||||
@ -387,7 +387,7 @@ node "jenkins-dev.openstack.org" {
|
|||||||
}
|
}
|
||||||
|
|
||||||
node "community.openstack.org" {
|
node "community.openstack.org" {
|
||||||
include openstack_cron
|
include remove_openstack_cron
|
||||||
class { 'openstack_server':
|
class { 'openstack_server':
|
||||||
iptables_public_tcp_ports => [80, 443, 8099, 8080]
|
iptables_public_tcp_ports => [80, 443, 8099, 8080]
|
||||||
}
|
}
|
||||||
@ -411,7 +411,7 @@ node "ci-puppetmaster.openstack.org" {
|
|||||||
}
|
}
|
||||||
|
|
||||||
node "lists.openstack.org" {
|
node "lists.openstack.org" {
|
||||||
include openstack_cron
|
include remove_openstack_cron
|
||||||
|
|
||||||
# Using openstack_template instead of openstack_server
|
# Using openstack_template instead of openstack_server
|
||||||
# because the exim config on this machine is almost certainly
|
# because the exim config on this machine is almost certainly
|
||||||
@ -439,7 +439,7 @@ node "lists.openstack.org" {
|
|||||||
}
|
}
|
||||||
|
|
||||||
node "docs.openstack.org" {
|
node "docs.openstack.org" {
|
||||||
include openstack_cron
|
include remove_openstack_cron
|
||||||
class { 'openstack_server':
|
class { 'openstack_server':
|
||||||
iptables_public_tcp_ports => []
|
iptables_public_tcp_ports => []
|
||||||
}
|
}
|
||||||
@ -494,7 +494,7 @@ node "eavesdrop.openstack.org" {
|
|||||||
}
|
}
|
||||||
|
|
||||||
node "pypi.openstack.org" {
|
node "pypi.openstack.org" {
|
||||||
include openstack_cron
|
include remove_openstack_cron
|
||||||
|
|
||||||
# include jenkins slave so that build deps are there for the pip download
|
# include jenkins slave so that build deps are there for the pip download
|
||||||
class { 'jenkins_slave':
|
class { 'jenkins_slave':
|
||||||
@ -529,7 +529,7 @@ node "pypi.openstack.org" {
|
|||||||
}
|
}
|
||||||
|
|
||||||
node 'etherpad.openstack.org' {
|
node 'etherpad.openstack.org' {
|
||||||
include openstack_cron
|
include remove_openstack_cron
|
||||||
class { 'openstack_server':
|
class { 'openstack_server':
|
||||||
iptables_public_tcp_ports => [22, 80, 443]
|
iptables_public_tcp_ports => [22, 80, 443]
|
||||||
}
|
}
|
||||||
@ -546,7 +546,7 @@ node 'etherpad.openstack.org' {
|
|||||||
}
|
}
|
||||||
|
|
||||||
node 'wiki.openstack.org' {
|
node 'wiki.openstack.org' {
|
||||||
include openstack_cron
|
include remove_openstack_cron
|
||||||
class { 'openstack_server':
|
class { 'openstack_server':
|
||||||
iptables_public_tcp_ports => [80, 443]
|
iptables_public_tcp_ports => [80, 443]
|
||||||
}
|
}
|
||||||
|
Loading…
x
Reference in New Issue
Block a user