Add shade and openstack inventory to system

We're not ready to move from puppet inventory to openstack inventory
just yet, so don't actually swap the dynamic inventory plugin. But, add
it to the system so that running manual tests of all of the pieces is
possible.

Add the currently administratively disabled hosts to the disabled group
so that we can verify this works.

Change-Id: I73931332b2917b71a008f9213365f7594f69c41e
This commit is contained in:
Monty Taylor 2015-11-25 11:31:23 -05:00
parent d7453b1d64
commit 7cee605a77
9 changed files with 77 additions and 47 deletions

View File

@ -142,22 +142,7 @@ Disabling Puppet on Nodes
------------------------- -------------------------
In the case of needing to disable the running of puppet on a node, it's a In the case of needing to disable the running of puppet on a node, it's a
simple matter of disabling the agent: simple matter of adding an entry to the ansible inventory "disabled" group.
.. code-block:: bash
sudo puppet agent --disable
This will prevent any subsequent runs of the agent, including ones triggered
globally by the run_all script. If, as an admin, you need to run puppet on
a node where it has been disabled, you need to specify an alternate disable
lock file which will allow your local run of puppet without allowing the
globally orchestrated runs to occur:
.. code-block:: bash
sudo puppet agent --test --agent_disabled_lockfile=/tmp/alt-lock-file
Important Notes Important Notes
--------------- ---------------

View File

@ -285,14 +285,31 @@ Disable/Enable Puppet
You should normally not make manual changes to servers, but instead, You should normally not make manual changes to servers, but instead,
make changes through puppet. However, under some circumstances, you make changes through puppet. However, under some circumstances, you
may need to temporarily make a manual change to a puppet-managed may need to temporarily make a manual change to a puppet-managed
resource on a server. In that case, run the following command on that resource on a server.
server to disable puppet::
sudo puppet agent --disable In the case of needing to disable the running of puppet on a node, it's a
simple matter of adding an entry to the ansible inventory "disabled" group.
There are two inventory files available for this, `/etc/ansible/hosts/static`
and `/etc/ansible/hosts/emergency`. `/etc/ansible/hosts/static` is intended
to be managed via git from the system-config repo in
`modules/openstack_project/files/puppetmaster/static-inventory`.
`/etc/ansible/hosts/emergency` is a file that should normally be empty, but
the contents are not managed by puppet. It's purpose is to allow for disabling
puppet at times when landing a change to the puppet repo would be either
unreasonable or impossible.
When you are ready for puppet to run again, use:: There are two sections in each file, `disabled` and `disabled:children`. Due
to te multi-cloud nature of the ansible inventory, a hostname cannot be counted
on to be unique, so each cloud instance is listed in the inventory by its
UUID with a group created for its hostname. If you want to disable a cloud
instance by name, you need to put its name in `disabled:children`. If you want
to refer to a single instance by UUID, or if there are statically defined
hosts that need to be disabled, you should put those in `disabled`.
sudo puppet agent --enable Disabling puppet via ansible inventory does not disable puppet from being
run directly on the host, it merely prevents the puppetmaster from causing
puppet to be run. If you choose to run puppet manually on a host, take care
to ensure that it has not been disabled at the puppetmaster level first.
.. _cinder: .. _cinder:

View File

@ -0,0 +1,11 @@
[disabled]
ci-backup-rs-ord.openstack.org
jenkins-dev.openstack.org
hound.openstack.org
pypi.bhs1.openstack.org
pypi.region-b.geo-1.openstack.org
pypi.sjc1.openstack.org
review-dev.openstack.org
subunit-worker01.openstack.org
[disabled:children]

View File

@ -11,7 +11,9 @@ class openstack_project::puppetmaster (
include logrotate include logrotate
include openstack_project::params include openstack_project::params
include ansible class { '::ansible':
ansible_hostfile => '/etc/ansible/hosts',
}
file { '/etc/ansible/hostfile': file { '/etc/ansible/hostfile':
ensure => present, ensure => present,
@ -119,19 +121,19 @@ class openstack_project::puppetmaster (
} }
# For launch/launch-node.py. # For launch/launch-node.py.
package { ['python-cinderclient', 'python-novaclient']: package { 'shade':
ensure => latest, ensure => latest,
provider => pip, provider => pip,
require => [Package['python-lxml'], Package['libxslt1-dev']],
} }
package { 'python-paramiko': package { 'python-paramiko':
ensure => present, ensure => present,
} }
# No longer needed with latest client libs
package { 'python-lxml': package { 'python-lxml':
ensure => present, ensure => absent,
} }
package { 'libxslt1-dev': package { 'libxslt1-dev':
ensure => present, ensure => absent,
} }
# Enable puppetdb # Enable puppetdb
@ -170,25 +172,37 @@ class openstack_project::puppetmaster (
require => Cron['restartjenkinsmasters'], require => Cron['restartjenkinsmasters'],
} }
# Playbooks vcsrepo { '/opt/ansible':
# ensure => latest,
file { '/etc/ansible/playbooks': provider => git,
ensure => absent, revision => 'stable-2.0',
source => 'https://github.com/ansible/ansible',
} }
file { '/etc/ansible/remote_puppet.yaml': file { '/etc/ansible/hosts':
ensure => absent, ensure => directory,
} }
file { '/etc/ansible/remote_puppet_afs.yaml':
ensure => absent, file { '/etc/ansible/hosts/puppet':
owner => 'root',
group => 'root',
mode => '0755',
subscribe => Class['::ansible'],
source => '/usr/local/bin/puppet.py',
replace => true,
} }
file { '/etc/ansible/remote_puppet_else.yaml':
ensure => absent, file { '/etc/ansible/hosts/static':
owner => 'root',
group => 'root',
mode => '0444',
source => 'puppet:///modules/openstack_project/puppetmaster/static-inventory',
} }
file { '/etc/ansible/remote_puppet_git.yaml':
ensure => absent, file { '/etc/ansible/hosts/emergency':
} ensure => present,
file { '/etc/ansible/clean_workspaces.yaml': owner => 'root',
ensure => absent, group => 'root',
mode => '0444',
} }
} }

View File

@ -1,3 +1,6 @@
cache:
expiration_time: 86400
path: /var/cache/ansible-inventory.json
clouds: clouds:
openstackci2-hpcloud: openstackci2-hpcloud:
profile: hp profile: hp

View File

@ -1,5 +1,5 @@
--- ---
- hosts: "afs*" - hosts: "afs*:!disabled"
gather_facts: true gather_facts: true
roles: roles:
- role: puppet - role: puppet

View File

@ -1,4 +1,4 @@
- hosts: '!review.openstack.org:!git0*:!afs*:!puppetmaster*' - hosts: '!review.openstack.org:!git0*:!afs*:!puppetmaster*!disabled'
gather_facts: true gather_facts: true
roles: roles:
- role: puppet - role: puppet

View File

@ -1,5 +1,5 @@
--- ---
- hosts: localhost - hosts: "localhost:!disabled"
gather_facts: true gather_facts: true
connection: local connection: local
tasks: tasks:
@ -10,14 +10,14 @@
roles: roles:
- role: puppet - role: puppet
copy_hieradata: False copy_hieradata: False
- hosts: git0* - hosts: "git0*:!disabled"
gather_facts: true gather_facts: true
max_fail_percentage: 1 max_fail_percentage: 1
roles: roles:
- role: puppet - role: puppet
facts: facts:
project_config_ref: "{{ hostvars.localhost.gitinfo.after }}" project_config_ref: "{{ hostvars.localhost.gitinfo.after }}"
- hosts: review.openstack.org - hosts: "review.openstack.org:!disabled"
gather_facts: true gather_facts: true
roles: roles:
- role: puppet - role: puppet

View File

@ -1,5 +1,5 @@
--- ---
- hosts: '!puppetmaster.openstack.org' - hosts: '!puppetmaster.openstack.org:!disabled'
gather_facts: false gather_facts: false
tasks: tasks:
- synchronize: - synchronize: