Browse Source

Remove base.yaml things from openstack_project::server

Now that we've got base server stuff rewritten in ansible, remove the
old puppet versions.

Depends-On: https://review.openstack.org/588326
Change-Id: I5c82fe6fd25b9ddaa77747db377ffa7e8bf23c7b
changes/36/585836/27
Monty Taylor 3 years ago
parent
commit
bab6fcad3c
No known key found for this signature in database GPG Key ID: 7BAE94BC7141A594
  1. 9
      doc/source/sysadmin.rst
  2. 73
      manifests/site.pp
  3. 1
      modules/openstack_project/files/80retry
  4. 1
      modules/openstack_project/files/90no-translations
  5. 1
      modules/openstack_project/files/bash-history.sh
  6. 6
      modules/openstack_project/files/centos7-puppetlabs.repo
  7. 4
      modules/openstack_project/files/debian_limits.conf
  8. 69
      modules/openstack_project/files/rsyslog.d_50-default.conf
  9. 13
      modules/openstack_project/files/sources.list.trusty.amd64
  10. 35
      modules/openstack_project/files/sources.list.xenial.aarch64
  11. 13
      modules/openstack_project/files/sources.list.xenial.amd64
  12. 81
      modules/openstack_project/files/yum/yum-cron.conf
  13. 4
      modules/openstack_project/manifests/ask.pp
  14. 4
      modules/openstack_project/manifests/ask_staging.pp
  15. 2
      modules/openstack_project/manifests/cacti.pp
  16. 31
      modules/openstack_project/manifests/firehose.pp
  17. 9
      modules/openstack_project/manifests/git.pp
  18. 4
      modules/openstack_project/manifests/groups.pp
  19. 4
      modules/openstack_project/manifests/groups_dev.pp
  20. 4
      modules/openstack_project/manifests/infracloud/baremetal.pp
  21. 5
      modules/openstack_project/manifests/infracloud/controller.pp
  22. 17
      modules/openstack_project/manifests/kata_lists.pp
  23. 100
      modules/openstack_project/manifests/lists.pp
  24. 2
      modules/openstack_project/manifests/mirror_update.pp
  25. 7
      modules/openstack_project/manifests/openstackid_dev.pp
  26. 7
      modules/openstack_project/manifests/openstackid_prod.pp
  27. 39
      modules/openstack_project/manifests/params.pp
  28. 3
      modules/openstack_project/manifests/pbx.pp
  29. 2
      modules/openstack_project/manifests/planet.pp
  30. 4
      modules/openstack_project/manifests/review_dev.pp
  31. 278
      modules/openstack_project/manifests/server.pp
  32. 39
      modules/openstack_project/manifests/storyboard.pp
  33. 9
      modules/openstack_project/manifests/storyboard/dev.pp
  34. 6
      modules/openstack_project/manifests/summit.pp
  35. 2
      modules/openstack_project/manifests/translate_dev.pp
  36. 280
      modules/openstack_project/manifests/users.pp
  37. 66
      modules/openstack_project/manifests/users_install.pp
  38. 8
      modules/openstack_project/manifests/wiki.pp
  39. 8
      modules/openstack_project/spec/acceptance/basic_spec.rb
  40. 4
      playbooks/base.yaml
  41. 12
      playbooks/group_vars/all.yaml
  42. 2
      playbooks/group_vars/ask.yaml
  43. 2
      playbooks/group_vars/groups.yaml
  44. 2
      playbooks/group_vars/review-dev.yaml
  45. 2
      playbooks/group_vars/review.yaml
  46. 4
      playbooks/group_vars/storyboard-dev.yaml
  47. 3
      playbooks/group_vars/wiki.yaml
  48. 2
      playbooks/host_vars/lists.katacontainers.io.yaml
  49. 3
      playbooks/host_vars/openstackid-dev.openstack.org.yaml
  50. 3
      playbooks/host_vars/openstackid.org.yaml
  51. 0
      playbooks/roles/disable-puppet-agent/files/puppet.default
  52. 5
      playbooks/roles/disable-puppet-agent/tasks/Debian.yaml
  53. 10
      playbooks/roles/disable-puppet-agent/tasks/main.yaml
  54. 3
      playbooks/roles/install-ansible/files/groups.yaml
  55. 1
      run_all.sh

9
doc/source/sysadmin.rst

@ -131,13 +131,12 @@ To create a new server, do the following:
to manually add the private information to hiera.
* You should be able to install and configure most software only with
puppet. Nonetheless, if you need SSH access to the host, add your
public key to :cgit_file:`modules/openstack_project/manifests/users.pp` and
ansible or puppet. Nonetheless, if you need SSH access to the host,
add your public key to :cgit_file:`playbooks/group_vars/all.yaml` and
include a stanza like this in your server class::
realize (
User::Virtual::Localuser['USERNAME'],
)
extra_users:
- your_user_name
* Add an RST file with documentation about the server in :cgit_file:`doc/source`
and add it to the index in that directory.

73
manifests/site.pp

@ -12,7 +12,6 @@ $elasticsearch_nodes = hiera_array('elasticsearch_nodes')
#
node default {
class { 'openstack_project::server':
sysadmins => hiera('sysadmins', []),
}
}
@ -27,8 +26,6 @@ node 'review.openstack.org' {
iptables_public_tcp_ports => [80, 443, 29418],
iptables_rules6 => $iptables_rules,
iptables_rules4 => $iptables_rules,
sysadmins => hiera('sysadmins', []),
extra_aliases => { 'gerrit2' => 'root' },
}
class { 'openstack_project::review':
@ -75,8 +72,6 @@ node 'review01.openstack.org' {
iptables_public_tcp_ports => [80, 443, 29418],
iptables_rules6 => $iptables_rules,
iptables_rules4 => $iptables_rules,
sysadmins => hiera('sysadmins', []),
extra_aliases => { 'gerrit2' => 'root' },
}
class { 'openstack_project::review':
@ -123,8 +118,6 @@ node /^review-dev\d*\.openstack\.org$/ {
iptables_public_tcp_ports => [80, 443, 29418],
iptables_rules6 => $iptables_rules,
iptables_rules4 => $iptables_rules,
sysadmins => hiera('sysadmins', []),
extra_aliases => { 'gerrit2' => 'root' },
afs => true,
}
@ -157,7 +150,6 @@ node /^grafana\d*\.openstack\.org$/ {
$group = "grafana"
class { 'openstack_project::server':
iptables_public_tcp_ports => [80],
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::grafana':
admin_password => hiera('grafana_admin_password'),
@ -176,7 +168,6 @@ node /^grafana\d*\.openstack\.org$/ {
node /^health\d*\.openstack\.org$/ {
class { 'openstack_project::server':
iptables_public_tcp_ports => [80, 443],
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::openstack_health_api':
subunit2sql_db_host => hiera('subunit2sql_db_host', 'localhost'),
@ -188,7 +179,6 @@ node /^cacti\d+\.openstack\.org$/ {
$group = "cacti"
include openstack_project::ssl_cert_check
class { 'openstack_project::cacti':
sysadmins => hiera('sysadmins', []),
cacti_hosts => hiera_array('cacti_hosts'),
vhost_name => 'cacti.openstack.org',
}
@ -198,7 +188,6 @@ node /^cacti\d+\.openstack\.org$/ {
node 'puppetmaster.openstack.org' {
class { 'openstack_project::server':
iptables_public_tcp_ports => [8140],
sysadmins => hiera('sysadmins', []),
pin_puppet => '3.6.',
}
class { 'openstack_project::puppetmaster':
@ -254,7 +243,6 @@ node /^graphite\d*\.openstack\.org$/ {
{protocol => 'udp', port => '8125', hostname => 'ze10.openstack.org'},
{protocol => 'udp', port => '8125', hostname => 'ze11.openstack.org'},
],
sysadmins => hiera('sysadmins', [])
}
class { '::graphite':
@ -269,7 +257,6 @@ node /^graphite\d*\.openstack\.org$/ {
node /^groups\d*\.openstack\.org$/ {
class { 'openstack_project::server':
iptables_public_tcp_ports => [22, 80, 443],
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::groups':
site_admin_password => hiera('groups_site_admin_password'),
@ -287,7 +274,6 @@ node /^groups\d*\.openstack\.org$/ {
node /^groups-dev\d*\.openstack\.org$/ {
class { 'openstack_project::server':
iptables_public_tcp_ports => [22, 80, 443],
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::groups_dev':
site_admin_password => hiera('groups_dev_site_admin_password'),
@ -306,12 +292,9 @@ node /^groups-dev\d*\.openstack\.org$/ {
node /^lists\d*\.openstack\.org$/ {
class { 'openstack_project::server':
iptables_public_tcp_ports => [25, 80, 465],
manage_exim => false,
purge_apt_sources => false,
}
class { 'openstack_project::lists':
listadmins => hiera('listadmins', []),
listpassword => hiera('listpassword'),
}
}
@ -320,12 +303,9 @@ node /^lists\d*\.openstack\.org$/ {
node /^lists\d*\.katacontainers\.io$/ {
class { 'openstack_project::server':
iptables_public_tcp_ports => [25, 80, 465],
manage_exim => false,
purge_apt_sources => false,
}
class { 'openstack_project::kata_lists':
listadmins => hiera('listadmins', []),
listpassword => hiera('listpassword'),
}
}
@ -336,7 +316,6 @@ node /^paste\d*\.openstack\.org$/ {
class { 'openstack_project::server':
iptables_public_tcp_ports => [80],
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::paste':
db_password => hiera('paste_db_password'),
@ -348,7 +327,6 @@ node /^paste\d*\.openstack\.org$/ {
# Node-OS: xenial
node /planet\d*\.openstack\.org$/ {
class { 'openstack_project::planet':
sysadmins => hiera('sysadmins', []),
}
}
@ -357,7 +335,6 @@ node /^eavesdrop\d*\.openstack\.org$/ {
$group = "eavesdrop"
class { 'openstack_project::server':
iptables_public_tcp_ports => [80],
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::eavesdrop':
@ -397,7 +374,6 @@ node /^ethercalc\d+\.openstack\.org$/ {
$group = "ethercalc"
class { 'openstack_project::server':
iptables_public_tcp_ports => [22, 80, 443],
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::ethercalc':
@ -413,7 +389,6 @@ node /^ethercalc\d+\.openstack\.org$/ {
node /^etherpad\d*\.openstack\.org$/ {
class { 'openstack_project::server':
iptables_public_tcp_ports => [22, 80, 443],
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::etherpad':
@ -431,7 +406,6 @@ node /^etherpad\d*\.openstack\.org$/ {
node /^etherpad-dev\d*\.openstack\.org$/ {
class { 'openstack_project::server':
iptables_public_tcp_ports => [22, 80, 443],
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::etherpad_dev':
@ -445,7 +419,6 @@ node /^etherpad-dev\d*\.openstack\.org$/ {
node /^wiki\d+\.openstack\.org$/ {
$group = "wiki"
class { 'openstack_project::wiki':
sysadmins => hiera('sysadmins', []),
bup_user => 'bup-wiki',
serveradmin => hiera('infra_apache_serveradmin'),
site_hostname => 'wiki.openstack.org',
@ -468,7 +441,6 @@ node /^wiki\d+\.openstack\.org$/ {
node /^wiki-dev\d+\.openstack\.org$/ {
$group = "wiki-dev"
class { 'openstack_project::wiki':
sysadmins => hiera('sysadmins', []),
serveradmin => hiera('infra_apache_serveradmin'),
site_hostname => 'wiki-dev.openstack.org',
wg_dbserver => hiera('wg_dbserver'),
@ -489,7 +461,6 @@ node /^logstash\d*\.openstack\.org$/ {
class { 'openstack_project::server':
iptables_public_tcp_ports => [22, 80, 3306],
iptables_allowed_hosts => hiera_array('logstash_iptables_rule_data'),
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::logstash':
@ -512,7 +483,6 @@ node /^logstash-worker\d+\.openstack\.org$/ {
class { 'openstack_project::server':
iptables_public_tcp_ports => [22],
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::logstash_worker':
@ -528,7 +498,6 @@ node /^subunit-worker\d+\.openstack\.org$/ {
$group = "subunit-worker"
class { 'openstack_project::server':
iptables_public_tcp_ports => [22],
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::subunit_worker':
subunit2sql_db_host => hiera('subunit2sql_db_host', ''),
@ -544,7 +513,6 @@ node /^elasticsearch0[1-7]\.openstack\.org$/ {
class { 'openstack_project::server':
iptables_public_tcp_ports => [22],
iptables_allowed_hosts => hiera_array('elasticsearch_iptables_rule_data'),
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::elasticsearch_node':
discover_nodes => $elasticsearch_nodes,
@ -558,11 +526,8 @@ node /^firehose\d+\.openstack\.org$/ {
# connections seem to crash mosquitto. Once this is fixed we should add
# them back
iptables_public_tcp_ports => [22, 25, 80, 1883, 8883, 443],
sysadmins => hiera('sysadmins', []),
manage_exim => false,
}
class { 'openstack_project::firehose':
sysadmins => hiera('sysadmins', []),
gerrit_ssh_host_key => hiera('gerrit_ssh_rsa_pubkey_contents'),
gerrit_public_key => hiera('germqtt_gerrit_ssh_public_key'),
gerrit_private_key => hiera('germqtt_gerrit_ssh_private_key'),
@ -582,7 +547,6 @@ node /^firehose\d+\.openstack\.org$/ {
node /^git(-fe\d+)?\.openstack\.org$/ {
$group = "git-loadbalancer"
class { 'openstack_project::git':
sysadmins => hiera('sysadmins', []),
balancer_member_names => [
'git01.openstack.org',
'git02.openstack.org',
@ -614,7 +578,6 @@ node /^git\d+\.openstack\.org$/ {
include openstack_project
class { 'openstack_project::server':
iptables_public_tcp_ports => [4443, 8080, 29418],
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::git_backend':
@ -653,7 +616,6 @@ node /^mirror-update\d*\.openstack\.org$/ {
centos_keytab => hiera('centos_keytab'),
epel_keytab => hiera('epel_keytab'),
yum_puppetlabs_keytab => hiera('yum_puppetlabs_keytab'),
sysadmins => hiera('sysadmins', []),
}
}
@ -664,7 +626,6 @@ node /^mirror\d*\..*\.openstack\.org$/ {
class { 'openstack_project::server':
iptables_public_tcp_ports => [22, 80, 8080, 8081, 8082],
sysadmins => hiera('sysadmins', []),
afs => true,
afs_cache_size => 50000000, # 50GB
}
@ -681,7 +642,6 @@ node /^files\d*\.openstack\.org$/ {
$group = "files"
class { 'openstack_project::server':
iptables_public_tcp_ports => [80, 443],
sysadmins => hiera('sysadmins', []),
afs => true,
afs_cache_size => 10000000, # 10GB
}
@ -712,7 +672,6 @@ node /^files\d*\.openstack\.org$/ {
node /^refstack\d*\.openstack\.org$/ {
class { 'openstack_project::server':
iptables_public_tcp_ports => [80, 443],
sysadmins => hiera('sysadmins', []),
}
class { 'refstack':
mysql_host => hiera('refstack_mysql_host', 'localhost'),
@ -741,7 +700,6 @@ node /^refstack\d*\.openstack\.org$/ {
node /^storyboard\d*\.openstack\.org$/ {
class { 'openstack_project::storyboard':
project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
sysadmins => hiera('sysadmins', []),
mysql_host => hiera('storyboard_db_host', 'localhost'),
mysql_user => hiera('storyboard_db_user', 'username'),
mysql_password => hiera('storyboard_db_password'),
@ -772,7 +730,6 @@ node /^storyboard\d*\.openstack\.org$/ {
node /^storyboard-dev\d*\.openstack\.org$/ {
class { 'openstack_project::storyboard::dev':
project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
sysadmins => hiera('sysadmins', []),
mysql_host => hiera('storyboard_db_host', 'localhost'),
mysql_user => hiera('storyboard_db_user', 'username'),
mysql_password => hiera('storyboard_db_password'),
@ -799,7 +756,6 @@ node /^storyboard-dev\d*\.openstack\.org$/ {
node /^static\d*\.openstack\.org$/ {
class { 'openstack_project::server':
iptables_public_tcp_ports => [22, 80, 443],
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::static':
project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
@ -837,7 +793,6 @@ node /^zk\d+\.openstack\.org$/ {
{protocol => 'tcp', port => '3888', hostname => 'zk02.openstack.org'},
{protocol => 'tcp', port => '3888', hostname => 'zk03.openstack.org'},
],
sysadmins => hiera('sysadmins', []),
}
class { '::zookeeper':
@ -861,7 +816,6 @@ node /^status\d*\.openstack\.org$/ {
class { 'openstack_project::server':
iptables_public_tcp_ports => [22, 80, 443],
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::status':
@ -881,7 +835,6 @@ node /^survey\d+\.openstack\.org$/ {
$group = "survey"
class { 'openstack_project::server':
iptables_public_tcp_ports => [22, 80, 443],
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::survey':
@ -905,7 +858,6 @@ node /^adns\d+\.openstack\.org$/ {
$group = 'adns'
class { 'openstack_project::server':
sysadmins => hiera('sysadmins', []),
iptables_allowed_hosts => [
{protocol => 'tcp', port => '53', hostname => 'ns1.openstack.org'},
{protocol => 'tcp', port => '53', hostname => 'ns2.openstack.org'},
@ -925,7 +877,6 @@ node /^ns\d+\.openstack\.org$/ {
$group = 'ns'
class { 'openstack_project::server':
sysadmins => hiera('sysadmins', []),
iptables_public_udp_ports => [53],
iptables_public_tcp_ports => [53],
}
@ -969,7 +920,6 @@ node 'nodepool.openstack.org' {
{protocol => 'tcp', port => '2181', hostname => 'nl04.openstack.org'},
{protocol => 'tcp', port => '2181', hostname => 'zuul01.openstack.org'},
],
sysadmins => hiera('sysadmins', []),
iptables_public_tcp_ports => [80],
}
@ -1023,7 +973,6 @@ node /^nl\d+\.openstack\.org$/ {
$clouds_yaml = template("openstack_project/nodepool/clouds.yaml.erb")
class { 'openstack_project::server':
sysadmins => hiera('sysadmins', []),
iptables_public_tcp_ports => [80],
}
@ -1086,7 +1035,6 @@ node /^nb\d+\.openstack\.org$/ {
$clouds_yaml = template("openstack_project/nodepool/clouds.yaml.erb")
class { 'openstack_project::server':
sysadmins => hiera('sysadmins', []),
iptables_public_tcp_ports => [80, 443],
}
@ -1142,7 +1090,6 @@ node /^ze\d+\.openstack\.org$/ {
class { 'openstack_project::server':
iptables_public_tcp_ports => [79, 7900],
sysadmins => hiera('sysadmins', []),
afs => true,
}
@ -1257,7 +1204,6 @@ node /^zuul\d+\.openstack\.org$/ {
{protocol => 'tcp', port => '4730', hostname => 'zm07.openstack.org'},
{protocol => 'tcp', port => '4730', hostname => 'zm08.openstack.org'},
],
sysadmins => hiera('sysadmins', []),
}
class { '::project_config':
@ -1348,7 +1294,6 @@ node /^zm\d+.openstack\.org$/ {
class { 'openstack_project::server':
iptables_public_tcp_ports => [80],
sysadmins => hiera('sysadmins', []),
}
# NOTE(pabelanger): We call ::zuul directly, so we can override all in one
@ -1383,7 +1328,6 @@ node /^zm\d+.openstack\.org$/ {
# Node-OS: trusty
node 'pbx.openstack.org' {
class { 'openstack_project::server':
sysadmins => hiera('sysadmins', []),
# SIP signaling is either TCP or UDP port 5060.
# RTP media (audio/video) uses a range of UDP ports.
iptables_public_tcp_ports => [5060],
@ -1408,8 +1352,6 @@ node /^backup\d+\..*\.ci\.openstack\.org$/ {
$group = "ci-backup"
class { 'openstack_project::server':
iptables_public_tcp_ports => [],
manage_exim => false,
purge_apt_sources => false,
}
include openstack_project::backup_server
}
@ -1417,7 +1359,6 @@ node /^backup\d+\..*\.ci\.openstack\.org$/ {
# Node-OS: trusty
node 'openstackid.org' {
class { 'openstack_project::openstackid_prod':
sysadmins => hiera('sysadmins', []),
site_admin_password => hiera('openstackid_site_admin_password'),
id_mysql_host => hiera('openstackid_id_mysql_host', 'localhost'),
id_mysql_password => hiera('openstackid_id_mysql_password'),
@ -1447,7 +1388,6 @@ node 'openstackid.org' {
# Node-OS: trusty
node 'openstackid-dev.openstack.org' {
class { 'openstack_project::openstackid_dev':
sysadmins => hiera('sysadmins', []),
site_admin_password => hiera('openstackid_dev_site_admin_password'),
id_mysql_host => hiera('openstackid_dev_id_mysql_host', 'localhost'),
id_mysql_password => hiera('openstackid_dev_id_mysql_password'),
@ -1484,7 +1424,6 @@ node 'kdc01.openstack.org' {
class { 'openstack_project::server':
iptables_public_tcp_ports => [88, 464, 749, 754],
iptables_public_udp_ports => [88, 464, 749],
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::kdc': }
@ -1495,7 +1434,6 @@ node 'kdc04.openstack.org' {
class { 'openstack_project::server':
iptables_public_tcp_ports => [88, 464, 749, 754],
iptables_public_udp_ports => [88, 464, 749],
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::kdc':
@ -1509,9 +1447,7 @@ node 'afsdb01.openstack.org' {
class { 'openstack_project::server':
iptables_public_udp_ports => [7000,7002,7003,7004,7005,7006,7007],
sysadmins => hiera('sysadmins', []),
afs => true,
manage_exim => true,
}
include openstack_project::afsdb
@ -1524,9 +1460,7 @@ node /^afsdb.*\.openstack\.org$/ {
class { 'openstack_project::server':
iptables_public_udp_ports => [7000,7002,7003,7004,7005,7006,7007],
sysadmins => hiera('sysadmins', []),
afs => true,
manage_exim => true,
}
include openstack_project::afsdb
@ -1538,9 +1472,7 @@ node /^afs.*\..*\.openstack\.org$/ {
class { 'openstack_project::server':
iptables_public_udp_ports => [7000,7002,7003,7004,7005,7006,7007],
sysadmins => hiera('sysadmins', []),
afs => true,
manage_exim => true,
}
include openstack_project::afsfs
@ -1551,7 +1483,6 @@ node 'ask.openstack.org' {
class { 'openstack_project::server':
iptables_public_tcp_ports => [22, 80, 443],
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::ask':
@ -1568,7 +1499,6 @@ node 'ask.openstack.org' {
node 'ask-staging.openstack.org' {
class { 'openstack_project::server':
iptables_public_tcp_ports => [22, 80, 443],
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::ask_staging':
@ -1583,7 +1513,6 @@ node /^translate\d+\.openstack\.org$/ {
$group = "translate"
class { 'openstack_project::server':
iptables_public_tcp_ports => [80, 443],
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::translate':
admin_users => 'aeng,cboylan,eumel8,ianw,ianychoi,infra,jaegerandi,mordred,stevenk',
@ -1612,7 +1541,6 @@ node /^translate\d+\.openstack\.org$/ {
node /^translate-dev\d*\.openstack\.org$/ {
$group = "translate-dev"
class { 'openstack_project::translate_dev':
sysadmins => hiera('sysadmins', []),
admin_users => 'aeng,cboylan,eumel,eumel8,ianw,ianychoi,infra,jaegerandi,mordred,stevenk',
openid_url => 'https://openstackid-dev.openstack.org',
listeners => ['ajp'],
@ -1633,7 +1561,6 @@ node /^codesearch\d*\.openstack\.org$/ {
$group = "codesearch"
class { 'openstack_project::server':
iptables_public_tcp_ports => [80],
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::codesearch':
project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',

1
modules/openstack_project/files/80retry

@ -1 +0,0 @@
APT::Acquire::Retries "20";

1
modules/openstack_project/files/90no-translations

@ -1 +0,0 @@
Acquire::Languages "none";

1
modules/openstack_project/files/bash-history.sh

@ -1 +0,0 @@
export HISTTIMEFORMAT="%Y-%m-%dT%T%z "

6
modules/openstack_project/files/centos7-puppetlabs.repo

@ -1,6 +0,0 @@
[puppetlabs-products]
name=Puppet Labs Products El 7 - $basearch
baseurl=http://yum.puppetlabs.com/el/7/products/$basearch
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppetlabs
enabled=1
gpgcheck=1

4
modules/openstack_project/files/debian_limits.conf

@ -1,4 +0,0 @@
# Original 1024
* soft nofile 4096
# Original 4096
* hard nofile 8192

69
modules/openstack_project/files/rsyslog.d_50-default.conf

@ -1,69 +0,0 @@
# Default rules for rsyslog.
#
# For more information see rsyslog.conf(5) and /etc/rsyslog.conf
#
# First some standard log files. Log by facility.
#
auth,authpriv.* /var/log/auth.log
*.*;auth,authpriv.none -/var/log/syslog
#cron.* /var/log/cron.log
#daemon.* -/var/log/daemon.log
kern.* -/var/log/kern.log
#lpr.* -/var/log/lpr.log
mail.* -/var/log/mail.log
#user.* -/var/log/user.log
#
# Logging for the mail system. Split it up so that
# it is easy to write scripts to parse these files.
#
#mail.info -/var/log/mail.info
#mail.warn -/var/log/mail.warn
mail.err /var/log/mail.err
#
# Logging for INN news system.
#
news.crit /var/log/news/news.crit
news.err /var/log/news/news.err
news.notice -/var/log/news/news.notice
#
# Some "catch-all" log files.
#
#*.=debug;\
# auth,authpriv.none;\
# news.none;mail.none -/var/log/debug
#*.=info;*.=notice;*.=warn;\
# auth,authpriv.none;\
# cron,daemon.none;\
# mail,news.none -/var/log/messages
#
# Emergencies are sent to everybody logged in.
#
*.emerg :omusrmsg:*
#
# I like to have messages displayed on the console, but only on a virtual
# console I usually leave idle.
#
#daemon,mail.*;\
# news.=crit;news.=err;news.=notice;\
# *.=debug;*.=info;\
# *.=notice;*.=warn /dev/tty8
# The named pipe /dev/xconsole is for the `xconsole' utility. To use it,
# you must invoke `xconsole' with the `-file' option:
#
# $ xconsole -file /dev/xconsole [...]
#
# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
# busy site..
#
# Commenting out since we don't install xconsoles on headless servers.
#daemon.*;mail.*;\
# news.err;\
# *.=debug;*.=info;\
# *.=notice;*.=warn |/dev/xconsole

13
modules/openstack_project/files/sources.list.trusty.amd64

@ -1,13 +0,0 @@
# This file is kept updated by puppet, adapted from
# http://ubuntuguide.org/wiki/Ubuntu_Trusty_Packages_and_Repositories
deb http://us.archive.ubuntu.com/ubuntu trusty main restricted
deb http://us.archive.ubuntu.com/ubuntu trusty-updates main restricted
deb http://us.archive.ubuntu.com/ubuntu trusty universe
deb http://us.archive.ubuntu.com/ubuntu trusty-updates universe
deb http://us.archive.ubuntu.com/ubuntu trusty multiverse
deb http://us.archive.ubuntu.com/ubuntu trusty-updates multiverse
deb http://us.archive.ubuntu.com/ubuntu trusty-backports main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu trusty-security main restricted
deb http://security.ubuntu.com/ubuntu trusty-security universe
deb http://security.ubuntu.com/ubuntu trusty-security multiverse

35
modules/openstack_project/files/sources.list.xenial.aarch64

@ -1,35 +0,0 @@
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb http://ports.ubuntu.com/ubuntu-ports/ xenial main restricted multiverse
deb-src http://ports.ubuntu.com/ubuntu-ports/ xenial main restricted multiverse
## Major bug fix updates produced after the final release of the
## distribution.
deb http://ports.ubuntu.com/ubuntu-ports/ xenial-updates main restricted multiverse
deb-src http://ports.ubuntu.com/ubuntu-ports/ xenial-updates main restricted multiverse
## Uncomment the following two lines to add software from the 'universe'
## repository.
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://ports.ubuntu.com/ubuntu-ports/ xenial universe
deb-src http://ports.ubuntu.com/ubuntu-ports/ xenial universe
deb http://ports.ubuntu.com/ubuntu-ports/ xenial-updates universe
deb-src http://ports.ubuntu.com/ubuntu-ports/ xenial-updates universe
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
# deb http://ports.ubuntu.com/ubuntu-ports/ xenial-backports main restricted
# deb-src http://ports.ubuntu.com/ubuntu-ports/ xenial-backports main restricted
deb http://ports.ubuntu.com/ubuntu-ports/ xenial-security main restricted multiverse
deb-src http://ports.ubuntu.com/ubuntu-ports/ xenial-security main restricted multiverse
deb http://ports.ubuntu.com/ubuntu-ports/ xenial-security universe
deb-src http://ports.ubuntu.com/ubuntu-ports/ xenial-security universe
# deb http://ports.ubuntu.com/ubuntu-ports/ xenial-security multiverse
# deb-src http://ports.ubuntu.com/ubuntu-ports/ xenial-security multiverse

13
modules/openstack_project/files/sources.list.xenial.amd64

@ -1,13 +0,0 @@
# This file is kept updated by puppet, adapted from
# https://help.ubuntu.com/lts/serverguide/configuration.html
deb http://us.archive.ubuntu.com/ubuntu xenial main restricted
deb http://us.archive.ubuntu.com/ubuntu xenial-updates main restricted
deb http://us.archive.ubuntu.com/ubuntu xenial universe
deb http://us.archive.ubuntu.com/ubuntu xenial-updates universe
deb http://us.archive.ubuntu.com/ubuntu xenial multiverse
deb http://us.archive.ubuntu.com/ubuntu xenial-updates multiverse
deb http://us.archive.ubuntu.com/ubuntu xenial-backports main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu xenial-security main restricted
deb http://security.ubuntu.com/ubuntu xenial-security universe
deb http://security.ubuntu.com/ubuntu xenial-security multiverse

81
modules/openstack_project/files/yum/yum-cron.conf

@ -1,81 +0,0 @@
[commands]
# What kind of update to use:
# default = yum upgrade
# security = yum --security upgrade
# security-severity:Critical = yum --sec-severity=Critical upgrade
# minimal = yum --bugfix update-minimal
# minimal-security = yum --security update-minimal
# minimal-security-severity:Critical = --sec-severity=Critical update-minimal
update_cmd = default
# Whether a message should be emitted when updates are available,
# were downloaded, or applied.
update_messages = yes
# Whether updates should be downloaded when they are available.
download_updates = yes
# Whether updates should be applied when they are available. Note
# that download_updates must also be yes for the update to be applied.
apply_updates = yes
# Maximum amout of time to randomly sleep, in minutes. The program
# will sleep for a random amount of time between 0 and random_sleep
# minutes before running. This is useful for e.g. staggering the
# times that multiple systems will access update servers. If
# random_sleep is 0 or negative, the program will run immediately.
# 6*60 = 360
random_sleep = 360
[emitters]
# Name to use for this system in messages that are emitted. If
# system_name is None, the hostname will be used.
system_name = None
# How to send messages. Valid options are stdio and email. If
# emit_via includes stdio, messages will be sent to stdout; this is useful
# to have cron send the messages. If emit_via includes email, this
# program will send email itself according to the configured options.
# If emit_via is None or left blank, no messages will be sent.
emit_via = stdio
# The width, in characters, that messages that are emitted should be
# formatted to.
output_width = 80
[email]
# The address to send email messages from.
# NOTE: 'localhost' will be replaced with the value of system_name.
email_from = root@localhost
# List of addresses to send messages to.
email_to = root
# Name of the host to connect to to send email messages.
email_host = localhost
[groups]
# NOTE: This only works when group_command != objects, which is now the default
# List of groups to update
group_list = None
# The types of group packages to install
group_package_types = mandatory, default
[base]
# This section overrides yum.conf
# Use this to filter Yum core messages
# -4: critical
# -3: critical+errors
# -2: critical+errors+warnings (default)
debuglevel = -2
# skip_broken = True
mdpolicy = group:main
# Uncomment to auto-import new gpg keys (dangerous)
# assumeyes = True

4
modules/openstack_project/manifests/ask.pp

@ -17,10 +17,6 @@ class openstack_project::ask (
$askbot_revision = '87086ebcefc5be29e80d3228e465e6bec4523fcf'
) {
realize (
User::Virtual::Localuser['mkiss'],
)
file { '/srv/dist':
ensure => directory,
owner => 'root',

4
modules/openstack_project/manifests/ask_staging.pp

@ -13,10 +13,6 @@ class openstack_project::ask_staging (
$solr_version = '4.10.4'
) {
realize (
User::Virtual::Localuser['mkiss'],
)
file { '/srv/dist':
ensure => directory,
owner => 'root',

2
modules/openstack_project/manifests/cacti.pp

@ -1,6 +1,5 @@
# Class to configure cacti on a node.
class openstack_project::cacti (
$sysadmins = [],
$cacti_hosts = [],
$vhost_name = '',
) {
@ -11,7 +10,6 @@ class openstack_project::cacti (
class { 'openstack_project::server':
iptables_public_tcp_ports => [80, 443],
sysadmins => $sysadmins,
}
class { '::apache':

31
modules/openstack_project/manifests/firehose.pp

@ -15,7 +15,6 @@
# firehose glue class.
#
class openstack_project::firehose (
$sysadmins = [],
$gerrit_username = 'germqtt',
$gerrit_public_key,
$gerrit_private_key,
@ -69,36 +68,6 @@ class openstack_project::firehose (
ensure => running,
}
class {'::exim':
sysadmins => $sysadmins,
local_domains => "@:firehose.openstack.org",
default_localuser_router => false,
routers => [
{'cyrus' => {
'driver' => 'accept',
'domains' => '+local_domains',
'local_part_suffix' => '+*',
'local_part_suffix_optional' => true,
'transport' => 'cyrus',
}},
{'localuser' => {
'driver' => 'accept',
'check_local_user' => true,
'transport' => 'local_delivery',
'cannot_route_message' => 'Unknown user',
}}
],
transports => [
{'cyrus' => {
'driver' => 'lmtp',
'socket' => '/var/run/cyrus/socket/lmtp',
'user' => 'cyrus',
'batch_max' => '35',
}}
],
require => Package['cyrus-imapd'],
}
include lpmqtt
class {'lpmqtt::server':
mqtt_username => $mqtt_username,

9
modules/openstack_project/manifests/git.pp

@ -16,14 +16,12 @@
#
# == Class: openstack_project::git
class openstack_project::git (
$sysadmins = [],
$balancer_member_names = [],
$balancer_member_ips = [],
$selinux_mode = 'enforcing'
) {
class { 'openstack_project::server':
iptables_public_tcp_ports => [80, 443, 9418],
sysadmins => $sysadmins,
}
if ($::osfamily == 'RedHat') {
@ -148,6 +146,13 @@ class openstack_project::git (
notify => Service['rsyslog'],
}
# TODO(mordred) We should get this haproxy stuff ported to ansible ASAP.
# Ansible is the one installing rsyslog.
service { 'rsyslog':
ensure => running,
enable => true,
hasrestart => true,
}
# haproxy statsd

4
modules/openstack_project/manifests/groups.pp

@ -28,10 +28,6 @@ class openstack_project::groups (
$site_ssl_chain_file = '/etc/ssl/certs/groups.openstack.org_ca.pem',
) {
realize (
User::Virtual::Localuser['mkiss'],
)
vcsrepo { '/srv/groups-static-pages':
ensure => latest,
provider => git,

4
modules/openstack_project/manifests/groups_dev.pp

@ -25,10 +25,6 @@ class openstack_project::groups_dev (
$site_ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key',
) {
realize (
User::Virtual::Localuser['mkiss'],
)
# include drupal
vcsrepo { '/srv/groups-static-pages':

4
modules/openstack_project/manifests/infracloud/baremetal.pp

@ -35,8 +35,4 @@ class openstack_project::infracloud::baremetal (
ipv4_subnet_mask => $ipv4_subnet_mask,
}
realize (
User::Virtual::Localuser['colleen'],
)
}

5
modules/openstack_project/manifests/infracloud/controller.pp

@ -50,9 +50,4 @@ class openstack_project::infracloud::controller (
neutron_subnet_allocation_pools => $neutron_subnet_allocation_pools,
mysql_max_connections => $mysql_max_connections,
}
realize (
User::Virtual::Localuser['colleen'],
)
}

17
modules/openstack_project/manifests/kata_lists.pp

@ -1,28 +1,13 @@
# == Class: openstack_project::kata_lists
#
class openstack_project::kata_lists(
$listadmins,
$listpassword = ''
) {
$listdomain = 'lists.katacontainers.io'
class { 'exim':
sysadmins => $listadmins,
queue_interval => '1m',
queue_run_max => '50',
mailman_domains => [$listdomain],
smtp_accept_max => '100',
smtp_accept_max_per_host => '10',
}
class { 'mailman':
vhost_name => $listdomain,
vhost_name => 'lists.katacontainers.io'
}
realize (
User::Virtual::Localuser['jbryce'],
)
Maillist {
provider => 'noaliasmailman',
}

100
modules/openstack_project/manifests/lists.pp

@ -1,113 +1,13 @@
# == Class: openstack_project::lists
#
class openstack_project::lists(
$listadmins,
$listpassword = ''
) {
$mm_domains='lists.openstack.org:lists.zuul-ci.org:lists.airshipit.org:lists.starlingx.io'
class { 'mailman':
multihost => true,
}
class { 'exim':
sysadmins => $listadmins,
queue_interval => '1m',
queue_run_max => '50',
smtp_accept_max => '100',
smtp_accept_max_per_host => '10',
extra_aliases => {
'ambassadors-owner' => 'spam',
'community-owner' => 'spam',
'foundation-board-confidential-owner' => 'spam',
'foundation-board-owner' => 'spam',
'foundation-owner' => 'spam',
'legal-discuss-owner' => 'spam',
'mailman-owner' => 'spam',
'marketing-owner' => 'spam',
'openstack-announce-owner' => 'spam',
'openstack-dev-owner' => 'spam',
'openstack-docs-owner' => 'spam',
'openstack-fr-owner' => 'spam',
'openstack-i18n-owner' => 'spam',
'openstack-infra-owner' => 'spam',
'openstack-operators-owner' => 'spam',
'openstack-owner' => 'spam',
'openstack-qa-owner' => 'spam',
'openstack-security-owner' => 'spam',
'openstack-tc-owner' => 'spam',
'openstack-vi-owner' => 'spam',
'product-wg-owner' => 'spam',
'superuser-owner' => 'spam',
'user-committee-owner' => 'spam',
'women-of-openstack-owner' => 'spam',
'spam' => ':fail: delivery temporarily disabled due to ongoing spam flood',
},
local_domains => "@:$mm_domains",
routers => [
{'mailman_verp_router' => {
'driver' => 'dnslookup',
# we only consider messages sent in through loopback
'condition' => '${if or{{eq{$sender_host_address}{127.0.0.1}}\
{eq{$sender_host_address}{::1}}}{yes}{no}}',
# we do not do this for traffic going to the local machine
'domains' => '!+local_domains',
'ignore_target_hosts' => '<; 0.0.0.0; \
64.94.110.11; \
127.0.0.0/8; \
::1/128;fe80::/10;fe \
c0::/10;ff00::/8',
# only the un-VERPed bounce addresses are handled
'senders' => '"*-bounces@*"',
'transport' => 'mailman_verp_smtp',
}
},
{'mailman_router' => {
'driver' => 'accept',
'domains' => "$mm_domains",
'require_files' => '${lookup{${lc::$domain}}lsearch{/etc/mailman/sites}}/lists/${lc::$local_part}/config.pck',
'local_part_suffix_optional' => true,
'local_part_suffix' => '-admin : \
-bounces : -bounces+* : \
-confirm : -confirm+* : \
-join : -leave : \
-owner : -request : \
-subscribe : -unsubscribe',
'transport' => 'mailman_transport',
}
},
],
transports => [
{'mailman_transport' => {
'driver' => 'pipe',
'environment' => 'MAILMAN_SITE_DIR=${lookup{${lc:$domain}}lsearch{/etc/mailman/sites}}',
'command' => '/var/lib/mailman/mail/mailman \
\'${if def:local_part_suffix \
{${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
{post}}\' \
$local_part',
'current_directory' => '/var/lib/mailman',
'home_directory' => '/var/lib/mailman',
'user' => 'list',
'group' => 'list',
}
},
{'mailman_verp_smtp' => {
'driver' => 'smtp',
'return_path' => '${local_part:$return_path}+$local_part=$domain@${domain:$return_path}',
'max_rcpt' => '1',
'headers_remove' => 'Errors-To',
'headers_add' => 'Errors-To: ${return_path}',
}
},
]
}
realize (
User::Virtual::Localuser['smaffulli'],
)
# Disable inactive admins
user::virtual::disable { 'oubiwann': }
user::virtual::disable { 'rockstar': }

2
modules/openstack_project/manifests/mirror_update.pp

@ -1,7 +1,6 @@
# == Class: openstack_project::mirror_update
#
class openstack_project::mirror_update (
$sysadmins = [],
$bandersnatch_keytab = '',
$reprepro_keytab = '',
$admin_keytab = '',
@ -16,7 +15,6 @@ class openstack_project::mirror_update (
include ::openstack_project::reprepro_mirror
class { 'openstack_project::server':
sysadmins => $sysadmins,
afs => true,
}

7
modules/openstack_project/manifests/openstackid_dev.pp

@ -15,7 +15,6 @@
# openstackid idp(sso-openid) dev server
#
class openstack_project::openstackid_dev (
$sysadmins = [],
$site_admin_password = '',
$id_mysql_host = '',
$id_mysql_user = '',
@ -62,14 +61,8 @@ class openstack_project::openstackid_dev (
$session_cookie_secure = false,
) {
realize (
User::Virtual::Localuser['smarcet'],
User::Virtual::Localuser['mkiss'],
)
class { 'openstack_project::server':
iptables_public_tcp_ports => [80, 443],
sysadmins => $sysadmins,
}
class { 'openstackid':

7
modules/openstack_project/manifests/openstackid_prod.pp

@ -15,7 +15,6 @@
# openstackid idp(sso-openid) server
#
class openstack_project::openstackid_prod (
$sysadmins = [],
$site_admin_password = '',
$id_mysql_host = '',
$id_mysql_user = '',
@ -63,14 +62,8 @@ class openstack_project::openstackid_prod (
$session_cookie_secure = false,
) {
realize (
User::Virtual::Localuser['smarcet'],
User::Virtual::Localuser['maxwell'],
)
class { 'openstack_project::server':
iptables_public_tcp_ports => [80, 443],
sysadmins => $sysadmins,
}
class { 'openstackid':

39
modules/openstack_project/manifests/params.pp

@ -1,39 +0,0 @@
# Class: openstack_project::params
#
# This class holds parameters that need to be
# accessed by other classes.
class openstack_project::params {
$cross_platform_packages = [
'at',
'git',
'lvm2',
'parted',
'rsync',
'strace',
'tcpdump',
'wget',
]
case $::osfamily {
'RedHat': {
$packages = concat($cross_platform_packages, ['iputils', 'bind-utils'])
$user_packages = ['emacs-nox', 'vim-enhanced']
$login_defs = 'puppet:///modules/openstack_project/login.defs.redhat'
}
'Debian': {
$packages = concat($cross_platform_packages, ['iputils-ping', 'dnsutils'])
case $::operatingsystemrelease {
/^(12|14)\.(04|10)$/: {
$user_packages = ['emacs23-nox', 'vim-nox', 'iftop',
'sysstat', 'iotop']
}
default: {
$user_packages = ['emacs-nox', 'vim-nox']
}
}
$login_defs = 'puppet:///modules/openstack_project/login.defs.debian'
}
default: {
fail("Unsupported osfamily: ${::osfamily} The 'openstack_project' module only supports osfamily Debian or RedHat (slaves only).")
}
}
}

3
modules/openstack_project/manifests/pbx.pp

@ -18,9 +18,6 @@
class openstack_project::pbx (
$sip_providers = [],
) {
realize (
User::Virtual::Localuser['rbryant'],
)
class { 'asterisk':
modules_conf_source => 'puppet:///modules/openstack_project/pbx/asterisk/modules.conf',

2
modules/openstack_project/manifests/planet.pp

@ -1,11 +1,9 @@
# == Class: openstack_project::planet
#
class openstack_project::planet (
$sysadmins = []
) {
class { 'openstack_project::server':
iptables_public_tcp_ports => [80],
sysadmins => $sysadmins,
}
include ::planet

4
modules/openstack_project/manifests/review_dev.pp

@ -43,10 +43,6 @@ class openstack_project::review_dev (
}
}
realize (
User::Virtual::Localuser['zaro'],
)
class { 'project_config':
url => $project_config_repo,
base => 'dev/',

278
modules/openstack_project/manifests/server.pp

@ -7,116 +7,21 @@ class openstack_project::server (
$iptables_rules4 = [],
$iptables_rules6 = [],
$iptables_allowed_hosts = [],
$sysadmins = [],
$extra_aliases = {},
$pin_puppet = '3.',
$ca_server = undef,
$enable_unbound = true,
$afs = false,
$afs_cache_size = 500000,
$manage_exim = true,
$pypi_index_url = 'https://pypi.python.org/simple',
$purge_apt_sources = true,
) {
include sudoers
include openstack_project::params
include openstack_project::users
class { 'openstack_project::users_install':
install_users => true,
}
class { 'timezone':
timezone => 'Etc/UTC',
}
package { 'rsyslog':
ensure => present,
}
service { 'rsyslog':
ensure => running,
enable => true,
hasrestart => true,
require => Package['rsyslog'],
}
# Increase syslog message size in order to capture
# python tracebacks with syslog.
file { '/etc/rsyslog.d/99-maxsize.conf':
ensure => present,
# Note MaxMessageSize is not a puppet variable.
content => '$MaxMessageSize 6k',
owner => 'root',
group => 'root',
mode => '0644',
notify => Service['rsyslog'],
require => Package['rsyslog'],
}
if $::osfamily == 'Debian' {
file { '/etc/security/limits.d/60-nofile-limit.conf':
owner => 'root',
group => 'root',
mode => '0644',
source => 'puppet:///modules/openstack_project/debian_limits.conf',
replace => true,
}
file { '/etc/apt/apt.conf.d/80retry':
owner => 'root',
group => 'root',
mode => '0444',
source => 'puppet:///modules/openstack_project/80retry',
replace => true,
}
file { '/etc/apt/apt.conf.d/90no-translations':
owner => 'root',
group => 'root',
mode => '0444',
source => 'puppet:///modules/openstack_project/90no-translations',
replace => true,
}
# Custom rsyslog config to disable /dev/xconsole noise on Debuntu servers
file { '/etc/rsyslog.d/50-default.conf':
ensure => present,
owner => 'root',
group => 'root',
mode => '0644',
source =>
'puppet:///modules/openstack_project/rsyslog.d_50-default.conf',
replace => true,
notify => Service['rsyslog'],
require => Package['rsyslog'],
}
# Purge and augment existing /etc/apt/sources.list if requested, and make
# sure apt-get update is run before any packages are installed
class { '::apt':
purge => { 'sources.list' => $purge_apt_sources }
}
if $purge_apt_sources == true {
file { '/etc/apt/sources.list.d/openstack-infra.list':
ensure => present,
group => 'root',
mode => '0444',
owner => 'root',
source => "puppet:///modules/openstack_project/sources.list.${::lsbdistcodename}.${::architecture}",
}
exec { 'update-apt':
command => 'apt-get update',
refreshonly => true,
path => '/bin:/usr/bin',
subscribe => File['/etc/apt/sources.list.d/openstack-infra.list'],
}
Exec['update-apt'] -> Package <| |>
}
}
package { $::openstack_project::params::packages:
ensure => present
# Include ::apt while we work on the puppet->ansible transition
if ($::osfamily == 'Debian') {
include ::apt
}
###########################################################
@ -124,45 +29,6 @@ class openstack_project::server (
include '::ntp'
if ($::osfamily == "RedHat") {
# Utils in ntp-perl are included in Debian's ntp package; we
# add it here for consistency. See also
# https://tickets.puppetlabs.com/browse/MODULES-3660
package { 'ntp-perl':
ensure => present
}
# NOTE(pabelanger): We need to ensure ntpdate service starts on boot for
# centos-7. Currently, ntpd explicitly require ntpdate to be running before
# the sync process can happen in ntpd. As a result, if ntpdate is not
# running, ntpd will start but fail to sync because of DNS is not properly
# setup.
package { 'ntpdate':
ensure => present,
}
service { 'ntpdate':
enable => true,
require => Package['ntpdate'],
}
package { 'yum-cron':
ensure => present,
}
file { '/etc/yum/yum-cron.conf':
ensure => present,
owner => root,
group => root,
mode => '0644',
source => 'puppet:///modules/openstack_project/yum/yum-cron.conf',
replace => true,
require => Package['yum-cron'],
notify => Service['yum-cron'],
}
service { 'yum-cron':
enable => true,
ensure => running,
require => Package['yum-cron'],
}
}
###########################################################
# Manage Root ssh
@ -171,24 +37,6 @@ class openstack_project::server (
trusted_ssh_source => '23.253.245.198,2001:4800:7818:101:3c21:a454:23ed:4072,23.253.234.219,2001:4800:7817:103:be76:4eff:fe04:5a1d',
}
if ! defined(File['/root/.ssh']) {
file { '/root/.ssh':