From bab6fcad3cbedbd6b498d214f0ea93ee26d91283 Mon Sep 17 00:00:00 2001 From: Monty Taylor Date: Wed, 25 Jul 2018 12:36:26 -0500 Subject: [PATCH] Remove base.yaml things from openstack_project::server Now that we've got base server stuff rewritten in ansible, remove the old puppet versions. Depends-On: https://review.openstack.org/588326 Change-Id: I5c82fe6fd25b9ddaa77747db377ffa7e8bf23c7b --- doc/source/sysadmin.rst | 9 +- manifests/site.pp | 73 ----- modules/openstack_project/files/80retry | 1 - .../openstack_project/files/90no-translations | 1 - .../openstack_project/files/bash-history.sh | 1 - .../files/centos7-puppetlabs.repo | 6 - .../files/debian_limits.conf | 4 - .../files/rsyslog.d_50-default.conf | 69 ----- .../files/sources.list.trusty.amd64 | 13 - .../files/sources.list.xenial.aarch64 | 35 --- .../files/sources.list.xenial.amd64 | 13 - .../openstack_project/files/yum/yum-cron.conf | 81 ----- modules/openstack_project/manifests/ask.pp | 4 - .../manifests/ask_staging.pp | 4 - modules/openstack_project/manifests/cacti.pp | 2 - .../openstack_project/manifests/firehose.pp | 31 -- modules/openstack_project/manifests/git.pp | 9 +- modules/openstack_project/manifests/groups.pp | 4 - .../openstack_project/manifests/groups_dev.pp | 4 - .../manifests/infracloud/baremetal.pp | 4 - .../manifests/infracloud/controller.pp | 5 - .../openstack_project/manifests/kata_lists.pp | 17 +- modules/openstack_project/manifests/lists.pp | 100 ------- .../manifests/mirror_update.pp | 2 - .../manifests/openstackid_dev.pp | 7 - .../manifests/openstackid_prod.pp | 7 - modules/openstack_project/manifests/params.pp | 39 --- modules/openstack_project/manifests/pbx.pp | 3 - modules/openstack_project/manifests/planet.pp | 2 - .../openstack_project/manifests/review_dev.pp | 4 - modules/openstack_project/manifests/server.pp | 278 +---------------- .../openstack_project/manifests/storyboard.pp | 39 --- .../manifests/storyboard/dev.pp | 9 - modules/openstack_project/manifests/summit.pp | 6 - .../manifests/translate_dev.pp | 2 - modules/openstack_project/manifests/users.pp | 280 ------------------ .../manifests/users_install.pp | 66 ----- modules/openstack_project/manifests/wiki.pp | 8 - .../spec/acceptance/basic_spec.rb | 8 +- playbooks/base.yaml | 4 + playbooks/group_vars/all.yaml | 12 + playbooks/group_vars/ask.yaml | 2 + playbooks/group_vars/groups.yaml | 2 + playbooks/group_vars/review-dev.yaml | 2 + playbooks/group_vars/review.yaml | 2 + playbooks/group_vars/storyboard-dev.yaml | 4 + playbooks/group_vars/wiki.yaml | 3 + .../host_vars/lists.katacontainers.io.yaml | 2 + .../openstackid-dev.openstack.org.yaml | 3 + playbooks/host_vars/openstackid.org.yaml | 3 + .../files/puppet.default | 0 .../disable-puppet-agent/tasks/Debian.yaml | 5 + .../disable-puppet-agent/tasks/main.yaml | 10 + .../roles/install-ansible/files/groups.yaml | 3 + run_all.sh | 1 + 55 files changed, 78 insertions(+), 1230 deletions(-) delete mode 100644 modules/openstack_project/files/80retry delete mode 100644 modules/openstack_project/files/90no-translations delete mode 100644 modules/openstack_project/files/bash-history.sh delete mode 100644 modules/openstack_project/files/centos7-puppetlabs.repo delete mode 100644 modules/openstack_project/files/debian_limits.conf delete mode 100644 modules/openstack_project/files/rsyslog.d_50-default.conf delete mode 100644 modules/openstack_project/files/sources.list.trusty.amd64 delete mode 100644 modules/openstack_project/files/sources.list.xenial.aarch64 delete mode 100644 modules/openstack_project/files/sources.list.xenial.amd64 delete mode 100644 modules/openstack_project/files/yum/yum-cron.conf delete mode 100644 modules/openstack_project/manifests/params.pp delete mode 100644 modules/openstack_project/manifests/users.pp delete mode 100644 modules/openstack_project/manifests/users_install.pp create mode 100644 playbooks/group_vars/ask.yaml create mode 100644 playbooks/group_vars/groups.yaml create mode 100644 playbooks/group_vars/review-dev.yaml create mode 100644 playbooks/group_vars/review.yaml create mode 100644 playbooks/group_vars/storyboard-dev.yaml create mode 100644 playbooks/group_vars/wiki.yaml create mode 100644 playbooks/host_vars/openstackid-dev.openstack.org.yaml create mode 100644 playbooks/host_vars/openstackid.org.yaml rename {modules/openstack_project => playbooks/roles/disable-puppet-agent}/files/puppet.default (100%) create mode 100644 playbooks/roles/disable-puppet-agent/tasks/Debian.yaml create mode 100644 playbooks/roles/disable-puppet-agent/tasks/main.yaml diff --git a/doc/source/sysadmin.rst b/doc/source/sysadmin.rst index 9b60e3ffd5..d361f345a1 100644 --- a/doc/source/sysadmin.rst +++ b/doc/source/sysadmin.rst @@ -131,13 +131,12 @@ To create a new server, do the following: to manually add the private information to hiera. * You should be able to install and configure most software only with - puppet. Nonetheless, if you need SSH access to the host, add your - public key to :cgit_file:`modules/openstack_project/manifests/users.pp` and + ansible or puppet. Nonetheless, if you need SSH access to the host, + add your public key to :cgit_file:`playbooks/group_vars/all.yaml` and include a stanza like this in your server class:: - realize ( - User::Virtual::Localuser['USERNAME'], - ) + extra_users: + - your_user_name * Add an RST file with documentation about the server in :cgit_file:`doc/source` and add it to the index in that directory. diff --git a/manifests/site.pp b/manifests/site.pp index 095aa528ee..0df0349c45 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -12,7 +12,6 @@ $elasticsearch_nodes = hiera_array('elasticsearch_nodes') # node default { class { 'openstack_project::server': - sysadmins => hiera('sysadmins', []), } } @@ -27,8 +26,6 @@ node 'review.openstack.org' { iptables_public_tcp_ports => [80, 443, 29418], iptables_rules6 => $iptables_rules, iptables_rules4 => $iptables_rules, - sysadmins => hiera('sysadmins', []), - extra_aliases => { 'gerrit2' => 'root' }, } class { 'openstack_project::review': @@ -75,8 +72,6 @@ node 'review01.openstack.org' { iptables_public_tcp_ports => [80, 443, 29418], iptables_rules6 => $iptables_rules, iptables_rules4 => $iptables_rules, - sysadmins => hiera('sysadmins', []), - extra_aliases => { 'gerrit2' => 'root' }, } class { 'openstack_project::review': @@ -123,8 +118,6 @@ node /^review-dev\d*\.openstack\.org$/ { iptables_public_tcp_ports => [80, 443, 29418], iptables_rules6 => $iptables_rules, iptables_rules4 => $iptables_rules, - sysadmins => hiera('sysadmins', []), - extra_aliases => { 'gerrit2' => 'root' }, afs => true, } @@ -157,7 +150,6 @@ node /^grafana\d*\.openstack\.org$/ { $group = "grafana" class { 'openstack_project::server': iptables_public_tcp_ports => [80], - sysadmins => hiera('sysadmins', []), } class { 'openstack_project::grafana': admin_password => hiera('grafana_admin_password'), @@ -176,7 +168,6 @@ node /^grafana\d*\.openstack\.org$/ { node /^health\d*\.openstack\.org$/ { class { 'openstack_project::server': iptables_public_tcp_ports => [80, 443], - sysadmins => hiera('sysadmins', []), } class { 'openstack_project::openstack_health_api': subunit2sql_db_host => hiera('subunit2sql_db_host', 'localhost'), @@ -188,7 +179,6 @@ node /^cacti\d+\.openstack\.org$/ { $group = "cacti" include openstack_project::ssl_cert_check class { 'openstack_project::cacti': - sysadmins => hiera('sysadmins', []), cacti_hosts => hiera_array('cacti_hosts'), vhost_name => 'cacti.openstack.org', } @@ -198,7 +188,6 @@ node /^cacti\d+\.openstack\.org$/ { node 'puppetmaster.openstack.org' { class { 'openstack_project::server': iptables_public_tcp_ports => [8140], - sysadmins => hiera('sysadmins', []), pin_puppet => '3.6.', } class { 'openstack_project::puppetmaster': @@ -254,7 +243,6 @@ node /^graphite\d*\.openstack\.org$/ { {protocol => 'udp', port => '8125', hostname => 'ze10.openstack.org'}, {protocol => 'udp', port => '8125', hostname => 'ze11.openstack.org'}, ], - sysadmins => hiera('sysadmins', []) } class { '::graphite': @@ -269,7 +257,6 @@ node /^graphite\d*\.openstack\.org$/ { node /^groups\d*\.openstack\.org$/ { class { 'openstack_project::server': iptables_public_tcp_ports => [22, 80, 443], - sysadmins => hiera('sysadmins', []), } class { 'openstack_project::groups': site_admin_password => hiera('groups_site_admin_password'), @@ -287,7 +274,6 @@ node /^groups\d*\.openstack\.org$/ { node /^groups-dev\d*\.openstack\.org$/ { class { 'openstack_project::server': iptables_public_tcp_ports => [22, 80, 443], - sysadmins => hiera('sysadmins', []), } class { 'openstack_project::groups_dev': site_admin_password => hiera('groups_dev_site_admin_password'), @@ -306,12 +292,9 @@ node /^groups-dev\d*\.openstack\.org$/ { node /^lists\d*\.openstack\.org$/ { class { 'openstack_project::server': iptables_public_tcp_ports => [25, 80, 465], - manage_exim => false, - purge_apt_sources => false, } class { 'openstack_project::lists': - listadmins => hiera('listadmins', []), listpassword => hiera('listpassword'), } } @@ -320,12 +303,9 @@ node /^lists\d*\.openstack\.org$/ { node /^lists\d*\.katacontainers\.io$/ { class { 'openstack_project::server': iptables_public_tcp_ports => [25, 80, 465], - manage_exim => false, - purge_apt_sources => false, } class { 'openstack_project::kata_lists': - listadmins => hiera('listadmins', []), listpassword => hiera('listpassword'), } } @@ -336,7 +316,6 @@ node /^paste\d*\.openstack\.org$/ { class { 'openstack_project::server': iptables_public_tcp_ports => [80], - sysadmins => hiera('sysadmins', []), } class { 'openstack_project::paste': db_password => hiera('paste_db_password'), @@ -348,7 +327,6 @@ node /^paste\d*\.openstack\.org$/ { # Node-OS: xenial node /planet\d*\.openstack\.org$/ { class { 'openstack_project::planet': - sysadmins => hiera('sysadmins', []), } } @@ -357,7 +335,6 @@ node /^eavesdrop\d*\.openstack\.org$/ { $group = "eavesdrop" class { 'openstack_project::server': iptables_public_tcp_ports => [80], - sysadmins => hiera('sysadmins', []), } class { 'openstack_project::eavesdrop': @@ -397,7 +374,6 @@ node /^ethercalc\d+\.openstack\.org$/ { $group = "ethercalc" class { 'openstack_project::server': iptables_public_tcp_ports => [22, 80, 443], - sysadmins => hiera('sysadmins', []), } class { 'openstack_project::ethercalc': @@ -413,7 +389,6 @@ node /^ethercalc\d+\.openstack\.org$/ { node /^etherpad\d*\.openstack\.org$/ { class { 'openstack_project::server': iptables_public_tcp_ports => [22, 80, 443], - sysadmins => hiera('sysadmins', []), } class { 'openstack_project::etherpad': @@ -431,7 +406,6 @@ node /^etherpad\d*\.openstack\.org$/ { node /^etherpad-dev\d*\.openstack\.org$/ { class { 'openstack_project::server': iptables_public_tcp_ports => [22, 80, 443], - sysadmins => hiera('sysadmins', []), } class { 'openstack_project::etherpad_dev': @@ -445,7 +419,6 @@ node /^etherpad-dev\d*\.openstack\.org$/ { node /^wiki\d+\.openstack\.org$/ { $group = "wiki" class { 'openstack_project::wiki': - sysadmins => hiera('sysadmins', []), bup_user => 'bup-wiki', serveradmin => hiera('infra_apache_serveradmin'), site_hostname => 'wiki.openstack.org', @@ -468,7 +441,6 @@ node /^wiki\d+\.openstack\.org$/ { node /^wiki-dev\d+\.openstack\.org$/ { $group = "wiki-dev" class { 'openstack_project::wiki': - sysadmins => hiera('sysadmins', []), serveradmin => hiera('infra_apache_serveradmin'), site_hostname => 'wiki-dev.openstack.org', wg_dbserver => hiera('wg_dbserver'), @@ -489,7 +461,6 @@ node /^logstash\d*\.openstack\.org$/ { class { 'openstack_project::server': iptables_public_tcp_ports => [22, 80, 3306], iptables_allowed_hosts => hiera_array('logstash_iptables_rule_data'), - sysadmins => hiera('sysadmins', []), } class { 'openstack_project::logstash': @@ -512,7 +483,6 @@ node /^logstash-worker\d+\.openstack\.org$/ { class { 'openstack_project::server': iptables_public_tcp_ports => [22], - sysadmins => hiera('sysadmins', []), } class { 'openstack_project::logstash_worker': @@ -528,7 +498,6 @@ node /^subunit-worker\d+\.openstack\.org$/ { $group = "subunit-worker" class { 'openstack_project::server': iptables_public_tcp_ports => [22], - sysadmins => hiera('sysadmins', []), } class { 'openstack_project::subunit_worker': subunit2sql_db_host => hiera('subunit2sql_db_host', ''), @@ -544,7 +513,6 @@ node /^elasticsearch0[1-7]\.openstack\.org$/ { class { 'openstack_project::server': iptables_public_tcp_ports => [22], iptables_allowed_hosts => hiera_array('elasticsearch_iptables_rule_data'), - sysadmins => hiera('sysadmins', []), } class { 'openstack_project::elasticsearch_node': discover_nodes => $elasticsearch_nodes, @@ -558,11 +526,8 @@ node /^firehose\d+\.openstack\.org$/ { # connections seem to crash mosquitto. Once this is fixed we should add # them back iptables_public_tcp_ports => [22, 25, 80, 1883, 8883, 443], - sysadmins => hiera('sysadmins', []), - manage_exim => false, } class { 'openstack_project::firehose': - sysadmins => hiera('sysadmins', []), gerrit_ssh_host_key => hiera('gerrit_ssh_rsa_pubkey_contents'), gerrit_public_key => hiera('germqtt_gerrit_ssh_public_key'), gerrit_private_key => hiera('germqtt_gerrit_ssh_private_key'), @@ -582,7 +547,6 @@ node /^firehose\d+\.openstack\.org$/ { node /^git(-fe\d+)?\.openstack\.org$/ { $group = "git-loadbalancer" class { 'openstack_project::git': - sysadmins => hiera('sysadmins', []), balancer_member_names => [ 'git01.openstack.org', 'git02.openstack.org', @@ -614,7 +578,6 @@ node /^git\d+\.openstack\.org$/ { include openstack_project class { 'openstack_project::server': iptables_public_tcp_ports => [4443, 8080, 29418], - sysadmins => hiera('sysadmins', []), } class { 'openstack_project::git_backend': @@ -653,7 +616,6 @@ node /^mirror-update\d*\.openstack\.org$/ { centos_keytab => hiera('centos_keytab'), epel_keytab => hiera('epel_keytab'), yum_puppetlabs_keytab => hiera('yum_puppetlabs_keytab'), - sysadmins => hiera('sysadmins', []), } } @@ -664,7 +626,6 @@ node /^mirror\d*\..*\.openstack\.org$/ { class { 'openstack_project::server': iptables_public_tcp_ports => [22, 80, 8080, 8081, 8082], - sysadmins => hiera('sysadmins', []), afs => true, afs_cache_size => 50000000, # 50GB } @@ -681,7 +642,6 @@ node /^files\d*\.openstack\.org$/ { $group = "files" class { 'openstack_project::server': iptables_public_tcp_ports => [80, 443], - sysadmins => hiera('sysadmins', []), afs => true, afs_cache_size => 10000000, # 10GB } @@ -712,7 +672,6 @@ node /^files\d*\.openstack\.org$/ { node /^refstack\d*\.openstack\.org$/ { class { 'openstack_project::server': iptables_public_tcp_ports => [80, 443], - sysadmins => hiera('sysadmins', []), } class { 'refstack': mysql_host => hiera('refstack_mysql_host', 'localhost'), @@ -741,7 +700,6 @@ node /^refstack\d*\.openstack\.org$/ { node /^storyboard\d*\.openstack\.org$/ { class { 'openstack_project::storyboard': project_config_repo => 'https://git.openstack.org/openstack-infra/project-config', - sysadmins => hiera('sysadmins', []), mysql_host => hiera('storyboard_db_host', 'localhost'), mysql_user => hiera('storyboard_db_user', 'username'), mysql_password => hiera('storyboard_db_password'), @@ -772,7 +730,6 @@ node /^storyboard\d*\.openstack\.org$/ { node /^storyboard-dev\d*\.openstack\.org$/ { class { 'openstack_project::storyboard::dev': project_config_repo => 'https://git.openstack.org/openstack-infra/project-config', - sysadmins => hiera('sysadmins', []), mysql_host => hiera('storyboard_db_host', 'localhost'), mysql_user => hiera('storyboard_db_user', 'username'), mysql_password => hiera('storyboard_db_password'), @@ -799,7 +756,6 @@ node /^storyboard-dev\d*\.openstack\.org$/ { node /^static\d*\.openstack\.org$/ { class { 'openstack_project::server': iptables_public_tcp_ports => [22, 80, 443], - sysadmins => hiera('sysadmins', []), } class { 'openstack_project::static': project_config_repo => 'https://git.openstack.org/openstack-infra/project-config', @@ -837,7 +793,6 @@ node /^zk\d+\.openstack\.org$/ { {protocol => 'tcp', port => '3888', hostname => 'zk02.openstack.org'}, {protocol => 'tcp', port => '3888', hostname => 'zk03.openstack.org'}, ], - sysadmins => hiera('sysadmins', []), } class { '::zookeeper': @@ -861,7 +816,6 @@ node /^status\d*\.openstack\.org$/ { class { 'openstack_project::server': iptables_public_tcp_ports => [22, 80, 443], - sysadmins => hiera('sysadmins', []), } class { 'openstack_project::status': @@ -881,7 +835,6 @@ node /^survey\d+\.openstack\.org$/ { $group = "survey" class { 'openstack_project::server': iptables_public_tcp_ports => [22, 80, 443], - sysadmins => hiera('sysadmins', []), } class { 'openstack_project::survey': @@ -905,7 +858,6 @@ node /^adns\d+\.openstack\.org$/ { $group = 'adns' class { 'openstack_project::server': - sysadmins => hiera('sysadmins', []), iptables_allowed_hosts => [ {protocol => 'tcp', port => '53', hostname => 'ns1.openstack.org'}, {protocol => 'tcp', port => '53', hostname => 'ns2.openstack.org'}, @@ -925,7 +877,6 @@ node /^ns\d+\.openstack\.org$/ { $group = 'ns' class { 'openstack_project::server': - sysadmins => hiera('sysadmins', []), iptables_public_udp_ports => [53], iptables_public_tcp_ports => [53], } @@ -969,7 +920,6 @@ node 'nodepool.openstack.org' { {protocol => 'tcp', port => '2181', hostname => 'nl04.openstack.org'}, {protocol => 'tcp', port => '2181', hostname => 'zuul01.openstack.org'}, ], - sysadmins => hiera('sysadmins', []), iptables_public_tcp_ports => [80], } @@ -1023,7 +973,6 @@ node /^nl\d+\.openstack\.org$/ { $clouds_yaml = template("openstack_project/nodepool/clouds.yaml.erb") class { 'openstack_project::server': - sysadmins => hiera('sysadmins', []), iptables_public_tcp_ports => [80], } @@ -1086,7 +1035,6 @@ node /^nb\d+\.openstack\.org$/ { $clouds_yaml = template("openstack_project/nodepool/clouds.yaml.erb") class { 'openstack_project::server': - sysadmins => hiera('sysadmins', []), iptables_public_tcp_ports => [80, 443], } @@ -1142,7 +1090,6 @@ node /^ze\d+\.openstack\.org$/ { class { 'openstack_project::server': iptables_public_tcp_ports => [79, 7900], - sysadmins => hiera('sysadmins', []), afs => true, } @@ -1257,7 +1204,6 @@ node /^zuul\d+\.openstack\.org$/ { {protocol => 'tcp', port => '4730', hostname => 'zm07.openstack.org'}, {protocol => 'tcp', port => '4730', hostname => 'zm08.openstack.org'}, ], - sysadmins => hiera('sysadmins', []), } class { '::project_config': @@ -1348,7 +1294,6 @@ node /^zm\d+.openstack\.org$/ { class { 'openstack_project::server': iptables_public_tcp_ports => [80], - sysadmins => hiera('sysadmins', []), } # NOTE(pabelanger): We call ::zuul directly, so we can override all in one @@ -1383,7 +1328,6 @@ node /^zm\d+.openstack\.org$/ { # Node-OS: trusty node 'pbx.openstack.org' { class { 'openstack_project::server': - sysadmins => hiera('sysadmins', []), # SIP signaling is either TCP or UDP port 5060. # RTP media (audio/video) uses a range of UDP ports. iptables_public_tcp_ports => [5060], @@ -1408,8 +1352,6 @@ node /^backup\d+\..*\.ci\.openstack\.org$/ { $group = "ci-backup" class { 'openstack_project::server': iptables_public_tcp_ports => [], - manage_exim => false, - purge_apt_sources => false, } include openstack_project::backup_server } @@ -1417,7 +1359,6 @@ node /^backup\d+\..*\.ci\.openstack\.org$/ { # Node-OS: trusty node 'openstackid.org' { class { 'openstack_project::openstackid_prod': - sysadmins => hiera('sysadmins', []), site_admin_password => hiera('openstackid_site_admin_password'), id_mysql_host => hiera('openstackid_id_mysql_host', 'localhost'), id_mysql_password => hiera('openstackid_id_mysql_password'), @@ -1447,7 +1388,6 @@ node 'openstackid.org' { # Node-OS: trusty node 'openstackid-dev.openstack.org' { class { 'openstack_project::openstackid_dev': - sysadmins => hiera('sysadmins', []), site_admin_password => hiera('openstackid_dev_site_admin_password'), id_mysql_host => hiera('openstackid_dev_id_mysql_host', 'localhost'), id_mysql_password => hiera('openstackid_dev_id_mysql_password'), @@ -1484,7 +1424,6 @@ node 'kdc01.openstack.org' { class { 'openstack_project::server': iptables_public_tcp_ports => [88, 464, 749, 754], iptables_public_udp_ports => [88, 464, 749], - sysadmins => hiera('sysadmins', []), } class { 'openstack_project::kdc': } @@ -1495,7 +1434,6 @@ node 'kdc04.openstack.org' { class { 'openstack_project::server': iptables_public_tcp_ports => [88, 464, 749, 754], iptables_public_udp_ports => [88, 464, 749], - sysadmins => hiera('sysadmins', []), } class { 'openstack_project::kdc': @@ -1509,9 +1447,7 @@ node 'afsdb01.openstack.org' { class { 'openstack_project::server': iptables_public_udp_ports => [7000,7002,7003,7004,7005,7006,7007], - sysadmins => hiera('sysadmins', []), afs => true, - manage_exim => true, } include openstack_project::afsdb @@ -1524,9 +1460,7 @@ node /^afsdb.*\.openstack\.org$/ { class { 'openstack_project::server': iptables_public_udp_ports => [7000,7002,7003,7004,7005,7006,7007], - sysadmins => hiera('sysadmins', []), afs => true, - manage_exim => true, } include openstack_project::afsdb @@ -1538,9 +1472,7 @@ node /^afs.*\..*\.openstack\.org$/ { class { 'openstack_project::server': iptables_public_udp_ports => [7000,7002,7003,7004,7005,7006,7007], - sysadmins => hiera('sysadmins', []), afs => true, - manage_exim => true, } include openstack_project::afsfs @@ -1551,7 +1483,6 @@ node 'ask.openstack.org' { class { 'openstack_project::server': iptables_public_tcp_ports => [22, 80, 443], - sysadmins => hiera('sysadmins', []), } class { 'openstack_project::ask': @@ -1568,7 +1499,6 @@ node 'ask.openstack.org' { node 'ask-staging.openstack.org' { class { 'openstack_project::server': iptables_public_tcp_ports => [22, 80, 443], - sysadmins => hiera('sysadmins', []), } class { 'openstack_project::ask_staging': @@ -1583,7 +1513,6 @@ node /^translate\d+\.openstack\.org$/ { $group = "translate" class { 'openstack_project::server': iptables_public_tcp_ports => [80, 443], - sysadmins => hiera('sysadmins', []), } class { 'openstack_project::translate': admin_users => 'aeng,cboylan,eumel8,ianw,ianychoi,infra,jaegerandi,mordred,stevenk', @@ -1612,7 +1541,6 @@ node /^translate\d+\.openstack\.org$/ { node /^translate-dev\d*\.openstack\.org$/ { $group = "translate-dev" class { 'openstack_project::translate_dev': - sysadmins => hiera('sysadmins', []), admin_users => 'aeng,cboylan,eumel,eumel8,ianw,ianychoi,infra,jaegerandi,mordred,stevenk', openid_url => 'https://openstackid-dev.openstack.org', listeners => ['ajp'], @@ -1633,7 +1561,6 @@ node /^codesearch\d*\.openstack\.org$/ { $group = "codesearch" class { 'openstack_project::server': iptables_public_tcp_ports => [80], - sysadmins => hiera('sysadmins', []), } class { 'openstack_project::codesearch': project_config_repo => 'https://git.openstack.org/openstack-infra/project-config', diff --git a/modules/openstack_project/files/80retry b/modules/openstack_project/files/80retry deleted file mode 100644 index 8ebe6de130..0000000000 --- a/modules/openstack_project/files/80retry +++ /dev/null @@ -1 +0,0 @@ -APT::Acquire::Retries "20"; diff --git a/modules/openstack_project/files/90no-translations b/modules/openstack_project/files/90no-translations deleted file mode 100644 index 2318f84efe..0000000000 --- a/modules/openstack_project/files/90no-translations +++ /dev/null @@ -1 +0,0 @@ -Acquire::Languages "none"; diff --git a/modules/openstack_project/files/bash-history.sh b/modules/openstack_project/files/bash-history.sh deleted file mode 100644 index e3f56e6e65..0000000000 --- a/modules/openstack_project/files/bash-history.sh +++ /dev/null @@ -1 +0,0 @@ -export HISTTIMEFORMAT="%Y-%m-%dT%T%z " diff --git a/modules/openstack_project/files/centos7-puppetlabs.repo b/modules/openstack_project/files/centos7-puppetlabs.repo deleted file mode 100644 index 66b4034a46..0000000000 --- a/modules/openstack_project/files/centos7-puppetlabs.repo +++ /dev/null @@ -1,6 +0,0 @@ -[puppetlabs-products] -name=Puppet Labs Products El 7 - $basearch -baseurl=http://yum.puppetlabs.com/el/7/products/$basearch -gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppetlabs -enabled=1 -gpgcheck=1 diff --git a/modules/openstack_project/files/debian_limits.conf b/modules/openstack_project/files/debian_limits.conf deleted file mode 100644 index 860c08b8d8..0000000000 --- a/modules/openstack_project/files/debian_limits.conf +++ /dev/null @@ -1,4 +0,0 @@ -# Original 1024 -* soft nofile 4096 -# Original 4096 -* hard nofile 8192 diff --git a/modules/openstack_project/files/rsyslog.d_50-default.conf b/modules/openstack_project/files/rsyslog.d_50-default.conf deleted file mode 100644 index 35e348ab1b..0000000000 --- a/modules/openstack_project/files/rsyslog.d_50-default.conf +++ /dev/null @@ -1,69 +0,0 @@ -# Default rules for rsyslog. -# -# For more information see rsyslog.conf(5) and /etc/rsyslog.conf - -# -# First some standard log files. Log by facility. -# -auth,authpriv.* /var/log/auth.log -*.*;auth,authpriv.none -/var/log/syslog -#cron.* /var/log/cron.log -#daemon.* -/var/log/daemon.log -kern.* -/var/log/kern.log -#lpr.* -/var/log/lpr.log -mail.* -/var/log/mail.log -#user.* -/var/log/user.log - -# -# Logging for the mail system. Split it up so that -# it is easy to write scripts to parse these files. -# -#mail.info -/var/log/mail.info -#mail.warn -/var/log/mail.warn -mail.err /var/log/mail.err - -# -# Logging for INN news system. -# -news.crit /var/log/news/news.crit -news.err /var/log/news/news.err -news.notice -/var/log/news/news.notice - -# -# Some "catch-all" log files. -# -#*.=debug;\ -# auth,authpriv.none;\ -# news.none;mail.none -/var/log/debug -#*.=info;*.=notice;*.=warn;\ -# auth,authpriv.none;\ -# cron,daemon.none;\ -# mail,news.none -/var/log/messages - -# -# Emergencies are sent to everybody logged in. -# -*.emerg :omusrmsg:* - -# -# I like to have messages displayed on the console, but only on a virtual -# console I usually leave idle. -# -#daemon,mail.*;\ -# news.=crit;news.=err;news.=notice;\ -# *.=debug;*.=info;\ -# *.=notice;*.=warn /dev/tty8 - -# The named pipe /dev/xconsole is for the `xconsole' utility. To use it, -# you must invoke `xconsole' with the `-file' option: -# -# $ xconsole -file /dev/xconsole [...] -# -# NOTE: adjust the list below, or you'll go crazy if you have a reasonably -# busy site.. -# -# Commenting out since we don't install xconsoles on headless servers. -#daemon.*;mail.*;\ -# news.err;\ -# *.=debug;*.=info;\ -# *.=notice;*.=warn |/dev/xconsole diff --git a/modules/openstack_project/files/sources.list.trusty.amd64 b/modules/openstack_project/files/sources.list.trusty.amd64 deleted file mode 100644 index 14964e38a1..0000000000 --- a/modules/openstack_project/files/sources.list.trusty.amd64 +++ /dev/null @@ -1,13 +0,0 @@ -# This file is kept updated by puppet, adapted from -# http://ubuntuguide.org/wiki/Ubuntu_Trusty_Packages_and_Repositories - -deb http://us.archive.ubuntu.com/ubuntu trusty main restricted -deb http://us.archive.ubuntu.com/ubuntu trusty-updates main restricted -deb http://us.archive.ubuntu.com/ubuntu trusty universe -deb http://us.archive.ubuntu.com/ubuntu trusty-updates universe -deb http://us.archive.ubuntu.com/ubuntu trusty multiverse -deb http://us.archive.ubuntu.com/ubuntu trusty-updates multiverse -deb http://us.archive.ubuntu.com/ubuntu trusty-backports main restricted universe multiverse -deb http://security.ubuntu.com/ubuntu trusty-security main restricted -deb http://security.ubuntu.com/ubuntu trusty-security universe -deb http://security.ubuntu.com/ubuntu trusty-security multiverse diff --git a/modules/openstack_project/files/sources.list.xenial.aarch64 b/modules/openstack_project/files/sources.list.xenial.aarch64 deleted file mode 100644 index 3c089f33f6..0000000000 --- a/modules/openstack_project/files/sources.list.xenial.aarch64 +++ /dev/null @@ -1,35 +0,0 @@ -# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to -# newer versions of the distribution. - -deb http://ports.ubuntu.com/ubuntu-ports/ xenial main restricted multiverse -deb-src http://ports.ubuntu.com/ubuntu-ports/ xenial main restricted multiverse - -## Major bug fix updates produced after the final release of the -## distribution. -deb http://ports.ubuntu.com/ubuntu-ports/ xenial-updates main restricted multiverse -deb-src http://ports.ubuntu.com/ubuntu-ports/ xenial-updates main restricted multiverse - -## Uncomment the following two lines to add software from the 'universe' -## repository. -## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu -## team. Also, please note that software in universe WILL NOT receive any -## review or updates from the Ubuntu security team. -deb http://ports.ubuntu.com/ubuntu-ports/ xenial universe -deb-src http://ports.ubuntu.com/ubuntu-ports/ xenial universe -deb http://ports.ubuntu.com/ubuntu-ports/ xenial-updates universe -deb-src http://ports.ubuntu.com/ubuntu-ports/ xenial-updates universe - -## N.B. software from this repository may not have been tested as -## extensively as that contained in the main release, although it includes -## newer versions of some applications which may provide useful features. -## Also, please note that software in backports WILL NOT receive any review -## or updates from the Ubuntu security team. -# deb http://ports.ubuntu.com/ubuntu-ports/ xenial-backports main restricted -# deb-src http://ports.ubuntu.com/ubuntu-ports/ xenial-backports main restricted - -deb http://ports.ubuntu.com/ubuntu-ports/ xenial-security main restricted multiverse -deb-src http://ports.ubuntu.com/ubuntu-ports/ xenial-security main restricted multiverse -deb http://ports.ubuntu.com/ubuntu-ports/ xenial-security universe -deb-src http://ports.ubuntu.com/ubuntu-ports/ xenial-security universe -# deb http://ports.ubuntu.com/ubuntu-ports/ xenial-security multiverse -# deb-src http://ports.ubuntu.com/ubuntu-ports/ xenial-security multiverse \ No newline at end of file diff --git a/modules/openstack_project/files/sources.list.xenial.amd64 b/modules/openstack_project/files/sources.list.xenial.amd64 deleted file mode 100644 index 0ffcc4358f..0000000000 --- a/modules/openstack_project/files/sources.list.xenial.amd64 +++ /dev/null @@ -1,13 +0,0 @@ -# This file is kept updated by puppet, adapted from -# https://help.ubuntu.com/lts/serverguide/configuration.html - -deb http://us.archive.ubuntu.com/ubuntu xenial main restricted -deb http://us.archive.ubuntu.com/ubuntu xenial-updates main restricted -deb http://us.archive.ubuntu.com/ubuntu xenial universe -deb http://us.archive.ubuntu.com/ubuntu xenial-updates universe -deb http://us.archive.ubuntu.com/ubuntu xenial multiverse -deb http://us.archive.ubuntu.com/ubuntu xenial-updates multiverse -deb http://us.archive.ubuntu.com/ubuntu xenial-backports main restricted universe multiverse -deb http://security.ubuntu.com/ubuntu xenial-security main restricted -deb http://security.ubuntu.com/ubuntu xenial-security universe -deb http://security.ubuntu.com/ubuntu xenial-security multiverse diff --git a/modules/openstack_project/files/yum/yum-cron.conf b/modules/openstack_project/files/yum/yum-cron.conf deleted file mode 100644 index bd1ec68583..0000000000 --- a/modules/openstack_project/files/yum/yum-cron.conf +++ /dev/null @@ -1,81 +0,0 @@ -[commands] -# What kind of update to use: -# default = yum upgrade -# security = yum --security upgrade -# security-severity:Critical = yum --sec-severity=Critical upgrade -# minimal = yum --bugfix update-minimal -# minimal-security = yum --security update-minimal -# minimal-security-severity:Critical = --sec-severity=Critical update-minimal -update_cmd = default - -# Whether a message should be emitted when updates are available, -# were downloaded, or applied. -update_messages = yes - -# Whether updates should be downloaded when they are available. -download_updates = yes - -# Whether updates should be applied when they are available. Note -# that download_updates must also be yes for the update to be applied. -apply_updates = yes - -# Maximum amout of time to randomly sleep, in minutes. The program -# will sleep for a random amount of time between 0 and random_sleep -# minutes before running. This is useful for e.g. staggering the -# times that multiple systems will access update servers. If -# random_sleep is 0 or negative, the program will run immediately. -# 6*60 = 360 -random_sleep = 360 - - -[emitters] -# Name to use for this system in messages that are emitted. If -# system_name is None, the hostname will be used. -system_name = None - -# How to send messages. Valid options are stdio and email. If -# emit_via includes stdio, messages will be sent to stdout; this is useful -# to have cron send the messages. If emit_via includes email, this -# program will send email itself according to the configured options. -# If emit_via is None or left blank, no messages will be sent. -emit_via = stdio - -# The width, in characters, that messages that are emitted should be -# formatted to. -output_width = 80 - - -[email] -# The address to send email messages from. -# NOTE: 'localhost' will be replaced with the value of system_name. -email_from = root@localhost - -# List of addresses to send messages to. -email_to = root - -# Name of the host to connect to to send email messages. -email_host = localhost - - -[groups] -# NOTE: This only works when group_command != objects, which is now the default -# List of groups to update -group_list = None - -# The types of group packages to install -group_package_types = mandatory, default - -[base] -# This section overrides yum.conf - -# Use this to filter Yum core messages -# -4: critical -# -3: critical+errors -# -2: critical+errors+warnings (default) -debuglevel = -2 - -# skip_broken = True -mdpolicy = group:main - -# Uncomment to auto-import new gpg keys (dangerous) -# assumeyes = True diff --git a/modules/openstack_project/manifests/ask.pp b/modules/openstack_project/manifests/ask.pp index 92da8ad08b..34953a88ed 100644 --- a/modules/openstack_project/manifests/ask.pp +++ b/modules/openstack_project/manifests/ask.pp @@ -17,10 +17,6 @@ class openstack_project::ask ( $askbot_revision = '87086ebcefc5be29e80d3228e465e6bec4523fcf' ) { - realize ( - User::Virtual::Localuser['mkiss'], - ) - file { '/srv/dist': ensure => directory, owner => 'root', diff --git a/modules/openstack_project/manifests/ask_staging.pp b/modules/openstack_project/manifests/ask_staging.pp index ba7c55c1c5..389ab7e229 100644 --- a/modules/openstack_project/manifests/ask_staging.pp +++ b/modules/openstack_project/manifests/ask_staging.pp @@ -13,10 +13,6 @@ class openstack_project::ask_staging ( $solr_version = '4.10.4' ) { - realize ( - User::Virtual::Localuser['mkiss'], - ) - file { '/srv/dist': ensure => directory, owner => 'root', diff --git a/modules/openstack_project/manifests/cacti.pp b/modules/openstack_project/manifests/cacti.pp index ce1bc058fa..336e454ca5 100644 --- a/modules/openstack_project/manifests/cacti.pp +++ b/modules/openstack_project/manifests/cacti.pp @@ -1,6 +1,5 @@ # Class to configure cacti on a node. class openstack_project::cacti ( - $sysadmins = [], $cacti_hosts = [], $vhost_name = '', ) { @@ -11,7 +10,6 @@ class openstack_project::cacti ( class { 'openstack_project::server': iptables_public_tcp_ports => [80, 443], - sysadmins => $sysadmins, } class { '::apache': diff --git a/modules/openstack_project/manifests/firehose.pp b/modules/openstack_project/manifests/firehose.pp index 534afa27c9..a9a5b4a74e 100644 --- a/modules/openstack_project/manifests/firehose.pp +++ b/modules/openstack_project/manifests/firehose.pp @@ -15,7 +15,6 @@ # firehose glue class. # class openstack_project::firehose ( - $sysadmins = [], $gerrit_username = 'germqtt', $gerrit_public_key, $gerrit_private_key, @@ -69,36 +68,6 @@ class openstack_project::firehose ( ensure => running, } - class {'::exim': - sysadmins => $sysadmins, - local_domains => "@:firehose.openstack.org", - default_localuser_router => false, - routers => [ - {'cyrus' => { - 'driver' => 'accept', - 'domains' => '+local_domains', - 'local_part_suffix' => '+*', - 'local_part_suffix_optional' => true, - 'transport' => 'cyrus', - }}, - {'localuser' => { - 'driver' => 'accept', - 'check_local_user' => true, - 'transport' => 'local_delivery', - 'cannot_route_message' => 'Unknown user', - }} - ], - transports => [ - {'cyrus' => { - 'driver' => 'lmtp', - 'socket' => '/var/run/cyrus/socket/lmtp', - 'user' => 'cyrus', - 'batch_max' => '35', - }} - ], - require => Package['cyrus-imapd'], - } - include lpmqtt class {'lpmqtt::server': mqtt_username => $mqtt_username, diff --git a/modules/openstack_project/manifests/git.pp b/modules/openstack_project/manifests/git.pp index e1d2db52ea..0b9fb1fcd8 100644 --- a/modules/openstack_project/manifests/git.pp +++ b/modules/openstack_project/manifests/git.pp @@ -16,14 +16,12 @@ # # == Class: openstack_project::git class openstack_project::git ( - $sysadmins = [], $balancer_member_names = [], $balancer_member_ips = [], $selinux_mode = 'enforcing' ) { class { 'openstack_project::server': iptables_public_tcp_ports => [80, 443, 9418], - sysadmins => $sysadmins, } if ($::osfamily == 'RedHat') { @@ -148,6 +146,13 @@ class openstack_project::git ( notify => Service['rsyslog'], } + # TODO(mordred) We should get this haproxy stuff ported to ansible ASAP. + # Ansible is the one installing rsyslog. + service { 'rsyslog': + ensure => running, + enable => true, + hasrestart => true, + } # haproxy statsd diff --git a/modules/openstack_project/manifests/groups.pp b/modules/openstack_project/manifests/groups.pp index 5c49a46bad..818a28d949 100644 --- a/modules/openstack_project/manifests/groups.pp +++ b/modules/openstack_project/manifests/groups.pp @@ -28,10 +28,6 @@ class openstack_project::groups ( $site_ssl_chain_file = '/etc/ssl/certs/groups.openstack.org_ca.pem', ) { - realize ( - User::Virtual::Localuser['mkiss'], - ) - vcsrepo { '/srv/groups-static-pages': ensure => latest, provider => git, diff --git a/modules/openstack_project/manifests/groups_dev.pp b/modules/openstack_project/manifests/groups_dev.pp index 0f6d3ef9a3..e1029e0598 100644 --- a/modules/openstack_project/manifests/groups_dev.pp +++ b/modules/openstack_project/manifests/groups_dev.pp @@ -25,10 +25,6 @@ class openstack_project::groups_dev ( $site_ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key', ) { - realize ( - User::Virtual::Localuser['mkiss'], - ) - # include drupal vcsrepo { '/srv/groups-static-pages': diff --git a/modules/openstack_project/manifests/infracloud/baremetal.pp b/modules/openstack_project/manifests/infracloud/baremetal.pp index fb74a8d5b8..7df7b5e7ba 100644 --- a/modules/openstack_project/manifests/infracloud/baremetal.pp +++ b/modules/openstack_project/manifests/infracloud/baremetal.pp @@ -35,8 +35,4 @@ class openstack_project::infracloud::baremetal ( ipv4_subnet_mask => $ipv4_subnet_mask, } - realize ( - User::Virtual::Localuser['colleen'], - ) - } diff --git a/modules/openstack_project/manifests/infracloud/controller.pp b/modules/openstack_project/manifests/infracloud/controller.pp index 63ec8a6aae..ce0c6e301d 100644 --- a/modules/openstack_project/manifests/infracloud/controller.pp +++ b/modules/openstack_project/manifests/infracloud/controller.pp @@ -50,9 +50,4 @@ class openstack_project::infracloud::controller ( neutron_subnet_allocation_pools => $neutron_subnet_allocation_pools, mysql_max_connections => $mysql_max_connections, } - - realize ( - User::Virtual::Localuser['colleen'], - ) - } diff --git a/modules/openstack_project/manifests/kata_lists.pp b/modules/openstack_project/manifests/kata_lists.pp index 39c5f022e0..3bacfba99f 100644 --- a/modules/openstack_project/manifests/kata_lists.pp +++ b/modules/openstack_project/manifests/kata_lists.pp @@ -1,28 +1,13 @@ # == Class: openstack_project::kata_lists # class openstack_project::kata_lists( - $listadmins, $listpassword = '' ) { - $listdomain = 'lists.katacontainers.io' - - class { 'exim': - sysadmins => $listadmins, - queue_interval => '1m', - queue_run_max => '50', - mailman_domains => [$listdomain], - smtp_accept_max => '100', - smtp_accept_max_per_host => '10', - } class { 'mailman': - vhost_name => $listdomain, + vhost_name => 'lists.katacontainers.io' } - realize ( - User::Virtual::Localuser['jbryce'], - ) - Maillist { provider => 'noaliasmailman', } diff --git a/modules/openstack_project/manifests/lists.pp b/modules/openstack_project/manifests/lists.pp index d54aded97f..27edee2bae 100644 --- a/modules/openstack_project/manifests/lists.pp +++ b/modules/openstack_project/manifests/lists.pp @@ -1,113 +1,13 @@ # == Class: openstack_project::lists # class openstack_project::lists( - $listadmins, $listpassword = '' ) { - $mm_domains='lists.openstack.org:lists.zuul-ci.org:lists.airshipit.org:lists.starlingx.io' - class { 'mailman': multihost => true, } - class { 'exim': - sysadmins => $listadmins, - queue_interval => '1m', - queue_run_max => '50', - smtp_accept_max => '100', - smtp_accept_max_per_host => '10', - extra_aliases => { - 'ambassadors-owner' => 'spam', - 'community-owner' => 'spam', - 'foundation-board-confidential-owner' => 'spam', - 'foundation-board-owner' => 'spam', - 'foundation-owner' => 'spam', - 'legal-discuss-owner' => 'spam', - 'mailman-owner' => 'spam', - 'marketing-owner' => 'spam', - 'openstack-announce-owner' => 'spam', - 'openstack-dev-owner' => 'spam', - 'openstack-docs-owner' => 'spam', - 'openstack-fr-owner' => 'spam', - 'openstack-i18n-owner' => 'spam', - 'openstack-infra-owner' => 'spam', - 'openstack-operators-owner' => 'spam', - 'openstack-owner' => 'spam', - 'openstack-qa-owner' => 'spam', - 'openstack-security-owner' => 'spam', - 'openstack-tc-owner' => 'spam', - 'openstack-vi-owner' => 'spam', - 'product-wg-owner' => 'spam', - 'superuser-owner' => 'spam', - 'user-committee-owner' => 'spam', - 'women-of-openstack-owner' => 'spam', - 'spam' => ':fail: delivery temporarily disabled due to ongoing spam flood', - }, - local_domains => "@:$mm_domains", - routers => [ - {'mailman_verp_router' => { - 'driver' => 'dnslookup', - # we only consider messages sent in through loopback - 'condition' => '${if or{{eq{$sender_host_address}{127.0.0.1}}\ - {eq{$sender_host_address}{::1}}}{yes}{no}}', - # we do not do this for traffic going to the local machine - 'domains' => '!+local_domains', - 'ignore_target_hosts' => '<; 0.0.0.0; \ - 64.94.110.11; \ - 127.0.0.0/8; \ - ::1/128;fe80::/10;fe \ - c0::/10;ff00::/8', - # only the un-VERPed bounce addresses are handled - 'senders' => '"*-bounces@*"', - 'transport' => 'mailman_verp_smtp', - } - }, - {'mailman_router' => { - 'driver' => 'accept', - 'domains' => "$mm_domains", - 'require_files' => '${lookup{${lc::$domain}}lsearch{/etc/mailman/sites}}/lists/${lc::$local_part}/config.pck', - 'local_part_suffix_optional' => true, - 'local_part_suffix' => '-admin : \ - -bounces : -bounces+* : \ - -confirm : -confirm+* : \ - -join : -leave : \ - -owner : -request : \ - -subscribe : -unsubscribe', - 'transport' => 'mailman_transport', - } - }, - ], - transports => [ - {'mailman_transport' => { - 'driver' => 'pipe', - 'environment' => 'MAILMAN_SITE_DIR=${lookup{${lc:$domain}}lsearch{/etc/mailman/sites}}', - 'command' => '/var/lib/mailman/mail/mailman \ - \'${if def:local_part_suffix \ - {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \ - {post}}\' \ - $local_part', - 'current_directory' => '/var/lib/mailman', - 'home_directory' => '/var/lib/mailman', - 'user' => 'list', - 'group' => 'list', - } - }, - {'mailman_verp_smtp' => { - 'driver' => 'smtp', - 'return_path' => '${local_part:$return_path}+$local_part=$domain@${domain:$return_path}', - 'max_rcpt' => '1', - 'headers_remove' => 'Errors-To', - 'headers_add' => 'Errors-To: ${return_path}', - } - }, - ] - } - - realize ( - User::Virtual::Localuser['smaffulli'], - ) - # Disable inactive admins user::virtual::disable { 'oubiwann': } user::virtual::disable { 'rockstar': } diff --git a/modules/openstack_project/manifests/mirror_update.pp b/modules/openstack_project/manifests/mirror_update.pp index 55aae49a84..5642e68ebc 100644 --- a/modules/openstack_project/manifests/mirror_update.pp +++ b/modules/openstack_project/manifests/mirror_update.pp @@ -1,7 +1,6 @@ # == Class: openstack_project::mirror_update # class openstack_project::mirror_update ( - $sysadmins = [], $bandersnatch_keytab = '', $reprepro_keytab = '', $admin_keytab = '', @@ -16,7 +15,6 @@ class openstack_project::mirror_update ( include ::openstack_project::reprepro_mirror class { 'openstack_project::server': - sysadmins => $sysadmins, afs => true, } diff --git a/modules/openstack_project/manifests/openstackid_dev.pp b/modules/openstack_project/manifests/openstackid_dev.pp index d65a8b5013..5ecaffc563 100644 --- a/modules/openstack_project/manifests/openstackid_dev.pp +++ b/modules/openstack_project/manifests/openstackid_dev.pp @@ -15,7 +15,6 @@ # openstackid idp(sso-openid) dev server # class openstack_project::openstackid_dev ( - $sysadmins = [], $site_admin_password = '', $id_mysql_host = '', $id_mysql_user = '', @@ -62,14 +61,8 @@ class openstack_project::openstackid_dev ( $session_cookie_secure = false, ) { - realize ( - User::Virtual::Localuser['smarcet'], - User::Virtual::Localuser['mkiss'], - ) - class { 'openstack_project::server': iptables_public_tcp_ports => [80, 443], - sysadmins => $sysadmins, } class { 'openstackid': diff --git a/modules/openstack_project/manifests/openstackid_prod.pp b/modules/openstack_project/manifests/openstackid_prod.pp index c79d77422b..6734ccd374 100644 --- a/modules/openstack_project/manifests/openstackid_prod.pp +++ b/modules/openstack_project/manifests/openstackid_prod.pp @@ -15,7 +15,6 @@ # openstackid idp(sso-openid) server # class openstack_project::openstackid_prod ( - $sysadmins = [], $site_admin_password = '', $id_mysql_host = '', $id_mysql_user = '', @@ -63,14 +62,8 @@ class openstack_project::openstackid_prod ( $session_cookie_secure = false, ) { - realize ( - User::Virtual::Localuser['smarcet'], - User::Virtual::Localuser['maxwell'], - ) - class { 'openstack_project::server': iptables_public_tcp_ports => [80, 443], - sysadmins => $sysadmins, } class { 'openstackid': diff --git a/modules/openstack_project/manifests/params.pp b/modules/openstack_project/manifests/params.pp deleted file mode 100644 index b460d475a1..0000000000 --- a/modules/openstack_project/manifests/params.pp +++ /dev/null @@ -1,39 +0,0 @@ -# Class: openstack_project::params -# -# This class holds parameters that need to be -# accessed by other classes. -class openstack_project::params { - $cross_platform_packages = [ - 'at', - 'git', - 'lvm2', - 'parted', - 'rsync', - 'strace', - 'tcpdump', - 'wget', - ] - case $::osfamily { - 'RedHat': { - $packages = concat($cross_platform_packages, ['iputils', 'bind-utils']) - $user_packages = ['emacs-nox', 'vim-enhanced'] - $login_defs = 'puppet:///modules/openstack_project/login.defs.redhat' - } - 'Debian': { - $packages = concat($cross_platform_packages, ['iputils-ping', 'dnsutils']) - case $::operatingsystemrelease { - /^(12|14)\.(04|10)$/: { - $user_packages = ['emacs23-nox', 'vim-nox', 'iftop', - 'sysstat', 'iotop'] - } - default: { - $user_packages = ['emacs-nox', 'vim-nox'] - } - } - $login_defs = 'puppet:///modules/openstack_project/login.defs.debian' - } - default: { - fail("Unsupported osfamily: ${::osfamily} The 'openstack_project' module only supports osfamily Debian or RedHat (slaves only).") - } - } -} diff --git a/modules/openstack_project/manifests/pbx.pp b/modules/openstack_project/manifests/pbx.pp index 8a5c5c2a29..f9a220646e 100644 --- a/modules/openstack_project/manifests/pbx.pp +++ b/modules/openstack_project/manifests/pbx.pp @@ -18,9 +18,6 @@ class openstack_project::pbx ( $sip_providers = [], ) { - realize ( - User::Virtual::Localuser['rbryant'], - ) class { 'asterisk': modules_conf_source => 'puppet:///modules/openstack_project/pbx/asterisk/modules.conf', diff --git a/modules/openstack_project/manifests/planet.pp b/modules/openstack_project/manifests/planet.pp index cb7446368c..65e1c5ee7b 100644 --- a/modules/openstack_project/manifests/planet.pp +++ b/modules/openstack_project/manifests/planet.pp @@ -1,11 +1,9 @@ # == Class: openstack_project::planet # class openstack_project::planet ( - $sysadmins = [] ) { class { 'openstack_project::server': iptables_public_tcp_ports => [80], - sysadmins => $sysadmins, } include ::planet diff --git a/modules/openstack_project/manifests/review_dev.pp b/modules/openstack_project/manifests/review_dev.pp index 6239bdcb2c..32c9b39f23 100644 --- a/modules/openstack_project/manifests/review_dev.pp +++ b/modules/openstack_project/manifests/review_dev.pp @@ -43,10 +43,6 @@ class openstack_project::review_dev ( } } - realize ( - User::Virtual::Localuser['zaro'], - ) - class { 'project_config': url => $project_config_repo, base => 'dev/', diff --git a/modules/openstack_project/manifests/server.pp b/modules/openstack_project/manifests/server.pp index 64f6de6e7b..1bf65a20aa 100644 --- a/modules/openstack_project/manifests/server.pp +++ b/modules/openstack_project/manifests/server.pp @@ -7,116 +7,21 @@ class openstack_project::server ( $iptables_rules4 = [], $iptables_rules6 = [], $iptables_allowed_hosts = [], - $sysadmins = [], - $extra_aliases = {}, $pin_puppet = '3.', $ca_server = undef, $enable_unbound = true, $afs = false, $afs_cache_size = 500000, - $manage_exim = true, $pypi_index_url = 'https://pypi.python.org/simple', - $purge_apt_sources = true, ) { - include sudoers - include openstack_project::params - include openstack_project::users - - class { 'openstack_project::users_install': - install_users => true, - } class { 'timezone': timezone => 'Etc/UTC', } - package { 'rsyslog': - ensure => present, - } - - service { 'rsyslog': - ensure => running, - enable => true, - hasrestart => true, - require => Package['rsyslog'], - } - - # Increase syslog message size in order to capture - # python tracebacks with syslog. - file { '/etc/rsyslog.d/99-maxsize.conf': - ensure => present, - # Note MaxMessageSize is not a puppet variable. - content => '$MaxMessageSize 6k', - owner => 'root', - group => 'root', - mode => '0644', - notify => Service['rsyslog'], - require => Package['rsyslog'], - } - - if $::osfamily == 'Debian' { - file { '/etc/security/limits.d/60-nofile-limit.conf': - owner => 'root', - group => 'root', - mode => '0644', - source => 'puppet:///modules/openstack_project/debian_limits.conf', - replace => true, - } - - file { '/etc/apt/apt.conf.d/80retry': - owner => 'root', - group => 'root', - mode => '0444', - source => 'puppet:///modules/openstack_project/80retry', - replace => true, - } - - file { '/etc/apt/apt.conf.d/90no-translations': - owner => 'root', - group => 'root', - mode => '0444', - source => 'puppet:///modules/openstack_project/90no-translations', - replace => true, - } - - # Custom rsyslog config to disable /dev/xconsole noise on Debuntu servers - file { '/etc/rsyslog.d/50-default.conf': - ensure => present, - owner => 'root', - group => 'root', - mode => '0644', - source => - 'puppet:///modules/openstack_project/rsyslog.d_50-default.conf', - replace => true, - notify => Service['rsyslog'], - require => Package['rsyslog'], - } - - # Purge and augment existing /etc/apt/sources.list if requested, and make - # sure apt-get update is run before any packages are installed - class { '::apt': - purge => { 'sources.list' => $purge_apt_sources } - } - if $purge_apt_sources == true { - file { '/etc/apt/sources.list.d/openstack-infra.list': - ensure => present, - group => 'root', - mode => '0444', - owner => 'root', - source => "puppet:///modules/openstack_project/sources.list.${::lsbdistcodename}.${::architecture}", - } - exec { 'update-apt': - command => 'apt-get update', - refreshonly => true, - path => '/bin:/usr/bin', - subscribe => File['/etc/apt/sources.list.d/openstack-infra.list'], - } - Exec['update-apt'] -> Package <| |> - } - } - - package { $::openstack_project::params::packages: - ensure => present + # Include ::apt while we work on the puppet->ansible transition + if ($::osfamily == 'Debian') { + include ::apt } ########################################################### @@ -124,45 +29,6 @@ class openstack_project::server ( include '::ntp' - if ($::osfamily == "RedHat") { - # Utils in ntp-perl are included in Debian's ntp package; we - # add it here for consistency. See also - # https://tickets.puppetlabs.com/browse/MODULES-3660 - package { 'ntp-perl': - ensure => present - } - # NOTE(pabelanger): We need to ensure ntpdate service starts on boot for - # centos-7. Currently, ntpd explicitly require ntpdate to be running before - # the sync process can happen in ntpd. As a result, if ntpdate is not - # running, ntpd will start but fail to sync because of DNS is not properly - # setup. - package { 'ntpdate': - ensure => present, - } - service { 'ntpdate': - enable => true, - require => Package['ntpdate'], - } - package { 'yum-cron': - ensure => present, - } - file { '/etc/yum/yum-cron.conf': - ensure => present, - owner => root, - group => root, - mode => '0644', - source => 'puppet:///modules/openstack_project/yum/yum-cron.conf', - replace => true, - require => Package['yum-cron'], - notify => Service['yum-cron'], - } - service { 'yum-cron': - enable => true, - ensure => running, - require => Package['yum-cron'], - } - } - ########################################################### # Manage Root ssh @@ -171,24 +37,6 @@ class openstack_project::server ( trusted_ssh_source => '23.253.245.198,2001:4800:7818:101:3c21:a454:23ed:4072,23.253.234.219,2001:4800:7817:103:be76:4eff:fe04:5a1d', } - if ! defined(File['/root/.ssh']) { - file { '/root/.ssh': - ensure => directory, - mode => '0700', - } - } - - ssh_authorized_key { 'puppet-remote-2014-09-15': - ensure => present, - user => 'root', - type => 'ssh-rsa', - key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDSLlN41ftgxkNeUi/kATYPwMPjJdMaSbgokSb9PSkRPZE7GeNai60BCfhu+ky8h5eMe70Bpwb7mQ7GAtHGXPNU1SRBPhMuVN9EYrQbt5KSiwuiTXtQHsWyYrSKtB+XGbl2PhpMQ/TPVtFoL5usxu/MYaakVkCEbt5IbPYNg88/NKPixicJuhi0qsd+l1X1zoc1+Fn87PlwMoIgfLIktwaL8hw9mzqr+pPcDIjCFQQWnjqJVEObOcMstBT20XwKj/ymiH+6p123nnlIHilACJzXhmIZIZO+EGkNF7KyXpcBSfv9efPI+VCE2TOv/scJFdEHtDFkl2kdUBYPC0wQ92rp', - options => [ - 'from="23.253.245.198,2001:4800:7818:101:3c21:a454:23ed:4072,23.253.234.219,2001:4800:7817:103:be76:4eff:fe04:5a1d,localhost"', - ], - require => File['/root/.ssh'], - } - ########################################################### # Process if ( $high_level_directive ) blocks @@ -198,13 +46,6 @@ class openstack_project::server ( } } - if $manage_exim { - class { 'exim': - sysadmins => $sysadmins, - extra_aliases => $extra_aliases, - } - } - if $afs { class { 'openafs::client': cell => 'openstack.org', @@ -244,117 +85,4 @@ class openstack_project::server ( allowed_hosts => $iptables_allowed_hosts, } - # We don't like byobu - file { '/etc/profile.d/Z98-byobu.sh': - ensure => absent, - } - - # Setup RFC3339 bash history timestamps - file { '/etc/profile.d/bash-history.sh': - ensure => present, - owner => 'root', - group => 'root', - mode => '0644', - source => 'puppet:///modules/openstack_project/bash-history.sh', - } - - if $::osfamily == 'Debian' { - # Ubuntu installs their whoopsie package by default, but it eats through - # memory and we don't need it on servers - package { 'whoopsie': - ensure => absent, - } - - package { 'popularity-contest': - ensure => absent, - } - } - - ########################################################### - # Manage python/pip - - $desired_virtualenv = '15.1.0' - class { '::pip': - index_url => $pypi_index_url, - optional_settings => { - 'extra-index-url' => '', - }, - manage_pip_conf => true, - } - - if (( versioncmp($::virtualenv_version, $desired_virtualenv) < 0 )) { - $virtualenv_ensure = $desired_virtualenv - } else { - $virtualenv_ensure = present - } - package { 'virtualenv': - ensure => $virtualenv_ensure, - provider => openstack_pip, - require => Class['pip'], - } - - ########################################################### - # Turn off puppet service - - service { 'puppet': - ensure => stopped, - enable => false, - } - - if $::osfamily == 'Debian' { - file { '/etc/default/puppet': - ensure => present, - owner => 'root', - group => 'root', - mode => '0444', - source => 'puppet:///modules/openstack_project/puppet.default', - replace => true, - } - } - - ########################################################### - # Set up puppet repos - - if ($::osfamily == 'Debian') { - # NOTE(pabelanger): Puppetlabs only support Ubuntu Trusty and below, - # anything greater will use the OS version of puppet. - if ($::operatingsystemrelease < '15.04') { - include ::apt - apt::source { 'puppetlabs': - location => 'http://apt.puppetlabs.com', - repos => 'main', - key => { - 'id' =>'47B320EB4C7C375AA9DAE1A01054B7A24BD6EC30', - 'server' => 'pgp.mit.edu', - }, - } - } - } - - if ($::operatingsystem == 'CentOS') { - file { '/etc/yum.repos.d/puppetlabs.repo': - ensure => present, - owner => 'root', - group => 'root', - mode => '0444', - source => 'puppet:///modules/openstack_project/centos7-puppetlabs.repo', - replace => true, - } - } - - # Disable cloud-init - file { '/etc/cloud': - ensure => directory, - } - file { '/etc/cloud/cloud-init.disabled': - ensure => file, - require => File['/etc/cloud'], - } - - if ($::lsbdistcodename == 'xenial' and $::architecture == 'aarch64') { - # Make sure we install the HWE kernel for arm64; it's 4.13 v 4.3 - # and works much better on linaro cloud - ensure_packages(['linux-generic-hwe-16.04']) - } - } diff --git a/modules/openstack_project/manifests/storyboard.pp b/modules/openstack_project/manifests/storyboard.pp index 702a417d5b..2a33cf55a9 100644 --- a/modules/openstack_project/manifests/storyboard.pp +++ b/modules/openstack_project/manifests/storyboard.pp @@ -6,7 +6,6 @@ class openstack_project::storyboard( $mysql_user = '', $rabbitmq_user = 'storyboard', $rabbitmq_password, - $sysadmins = [], $superusers = 'puppet:///modules/openstack_project/storyboard/superusers.yaml', $ssl_cert = undef, @@ -28,47 +27,9 @@ class openstack_project::storyboard( } class { 'openstack_project::server': - sysadmins => $sysadmins, iptables_public_tcp_ports => [80, 443], - manage_exim => false, } - class { '::exim': - sysadmins => $sysadmins, - routers => [ - {'storyboard_verp_router' => { - 'driver' => 'dnslookup', - # we only consider messages sent in through loopback - 'condition' => '${if or{{eq{$sender_host_address}{127.0.0.1}}\ - {eq{$sender_host_address}{::1}}}{yes}{no}}', - # we do not do this for traffic going to the local machine - 'domains' => '!+local_domains', - 'ignore_target_hosts' => '<; 0.0.0.0; 64.94.110.11; 127.0.0.0/8; \ - ::1/128;fe80::/10;fec0::/10;ff00::/8', - # only the un-VERPed bounce addresses are handled - 'senders' => '"*-bounces@*"', - 'transport' => 'storyboard_verp_smtp', - }}, - # Send bounces to /dev/null until storyboard supports them. - {'storyboard' => { - 'driver' => 'redirect', - 'local_parts' => 'storyboard', - 'local_part_suffix_optional' => true, - 'local_part_suffix' => '-bounces : -bounces+*', - 'data' => ':blackhole:', - }} - ], - transports => [ - {'storyboard_verp_smtp' => { - 'driver' => 'smtp', - 'return_path' => '${local_part:$return_path}+$local_part\ - =$domain@${domain:$return_path}', - 'max_rcpt' => '1', - 'headers_remove' => 'Errors-To', - 'headers_add' => 'Errors-To: ${return_path}', - }} - ], - } mysql_backup::backup_remote { 'storyboard': database_host => $mysql_host, diff --git a/modules/openstack_project/manifests/storyboard/dev.pp b/modules/openstack_project/manifests/storyboard/dev.pp index b616f2493d..59a52474cd 100644 --- a/modules/openstack_project/manifests/storyboard/dev.pp +++ b/modules/openstack_project/manifests/storyboard/dev.pp @@ -6,7 +6,6 @@ class openstack_project::storyboard::dev( $mysql_user = '', $rabbitmq_user = 'storyboard', $rabbitmq_password, - $sysadmins = [], $ssl_cert_file_contents = undef, $ssl_key_file_contents = undef, $ssl_chain_file_contents = undef, @@ -21,7 +20,6 @@ class openstack_project::storyboard::dev( class { 'openstack_project::storyboard': project_config_repo => $project_config_repo, - sysadmins => $sysadmins, superusers => 'puppet:///modules/openstack_project/storyboard/dev_superusers.yaml', mysql_host => $mysql_host, @@ -39,11 +37,4 @@ class openstack_project::storyboard::dev( default_url => $default_url, } - realize ( - User::Virtual::Localuser['SotK'], - User::Virtual::Localuser['Zara'], - User::Virtual::Localuser['diablo_rojo'], - ) - - } diff --git a/modules/openstack_project/manifests/summit.pp b/modules/openstack_project/manifests/summit.pp index 6fab20f542..97b0393186 100644 --- a/modules/openstack_project/manifests/summit.pp +++ b/modules/openstack_project/manifests/summit.pp @@ -1,14 +1,8 @@ class openstack_project::summit ( - $sysadmins = [] ) { class { 'openstack_project::server': iptables_public_tcp_ports => [22, 80], - sysadmins => $sysadmins } - - realize ( - User::Virtual::Localuser['ttx'], - ) } # vim:sw=2:ts=2:expandtab:textwidth=79 diff --git a/modules/openstack_project/manifests/translate_dev.pp b/modules/openstack_project/manifests/translate_dev.pp index 410aa8e5e6..d2adf98f3d 100644 --- a/modules/openstack_project/manifests/translate_dev.pp +++ b/modules/openstack_project/manifests/translate_dev.pp @@ -20,7 +20,6 @@ class openstack_project::translate_dev( $mysql_user = 'zanata', $mysql_password, $admin_users = '', - $sysadmins = [], $zanata_server_user = '', $zanata_server_api_key = '', $project_config_repo = '', @@ -37,7 +36,6 @@ class openstack_project::translate_dev( ) { class { 'openstack_project::server': - sysadmins => $sysadmins, iptables_public_tcp_ports => [80, 443], } diff --git a/modules/openstack_project/manifests/users.pp b/modules/openstack_project/manifests/users.pp deleted file mode 100644 index f4bee60f0a..0000000000 --- a/modules/openstack_project/manifests/users.pp +++ /dev/null @@ -1,280 +0,0 @@ -# == Class: openstack_project::users -# -class openstack_project::users { - # Make sure we have our UID/GID account minimums for dynamic users set higher - # than we'll use for static assignments, so as to avoid future conflicts. - include ::openstack_project::params - file { '/etc/login.defs': - ensure => present, - group => 'root', - mode => '0644', - owner => 'root', - source => $::openstack_project::params::login_defs, - } - User::Virtual::Localuser { - require => File['/etc/login.defs'] - } - - @user::virtual::localuser { 'mordred': - realname => 'Monty Taylor', - sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDLsTZJ8hXTmzjKxYh/7V07mIy8xl2HL+9BaUlt6A6TMsL3LSvaVQNSgmXX5g0XfPWSCKmkZb1O28q49jQI2n7n7+sHkxn0dJDxj1N2oNrzNY7pDuPrdtCijczLFdievygXNhXNkQ2WIqHXDquN/jfLLJ9L0jxtxtsUMbiL2xxZEZcaf/K5MqyPhscpqiVNE1MjE4xgPbIbv8gCKtPpYIIrktOMb4JbV7rhOp5DcSP5gXtLhOF5fbBpZ+szqrTVUcBX0oTYr3iRfOje9WPsTZIk9vBfBtF416mCNxMSRc7KhSW727AnUu85hS0xiP0MRAf69KemG1OE1pW+LtDIAEYp', - key_id => 'mordred@camelot', - uid => 2000, - gid => 2000, - } - - @user::virtual::localuser { 'corvus': - realname => 'James E. Blair', - sshkeys => 'AAAAB3NzaC1yc2EAAAABIwAAAQEAvKYcWK1T7e3PKSFiqb03EYktnoxVASpPoq2rJw2JvhsP0JfS+lKrPzpUQv7L4JCuQMsPNtZ8LnwVEft39k58Kh8XMebSfaqPYAZS5zCNvQUQIhP9myOevBZf4CDeG+gmssqRFcWEwIllfDuIzKBQGVbomR+Y5QuW0HczIbkoOYI6iyf2jB6xg+bmzR2HViofNrSa62CYmHS6dO04Z95J27w6jGWpEOTBjEQvnb9sdBc4EzaBVmxCpa2EilB1u0th7/DvuH0yP4T+X8G8UjW1gZCTOVw06fqlBCST4KjdWw1F/AuOCT7048klbf4H+mCTaEcPzzu3Fkv8ckMWtS/Z9Q==', - key_id => 'jeblair@operational-necessity', - uid => 2001, - gid => 2001, - } - - @user::virtual::localuser { 'smaffulli': - realname => 'Stefano Maffulli', - sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDD/zAvXaOUXCAT6/B4sCMu/38d/PyOIg/tYsYFAMgfDUzuZwkjZWNGrTpp/HFrOAZISER5KmOg48DKPvm91AeZOHfAXHCP6x9/FcogP9rmc48ym1B5XyIc78QVQjgN6JMSlEZsl0GWzFhQsPDjXundflY07TZfSC1IhpG9UgzamEVFcRjmNztnBuvq2uYVGpdI+ghmqFw9kfvSXJvUbj/F7Pco5XyJBx2e+gofe+X/UNee75xgoU/FyE2a6dSSc4uP4oUBvxDNU3gIsUKrSCmV8NuVQvMB8C9gXYR+JqtcvUSS9DdUAA8StP65woVsvuU+lqb+HVAe71JotDfOBd6f', - key_id => 'stefano@mattone-E6420', - uid => 2002, - gid => 2002, - } - - # NOTE(pabelanger): Inactive user - @user::virtual::localuser { 'oubiwann': - realname => 'Duncan McGreggor', - sshkeys => '', - key_id => 'oubiwann@rhosgobel', - uid => 2003, - gid => 2003, - } - - # NOTE(pabelanger): Inactive user - @user::virtual::localuser { 'rockstar': - realname => 'Paul Hummer', - sshkeys => '', - key_id => 'rockstar@spackrace.local', - uid => 2004, - gid => 2004, - } - - @user::virtual::localuser { 'clarkb': - realname => 'Clark Boylan', - sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQCnfoVhOTkrY7uoebL8PoHXb0Fg4jJqGCbwkxUdNUdheIdbnfyjuRG3iL8WZnzf7nzWnD+IGo6kkAo8BkNMK9L0P0Y+5IjI8NH49KU22tQ1umij4EIf5tzLh4gsqkJmy6QLrlbf10m6UF4rLFQhKzOd4b2H2K6KbP00CIymvbW3BwvNDODM4xRE2uao387qfvXZBUkB0PpRD+7fWPoN58gpFUm407Eba3WwX5PCD+1DD+RVBsG8maIDXerQ7lvFLoSuyMswv1TfkvCj0ZFhSFbfTd2ZysCu6eryFfeixR7NY9SNcp9YTqG6LrxGA7Ci6wz+hycFHXlDrlBgfFJDe5At', - key_id => 'clark@work', - old_keys => [ - 'boylandcl@boylancl1', - ], - uid => 2005, - gid => 2005, - } - - @user::virtual::localuser { 'rlane': - realname => 'Ryan Lane', - sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQCdtI7H+fsgSrjrdG8aGVcrN0GFW3XqLVsLG4n7JW4qH2W//hqgdL7A7cNVQNPoB9I1jAqvnO2Ct6wrVSh84QU89Uufw412M3qNSNeiGgv2c2KdxP2XBrnsLYAaJRbgOWJX7nty1jpO0xwF503ky2W3OMUsCXMAbYmYNSod6gAdzf5Xgo/3+eXRh7NbV1eKPrzwWoMOYh9T0Mvmokon/GXV5PiAA2bIaQvCy4BH/BzWiQwRM7KtiEt5lHahY172aEu+dcWxciuxHqkYqlKhbU+x1fwZJ+MpXSj5KBU+L0yf3iKySob7g6DZDST/Ylcm4MMjpOy8/9Cc6Xgpx77E/Pvd', - key_id => 'laner@Free-Public-Wifi.local', - uid => 2006, - gid => 2006, - } - - @user::virtual::localuser { 'fungi': - realname => 'Jeremy Stanley', - sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQD3KnRBTH5QPpKjf4RWu4akzYt2gwp796cMkFl5vu8e7G/cHuh4979FeNJXMVP6F3rvZB+yXDHLCU5LBVLq0K+1GbAZT/hH38hpMOIvniwKIquvI6C/drkVPHO6YmVlapw/NI530PGnT/TAqCOycHBO5eF1bYsaqV1yZqvs9v7UZc6J4LukoLZwpmyWZ5P3ltAiiy8+FGq3SLCKWDMmv/Bjz4zTsaNbSWThJi0BydINjC1/0ze5Tyc/XgW1sDuxmmXJxgQp4EvLpronqb2hT60iA52kj8lrmoCIryRpgnbaRA7BrxKF8zIr0ZALHijxEUeWHhFJDIVRGUf0Ef0nrmBv', - key_id => 'fungi-openstack-2015', - old_keys => [ - 'fungi-openstack-2012', - 'fungi-openstack-2013', - 'fungi-openstack-2014', - ], - uid => 2007, - gid => 2007, - } - - @user::virtual::localuser { 'ttx': - realname => 'Thierry Carrez', - sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAACAQDCGpMtSehQNZL0/EJ7VUbklJygsxvii2Qi4HPSUFcLJUWAx4VltsmPkmx43D9ITwnRPRMPNtZrOvhY7v0myVlFuRnyTYAqZwigf5gxrktb+4PwCWb+2XobziUVnfJlbOTjneWSTYoZ+OjTaWd5AcVbUvgYAP2qbddycc5ACswpPDo5VrS6fQfCwE4z3BqLFNeOnqxbECHwHeFYIR6Kd6mnKAzDNZxZIkviWg9eIwwuFf5V5bUPiVkeFHVL3EJlCoYs2Em4bvYZBtrV7kUseN85X/+5Uail4uYBEcB3GLL32e6HeD1Qk4xIxLTI2bFPGUp0Oq7iPgrQQe4zCBsGi7Dx+JVy+U0JqLLAN94UPCn2fhsX7PdKfTPcxFPFKeX/PRutkb7qxdbS2ubCdOEhc6WN7OkQmbdK8lk6ms4v4dFc0ooMepWELqKC6thICsVdizpuij0+h8c4SRD3gtwGDPxrkJcodPoAimVVlW1p+RpMxsCFrK473TzgeNPVeAdSZVpqZ865VOwFqoFQB6WpmCDZQPFlkS2VDe9R54ePDHWKYLvVW6yvQqWTx3KrIrS1twSoydj+gADgBYsZaW5MNkWYHAWotEX67j6fMZ6ZSTS5yaTeLywB2Ykh0kjo4jpTFk5JNL7DINkfmCEZMLw60da29iN4QzAJr9cP1bwjf/QDqw==', - key_id => 'ttx@mercury', - uid => 2008, - gid => 2008, - } - - @user::virtual::localuser { 'rbryant': - realname => 'Russell Bryant', - sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDZVikFz5KoRg3gKdiSa3PQ0i2bN5+bUyc4lMMg6P+jEStVddwN+nAgpa3zJaokmNAOp+MjcGa7K1Zi4b9Fe2ufusTzSKdNVlRDiw0R4Lk0LwTIfkhLywKvgcAz8hkqWPUIgTMU4xIizh50KTL9Ttsu9ULop8t7urTpPE4TthHX4nz1Y9NwYLU0W8cWhzgRonBbqtGs/Lif0NC+TdWGkVyTaP3x1A48s0SMPcZKln1hDv7KbKdknG4XyS4jlr4qI+R+har7m2ED/PH93PSXi5QnT4U6laWRg03HTxpPKWq077u/tPW9wcbkgpBcYMmDKTo/NDPtoN+r/jkbdW7zKJHx', - key_id => 'russel@russelbryant.net', - uid => 2009, - gid => 2009, - } - - @user::virtual::localuser { 'pabelanger': - realname => 'Paul Belanger', - sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAACAQCuP0CZE8AYnbm8gxecCxKeRw0wHRyryd+FKmNNsdr0d3UvfCbqNzLigrqEBZsKpofi3M4qCWNpKRyfhnjPynLTQjP1vnX9AbL9UGoiHxScfvh3skntTYMs9ezJRd0rMJJZO76FPo8bJLDlwxAQl8m/nuj3HfYiO5hYE7P+a3rhsJh4nEfBb7xh+Q5yM0PWObkkBl6IRiBYjlcsXNZHgTA5kNuihUk5bHqAw54sHh05DhpgOITpTw4LFbh4Ew2NKq49dEb2xbTuAyAr2DHNOGgIwKEZpwtKZEIGEuiLbb4DQRsfivrvyOjnK2NFjQzGyNOHfsOldWHRQwUKUs8nrxKdXvqcrfMnSVaibeYK2TRL+6jd9kc5SIhWI3XLm7HbX7uXMD7/JQrkL25Rcs6nndDCH72DJLz+ynA/T5umMbNBQ9tybL5z73IOpfShRGjQYego22CxDOy7e/5OEMHNoksbFb1S02viM9O2puS7LDqqfT9JIbbPqCrbRi/zOXo0f4EXo6xKUAmd8qlV+6f/p57/qFihzQDaRFVlFEH3k7qwsw7PYGUTwkPaThe6xyZN6D5jqxCZU3aSYu+FGb0oYo+M5IxOm0Cb4NNsvvkRPxWtwSayfFGu6+m/+/RyA3GBcAMev7AuyKN+K2vGMsLagHOx4i+5ZAcUwGzLeXAENNum3w==', - key_id => 'pabelanger@redhat.com', - uid => 2010, - gid => 2010, - } - - @user::virtual::localuser { 'mkiss': - realname => 'Marton Kiss', - sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQCb5qdaiKaRqBRgLW8Df+zD3C4a+gO/GFZYEDEd5nvk+LDGPuzi6s639DLqdfx6yvJ1sxxNUOOYhE/T7raDeS8m8fjk0hdVzARXraYDbckt6AELl7B16ZM4aEzjAPoSByizmfwIVkO1zP6kghyumV1kr5Nqx0hTd5/thIzgwdaGBY4I+5iqcWncuLyBCs34oTh/S+QFzjmMgoT86PrdLSsBIINx/4rb2Br2Sb6pRHmzbU+3evnytdlDFwDUPfdzoCaQEdXtjISC0xBdmnjEvHJYgmSkWMZGgRgomrA06Al9M9+2PR7x+burLVVsZf9keRoC7RYLAcryRbGMExC17skL', - key_id => 'marton.kiss@gmail.com', - uid => 2011, - gid => 2011, - } - - @user::virtual::localuser { 'smarcet': - realname => 'Sebastian Marcet', - sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDP5ce0Ywtbgi3LGMZWA5Zlv/EQ07F/gWnZOMN6TRfiCiiBNyf8ARtKgmYSINS8W537HJYBt3qTfa5xkZmpBrtE6x8OTfR5y1L+x/PrLTUkQhVDY19EixD9wDIrQIIjo2ZVq+zErXBRQuGmJ3Hl+OGw+wtvGS8f768kMnwhKUgyITjWV2tKr/q88J8mBOep48XUcRhidDWsOjgIDJQeY2lbsx1bbZ7necrJS17PHqxhUbWntyR/VKKbBbrNmf2bhtTRUSYoJuqabyGDTZ0J25A88Qt2IKELy6jsVTxHj9Y5D8oH57uB7GaNsNiU+CaOcVfwOenES9mcWOr1t5zNOdrp', - key_id => 'smarcet@gmail.com', - uid => 2012, - gid => 2012, - } - - @user::virtual::localuser { 'zaro': - realname => 'Khai Do', - sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDJqB//ilMx7Y1tKzviAn/6yeXSRAi2VnaGN0/bfaa5Gciz+SWt8vAEAUE99fzuqeJ/ezjkuIXDFm/sjZr93y567a6sDT6CuhVUac1FZIhXRTs0J+pBOiENbwQ7RZxbkyNHQ0ndvtz3kBA1DF5D+MDkluBlIWb085Z31rFJmetsB2Zb8s1FKUjHVk/skyeKSj0qAK5KN3Wme6peWhYjwBiM0gUlxIsEZM6JLYdoPIbD5B8GYAktMN2FvJU9LgKGL93jLZ/vnMtoQIHHAG/85NdPURL1Zbi92Xlxbm4LkbcHnruBdmtPfSgaEupwJ+zFmK264OHD7QFt10ztPMbAFCFn', - key_id => 'khaido@khaido-HP-EliteBook-Folio-9470m', - uid => 2013, - gid => 2013, - } - - @user::virtual::localuser { 'slukjanov': - realname => 'Sergey Lukjanov', - sshkeys => '', - uid => 2014, - gid => 2014, - } - - @user::virtual::localuser { 'elizabeth': - realname => 'Elizabeth K. Joseph', - sshkeys => '', - uid => 2015, - gid => 2015, - } - - @user::virtual::localuser { 'jhesketh': - realname => 'Joshua Hesketh', - sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAACAQC3onVLOZiiGpQWTCIV0QwHmc3Jvqyl7UaJxIu7D49OQcLHqVZsozI9pSiCdTnWyAaM+E+5wD9yVcSTqMWqn2AZmZSwQ+Fh6KnCgPZ/o63+iCZPGL0RNk20M1iNh5dvdStDnn+j2fpeV/JONF0tBn07QvNL2eF4BwtbTG9Zhl186QNsXjXDghrSO3Etl6DSfcUhxyvMoA2LnclWWD5hLmiRhcBm+PIxveVsr4B+o0k1HV5SUOvJMWtbEC37AH5I818O4fNOob6CnOFaCsbA9oUDzB5rqxutPZb9SmNJpNoLqYqDgyppM0yeql0Kn97tUt7H4j5xHrWoGnJ4IXfuDc0AMmmy4fpcLGkNf7zcBftKS6iz/3AlOXjlp5WZvKxngJj9HIir2SE/qV4Lxw9936BzvAcQyw5+bEsLQJwi+LPZxEqLC6oklkX9dg/+1yBFHsz6mulA0b4Eq7VF9omRzrhhN4iPpU5KQYPRNz7yRYckXDxYnp2lz6yHgSYh2/lqMc+UqmCL9EAWcDw3jsgvJ6kH/YUVUojiRHD9QLqlhOusu1wrTfojjwF05mqkXKmH+LH8f8AJAlMdYg0c2WLlrcxnwCkLLxzU5cYmKcZ41LuLtQR3ik+EKjYzBXXyCEzFm6qQEbR2akpXyxvONgrf7pijrgNOi0GeatUt0bUQcAONYw==', - key_id => 'jhesketh@infra', - uid => 2016, - gid => 2016, - } - - @user::virtual::localuser { 'nibz': - realname => 'Spencer Krum', - sshkeys => '', - uid => 2017, - gid => 2017, - } - - @user::virtual::localuser { 'yolanda': - realname => 'Yolanda Robla', - sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDSR2NmJC8PSanHUpKJuaMmohG80COO2IPkE3Mxhr7US8P1B3p1c6lOrT6M1txRzBY8FlbxfOinGtutP+ADCB2taXfpO8UiaG9eOqojAT/PeP2Y2ov72rVMSWupLozUv2uAR5yyFVFHOjKPYGAa01aJtfzfJujSak8dM0ifFeFwgp/8RBGEfC7atq+45TdrfAURRcEgcOLiF5Aq6fprCOwpllnrH6VoId9YS7u/5xF2/zBjr9PuOP7jEgCaL/+FNqu7jgj87aG5jiZPlweb7GTLJON9H6eFpyfpoJE0sZ1yR9Q+e9FAqQIA44Zi748qKBlFKbLxzoC4mc0SbNUAleEL', - key_id => 'yolanda@infra', - uid => 2018, - gid => 2018, - } - - @user::virtual::localuser { 'rcarrillocruz': - realname => 'Ricardo Carrillo Cruz', - sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAACAQCz1CW5E87v8o7O8B5fe7j1uaPCToRdaBukjH2HzQZ+DSGTIPjirLpp5ZXPuyNnmtRMzwld6mlHYlevVEwuZTNyQwS7ut5o0LjyW6yoEcvPq0xMEZLxaso5dZAtzNgf3FzbtaUYBnkhSwX7c24lf8wPGAl7TC3yO0dePQh2lXVdaBiGB9ybVeQr+kwJIxleUE4puuQ+ONJE2D+hHjoQ/huUMpb996pb/YzkjkAxqHguMid0c1taelyW8n17nEDoWvlV9Qqbo8cerhgURo1OBt2zENLjQQ0kOkPxJx4qx3652e0kbkr11y50r9BMs418mnJdWselMxkSqQNZ+XotoH5Dwn+3K2a6Wv4OX3Dqb9SF/JTD7lA/tIkNfxgsRlzfEQ01rK1+g7Je10EnDCLEzHpFjvZ5q4EEMcYqY+osLFpHAOWGLMx+3eY4pz/xEzRP/x3sjGU09uNOZ3oCWUfSkE4xebnnWtxwWZKyFmv3GHtaqJn2UvpAbODPEYyYcOS3XV3zd233W3C09YYnFUyZbGLXpD05Yet5fZfGTnveMRn5/9LZai+dBPwoMWUJdX4yPnGXgOG8zk0u1nWfcNJfYg+xajSUDiMKjDhlkuFK/GXNYuINe42s1TxzL7pJ4X4UhqLiopeJvPg/U5xdCV5pxVKf1MVenrGe2pfwf1Yr2WMv5w==', - key_id => 'rcarrillocruz@infra', - uid => 2019, - gid => 2019, - } - - @user::virtual::localuser { 'krotscheck': - realname => 'Michael Krotscheck', - sshkeys => '', - uid => 2020, - gid => 2020, - } - - @user::virtual::localuser { 'colleen': - realname => 'Colleen Murphy', - sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAACAQDcHzySqYlH1TfAPx5PaVzqkuMbI3zksJ5E2aZBlsIN7wNSoyO0Dts6HegHZIgi5NGT05wRBAUMCNZwupqFoWDg41JBKzPKITkqvEe/FnNmJFxt591ltXigZZ+ZLoX8B12nww/eeA5nx9PT4hIsLQG50MxEm0iC4ApusaAXMXa7+gTDkzf6yyl4QwinyFFTYtyJwFw5XfQXXRQwL8Qv6mVGrhDz3Fj4VWawByQuxRHgt5G3Ux/PnZzatJ3tuSK66o1uXrvuOiGdUtDCuAFUx+kgcmUTpCC6vgMZdDbrfyw0CGxkmAUNfeEMOw0TWbdioJ2FwH5+4BEvMgiFgsCTjIwDqqyFV9eK8sd0mbJ+I82EyOXPlFPKGan6Ie6LD1qotdUW9vT3pfpR/44s/Id2un3FBnVg7GZkGJshikGO1UqjmZfhEpQ6Q+auLir+mBv2X/ril6qJ2NuQpwMRVzZmriPMxdJDs6xhzg2fGEYRvEvh0kzsqNf4OgKbSWiVOB3WALM30Cx3YdmnB6JonRGA+6CqD+LO4HQMbD7LBVcYzEIS1WtP8aPx/NiybemrF0LWmIgl34A0Tpcc+5MLzzUtgUt6lYFyWxltCP43u1N7ODH+FsFALzo6CO9DjyMxEd6Ay61hyx8Btfhn8NH/wEdCQj1WAMHU+d2ljk5ndAfp8c6LRQ==', - key_id => 'krinkle@gir', - uid => 2021, - gid => 2021, - } - - @user::virtual::localuser { 'Zara': - realname => 'Zara Zaimeche', - sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQCt9wQvGgQIvLvifm7n5g+2sjgjGCQLt03D0v5Fb5xEMufJncIDkwBNDzGvsASwHGjP9YEAA8+f8Ya+Yc9EaDgqQl9r9YEO9CoEC6O1Euk41nQJYYRnzkgmMaxTSlUKNur8XSmzoElLut6ivlLW71fZmSKHAcg9O4lgd9weDDjCcWLD1C9WmRVdtEnw6NQJd5Mn/llHqdbmMlf3I5VL8QvzPndxZEyESdSBz0ywLO5ygtUxtPaCxaanHSTz1yNooT9t2vwDnfc1LB9oT4CaEnVG+FugCPGFnn204eJ2BVEQ945ZsabgFndyvfmEwxlzAeA6+YjQYrukMijb1Owxh1fv', - key_id => 'zara.zaimeche@codethink.co.uk', - uid => 2022, - gid => 2022, - } - - @user::virtual::localuser { 'SotK': - realname => 'Adam Coldrick', - sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQCaE7gafwJQHQ9E2vlcjx8ufcGpyTdQdaBal/ZRt3aPbKXNqsDH4jOWvSXZxE0NlOGo+rWBSu0DxdyM7O5BwYxC79BaFq9JMPn1Q/p1WplOeLENX7jd6lsrLIo2x1MQ134+MliO5FNXmSF2m2il4GCQuiUdGORs/caF1mMPTDeQmf9rRS2fYW0dZ3wZgRzzehtg9LmeW8+DoU+dAeKj4igPcsDsvALmya1JB0XP1UNEG9XMdrYJCoj3K/ALQvJIVB0qwNDYdJ59erVZTvYGe5v6GMUHjIKkmaXJjJyT22hcmnRPk5yIktMrGwkiHGr4Pu0T+lyopSqLEm8HJWp6hc53', - key_id => 'adam@wrackside', - old_keys => [ - 'adam.coldrick@codethink.co.uk', - 'adam@arreliam', - ], - uid => 2023, - gid => 2023, - } - - @user::virtual::localuser { 'maxwell': - realname => 'JP Maxwell', - sshkeys => 'AAAAB3NzaC1yc2EAAAABIwAAAQEA2b5I7Yff9FCrtRmSjpILUePi54Vbc8zqJTbzrIAQZGFLBi3xd2MLlhV5QVgpDBC9H3lGjbdnc81D3aFd3HwHT4dvvvyedT12PR3VDEpftdW84vw3jzdtALcayOQznjbGnScwvX5SgnRhNxuX9Rkh8qNvOsjYPUafRr9azkQoomJFkdNVI4Vb5DbLhTpt18FPeOf0UuqDt/J2tHI4SjZ3kjzr7Nbwpg8xGgANPNE0+2pJbwCA8YDt4g3bzfzvVafQs5o9Gfc9tudkR9ugQG1M+EWCgu42CleOwMTd/rYEB2fgNNPsZAWqwQfdPajVuk70EBKUEQSyoA09eEZX+xJN9Q==', - key_id => 'jpmaxman@tipit.net', - uid => 2024, - gid => 2024, - } - - @user::virtual::localuser { 'ianw': - realname => 'Ian Wienand', - key_type => 'ssh-ed25519', - sshkeys => 'AAAAC3NzaC1lZDI1NTE5AAAAILOjz+dkwRWTJcW9Gt3iGHSzRBsvVlTAK6G2oH3+0D41', - key_id => 'iwienand+osinfra@redhat.com', - uid => 2025, - gid => 2025, - } - - @user::virtual::localuser { 'shrews': - realname => 'David Shrewsbury', - sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQCtNtbgLw0dyRVnuwZz4oUcWTzEUtpO2V47t4ykijdH1hkEe7qkuusM5bD8pC4L3wDZP5U3lsIAvZ97LCQp+MNJz1j8cjXuAboqP5FC3TtCJR1WtCWmOBSO7sIvcsgwse/9KZN/TETOGA9no1oKS43Adi9bXrRFAKDAAM34IVt/UHNS51vxUhuGv+56yJmaki7CjxrGtXcB4hi+TCQAfKJPzhAMwcFQUyvXJkRei6NN6uYyHnVtLR3KXEkeTesZ2GQxmQ+1jmCMN1zUN2VLypmDqAvlKtuQW+3nY89q4HDwzCpuC1rscJgOuncdMahTMoKA3/dQtT4WuJIwLQa3tEEn', - key_id => 'shrews2018', - old_keys => [ - 'david@koala', - ], - uid => 2026, - gid => 2026, - } - - @user::virtual::localuser { 'jbryce': - realname => 'Jonathan Bryce', - sshkeys => 'AAAAB3NzaC1yc2EAAAABIwAAAQEApFGM9q1gfiawBX5EnCQGxx2T1hwPDxrX2M64MfqcoBRpdrWRjxWm6Vhczfl+Ar2EQtGsuIm1QQiyiPL4zsJSQOfYXB0TqOQaAuFamSzZSNEm8coSa93E3zfXR9uln1lgCGutaWwH/KmGcSeAuuQCipKmKxc8QSAepGNP4Jx2L/EnXQh850xTQEIviJkJpA9oTRzXu12T7vzxsUCw041Q/KX16UvvGpt9IAoMAWFlQrMPzPFmqbUOIr7pRvv8TKcK9BNFS8S8jjT+wN0y/LY7cbTblgDfwSAl1P/naME5ugRVD5MZKixIE1F+x/j+M8+fpZ/EyR/6jSA3DYjEXOk2zQ==', - key_id => 'jbryce@jbryce-mbp-3.local', - uid => 2027, - gid => 2027, - } - - @user::virtual::localuser { 'dmsimard': - realname => 'David Moreau-Simard', - sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAACAQDDyXfFj44OTsJZnHbecbYrwA8zXuMiULb+o326maOh3wh5/6fk+MzivkUzJC2uZqAlKvBnNXsrb/07eV1gRjaIQBQJxaV9HQUwMNX7AkjkDzaMXVDjG/JOium90R23gVGMukzp9IamezUscAqAxVK+2C10k3tq8dZ/GeZfHl3NFGRHlIAXsJ/SIQoxJAEA0IQ/8Y50nR1Hp2mV2xsfxH9oZhLR/eiFdhJpNupdfw/oE9+vpCHS8SG88KGeLYbn+EhH6LSCD+6WNthF6oE7NANnScqn1Fl0ZpSd3RlRb+kDVKGqNxfB7EJTeimYvqaYmrTiTZTaTJua5Bj5yBTudqnBgdHCz3xMb2Nv2s2INNcJmP/CKpivYQ8AJs6cVlqRWnLJiNQQYCj+xAXBvY5T0Xq/qOhVifLiWZvZQOTHFWqFP9asZkrGa1mFWIaR9VPQY0FoYlUOT9t6J6TRbzktJIuP5AiOVoJLL6wjZuUMjghHfkYbqtyBqE4BbCY8YF3JSf8jx+9eWy+sD+dRwKXBCrGV0dNidioZR7ZJpBb6ye8wElebjPZizKhppsNpwtRxPfiAM52f55lXGD7IDpz9CZrOKUcV2uc3Rhl50u7T3psZfX7GysZvlnAH+Yr+UM+LPBAabXAfKlMnJp+SskLuOplTeQrvAwMluBmFnla8TnwnxQ==', - key_id => 'dmsimard@hostname', - uid => 2028, - gid => 2028, - } - - @user::virtual::localuser { 'frickler': - realname => 'Jens Harbott', - key_type => 'ssh-ed25519', - sshkeys => 'AAAAC3NzaC1lZDI1NTE5AAAAIGmc5fbzMptjAb5D86zSH13ZYCbf3QuV1jk9hL0r1qHw', - key_id => 'frickler@os-infra-2017', - uid => 2029, - gid => 2029, - } - - @user::virtual::localuser { 'diablo_rojo': - realname => 'Kendall Nelson', - sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQCx96P1BVbRALeCz8jktUtT9qWzeXbG5yQrwQZ6n3NWsqEueCHp9DaVPDQLWIFAyvL0PKtlSOktClsUYuGfxB+dBuAFFMsx1Apk78EID4wvdXfEUDxZOsKX7zE9teJSxPEMppHAJIcnPu7dMFzZWxh+sA+fR8ZddPRunxtztGayNdYsCqDGIc9GqemjOqXDIFMIXgJLxNaHGSR56UcDHwgqmXXANkpTKsLW+U+VdNofHKpRhbXNS07jPFAAe1rBmoU/TRitzQFz7WYA4ml54ZiB7Q1O7RIyJWVBihHVrxSZbjn2a46CVeLo5Xw7loWF32wY/hA98hmpBNiF8tGSI6mh', - key_id => 'kennelson11@gmail.com', - uid => 2030, - gid => 2030, - } -} diff --git a/modules/openstack_project/manifests/users_install.pp b/modules/openstack_project/manifests/users_install.pp deleted file mode 100644 index bbb8324238..0000000000 --- a/modules/openstack_project/manifests/users_install.pp +++ /dev/null @@ -1,66 +0,0 @@ -# Class: openstack_project::users_install -# -# This class handles adding and removing openstack admin users -# from the servers. -# -# Parameters: -# install_users - Boolean to set install or removal of O.O -# admins. Defaults to 'false', can be set in hiera. -# -# Requires: -# openstack_project::users - must contain the users designated. -# -# Sample Usage: -# include openstack_project::users_install -# class { 'openstack_project::users_install': -# install_users => true, -# } - -class openstack_project::users_install ( - $install_users = false, -) { - - include ::openstack_project::users - - ## TODO: this should be it's own manifest. - if ( $install_users == true ) { - package { $::openstack_project::params::user_packages: - ensure => present - } - ## NOTE: This list is arranged in order of chronological precedence, - ## additions should be appended to the end. - realize ( - User::Virtual::Localuser['mordred'], - User::Virtual::Localuser['corvus'], - User::Virtual::Localuser['clarkb'], - User::Virtual::Localuser['fungi'], - User::Virtual::Localuser['jhesketh'], - User::Virtual::Localuser['yolanda'], - User::Virtual::Localuser['pabelanger'], - User::Virtual::Localuser['rcarrillocruz'], - User::Virtual::Localuser['ianw'], - User::Virtual::Localuser['shrews'], - User::Virtual::Localuser['dmsimard'], - User::Virtual::Localuser['frickler'], - ) - user::virtual::disable{'slukjanov':} - user::virtual::disable{'elizabeth':} - user::virtual::disable{'nibz':} - } else { - user::virtual::disable{'mordred':} - user::virtual::disable{'corvus':} - user::virtual::disable{'clarkb':} - user::virtual::disable{'fungi':} - user::virtual::disable{'slukjanov':} - user::virtual::disable{'elizabeth':} - user::virtual::disable{'jhesketh':} - user::virtual::disable{'nibz':} - user::virtual::disable{'yolanda':} - user::virtual::disable{'pabelanger':} - user::virtual::disable{'rcarrillocruz':} - user::virtual::disable{'ianw':} - user::virtual::disable{'shrews':} - user::virtual::disable{'dmsimard':} - user::virtual::disable{'frickler':} - } -} diff --git a/modules/openstack_project/manifests/wiki.pp b/modules/openstack_project/manifests/wiki.pp index cd03538284..702b985faa 100644 --- a/modules/openstack_project/manifests/wiki.pp +++ b/modules/openstack_project/manifests/wiki.pp @@ -2,7 +2,6 @@ # class openstack_project::wiki ( $site_hostname, - $sysadmins = [], $bup_user = undef, $serveradmin = undef, $ssl_cert_file_contents = undef, @@ -26,15 +25,8 @@ class openstack_project::wiki ( class { 'openstack_project::server': iptables_public_tcp_ports => [80, 443], - sysadmins => $sysadmins, } - realize ( - User::Virtual::Localuser['rlane'], - User::Virtual::Localuser['mkiss'], - User::Virtual::Localuser['maxwell'], - ) - class { 'mediawiki': role => 'all', mediawiki_location => '/srv/mediawiki/w', diff --git a/modules/openstack_project/spec/acceptance/basic_spec.rb b/modules/openstack_project/spec/acceptance/basic_spec.rb index 786c4f075a..babb3c8be3 100755 --- a/modules/openstack_project/spec/acceptance/basic_spec.rb +++ b/modules/openstack_project/spec/acceptance/basic_spec.rb @@ -47,19 +47,21 @@ describe 'openstack_project::server' do 'clarkb', 'fungi', 'jhesketh', - 'yolanda', 'pabelanger', - 'rcarrillocruz', 'ianw', 'shrews', 'dmsimard', + 'yolanda', + 'rcarrillocruz', 'frickler'].each do |user| describe user(user) do it { should exist } end end - ['slukjanov', 'elizabeth', 'nibz'].each do |user| + ['slukjanov', + 'elizabeth', + 'nibz'].each do |user| describe user(user) do it { should_not exist } end diff --git a/playbooks/base.yaml b/playbooks/base.yaml index 579a7b1181..27a9176bd6 100644 --- a/playbooks/base.yaml +++ b/playbooks/base.yaml @@ -9,6 +9,10 @@ roles: - base-server +- hosts: "puppet:!disabled" + roles: + - disable-puppet-agent + - hosts: "!ci-backup:!disabled" roles: - exim diff --git a/playbooks/group_vars/all.yaml b/playbooks/group_vars/all.yaml index 03d159b990..7edaf8d879 100644 --- a/playbooks/group_vars/all.yaml +++ b/playbooks/group_vars/all.yaml @@ -80,6 +80,18 @@ all_users: uid: 2016 gid: 2016 + yolanda: + comment: Yolanda Robla + key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSR2NmJC8PSanHUpKJuaMmohG80COO2IPkE3Mxhr7US8P1B3p1c6lOrT6M1txRzBY8FlbxfOinGtutP+ADCB2taXfpO8UiaG9eOqojAT/PeP2Y2ov72rVMSWupLozUv2uAR5yyFVFHOjKPYGAa01aJtfzfJujSak8dM0ifFeFwgp/8RBGEfC7atq+45TdrfAURRcEgcOLiF5Aq6fprCOwpllnrH6VoId9YS7u/5xF2/zBjr9PuOP7jEgCaL/+FNqu7jgj87aG5jiZPlweb7GTLJON9H6eFpyfpoJE0sZ1yR9Q+e9FAqQIA44Zi748qKBlFKbLxzoC4mc0SbNUAleEL yolanda@infra + uid: 2018 + gid: 2018 + + rcarrillocruz: + comment: Ricardo Carrillo Cruz + key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCz1CW5E87v8o7O8B5fe7j1uaPCToRdaBukjH2HzQZ+DSGTIPjirLpp5ZXPuyNnmtRMzwld6mlHYlevVEwuZTNyQwS7ut5o0LjyW6yoEcvPq0xMEZLxaso5dZAtzNgf3FzbtaUYBnkhSwX7c24lf8wPGAl7TC3yO0dePQh2lXVdaBiGB9ybVeQr+kwJIxleUE4puuQ+ONJE2D+hHjoQ/huUMpb996pb/YzkjkAxqHguMid0c1taelyW8n17nEDoWvlV9Qqbo8cerhgURo1OBt2zENLjQQ0kOkPxJx4qx3652e0kbkr11y50r9BMs418mnJdWselMxkSqQNZ+XotoH5Dwn+3K2a6Wv4OX3Dqb9SF/JTD7lA/tIkNfxgsRlzfEQ01rK1+g7Je10EnDCLEzHpFjvZ5q4EEMcYqY+osLFpHAOWGLMx+3eY4pz/xEzRP/x3sjGU09uNOZ3oCWUfSkE4xebnnWtxwWZKyFmv3GHtaqJn2UvpAbODPEYyYcOS3XV3zd233W3C09YYnFUyZbGLXpD05Yet5fZfGTnveMRn5/9LZai+dBPwoMWUJdX4yPnGXgOG8zk0u1nWfcNJfYg+xajSUDiMKjDhlkuFK/GXNYuINe42s1TxzL7pJ4X4UhqLiopeJvPg/U5xdCV5pxVKf1MVenrGe2pfwf1Yr2WMv5w== rcarrillocruz@infra + uid: 2019 + gid: 2019 + colleen: comment: Colleen Murphy key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDcHzySqYlH1TfAPx5PaVzqkuMbI3zksJ5E2aZBlsIN7wNSoyO0Dts6HegHZIgi5NGT05wRBAUMCNZwupqFoWDg41JBKzPKITkqvEe/FnNmJFxt591ltXigZZ+ZLoX8B12nww/eeA5nx9PT4hIsLQG50MxEm0iC4ApusaAXMXa7+gTDkzf6yyl4QwinyFFTYtyJwFw5XfQXXRQwL8Qv6mVGrhDz3Fj4VWawByQuxRHgt5G3Ux/PnZzatJ3tuSK66o1uXrvuOiGdUtDCuAFUx+kgcmUTpCC6vgMZdDbrfyw0CGxkmAUNfeEMOw0TWbdioJ2FwH5+4BEvMgiFgsCTjIwDqqyFV9eK8sd0mbJ+I82EyOXPlFPKGan6Ie6LD1qotdUW9vT3pfpR/44s/Id2un3FBnVg7GZkGJshikGO1UqjmZfhEpQ6Q+auLir+mBv2X/ril6qJ2NuQpwMRVzZmriPMxdJDs6xhzg2fGEYRvEvh0kzsqNf4OgKbSWiVOB3WALM30Cx3YdmnB6JonRGA+6CqD+LO4HQMbD7LBVcYzEIS1WtP8aPx/NiybemrF0LWmIgl34A0Tpcc+5MLzzUtgUt6lYFyWxltCP43u1N7ODH+FsFALzo6CO9DjyMxEd6Ay61hyx8Btfhn8NH/wEdCQj1WAMHU+d2ljk5ndAfp8c6LRQ== krinkle@gir diff --git a/playbooks/group_vars/ask.yaml b/playbooks/group_vars/ask.yaml new file mode 100644 index 0000000000..361f549c5a --- /dev/null +++ b/playbooks/group_vars/ask.yaml @@ -0,0 +1,2 @@ +extra_users: + - mkiss diff --git a/playbooks/group_vars/groups.yaml b/playbooks/group_vars/groups.yaml new file mode 100644 index 0000000000..361f549c5a --- /dev/null +++ b/playbooks/group_vars/groups.yaml @@ -0,0 +1,2 @@ +extra_users: + - mkiss diff --git a/playbooks/group_vars/review-dev.yaml b/playbooks/group_vars/review-dev.yaml new file mode 100644 index 0000000000..d08451605a --- /dev/null +++ b/playbooks/group_vars/review-dev.yaml @@ -0,0 +1,2 @@ +exim_extra_aliases: + gerrit2: root diff --git a/playbooks/group_vars/review.yaml b/playbooks/group_vars/review.yaml new file mode 100644 index 0000000000..d08451605a --- /dev/null +++ b/playbooks/group_vars/review.yaml @@ -0,0 +1,2 @@ +exim_extra_aliases: + gerrit2: root diff --git a/playbooks/group_vars/storyboard-dev.yaml b/playbooks/group_vars/storyboard-dev.yaml new file mode 100644 index 0000000000..7fe023ddd2 --- /dev/null +++ b/playbooks/group_vars/storyboard-dev.yaml @@ -0,0 +1,4 @@ +extra_users: + - SotK + - Zara + - diablo_rojo diff --git a/playbooks/group_vars/wiki.yaml b/playbooks/group_vars/wiki.yaml new file mode 100644 index 0000000000..b8ca597853 --- /dev/null +++ b/playbooks/group_vars/wiki.yaml @@ -0,0 +1,3 @@ +extra_users: + - mkiss + - maxwell diff --git a/playbooks/host_vars/lists.katacontainers.io.yaml b/playbooks/host_vars/lists.katacontainers.io.yaml index 976f7d5b63..dd152c3825 100644 --- a/playbooks/host_vars/lists.katacontainers.io.yaml +++ b/playbooks/host_vars/lists.katacontainers.io.yaml @@ -53,3 +53,5 @@ exim_transports: # Errors-To: may carry old return_path headers_remove = Errors-To headers_add = Errors-To: ${return_path} +extra_users: + - jbryce diff --git a/playbooks/host_vars/openstackid-dev.openstack.org.yaml b/playbooks/host_vars/openstackid-dev.openstack.org.yaml new file mode 100644 index 0000000000..5b367358c2 --- /dev/null +++ b/playbooks/host_vars/openstackid-dev.openstack.org.yaml @@ -0,0 +1,3 @@ +extra_users: + - smarcet + - mkiss diff --git a/playbooks/host_vars/openstackid.org.yaml b/playbooks/host_vars/openstackid.org.yaml new file mode 100644 index 0000000000..15985fa0fd --- /dev/null +++ b/playbooks/host_vars/openstackid.org.yaml @@ -0,0 +1,3 @@ +extra_users: + - smarcet + - maxwell diff --git a/modules/openstack_project/files/puppet.default b/playbooks/roles/disable-puppet-agent/files/puppet.default similarity index 100% rename from modules/openstack_project/files/puppet.default rename to playbooks/roles/disable-puppet-agent/files/puppet.default diff --git a/playbooks/roles/disable-puppet-agent/tasks/Debian.yaml b/playbooks/roles/disable-puppet-agent/tasks/Debian.yaml new file mode 100644 index 0000000000..1ea0bb0529 --- /dev/null +++ b/playbooks/roles/disable-puppet-agent/tasks/Debian.yaml @@ -0,0 +1,5 @@ +- name: Prevent puppet agent from running + copy: + mode: 0644 + src: puppet.default + dest: /etc/default/puppet diff --git a/playbooks/roles/disable-puppet-agent/tasks/main.yaml b/playbooks/roles/disable-puppet-agent/tasks/main.yaml new file mode 100644 index 0000000000..5986666ae7 --- /dev/null +++ b/playbooks/roles/disable-puppet-agent/tasks/main.yaml @@ -0,0 +1,10 @@ +- name: Include OS-specific tasks + include_tasks: "{{ lookup('first_found', file_list) }}" + vars: + file_list: "{{ distro_lookup_path }}" + +- name: Disable the puppet service + service: + name: puppet + enabled: no + state: stopped diff --git a/playbooks/roles/install-ansible/files/groups.yaml b/playbooks/roles/install-ansible/files/groups.yaml index 6937900117..9dfbf5e25a 100644 --- a/playbooks/roles/install-ansible/files/groups.yaml +++ b/playbooks/roles/install-ansible/files/groups.yaml @@ -4,6 +4,7 @@ groups: afs: inventory_hostname is match('afs\d+.*openstack.org') afsadmin: inventory_hostname is match('mirror-update\d+\.openstack\.org') afsdb: inventory_hostname is match('afsdb.*openstack.org') + ask: inventory_hostname.startswith('ask') cacti: inventory_hostname is match('cacti\d+\.openstack\.org') ci-backup: inventory_hostname is match('backup\d+.*\ci\.openstack\.org') disabled: inventory_hostname.startswith('backup') or inventory_hostname.startswith('wiki') or inventory_hostname.startswith('puppetmaster') @@ -15,6 +16,7 @@ groups: git-loadbalancer: inventory_hostname is match('git(-fe\d+)?\.openstack\.org') git-server: inventory_hostname is match('git\d+\.openstack\.org') grafana: inventory_hostname.startswith('grafana') + groups: inventory_hostname.regex_match('groups(-dev)?\d*\.openstack\.org') logstash-worker: inventory_hostname.startswith('logstash-worker') mailman: inventory_hostname.startswith('lists') nodepool: inventory_hostname is match('^(nodepool|nb|nl)') @@ -25,6 +27,7 @@ groups: review: inventory_hostname is match('review\d+\.openstack\.org') status: inventory_hostname.startswith('status') storyboard: inventory_hostname.startswith('storyboard') + storyboard-dev: inventory_hostname is match('storyboard-dev\d*\.openstack\.org') subunit-worker: inventory_hostname.startswith('subunit-worker') survey: inventory_hostname.startswith('survey') translate-dev: inventory_hostname is match('translate-dev\d+\.openstack\.org') diff --git a/run_all.sh b/run_all.sh index e4fca81774..4a514fc0f5 100755 --- a/run_all.sh +++ b/run_all.sh @@ -34,6 +34,7 @@ set +e timeout -k 2m 120m ansible-playbook -f 10 ${ANSIBLE_PLAYBOOKS}/update-system-config.yaml # Update the puppet version timeout -k 2m 120m ansible-playbook -f 10 ${ANSIBLE_PLAYBOOKS}/update_puppet_version.yaml + # Run the git/gerrit/zuul sequence, since it's important that they all work together timeout -k 2m 120m ansible-playbook -f 10 ${ANSIBLE_PLAYBOOKS}/remote_puppet_git.yaml # Run AFS changes separately so we can make sure to only do one at a time