opendev
/
system-config
Code Issues Proposed changes

Remove base.yaml things from openstack_project::server 

Now that we've got base server stuff rewritten in ansible, remove the
old puppet versions.

Depends-On: https://review.openstack.org/588326
Change-Id: I5c82fe6fd25b9ddaa77747db377ffa7e8bf23c7b
This commit is contained in:
Monty Taylor 2018-07-25 12:36:26 -05:00
parent 3e139891be
commit bab6fcad3c
No known key found for this signature in database
GPG Key ID: 7BAE94BC7141A594
55 changed files with 78 additions and 1230 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
doc/source/sysadmin.rst
View File

@ -131,13 +131,12 @@ To create a new server, do the following:
to manually add the private information to hiera.
* You should be able to install and configure most software only with
puppet. Nonetheless, if you need SSH access to the host, add your
public key to :cgit_file:`modules/openstack_project/manifests/users.pp` and
ansible or puppet. Nonetheless, if you need SSH access to the host,
add your public key to :cgit_file:`playbooks/group_vars/all.yaml` and
include a stanza like this in your server class::
realize (
User::Virtual::Localuser['USERNAME'],
)
extra_users:
- your_user_name
* Add an RST file with documentation about the server in :cgit_file:`doc/source`
and add it to the index in that directory.

73
manifests/site.pp
View File

@ -12,7 +12,6 @@ $elasticsearch_nodes = hiera_array('elasticsearch_nodes')
#
node default {
class { 'openstack_project::server':
sysadmins => hiera('sysadmins', []),
}
}
@ -27,8 +26,6 @@ node 'review.openstack.org' {
iptables_public_tcp_ports => [80, 443, 29418],
iptables_rules6 => $iptables_rules,
iptables_rules4 => $iptables_rules,
sysadmins => hiera('sysadmins', []),
extra_aliases => { 'gerrit2' => 'root' },
}
class { 'openstack_project::review':
@ -75,8 +72,6 @@ node 'review01.openstack.org' {
iptables_public_tcp_ports => [80, 443, 29418],
iptables_rules6 => $iptables_rules,
iptables_rules4 => $iptables_rules,
sysadmins => hiera('sysadmins', []),
extra_aliases => { 'gerrit2' => 'root' },
}
class { 'openstack_project::review':
@ -123,8 +118,6 @@ node /^review-dev\d*\.openstack\.org$/ {
iptables_public_tcp_ports => [80, 443, 29418],
iptables_rules6 => $iptables_rules,
iptables_rules4 => $iptables_rules,
sysadmins => hiera('sysadmins', []),
extra_aliases => { 'gerrit2' => 'root' },
afs => true,
}
@ -157,7 +150,6 @@ node /^grafana\d*\.openstack\.org$/ {
$group = "grafana"
class { 'openstack_project::server':
iptables_public_tcp_ports => [80],
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::grafana':
admin_password => hiera('grafana_admin_password'),
@ -176,7 +168,6 @@ node /^grafana\d*\.openstack\.org$/ {
node /^health\d*\.openstack\.org$/ {
class { 'openstack_project::server':
iptables_public_tcp_ports => [80, 443],
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::openstack_health_api':
subunit2sql_db_host => hiera('subunit2sql_db_host', 'localhost'),
@ -188,7 +179,6 @@ node /^cacti\d+\.openstack\.org$/ {
$group = "cacti"
include openstack_project::ssl_cert_check
class { 'openstack_project::cacti':
sysadmins => hiera('sysadmins', []),
cacti_hosts => hiera_array('cacti_hosts'),
vhost_name => 'cacti.openstack.org',
}
@ -198,7 +188,6 @@ node /^cacti\d+\.openstack\.org$/ {
node 'puppetmaster.openstack.org' {
class { 'openstack_project::server':
iptables_public_tcp_ports => [8140],
sysadmins => hiera('sysadmins', []),
pin_puppet => '3.6.',
}
class { 'openstack_project::puppetmaster':
@ -254,7 +243,6 @@ node /^graphite\d*\.openstack\.org$/ {
{protocol => 'udp', port => '8125', hostname => 'ze10.openstack.org'},
{protocol => 'udp', port => '8125', hostname => 'ze11.openstack.org'},
],
sysadmins => hiera('sysadmins', [])
}
class { '::graphite':
@ -269,7 +257,6 @@ node /^graphite\d*\.openstack\.org$/ {
node /^groups\d*\.openstack\.org$/ {
class { 'openstack_project::server':
iptables_public_tcp_ports => [22, 80, 443],
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::groups':
site_admin_password => hiera('groups_site_admin_password'),
@ -287,7 +274,6 @@ node /^groups\d*\.openstack\.org$/ {
node /^groups-dev\d*\.openstack\.org$/ {
class { 'openstack_project::server':
iptables_public_tcp_ports => [22, 80, 443],
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::groups_dev':
site_admin_password => hiera('groups_dev_site_admin_password'),
@ -306,12 +292,9 @@ node /^groups-dev\d*\.openstack\.org$/ {
node /^lists\d*\.openstack\.org$/ {
class { 'openstack_project::server':
iptables_public_tcp_ports => [25, 80, 465],
manage_exim => false,
purge_apt_sources => false,
}
class { 'openstack_project::lists':
listadmins => hiera('listadmins', []),
listpassword => hiera('listpassword'),
}
}
@ -320,12 +303,9 @@ node /^lists\d*\.openstack\.org$/ {
node /^lists\d*\.katacontainers\.io$/ {
class { 'openstack_project::server':
iptables_public_tcp_ports => [25, 80, 465],
manage_exim => false,
purge_apt_sources => false,
}
class { 'openstack_project::kata_lists':
listadmins => hiera('listadmins', []),
listpassword => hiera('listpassword'),
}
}
@ -336,7 +316,6 @@ node /^paste\d*\.openstack\.org$/ {
class { 'openstack_project::server':
iptables_public_tcp_ports => [80],
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::paste':
db_password => hiera('paste_db_password'),
@ -348,7 +327,6 @@ node /^paste\d*\.openstack\.org$/ {
# Node-OS: xenial
node /planet\d*\.openstack\.org$/ {
class { 'openstack_project::planet':
sysadmins => hiera('sysadmins', []),
}
}
@ -357,7 +335,6 @@ node /^eavesdrop\d*\.openstack\.org$/ {
$group = "eavesdrop"
class { 'openstack_project::server':
iptables_public_tcp_ports => [80],
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::eavesdrop':
@ -397,7 +374,6 @@ node /^ethercalc\d+\.openstack\.org$/ {
$group = "ethercalc"
class { 'openstack_project::server':
iptables_public_tcp_ports => [22, 80, 443],
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::ethercalc':
@ -413,7 +389,6 @@ node /^ethercalc\d+\.openstack\.org$/ {
node /^etherpad\d*\.openstack\.org$/ {
class { 'openstack_project::server':
iptables_public_tcp_ports => [22, 80, 443],
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::etherpad':
@ -431,7 +406,6 @@ node /^etherpad\d*\.openstack\.org$/ {
node /^etherpad-dev\d*\.openstack\.org$/ {
class { 'openstack_project::server':
iptables_public_tcp_ports => [22, 80, 443],
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::etherpad_dev':
@ -445,7 +419,6 @@ node /^etherpad-dev\d*\.openstack\.org$/ {
node /^wiki\d+\.openstack\.org$/ {
$group = "wiki"
class { 'openstack_project::wiki':
sysadmins => hiera('sysadmins', []),
bup_user => 'bup-wiki',
serveradmin => hiera('infra_apache_serveradmin'),
site_hostname => 'wiki.openstack.org',
@ -468,7 +441,6 @@ node /^wiki\d+\.openstack\.org$/ {
node /^wiki-dev\d+\.openstack\.org$/ {
$group = "wiki-dev"
class { 'openstack_project::wiki':
sysadmins => hiera('sysadmins', []),
serveradmin => hiera('infra_apache_serveradmin'),
site_hostname => 'wiki-dev.openstack.org',
wg_dbserver => hiera('wg_dbserver'),
@ -489,7 +461,6 @@ node /^logstash\d*\.openstack\.org$/ {
class { 'openstack_project::server':
iptables_public_tcp_ports => [22, 80, 3306],
iptables_allowed_hosts => hiera_array('logstash_iptables_rule_data'),
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::logstash':
@ -512,7 +483,6 @@ node /^logstash-worker\d+\.openstack\.org$/ {
class { 'openstack_project::server':
iptables_public_tcp_ports => [22],
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::logstash_worker':
@ -528,7 +498,6 @@ node /^subunit-worker\d+\.openstack\.org$/ {
$group = "subunit-worker"
class { 'openstack_project::server':
iptables_public_tcp_ports => [22],
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::subunit_worker':
subunit2sql_db_host => hiera('subunit2sql_db_host', ''),
@ -544,7 +513,6 @@ node /^elasticsearch0[1-7]\.openstack\.org$/ {
class { 'openstack_project::server':
iptables_public_tcp_ports => [22],
iptables_allowed_hosts => hiera_array('elasticsearch_iptables_rule_data'),
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::elasticsearch_node':
discover_nodes => $elasticsearch_nodes,
@ -558,11 +526,8 @@ node /^firehose\d+\.openstack\.org$/ {
# connections seem to crash mosquitto. Once this is fixed we should add
# them back
iptables_public_tcp_ports => [22, 25, 80, 1883, 8883, 443],
sysadmins => hiera('sysadmins', []),
manage_exim => false,
}
class { 'openstack_project::firehose':
sysadmins => hiera('sysadmins', []),
gerrit_ssh_host_key => hiera('gerrit_ssh_rsa_pubkey_contents'),
gerrit_public_key => hiera('germqtt_gerrit_ssh_public_key'),
gerrit_private_key => hiera('germqtt_gerrit_ssh_private_key'),
@ -582,7 +547,6 @@ node /^firehose\d+\.openstack\.org$/ {
node /^git(-fe\d+)?\.openstack\.org$/ {
$group = "git-loadbalancer"
class { 'openstack_project::git':
sysadmins => hiera('sysadmins', []),
balancer_member_names => [
'git01.openstack.org',
'git02.openstack.org',
@ -614,7 +578,6 @@ node /^git\d+\.openstack\.org$/ {
include openstack_project
class { 'openstack_project::server':
iptables_public_tcp_ports => [4443, 8080, 29418],
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::git_backend':
@ -653,7 +616,6 @@ node /^mirror-update\d*\.openstack\.org$/ {
centos_keytab => hiera('centos_keytab'),
epel_keytab => hiera('epel_keytab'),
yum_puppetlabs_keytab => hiera('yum_puppetlabs_keytab'),
sysadmins => hiera('sysadmins', []),
}
}
@ -664,7 +626,6 @@ node /^mirror\d*\..*\.openstack\.org$/ {
class { 'openstack_project::server':
iptables_public_tcp_ports => [22, 80, 8080, 8081, 8082],
sysadmins => hiera('sysadmins', []),
afs => true,
afs_cache_size => 50000000, # 50GB
}
@ -681,7 +642,6 @@ node /^files\d*\.openstack\.org$/ {
$group = "files"
class { 'openstack_project::server':
iptables_public_tcp_ports => [80, 443],
sysadmins => hiera('sysadmins', []),
afs => true,
afs_cache_size => 10000000, # 10GB
}
@ -712,7 +672,6 @@ node /^files\d*\.openstack\.org$/ {
node /^refstack\d*\.openstack\.org$/ {
class { 'openstack_project::server':
iptables_public_tcp_ports => [80, 443],
sysadmins => hiera('sysadmins', []),
}
class { 'refstack':
mysql_host => hiera('refstack_mysql_host', 'localhost'),
@ -741,7 +700,6 @@ node /^refstack\d*\.openstack\.org$/ {
node /^storyboard\d*\.openstack\.org$/ {
class { 'openstack_project::storyboard':
project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
sysadmins => hiera('sysadmins', []),
mysql_host => hiera('storyboard_db_host', 'localhost'),
mysql_user => hiera('storyboard_db_user', 'username'),
mysql_password => hiera('storyboard_db_password'),
@ -772,7 +730,6 @@ node /^storyboard\d*\.openstack\.org$/ {
node /^storyboard-dev\d*\.openstack\.org$/ {
class { 'openstack_project::storyboard::dev':
project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
sysadmins => hiera('sysadmins', []),
mysql_host => hiera('storyboard_db_host', 'localhost'),
mysql_user => hiera('storyboard_db_user', 'username'),
mysql_password => hiera('storyboard_db_password'),
@ -799,7 +756,6 @@ node /^storyboard-dev\d*\.openstack\.org$/ {
node /^static\d*\.openstack\.org$/ {
class { 'openstack_project::server':
iptables_public_tcp_ports => [22, 80, 443],
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::static':
project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',
@ -837,7 +793,6 @@ node /^zk\d+\.openstack\.org$/ {
{protocol => 'tcp', port => '3888', hostname => 'zk02.openstack.org'},
{protocol => 'tcp', port => '3888', hostname => 'zk03.openstack.org'},
],
sysadmins => hiera('sysadmins', []),
}
class { '::zookeeper':
@ -861,7 +816,6 @@ node /^status\d*\.openstack\.org$/ {
class { 'openstack_project::server':
iptables_public_tcp_ports => [22, 80, 443],
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::status':
@ -881,7 +835,6 @@ node /^survey\d+\.openstack\.org$/ {
$group = "survey"
class { 'openstack_project::server':
iptables_public_tcp_ports => [22, 80, 443],
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::survey':
@ -905,7 +858,6 @@ node /^adns\d+\.openstack\.org$/ {
$group = 'adns'
class { 'openstack_project::server':
sysadmins => hiera('sysadmins', []),
iptables_allowed_hosts => [
{protocol => 'tcp', port => '53', hostname => 'ns1.openstack.org'},
{protocol => 'tcp', port => '53', hostname => 'ns2.openstack.org'},
@ -925,7 +877,6 @@ node /^ns\d+\.openstack\.org$/ {
$group = 'ns'
class { 'openstack_project::server':
sysadmins => hiera('sysadmins', []),
iptables_public_udp_ports => [53],
iptables_public_tcp_ports => [53],
}
@ -969,7 +920,6 @@ node 'nodepool.openstack.org' {
{protocol => 'tcp', port => '2181', hostname => 'nl04.openstack.org'},
{protocol => 'tcp', port => '2181', hostname => 'zuul01.openstack.org'},
],
sysadmins => hiera('sysadmins', []),
iptables_public_tcp_ports => [80],
}
@ -1023,7 +973,6 @@ node /^nl\d+\.openstack\.org$/ {
$clouds_yaml = template("openstack_project/nodepool/clouds.yaml.erb")
class { 'openstack_project::server':
sysadmins => hiera('sysadmins', []),
iptables_public_tcp_ports => [80],
}
@ -1086,7 +1035,6 @@ node /^nb\d+\.openstack\.org$/ {
$clouds_yaml = template("openstack_project/nodepool/clouds.yaml.erb")
class { 'openstack_project::server':
sysadmins => hiera('sysadmins', []),
iptables_public_tcp_ports => [80, 443],
}
@ -1142,7 +1090,6 @@ node /^ze\d+\.openstack\.org$/ {
class { 'openstack_project::server':
iptables_public_tcp_ports => [79, 7900],
sysadmins => hiera('sysadmins', []),
afs => true,
}
@ -1257,7 +1204,6 @@ node /^zuul\d+\.openstack\.org$/ {
{protocol => 'tcp', port => '4730', hostname => 'zm07.openstack.org'},
{protocol => 'tcp', port => '4730', hostname => 'zm08.openstack.org'},
],
sysadmins => hiera('sysadmins', []),
}
class { '::project_config':
@ -1348,7 +1294,6 @@ node /^zm\d+.openstack\.org$/ {
class { 'openstack_project::server':
iptables_public_tcp_ports => [80],
sysadmins => hiera('sysadmins', []),
}
# NOTE(pabelanger): We call ::zuul directly, so we can override all in one
@ -1383,7 +1328,6 @@ node /^zm\d+.openstack\.org$/ {
# Node-OS: trusty
node 'pbx.openstack.org' {
class { 'openstack_project::server':
sysadmins => hiera('sysadmins', []),
# SIP signaling is either TCP or UDP port 5060.
# RTP media (audio/video) uses a range of UDP ports.
iptables_public_tcp_ports => [5060],
@ -1408,8 +1352,6 @@ node /^backup\d+\..*\.ci\.openstack\.org$/ {
$group = "ci-backup"
class { 'openstack_project::server':
iptables_public_tcp_ports => [],
manage_exim => false,
purge_apt_sources => false,
}
include openstack_project::backup_server
}
@ -1417,7 +1359,6 @@ node /^backup\d+\..*\.ci\.openstack\.org$/ {
# Node-OS: trusty
node 'openstackid.org' {
class { 'openstack_project::openstackid_prod':
sysadmins => hiera('sysadmins', []),
site_admin_password => hiera('openstackid_site_admin_password'),
id_mysql_host => hiera('openstackid_id_mysql_host', 'localhost'),
id_mysql_password => hiera('openstackid_id_mysql_password'),
@ -1447,7 +1388,6 @@ node 'openstackid.org' {
# Node-OS: trusty
node 'openstackid-dev.openstack.org' {
class { 'openstack_project::openstackid_dev':
sysadmins => hiera('sysadmins', []),
site_admin_password => hiera('openstackid_dev_site_admin_password'),
id_mysql_host => hiera('openstackid_dev_id_mysql_host', 'localhost'),
id_mysql_password => hiera('openstackid_dev_id_mysql_password'),
@ -1484,7 +1424,6 @@ node 'kdc01.openstack.org' {
class { 'openstack_project::server':
iptables_public_tcp_ports => [88, 464, 749, 754],
iptables_public_udp_ports => [88, 464, 749],
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::kdc': }
@ -1495,7 +1434,6 @@ node 'kdc04.openstack.org' {
class { 'openstack_project::server':
iptables_public_tcp_ports => [88, 464, 749, 754],
iptables_public_udp_ports => [88, 464, 749],
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::kdc':
@ -1509,9 +1447,7 @@ node 'afsdb01.openstack.org' {
class { 'openstack_project::server':
iptables_public_udp_ports => [7000,7002,7003,7004,7005,7006,7007],
sysadmins => hiera('sysadmins', []),
afs => true,
manage_exim => true,
}
include openstack_project::afsdb
@ -1524,9 +1460,7 @@ node /^afsdb.*\.openstack\.org$/ {
class { 'openstack_project::server':
iptables_public_udp_ports => [7000,7002,7003,7004,7005,7006,7007],
sysadmins => hiera('sysadmins', []),
afs => true,
manage_exim => true,
}
include openstack_project::afsdb
@ -1538,9 +1472,7 @@ node /^afs.*\..*\.openstack\.org$/ {
class { 'openstack_project::server':
iptables_public_udp_ports => [7000,7002,7003,7004,7005,7006,7007],
sysadmins => hiera('sysadmins', []),
afs => true,
manage_exim => true,
}
include openstack_project::afsfs
@ -1551,7 +1483,6 @@ node 'ask.openstack.org' {
class { 'openstack_project::server':
iptables_public_tcp_ports => [22, 80, 443],
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::ask':
@ -1568,7 +1499,6 @@ node 'ask.openstack.org' {
node 'ask-staging.openstack.org' {
class { 'openstack_project::server':
iptables_public_tcp_ports => [22, 80, 443],
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::ask_staging':
@ -1583,7 +1513,6 @@ node /^translate\d+\.openstack\.org$/ {
$group = "translate"
class { 'openstack_project::server':
iptables_public_tcp_ports => [80, 443],
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::translate':
admin_users => 'aeng,cboylan,eumel8,ianw,ianychoi,infra,jaegerandi,mordred,stevenk',
@ -1612,7 +1541,6 @@ node /^translate\d+\.openstack\.org$/ {
node /^translate-dev\d*\.openstack\.org$/ {
$group = "translate-dev"
class { 'openstack_project::translate_dev':
sysadmins => hiera('sysadmins', []),
admin_users => 'aeng,cboylan,eumel,eumel8,ianw,ianychoi,infra,jaegerandi,mordred,stevenk',
openid_url => 'https://openstackid-dev.openstack.org',
listeners => ['ajp'],
@ -1633,7 +1561,6 @@ node /^codesearch\d*\.openstack\.org$/ {
$group = "codesearch"
class { 'openstack_project::server':
iptables_public_tcp_ports => [80],
sysadmins => hiera('sysadmins', []),
}
class { 'openstack_project::codesearch':
project_config_repo => 'https://git.openstack.org/openstack-infra/project-config',

1
modules/openstack_project/files/80retry
View File

@ -1 +0,0 @@
APT::Acquire::Retries "20";

1
modules/openstack_project/files/90no-translations
View File

@ -1 +0,0 @@
Acquire::Languages "none";

1
modules/openstack_project/files/bash-history.sh
View File

@ -1 +0,0 @@
export HISTTIMEFORMAT="%Y-%m-%dT%T%z "

6
modules/openstack_project/files/centos7-puppetlabs.repo
View File

@ -1,6 +0,0 @@
[puppetlabs-products]
name=Puppet Labs Products El 7 - $basearch
baseurl=http://yum.puppetlabs.com/el/7/products/$basearch
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-puppetlabs
enabled=1
gpgcheck=1

4
modules/openstack_project/files/debian_limits.conf
View File

@ -1,4 +0,0 @@
# Original 1024
* soft nofile 4096
# Original 4096
* hard nofile 8192

69
modules/openstack_project/files/rsyslog.d_50-default.conf
View File

@ -1,69 +0,0 @@
# Default rules for rsyslog.
#
# For more information see rsyslog.conf(5) and /etc/rsyslog.conf
#
# First some standard log files. Log by facility.
#
auth,authpriv.* /var/log/auth.log
*.*;auth,authpriv.none -/var/log/syslog
#cron.* /var/log/cron.log
#daemon.* -/var/log/daemon.log
kern.* -/var/log/kern.log
#lpr.* -/var/log/lpr.log
mail.* -/var/log/mail.log
#user.* -/var/log/user.log
#
# Logging for the mail system. Split it up so that
# it is easy to write scripts to parse these files.
#
#mail.info -/var/log/mail.info
#mail.warn -/var/log/mail.warn
mail.err /var/log/mail.err
#
# Logging for INN news system.
#
news.crit /var/log/news/news.crit
news.err /var/log/news/news.err
news.notice -/var/log/news/news.notice
#
# Some "catch-all" log files.
#
#*.=debug;\
# auth,authpriv.none;\
# news.none;mail.none -/var/log/debug
#*.=info;*.=notice;*.=warn;\
# auth,authpriv.none;\
# cron,daemon.none;\
# mail,news.none -/var/log/messages
#
# Emergencies are sent to everybody logged in.
#
*.emerg :omusrmsg:*
#
# I like to have messages displayed on the console, but only on a virtual
# console I usually leave idle.
#
#daemon,mail.*;\
# news.=crit;news.=err;news.=notice;\
# *.=debug;*.=info;\
# *.=notice;*.=warn /dev/tty8
# The named pipe /dev/xconsole is for the `xconsole' utility. To use it,
# you must invoke `xconsole' with the `-file' option:
#
# $ xconsole -file /dev/xconsole [...]
#
# NOTE: adjust the list below, or you'll go crazy if you have a reasonably
# busy site..
#
# Commenting out since we don't install xconsoles on headless servers.
#daemon.*;mail.*;\
# news.err;\
# *.=debug;*.=info;\
# *.=notice;*.=warn |/dev/xconsole

13
modules/openstack_project/files/sources.list.trusty.amd64
View File

@ -1,13 +0,0 @@
# This file is kept updated by puppet, adapted from
# http://ubuntuguide.org/wiki/Ubuntu_Trusty_Packages_and_Repositories
deb http://us.archive.ubuntu.com/ubuntu trusty main restricted
deb http://us.archive.ubuntu.com/ubuntu trusty-updates main restricted
deb http://us.archive.ubuntu.com/ubuntu trusty universe
deb http://us.archive.ubuntu.com/ubuntu trusty-updates universe
deb http://us.archive.ubuntu.com/ubuntu trusty multiverse
deb http://us.archive.ubuntu.com/ubuntu trusty-updates multiverse
deb http://us.archive.ubuntu.com/ubuntu trusty-backports main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu trusty-security main restricted
deb http://security.ubuntu.com/ubuntu trusty-security universe
deb http://security.ubuntu.com/ubuntu trusty-security multiverse

35
modules/openstack_project/files/sources.list.xenial.aarch64
View File

@ -1,35 +0,0 @@
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb http://ports.ubuntu.com/ubuntu-ports/ xenial main restricted multiverse
deb-src http://ports.ubuntu.com/ubuntu-ports/ xenial main restricted multiverse
## Major bug fix updates produced after the final release of the
## distribution.
deb http://ports.ubuntu.com/ubuntu-ports/ xenial-updates main restricted multiverse
deb-src http://ports.ubuntu.com/ubuntu-ports/ xenial-updates main restricted multiverse
## Uncomment the following two lines to add software from the 'universe'
## repository.
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://ports.ubuntu.com/ubuntu-ports/ xenial universe
deb-src http://ports.ubuntu.com/ubuntu-ports/ xenial universe
deb http://ports.ubuntu.com/ubuntu-ports/ xenial-updates universe
deb-src http://ports.ubuntu.com/ubuntu-ports/ xenial-updates universe
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
# deb http://ports.ubuntu.com/ubuntu-ports/ xenial-backports main restricted
# deb-src http://ports.ubuntu.com/ubuntu-ports/ xenial-backports main restricted
deb http://ports.ubuntu.com/ubuntu-ports/ xenial-security main restricted multiverse
deb-src http://ports.ubuntu.com/ubuntu-ports/ xenial-security main restricted multiverse
deb http://ports.ubuntu.com/ubuntu-ports/ xenial-security universe
deb-src http://ports.ubuntu.com/ubuntu-ports/ xenial-security universe
# deb http://ports.ubuntu.com/ubuntu-ports/ xenial-security multiverse
# deb-src http://ports.ubuntu.com/ubuntu-ports/ xenial-security multiverse

13
modules/openstack_project/files/sources.list.xenial.amd64
View File

@ -1,13 +0,0 @@
# This file is kept updated by puppet, adapted from
# https://help.ubuntu.com/lts/serverguide/configuration.html
deb http://us.archive.ubuntu.com/ubuntu xenial main restricted
deb http://us.archive.ubuntu.com/ubuntu xenial-updates main restricted
deb http://us.archive.ubuntu.com/ubuntu xenial universe
deb http://us.archive.ubuntu.com/ubuntu xenial-updates universe
deb http://us.archive.ubuntu.com/ubuntu xenial multiverse
deb http://us.archive.ubuntu.com/ubuntu xenial-updates multiverse
deb http://us.archive.ubuntu.com/ubuntu xenial-backports main restricted universe multiverse
deb http://security.ubuntu.com/ubuntu xenial-security main restricted
deb http://security.ubuntu.com/ubuntu xenial-security universe
deb http://security.ubuntu.com/ubuntu xenial-security multiverse

81
modules/openstack_project/files/yum/yum-cron.conf
View File

@ -1,81 +0,0 @@
[commands]
# What kind of update to use:
# default = yum upgrade
# security = yum --security upgrade
# security-severity:Critical = yum --sec-severity=Critical upgrade
# minimal = yum --bugfix update-minimal
# minimal-security = yum --security update-minimal
# minimal-security-severity:Critical = --sec-severity=Critical update-minimal
update_cmd = default
# Whether a message should be emitted when updates are available,
# were downloaded, or applied.
update_messages = yes
# Whether updates should be downloaded when they are available.
download_updates = yes
# Whether updates should be applied when they are available. Note
# that download_updates must also be yes for the update to be applied.
apply_updates = yes
# Maximum amout of time to randomly sleep, in minutes. The program
# will sleep for a random amount of time between 0 and random_sleep
# minutes before running. This is useful for e.g. staggering the
# times that multiple systems will access update servers. If
# random_sleep is 0 or negative, the program will run immediately.
# 6*60 = 360
random_sleep = 360
[emitters]
# Name to use for this system in messages that are emitted. If
# system_name is None, the hostname will be used.
system_name = None
# How to send messages. Valid options are stdio and email. If
# emit_via includes stdio, messages will be sent to stdout; this is useful
# to have cron send the messages. If emit_via includes email, this
# program will send email itself according to the configured options.
# If emit_via is None or left blank, no messages will be sent.
emit_via = stdio
# The width, in characters, that messages that are emitted should be
# formatted to.
output_width = 80
[email]
# The address to send email messages from.
# NOTE: 'localhost' will be replaced with the value of system_name.
email_from = root@localhost
# List of addresses to send messages to.
email_to = root
# Name of the host to connect to to send email messages.
email_host = localhost
[groups]
# NOTE: This only works when group_command != objects, which is now the default
# List of groups to update
group_list = None
# The types of group packages to install
group_package_types = mandatory, default
[base]
# This section overrides yum.conf
# Use this to filter Yum core messages
# -4: critical
# -3: critical+errors
# -2: critical+errors+warnings (default)
debuglevel = -2
# skip_broken = True
mdpolicy = group:main
# Uncomment to auto-import new gpg keys (dangerous)
# assumeyes = True

4
modules/openstack_project/manifests/ask.pp
View File

@ -17,10 +17,6 @@ class openstack_project::ask (
$askbot_revision = '87086ebcefc5be29e80d3228e465e6bec4523fcf'
) {
realize (
User::Virtual::Localuser['mkiss'],
)
file { '/srv/dist':
ensure => directory,
owner => 'root',

4
modules/openstack_project/manifests/ask_staging.pp
View File

@ -13,10 +13,6 @@ class openstack_project::ask_staging (
$solr_version = '4.10.4'
) {
realize (
User::Virtual::Localuser['mkiss'],
)
file { '/srv/dist':
ensure => directory,
owner => 'root',

2
modules/openstack_project/manifests/cacti.pp
View File

@ -1,6 +1,5 @@
# Class to configure cacti on a node.
class openstack_project::cacti (
$sysadmins = [],
$cacti_hosts = [],
$vhost_name = '',
) {
@ -11,7 +10,6 @@ class openstack_project::cacti (
class { 'openstack_project::server':
iptables_public_tcp_ports => [80, 443],
sysadmins => $sysadmins,
}
class { '::apache':

31
modules/openstack_project/manifests/firehose.pp
View File

@ -15,7 +15,6 @@
# firehose glue class.
#
class openstack_project::firehose (
$sysadmins = [],
$gerrit_username = 'germqtt',
$gerrit_public_key,
$gerrit_private_key,
@ -69,36 +68,6 @@ class openstack_project::firehose (
ensure => running,
}
class {'::exim':
sysadmins => $sysadmins,
local_domains => "@:firehose.openstack.org",
default_localuser_router => false,
routers => [
{'cyrus' => {
'driver' => 'accept',
'domains' => '+local_domains',
'local_part_suffix' => '+*',
'local_part_suffix_optional' => true,
'transport' => 'cyrus',
}},
{'localuser' => {
'driver' => 'accept',
'check_local_user' => true,
'transport' => 'local_delivery',
'cannot_route_message' => 'Unknown user',
}}
],
transports => [
{'cyrus' => {
'driver' => 'lmtp',
'socket' => '/var/run/cyrus/socket/lmtp',
'user' => 'cyrus',
'batch_max' => '35',
}}
],
require => Package['cyrus-imapd'],
}
include lpmqtt
class {'lpmqtt::server':
mqtt_username => $mqtt_username,

9
modules/openstack_project/manifests/git.pp
View File

@ -16,14 +16,12 @@
#
# == Class: openstack_project::git
class openstack_project::git (
$sysadmins = [],
$balancer_member_names = [],
$balancer_member_ips = [],
$selinux_mode = 'enforcing'
) {
class { 'openstack_project::server':
iptables_public_tcp_ports => [80, 443, 9418],
sysadmins => $sysadmins,
}
if ($::osfamily == 'RedHat') {
@ -148,6 +146,13 @@ class openstack_project::git (
notify => Service['rsyslog'],
}
# TODO(mordred) We should get this haproxy stuff ported to ansible ASAP.
# Ansible is the one installing rsyslog.
service { 'rsyslog':
ensure => running,
enable => true,
hasrestart => true,
}
# haproxy statsd

4
modules/openstack_project/manifests/groups.pp
View File

@ -28,10 +28,6 @@ class openstack_project::groups (
$site_ssl_chain_file = '/etc/ssl/certs/groups.openstack.org_ca.pem',
) {
realize (
User::Virtual::Localuser['mkiss'],
)
vcsrepo { '/srv/groups-static-pages':
ensure => latest,
provider => git,

4
modules/openstack_project/manifests/groups_dev.pp
View File

@ -25,10 +25,6 @@ class openstack_project::groups_dev (
$site_ssl_key_file = '/etc/ssl/private/ssl-cert-snakeoil.key',
) {
realize (
User::Virtual::Localuser['mkiss'],
)
# include drupal
vcsrepo { '/srv/groups-static-pages':

4
modules/openstack_project/manifests/infracloud/baremetal.pp
View File

@ -35,8 +35,4 @@ class openstack_project::infracloud::baremetal (
ipv4_subnet_mask => $ipv4_subnet_mask,
}
realize (
User::Virtual::Localuser['colleen'],
)
}

5
modules/openstack_project/manifests/infracloud/controller.pp
View File

@ -50,9 +50,4 @@ class openstack_project::infracloud::controller (
neutron_subnet_allocation_pools => $neutron_subnet_allocation_pools,
mysql_max_connections => $mysql_max_connections,
}
realize (
User::Virtual::Localuser['colleen'],
)
}

17
modules/openstack_project/manifests/kata_lists.pp
View File

@ -1,28 +1,13 @@
# == Class: openstack_project::kata_lists
#
class openstack_project::kata_lists(
$listadmins,
$listpassword = ''
) {
$listdomain = 'lists.katacontainers.io'
class { 'exim':
sysadmins => $listadmins,
queue_interval => '1m',
queue_run_max => '50',
mailman_domains => [$listdomain],
smtp_accept_max => '100',
smtp_accept_max_per_host => '10',
}
class { 'mailman':
vhost_name => $listdomain,
vhost_name => 'lists.katacontainers.io'
}
realize (
User::Virtual::Localuser['jbryce'],
)
Maillist {
provider => 'noaliasmailman',
}

100
modules/openstack_project/manifests/lists.pp
View File

@ -1,113 +1,13 @@
# == Class: openstack_project::lists
#
class openstack_project::lists(
$listadmins,
$listpassword = ''
) {
$mm_domains='lists.openstack.org:lists.zuul-ci.org:lists.airshipit.org:lists.starlingx.io'
class { 'mailman':
multihost => true,
}
class { 'exim':
sysadmins => $listadmins,
queue_interval => '1m',
queue_run_max => '50',
smtp_accept_max => '100',
smtp_accept_max_per_host => '10',
extra_aliases => {
'ambassadors-owner' => 'spam',
'community-owner' => 'spam',
'foundation-board-confidential-owner' => 'spam',
'foundation-board-owner' => 'spam',
'foundation-owner' => 'spam',
'legal-discuss-owner' => 'spam',
'mailman-owner' => 'spam',
'marketing-owner' => 'spam',
'openstack-announce-owner' => 'spam',
'openstack-dev-owner' => 'spam',
'openstack-docs-owner' => 'spam',
'openstack-fr-owner' => 'spam',
'openstack-i18n-owner' => 'spam',
'openstack-infra-owner' => 'spam',
'openstack-operators-owner' => 'spam',
'openstack-owner' => 'spam',
'openstack-qa-owner' => 'spam',
'openstack-security-owner' => 'spam',
'openstack-tc-owner' => 'spam',
'openstack-vi-owner' => 'spam',
'product-wg-owner' => 'spam',
'superuser-owner' => 'spam',
'user-committee-owner' => 'spam',
'women-of-openstack-owner' => 'spam',
'spam' => ':fail: delivery temporarily disabled due to ongoing spam flood',
},
local_domains => "@:$mm_domains",
routers => [
{'mailman_verp_router' => {
'driver' => 'dnslookup',
# we only consider messages sent in through loopback
'condition' => '${if or{{eq{$sender_host_address}{127.0.0.1}}\
{eq{$sender_host_address}{::1}}}{yes}{no}}',
# we do not do this for traffic going to the local machine
'domains' => '!+local_domains',
'ignore_target_hosts' => '<; 0.0.0.0; \
64.94.110.11; \
127.0.0.0/8; \
::1/128;fe80::/10;fe \
c0::/10;ff00::/8',
# only the un-VERPed bounce addresses are handled
'senders' => '"*-bounces@*"',
'transport' => 'mailman_verp_smtp',
}
},
{'mailman_router' => {
'driver' => 'accept',
'domains' => "$mm_domains",
'require_files' => '${lookup{${lc::$domain}}lsearch{/etc/mailman/sites}}/lists/${lc::$local_part}/config.pck',
'local_part_suffix_optional' => true,
'local_part_suffix' => '-admin : \
-bounces : -bounces+* : \
-confirm : -confirm+* : \
-join : -leave : \
-owner : -request : \
-subscribe : -unsubscribe',
'transport' => 'mailman_transport',
}
},
],
transports => [
{'mailman_transport' => {
'driver' => 'pipe',
'environment' => 'MAILMAN_SITE_DIR=${lookup{${lc:$domain}}lsearch{/etc/mailman/sites}}',
'command' => '/var/lib/mailman/mail/mailman \
\'${if def:local_part_suffix \
{${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
{post}}\' \
$local_part',
'current_directory' => '/var/lib/mailman',
'home_directory' => '/var/lib/mailman',
'user' => 'list',
'group' => 'list',
}
},
{'mailman_verp_smtp' => {
'driver' => 'smtp',
'return_path' => '${local_part:$return_path}+$local_part=$domain@${domain:$return_path}',
'max_rcpt' => '1',
'headers_remove' => 'Errors-To',
'headers_add' => 'Errors-To: ${return_path}',
}
},
]
}
realize (
User::Virtual::Localuser['smaffulli'],
)
# Disable inactive admins
user::virtual::disable { 'oubiwann': }
user::virtual::disable { 'rockstar': }

2
modules/openstack_project/manifests/mirror_update.pp
View File

@ -1,7 +1,6 @@
# == Class: openstack_project::mirror_update
#
class openstack_project::mirror_update (
$sysadmins = [],
$bandersnatch_keytab = '',
$reprepro_keytab = '',
$admin_keytab = '',
@ -16,7 +15,6 @@ class openstack_project::mirror_update (
include ::openstack_project::reprepro_mirror
class { 'openstack_project::server':
sysadmins => $sysadmins,
afs => true,
}

7
modules/openstack_project/manifests/openstackid_dev.pp
View File

@ -15,7 +15,6 @@
# openstackid idp(sso-openid) dev server
#
class openstack_project::openstackid_dev (
$sysadmins = [],
$site_admin_password = '',
$id_mysql_host = '',
$id_mysql_user = '',
@ -62,14 +61,8 @@ class openstack_project::openstackid_dev (
$session_cookie_secure = false,
) {
realize (
User::Virtual::Localuser['smarcet'],
User::Virtual::Localuser['mkiss'],
)
class { 'openstack_project::server':
iptables_public_tcp_ports => [80, 443],
sysadmins => $sysadmins,
}
class { 'openstackid':

7
modules/openstack_project/manifests/openstackid_prod.pp
View File

@ -15,7 +15,6 @@
# openstackid idp(sso-openid) server
#
class openstack_project::openstackid_prod (
$sysadmins = [],
$site_admin_password = '',
$id_mysql_host = '',
$id_mysql_user = '',
@ -63,14 +62,8 @@ class openstack_project::openstackid_prod (
$session_cookie_secure = false,
) {
realize (
User::Virtual::Localuser['smarcet'],
User::Virtual::Localuser['maxwell'],
)
class { 'openstack_project::server':
iptables_public_tcp_ports => [80, 443],
sysadmins => $sysadmins,
}
class { 'openstackid':

39
modules/openstack_project/manifests/params.pp
View File

@ -1,39 +0,0 @@
# Class: openstack_project::params
#
# This class holds parameters that need to be
# accessed by other classes.
class openstack_project::params {
$cross_platform_packages = [
'at',
'git',
'lvm2',
'parted',
'rsync',
'strace',
'tcpdump',
'wget',
]
case $::osfamily {
'RedHat': {
$packages = concat($cross_platform_packages, ['iputils', 'bind-utils'])
$user_packages = ['emacs-nox', 'vim-enhanced']
$login_defs = 'puppet:///modules/openstack_project/login.defs.redhat'
}
'Debian': {
$packages = concat($cross_platform_packages, ['iputils-ping', 'dnsutils'])
case $::operatingsystemrelease {
/^(12|14)\.(04|10)$/: {
$user_packages = ['emacs23-nox', 'vim-nox', 'iftop',
'sysstat', 'iotop']
}
default: {
$user_packages = ['emacs-nox', 'vim-nox']
}
}
$login_defs = 'puppet:///modules/openstack_project/login.defs.debian'
}
default: {
fail("Unsupported osfamily: ${::osfamily} The 'openstack_project' module only supports osfamily Debian or RedHat (slaves only).")
}
}
}

3
modules/openstack_project/manifests/pbx.pp
View File

@ -18,9 +18,6 @@
class openstack_project::pbx (
$sip_providers = [],
) {
realize (
User::Virtual::Localuser['rbryant'],
)
class { 'asterisk':
modules_conf_source => 'puppet:///modules/openstack_project/pbx/asterisk/modules.conf',

2
modules/openstack_project/manifests/planet.pp
View File

@ -1,11 +1,9 @@
# == Class: openstack_project::planet
#
class openstack_project::planet (
$sysadmins = []
) {
class { 'openstack_project::server':
iptables_public_tcp_ports => [80],
sysadmins => $sysadmins,
}
include ::planet

4
modules/openstack_project/manifests/review_dev.pp
View File

@ -43,10 +43,6 @@ class openstack_project::review_dev (
}
}
realize (
User::Virtual::Localuser['zaro'],
)
class { 'project_config':
url => $project_config_repo,
base => 'dev/',

278
modules/openstack_project/manifests/server.pp
View File

@ -7,116 +7,21 @@ class openstack_project::server (
$iptables_rules4 = [],
$iptables_rules6 = [],
$iptables_allowed_hosts = [],
$sysadmins = [],
$extra_aliases = {},
$pin_puppet = '3.',
$ca_server = undef,
$enable_unbound = true,
$afs = false,
$afs_cache_size = 500000,
$manage_exim = true,
$pypi_index_url = 'https://pypi.python.org/simple',
$purge_apt_sources = true,
) {
include sudoers
include openstack_project::params
include openstack_project::users
class { 'openstack_project::users_install':
install_users => true,
}
class { 'timezone':
timezone => 'Etc/UTC',
}
package { 'rsyslog':
ensure => present,
}
service { 'rsyslog':
ensure => running,
enable => true,
hasrestart => true,
require => Package['rsyslog'],
}
# Increase syslog message size in order to capture
# python tracebacks with syslog.
file { '/etc/rsyslog.d/99-maxsize.conf':
ensure => present,
# Note MaxMessageSize is not a puppet variable.
content => '$MaxMessageSize 6k',
owner => 'root',
group => 'root',
mode => '0644',
notify => Service['rsyslog'],
require => Package['rsyslog'],
}
if $::osfamily == 'Debian' {
file { '/etc/security/limits.d/60-nofile-limit.conf':
owner => 'root',
group => 'root',
mode => '0644',
source => 'puppet:///modules/openstack_project/debian_limits.conf',
replace => true,
}
file { '/etc/apt/apt.conf.d/80retry':
owner => 'root',
group => 'root',
mode => '0444',
source => 'puppet:///modules/openstack_project/80retry',
replace => true,
}
file { '/etc/apt/apt.conf.d/90no-translations':
owner => 'root',
group => 'root',
mode => '0444',
source => 'puppet:///modules/openstack_project/90no-translations',
replace => true,
}
# Custom rsyslog config to disable /dev/xconsole noise on Debuntu servers
file { '/etc/rsyslog.d/50-default.conf':
ensure => present,
owner => 'root',
group => 'root',
mode => '0644',
source =>
'puppet:///modules/openstack_project/rsyslog.d_50-default.conf',
replace => true,
notify => Service['rsyslog'],
require => Package['rsyslog'],
}
# Purge and augment existing /etc/apt/sources.list if requested, and make
# sure apt-get update is run before any packages are installed
class { '::apt':
purge => { 'sources.list' => $purge_apt_sources }
}
if $purge_apt_sources == true {
file { '/etc/apt/sources.list.d/openstack-infra.list':
ensure => present,
group => 'root',
mode => '0444',
owner => 'root',
source => "puppet:///modules/openstack_project/sources.list.${::lsbdistcodename}.${::architecture}",
}
exec { 'update-apt':
command => 'apt-get update',
refreshonly => true,
path => '/bin:/usr/bin',
subscribe => File['/etc/apt/sources.list.d/openstack-infra.list'],
}
Exec['update-apt'] -> Package <| |>
}
}
package { $::openstack_project::params::packages:
ensure => present
# Include ::apt while we work on the puppet->ansible transition
if ($::osfamily == 'Debian') {
include ::apt
}
###########################################################
@ -124,45 +29,6 @@ class openstack_project::server (
include '::ntp'
if ($::osfamily == "RedHat") {
# Utils in ntp-perl are included in Debian's ntp package; we
# add it here for consistency. See also
# https://tickets.puppetlabs.com/browse/MODULES-3660
package { 'ntp-perl':
ensure => present
}
# NOTE(pabelanger): We need to ensure ntpdate service starts on boot for
# centos-7. Currently, ntpd explicitly require ntpdate to be running before
# the sync process can happen in ntpd. As a result, if ntpdate is not
# running, ntpd will start but fail to sync because of DNS is not properly
# setup.
package { 'ntpdate':
ensure => present,
}
service { 'ntpdate':
enable => true,
require => Package['ntpdate'],
}
package { 'yum-cron':
ensure => present,
}
file { '/etc/yum/yum-cron.conf':
ensure => present,
owner => root,
group => root,
mode => '0644',
source => 'puppet:///modules/openstack_project/yum/yum-cron.conf',
replace => true,
require => Package['yum-cron'],
notify => Service['yum-cron'],
}
service { 'yum-cron':
enable => true,
ensure => running,
require => Package['yum-cron'],
}
}
###########################################################
# Manage Root ssh
@ -171,24 +37,6 @@ class openstack_project::server (
trusted_ssh_source => '23.253.245.198,2001:4800:7818:101:3c21:a454:23ed:4072,23.253.234.219,2001:4800:7817:103:be76:4eff:fe04:5a1d',
}
if ! defined(File['/root/.ssh']) {
file { '/root/.ssh':
ensure => directory,
mode => '0700',
}
}
ssh_authorized_key { 'puppet-remote-2014-09-15':
ensure => present,
user => 'root',
type => 'ssh-rsa',
key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDSLlN41ftgxkNeUi/kATYPwMPjJdMaSbgokSb9PSkRPZE7GeNai60BCfhu+ky8h5eMe70Bpwb7mQ7GAtHGXPNU1SRBPhMuVN9EYrQbt5KSiwuiTXtQHsWyYrSKtB+XGbl2PhpMQ/TPVtFoL5usxu/MYaakVkCEbt5IbPYNg88/NKPixicJuhi0qsd+l1X1zoc1+Fn87PlwMoIgfLIktwaL8hw9mzqr+pPcDIjCFQQWnjqJVEObOcMstBT20XwKj/ymiH+6p123nnlIHilACJzXhmIZIZO+EGkNF7KyXpcBSfv9efPI+VCE2TOv/scJFdEHtDFkl2kdUBYPC0wQ92rp',
options => [
'from="23.253.245.198,2001:4800:7818:101:3c21:a454:23ed:4072,23.253.234.219,2001:4800:7817:103:be76:4eff:fe04:5a1d,localhost"',
],
require => File['/root/.ssh'],
}
###########################################################
# Process if ( $high_level_directive ) blocks
@ -198,13 +46,6 @@ class openstack_project::server (
}
}
if $manage_exim {
class { 'exim':
sysadmins => $sysadmins,
extra_aliases => $extra_aliases,
}
}
if $afs {
class { 'openafs::client':
cell => 'openstack.org',
@ -244,117 +85,4 @@ class openstack_project::server (
allowed_hosts => $iptables_allowed_hosts,
}
# We don't like byobu
file { '/etc/profile.d/Z98-byobu.sh':
ensure => absent,
}
# Setup RFC3339 bash history timestamps
file { '/etc/profile.d/bash-history.sh':
ensure => present,
owner => 'root',
group => 'root',
mode => '0644',
source => 'puppet:///modules/openstack_project/bash-history.sh',
}
if $::osfamily == 'Debian' {
# Ubuntu installs their whoopsie package by default, but it eats through
# memory and we don't need it on servers
package { 'whoopsie':
ensure => absent,
}
package { 'popularity-contest':
ensure => absent,
}
}
###########################################################
# Manage python/pip
$desired_virtualenv = '15.1.0'
class { '::pip':
index_url => $pypi_index_url,
optional_settings => {
'extra-index-url' => '',
},
manage_pip_conf => true,
}
if (( versioncmp($::virtualenv_version, $desired_virtualenv) < 0 )) {
$virtualenv_ensure = $desired_virtualenv
} else {
$virtualenv_ensure = present
}
package { 'virtualenv':
ensure => $virtualenv_ensure,
provider => openstack_pip,
require => Class['pip'],
}
###########################################################
# Turn off puppet service
service { 'puppet':
ensure => stopped,
enable => false,
}
if $::osfamily == 'Debian' {
file { '/etc/default/puppet':
ensure => present,
owner => 'root',
group => 'root',
mode => '0444',
source => 'puppet:///modules/openstack_project/puppet.default',
replace => true,
}
}
###########################################################
# Set up puppet repos
if ($::osfamily == 'Debian') {
# NOTE(pabelanger): Puppetlabs only support Ubuntu Trusty and below,
# anything greater will use the OS version of puppet.
if ($::operatingsystemrelease < '15.04') {
include ::apt
apt::source { 'puppetlabs':
location => 'http://apt.puppetlabs.com',
repos => 'main',
key => {
'id' =>'47B320EB4C7C375AA9DAE1A01054B7A24BD6EC30',
'server' => 'pgp.mit.edu',
},
}
}
}
if ($::operatingsystem == 'CentOS') {
file { '/etc/yum.repos.d/puppetlabs.repo':
ensure => present,
owner => 'root',
group => 'root',
mode => '0444',
source => 'puppet:///modules/openstack_project/centos7-puppetlabs.repo',
replace => true,
}
}
# Disable cloud-init
file { '/etc/cloud':
ensure => directory,
}
file { '/etc/cloud/cloud-init.disabled':
ensure => file,
require => File['/etc/cloud'],
}
if ($::lsbdistcodename == 'xenial' and $::architecture == 'aarch64') {
# Make sure we install the HWE kernel for arm64; it's 4.13 v 4.3
# and works much better on linaro cloud
ensure_packages(['linux-generic-hwe-16.04'])
}
}

39
modules/openstack_project/manifests/storyboard.pp
View File

@ -6,7 +6,6 @@ class openstack_project::storyboard(
$mysql_user = '',
$rabbitmq_user = 'storyboard',
$rabbitmq_password,
$sysadmins = [],
$superusers =
'puppet:///modules/openstack_project/storyboard/superusers.yaml',
$ssl_cert = undef,
@ -28,47 +27,9 @@ class openstack_project::storyboard(
}
class { 'openstack_project::server':
sysadmins => $sysadmins,
iptables_public_tcp_ports => [80, 443],
manage_exim => false,
}
class { '::exim':
sysadmins => $sysadmins,
routers => [
{'storyboard_verp_router' => {
'driver' => 'dnslookup',
# we only consider messages sent in through loopback
'condition' => '${if or{{eq{$sender_host_address}{127.0.0.1}}\
{eq{$sender_host_address}{::1}}}{yes}{no}}',
# we do not do this for traffic going to the local machine
'domains' => '!+local_domains',
'ignore_target_hosts' => '<; 0.0.0.0; 64.94.110.11; 127.0.0.0/8; \
::1/128;fe80::/10;fec0::/10;ff00::/8',
# only the un-VERPed bounce addresses are handled
'senders' => '"*-bounces@*"',
'transport' => 'storyboard_verp_smtp',
}},
# Send bounces to /dev/null until storyboard supports them.
{'storyboard' => {
'driver' => 'redirect',
'local_parts' => 'storyboard',
'local_part_suffix_optional' => true,
'local_part_suffix' => '-bounces : -bounces+*',
'data' => ':blackhole:',
}}
],
transports => [
{'storyboard_verp_smtp' => {
'driver' => 'smtp',
'return_path' => '${local_part:$return_path}+$local_part\
=$domain@${domain:$return_path}',
'max_rcpt' => '1',
'headers_remove' => 'Errors-To',
'headers_add' => 'Errors-To: ${return_path}',
}}
],
}
mysql_backup::backup_remote { 'storyboard':
database_host => $mysql_host,

9
modules/openstack_project/manifests/storyboard/dev.pp
View File

@ -6,7 +6,6 @@ class openstack_project::storyboard::dev(
$mysql_user = '',
$rabbitmq_user = 'storyboard',
$rabbitmq_password,
$sysadmins = [],
$ssl_cert_file_contents = undef,
$ssl_key_file_contents = undef,
$ssl_chain_file_contents = undef,
@ -21,7 +20,6 @@ class openstack_project::storyboard::dev(
class { 'openstack_project::storyboard':
project_config_repo => $project_config_repo,
sysadmins => $sysadmins,
superusers =>
'puppet:///modules/openstack_project/storyboard/dev_superusers.yaml',
mysql_host => $mysql_host,
@ -39,11 +37,4 @@ class openstack_project::storyboard::dev(
default_url => $default_url,
}
realize (
User::Virtual::Localuser['SotK'],
User::Virtual::Localuser['Zara'],
User::Virtual::Localuser['diablo_rojo'],
)
}

6
modules/openstack_project/manifests/summit.pp
View File

@ -1,14 +1,8 @@
class openstack_project::summit (
$sysadmins = []
) {
class { 'openstack_project::server':
iptables_public_tcp_ports => [22, 80],
sysadmins => $sysadmins
}
realize (
User::Virtual::Localuser['ttx'],
)
}
# vim:sw=2:ts=2:expandtab:textwidth=79

2
modules/openstack_project/manifests/translate_dev.pp
View File

@ -20,7 +20,6 @@ class openstack_project::translate_dev(
$mysql_user = 'zanata',
$mysql_password,
$admin_users = '',
$sysadmins = [],
$zanata_server_user = '',
$zanata_server_api_key = '',
$project_config_repo = '',
@ -37,7 +36,6 @@ class openstack_project::translate_dev(
) {
class { 'openstack_project::server':
sysadmins => $sysadmins,
iptables_public_tcp_ports => [80, 443],
}

280
modules/openstack_project/manifests/users.pp
View File

@ -1,280 +0,0 @@
# == Class: openstack_project::users
#
class openstack_project::users {
# Make sure we have our UID/GID account minimums for dynamic users set higher
# than we'll use for static assignments, so as to avoid future conflicts.
include ::openstack_project::params
file { '/etc/login.defs':
ensure => present,
group => 'root',
mode => '0644',
owner => 'root',
source => $::openstack_project::params::login_defs,
}
User::Virtual::Localuser {
require => File['/etc/login.defs']
}
@user::virtual::localuser { 'mordred':
realname => 'Monty Taylor',
sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDLsTZJ8hXTmzjKxYh/7V07mIy8xl2HL+9BaUlt6A6TMsL3LSvaVQNSgmXX5g0XfPWSCKmkZb1O28q49jQI2n7n7+sHkxn0dJDxj1N2oNrzNY7pDuPrdtCijczLFdievygXNhXNkQ2WIqHXDquN/jfLLJ9L0jxtxtsUMbiL2xxZEZcaf/K5MqyPhscpqiVNE1MjE4xgPbIbv8gCKtPpYIIrktOMb4JbV7rhOp5DcSP5gXtLhOF5fbBpZ+szqrTVUcBX0oTYr3iRfOje9WPsTZIk9vBfBtF416mCNxMSRc7KhSW727AnUu85hS0xiP0MRAf69KemG1OE1pW+LtDIAEYp',
key_id => 'mordred@camelot',
uid => 2000,
gid => 2000,
}
@user::virtual::localuser { 'corvus':
realname => 'James E. Blair',
sshkeys => 'AAAAB3NzaC1yc2EAAAABIwAAAQEAvKYcWK1T7e3PKSFiqb03EYktnoxVASpPoq2rJw2JvhsP0JfS+lKrPzpUQv7L4JCuQMsPNtZ8LnwVEft39k58Kh8XMebSfaqPYAZS5zCNvQUQIhP9myOevBZf4CDeG+gmssqRFcWEwIllfDuIzKBQGVbomR+Y5QuW0HczIbkoOYI6iyf2jB6xg+bmzR2HViofNrSa62CYmHS6dO04Z95J27w6jGWpEOTBjEQvnb9sdBc4EzaBVmxCpa2EilB1u0th7/DvuH0yP4T+X8G8UjW1gZCTOVw06fqlBCST4KjdWw1F/AuOCT7048klbf4H+mCTaEcPzzu3Fkv8ckMWtS/Z9Q==',
key_id => 'jeblair@operational-necessity',
uid => 2001,
gid => 2001,
}
@user::virtual::localuser { 'smaffulli':
realname => 'Stefano Maffulli',
sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDD/zAvXaOUXCAT6/B4sCMu/38d/PyOIg/tYsYFAMgfDUzuZwkjZWNGrTpp/HFrOAZISER5KmOg48DKPvm91AeZOHfAXHCP6x9/FcogP9rmc48ym1B5XyIc78QVQjgN6JMSlEZsl0GWzFhQsPDjXundflY07TZfSC1IhpG9UgzamEVFcRjmNztnBuvq2uYVGpdI+ghmqFw9kfvSXJvUbj/F7Pco5XyJBx2e+gofe+X/UNee75xgoU/FyE2a6dSSc4uP4oUBvxDNU3gIsUKrSCmV8NuVQvMB8C9gXYR+JqtcvUSS9DdUAA8StP65woVsvuU+lqb+HVAe71JotDfOBd6f',
key_id => 'stefano@mattone-E6420',
uid => 2002,
gid => 2002,
}
# NOTE(pabelanger): Inactive user
@user::virtual::localuser { 'oubiwann':
realname => 'Duncan McGreggor',
sshkeys => '',
key_id => 'oubiwann@rhosgobel',
uid => 2003,
gid => 2003,
}
# NOTE(pabelanger): Inactive user
@user::virtual::localuser { 'rockstar':
realname => 'Paul Hummer',
sshkeys => '',
key_id => 'rockstar@spackrace.local',
uid => 2004,
gid => 2004,
}
@user::virtual::localuser { 'clarkb':
realname => 'Clark Boylan',
sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQCnfoVhOTkrY7uoebL8PoHXb0Fg4jJqGCbwkxUdNUdheIdbnfyjuRG3iL8WZnzf7nzWnD+IGo6kkAo8BkNMK9L0P0Y+5IjI8NH49KU22tQ1umij4EIf5tzLh4gsqkJmy6QLrlbf10m6UF4rLFQhKzOd4b2H2K6KbP00CIymvbW3BwvNDODM4xRE2uao387qfvXZBUkB0PpRD+7fWPoN58gpFUm407Eba3WwX5PCD+1DD+RVBsG8maIDXerQ7lvFLoSuyMswv1TfkvCj0ZFhSFbfTd2ZysCu6eryFfeixR7NY9SNcp9YTqG6LrxGA7Ci6wz+hycFHXlDrlBgfFJDe5At',
key_id => 'clark@work',
old_keys => [
'boylandcl@boylancl1',
],
uid => 2005,
gid => 2005,
}
@user::virtual::localuser { 'rlane':
realname => 'Ryan Lane',
sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQCdtI7H+fsgSrjrdG8aGVcrN0GFW3XqLVsLG4n7JW4qH2W//hqgdL7A7cNVQNPoB9I1jAqvnO2Ct6wrVSh84QU89Uufw412M3qNSNeiGgv2c2KdxP2XBrnsLYAaJRbgOWJX7nty1jpO0xwF503ky2W3OMUsCXMAbYmYNSod6gAdzf5Xgo/3+eXRh7NbV1eKPrzwWoMOYh9T0Mvmokon/GXV5PiAA2bIaQvCy4BH/BzWiQwRM7KtiEt5lHahY172aEu+dcWxciuxHqkYqlKhbU+x1fwZJ+MpXSj5KBU+L0yf3iKySob7g6DZDST/Ylcm4MMjpOy8/9Cc6Xgpx77E/Pvd',
key_id => 'laner@Free-Public-Wifi.local',
uid => 2006,
gid => 2006,
}
@user::virtual::localuser { 'fungi':
realname => 'Jeremy Stanley',
sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQD3KnRBTH5QPpKjf4RWu4akzYt2gwp796cMkFl5vu8e7G/cHuh4979FeNJXMVP6F3rvZB+yXDHLCU5LBVLq0K+1GbAZT/hH38hpMOIvniwKIquvI6C/drkVPHO6YmVlapw/NI530PGnT/TAqCOycHBO5eF1bYsaqV1yZqvs9v7UZc6J4LukoLZwpmyWZ5P3ltAiiy8+FGq3SLCKWDMmv/Bjz4zTsaNbSWThJi0BydINjC1/0ze5Tyc/XgW1sDuxmmXJxgQp4EvLpronqb2hT60iA52kj8lrmoCIryRpgnbaRA7BrxKF8zIr0ZALHijxEUeWHhFJDIVRGUf0Ef0nrmBv',
key_id => 'fungi-openstack-2015',
old_keys => [
'fungi-openstack-2012',
'fungi-openstack-2013',
'fungi-openstack-2014',
],
uid => 2007,
gid => 2007,
}
@user::virtual::localuser { 'ttx':
realname => 'Thierry Carrez',
sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAACAQDCGpMtSehQNZL0/EJ7VUbklJygsxvii2Qi4HPSUFcLJUWAx4VltsmPkmx43D9ITwnRPRMPNtZrOvhY7v0myVlFuRnyTYAqZwigf5gxrktb+4PwCWb+2XobziUVnfJlbOTjneWSTYoZ+OjTaWd5AcVbUvgYAP2qbddycc5ACswpPDo5VrS6fQfCwE4z3BqLFNeOnqxbECHwHeFYIR6Kd6mnKAzDNZxZIkviWg9eIwwuFf5V5bUPiVkeFHVL3EJlCoYs2Em4bvYZBtrV7kUseN85X/+5Uail4uYBEcB3GLL32e6HeD1Qk4xIxLTI2bFPGUp0Oq7iPgrQQe4zCBsGi7Dx+JVy+U0JqLLAN94UPCn2fhsX7PdKfTPcxFPFKeX/PRutkb7qxdbS2ubCdOEhc6WN7OkQmbdK8lk6ms4v4dFc0ooMepWELqKC6thICsVdizpuij0+h8c4SRD3gtwGDPxrkJcodPoAimVVlW1p+RpMxsCFrK473TzgeNPVeAdSZVpqZ865VOwFqoFQB6WpmCDZQPFlkS2VDe9R54ePDHWKYLvVW6yvQqWTx3KrIrS1twSoydj+gADgBYsZaW5MNkWYHAWotEX67j6fMZ6ZSTS5yaTeLywB2Ykh0kjo4jpTFk5JNL7DINkfmCEZMLw60da29iN4QzAJr9cP1bwjf/QDqw==',
key_id => 'ttx@mercury',
uid => 2008,
gid => 2008,
}
@user::virtual::localuser { 'rbryant':
realname => 'Russell Bryant',
sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDZVikFz5KoRg3gKdiSa3PQ0i2bN5+bUyc4lMMg6P+jEStVddwN+nAgpa3zJaokmNAOp+MjcGa7K1Zi4b9Fe2ufusTzSKdNVlRDiw0R4Lk0LwTIfkhLywKvgcAz8hkqWPUIgTMU4xIizh50KTL9Ttsu9ULop8t7urTpPE4TthHX4nz1Y9NwYLU0W8cWhzgRonBbqtGs/Lif0NC+TdWGkVyTaP3x1A48s0SMPcZKln1hDv7KbKdknG4XyS4jlr4qI+R+har7m2ED/PH93PSXi5QnT4U6laWRg03HTxpPKWq077u/tPW9wcbkgpBcYMmDKTo/NDPtoN+r/jkbdW7zKJHx',
key_id => 'russel@russelbryant.net',
uid => 2009,
gid => 2009,
}
@user::virtual::localuser { 'pabelanger':
realname => 'Paul Belanger',
sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAACAQCuP0CZE8AYnbm8gxecCxKeRw0wHRyryd+FKmNNsdr0d3UvfCbqNzLigrqEBZsKpofi3M4qCWNpKRyfhnjPynLTQjP1vnX9AbL9UGoiHxScfvh3skntTYMs9ezJRd0rMJJZO76FPo8bJLDlwxAQl8m/nuj3HfYiO5hYE7P+a3rhsJh4nEfBb7xh+Q5yM0PWObkkBl6IRiBYjlcsXNZHgTA5kNuihUk5bHqAw54sHh05DhpgOITpTw4LFbh4Ew2NKq49dEb2xbTuAyAr2DHNOGgIwKEZpwtKZEIGEuiLbb4DQRsfivrvyOjnK2NFjQzGyNOHfsOldWHRQwUKUs8nrxKdXvqcrfMnSVaibeYK2TRL+6jd9kc5SIhWI3XLm7HbX7uXMD7/JQrkL25Rcs6nndDCH72DJLz+ynA/T5umMbNBQ9tybL5z73IOpfShRGjQYego22CxDOy7e/5OEMHNoksbFb1S02viM9O2puS7LDqqfT9JIbbPqCrbRi/zOXo0f4EXo6xKUAmd8qlV+6f/p57/qFihzQDaRFVlFEH3k7qwsw7PYGUTwkPaThe6xyZN6D5jqxCZU3aSYu+FGb0oYo+M5IxOm0Cb4NNsvvkRPxWtwSayfFGu6+m/+/RyA3GBcAMev7AuyKN+K2vGMsLagHOx4i+5ZAcUwGzLeXAENNum3w==',
key_id => 'pabelanger@redhat.com',
uid => 2010,
gid => 2010,
}
@user::virtual::localuser { 'mkiss':
realname => 'Marton Kiss',
sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQCb5qdaiKaRqBRgLW8Df+zD3C4a+gO/GFZYEDEd5nvk+LDGPuzi6s639DLqdfx6yvJ1sxxNUOOYhE/T7raDeS8m8fjk0hdVzARXraYDbckt6AELl7B16ZM4aEzjAPoSByizmfwIVkO1zP6kghyumV1kr5Nqx0hTd5/thIzgwdaGBY4I+5iqcWncuLyBCs34oTh/S+QFzjmMgoT86PrdLSsBIINx/4rb2Br2Sb6pRHmzbU+3evnytdlDFwDUPfdzoCaQEdXtjISC0xBdmnjEvHJYgmSkWMZGgRgomrA06Al9M9+2PR7x+burLVVsZf9keRoC7RYLAcryRbGMExC17skL',
key_id => 'marton.kiss@gmail.com',
uid => 2011,
gid => 2011,
}
@user::virtual::localuser { 'smarcet':
realname => 'Sebastian Marcet',
sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDP5ce0Ywtbgi3LGMZWA5Zlv/EQ07F/gWnZOMN6TRfiCiiBNyf8ARtKgmYSINS8W537HJYBt3qTfa5xkZmpBrtE6x8OTfR5y1L+x/PrLTUkQhVDY19EixD9wDIrQIIjo2ZVq+zErXBRQuGmJ3Hl+OGw+wtvGS8f768kMnwhKUgyITjWV2tKr/q88J8mBOep48XUcRhidDWsOjgIDJQeY2lbsx1bbZ7necrJS17PHqxhUbWntyR/VKKbBbrNmf2bhtTRUSYoJuqabyGDTZ0J25A88Qt2IKELy6jsVTxHj9Y5D8oH57uB7GaNsNiU+CaOcVfwOenES9mcWOr1t5zNOdrp',
key_id => 'smarcet@gmail.com',
uid => 2012,
gid => 2012,
}
@user::virtual::localuser { 'zaro':
realname => 'Khai Do',
sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDJqB//ilMx7Y1tKzviAn/6yeXSRAi2VnaGN0/bfaa5Gciz+SWt8vAEAUE99fzuqeJ/ezjkuIXDFm/sjZr93y567a6sDT6CuhVUac1FZIhXRTs0J+pBOiENbwQ7RZxbkyNHQ0ndvtz3kBA1DF5D+MDkluBlIWb085Z31rFJmetsB2Zb8s1FKUjHVk/skyeKSj0qAK5KN3Wme6peWhYjwBiM0gUlxIsEZM6JLYdoPIbD5B8GYAktMN2FvJU9LgKGL93jLZ/vnMtoQIHHAG/85NdPURL1Zbi92Xlxbm4LkbcHnruBdmtPfSgaEupwJ+zFmK264OHD7QFt10ztPMbAFCFn',
key_id => 'khaido@khaido-HP-EliteBook-Folio-9470m',
uid => 2013,
gid => 2013,
}
@user::virtual::localuser { 'slukjanov':
realname => 'Sergey Lukjanov',
sshkeys => '',
uid => 2014,
gid => 2014,
}
@user::virtual::localuser { 'elizabeth':
realname => 'Elizabeth K. Joseph',
sshkeys => '',
uid => 2015,
gid => 2015,
}
@user::virtual::localuser { 'jhesketh':
realname => 'Joshua Hesketh',
sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAACAQC3onVLOZiiGpQWTCIV0QwHmc3Jvqyl7UaJxIu7D49OQcLHqVZsozI9pSiCdTnWyAaM+E+5wD9yVcSTqMWqn2AZmZSwQ+Fh6KnCgPZ/o63+iCZPGL0RNk20M1iNh5dvdStDnn+j2fpeV/JONF0tBn07QvNL2eF4BwtbTG9Zhl186QNsXjXDghrSO3Etl6DSfcUhxyvMoA2LnclWWD5hLmiRhcBm+PIxveVsr4B+o0k1HV5SUOvJMWtbEC37AH5I818O4fNOob6CnOFaCsbA9oUDzB5rqxutPZb9SmNJpNoLqYqDgyppM0yeql0Kn97tUt7H4j5xHrWoGnJ4IXfuDc0AMmmy4fpcLGkNf7zcBftKS6iz/3AlOXjlp5WZvKxngJj9HIir2SE/qV4Lxw9936BzvAcQyw5+bEsLQJwi+LPZxEqLC6oklkX9dg/+1yBFHsz6mulA0b4Eq7VF9omRzrhhN4iPpU5KQYPRNz7yRYckXDxYnp2lz6yHgSYh2/lqMc+UqmCL9EAWcDw3jsgvJ6kH/YUVUojiRHD9QLqlhOusu1wrTfojjwF05mqkXKmH+LH8f8AJAlMdYg0c2WLlrcxnwCkLLxzU5cYmKcZ41LuLtQR3ik+EKjYzBXXyCEzFm6qQEbR2akpXyxvONgrf7pijrgNOi0GeatUt0bUQcAONYw==',
key_id => 'jhesketh@infra',
uid => 2016,
gid => 2016,
}
@user::virtual::localuser { 'nibz':
realname => 'Spencer Krum',
sshkeys => '',
uid => 2017,
gid => 2017,
}
@user::virtual::localuser { 'yolanda':
realname => 'Yolanda Robla',
sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDSR2NmJC8PSanHUpKJuaMmohG80COO2IPkE3Mxhr7US8P1B3p1c6lOrT6M1txRzBY8FlbxfOinGtutP+ADCB2taXfpO8UiaG9eOqojAT/PeP2Y2ov72rVMSWupLozUv2uAR5yyFVFHOjKPYGAa01aJtfzfJujSak8dM0ifFeFwgp/8RBGEfC7atq+45TdrfAURRcEgcOLiF5Aq6fprCOwpllnrH6VoId9YS7u/5xF2/zBjr9PuOP7jEgCaL/+FNqu7jgj87aG5jiZPlweb7GTLJON9H6eFpyfpoJE0sZ1yR9Q+e9FAqQIA44Zi748qKBlFKbLxzoC4mc0SbNUAleEL',
key_id => 'yolanda@infra',
uid => 2018,
gid => 2018,
}
@user::virtual::localuser { 'rcarrillocruz':
realname => 'Ricardo Carrillo Cruz',
sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAACAQCz1CW5E87v8o7O8B5fe7j1uaPCToRdaBukjH2HzQZ+DSGTIPjirLpp5ZXPuyNnmtRMzwld6mlHYlevVEwuZTNyQwS7ut5o0LjyW6yoEcvPq0xMEZLxaso5dZAtzNgf3FzbtaUYBnkhSwX7c24lf8wPGAl7TC3yO0dePQh2lXVdaBiGB9ybVeQr+kwJIxleUE4puuQ+ONJE2D+hHjoQ/huUMpb996pb/YzkjkAxqHguMid0c1taelyW8n17nEDoWvlV9Qqbo8cerhgURo1OBt2zENLjQQ0kOkPxJx4qx3652e0kbkr11y50r9BMs418mnJdWselMxkSqQNZ+XotoH5Dwn+3K2a6Wv4OX3Dqb9SF/JTD7lA/tIkNfxgsRlzfEQ01rK1+g7Je10EnDCLEzHpFjvZ5q4EEMcYqY+osLFpHAOWGLMx+3eY4pz/xEzRP/x3sjGU09uNOZ3oCWUfSkE4xebnnWtxwWZKyFmv3GHtaqJn2UvpAbODPEYyYcOS3XV3zd233W3C09YYnFUyZbGLXpD05Yet5fZfGTnveMRn5/9LZai+dBPwoMWUJdX4yPnGXgOG8zk0u1nWfcNJfYg+xajSUDiMKjDhlkuFK/GXNYuINe42s1TxzL7pJ4X4UhqLiopeJvPg/U5xdCV5pxVKf1MVenrGe2pfwf1Yr2WMv5w==',
key_id => 'rcarrillocruz@infra',
uid => 2019,
gid => 2019,
}
@user::virtual::localuser { 'krotscheck':
realname => 'Michael Krotscheck',
sshkeys => '',
uid => 2020,
gid => 2020,
}
@user::virtual::localuser { 'colleen':
realname => 'Colleen Murphy',
sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAACAQDcHzySqYlH1TfAPx5PaVzqkuMbI3zksJ5E2aZBlsIN7wNSoyO0Dts6HegHZIgi5NGT05wRBAUMCNZwupqFoWDg41JBKzPKITkqvEe/FnNmJFxt591ltXigZZ+ZLoX8B12nww/eeA5nx9PT4hIsLQG50MxEm0iC4ApusaAXMXa7+gTDkzf6yyl4QwinyFFTYtyJwFw5XfQXXRQwL8Qv6mVGrhDz3Fj4VWawByQuxRHgt5G3Ux/PnZzatJ3tuSK66o1uXrvuOiGdUtDCuAFUx+kgcmUTpCC6vgMZdDbrfyw0CGxkmAUNfeEMOw0TWbdioJ2FwH5+4BEvMgiFgsCTjIwDqqyFV9eK8sd0mbJ+I82EyOXPlFPKGan6Ie6LD1qotdUW9vT3pfpR/44s/Id2un3FBnVg7GZkGJshikGO1UqjmZfhEpQ6Q+auLir+mBv2X/ril6qJ2NuQpwMRVzZmriPMxdJDs6xhzg2fGEYRvEvh0kzsqNf4OgKbSWiVOB3WALM30Cx3YdmnB6JonRGA+6CqD+LO4HQMbD7LBVcYzEIS1WtP8aPx/NiybemrF0LWmIgl34A0Tpcc+5MLzzUtgUt6lYFyWxltCP43u1N7ODH+FsFALzo6CO9DjyMxEd6Ay61hyx8Btfhn8NH/wEdCQj1WAMHU+d2ljk5ndAfp8c6LRQ==',
key_id => 'krinkle@gir',
uid => 2021,
gid => 2021,
}
@user::virtual::localuser { 'Zara':
realname => 'Zara Zaimeche',
sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQCt9wQvGgQIvLvifm7n5g+2sjgjGCQLt03D0v5Fb5xEMufJncIDkwBNDzGvsASwHGjP9YEAA8+f8Ya+Yc9EaDgqQl9r9YEO9CoEC6O1Euk41nQJYYRnzkgmMaxTSlUKNur8XSmzoElLut6ivlLW71fZmSKHAcg9O4lgd9weDDjCcWLD1C9WmRVdtEnw6NQJd5Mn/llHqdbmMlf3I5VL8QvzPndxZEyESdSBz0ywLO5ygtUxtPaCxaanHSTz1yNooT9t2vwDnfc1LB9oT4CaEnVG+FugCPGFnn204eJ2BVEQ945ZsabgFndyvfmEwxlzAeA6+YjQYrukMijb1Owxh1fv',
key_id => 'zara.zaimeche@codethink.co.uk',
uid => 2022,
gid => 2022,
}
@user::virtual::localuser { 'SotK':
realname => 'Adam Coldrick',
sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQCaE7gafwJQHQ9E2vlcjx8ufcGpyTdQdaBal/ZRt3aPbKXNqsDH4jOWvSXZxE0NlOGo+rWBSu0DxdyM7O5BwYxC79BaFq9JMPn1Q/p1WplOeLENX7jd6lsrLIo2x1MQ134+MliO5FNXmSF2m2il4GCQuiUdGORs/caF1mMPTDeQmf9rRS2fYW0dZ3wZgRzzehtg9LmeW8+DoU+dAeKj4igPcsDsvALmya1JB0XP1UNEG9XMdrYJCoj3K/ALQvJIVB0qwNDYdJ59erVZTvYGe5v6GMUHjIKkmaXJjJyT22hcmnRPk5yIktMrGwkiHGr4Pu0T+lyopSqLEm8HJWp6hc53',
key_id => 'adam@wrackside',
old_keys => [
'adam.coldrick@codethink.co.uk',
'adam@arreliam',
],
uid => 2023,
gid => 2023,
}
@user::virtual::localuser { 'maxwell':
realname => 'JP Maxwell',
sshkeys => 'AAAAB3NzaC1yc2EAAAABIwAAAQEA2b5I7Yff9FCrtRmSjpILUePi54Vbc8zqJTbzrIAQZGFLBi3xd2MLlhV5QVgpDBC9H3lGjbdnc81D3aFd3HwHT4dvvvyedT12PR3VDEpftdW84vw3jzdtALcayOQznjbGnScwvX5SgnRhNxuX9Rkh8qNvOsjYPUafRr9azkQoomJFkdNVI4Vb5DbLhTpt18FPeOf0UuqDt/J2tHI4SjZ3kjzr7Nbwpg8xGgANPNE0+2pJbwCA8YDt4g3bzfzvVafQs5o9Gfc9tudkR9ugQG1M+EWCgu42CleOwMTd/rYEB2fgNNPsZAWqwQfdPajVuk70EBKUEQSyoA09eEZX+xJN9Q==',
key_id => 'jpmaxman@tipit.net',
uid => 2024,
gid => 2024,
}
@user::virtual::localuser { 'ianw':
realname => 'Ian Wienand',
key_type => 'ssh-ed25519',
sshkeys => 'AAAAC3NzaC1lZDI1NTE5AAAAILOjz+dkwRWTJcW9Gt3iGHSzRBsvVlTAK6G2oH3+0D41',
key_id => 'iwienand+osinfra@redhat.com',
uid => 2025,
gid => 2025,
}
@user::virtual::localuser { 'shrews':
realname => 'David Shrewsbury',
sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQCtNtbgLw0dyRVnuwZz4oUcWTzEUtpO2V47t4ykijdH1hkEe7qkuusM5bD8pC4L3wDZP5U3lsIAvZ97LCQp+MNJz1j8cjXuAboqP5FC3TtCJR1WtCWmOBSO7sIvcsgwse/9KZN/TETOGA9no1oKS43Adi9bXrRFAKDAAM34IVt/UHNS51vxUhuGv+56yJmaki7CjxrGtXcB4hi+TCQAfKJPzhAMwcFQUyvXJkRei6NN6uYyHnVtLR3KXEkeTesZ2GQxmQ+1jmCMN1zUN2VLypmDqAvlKtuQW+3nY89q4HDwzCpuC1rscJgOuncdMahTMoKA3/dQtT4WuJIwLQa3tEEn',
key_id => 'shrews2018',
old_keys => [
'david@koala',
],
uid => 2026,
gid => 2026,
}
@user::virtual::localuser { 'jbryce':
realname => 'Jonathan Bryce',
sshkeys => 'AAAAB3NzaC1yc2EAAAABIwAAAQEApFGM9q1gfiawBX5EnCQGxx2T1hwPDxrX2M64MfqcoBRpdrWRjxWm6Vhczfl+Ar2EQtGsuIm1QQiyiPL4zsJSQOfYXB0TqOQaAuFamSzZSNEm8coSa93E3zfXR9uln1lgCGutaWwH/KmGcSeAuuQCipKmKxc8QSAepGNP4Jx2L/EnXQh850xTQEIviJkJpA9oTRzXu12T7vzxsUCw041Q/KX16UvvGpt9IAoMAWFlQrMPzPFmqbUOIr7pRvv8TKcK9BNFS8S8jjT+wN0y/LY7cbTblgDfwSAl1P/naME5ugRVD5MZKixIE1F+x/j+M8+fpZ/EyR/6jSA3DYjEXOk2zQ==',
key_id => 'jbryce@jbryce-mbp-3.local',
uid => 2027,
gid => 2027,
}
@user::virtual::localuser { 'dmsimard':
realname => 'David Moreau-Simard',
sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAACAQDDyXfFj44OTsJZnHbecbYrwA8zXuMiULb+o326maOh3wh5/6fk+MzivkUzJC2uZqAlKvBnNXsrb/07eV1gRjaIQBQJxaV9HQUwMNX7AkjkDzaMXVDjG/JOium90R23gVGMukzp9IamezUscAqAxVK+2C10k3tq8dZ/GeZfHl3NFGRHlIAXsJ/SIQoxJAEA0IQ/8Y50nR1Hp2mV2xsfxH9oZhLR/eiFdhJpNupdfw/oE9+vpCHS8SG88KGeLYbn+EhH6LSCD+6WNthF6oE7NANnScqn1Fl0ZpSd3RlRb+kDVKGqNxfB7EJTeimYvqaYmrTiTZTaTJua5Bj5yBTudqnBgdHCz3xMb2Nv2s2INNcJmP/CKpivYQ8AJs6cVlqRWnLJiNQQYCj+xAXBvY5T0Xq/qOhVifLiWZvZQOTHFWqFP9asZkrGa1mFWIaR9VPQY0FoYlUOT9t6J6TRbzktJIuP5AiOVoJLL6wjZuUMjghHfkYbqtyBqE4BbCY8YF3JSf8jx+9eWy+sD+dRwKXBCrGV0dNidioZR7ZJpBb6ye8wElebjPZizKhppsNpwtRxPfiAM52f55lXGD7IDpz9CZrOKUcV2uc3Rhl50u7T3psZfX7GysZvlnAH+Yr+UM+LPBAabXAfKlMnJp+SskLuOplTeQrvAwMluBmFnla8TnwnxQ==',
key_id => 'dmsimard@hostname',
uid => 2028,
gid => 2028,
}
@user::virtual::localuser { 'frickler':
realname => 'Jens Harbott',
key_type => 'ssh-ed25519',
sshkeys => 'AAAAC3NzaC1lZDI1NTE5AAAAIGmc5fbzMptjAb5D86zSH13ZYCbf3QuV1jk9hL0r1qHw',
key_id => 'frickler@os-infra-2017',
uid => 2029,
gid => 2029,
}
@user::virtual::localuser { 'diablo_rojo':
realname => 'Kendall Nelson',
sshkeys => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQCx96P1BVbRALeCz8jktUtT9qWzeXbG5yQrwQZ6n3NWsqEueCHp9DaVPDQLWIFAyvL0PKtlSOktClsUYuGfxB+dBuAFFMsx1Apk78EID4wvdXfEUDxZOsKX7zE9teJSxPEMppHAJIcnPu7dMFzZWxh+sA+fR8ZddPRunxtztGayNdYsCqDGIc9GqemjOqXDIFMIXgJLxNaHGSR56UcDHwgqmXXANkpTKsLW+U+VdNofHKpRhbXNS07jPFAAe1rBmoU/TRitzQFz7WYA4ml54ZiB7Q1O7RIyJWVBihHVrxSZbjn2a46CVeLo5Xw7loWF32wY/hA98hmpBNiF8tGSI6mh',
key_id => 'kennelson11@gmail.com',
uid => 2030,
gid => 2030,
}
}

66
modules/openstack_project/manifests/users_install.pp
View File

@ -1,66 +0,0 @@
# Class: openstack_project::users_install
#
# This class handles adding and removing openstack admin users
# from the servers.
#
# Parameters:
# install_users - Boolean to set install or removal of O.O
# admins. Defaults to 'false', can be set in hiera.
#
# Requires:
# openstack_project::users - must contain the users designated.
#
# Sample Usage:
# include openstack_project::users_install
# class { 'openstack_project::users_install':
# install_users => true,
# }
class openstack_project::users_install (
$install_users = false,
) {
include ::openstack_project::users
## TODO: this should be it's own manifest.
if ( $install_users == true ) {
package { $::openstack_project::params::user_packages:
ensure => present
}
## NOTE: This list is arranged in order of chronological precedence,
## additions should be appended to the end.
realize (
User::Virtual::Localuser['mordred'],
User::Virtual::Localuser['corvus'],
User::Virtual::Localuser['clarkb'],
User::Virtual::Localuser['fungi'],
User::Virtual::Localuser['jhesketh'],
User::Virtual::Localuser['yolanda'],
User::Virtual::Localuser['pabelanger'],
User::Virtual::Localuser['rcarrillocruz'],
User::Virtual::Localuser['ianw'],
User::Virtual::Localuser['shrews'],
User::Virtual::Localuser['dmsimard'],
User::Virtual::Localuser['frickler'],
)
user::virtual::disable{'slukjanov':}
user::virtual::disable{'elizabeth':}
user::virtual::disable{'nibz':}
} else {
user::virtual::disable{'mordred':}
user::virtual::disable{'corvus':}
user::virtual::disable{'clarkb':}
user::virtual::disable{'fungi':}
user::virtual::disable{'slukjanov':}
user::virtual::disable{'elizabeth':}
user::virtual::disable{'jhesketh':}
user::virtual::disable{'nibz':}
user::virtual::disable{'yolanda':}
user::virtual::disable{'pabelanger':}
user::virtual::disable{'rcarrillocruz':}
user::virtual::disable{'ianw':}
user::virtual::disable{'shrews':}
user::virtual::disable{'dmsimard':}
user::virtual::disable{'frickler':}
}
}

8
modules/openstack_project/manifests/wiki.pp
View File

@ -2,7 +2,6 @@
#
class openstack_project::wiki (
$site_hostname,
$sysadmins = [],
$bup_user = undef,
$serveradmin = undef,
$ssl_cert_file_contents = undef,
@ -26,15 +25,8 @@ class openstack_project::wiki (
class { 'openstack_project::server':
iptables_public_tcp_ports => [80, 443],
sysadmins => $sysadmins,
}
realize (
User::Virtual::Localuser['rlane'],
User::Virtual::Localuser['mkiss'],
User::Virtual::Localuser['maxwell'],
)
class { 'mediawiki':
role => 'all',
mediawiki_location => '/srv/mediawiki/w',

8
modules/openstack_project/spec/acceptance/basic_spec.rb
View File

@ -47,19 +47,21 @@ describe 'openstack_project::server' do
'clarkb',
'fungi',
'jhesketh',
'yolanda',
'pabelanger',
'rcarrillocruz',
'ianw',
'shrews',
'dmsimard',
'yolanda',
'rcarrillocruz',
'frickler'].each do |user|
describe user(user) do
it { should exist }
end
end
['slukjanov', 'elizabeth', 'nibz'].each do |user|
['slukjanov',
'elizabeth',
'nibz'].each do |user|
describe user(user) do
it { should_not exist }
end

4
playbooks/base.yaml
View File

@ -9,6 +9,10 @@
roles:
- base-server
- hosts: "puppet:!disabled"
roles:
- disable-puppet-agent
- hosts: "!ci-backup:!disabled"
roles:
- exim

12
playbooks/group_vars/all.yaml
View File

@ -80,6 +80,18 @@ all_users:
uid: 2016
gid: 2016
yolanda:
comment: Yolanda Robla
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDSR2NmJC8PSanHUpKJuaMmohG80COO2IPkE3Mxhr7US8P1B3p1c6lOrT6M1txRzBY8FlbxfOinGtutP+ADCB2taXfpO8UiaG9eOqojAT/PeP2Y2ov72rVMSWupLozUv2uAR5yyFVFHOjKPYGAa01aJtfzfJujSak8dM0ifFeFwgp/8RBGEfC7atq+45TdrfAURRcEgcOLiF5Aq6fprCOwpllnrH6VoId9YS7u/5xF2/zBjr9PuOP7jEgCaL/+FNqu7jgj87aG5jiZPlweb7GTLJON9H6eFpyfpoJE0sZ1yR9Q+e9FAqQIA44Zi748qKBlFKbLxzoC4mc0SbNUAleEL yolanda@infra
uid: 2018
gid: 2018
rcarrillocruz:
comment: Ricardo Carrillo Cruz
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQCz1CW5E87v8o7O8B5fe7j1uaPCToRdaBukjH2HzQZ+DSGTIPjirLpp5ZXPuyNnmtRMzwld6mlHYlevVEwuZTNyQwS7ut5o0LjyW6yoEcvPq0xMEZLxaso5dZAtzNgf3FzbtaUYBnkhSwX7c24lf8wPGAl7TC3yO0dePQh2lXVdaBiGB9ybVeQr+kwJIxleUE4puuQ+ONJE2D+hHjoQ/huUMpb996pb/YzkjkAxqHguMid0c1taelyW8n17nEDoWvlV9Qqbo8cerhgURo1OBt2zENLjQQ0kOkPxJx4qx3652e0kbkr11y50r9BMs418mnJdWselMxkSqQNZ+XotoH5Dwn+3K2a6Wv4OX3Dqb9SF/JTD7lA/tIkNfxgsRlzfEQ01rK1+g7Je10EnDCLEzHpFjvZ5q4EEMcYqY+osLFpHAOWGLMx+3eY4pz/xEzRP/x3sjGU09uNOZ3oCWUfSkE4xebnnWtxwWZKyFmv3GHtaqJn2UvpAbODPEYyYcOS3XV3zd233W3C09YYnFUyZbGLXpD05Yet5fZfGTnveMRn5/9LZai+dBPwoMWUJdX4yPnGXgOG8zk0u1nWfcNJfYg+xajSUDiMKjDhlkuFK/GXNYuINe42s1TxzL7pJ4X4UhqLiopeJvPg/U5xdCV5pxVKf1MVenrGe2pfwf1Yr2WMv5w== rcarrillocruz@infra
uid: 2019
gid: 2019
colleen:
comment: Colleen Murphy
key: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAACAQDcHzySqYlH1TfAPx5PaVzqkuMbI3zksJ5E2aZBlsIN7wNSoyO0Dts6HegHZIgi5NGT05wRBAUMCNZwupqFoWDg41JBKzPKITkqvEe/FnNmJFxt591ltXigZZ+ZLoX8B12nww/eeA5nx9PT4hIsLQG50MxEm0iC4ApusaAXMXa7+gTDkzf6yyl4QwinyFFTYtyJwFw5XfQXXRQwL8Qv6mVGrhDz3Fj4VWawByQuxRHgt5G3Ux/PnZzatJ3tuSK66o1uXrvuOiGdUtDCuAFUx+kgcmUTpCC6vgMZdDbrfyw0CGxkmAUNfeEMOw0TWbdioJ2FwH5+4BEvMgiFgsCTjIwDqqyFV9eK8sd0mbJ+I82EyOXPlFPKGan6Ie6LD1qotdUW9vT3pfpR/44s/Id2un3FBnVg7GZkGJshikGO1UqjmZfhEpQ6Q+auLir+mBv2X/ril6qJ2NuQpwMRVzZmriPMxdJDs6xhzg2fGEYRvEvh0kzsqNf4OgKbSWiVOB3WALM30Cx3YdmnB6JonRGA+6CqD+LO4HQMbD7LBVcYzEIS1WtP8aPx/NiybemrF0LWmIgl34A0Tpcc+5MLzzUtgUt6lYFyWxltCP43u1N7ODH+FsFALzo6CO9DjyMxEd6Ay61hyx8Btfhn8NH/wEdCQj1WAMHU+d2ljk5ndAfp8c6LRQ== krinkle@gir

2
playbooks/group_vars/ask.yaml Normal file
View File

@ -0,0 +1,2 @@
extra_users:
- mkiss

2
playbooks/group_vars/groups.yaml Normal file
View File

@ -0,0 +1,2 @@
extra_users:
- mkiss

2
playbooks/group_vars/review-dev.yaml Normal file
View File

@ -0,0 +1,2 @@
exim_extra_aliases:
gerrit2: root

2
playbooks/group_vars/review.yaml Normal file
View File

@ -0,0 +1,2 @@
exim_extra_aliases:
gerrit2: root

4
playbooks/group_vars/storyboard-dev.yaml Normal file
View File

@ -0,0 +1,4 @@
extra_users:
- SotK
- Zara
- diablo_rojo

3
playbooks/group_vars/wiki.yaml Normal file
View File

@ -0,0 +1,3 @@
extra_users:
- mkiss
- maxwell

2
playbooks/host_vars/lists.katacontainers.io.yaml
View File

@ -53,3 +53,5 @@ exim_transports:
# Errors-To: may carry old return_path
headers_remove = Errors-To
headers_add = Errors-To: ${return_path}
extra_users:
- jbryce

3
playbooks/host_vars/openstackid-dev.openstack.org.yaml Normal file
View File

@ -0,0 +1,3 @@
extra_users:
- smarcet
- mkiss

3
playbooks/host_vars/openstackid.org.yaml Normal file
View File

@ -0,0 +1,3 @@
extra_users:
- smarcet
- maxwell

0
modules/openstack_project/files/puppet.default → playbooks/roles/disable-puppet-agent/files/puppet.default
View File

5
playbooks/roles/disable-puppet-agent/tasks/Debian.yaml Normal file
View File

@ -0,0 +1,5 @@
- name: Prevent puppet agent from running
copy:
mode: 0644
src: puppet.default
dest: /etc/default/puppet

10
playbooks/roles/disable-puppet-agent/tasks/main.yaml Normal file
View File

@ -0,0 +1,10 @@
- name: Include OS-specific tasks
include_tasks: "{{ lookup('first_found', file_list) }}"
vars:
file_list: "{{ distro_lookup_path }}"
- name: Disable the puppet service
service:
name: puppet
enabled: no
state: stopped

3
playbooks/roles/install-ansible/files/groups.yaml
View File

@ -4,6 +4,7 @@ groups:
afs: inventory_hostname is match('afs\d+.*openstack.org')
afsadmin: inventory_hostname is match('mirror-update\d+\.openstack\.org')
afsdb: inventory_hostname is match('afsdb.*openstack.org')
ask: inventory_hostname.startswith('ask')
cacti: inventory_hostname is match('cacti\d+\.openstack\.org')
ci-backup: inventory_hostname is match('backup\d+.*\ci\.openstack\.org')
disabled: inventory_hostname.startswith('backup') or inventory_hostname.startswith('wiki') or inventory_hostname.startswith('puppetmaster')
@ -15,6 +16,7 @@ groups:
git-loadbalancer: inventory_hostname is match('git(-fe\d+)?\.openstack\.org')
git-server: inventory_hostname is match('git\d+\.openstack\.org')
grafana: inventory_hostname.startswith('grafana')
groups: inventory_hostname.regex_match('groups(-dev)?\d*\.openstack\.org')
logstash-worker: inventory_hostname.startswith('logstash-worker')
mailman: inventory_hostname.startswith('lists')
nodepool: inventory_hostname is match('^(nodepool|nb|nl)')
@ -25,6 +27,7 @@ groups:
review: inventory_hostname is match('review\d+\.openstack\.org')
status: inventory_hostname.startswith('status')
storyboard: inventory_hostname.startswith('storyboard')
storyboard-dev: inventory_hostname is match('storyboard-dev\d*\.openstack\.org')
subunit-worker: inventory_hostname.startswith('subunit-worker')
survey: inventory_hostname.startswith('survey')
translate-dev: inventory_hostname is match('translate-dev\d+\.openstack\.org')

1
run_all.sh
View File

@ -34,6 +34,7 @@ set +e
timeout -k 2m 120m ansible-playbook -f 10 ${ANSIBLE_PLAYBOOKS}/update-system-config.yaml
# Update the puppet version
timeout -k 2m 120m ansible-playbook -f 10 ${ANSIBLE_PLAYBOOKS}/update_puppet_version.yaml
# Run the git/gerrit/zuul sequence, since it's important that they all work together
timeout -k 2m 120m ansible-playbook -f 10 ${ANSIBLE_PLAYBOOKS}/remote_puppet_git.yaml
# Run AFS changes separately so we can make sure to only do one at a time