Don't purge apt sources on infracloud

Without this change, puppetting an infracloud machine from scratch
results in an error[1]. The order of events that causes this issue is:

1) Puppet purges /etc/apt/sources.list, removing all of apt's knowledge
   of other sources
2) Puppet creates /etc/apt/sources.list.d/openstack-infra.list, but
   this will have no effect on apt's knowledge of other sources until
   an apt-get update is run
3) The puppet-openstack_extras module runs an exec to install the
   ubuntu-cloud-keyring package. (This is done with an exec type rather
   than a package type because it needs to be run before
   Exec['apt_update'] which is defined in the puppetlabs-apt module.)
   Since apt at this point knows of no apt sources in the world, it
   fails to find the package.
4) Apt-get update is run and the world is right again, so subsequent
   puppet runs or manual installs of ubuntu-cloud-keyring are
   confusingly successful.

A potential fix for this is to create another exec resource that runs
apt-get update after adding openstack-infra.list but before installing
ubuntu-cloud-keyring, after which apt-get update will run once again.
This is inefficient and ugly. Since on these particular nodes we
control the base images, and the default apt sources list is sane and
matches what we have set in openstack-infra.list anyway, we can just
disable the purging of the original sources.list and there will no
longer be any point during which apt has no sources.

[1] http://paste.openstack.org/show/488079/

Change-Id: I2cb375979d55e612fe8acc4cc7abdd393f39c2b9
This commit is contained in:
Colleen Murphy 2016-02-24 10:50:08 -08:00
parent e00d2f1dec
commit e203232abc
2 changed files with 5 additions and 1 deletions

View File

@ -1165,6 +1165,7 @@ node 'controller00.hpuswest.ic.openstack.org' {
iptables_public_tcp_ports => [5000,5672,8774,9292,9696,35357], # keystone,rabbit,nova,glance,neutron,keystone
sysadmins => hiera('sysadmins', []),
enable_unbound => false,
purge_apt_sources => false,
}
class { '::openstack_project::infracloud::controller':
keystone_rabbit_password => hiera('keystone_rabbit_password'),
@ -1193,6 +1194,7 @@ node /^compute\d{3}\.hpuswest\.ic\.openstack\.org$/ {
class { '::openstack_project::server':
sysadmins => hiera('sysadmins', []),
enable_unbound => false,
purge_apt_sources => false,
}
class { '::openstack_project::infracloud::compute':
nova_rabbit_password => hiera('nova_rabbit_password'),
@ -1214,6 +1216,7 @@ node /^baremetal\d{2}\.hpuswest\.ic\.openstack\.org$/ {
iptables_public_udp_ports => [67,69],
sysadmins => hiera('sysadmins', []),
enable_unbound => false,
purge_apt_sources => false,
}
class { '::openstack_project::infracloud::baremetal':

View File

@ -16,6 +16,7 @@ class openstack_project::server (
$puppetmaster_server = 'puppetmaster.openstack.org',
$manage_exim = true,
$pypi_index_url = 'https://pypi.python.org/simple',
$purge_apt_sources = true,
) {
class { 'openstack_project::template':
iptables_public_tcp_ports => $iptables_public_tcp_ports,
@ -32,6 +33,6 @@ class openstack_project::server (
manage_exim => $manage_exim,
sysadmins => $sysadmins,
pypi_index_url => $pypi_index_url,
purge_apt_sources => true,
purge_apt_sources => $purge_apt_sources,
}
}