From ed57cef9c5a65f429e07ce253668cd23ceb6c45a Mon Sep 17 00:00:00 2001
From: Spencer Krum <nibz@cat.pdx.edu>
Date: Thu, 6 Feb 2014 20:37:33 -0800
Subject: [PATCH] Adds second hiera data directory

This allows hiera data to be split into two buckets: sensitive and
non-sensitive. Sensitive data is put where it always has been. Non-
sensitive data, such as users ssh keys and lists of packages can be
put into the data directory contained within the
openstack-infra/config git repository.

This also introduces a more complex hierarchy: data is now split on
osfamily and lsbdistcondename. Operatingsystem is left for
compatibility.

Change-Id: I3b3faeab837aa5732da01e96bbe0c19aa936a58d
---
 data/Debian/common.yaml                                     | 1 +
 data/RedHat/common.yaml                                     | 1 +
 data/common.yaml                                            | 1 +
 doc/source/puppet.rst                                       | 4 ++--
 doc/source/sysadmin.rst                                     | 2 +-
 hiera.yaml                                                  | 1 +
 install_jenkins_slave.sh                                    | 6 +++---
 install_puppet.sh                                           | 4 ++--
 .../files/nodepool/scripts/prepare_node.sh                  | 4 ++--
 modules/openstack_project/files/puppetmaster/hiera.yaml     | 5 +++++
 run_puppet.sh                                               | 2 +-
 test.sh                                                     | 2 +-
 12 files changed, 21 insertions(+), 12 deletions(-)
 create mode 100644 data/Debian/common.yaml
 create mode 100644 data/RedHat/common.yaml
 create mode 100644 data/common.yaml
 create mode 120000 hiera.yaml

diff --git a/data/Debian/common.yaml b/data/Debian/common.yaml
new file mode 100644
index 0000000000..ed97d539c0
--- /dev/null
+++ b/data/Debian/common.yaml
@@ -0,0 +1 @@
+---
diff --git a/data/RedHat/common.yaml b/data/RedHat/common.yaml
new file mode 100644
index 0000000000..ed97d539c0
--- /dev/null
+++ b/data/RedHat/common.yaml
@@ -0,0 +1 @@
+---
diff --git a/data/common.yaml b/data/common.yaml
new file mode 100644
index 0000000000..ed97d539c0
--- /dev/null
+++ b/data/common.yaml
@@ -0,0 +1 @@
+---
diff --git a/doc/source/puppet.rst b/doc/source/puppet.rst
index 75616b956a..46268bdbe0 100644
--- a/doc/source/puppet.rst
+++ b/doc/source/puppet.rst
@@ -49,7 +49,7 @@ compatible, so be sure to use an older release - e.g. Ubuntu Precise.
    sudo su -
    git clone https://git.openstack.org/openstack-infra/config /opt/config/production
    /opt/config/production/install_puppet.sh
-   apt-get install puppetmaster-passenger hiera hiera-puppet
+   apt-get install puppetmaster-passenger
 
 Finally, install the modules, fix your hostname and use ``puppet apply`` to
 finish configuration:
@@ -59,7 +59,7 @@ finish configuration:
    bash /opt/config/production/install_modules.sh
    echo $REAL_HOSTNAME > /etc/hostname
    service hostname restart
-   puppet apply --modulepath='/opt/config/production/modules:/etc/puppet/modules' -e 'include openstack_project::puppetmaster'
+   puppet apply --confdir=$(pwd) --modulepath='/opt/config/production/modules:/etc/puppet/modules' -e 'include openstack_project::puppetmaster'
 
 Note: Hiera uses a systemwide configuration file in ``/etc/puppet/hiera.yaml``
 and this setup supports multiple configurations. The two sets of environments
diff --git a/doc/source/sysadmin.rst b/doc/source/sysadmin.rst
index 91bf5b96ba..297ecb733c 100644
--- a/doc/source/sysadmin.rst
+++ b/doc/source/sysadmin.rst
@@ -88,7 +88,7 @@ repository::
 
   ./install_puppet.sh
   ./install_modules.sh
-  puppet apply -l /tmp/manifest.log --modulepath=modules:/etc/puppet/modules manifests/local.pp
+  puppet apply -l /tmp/manifest.log --confdir=`pwd` --modulepath=modules:/etc/puppet/modules manifests/local.pp
 
 That should turn the system you are logged into into an etherpad
 server with the same configuration as that used by the OpenStack
diff --git a/hiera.yaml b/hiera.yaml
new file mode 120000
index 0000000000..b459b41a01
--- /dev/null
+++ b/hiera.yaml
@@ -0,0 +1 @@
+modules/openstack_project/files/puppetmaster/hiera.yaml
\ No newline at end of file
diff --git a/install_jenkins_slave.sh b/install_jenkins_slave.sh
index 740301ff0f..75eaea6685 100755
--- a/install_jenkins_slave.sh
+++ b/install_jenkins_slave.sh
@@ -24,7 +24,7 @@ if cat /etc/*release | grep -e "CentOS" -e "Red Hat" &> /dev/null; then
 	# yum-config-manager --enable rhel-6-server-optional-rpms
 
         # NOTE: we preinstall lsb_release to ensure facter sets lsbdistcodename
-	yum install -y redhat-lsb-core git puppet
+	yum install -y redhat-lsb-core git puppet heira heira-puppet
 
 else #defaults to Ubuntu
 
@@ -41,11 +41,11 @@ else #defaults to Ubuntu
 
 	apt-get update
 	apt-get dist-upgrade
-	apt-get install -y puppet git rubygems
+	apt-get install -y puppet git rubygems heira heira-puppet
 
 fi
 
 git clone https://git.openstack.org/openstack-infra/config
 bash config/install_modules.sh
 
-puppet apply --modulepath=`pwd`/config/modules:/etc/puppet/modules -e 'node default {class { "openstack_project::bare_slave": install_users => false }}'
+puppet apply --confdir=$(pwd) --modulepath=$(pwd)/config/modules:/etc/puppet/modules -e 'node default {class { "openstack_project::bare_slave": install_users => false }}'
diff --git a/install_puppet.sh b/install_puppet.sh
index ad18bf477a..a2468cb0a0 100755
--- a/install_puppet.sh
+++ b/install_puppet.sh
@@ -63,7 +63,7 @@ EOF
     # yum-config-manager --enable rhel-6-server-optional-rpms
 
     # NOTE: we preinstall lsb_release to ensure facter sets lsbdistcodename
-    yum install -y redhat-lsb-core git puppet
+    yum install -y redhat-lsb-core git puppet heira hiera-puppet
 else
     #defaults to Ubuntu
     # NB: keep in sync with openstack_project/files/00-puppet.pref
@@ -83,5 +83,5 @@ EOF
     DEBIAN_FRONTEND=noninteractive apt-get --option 'Dpkg::Options::=--force-confold' \
         --assume-yes dist-upgrade
     DEBIAN_FRONTEND=noninteractive apt-get --option 'Dpkg::Options::=--force-confold' \
-        --assume-yes install -y --force-yes puppet git rubygems
+        --assume-yes install -y --force-yes puppet git rubygems hiera hiera-puppet
 fi
diff --git a/modules/openstack_project/files/nodepool/scripts/prepare_node.sh b/modules/openstack_project/files/nodepool/scripts/prepare_node.sh
index ad7b8df7a6..a565d24a0a 100755
--- a/modules/openstack_project/files/nodepool/scripts/prepare_node.sh
+++ b/modules/openstack_project/files/nodepool/scripts/prepare_node.sh
@@ -45,10 +45,10 @@ sudo git clone --depth=1 git://git.openstack.org/openstack-infra/config.git \
     /root/config
 sudo /bin/bash /root/config/install_modules.sh
 if [ -z "$NODEPOOL_SSH_KEY" ] ; then
-    sudo puppet apply --modulepath=/root/config/modules:/etc/puppet/modules \
+    sudo puppet apply --confdir=/root/config --modulepath=/root/config/modules:/etc/puppet/modules \
 	-e "class {'openstack_project::single_use_slave': sudo => $SUDO, bare => $BARE, python3 => $PYTHON3, include_pypy => $PYPY, all_mysql_privs => $ALL_MYSQL_PRIVS, }"
 else
-    sudo puppet apply --modulepath=/root/config/modules:/etc/puppet/modules \
+    sudo puppet apply --confdir=/root/config --modulepath=/root/config/modules:/etc/puppet/modules \
 	-e "class {'openstack_project::single_use_slave': install_users => false, sudo => $SUDO, bare => $BARE, python3 => $PYTHON3, include_pypy => $PYPY, all_mysql_privs => $ALL_MYSQL_PRIVS, ssh_key => '$NODEPOOL_SSH_KEY', }"
 fi
 
diff --git a/modules/openstack_project/files/puppetmaster/hiera.yaml b/modules/openstack_project/files/puppetmaster/hiera.yaml
index 8e930ba95c..009edce89b 100644
--- a/modules/openstack_project/files/puppetmaster/hiera.yaml
+++ b/modules/openstack_project/files/puppetmaster/hiera.yaml
@@ -1,8 +1,13 @@
 ---
 :hierarchy:
+  - fqdn/%{::fqdn}
+  - %{::osfamily}/%{::lsbdistcodename}
+  - %{::osfamily}/common
   - %{operatingsystem}
   - common
 :backends:
   - yaml
 :yaml:
   :datadir: '/etc/puppet/hieradata/%{environment}'
+  :datadir: '%{confdir}/data'
+  :datadir: '/opt/config/%{environment}/data'
diff --git a/run_puppet.sh b/run_puppet.sh
index 5274a1347c..582bc2a8b5 100755
--- a/run_puppet.sh
+++ b/run_puppet.sh
@@ -13,4 +13,4 @@ MANIFEST_LOG=/var/log/manifest.log
 cd $BASE_DIR
 /usr/bin/git pull -q && \
   /bin/bash install_modules.sh && \
-  /usr/bin/puppet apply -l $MANIFEST_LOG --modulepath=$MODULE_PATH manifests/site.pp
+  /usr/bin/puppet apply -l $MANIFEST_LOG --confdir=$BASE_DIR --modulepath=$MODULE_PATH manifests/site.pp
diff --git a/test.sh b/test.sh
index 4b2990dbbf..346d5f1ff0 100755
--- a/test.sh
+++ b/test.sh
@@ -13,5 +13,5 @@ sed -i -e 's/hiera..sysadmins../["admin"]/' applytest/puppetapplytest*
 sed -i -e 's/hiera..listadmins../["admin"]/' applytest/puppetapplytest*
 sed -i -e 's/hiera.*/PASSWORD,/' applytest/puppetapplytest*
 for f in `find applytest -name 'puppetapplytest*' -print` ; do
-    puppet apply --modulepath=./modules:/etc/puppet/modules -v --noop --debug $f >/dev/null
+    puppet apply --confdir=$(pwd) --modulepath=./modules:/etc/puppet/modules -v --noop --debug $f >/dev/null
 done