We want to be launching opendev server more and more now. Update launch
docs to point out some of the difference with opendev servers.
Additionally point out that we need to update our static inventory file
so that ansible (and puppet) see the new host.
Change-Id: I425377c50007e11aa99cb53f3f5dc3068911ef7f
Remove the section on launching nodes in the jenkins tenant. That
never happens.
Remove the bits about groups and sudo, as they aren't relevant
any more.
Remove the unused os_client_config import.
Change-Id: I676bb7450ec80df73b76ee7841f78eadbe179183
Update the launch node readme and script to use python3 on the new
bridge node. There is no python2. Also update ansible to pull in
python3 support. The version we had been using wasn't python3 happy.
Change-Id: I6122160eb70eb6b5f299a8adb6478a9046ff1725
Replace launch-node.py with launch-node-ansible.py. Update it to
delete the inventory cache correctly.
Also, update the docs to list Bionic by default rather than Trusty.
Change-Id: Iadda897b7e71dc12c8db4ced120894054169bbb8
The production directory is a relic from the puppet environment concept,
which we do not use. Remove it.
The puppet apply tests run puppet locally, where the production
environment is still needed, so don't update the paths in the
tools/prep-apply.sh.
Depends-On: https://review.openstack.org/592946
Change-Id: I82572cc616e3c994eab38b0de8c3c72cb5ec5413
Shade no longer uses novaclient. shade also strips links dicts from the
resources it returns. shade also now depends on openstacksdk, which does
not strip links dicts.
Change-Id: Ifb6a8280e548cb55932cae4a2bba8e1fa5b34c3c
virtualenv on the puppetmaster is defaulting to python3 now but all our
dev header files for python are for python2. Force python2 when creating
the virtualenv so that pycrypto can be built. Additionally ansible
likely wants python2 here anyways.
Change-Id: I19bc1985fc4b6a722b10fb0b89a86127e27340fe
os-client-config will construct a cloud called "envvars" if the
environment has environment variables that start with OS_ and are not
OS_CLOUD and OS_REGION_NAME (those are singled out because they are
selectors) The convenience variable in our example code snippet here is
an OS_ var that is neither of those, so it causes the environment to
produce an invalid cloud config which then confuses the ansible
inventory which is trying to iterate over the all the clouds that
exist.
Change-Id: I65324bc2f3ca71dd4ada2f39f322ccc5f13d6897
As discussed during the "Launch Node, Ansible and Puppet" summit
session in Austin, we're making things unnecessarily hard on
ourselves by insisting on having multiple servers in our inventory
with the same name. In order to make server addition and replacement
automation simpler, start using an ordinal suffix on server short
names to differentiate them (we can still easily rely on DNS for
their non-numbered convenience names).
Change-Id: I040a5c3b5e1abc50c3e4676bcab0bf4eaa550f4b
When adding a new server now, Ansible needs the root ssh key
fingerprint on the new server to be verified on the puppetmaster,
add this to instructions for setting up a new server.
Change-Id: I7345c22c47120c946b64e72aa6bf7a7a8f590132
In order to run launch-node.py for creation of new infra servers,
you need to be in the launch/ directory of the system-config
repo on disk, documenting this in the launch/README file.
Change-Id: I8499a7b8a43522cd365054d8f8c279ed15abe696
We don't really use the salt infrastructure that we set up, which means
it's cruft. Go ahead and admit that we don't use it and remove it from
our systems.
Change-Id: Ic43695719cbad30aded16ac480deb3dfd9b2a110
* launch/README: Correct outdated references to salt and puppet
certs. Modernize the recommended image name.
* launch/launch-node.py: When run as root, keep the puppet group on
private keys so that they're readable by puppet group members. That
way it won't break subsequent runs as non-root following the current
instructions in the README file. Modernize the default image name.
Change-Id: Ic5034121d4d0df3c096c2e474a9d3d41ec361021
We'd like to be able to control sequencing of how and when puppet
runs across our machines. Currently, it's just a set of agents
that run kinda whenever they run. At times they hang and we don't
know about it. Also, cross-server sequencing is impossible to
achieve.
Change the operation away from agents running on the machine as
daemons, and instead ssh from the master to each machine.
Change-Id: I76e41e63c6d0825e8735c484ba4580d545515e43
Commit 5ae5e6cc added puppetry for /root/ci-launch on the Puppet
master server, but set permissions on it too restrictive for users
launching new servers to be able to read the files within it.
* launch/README: Note that the user following these directions
should also be in the admin group.
* modules/openstack_project/manifests/puppetmaster.pp: Set group
ownership of /root/ci-launch to admin so members of that group will
be able to read the files within it.
Change-Id: I6c657eb4311b27ce329f249df3e60c2b902677ae
Infrastructures derived from the OpenStack CI infrastructure currently
need to fork launch-node.py, better if it just takes an option ;).
Change-Id: Iad94451ed2b4da425f059595ae727dcf2847733a
* launch/README: On servers where the puppet agent daemon needs to
enabled, don't run the initscript directly under sudo. Passing it
through su avoids permission issues with the puppet mysql module.
* launch/launch-node.py: Only test IPv6 connectivity when providers
support it.
Change-Id: Ic37305331ba57ba3de2fb349e1ab503cabcc697d
* manifests/site.pp: Add a node pattern for slave servers which run
Ubuntu Precise Pangolin and default to Python 3.3 for the Puppet PIP
package provider.
* launch/README: Starting with precise3k slaves, individual Puppet
certificates will now be used per-server.
Change-Id: I2cde440720afd8014fc98dfd133d29a428751a9d
* launch/README: Add note on enabling puppet agent for non-slave
CentOS servers.
* launch/launch-node.py: Reboot immediately after puppeting so that
we don't leave the server booted on an old/vulnerable kernel.
Change-Id: I5d0d36c2a11b078321a8715985868422946b06cb
All jobs previously using a quantal node label are now using a
precise node label instead. Documentation has also been updated to
reflect the change in preferred release/image name.
Change-Id: I636416a9d9dc6714cd9751e2210882db2cbf786e
Reviewed-on: https://review.openstack.org/28861
Reviewed-by: James E. Blair <corvus@inaugust.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Tested-by: Jenkins
* launch/README: Mention adding yourself to the salt group.
* modules/salt/manifests/master.pp: Loosen directory permissions
minimally as needed for salt group members to be able to run the
launch script without being root.
Change-Id: I4e462fe2efabe2200a635c79e4b7a1314bf174a3
Reviewed-on: https://review.openstack.org/27562
Reviewed-by: Jesse Keating <jesse.keating@rackspace.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
* launch/README: The preferred flavor for a Jenkins slave in
Rackspace nova has RAM 8192, so we can get the same 4 CPU count we
had with Rackspace legacy VMs.
Change-Id: I55563ff966061b5c02fb68b671156d782c2d042d
Reviewed-on: https://review.openstack.org/23658
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
Still not automatic, but much less typing.
Change-Id: I348b866db3f2778ba08a516a00d258358c4a9129
Reviewed-on: https://review.openstack.org/22468
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Tested-by: Jenkins
* launch/README: Demonstrate use of the nova client's image-list
and flavor-list features, to assist in selecting/confirming image
and RAM choices for passing to launch-node.py. Also improve the
section headers and add a section about activating the Puppet agent
on non-Jenkins-slave servers.
* launch/launch-node.py: Upon successful completion, display
parameters useful for subsequent DNS assignments.
Change-Id: I0defc62434ab2f60b23afe2048e8093614ca49ca
Reviewed-on: https://review.openstack.org/20923
Reviewed-by: Khai Do <do.khai@gmail.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: Clark Boylan <clark.boylan@gmail.com>
Tested-by: Jenkins
* launch/README: More clarity on Jenkins slave example, and
additional levels of cut-n-pasteability on the DNS record creation
example. Also switch from requiring root to expecting to be run from
a normal account with sudo access and membership in the puppet
group.
* launch/launch-node.py: Default to assuming the certname is the
same as the node FQDN, if it isn't overridden via command-line
option.
Change-Id: I9c987055b18e084983f2459fe01598837e1ebcc6
Reviewed-on: https://review.openstack.org/20645
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: Clark Boylan <clark.boylan@gmail.com>
Tested-by: Jenkins
* launch/README: Fix a minor error in the path to a shell fragment
in one of the example commands.
Change-Id: Ie42e6d6b86b9518893c6661251deeab7bbce0d11
Reviewed-on: https://review.openstack.org/20429
Reviewed-by: Elizabeth Krumbach <lyz@princessleia.com>
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
* Update credential paths in launch README.
* Add puppet environment command line option to launch-node.
* Invoke install_puppet.sh from launch-node.
Change-Id: I11a326d4be2274fcecb1a58a32c8962b36af24a8
Reviewed-on: https://review.openstack.org/19000
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
* launch/README: Note that commands are assumed to be run in a full root
environment, mention existence of 'nova list' for determining server
details, get happy with variables in the DNS examples and also adjust
examples for a recent change in RackSpace's DNS API which assumes a
lower-case version of the region name.
Change-Id: I6a80893379acf573e04fefd39d98965c7b873ad5
Reviewed-on: https://review.openstack.org/16112
Reviewed-by: James E. Blair <corvus@inaugust.com>
Reviewed-by: Paul Belanger <paul.belanger@polybeacon.com>
Approved: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Tested-by: Jenkins
Add a script to launch new OpenStack project servers.
Change-Id: I9f12ac0b7e38592128de1d6b999a5d540d621514
Reviewed-on: https://review.openstack.org/14246
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins