When launching a server, ansible needs to know what groups the
new host is in so that it can copy the appropriate files. Figuring
that out is done based on the groups.txt file and the expand-groups
script. This change runs that script after creating a host, which
will update the global list of expanded groups. That is then
symlinked into a temporary inventory directory used by launch-node.
The JobDir concept is borrowed from Zuul as a simple way of creating
and deleting at the appropriate time a complex temporary directory.
Change-Id: Icce083ca67a3473b7d77401142f870fd28dd08f5
We can only get the volume attach device if we are attaching a volume.
Check if the volume is being attached and only determine the attachment
location in that case to avoid errors.
Story: 2000569
Change-Id: I4adc5e23abdfc0627a0850f845e2333d3bd25e63
Now that we have a shade version of the launch node script adding in
support for attaching a cinder volume is simple. Do this so that
launching mirrors which rely on cinder volumes is simpler.
This updates the mount_volume.sh script to setup the first cinder volume
with lvm and mount it under the specified path. It will also install
lvm2 pacakges since they may not be present on all base images.
This updates the make_swap.sh script to avoid blindly using /dev/vdb as
the location for swap as this may be a cinder volume or config drive.
We add availability zone, device specification, mount path, and
fs label support to shade-launch-node.py as these are all necessary
inputs to properly mount a cinder volume in a VM.
Change-Id: Ie95fd4bd5fca8df4f8046d43d1333935cad567e3
There is a bug in OCC that causes an envvars cloud to be created when
the only two env vars are the selectors OS_CLOUD and OS_REGION_NAME. So
exclude them from the envionment when running the group creation
command.
Also, there is a bug in the invocation of the hostname playbook, in that
it was passing in the UUID as the target to run against, but we're
writing out a name-based inventory.
Change-Id: I0b524dc43ec96c6645ae82a090744eab463e7fb9
It looks like we solved the duplicate server problem twice in
conflicting ways. Using uuid in the inventory is not needed, bcause
we're making a specific inventory for the ansible commands and avoiding
the OpenStack inventory. So the ansible run has no idea of any other
servers other than the one we're making right now. With that, we can use
name as the hostname rather than UUID.
Story: 2000520
Change-Id: Idb967e10fc00471923077e4e9caa32fdb4c1cc78
We have a playbook that does the logic of setting the hostname. Rather
than implementing that logic in launch-node - just use the playbook.
Change-Id: I1a6c0ff12803bdac35631cb3bb2c8fe70cbd1904
https://github.com/ansible/ansible/pull/14882 landed, so the inventory
will understand that an empty cache means the inventory needs
refetching. Zero out the file, and start consuming inventory from the
master branch of ansible since mordred controls that file anyway.
Change-Id: I2a4f4b21c50bfa94a229dd109e3d21f47552f0a1
We have a set of hostname patterns which is not a thing that ansible
supports in inventory files. While we can put hostname patterns into
playbooks directly, that does not help us with copying hiera group files
since ansible doesn't know about the groups in site.pp and puppet
doesn't know about the ansible groups.
Instead, do a quick expansion any time the groups.txt file changes and
at the end of launch-node. It will be left to admins to run
expand-groups.sh whenever they delete a node.
Change-Id: I00c60748ddb2d35a3b98f78d828dabebcf065118
With the puppetmaster not there anymore, we should consume inventory
from OpenStack rather than from puppet.
It turns out that because of the way static and dynamic inventories get
merged, the static file needs to stand alone. SO - if you need to
disable a dynamic host from OpenStack (pretty much all of our hosts) you
need to not only add it to dynamic:children, you need to add an emtpy
group into the static file too, otherwise you'll get an error like:
root@puppetmaster:~# ansible -i newinv '!disabled' --list-hosts
ERROR: newinv/static:4: child group is not defined: (jenkins-dev.openstack.org)
Change-Id: Ic6809ed0b7014d7aebd414bf3a342e3a37eb10b6
This parameter is usually not necessary, and over-specifying it
can be problematic because the value is not consistent.
Change-Id: I0a90631499294e7a6eb287f24739cf4884a8db7b
New systemd based distros reboot so quickly that the ssh connection
errors returning 255 (or -1 in python because signed integers). Ignore
return codes of -1 when rebooting over ssh as a result. All other return
codes will be propogated properly.
Change-Id: I272f00e9e07f1ed04f2b97d0e1609c6e8d49caf3
Because, you know, we should have to do this.
Rackspace publishes two things called "compute" into their catalog for
customers who still have the old compute service.
Change-Id: I27d5a78fc743057a270acd4bf7c85fd998f9074d
* launch/launch-node.py: Now that we're using --detailed-exit-codes
with puppet, we should not abort when the ssh call exits nonzero.
Puppet explicitly returns nonzero codes which indicate success
conditions, and we already have a function in place to interpret
them.
Change-Id: If66d345902d05fa0898d202f5f71c087df9f4ce7
HP Cloud centos7 images are currently failing with 'Please login as
the user "centos" rather than the user "root"'.
This adds the 'centos' user as one of the logins to try, and adds a
little documentation to the subsequent fixup of the authorized_keys
file
Change-Id: I46b62c8c4aed7a1c9522d60db7f726ebcb30281c
We've got the logic elsewhere to properly deal with puppet bizarre exit
code strategy. Put it in launch_node too.
Change-Id: I4a414a27b58b2d4d890020f4b2aaed50f7c8f26b
Currently launch-node.py doesn't allow to specify network label
and floating IP pool name, using the defaults from nova-network.
This patch allows to specify network label to attach instance to,
and floating IP pool from which floating IPs could be assigned.
Change-Id: I46024bc1c217f99f19717aeb04d424a01440203a
The new code to create volumes incorrectly affects the non-volume
case due to an indentation bug. This corrects that.
Change-Id: I18eb1222447393e769fbbbf550407bf103b11e99
We are using cinder block devices more and more. Update launch node so
that it can attach a preexisting cinder volume against a new nova server
on first boot. This will allow puppet or other config management to
format and mount that block device into the VMs filesystem.
Change-Id: Ic121cdc06dcbea0e38e8d0ff8946e999af3d727e
It is deemed useful by some to pass IDs rather than names to
launch-node.py for flavors and images; mostly due to the fact that
names are not unique, and the "first-matched" behavior on names
means that it can end up doing the wrong thing in certain cases.
Change-Id: Ief89174fedac7921f85bbfe3a456059ecc0f19bf
We don't really use the salt infrastructure that we set up, which means
it's cruft. Go ahead and admit that we don't use it and remove it from
our systems.
Change-Id: Ic43695719cbad30aded16ac480deb3dfd9b2a110
* launch/README: Correct outdated references to salt and puppet
certs. Modernize the recommended image name.
* launch/launch-node.py: When run as root, keep the puppet group on
private keys so that they're readable by puppet group members. That
way it won't break subsequent runs as non-root following the current
instructions in the README file. Modernize the default image name.
Change-Id: Ic5034121d4d0df3c096c2e474a9d3d41ec361021
Added the abillity to use launch_node.py to connect to and create
infrastructure instances in openstack setups that are not setup to use
the ssl secured clients.
This matches the functionality of the nova cli to accept NOVACLIENT_INSECURE.
Change-Id: Ibfb5bb4665f36a155ec488c475e03f9cd901e9d6
Signed-off-by: Philip Schwartz <philip.schwartz@rackspace.com>
Add a script to handle cloud servers with no swap. This can be
used before install_puppet when developers run it by hand, and
is called directly by launch_node. If the host has
no swap, create a swap partition from the ephemeral disk and use
the remainder on /opt.
Change-Id: Iac8bfe4924d8607ddbddc45312a51fe52eb4cdbc
In anticipation of swtiching to flake8 as part of the removal of
pyflakes jobs, clean up a few flake8 errors so that we don't have to
ignore as many things.
Change-Id: Idb8466bb3194904d84e17dd3f2a7c32aff13788c
This is a minor step towards PEP-8 as well, but mainly makes it easier
to document what third party modules are needed.
Change-Id: Id901ef437fcdeb11c8dd555e8db7c13daa86c4b2
Infrastructures derived from the OpenStack CI infrastructure currently
need to fork launch-node.py, better if it just takes an option ;).
Change-Id: Iad94451ed2b4da425f059595ae727dcf2847733a
* launch/launch-node.py: Make salt key management when launching nodes
optional as we may not always be running salt or choose to have a node
run a salt daemon. Default to disabling management.
Change-Id: If1bf137e91d250d5c94a957ff00d19401685c730
* launch/README: On servers where the puppet agent daemon needs to
enabled, don't run the initscript directly under sudo. Passing it
through su avoids permission issues with the puppet mysql module.
* launch/launch-node.py: Only test IPv6 connectivity when providers
support it.
Change-Id: Ic37305331ba57ba3de2fb349e1ab503cabcc697d
* launch/launch-node.py: Sometimes we get a broken server from a
provider, probably actually a broken compute node behind the scenes,
which fails to send IPv6 packets with a DSCP > 3. Test that we can
send DSCP 0x10 packets to at least one IPv6-connected host and get a
response, or else discard the server.
Change-Id: I379589d74f9e5892e3fda85bd267567038b6c2c9
* launch/README: Add note on enabling puppet agent for non-slave
CentOS servers.
* launch/launch-node.py: Reboot immediately after puppeting so that
we don't leave the server booted on an old/vulnerable kernel.
Change-Id: I5d0d36c2a11b078321a8715985868422946b06cb
Create Salt key pair if needed
Move Salt key pair creation above bootstrap_server
Pre-seed Salt Minion keys
Use fqdn instead of cert name.
Set the Minion ID to be the fqdn
Logic improvements in add_salt_keypair
Use proper splitext, some suggested fixes
Remove minion_id definition. Let fqdn define minion id
Change-Id: I74e5ffb1a414ee61f1214332be34b5ed0fd26e95
Reviewed-on: https://review.openstack.org/26046
Reviewed-by: James E. Blair <corvus@inaugust.com>
Reviewed-by: Nicolas Simonds <nic@metacloud.com>
Reviewed-by: Anita Kuno <anita.kuno@enovance.com>
Reviewed-by: Matthew Sherborne <msherborne+openstack@gmail.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Tested-by: Jenkins
Still not automatic, but much less typing.
Change-Id: I348b866db3f2778ba08a516a00d258358c4a9129
Reviewed-on: https://review.openstack.org/22468
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Tested-by: Jenkins
* launch/README: Demonstrate use of the nova client's image-list
and flavor-list features, to assist in selecting/confirming image
and RAM choices for passing to launch-node.py. Also improve the
section headers and add a section about activating the Puppet agent
on non-Jenkins-slave servers.
* launch/launch-node.py: Upon successful completion, display
parameters useful for subsequent DNS assignments.
Change-Id: I0defc62434ab2f60b23afe2048e8093614ca49ca
Reviewed-on: https://review.openstack.org/20923
Reviewed-by: Khai Do <do.khai@gmail.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: Clark Boylan <clark.boylan@gmail.com>
Tested-by: Jenkins
* launch/README: More clarity on Jenkins slave example, and
additional levels of cut-n-pasteability on the DNS record creation
example. Also switch from requiring root to expecting to be run from
a normal account with sudo access and membership in the puppet
group.
* launch/launch-node.py: Default to assuming the certname is the
same as the node FQDN, if it isn't overridden via command-line
option.
Change-Id: I9c987055b18e084983f2459fe01598837e1ebcc6
Reviewed-on: https://review.openstack.org/20645
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: Clark Boylan <clark.boylan@gmail.com>
Tested-by: Jenkins
* Update credential paths in launch README.
* Add puppet environment command line option to launch-node.
* Invoke install_puppet.sh from launch-node.
Change-Id: I11a326d4be2274fcecb1a58a32c8962b36af24a8
Reviewed-on: https://review.openstack.org/19000
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
Add a script to launch new OpenStack project servers.
Change-Id: I9f12ac0b7e38592128de1d6b999a5d540d621514
Reviewed-on: https://review.openstack.org/14246
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
