System configuration for OpenStack Infrastructure
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
 
 
 
 
 
 

383 lines
12 KiB

  1. #!/bin/bash -x
  2. # Copyright 2013 OpenStack Foundation.
  3. # Copyright 2013 Hewlett-Packard Development Company, L.P.
  4. # Copyright 2013 Red Hat, Inc.
  5. #
  6. # Licensed under the Apache License, Version 2.0 (the "License"); you may
  7. # not use this file except in compliance with the License. You may obtain
  8. # a copy of the License at
  9. #
  10. # http://www.apache.org/licenses/LICENSE-2.0
  11. #
  12. # Unless required by applicable law or agreed to in writing, software
  13. # distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
  14. # WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
  15. # License for the specific language governing permissions and limitations
  16. # under the License.
  17. # NOTE(pabelanger): We now use the pip-and-virtualenv element from
  18. # diskimage-builder to do this. Default to true for backwards compatibility.
  19. SETUP_PIP=${SETUP_PIP:-true}
  20. #
  21. # Distro identification functions
  22. # note, can't rely on lsb_release for these as we're bare-bones and
  23. # it may not be installed yet)
  24. function is_fedora {
  25. [ -f /usr/bin/yum ] && cat /etc/*release | grep -q -e "Fedora"
  26. }
  27. function is_rhel7 {
  28. [ -f /usr/bin/yum ] && \
  29. cat /etc/*release | grep -q -e "Red Hat" -e "CentOS" -e "CloudLinux" && \
  30. cat /etc/*release | grep -q 'release 7'
  31. }
  32. function is_ubuntu {
  33. [ -f /usr/bin/apt-get ]
  34. }
  35. function is_opensuse {
  36. [ -f /usr/bin/zypper ] && \
  37. cat /etc/os-release | grep -q -e "openSUSE"
  38. }
  39. function is_gentoo {
  40. [ -f /usr/bin/emerge ]
  41. }
  42. # dnf is a drop-in replacement for yum on Fedora>=22
  43. YUM=yum
  44. if is_fedora && [[ $(lsb_release -rs) -ge 22 ]]; then
  45. YUM=dnf
  46. fi
  47. # Set the puppet version
  48. if cat /etc/os-release | grep -qi bionic; then
  49. # bionic only supports puppet 5
  50. PUPPET_VERSION=${PUPPET_VERSION:-5}
  51. else
  52. PUPPET_VERSION=${PUPPET_VERSION:-3}
  53. fi
  54. #
  55. # Distro specific puppet installs
  56. #
  57. function _systemd_update {
  58. # there is a bug (rhbz#1261747) where systemd can fail to enable
  59. # services due to selinux errors after upgrade. A work-around is
  60. # to install the latest version of selinux and systemd here and
  61. # restart the daemon for good measure after it is upgraded.
  62. $YUM install -y selinux-policy
  63. $YUM install -y systemd
  64. systemctl daemon-reload
  65. }
  66. function setup_puppet_fedora {
  67. _systemd_update
  68. $YUM update -y
  69. # NOTE: we preinstall lsb_release here to ensure facter sets
  70. # lsbdistcodename
  71. #
  72. # Fedora declares some global hardening flags, which distutils
  73. # pick up when building python modules. redhat-rpm-config
  74. # provides the required config options. Really this should be a
  75. # dependency of python-devel (fix in the works, see
  76. # https://bugzilla.redhat.com/show_bug.cgi?id=1217376) and can be
  77. # removed when that is sorted out.
  78. $YUM install -y redhat-lsb-core git puppet \
  79. redhat-rpm-config
  80. mkdir -p /etc/puppet/modules/
  81. if $SETUP_PIP; then
  82. # Puppet expects the pip command named as pip-python on
  83. # Fedora, as per the packaged command name. However, we're
  84. # installing from get-pip.py so it's just 'pip'. An easy
  85. # work-around is to just symlink pip-python to "fool" it.
  86. # See upstream issue:
  87. # https://tickets.puppetlabs.com/browse/PUP-1082
  88. ln -fs /usr/bin/pip /usr/bin/pip-python
  89. fi
  90. # Wipe out templatedir so we don't get warnings about it
  91. sed -i '/templatedir/d' /etc/puppet/puppet.conf
  92. # Wipe out server, as we don't have one.
  93. sed -i '/server/d' /etc/puppet/puppet.conf
  94. # upstream is currently looking for /run/systemd files to check
  95. # for systemd. This fails in a chroot where /run isn't mounted
  96. # (like when using dib). Comment out this confine as fedora
  97. # always has systemd
  98. # see
  99. # https://github.com/puppetlabs/puppet/pull/4481
  100. # https://bugzilla.redhat.com/show_bug.cgi?id=1254616
  101. sudo sed -i.bak '/^[^#].*/ s|\(^.*confine :exists => \"/run/systemd/system\".*$\)|#\ \1|' \
  102. /usr/share/ruby/vendor_ruby/puppet/provider/service/systemd.rb
  103. # upstream "requests" pip package vendors urllib3 and chardet
  104. # packages. The fedora packages un-vendor this, and symlink those
  105. # sub-packages back to packaged versions. We get into a real mess
  106. # of if some of the puppet ends up pulling in "requests" from pip,
  107. # and then something like devstack does a "yum install
  108. # python-requests" which does a very bad job at overwriting the
  109. # pip-installed version (symlinks and existing directories don't
  110. # mix). A solution is to pre-install the python-requests
  111. # package; clear it out and re-install from pip. This way, the
  112. # package is installed for dependencies, and we have a pip-managed
  113. # requests with correctly vendored sub-packages.
  114. sudo ${YUM} install -y python2-requests
  115. sudo rm -rf /usr/lib/python2.7/site-packages/requests/*
  116. sudo rm -rf /usr/lib/python2.7/site-packages/requests-*.{egg,dist}-info
  117. sudo pip install requests
  118. }
  119. function setup_puppet_rhel7 {
  120. # NOTE(pabelanger): In openstack-infra, we already have epel on
  121. # our nodes, properly configured for mirrors and gpg keys; thus
  122. # check to see if the package is installed first.
  123. if ! rpm -qa | grep -q epel-release; then
  124. # install a bootstrap epel repo to install latest epel-release
  125. # package (which provides correct gpg keys, etc); then remove
  126. # boostrap
  127. cat > /etc/yum.repos.d/epel-bootstrap.repo <<EOF
  128. [epel-bootstrap]
  129. name=Bootstrap EPEL
  130. mirrorlist=https://mirrors.fedoraproject.org/mirrorlist?repo=epel-7&arch=\$basearch
  131. failovermethod=priority
  132. enabled=0
  133. gpgcheck=0
  134. EOF
  135. yum --enablerepo=epel-bootstrap -y install epel-release
  136. rm -f /etc/yum.repos.d/epel-bootstrap.repo
  137. fi
  138. _systemd_update
  139. yum update -y
  140. if [ "$PUPPET_VERSION" == "3" ] ; then
  141. puppetpkg=puppet
  142. local puppet_repo="https://yum.puppetlabs.com/puppetlabs-release-el-7.noarch.rpm"
  143. elif [ "$PUPPET_VERSION" == "4" ] ; then
  144. puppetpkg=puppet-agent
  145. local puppet_repo="https://yum.puppetlabs.com/puppetlabs-release-pc1-el-7.noarch.rpm"
  146. else
  147. echo "Unsupported puppet version ${PUPPET_VERSION}"
  148. exit 1
  149. fi
  150. # NOTE: we preinstall lsb_release to ensure facter sets lsbdistcodename
  151. yum install -y redhat-lsb-core git
  152. # Install puppetlabs repo & then puppet comes from there
  153. rpm -ivh $puppet_repo
  154. yum install -y $puppetpkg
  155. if $SETUP_PIP; then
  156. # see comments in setup_puppet_fedora
  157. ln -s /usr/bin/pip /usr/bin/pip-python
  158. fi
  159. if [ "$PUPPET_VERSION" == "3" ] ; then
  160. # Wipe out templatedir so we don't get warnings about it
  161. sed -i '/templatedir/d' /etc/puppet/puppet.conf
  162. # Wipe out server, as we don't have one.
  163. sed -i '/server/d' /etc/puppet/puppet.conf
  164. fi
  165. }
  166. function setup_puppet_ubuntu {
  167. if ! which lsb_release > /dev/null 2<&1 ; then
  168. DEBIAN_FRONTEND=noninteractive apt-get --option 'Dpkg::Options::=--force-confold' \
  169. --assume-yes install -y --force-yes lsb-release
  170. fi
  171. lsbdistcodename=`lsb_release -c -s`
  172. if [ $lsbdistcodename != 'trusty' ] ; then
  173. rubypkg=rubygems
  174. else
  175. rubypkg=ruby
  176. fi
  177. if [ "$PUPPET_VERSION" == "3" ] ; then
  178. if [ $lsbdistcodename != 'xenial' ] ; then
  179. puppet_deb=puppetlabs-release-${lsbdistcodename}.deb
  180. else
  181. puppet_deb=''
  182. fi
  183. PUPPET_VERSION=3.*
  184. puppetpkg=puppet
  185. FACTER_VERSION=2.*
  186. elif [ "$PUPPET_VERSION" == "4" ] ; then
  187. puppet_deb=puppetlabs-release-pc1-${lsbdistcodename}.deb
  188. puppetpkg=puppet-agent
  189. PUPPET_VERSION=4.*
  190. FACTER_VERSION=3.*
  191. elif [ "$PUPPET_VERSION" == "5" ] ; then
  192. puppet_deb=puppet5-release-bionic.deb
  193. puppetpkg=puppet-agent
  194. PUPPET_VERSION=5.*
  195. FACTER_VERSION=3.*
  196. else
  197. echo "Unsupported puppet version ${PUPPET_VERSION}"
  198. exit 1
  199. fi
  200. cat > /etc/apt/preferences.d/00-puppet.pref <<EOF
  201. Package: puppet puppet-common puppetmaster puppetmaster-common puppetmaster-passenger
  202. Pin: version $PUPPET_VERSION
  203. Pin-Priority: 501
  204. Package: facter
  205. Pin: version $FACTER_VERSION
  206. Pin-Priority: 501
  207. EOF
  208. # NOTE(pabelanger): Puppetlabs does not support ubuntu xenial for puppet 3. Instead use
  209. # the version of puppet ship by xenial.
  210. if [ -n "$puppet_deb" ]; then
  211. if type curl >/dev/null 2>&1; then
  212. curl -O http://apt.puppetlabs.com/$puppet_deb
  213. else
  214. wget http://apt.puppetlabs.com/$puppet_deb -O $puppet_deb
  215. fi
  216. dpkg -i $puppet_deb
  217. rm $puppet_deb
  218. fi;
  219. apt-get update
  220. DEBIAN_FRONTEND=noninteractive apt-get --option 'Dpkg::Options::=--force-confold' \
  221. --assume-yes dist-upgrade
  222. DEBIAN_FRONTEND=noninteractive apt-get --option 'Dpkg::Options::=--force-confold' \
  223. --assume-yes install -y --force-yes $puppetpkg git $rubypkg
  224. if [ "$PUPPET_VERSION" == "3" ] ; then
  225. # Wipe out templatedir so we don't get warnings about it
  226. sed -i '/templatedir/d' /etc/puppet/puppet.conf
  227. # Wipe out server, as we don't have one.
  228. sed -i '/server/d' /etc/puppet/puppet.conf
  229. fi
  230. # ensure the agent is stopped and disabled
  231. if [ -f /bin/systemctl ]; then
  232. service puppet stop
  233. systemctl disable puppet
  234. else
  235. /etc/init.d/puppet stop
  236. update-rc.d -f puppet disable
  237. fi
  238. }
  239. function setup_puppet_opensuse {
  240. if [ "$PUPPET_VERSION" == "3" ] ; then
  241. puppetpkg=puppet
  242. else
  243. echo "Unsupported puppet version ${PUPPET_VERSION}"
  244. exit 1
  245. fi
  246. zypper --non-interactive install --force-resolution $puppetpkg
  247. # Wipe out templatedir so we don't get warnings about it
  248. sed -i '/templatedir/d' /etc/puppet/puppet.conf
  249. # Wipe out server, as we don't have one.
  250. sed -i '/server/d' /etc/puppet/puppet.conf
  251. }
  252. function setup_puppet_gentoo {
  253. echo yes | emaint sync -a
  254. if [ "$PUPPET_VERSION" == "3" ] ; then
  255. puppetpkg=puppet-agent
  256. else
  257. echo "Unsupported puppet version ${PUPPET_VERSION}"
  258. exit 1
  259. fi
  260. emerge -q --jobs=4 $puppetpkg
  261. sed -i '/templatedir/d' /etc/puppetlabs/puppet/puppet.conf
  262. # Wipe out server, as we don't have one.
  263. sed -i '/server/d' /etc/puppetlabs/puppet/puppet.conf
  264. }
  265. #
  266. # pip setup
  267. #
  268. function setup_pip {
  269. # Install pip using get-pip
  270. local get_pip_url=https://bootstrap.pypa.io/get-pip.py
  271. local ret=1
  272. if [ -f ./get-pip.py ]; then
  273. ret=0
  274. elif type curl >/dev/null 2>&1; then
  275. curl -O $get_pip_url
  276. ret=$?
  277. elif type wget >/dev/null 2>&1; then
  278. wget $get_pip_url
  279. ret=$?
  280. fi
  281. if [ $ret -ne 0 ]; then
  282. echo "Failed to get get-pip.py"
  283. exit 1
  284. fi
  285. if is_opensuse; then
  286. zypper --non-interactive install --force-resolution python python-xml
  287. fi
  288. python get-pip.py
  289. rm get-pip.py
  290. # we are about to overwrite setuptools, but some packages we
  291. # install later might depend on the python-setuptools package. To
  292. # avoid later conflicts, and because distro packages don't include
  293. # enough info for pip to certain it can fully uninstall the old
  294. # package, for safety we clear it out by hand (this seems to have
  295. # been a problem with very old to new updates, e.g. centos6 to
  296. # current-era, but less so for smaller jumps). There is a bit of
  297. # chicken-and-egg problem with pip in that it requires setuptools
  298. # for some operations, such as wheel creation. But just
  299. # installing setuptools shouldn't require setuptools itself, so we
  300. # are safe for this small section.
  301. if is_rhel7 || is_fedora; then
  302. yum install -y python-setuptools
  303. rm -rf /usr/lib/python2.7/site-packages/setuptools*
  304. fi
  305. pip install -U setuptools
  306. }
  307. # Need to install python2 early as pip and ansible need it and it
  308. # isn't necessarily previously installed on newer Ubuntu releases.
  309. if is_ubuntu; then
  310. if ! which python > /dev/null 2<&1 ; then
  311. DEBIAN_FRONTEND=noninteractive apt-get update
  312. DEBIAN_FRONTEND=noninteractive apt-get --option 'Dpkg::Options::=--force-confold' \
  313. --assume-yes install -y --force-yes python-minimal
  314. fi
  315. fi
  316. if $SETUP_PIP; then
  317. setup_pip
  318. fi
  319. if is_fedora; then
  320. setup_puppet_fedora
  321. elif is_rhel7; then
  322. setup_puppet_rhel7
  323. elif is_ubuntu; then
  324. setup_puppet_ubuntu
  325. elif is_opensuse; then
  326. setup_puppet_opensuse
  327. elif is_gentoo; then
  328. setup_puppet_gentoo
  329. else
  330. echo "*** Can not setup puppet: distribution not recognized"
  331. exit 1
  332. fi