System configuration for the OpenDev Collaboratory
11343cc75d
After adding iptables configuration to allow bridge.o.o to send stats to graphite.o.o in I299c0ab5dc3dea4841e560d8fb95b8f3e7df89f2, I encountered the weird failure that ipv6 rules seemed to be applied on graphite.o.o, but not the ipv4 ones. Eventually I realised that the dns_a filter as written is using socket.getaddrinfo() on bridge.o.o and querying for itself. It thus gets matches the loopback entry in /etc/hosts and passes along a rule for 127.0.1.1 or similar. The ipv6 hostname is not in /etc/hosts so this works there. What we really want the dns_<a|aaaa> filters to do is lookup the address in DNS, rather than the local resolver. Without wanting to get involved in new libraries, etc. the simplest option seems to be to use the well-known 'host' tool. We can easily parse the output of this to ensure we're getting the actual DNS addresses for hostnames. An ipv6 match is added to the existing test. This is effectively tested by the existing usage of the iptables role which sets up rules for cacti.o.o access. Change-Id: Ia7988626e9b1fba998fee796d4016fc66332ec03 |
||
---|---|---|
doc | ||
hiera | ||
inventory | ||
launch | ||
manifests | ||
modules/openstack_project | ||
playbooks | ||
roles | ||
roles-test | ||
testinfra | ||
tools | ||
.gitignore | ||
.gitreview | ||
.zuul.yaml | ||
bindep.txt | ||
Gemfile | ||
install_modules.sh | ||
install_puppet.sh | ||
make_swap.sh | ||
modules.env | ||
mount_volume.sh | ||
Rakefile | ||
README.md | ||
roles.yaml | ||
run_all.sh | ||
run_cloud_launcher.sh | ||
run_puppet.sh | ||
setup.cfg | ||
setup.py | ||
test-requirements.txt | ||
tox.ini |
Puppet Modules
These are a set of puppet manifests and modules that are currently being used to manage the OpenStack Project infrastructure.
The main entry point is in manifests/site.pp.
In general, most of the modules here are designed to be able to be run either in agent or apply mode.
These puppet modules require puppet 2.7 or greater. Additionally, the site.pp manifest assumes the existence of hiera.
See http://docs.openstack.org/infra/system-config for more information.
Documentation
The documentation presented at http://docs.openstack.org/infra/system-config comes from git://git.openstack.org/openstack-infra/system-config repo's docs/source. To build the documentation use
$ tox -evenv python setup.py build_sphinx