opendev/system-config
Code Issues Proposed changes
9a29e4ca4d
system-config/modules/openstack_project/manifests/puppetmaster.pp
Spencer Krum 1aca2b8b4d Conditionally manage puppetdb connection 
This allows us to bring up the puppet3 master in an automated way,
then flip on puppetdb later. Most importantly this allows for a step
in the middle where an infra core applies the puppetmaster3 cert
and key from the original puppetmaster.

Change-Id: I77a815591649d55b8c17fb9431add0edd68ce0d2
2014-08-27 16:37:27 -07:00

132 lines
3.4 KiB
Puppet
Raw Blame History

# == Class: openstack_project::puppetmaster
#
class openstack_project::puppetmaster (
$root_rsa_key,
$update_slave = true,
$sysadmins = [],
$version = '2.7.',
$ca_server = undef,
$puppetdb = true,
) {
include ansible
include logrotate
include openstack_project::params
class { 'openstack_project::server':
iptables_public_tcp_ports => [4505, 4506, 8140],
sysadmins => $sysadmins,
pin_puppet => $version,
ca_server => $ca_server,
}
if ($update_slave) {
$cron_command = 'bash /opt/config/production/run_all.sh'
logrotate::file { 'updatepuppetmaster':
ensure => present,
log => '/var/log/puppet_run_all.log',
options => ['compress',
'copytruncate',
'delaycompress',
'missingok',
'rotate 7',
'daily',
'notifempty',
],
require => Cron['updatepuppetmaster'],
}
} else {
$cron_command = 'sleep $((RANDOM\%600)) && cd /opt/config/production && git fetch -q && git reset -q --hard @{u} && ./install_modules.sh && touch manifests/site.pp'
}
cron { 'updatepuppetmaster':
user => 'root',
minute => '*/15',
command => $cron_command,
environment => 'PATH=/var/lib/gems/1.8/bin:/usr/local/bin:/usr/bin:/bin:/usr/sbin:/sbin',
}
cron { 'deleteoldreports':
user => 'root',
hour => '3',
minute => '0',
command => 'sleep $((RANDOM\%600)) && find /var/lib/puppet/reports -name \'*.yaml\' -mtime +7 -execdir rm {} \;',
environment => 'PATH=/var/lib/gems/1.8/bin:/usr/bin:/bin:/usr/sbin:/sbin',
}
file { '/etc/puppet/hiera.yaml':
ensure => present,
owner => 'root',
group => 'root',
mode => '0555',
source => 'puppet:///modules/openstack_project/puppetmaster/hiera.yaml',
replace => true,
require => Class['openstack_project::server'],
}
file { '/var/lib/puppet/reports':
ensure => directory,
owner => 'puppet',
group => 'puppet',
mode => '0750',
}
if ! defined(File['/root/.ssh']) {
file { '/root/.ssh':
ensure => directory,
mode => '0700',
}
}
file { '/root/.ssh/id_rsa':
ensure => present,
mode => '0400',
content => $root_rsa_key,
}
# Cloud credentials are stored in this directory for launch-node.py.
file { '/root/ci-launch':
ensure => directory,
owner => 'root',
group => 'admin',
mode => '0750',
}
# For launch/launch-node.py.
package { ['python-cinderclient', 'python-novaclient']:
ensure => latest,
provider => pip,
require => Package['python-lxml'],
}
package { 'python-paramiko':
ensure => present,
}
package { 'python-lxml':
ensure => present,
}
# Enable puppetdb
if $puppetdb {
class { 'puppetdb::master::config':
puppetdb_server => 'puppetdb.openstack.org',
puppet_service_name => 'apache2',
puppetdb_soft_write_failure => true,
manage_storeconfigs => false,
}
}
# Playbooks
#
file { '/etc/ansible/remote_puppet.yaml':
ensure => present,
source => 'puppet:///modules/openstack_project/ansible/remote_puppet.yaml',
require => Class[ansible],
}
file { '/etc/ansible/clean_workspaces.yaml':
ensure => present,
source => 'puppet:///modules/openstack_project/ansible/clean_workspaces.yaml',
require => Class[ansible],
}
}
View Git Blame Copy Permalink