Added base host only manifest with docker

host.pp added, which assumes the base host
roles for all cases of deployment. This
includes SSH key generation and iptables.

cobbler::iptables calls were modified to
allow the class to be included in two
places in the manifests to meet both
deployment styles.

nailgun::iptables is now called from
nailgun::host class.

Change-Id: Idb016dda6ec64213a7175826de7aae60d3a95158
blueprint fuel-containerization-of-services

deployment/puppet/cobbler/manifests/init.pp

@@ -72,12 +72,7 @@ class cobbler(
 
   class { ::cobbler::packages : }
   class { ::cobbler::selinux : }
-  if $production !~ /docker/ {
-    class { ::cobbler::iptables : }
-
-    Class["::cobbler::iptables"] ->
-    Class["::cobbler::server"]
-  }
+  include ::cobbler::iptables
   class { ::cobbler::snippets : }
   class { ::cobbler::server :
     domain_name => $domain_name,

deployment/puppet/docker/manifests/init.pp

@@ -0,0 +1,23 @@
+class docker (
+$limit = "102400",
+$docker_package = "docker-io",
+$docker_service = "docker",
+) {
+
+  package {$docker_package:
+    ensure => installed,
+  }
+
+  service {$docker_service:
+    enable => true,
+    ensure => running,
+    require => Package[$docker_package],
+  }
+  file { "/etc/sysconfig/docker":
+    content => template("docker/settings.erb"),
+    owner => 'root',
+    group => 'root',
+    mode => 0644,
+    notify => Service["docker"],
+  }
+}

deployment/puppet/docker/templates/settings.erb

@@ -0,0 +1,2 @@
+other_args=""
+ulimit <%= @limit %>

deployment/puppet/nailgun/examples/host-only.pp

@@ -0,0 +1,24 @@
+$fuel_settings = parseyaml($astute_settings_yaml)
+$fuel_version = parseyaml($fuel_version_yaml)
+
+if is_hash($::fuel_version) and $::fuel_version['VERSION'] and
+$::fuel_version['VERSION']['production'] {
+    $production = $::fuel_version['VERSION']['production']
+}
+else {
+    $production = 'dev'
+}
+
+
+class { 'nailgun::host':
+  production => $production,
+  nailgun_group => $nailgun_group,
+  nailgun_user => $nailgun_user,
+}
+
+class { "openstack::clocksync":
+  ntp_servers     => $ntp_servers,
+  config_template => "ntp/ntp.conf.centosserver.erb",
+}
+
+class { "docker": }

deployment/puppet/nailgun/manifests/host.pp

@@ -0,0 +1,45 @@
+class nailgun::host(
+$production,
+$nailgun_group = "nailgun",
+$nailgun_user = "nailgun",
+$gem_source = "http://localhost/gems/",
+)
+{
+  #Enable cobbler's iptables rules even if Cobbler not called
+  include cobbler::iptables
+  Exec  {path => '/usr/bin:/bin:/usr/sbin:/sbin'}
+
+  firewall { '002 accept related established rules':
+    proto   => 'all',
+    state   => ['RELATED', 'ESTABLISHED'],
+    action  => 'accept',
+  } ->
+  class { "nailgun::iptables": }
+
+  nailgun::sshkeygen { "/root/.ssh/id_rsa":
+    homedir => "/root",
+    username => "root",
+    groupname => "root",
+    keytype => "rsa",
+  }
+
+  file { "/etc/ssh/sshd_config":
+    content => template("nailgun/sshd_config.erb"),
+    owner => 'root',
+    group => 'root',
+    mode  => '0600',
+  }
+
+  file { "/root/.ssh/config":
+    content => template("nailgun/root_ssh_config.erb"),
+    owner => 'root',
+    group => 'root',
+    mode  => '0600',
+  }
+  file { "/var/log/remote":
+    ensure => directory,
+    owner => 'root', 
+    group => 'root',
+    mode  => '0750',
+  }
+}

deployment/puppet/nailgun/manifests/init.pp

@@ -56,7 +56,6 @@ class nailgun(
 
   Anchor<| title == "nailgun-begin" |> ->
   Class["nailgun::packages"] ->
-  Class["nailgun::iptables"] ->
   Class["nailgun::nginx-repo"] ->
   Exec["start_nginx_repo"] ->
   Class["nailgun::user"] ->
@@ -64,21 +63,23 @@ class nailgun(
   Class["nailgun::venv"] ->
   Class["nailgun::astute"] ->
   Class["nailgun::nginx-nailgun"] ->
+  Class["nailgun::host"] ->
   Class["nailgun::cobbler"] ->
+  Class["nailgun::gateone"] ->
   Class["openstack::logging"] ->
   Class["nailgun::supervisor"] ->
   Anchor<| title == "nailgun-end" |>
 
+  class { 'nailgun::host':
+    production => $production,
+    nailgun_group => $nailgun_group,
+    nailgun_user => $nailgun_user,
+  }
+
   class { "nailgun::packages":
     gem_source => $gem_source,
   }
 
-  firewall { '002 accept related established rules':
-    proto   => 'all',
-    state   => ['RELATED', 'ESTABLISHED'],
-    action  => 'accept',
-  } -> class { "nailgun::iptables": }
-
   file { ["/etc/nginx/conf.d/default.conf",
           "/etc/nginx/conf.d/virtual.conf",
           "/etc/nginx/conf.d/ssl.conf"]:
@@ -89,7 +90,6 @@ class nailgun(
                Class["nailgun::nginx-nailgun"],
                ],
   }
-
   class {openstack::logging:
     role           => 'server',
     log_remote     => false,
@@ -247,26 +247,4 @@ class nailgun(
   }
 
   class { "nailgun::puppetsync": }
-
-  nailgun::sshkeygen { "/root/.ssh/id_rsa":
-    homedir => "/root",
-    username => "root",
-    groupname => "root",
-    keytype => "rsa",
-  } ->
-
-  file { "/etc/ssh/sshd_config":
-    content => template("nailgun/sshd_config.erb"),
-    owner => root,
-    group => root,
-    mode => 0600,
-  }
-
-  file { "/root/.ssh/config":
-    content => template("nailgun/root_ssh_config.erb"),
-    owner => root,
-    group => root,
-    mode => 0600,
-  }
-
 }