Added base host only manifest with docker
host.pp added, which assumes the base host roles for all cases of deployment. This includes SSH key generation and iptables. cobbler::iptables calls were modified to allow the class to be included in two places in the manifests to meet both deployment styles. nailgun::iptables is now called from nailgun::host class. Change-Id: Idb016dda6ec64213a7175826de7aae60d3a95158 blueprint fuel-containerization-of-services
This commit is contained in:
parent
d4299afd31
commit
03149c5538
@ -72,12 +72,7 @@ class cobbler(
|
|||||||
|
|
||||||
class { ::cobbler::packages : }
|
class { ::cobbler::packages : }
|
||||||
class { ::cobbler::selinux : }
|
class { ::cobbler::selinux : }
|
||||||
if $production !~ /docker/ {
|
include ::cobbler::iptables
|
||||||
class { ::cobbler::iptables : }
|
|
||||||
|
|
||||||
Class["::cobbler::iptables"] ->
|
|
||||||
Class["::cobbler::server"]
|
|
||||||
}
|
|
||||||
class { ::cobbler::snippets : }
|
class { ::cobbler::snippets : }
|
||||||
class { ::cobbler::server :
|
class { ::cobbler::server :
|
||||||
domain_name => $domain_name,
|
domain_name => $domain_name,
|
||||||
|
23
deployment/puppet/docker/manifests/init.pp
Normal file
23
deployment/puppet/docker/manifests/init.pp
Normal file
@ -0,0 +1,23 @@
|
|||||||
|
class docker (
|
||||||
|
$limit = "102400",
|
||||||
|
$docker_package = "docker-io",
|
||||||
|
$docker_service = "docker",
|
||||||
|
) {
|
||||||
|
|
||||||
|
package {$docker_package:
|
||||||
|
ensure => installed,
|
||||||
|
}
|
||||||
|
|
||||||
|
service {$docker_service:
|
||||||
|
enable => true,
|
||||||
|
ensure => running,
|
||||||
|
require => Package[$docker_package],
|
||||||
|
}
|
||||||
|
file { "/etc/sysconfig/docker":
|
||||||
|
content => template("docker/settings.erb"),
|
||||||
|
owner => 'root',
|
||||||
|
group => 'root',
|
||||||
|
mode => 0644,
|
||||||
|
notify => Service["docker"],
|
||||||
|
}
|
||||||
|
}
|
2
deployment/puppet/docker/templates/settings.erb
Normal file
2
deployment/puppet/docker/templates/settings.erb
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
other_args=""
|
||||||
|
ulimit <%= @limit %>
|
24
deployment/puppet/nailgun/examples/host-only.pp
Normal file
24
deployment/puppet/nailgun/examples/host-only.pp
Normal file
@ -0,0 +1,24 @@
|
|||||||
|
$fuel_settings = parseyaml($astute_settings_yaml)
|
||||||
|
$fuel_version = parseyaml($fuel_version_yaml)
|
||||||
|
|
||||||
|
if is_hash($::fuel_version) and $::fuel_version['VERSION'] and
|
||||||
|
$::fuel_version['VERSION']['production'] {
|
||||||
|
$production = $::fuel_version['VERSION']['production']
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$production = 'dev'
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
class { 'nailgun::host':
|
||||||
|
production => $production,
|
||||||
|
nailgun_group => $nailgun_group,
|
||||||
|
nailgun_user => $nailgun_user,
|
||||||
|
}
|
||||||
|
|
||||||
|
class { "openstack::clocksync":
|
||||||
|
ntp_servers => $ntp_servers,
|
||||||
|
config_template => "ntp/ntp.conf.centosserver.erb",
|
||||||
|
}
|
||||||
|
|
||||||
|
class { "docker": }
|
45
deployment/puppet/nailgun/manifests/host.pp
Normal file
45
deployment/puppet/nailgun/manifests/host.pp
Normal file
@ -0,0 +1,45 @@
|
|||||||
|
class nailgun::host(
|
||||||
|
$production,
|
||||||
|
$nailgun_group = "nailgun",
|
||||||
|
$nailgun_user = "nailgun",
|
||||||
|
$gem_source = "http://localhost/gems/",
|
||||||
|
)
|
||||||
|
{
|
||||||
|
#Enable cobbler's iptables rules even if Cobbler not called
|
||||||
|
include cobbler::iptables
|
||||||
|
Exec {path => '/usr/bin:/bin:/usr/sbin:/sbin'}
|
||||||
|
|
||||||
|
firewall { '002 accept related established rules':
|
||||||
|
proto => 'all',
|
||||||
|
state => ['RELATED', 'ESTABLISHED'],
|
||||||
|
action => 'accept',
|
||||||
|
} ->
|
||||||
|
class { "nailgun::iptables": }
|
||||||
|
|
||||||
|
nailgun::sshkeygen { "/root/.ssh/id_rsa":
|
||||||
|
homedir => "/root",
|
||||||
|
username => "root",
|
||||||
|
groupname => "root",
|
||||||
|
keytype => "rsa",
|
||||||
|
}
|
||||||
|
|
||||||
|
file { "/etc/ssh/sshd_config":
|
||||||
|
content => template("nailgun/sshd_config.erb"),
|
||||||
|
owner => 'root',
|
||||||
|
group => 'root',
|
||||||
|
mode => '0600',
|
||||||
|
}
|
||||||
|
|
||||||
|
file { "/root/.ssh/config":
|
||||||
|
content => template("nailgun/root_ssh_config.erb"),
|
||||||
|
owner => 'root',
|
||||||
|
group => 'root',
|
||||||
|
mode => '0600',
|
||||||
|
}
|
||||||
|
file { "/var/log/remote":
|
||||||
|
ensure => directory,
|
||||||
|
owner => 'root',
|
||||||
|
group => 'root',
|
||||||
|
mode => '0750',
|
||||||
|
}
|
||||||
|
}
|
@ -56,7 +56,6 @@ class nailgun(
|
|||||||
|
|
||||||
Anchor<| title == "nailgun-begin" |> ->
|
Anchor<| title == "nailgun-begin" |> ->
|
||||||
Class["nailgun::packages"] ->
|
Class["nailgun::packages"] ->
|
||||||
Class["nailgun::iptables"] ->
|
|
||||||
Class["nailgun::nginx-repo"] ->
|
Class["nailgun::nginx-repo"] ->
|
||||||
Exec["start_nginx_repo"] ->
|
Exec["start_nginx_repo"] ->
|
||||||
Class["nailgun::user"] ->
|
Class["nailgun::user"] ->
|
||||||
@ -64,21 +63,23 @@ class nailgun(
|
|||||||
Class["nailgun::venv"] ->
|
Class["nailgun::venv"] ->
|
||||||
Class["nailgun::astute"] ->
|
Class["nailgun::astute"] ->
|
||||||
Class["nailgun::nginx-nailgun"] ->
|
Class["nailgun::nginx-nailgun"] ->
|
||||||
|
Class["nailgun::host"] ->
|
||||||
Class["nailgun::cobbler"] ->
|
Class["nailgun::cobbler"] ->
|
||||||
|
Class["nailgun::gateone"] ->
|
||||||
Class["openstack::logging"] ->
|
Class["openstack::logging"] ->
|
||||||
Class["nailgun::supervisor"] ->
|
Class["nailgun::supervisor"] ->
|
||||||
Anchor<| title == "nailgun-end" |>
|
Anchor<| title == "nailgun-end" |>
|
||||||
|
|
||||||
|
class { 'nailgun::host':
|
||||||
|
production => $production,
|
||||||
|
nailgun_group => $nailgun_group,
|
||||||
|
nailgun_user => $nailgun_user,
|
||||||
|
}
|
||||||
|
|
||||||
class { "nailgun::packages":
|
class { "nailgun::packages":
|
||||||
gem_source => $gem_source,
|
gem_source => $gem_source,
|
||||||
}
|
}
|
||||||
|
|
||||||
firewall { '002 accept related established rules':
|
|
||||||
proto => 'all',
|
|
||||||
state => ['RELATED', 'ESTABLISHED'],
|
|
||||||
action => 'accept',
|
|
||||||
} -> class { "nailgun::iptables": }
|
|
||||||
|
|
||||||
file { ["/etc/nginx/conf.d/default.conf",
|
file { ["/etc/nginx/conf.d/default.conf",
|
||||||
"/etc/nginx/conf.d/virtual.conf",
|
"/etc/nginx/conf.d/virtual.conf",
|
||||||
"/etc/nginx/conf.d/ssl.conf"]:
|
"/etc/nginx/conf.d/ssl.conf"]:
|
||||||
@ -89,7 +90,6 @@ class nailgun(
|
|||||||
Class["nailgun::nginx-nailgun"],
|
Class["nailgun::nginx-nailgun"],
|
||||||
],
|
],
|
||||||
}
|
}
|
||||||
|
|
||||||
class {openstack::logging:
|
class {openstack::logging:
|
||||||
role => 'server',
|
role => 'server',
|
||||||
log_remote => false,
|
log_remote => false,
|
||||||
@ -247,26 +247,4 @@ class nailgun(
|
|||||||
}
|
}
|
||||||
|
|
||||||
class { "nailgun::puppetsync": }
|
class { "nailgun::puppetsync": }
|
||||||
|
|
||||||
nailgun::sshkeygen { "/root/.ssh/id_rsa":
|
|
||||||
homedir => "/root",
|
|
||||||
username => "root",
|
|
||||||
groupname => "root",
|
|
||||||
keytype => "rsa",
|
|
||||||
} ->
|
|
||||||
|
|
||||||
file { "/etc/ssh/sshd_config":
|
|
||||||
content => template("nailgun/sshd_config.erb"),
|
|
||||||
owner => root,
|
|
||||||
group => root,
|
|
||||||
mode => 0600,
|
|
||||||
}
|
|
||||||
|
|
||||||
file { "/root/.ssh/config":
|
|
||||||
content => template("nailgun/root_ssh_config.erb"),
|
|
||||||
owner => root,
|
|
||||||
group => root,
|
|
||||||
mode => 0600,
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user