Added base host only manifest with docker
host.pp added, which assumes the base host roles for all cases of deployment. This includes SSH key generation and iptables. cobbler::iptables calls were modified to allow the class to be included in two places in the manifests to meet both deployment styles. nailgun::iptables is now called from nailgun::host class. Change-Id: Idb016dda6ec64213a7175826de7aae60d3a95158 blueprint fuel-containerization-of-services
This commit is contained in:
parent
d4299afd31
commit
03149c5538
@ -72,12 +72,7 @@ class cobbler(
|
||||
|
||||
class { ::cobbler::packages : }
|
||||
class { ::cobbler::selinux : }
|
||||
if $production !~ /docker/ {
|
||||
class { ::cobbler::iptables : }
|
||||
|
||||
Class["::cobbler::iptables"] ->
|
||||
Class["::cobbler::server"]
|
||||
}
|
||||
include ::cobbler::iptables
|
||||
class { ::cobbler::snippets : }
|
||||
class { ::cobbler::server :
|
||||
domain_name => $domain_name,
|
||||
|
23
deployment/puppet/docker/manifests/init.pp
Normal file
23
deployment/puppet/docker/manifests/init.pp
Normal file
@ -0,0 +1,23 @@
|
||||
class docker (
|
||||
$limit = "102400",
|
||||
$docker_package = "docker-io",
|
||||
$docker_service = "docker",
|
||||
) {
|
||||
|
||||
package {$docker_package:
|
||||
ensure => installed,
|
||||
}
|
||||
|
||||
service {$docker_service:
|
||||
enable => true,
|
||||
ensure => running,
|
||||
require => Package[$docker_package],
|
||||
}
|
||||
file { "/etc/sysconfig/docker":
|
||||
content => template("docker/settings.erb"),
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => 0644,
|
||||
notify => Service["docker"],
|
||||
}
|
||||
}
|
2
deployment/puppet/docker/templates/settings.erb
Normal file
2
deployment/puppet/docker/templates/settings.erb
Normal file
@ -0,0 +1,2 @@
|
||||
other_args=""
|
||||
ulimit <%= @limit %>
|
24
deployment/puppet/nailgun/examples/host-only.pp
Normal file
24
deployment/puppet/nailgun/examples/host-only.pp
Normal file
@ -0,0 +1,24 @@
|
||||
$fuel_settings = parseyaml($astute_settings_yaml)
|
||||
$fuel_version = parseyaml($fuel_version_yaml)
|
||||
|
||||
if is_hash($::fuel_version) and $::fuel_version['VERSION'] and
|
||||
$::fuel_version['VERSION']['production'] {
|
||||
$production = $::fuel_version['VERSION']['production']
|
||||
}
|
||||
else {
|
||||
$production = 'dev'
|
||||
}
|
||||
|
||||
|
||||
class { 'nailgun::host':
|
||||
production => $production,
|
||||
nailgun_group => $nailgun_group,
|
||||
nailgun_user => $nailgun_user,
|
||||
}
|
||||
|
||||
class { "openstack::clocksync":
|
||||
ntp_servers => $ntp_servers,
|
||||
config_template => "ntp/ntp.conf.centosserver.erb",
|
||||
}
|
||||
|
||||
class { "docker": }
|
45
deployment/puppet/nailgun/manifests/host.pp
Normal file
45
deployment/puppet/nailgun/manifests/host.pp
Normal file
@ -0,0 +1,45 @@
|
||||
class nailgun::host(
|
||||
$production,
|
||||
$nailgun_group = "nailgun",
|
||||
$nailgun_user = "nailgun",
|
||||
$gem_source = "http://localhost/gems/",
|
||||
)
|
||||
{
|
||||
#Enable cobbler's iptables rules even if Cobbler not called
|
||||
include cobbler::iptables
|
||||
Exec {path => '/usr/bin:/bin:/usr/sbin:/sbin'}
|
||||
|
||||
firewall { '002 accept related established rules':
|
||||
proto => 'all',
|
||||
state => ['RELATED', 'ESTABLISHED'],
|
||||
action => 'accept',
|
||||
} ->
|
||||
class { "nailgun::iptables": }
|
||||
|
||||
nailgun::sshkeygen { "/root/.ssh/id_rsa":
|
||||
homedir => "/root",
|
||||
username => "root",
|
||||
groupname => "root",
|
||||
keytype => "rsa",
|
||||
}
|
||||
|
||||
file { "/etc/ssh/sshd_config":
|
||||
content => template("nailgun/sshd_config.erb"),
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0600',
|
||||
}
|
||||
|
||||
file { "/root/.ssh/config":
|
||||
content => template("nailgun/root_ssh_config.erb"),
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0600',
|
||||
}
|
||||
file { "/var/log/remote":
|
||||
ensure => directory,
|
||||
owner => 'root',
|
||||
group => 'root',
|
||||
mode => '0750',
|
||||
}
|
||||
}
|
@ -56,7 +56,6 @@ class nailgun(
|
||||
|
||||
Anchor<| title == "nailgun-begin" |> ->
|
||||
Class["nailgun::packages"] ->
|
||||
Class["nailgun::iptables"] ->
|
||||
Class["nailgun::nginx-repo"] ->
|
||||
Exec["start_nginx_repo"] ->
|
||||
Class["nailgun::user"] ->
|
||||
@ -64,21 +63,23 @@ class nailgun(
|
||||
Class["nailgun::venv"] ->
|
||||
Class["nailgun::astute"] ->
|
||||
Class["nailgun::nginx-nailgun"] ->
|
||||
Class["nailgun::host"] ->
|
||||
Class["nailgun::cobbler"] ->
|
||||
Class["nailgun::gateone"] ->
|
||||
Class["openstack::logging"] ->
|
||||
Class["nailgun::supervisor"] ->
|
||||
Anchor<| title == "nailgun-end" |>
|
||||
|
||||
class { 'nailgun::host':
|
||||
production => $production,
|
||||
nailgun_group => $nailgun_group,
|
||||
nailgun_user => $nailgun_user,
|
||||
}
|
||||
|
||||
class { "nailgun::packages":
|
||||
gem_source => $gem_source,
|
||||
}
|
||||
|
||||
firewall { '002 accept related established rules':
|
||||
proto => 'all',
|
||||
state => ['RELATED', 'ESTABLISHED'],
|
||||
action => 'accept',
|
||||
} -> class { "nailgun::iptables": }
|
||||
|
||||
file { ["/etc/nginx/conf.d/default.conf",
|
||||
"/etc/nginx/conf.d/virtual.conf",
|
||||
"/etc/nginx/conf.d/ssl.conf"]:
|
||||
@ -89,7 +90,6 @@ class nailgun(
|
||||
Class["nailgun::nginx-nailgun"],
|
||||
],
|
||||
}
|
||||
|
||||
class {openstack::logging:
|
||||
role => 'server',
|
||||
log_remote => false,
|
||||
@ -247,26 +247,4 @@ class nailgun(
|
||||
}
|
||||
|
||||
class { "nailgun::puppetsync": }
|
||||
|
||||
nailgun::sshkeygen { "/root/.ssh/id_rsa":
|
||||
homedir => "/root",
|
||||
username => "root",
|
||||
groupname => "root",
|
||||
keytype => "rsa",
|
||||
} ->
|
||||
|
||||
file { "/etc/ssh/sshd_config":
|
||||
content => template("nailgun/sshd_config.erb"),
|
||||
owner => root,
|
||||
group => root,
|
||||
mode => 0600,
|
||||
}
|
||||
|
||||
file { "/root/.ssh/config":
|
||||
content => template("nailgun/root_ssh_config.erb"),
|
||||
owner => root,
|
||||
group => root,
|
||||
mode => 0600,
|
||||
}
|
||||
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user