openstack/fuel-library
Code Issues Proposed changes

Switch to puppet-community/mcollective module

Browse Source 
Our in-house module hasn't received much maintenance during last
releases, and the external one will allow us to use SSL for secure
mcollective communication.

The new module pulls richardc/datacat as a dependency.

Closes-Bug: 1508058
Depends-On: I26ac4110e1e2abd9ea2caa4954958a161dc5e204
Change-Id: I1657ce22be62414abd4a407a5d28292f25915a7b
This commit is contained in:
Bartłomiej Piotrowski 2015-10-21 13:26:32 +02:00
parent 9e565fa855
commit ef39cb60cc
21 changed files with 175 additions and 907 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
deployment/Puppetfile
View File

@ -185,3 +185,13 @@ mod 'ironic',
mod 'murano',
:git => 'https://review.fuel-infra.org/p/puppet-modules/puppet-murano.git',
:ref => '7.0.0-mos-rc1'
# Pull in richardc-datacat
mod 'datacat',
:git => 'https://review.fuel-infra.org/p/puppet-modules/richardc-datacat.git',
:ref => '0.5.0'
# Pull in puppet-mcollective
mod 'mcollective',
:git => 'https://review.fuel-infra.org/p/puppet-modules/puppet-mcollective.git',
:ref => 'v2.1.1'

5
deployment/puppet/mcollective/.gitignore vendored
View File

@ -1,5 +0,0 @@
*.swp
pkg/
.DS_Store
metadata.json
coverage/

27
deployment/puppet/mcollective/.project
View File

@ -1,27 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<projectDescription>
<name>mcollective</name>
<comment></comment>
<projects>
<project>ntp</project>
<project>openstack</project>
<project>rabbitmq</project>
<project>stdlib</project>
</projects>
<buildSpec>
<buildCommand>
<name>org.cloudsmith.geppetto.pp.dsl.ui.modulefileBuilder</name>
<arguments>
</arguments>
</buildCommand>
<buildCommand>
<name>org.eclipse.xtext.ui.shared.xtextBuilder</name>
<arguments>
</arguments>
</buildCommand>
</buildSpec>
<natures>
<nature>org.cloudsmith.geppetto.pp.dsl.ui.puppetNature</nature>
<nature>org.eclipse.xtext.ui.shared.xtextNature</nature>
</natures>
</projectDescription>

10
deployment/puppet/mcollective/Modulefile
View File

@ -1,10 +0,0 @@
name 'Mirantis Inc.-mcollective'
version '0.0.1'
author 'Mirantis Inc.'
license 'Apache License 2.0'
project_page 'http://mirantis.com'
source 'gitolite@gitolite.mirantis.com:fuel/deployment/puppet/mcollective.git'
summary 'Mirantis Mcollective Module'
description 'Module to install mcollective orchestration node'
dependency 'puppetlabs/openstack', '==0.2.0'

18
deployment/puppet/mcollective/examples/mcollective-client-only.pp
View File

@ -1,18 +0,0 @@
$fuel_settings = parseyaml($astute_settings_yaml)
$mco_host = $::fuel_settings['ADMIN_NETWORK']['ipaddress']
$mco_pskey = "unset"
$mco_vhost = "mcollective"
$mco_user = $::fuel_settings['mcollective']['user']
$mco_password = $::fuel_settings['mcollective']['password']
$mco_connector = "rabbitmq"
class { "mcollective::client":
pskey => $::mco_pskey,
vhost => $::mco_vhost,
user => $::mco_user,
password => $::mco_password,
host => $::mco_host,
stomp => false,
}

20
deployment/puppet/mcollective/examples/mcollective-server-only.pp
View File

@ -1,20 +0,0 @@
$fuel_settings = parseyaml($astute_settings_yaml)
$mco_host = $::fuel_settings['ADMIN_NETWORK']['ipaddress']
$mco_pskey = "unset"
$mco_vhost = "mcollective"
$mco_user = $::fuel_settings['mcollective']['user']
$mco_password = $::fuel_settings['mcollective']['password']
$mco_connector = "rabbitmq"
class { "mcollective::server":
pskey => $::mco_pskey,
vhost => $::mco_vhost,
user => $::mco_user,
password => $::mco_password,
host => $::mco_host,
stomp => false,
}
class { 'nailgun::mcollective': }

48
deployment/puppet/mcollective/examples/site.pp
View File

@ -1,48 +0,0 @@
# Copyright 2013 Mirantis, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
$user="mcollective"
$password="AeN5mi5thahz2Aiveexo"
$pskey="un0aez2ei9eiGaequaey4loocohjuch4Ievu3shaeweeg5Uthi"
$host="127.0.0.1"
$stompport="61613"
$mirror_type="external"
stage { 'puppetlabs-repo': before => Stage['main'] }
class { '::openstack::puppetlabs_repos': stage => 'puppetlabs-repo'}
class { '::openstack::mirantis_repos':
stage => 'puppetlabs-repo',
type=>$mirror_type,
disable_puppet_labs_repos => false,
}
node /fuel-mcollective.localdomain/ {
class { mcollective::rabbitmq:
user => $user,
password => $password,
}
class { mcollective::client:
pskey => $pskey,
user => $user,
password => $password,
host => $host,
stompport => $stompport
}
class { 'ntp':}
}

68
deployment/puppet/mcollective/manifests/client.pp
View File

@ -1,68 +0,0 @@
# Copyright 2013 Mirantis, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
class mcollective::client(
$pskey = "secret",
$user = "mcollective",
$password = "mcollective",
$host = "127.0.0.1",
$stompport = "61613",
$vhost = "mcollective",
$stomp = false,
){
include mcollective::clientpackages
case $::osfamily {
'Debian': {
$mcollective_client_config_template="mcollective/client.cfg.ubuntu.erb"
$mcollective_agent_path = "/usr/share/mcollective/plugins/mcollective/agent"
}
'RedHat': {
$mcollective_client_config_template="mcollective/client.cfg.erb"
$mcollective_agent_path = "/usr/libexec/mcollective/mcollective/agent"
}
default: {
fail("Unsupported osfamily: ${osfamily} for os ${operatingsystem}")
}
}
file { "/etc/mcollective": ensure => directory }
file { "/etc/mcollective/client.cfg":
ensure => present,
content => template($mcollective_client_config_template),
owner => 'root',
group => 'root',
mode => '0600',
require => Class['::mcollective::clientpackages'],
}
###DEPRECATED - RETAINED FROM OLD FUEL VERSIONS####
# file {"${mcollective_agent_path}/puppetd.ddl" :
# content => template("mcollective/puppetd.ddl.erb"),
# owner => root,
# group => root,
# mode => 0600,
# require => Package[$mcollective_client_package],
# }
#
# file {"${mcollective_agent_path}/puppetd.rb" :
# content => template("mcollective/puppetd.rb.erb"),
# owner => root,
# group => root,
# mode => 0600,
# require => Package[$mcollective_client_package],
# }
}

33
deployment/puppet/mcollective/manifests/clientpackages.pp
View File

@ -1,33 +0,0 @@
# Copyright 2013 Mirantis, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
class mcollective::clientpackages
{
case $::rubyversion {
'2.1.1': {
$mcollective_client_package = "ruby21-rubygem-mcollective-client"
package { 'ruby21-nailgun-mcagents': }
}
'1.8.7': {
$mcollective_client_package = "mcollective-client"
package { 'nailgun-mcagents': }
}
}
package { $mcollective_client_package :
ensure => 'present',
}
}

158
deployment/puppet/mcollective/manifests/rabbitmq.pp
View File

@ -1,158 +0,0 @@
# Copyright 2013 Mirantis, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
class mcollective::rabbitmq (
$user = "mcollective",
$password = "mcollective",
$stompport = "61613",
$management_port = "15672",
$stomp = false,
$vhost = "mcollective",) {
define access_to_rabbitmq_port ($port, $protocol = 'tcp') {
$rule = "-p $protocol -m state --state NEW -m $protocol --dport $port -j ACCEPT"
exec { "access_to_cobbler_${protocol}_port: $port":
command => "iptables -t filter -I INPUT 1 $rule; \
/etc/init.d/iptables save",
unless => "iptables -t filter -S INPUT | grep -q \"^-A INPUT $rule\"",
path => '/bin:/usr/bin:/sbin:/usr/sbin',
}
}
# unused code from fuelweb. will be deleted in next release
# define mcollective_rabbitmq_safe_package(){
# if ! defined(Package[$name]){
# @package { $name : }
# }
# }
case $::osfamily {
'Debian' : {
}
'RedHat' : {
access_to_rabbitmq_port { "${stompport}_tcp": port => $stompport }
}
default : {
fail("Unsupported osfamily: ${osfamily} for os ${operatingsystem}")
}
}
# NOTE(bogdando) indentation is important
$rabbit_tcp_listen_options =
'[
binary,
{packet, raw},
{reuseaddr, true},
{backlog, 128},
{nodelay, true},
{exit_on_close, false},
{keepalive, true}
]'
$thread_pool_calc = min(100,max(12*$physicalprocessorcount,30))
# NOTE(bogdando) this requires rabbitmq>=4.0 module
class { '::rabbitmq':
admin_enable => true,
repos_ensure => false,
package_provider => 'yum',
package_source => undef,
service_ensure => 'running',
delete_guest_user => true,
config_cluster => false,
cluster_nodes => [],
config_stomp => true,
stomp_port => $stompport,
node_ip_address => 'UNSET',
config_kernel_variables => {
'inet_dist_listen_min' => '41055',
'inet_dist_listen_max' => '41055',
'inet_default_connect_options' => '[{nodelay,true}]',
},
config_variables => {
'log_levels' => '[connection,debug,info,error]',
'default_vhost' => '<<"">>',
'default_permissions' => '[<<".*">>, <<".*">>, <<".*">>]',
'tcp_listen_options' => $rabbit_tcp_listen_options,
},
environment_variables => {
'SERVER_ERL_ARGS' => "\"+K true +A${thread_pool_calc} +P 1048576\"",
},
}
if $stomp {
$actual_vhost = "/"
} else {
rabbitmq_vhost { $vhost: }
$actual_vhost = $vhost
}
rabbitmq_user { $user:
admin => true,
password => $password,
provider => 'rabbitmqctl',
require => Class['::rabbitmq'],
}
rabbitmq_user_permissions { "${user}@${actual_vhost}":
configure_permission => '.*',
write_permission => '.*',
read_permission => '.*',
provider => 'rabbitmqctl',
require => [Class['::rabbitmq'], Rabbitmq_user[$user],]
}
file { "/etc/rabbitmq/enabled_plugins":
content => template("mcollective/enabled_plugins.erb"),
owner => root,
group => root,
mode => 0644,
require => Package["rabbitmq-server"],
notify => Service["rabbitmq-server"],
}
Rabbitmq_user <| |> -> Exec['rabbitmq_restart']
Rabbitmq_user_permissions <| |> -> Exec['rabbitmq_restart']
File['/etc/rabbitmq/enabled_plugins'] -> Exec['rabbitmq_restart']
exec { 'rabbitmq_restart':
command => 'service rabbitmq-server restart',
path => ['/bin', '/sbin', '/usr/bin', '/usr/sbin'],
}
exec { 'create-mcollective-directed-exchange':
command => "curl -i -u ${user}:${password} -H \"content-type:application/json\" -XPUT \
-d'{\"type\":\"direct\",\"durable\":true}' http://localhost:${management_port}/api/exchanges/${actual_vhost}/mcollective_directed",
logoutput => true,
require => [Service['rabbitmq-server'], Rabbitmq_user_permissions["${user}@${actual_vhost}"]],
path => '/bin:/usr/bin:/sbin:/usr/sbin',
tries => 10,
try_sleep => 3,
}
exec { 'create-mcollective-broadcast-exchange':
command => "curl -i -u ${user}:${password} -H \"content-type:application/json\" -XPUT \
-d'{\"type\":\"topic\",\"durable\":true}' http://localhost:${management_port}/api/exchanges/${actual_vhost}/mcollective_broadcast",
logoutput => true,
require => [Service['rabbitmq-server'], Rabbitmq_user_permissions["${user}@${actual_vhost}"]],
path => '/bin:/usr/bin:/sbin:/usr/sbin',
tries => 10,
try_sleep => 3,
}
}

67
deployment/puppet/mcollective/manifests/server.pp
View File

@ -1,67 +0,0 @@
# Copyright 2013 Mirantis, Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
class mcollective::server(
$pskey = "secret",
$user = "mcollective",
$password = "mcollective",
$host = "127.0.0.1",
$stompport = "61613",
$vhost = "mcollective",
$stomp = false,
){
include mcollective::clientpackages
case $operatingsystem {
/(?i)(centos|redhat)/: {
# THIS PACKAGE ALSO INSTALLS REQUIREMENTS
case $::rubyversion {
# ruby21-mcollective-common
# ruby21-rubygem-stomp
'2.1.1': {
$mcollective_package = "ruby21-mcollective"
}
# mcollective-common
# rubygems
# rubygem-stomp
'1.8.7': {
$mcollective_package = "mcollective"
}
}
}
default: {
fail("Unsupported operating system: ${operatingsystem}")
}
}
package { $mcollective_package : }
file {"/etc/mcollective/server.cfg" :
content => template("mcollective/server.cfg.erb"),
owner => root,
group => root,
mode => 0600,
require => Package[$mcollective_package],
notify => Service['mcollective'],
}
service { "mcollective":
enable => true,
ensure => "running",
require => File["/etc/mcollective/server.cfg"],
}
}

36
deployment/puppet/mcollective/templates/client.cfg.erb
View File

@ -1,36 +0,0 @@
main_collective = mcollective
collectives = mcollective
libdir = /usr/libexec/mcollective
logfile = /var/log/mcollective.log
loglevel = info
direct_addressing = 1
# Plugins
securityprovider = psk
plugin.psk = <%= @pskey %>
# Set huge value of ttl to avoid cases with unsyncronized time between nodes
# It means that ttl approximately equal to 50 days
ttl = 4294957
<% if @stomp -%>
connector = stomp
plugin.stomp.host = <%= @host %>
plugin.stomp.port = <%= @stompport %>
plugin.stomp.user = <%= @user %>
plugin.stomp.password = <%= @password %>
<% else -%>
connector = rabbitmq
plugin.rabbitmq.vhost = <%= @vhost %>
plugin.rabbitmq.pool.size = 1
plugin.rabbitmq.pool.1.host = <%= @host %>
plugin.rabbitmq.pool.1.port = <%= @stompport %>
plugin.rabbitmq.pool.1.user = <%= @user %>
plugin.rabbitmq.pool.1.password = <%= @password %>
plugin.rabbitmq.heartbeat_interval = 30
<% end -%>
# Facts
factsource = yaml
plugin.yaml = /etc/mcollective/facts.yaml

36
deployment/puppet/mcollective/templates/client.cfg.ubuntu.erb
View File

@ -1,36 +0,0 @@
main_collective = mcollective
collectives = mcollective
libdir = /usr/share/mcollective/plugins
logfile = /var/log/mcollective.log
loglevel = info
direct_addressing = 1
# Plugins
securityprovider = psk
plugin.psk = <%= @pskey %>
# Set huge value of ttl to avoid cases with unsyncronized time between nodes
# It means that ttl approximately equal to 50 days
ttl = 4294957
<% if @stomp -%>
connector = stomp
plugin.stomp.host = <%= @host %>
plugin.stomp.port = <%= @stompport %>
plugin.stomp.user = <%= @user %>
plugin.stomp.password = <%= @password %>
<% else -%>
connector = rabbitmq
plugin.rabbitmq.vhost = <%= @vhost %>
plugin.rabbitmq.pool.size = 1
plugin.rabbitmq.pool.1.host = <%= @host %>
plugin.rabbitmq.pool.1.port = <%= @stompport %>
plugin.rabbitmq.pool.1.user = <%= @user %>
plugin.rabbitmq.pool.1.password = <%= @password %>
plugin.rabbitmq.heartbeat_interval = 30
<% end -%>
# Facts
factsource = yaml
plugin.yaml = /etc/mcollective/facts.yaml

1
deployment/puppet/mcollective/templates/enabled_plugins.erb
View File

@ -1 +0,0 @@
[amqp_client,rabbitmq_stomp,rabbitmq_management].

88
deployment/puppet/mcollective/templates/puppetd.ddl.erb
View File

@ -1,88 +0,0 @@
metadata :name => "puppetd",
:description => "Run puppet agent, get its status, and enable/disable it",
:author => "R.I.Pienaar",
:license => "Apache License 2.0",
:version => "1.8",
:url => "https://github.com/puppetlabs/mcollective-plugins",
:timeout => 120
action "last_run_summary", :description => "Get a summary of the last puppet run" do
display :always
output :time,
:description => "Time per resource type",
:display_as => "Times"
output :resources,
:description => "Overall resource counts",
:display_as => "Resources"
output :changes,
:description => "Number of changes",
:display_as => "Changes"
output :events,
:description => "Number of events",
:display_as => "Events"
output :version,
:description => "Puppet and Catalog versions",
:display_as => "Versions"
end
action "enable", :description => "Enable puppet agent" do
output :output,
:description => "String indicating status",
:display_as => "Status"
end
action "disable", :description => "Disable puppet agent" do
output :output,
:description => "String indicating status",
:display_as => "Status"
end
action "runonce", :description => "Invoke a single puppet run" do
#input :forcerun,
# :prompt => "Force puppet run",
# :description => "Should the puppet run happen immediately?",
# :type => :string,
# :validation => '^.+$',
# :optional => true,
# :maxlength => 5
output :output,
:description => "Output from puppet agent",
:display_as => "Output"
end
action "status", :description => "Get puppet agent's status" do
display :always
output :status,
:description => "The status of the puppet agent: disabled, running, idling or stopped",
:display_as => "Status"
output :enabled,
:description => "Whether puppet agent is enabled",
:display_as => "Enabled"
output :running,
:description => "Whether puppet agent is running",
:display_as => "Running"
output :idling,
:description => "Whether puppet agent is idling",
:display_as => "Idling"
output :stopped,
:description => "Whether puppet agent is stopped",
:display_as => "Stopped"
output :lastrun,
:description => "When puppet agent last ran",
:display_as => "Last Run"
output :output,
:description => "String displaying agent status",
:display_as => "Status"
end

185
deployment/puppet/mcollective/templates/puppetd.rb.erb
View File

@ -1,185 +0,0 @@
module MCollective
module Agent
# An agent to manage the Puppet Daemon
#
# Configuration Options:
# puppetd.splaytime - Number of seconds within which to splay; no splay
# by default
# puppetd.statefile - Where to find the state.yaml file; defaults to
# /var/lib/puppet/state/state.yaml
# puppetd.lockfile - Where to find the lock file; defaults to
# /var/lib/puppet/state/puppetdlock
# puppetd.puppetd - Where to find the puppet agent binary; defaults to
# /usr/bin/puppet agent
# puppetd.summary - Where to find the summary file written by Puppet
# 2.6.8 and newer; defaults to
# /var/lib/puppet/state/last_run_summary.yaml
# puppetd.pidfile - Where to find puppet agent's pid file; defaults to
# /var/run/puppet/agent.pid
class Puppetd<RPC::Agent
def startup_hook
@splaytime = @config.pluginconf["puppetd.splaytime"].to_i || 0
@lockfile = @config.pluginconf["puppetd.lockfile"] || "/var/lib/puppet/state/puppetdlock"
@statefile = @config.pluginconf["puppetd.statefile"] || "/var/lib/puppet/state/state.yaml"
@pidfile = @config.pluginconf["puppet.pidfile"] || "/var/run/puppet/agent.pid"
@puppetd = @config.pluginconf["puppetd.puppetd"] || "/usr/bin/puppet agent"
@last_summary = @config.pluginconf["puppet.summary"] || "/var/lib/puppet/state/last_run_summary.yaml"
end
action "last_run_summary" do
last_run_summary
set_status
end
action "enable" do
enable
end
action "disable" do
disable
end
action "runonce" do
runonce
end
action "status" do
set_status
end
private
def last_run_summary
# wrap into begin..rescue: fixes PRD-252
begin
summary = YAML.load_file(@last_summary)
rescue
summary = {}
end
# It should be empty hash, if 'resources' key is not defined, because otherwise merge will fail with TypeError
summary["resources"] ||= {}
# Astute relies on last_run, so we must set last_run
summary["time"] ||= {}
summary["time"]["last_run"] ||= 0
# if 'failed' is not provided, it means something is wrong. So default value is 1.
reply[:resources] = {"failed"=>1, "changed"=>0, "total"=>0, "restarted"=>0, "out_of_sync"=>0}.merge(summary["resources"])
["time", "events", "changes", "version"].each do |dat|
reply[dat.to_sym] = summary[dat]
end
end
def set_status
reply[:status] = puppet_daemon_status
reply[:running] = reply[:status] == 'running' ? 1 : 0
reply[:enabled] = reply[:status] == 'disabled' ? 0 : 1
reply[:idling] = reply[:status] == 'idling' ? 1 : 0
reply[:stopped] = reply[:status] == 'stopped' ? 1 : 0
reply[:lastrun] = 0
reply[:lastrun] = File.stat(@statefile).mtime.to_i if File.exists?(@statefile)
reply[:runtime] = Time.now.to_i - reply[:lastrun]
reply[:output] = "Currently #{reply[:status]}; last completed run #{reply[:runtime]} seconds ago"
end
def puppet_daemon_status
locked = File.exists?(@lockfile)
disabled = locked && File::Stat.new(@lockfile).zero?
has_pid = File.exists?(@pidfile)
return 'disabled' if disabled
return 'running' if locked && has_pid
return 'idling' if ! locked && has_pid
return 'stopped' if ! has_pid
end
def runonce
set_status
case (reply[:status])
when 'disabled' then # can't run
reply.fail "Empty Lock file exists; puppet agent is disabled."
when 'running' then # can't run two simultaniously
reply.fail "Lock file and PID file exist; puppet agent is running."
when 'idling' then # signal daemon
pid = File.read(@pidfile)
if pid !~ /^\d+$/
reply.fail "PID file does not contain a PID; got #{pid.inspect}"
else
begin
::Process.kill(0, Integer(pid)) # check that pid is alive
# REVISIT: Should we add an extra round of security here, and
# ensure that the PID file is securely owned, or that the target
# process looks like Puppet? Otherwise a malicious user could
# theoretically signal arbitrary processes with this...
begin
::Process.kill("USR1", Integer(pid))
reply[:output] = "Signalled daemonized puppet agent to run (process #{Integer(pid)}); " + (reply[:output] || '')
rescue Exception => e
reply.fail "Failed to signal the puppet agent daemon (process #{pid}): #{e}"
end
rescue Errno::ESRCH => e
# PID is invalid, run puppet onetime as usual
runonce_background
end
end
when 'stopped' then # just run
runonce_background
else
reply.fail "Unknown puppet agent status: #{reply[:status]}"
end
end
def runonce_background
cmd = [@puppetd, "--onetime", "--logdest", 'syslog']
unless request[:forcerun]
if @splaytime && @splaytime > 0
cmd << "--splaylimit" << @splaytime << "--splay"
end
end
cmd = cmd.join(" ")
output = reply[:output] || ''
run(cmd, :stdout => :output, :chomp => true)
reply[:output] = "Called #{cmd}, " + output + (reply[:output] || '')
end
def enable
if File.exists?(@lockfile)
stat = File::Stat.new(@lockfile)
if stat.zero?
File.unlink(@lockfile)
reply[:output] = "Lock removed"
else
reply[:output] = "Currently running; can't remove lock"
end
else
reply.fail "Already enabled"
end
end
def disable
if File.exists?(@lockfile)
stat = File::Stat.new(@lockfile)
stat.zero? ? reply.fail("Already disabled") : reply.fail("Currently running; can't remove lock")
else
begin
File.open(@lockfile, "w") { |file| }
reply[:output] = "Lock created"
rescue Exception => e
reply.fail "Could not create lock: #{e}"
end
end
end
end
end
end
# vi:tabstop=2:expandtab:ai:filetype=ruby

38
deployment/puppet/mcollective/templates/server.cfg.erb
View File

@ -1,38 +0,0 @@
main_collective = mcollective
collectives = mcollective
libdir = /usr/libexec/mcollective
logfile = /var/log/mcollective.log
loglevel = debug
direct_addressing = 1
daemonize = 1
identity = master
# Set huge value of ttl to avoid cases with unsyncronized time between nodes
# It means that ttl approximately equal to 50 days
ttl = 4294957
# Plugins
securityprovider = psk
plugin.psk = <%= @pskey %>
<% if @stomp -%>
connector = stomp
plugin.stomp.host = <%= @host %>
plugin.stomp.port = <%= @stompport %>
plugin.stomp.user = <%= @user %>
plugin.stomp.password = <%= @password %>
<% else -%>
connector = rabbitmq
plugin.rabbitmq.vhost = <%= @vhost %>
plugin.rabbitmq.pool.size = 1
plugin.rabbitmq.pool.1.host = <%= @host %>
plugin.rabbitmq.pool.1.port = <%= @stompport %>
plugin.rabbitmq.pool.1.user = <%= @user %>
plugin.rabbitmq.pool.1.password = <%= @password %>
plugin.rabbitmq.heartbeat_interval = 30
<% end -%>
# Facts
factsource = yaml
plugin.yaml = /etc/mcollective/facts.yaml

147
deployment/puppet/nailgun/examples/astute-only.pp
View File

@ -1,67 +1,104 @@
$fuel_settings = parseyaml($astute_settings_yaml)
if $::fuel_settings['PRODUCTION'] {
$production = $::fuel_settings['PRODUCTION']
}
else {
$production = 'docker'
}
$production = pick($::fuel_settings['PRODUCTION'], 'docker')
$bootstrap_settings = pick($::fuel_settings['BOOTSTRAP'], {})
$bootstrap_flavor = pick($bootstrap_settings['flavor'], 'centos')
$bootstrap_flavor = pick($bootstrap_settings['flavor'], 'centos')
if $production == 'prod'{
$env_path = "/usr"
$staticdir = "/usr/share/nailgun/static"
if $production == 'prod' {
$env_path = '/usr'
$staticdir = '/usr/share/nailgun/static'
} else {
$env_path = "/opt/nailgun"
$staticdir = "/opt/nailgun/share/nailgun/static"
$env_path = '/opt/nailgun'
$staticdir = '/opt/nailgun/share/nailgun/static'
}
# this replaces removed postgresql version fact
$postgres_default_version = '9.3'
$mco_host = $::fuel_settings['ADMIN_NETWORK']['ipaddress']
$mco_port = '61613'
$mco_pskey = 'unset'
$mco_vhost = 'mcollective'
$mco_user = $::fuel_settings['mcollective']['user']
$mco_password = $::fuel_settings['mcollective']['password']
$mco_connector = 'rabbitmq'
$mco_host = $::fuel_settings['ADMIN_NETWORK']['ipaddress']
$mco_pskey = "unset"
$mco_vhost = "mcollective"
$mco_user = $::fuel_settings['mcollective']['user']
$mco_password = $::fuel_settings['mcollective']['password']
$mco_connector = "rabbitmq"
$rabbitmq_astute_user = $::fuel_settings['astute']['user']
$rabbitmq_astute_user = $::fuel_settings['astute']['user']
$rabbitmq_astute_password = $::fuel_settings['astute']['password']
node default {
Exec {path => '/usr/bin:/bin:/usr/sbin:/sbin'}
Class['docker::container'] ->
Class['nailgun::astute'] ->
Class['nailgun::supervisor']
class {'docker::container': }
class {"nailgun::astute":
production => $production,
rabbitmq_host => $::fuel_settings['ADMIN_NETWORK']['ipaddress'],
rabbitmq_astute_user => $rabbitmq_astute_user,
rabbitmq_astute_password => $rabbitmq_astute_password,
version => '0.1.0',
bootstrap_flavor => $bootstrap_flavor,
}
package { "supervisor": } ->
class { "nailgun::supervisor":
nailgun_env => $env_path,
ostf_env => $env_path,
conf_file => "nailgun/supervisord.conf.astute.erb",
}
class { "mcollective::client":
pskey => $::mco_pskey,
vhost => $::mco_vhost,
user => $::mco_user,
password => $::mco_password,
host => $::mco_host,
stomp => false,
$mco_settings = {
'ttl' => {
value => '4294957'
},
'direct_addressing' => {
value => '1'
},
'plugin.rabbitmq.vhost' => {
value => $mco_vhost
},
'plugin.rabbitmq.pool.size' => {
value => '1'
},
'plugin.rabbitmq.pool.1.host' => {
value => $mco_host
},
'plugin.rabbitmq.pool.1.port' => {
value => $mco_port
},
'plugin.rabbitmq.pool.1.user' => {
value => $mco_user
},
'plugin.rabbitmq.pool.1.password' => {
value => $mco_password
},
'plugin.rabbitmq.heartbeat_interval' => {
value => '30'
}
}
if $::osfamily == 'RedHat' {
case $operatingsystemmajrelease {
'6': {
$mco_packages = ['ruby21-rubygem-mcollective-client',
'ruby21-nailgun-mcagents']
}
'7': {
$mco_packages = ['mcollective-client', 'nailgun-mcagents']
}
default: {
fail("Unsupported ${::osfamily} release: ${::operatingsystemmajrelease}")
}
}
}
ensure_packages($mco_packages)
Class['docker::container'] ->
Class['nailgun::astute'] ->
Class['nailgun::supervisor']
class { 'docker::container': }
class { 'nailgun::astute':
production => $production,
rabbitmq_host => $::fuel_settings['ADMIN_NETWORK']['ipaddress'],
rabbitmq_astute_user => $rabbitmq_astute_user,
rabbitmq_astute_password => $rabbitmq_astute_password,
bootstrap_flavor => $bootstrap_flavor,
}
package { 'supervisor': } ->
class { 'nailgun::supervisor':
nailgun_env => $env_path,
ostf_env => $env_path,
conf_file => 'nailgun/supervisord.conf.astute.erb',
}
class { '::mcollective':
connector => 'rabbitmq',
middleware_hosts => [$mco_hosts],
psk => $mco_pskey,
server => false,
client => true,
manage_packages => false,
require => Package[$mco_packages],
}
create_resources(mcollective::client::setting, $mco_settings, { 'order' => 90 })

72
deployment/puppet/nailgun/examples/mcollective-only.pp Normal file
View File

@ -0,0 +1,72 @@
$fuel_settings = parseyaml($astute_settings_yaml)
$mco_host = $::fuel_settings['ADMIN_NETWORK']['ipaddress']
$mco_port = '61613'
$mco_pskey = 'unset'
$mco_vhost = 'mcollective'
$mco_user = $::fuel_settings['mcollective']['user']
$mco_password = $::fuel_settings['mcollective']['password']
$mco_connector = 'rabbitmq'
$mco_settings = {
'identity' => {
value => 'master'
},
'ttl' => {
value => '4294957'
},
'direct_addressing' => {
value => '1'
},
'plugin.rabbitmq.vhost' => {
value => $mco_vhost
},
'plugin.rabbitmq.pool.1.host' => {
value => $mco_host
},
'plugin.rabbitmq.pool.1.port' => {
value => $mco_port
},
'plugin.rabbitmq.pool.1.user' => {
value => $mco_user
},
'plugin.rabbitmq.pool.1.password' => {
value => $mco_password
},
'plugin.rabbitmq.heartbeat_interval' => {
value => '30'
}
}
if $::osfamily == 'RedHat' {
case $operatingsystemmajrelease {
'6': {
$mco_packages = ['ruby21-mcollective', 'ruby21-nailgun-mcagents']
}
'7': {
$mco_packages = ['mcollective', 'nailgun-mcagents']
}
default: {
fail("Unsupported ${::osfamily} release: ${::operatingsystemmajrelease}")
}
}
} else {
fail("Unsupported operating system: ${::osfamily}")
}
ensure_packages($mco_packages)
class { '::mcollective':
connector => 'rabbitmq',
middleware_hosts => [$mco_hosts],
server_loglevel => 'debug',
psk => $mco_pskey,
manage_packages => false,
require => Package[$mco_packages],
}
create_resources(mcollective::server::setting, $mco_settings, { 'order' => 90 })
class { 'nailgun::mcollective': }
Class['::mcollective'] -> Class['nailgun::mcollective']

13
deployment/puppet/nailgun/manifests/astute.pp
View File

@ -3,7 +3,6 @@ class nailgun::astute(
$rabbitmq_host = 'localhost',
$rabbitmq_astute_user = 'naily',
$rabbitmq_astute_password = 'naily',
$version,
$bootstrap_flavor = 'centos',
$gem_source = "http://rubygems.org/",
){
@ -14,18 +13,6 @@ class nailgun::astute(
default => 'bootstrap',
}
# exec { 'install-astute-gem':
# command => "gem install astute --source $gem_source --version $version --no-ri --no-rdoc",
# require => Exec['configure-rubygems'],
# logoutput => true,
# }
# exec { 'configure-rubygems':
# command => 'gem sources -r http://rubygems.org/',
# require => Package['ruby'],
# logoutput => true,
# }
package { 'ruby21-rubygem-astute': }
file { '/usr/bin/astuted':

2
deployment/puppet/nailgun/manifests/rabbitmq.pp
View File

@ -45,7 +45,7 @@ class nailgun::rabbitmq (
}
file { "/etc/rabbitmq/enabled_plugins":
content => template("mcollective/enabled_plugins.erb"),
content => '[amqp_client,rabbitmq_stomp,rabbitmq_management].',
owner => root,
group => root,
mode => 0644,