Updates from new baremetal configuration.

Add orchestra configuration. Remove tarmac dependency from jenkins slaves. Add devstack repo to jenkins slave checkout. Use jenkins public key in cloud-init. Remove wheel group (not defined in base oneiric). Clean up sudoers. Git rid of wheel group dependency. Git rid of editor link (which may be dangling) and doesn't really have anything to do with sudo anyway. Write localrc for devstack with passwords for mysql and rabbitmq. Install devstack apt depends on install so they make it into the LVM snapshot. Add mysql password to a snippet file for the preseed. Add python-unittest2 to jenkins slaves. Add more passwords to localrc. Update syslog config on server. Fix subscribed exec for cobbler sync. Update syslog permissions. Don't log local messages to the orchestra dir. Add rsyslog sudo perms for jenkins. Make jenkins ignore known_hosts. Remove known_hosts file, add .ssh/config file that ignores known_hosts. Change-Id: Ic1842e5ea6778e8c52857f3441872459bfc05b2c
2011-10-11 09:04:04 -05:00 · 2011-10-11 09:04:04 -05:00 · 422c700c37
parent 319f56aa5e
commit 422c700c37
9 changed files with 337 additions and 0 deletions
--- a/modules/orchestra/files/99-orchestra.conf
+++ b/modules/orchestra/files/99-orchestra.conf
@ -0,0 +1,19 @@
+# Enable the udp server for installation logging
+$ModLoad imudp
+$UDPServerRun 514
+
+$ModLoad imtcp # load TCP listener
+$InputTCPMaxSessions 500
+$InputTCPServerRun 10514 # start up listener at port 10514
+$MaxMessageSize 32k
+
+# Message templating
+$template DYNsyslog,"/var/log/orchestra/rsyslog/%FROMHOST%/syslog"
+$FileCreateMode 0644
+
+if \
+        $fromhost-ip != '127.0.0.1' \
+then    ?DYNsyslog
+& ~
+$FileCreateMode 0640
+
--- a/modules/orchestra/files/dnsmasq.template
+++ b/modules/orchestra/files/dnsmasq.template
@ -0,0 +1,22 @@
+# Cobbler generated configuration file for dnsmasq
+# $date 
+#
+
+# resolve.conf .. ?
+#no-poll
+#enable-dbus
+read-ethers
+addn-hosts = /var/lib/cobbler/cobbler_hosts
+#domain=
+dhcp-ignore=tag:!known
+
+dhcp-range=10.14.247.42,10.14.247.45
+dhcp-option=3,10.14.247.33
+dhcp-lease-max=1000
+dhcp-authoritative
+dhcp-boot=pxelinux.0
+dhcp-boot=net:normalarch,pxelinux.0
+dhcp-boot=net:ia64,$elilo
+
+$insert_cobbler_system_definitions
+
--- a/modules/orchestra/files/openstack-test.preseed
+++ b/modules/orchestra/files/openstack-test.preseed
@ -0,0 +1,146 @@
+# Orchestra - Ubuntu Server Installation
+# * Minimal install 
+# * Cloud-init for bare-metal
+# * Grab meta-data and user-data from cobbler server in a late command
+
+# d-i debian-installer/add-kernel-opts string --verbose
+
+# Locale 
+d-i     debian-installer/locale string en_US.UTF-8
+
+# No splash
+d-i     debian-installer/splash boolean false
+
+# Keyboard layout
+d-i     console-setup/ask_detect        boolean false
+d-i     console-setup/layoutcode        string us
+d-i     console-setup/variantcode       string
+
+# Network configuration
+d-i     netcfg/get_nameservers  string
+d-i     netcfg/get_ipaddress    string
+d-i     netcfg/get_netmask      string 255.255.255.0
+d-i     netcfg/get_gateway      string
+d-i     netcfg/confirm_static   boolean true
+
+# Local clock (set to UTC and use ntp)
+d-i     clock-setup/utc boolean true
+d-i     clock-setup/ntp boolean true
+d-i     clock-setup/ntp-server  string ntp.ubuntu.com
+
+# Partitioning
+d-i     partman-auto/method string lvm
+d-i     partman-lvm/device_remove_lvm boolean true
+d-i     partman-md/device_remove_md boolean true
+d-i     partman-lvm/confirm boolean true
+d-i     partman-auto-lvm/guided_size string 20GB
+d-i     partman-auto-lvm/new_vg_name string main
+d-i     partman-partitioning/confirm_write_new_label boolean true
+d-i     partman/choose_partition select finish
+d-i     partman/confirm boolean true
+d-i     partman/confirm_nooverwrite boolean true
+d-i     partman-lvm/confirm_nooverwrite boolean true
+d-i     partman-md/confirm boolean true
+d-i     partman/default_filesystem string ext4
+
+d-i partman-auto/expert_recipe string                         \
+      boot-root ::                                            \
+              40 300 300 ext3                                 \
+                      $primary{ }                             \
+                      $bootable{ }                            \
+                      method{ format } format{ }              \
+                      use_filesystem{ } filesystem{ ext3 }    \
+                      mountpoint{ /boot }                     \
+              .                                               \
+              2000 10000 1000000000 ext4                      \
+                      $lvmok{ }                               \
+                      method{ format } format{ }              \
+                      use_filesystem{ } filesystem{ ext4 }    \
+                      mountpoint{ / }                         \
+              .                                               \
+              8000 8000 200% linux-swap                       \
+                      $lvmok{ }                               \
+                      method{ swap } format{ }                \
+              .
+
+
+# Use server kernel
+d-i     base-installer/kernel/image     string linux-server
+
+# User Setup
+d-i	passwd/root-login	boolean false
+d-i	passwd/make-user	boolean true
+d-i	passwd/user-fullname	string ubuntu
+d-i	passwd/username	string ubuntu
+d-i	passwd/user-password-crypted password $6$.1eHH0iY$ArGzKX2YeQ3G6U.mlOO3A.NaL22Ewgz8Fi4qqz.Ns7EMKjEJRIW2Pm/TikDptZpuu7I92frytmk5YeL.9fRY4.
+d-i	passwd/user-uid	string 
+d-i	user-setup/allow-password-weak	boolean false
+d-i	user-setup/encrypt-home	boolean false
+d-i	passwd/user-default-groups	string adm cdrom dialout lpadmin plugdev sambashare
+
+# APT
+$SNIPPET('orchestra_proxy')
+
+# By default the installer requires that repositories be authenticated
+# using a known gpg key. This setting can be used to disable that
+# authentication. Warning: Insecure, not recommended.
+d-i debian-installer/allow_unauthenticated string false
+
+# Lang
+d-i     pkgsel/language-packs   multiselect en
+d-i     pkgsel/update-policy    select none
+d-i     pkgsel/updatedb boolean true
+
+# Boot-loader
+d-i     grub-installer/skip     boolean false
+d-i     lilo-installer/skip     boolean false
+d-i     grub-installer/only_debian      boolean true
+d-i     grub-installer/with_other_os    boolean true
+d-i     finish-install/keep-consoles    boolean false
+d-i     finish-install/reboot_in_progress       note
+
+# Eject cdrom
+d-i     cdrom-detect/eject      boolean true
+
+# Do not halt/poweroff after install
+d-i     debian-installer/exit/halt      boolean false
+d-i     debian-installer/exit/poweroff  boolean false
+
+d-i     pkgsel/include string debconf byobu capistrano cloud-init openssh-server \
+	python-software-properties vim \
+	apache2 libapache2-mod-wsgi python-dateutil python-anyjson pep8 pylint \
+	python-pip screen unzip wget psmisc git-core lsof openssh-server \
+	vim-nox locate python-virtualenv python-unittest2 python-eventlet \
+	python-routes python-greenlet python-argparse python-sqlalchemy \
+	python-wsgiref python-pastedeploy python-xattr python-setuptools \
+	python-dev python-lxml python-pastescript python-pastedeploy \
+	python-paste sqlite3 python-pysqlite2 python-sqlalchemy python-webob \
+	python-greenlet python-routes libldap2-dev libsasl2-dev dnsmasq-base \
+	kpartx mysql-server python-mysqldb kvm gawk iptables ebtables sqlite3 \
+	sudo kvm libvirt-bin vlan curl rabbitmq-server socat python-mox \
+	python-paste python-migrate python-gflags python-greenlet \
+	python-libvirt python-libxml2 python-routes python-netaddr \
+	python-pastedeploy python-eventlet python-cheetah python-carrot \
+	python-tempita python-sqlalchemy python-suds python-lockfile \
+	python-m2crypto python-boto python-numpy mysql-common mysql-client-5.1 \
+	erlang-base erlang-ssl erlang-nox erlang-inets erlang-mnesia \
+	libhtml-template-perl gettext-base libavahi-client3 libxml2-utils \
+	libpciaccess0 libparted0debian1
+
+mysql-server-5.1 mysql-server/root_password password $SNIPPET('openstack_mysql_password')
+mysql-server-5.1 mysql-server/root_password_again password $SNIPPET('openstack_mysql_password')
+mysql-server-5.1 mysql-server/start_on_boot boolean true
+
+# Set cloud-init data source to manual seeding
+cloud-init      cloud-init/datasources  multiselect     NoCloud
+
+# Set rsyslog server
+$SNIPPET('orchestra_rsyslog_client_config')
+
+# JuJu post scripts. Executes late command and disables PXE
+d-i	preseed/late_command string true && \
+   	$SNIPPET('openstack_cloud_init') && \
+   	$SNIPPET('openstack_module_blacklist') && \
+   	$SNIPPET('orchestra_rsyslog_obtain_keys') && \
+   	$SNIPPET('orchestra_disable_pxe') && \
+   	true
--- a/modules/orchestra/files/openstack_cloud_init
+++ b/modules/orchestra/files/openstack_cloud_init
@ -0,0 +1,39 @@
+#set http_server=$getVar('$http_server', 'true')
+<%
+import orchestra.utils.cloudinit
+import base64
+
+cfg = """#cloud-config
+apt_update: false
+apt_upgrade: false
+disable_root: false
+output: {all: '| tee -a /var/log/cloud-init-output.log'}
+runcmd:
+ - echo "cloud init waiting"
+ - sleep 60
+ - sudo apt-get -y install kexec-tools
+ - sudo sed -i /etc/default/kexec -e s/LOAD_KEXEC=false/LOAD_KEXEC=true/
+ - sudo mkdir /var/spool/rsyslog
+ - sudo chown syslog.syslog /var/spool/rsyslog
+ - echo "\$ModLoad imuxsock" > /tmp/rsyslog.conf
+ - echo "\$WorkDirectory /var/spool/rsyslog" >> /tmp/rsyslog.conf
+ - echo "\$MaxMessageSize 32k" >> /tmp/rsyslog.conf
+ - echo "\$ActionQueueType LinkedList" >> /tmp/rsyslog.conf
+ - echo "\$ActionQueueFileName srvrfwd" >> /tmp/rsyslog.conf
+ - echo "\$ActionResumeRetryCount -1" >> /tmp/rsyslog.conf
+ - echo "\$ActionQueueSaveOnShutdown on" >> /tmp/rsyslog.conf
+ - echo "*.* @@%s:10514" >> /tmp/rsyslog.conf
+ - sudo mv /tmp/rsyslog.conf /etc/rsyslog.d/10-remote.conf
+ - sudo chown root.root /etc/rsyslog.d/10-remote.conf
+ - sudo lvrename /dev/main/root orig_root
+ - sudo lvcreate -L20G -s -n root /dev/main/orig_root
+ - reboot
+ssh_authorized_keys: 
+ - ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtioTW2wh3mBRuj+R0Jyb/mLt5sjJ8dEvYyA8zfur1dnqEt5uQNLacW4fHBDFWJoLHfhdfbvray5wWMAcIuGEiAA2WEH23YzgIbyArCSI+z7gB3SET8zgff25ukXlN+1mBSrKWxIza+tB3NU62WbtO6hmelwvSkZ3d7SDfHxrc4zEpmHDuMhxALl8e1idqYzNA+1EhZpbcaf720mX+KD3oszmY2lqD1OkKMquRSD0USXPGlH3HK11MTeCArKRHMgTdIlVeqvYH0v0Wd1w/8mbXgHxfGzMYS1Ej0fzzJ0PC5z5rOqsMqY1X2aC1KlHIFLAeSf4Cx0JNlSpYSrlZ/RoiQ== hudson@hudson
+""" % http_server
+
+user_data = orchestra.utils.cloudinit.get_user_data_late_command(base64.b64encode(cfg))
+
+%> \
+$orchestra.utils.cloudinit.get_meta_data_late_command($getVar('$uid', 'true'), $getVar('$hostname', 'true')) \ && \
+$user_data \
--- a/modules/orchestra/files/openstack_module_blacklist
+++ b/modules/orchestra/files/openstack_module_blacklist
@ -0,0 +1,7 @@
+<%
+import orchestra.utils.cloudinit
+script = 'echo "blacklist xgifb" > /etc/modprobe.d/blacklist-xgifb.conf'
+
+blacklist = orchestra.utils.cloudinit._KSMETA_LATE_COMMAND_TEMPLATE % (orchestra.utils.cloudinit.base64_gzip(script), "blacklist")
+%> \
+$blacklist \
--- a/modules/orchestra/files/openstack_network_sleep
+++ b/modules/orchestra/files/openstack_network_sleep
@ -0,0 +1,7 @@
+<%
+import orchestra.utils.cloudinit
+script = 'echo "  pre-up sleep 60" >> /etc/network/interfaces'
+
+networksleep = orchestra.utils.cloudinit._KSMETA_LATE_COMMAND_TEMPLATE % (orchestra.utils.cloudinit.base64_gzip(script), "network-sleep")
+%> \
+$networksleep \
--- a/modules/orchestra/files/orchestra-jenkins-sudoers
+++ b/modules/orchestra/files/orchestra-jenkins-sudoers
@ -0,0 +1 @@
+jenkins ALL = NOPASSWD: /usr/bin/cobbler, /sbin/restart rsyslog, /bin/rm -f /var/log/orchestra/rsyslog/*
--- a/modules/orchestra/manifests/init.pp
+++ b/modules/orchestra/manifests/init.pp
@ -0,0 +1,95 @@
+class orchestra {
+    $mysql_pass = generate('/usr/bin/openssl', 'rand', '-hex', '12')
+    package { ipmitool: ensure => present }
+    package { ubuntu-orchestra-server: ensure => present }
+    exec { cobbler-sync:
+      command => "/usr/bin/cobbler sync",
+      logoutput => true,
+      refreshonly => true,
+      subscribe => [
+        File["/etc/cobbler/dnsmasq.template"],
+        File["/var/lib/cobbler/snippets/openstack_module_blacklist"],
+        File["/var/lib/cobbler/snippets/openstack_cloud_init"],
+        File["/var/lib/cobbler/snippets/openstack_network_sleep"],
+        File["/var/lib/cobbler/snippets/openstack_mysql_password"],
+        File["/var/lib/cobbler/kickstarts/openstack-test.preseed"],
+	],
+    }
+    exec { rsyslog-restart:
+      command => "/sbin/restart rsyslog",
+      logoutput => true,
+      refreshonly => true,
+      subscribe => [
+        File["/etc/rsyslog.d/99-orchestra.conf"],
+	],
+    }
+    file { '/var/lib/cobbler/snippets/openstack_mysql_password':
+      owner => 'root',
+      group => 'root',
+      mode => 444,
+      ensure => 'present',
+      content	  => template('orchestra/openstack_mysql_password.erb'),
+      replace	  => 'false',
+    }
+    file { "/etc/cobbler/dnsmasq.template":
+      owner => 'root',
+      group => 'root',
+      mode => 444,
+      ensure => 'present',
+      source =>  "puppet:///modules/orchestra/dnsmasq.template",
+      replace => 'true',
+      require => Package["ubuntu-orchestra-server"],
+    }
+    file { "/var/lib/cobbler/snippets/openstack_module_blacklist":
+      owner => 'root',
+      group => 'root',
+      mode => 444,
+      ensure => 'present',
+      source =>  "puppet:///modules/orchestra/openstack_module_blacklist",
+      replace => 'true',
+      require => Package["ubuntu-orchestra-server"],
+    }
+    file { "/var/lib/cobbler/snippets/openstack_cloud_init":
+      owner => 'root',
+      group => 'root',
+      mode => 444,
+      ensure => 'present',
+      source =>  "puppet:///modules/orchestra/openstack_cloud_init",
+      replace => 'true',
+      require => Package["ubuntu-orchestra-server"],
+    }
+    file { "/var/lib/cobbler/snippets/openstack_network_sleep":
+      owner => 'root',
+      group => 'root',
+      mode => 444,
+      ensure => 'present',
+      source =>  "puppet:///modules/orchestra/openstack_network_sleep",
+      replace => 'true',
+      require => Package["ubuntu-orchestra-server"],
+    }
+    file { "/var/lib/cobbler/kickstarts/openstack-test.preseed":
+      owner => 'root',
+      group => 'root',
+      mode => 444,
+      ensure => 'present',
+      source =>  "puppet:///modules/orchestra/openstack-test.preseed",
+      replace => 'true',
+      require => Package["ubuntu-orchestra-server"],
+    }
+    file { "/etc/sudoers.d/orchestra-jenkins":
+      owner => 'root',
+      group => 'root',
+      mode => 440,
+      ensure => 'present',
+      source =>  "puppet:///modules/orchestra/orchestra-jenkins-sudoers",
+      replace => 'true',
+    }
+    file { "/etc/rsyslog.d/99-orchestra.conf":
+      owner => 'root',
+      group => 'root',
+      mode => 440,
+      ensure => 'present',
+      source =>  "puppet:///modules/orchestra/99-orchestra.conf",
+      replace => 'true',
+    }
+}
--- a/modules/orchestra/templates/openstack_mysql_password.erb
+++ b/modules/orchestra/templates/openstack_mysql_password.erb
@ -0,0 +1 @@
+<%= mysql_pass -%>
				`@ -0,0 +1 @@`
				`jenkins ALL = NOPASSWD: /usr/bin/cobbler, /sbin/restart rsyslog, /bin/rm -f /var/log/orchestra/rsyslog/*`