puppet-openstack-integration/functions

#!/bin/bash
#
# functions - puppet-openstack-integration specific functions
#

# Install external Puppet modules with r10k
# Uses the following variables:
#
# - ``SCRIPT_DIR`` must be set to script path
# - ``GEM_BIN_DIR`` must be set to Gem bin directory
install_external() {
  PUPPETFILE=${SCRIPT_DIR}/Puppetfile1 r10k -v DEBUG puppetfile install
}

# Install Puppet OpenStack modules with zuul-cloner
# Uses the following variables:
#
# - ``PUPPETFILE_DIR`` must be set to Puppet modules directory
# - ``SCRIPT_DIR`` must be set to script path
# - ``ZUUL_BRANCH`` must be set to Zuul branch. Fallback to 'master'.
install_openstack() {
  cat > clonemap.yaml <<EOF
clonemap:
  - name: '(.*?)/puppet-(.*)'
    dest: '$PUPPETFILE_DIR/\2'
EOF

  # Periodic jobs run without ref on master
  ZUUL_BRANCH=${ZUUL_BRANCH:-master}

  local project_names=$(awk '{ if ($1 == ":git") print $3 }' \
    ${SCRIPT_DIR}/Puppetfile0 | tr -d "'," | cut -d '/' -f 4- | xargs
  )
  project_names="${project_names} openstack/puppet-openstack-integration"
  /usr/zuul-env/bin/zuul-cloner -m clonemap.yaml \
    --cache-dir /opt/git \
    --zuul-branch $ZUUL_BRANCH \
    git://git.openstack.org $project_names

  # Because openstack-integration can't be a class name.
  # https://projects.puppetlabs.com/issues/5268
  mv $PUPPETFILE_DIR/openstack-integration $PUPPETFILE_DIR/openstack_integration
}

# Install all Puppet modules with r10k
# Uses the following variables:
#
# - ``SCRIPT_DIR`` must be set to script path
install_all() {
  # When installing from local source, we want to install the current source
  # we're working from.
  PUPPETFILE=${SCRIPT_DIR}/Puppetfile r10k -v DEBUG puppetfile install
  cp -a ${SCRIPT_DIR} ${PUPPETFILE_DIR}/openstack_integration
}

# Install Puppet OpenStack modules and dependencies by using
# zuul-cloner or r10k.
# Uses the following variables:
#
# - ``PUPPETFILE_DIR`` must be set to Puppet modules directory
# - ``SCRIPT_DIR`` must be set to script path
# - ``ZUUL_BRANCH`` must be set to Zuul branch
install_modules() {
  # If zuul-cloner is there, have it install modules using zuul refs
  if [ -e /usr/zuul-env/bin/zuul-cloner ] ; then
    csplit ${SCRIPT_DIR}/Puppetfile /'External modules'/ \
      --prefix ${SCRIPT_DIR}/Puppetfile \
      --suffix '%d'
    install_external
    install_openstack
  else
    install_all
  fi
}

# Write out basic hiera configuration
#
# Uses the following variables:
# - ``SCRIPT_DIR`` must be set to the dir that contains a /hiera folder to use
# - ``HIERA_CONFIG`` must be set to the hiera config file location
#
configure_hiera() {
  cat <<EOF >$HIERA_CONFIG
---
:backends:
  - yaml
:yaml:
  :datadir: "${SCRIPT_DIR}/hiera"
:hierarchy:
  - "%{::operatingsystem}"
  - "%{::osfamily}"
  - common
EOF
}

is_fedora() {
    if [ -f /etc/os-release ]; then
        source /etc/os-release
        test "$ID" = "fedora" -o "$ID" = "centos"
    else
        return 1
    fi
}

uses_debs() {
    # check if apt-get is installed, valid for debian based
    type "apt-get" 2>/dev/null
}

print_header() {
    if [ -n "$(set | grep xtrace)" ]; then
      set +x
      local enable_xtrace='yes'
    fi
    local msg=$1
    printf '%.0s-' {1..80}; echo
    printf '| %-76s |\n' "${msg}"
    printf '%.0s-' {1..80}; echo
    if [ -n "${enable_xtrace}" ]; then
      set -x
    fi
}

install_puppet() {
    if uses_debs; then
        print_header 'Setup (Debian based)'
        # Puppetlabs packaging:
        # - xenial: puppet4 only
        if dpkg -l $PUPPET_RELEASE_FILE >/dev/null 2>&1; then
            $SUDO apt-get purge -y $PUPPET_RELEASE_FILE
        fi
        echo "deb ${NODEPOOL_PUPPETLABS_MIRROR} xenial PC1" | $SUDO tee /etc/apt/sources.list.d/puppetlabs.list
        $SUDO apt-key add files/GPG-KEY-puppetlabs
        # TODO(emilien): figure what installed /etc/default/puppet on the xenial nodepool image
        # We have no problem on Trusty but on Xenial we need to remove /etc/default/puppet before
        # trying to deploy puppet-agent from puppetlabs.com.
        $SUDO rm -rf /etc/default/puppet
        $SUDO apt-get update
        $SUDO apt-get install -y ${PUPPET_PKG}
    elif is_fedora; then
        print_header 'Setup (RedHat based)'
        if rpm --quiet -q $PUPPET_RELEASE_FILE; then
            $SUDO rpm -e $PUPPET_RELEASE_FILE
        fi
        # EPEL does not work fine with RDO, we need to make sure EPEL is really disabled
        if rpm --quiet -q epel-release; then
            $SUDO rpm -e epel-release
        fi

        if [ "${MANAGE_REPOS}" == "true" ] ; then
            $SUDO rpm --import files/GPG-KEY-puppetlabs
            $SUDO rpm --import files/GPG-KEY-puppet
            $SUDO bash -c "cat << EOF > /etc/yum.repos.d/puppetlabs.repo
[puppetlabs-products]
name=Puppet Labs Products El 7 - x86_64
baseurl=${NODEPOOL_PUPPETLABS_MIRROR}/el/7/PC1/x86_64/
gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-puppetlabs
       file:///etc/pki/rpm-gpg/GPG-KEY-puppet
enabled=1
gpgcheck=1
EOF"
        fi
        $SUDO yum install -y ${PUPPET_PKG}
    fi
}

function run_puppet() {
    local manifest=$1
    $SUDO $PUPPET_FULL_PATH apply $PUPPET_ARGS fixtures/${manifest}.pp
    local res=$?
    return $res
}

function catch_selinux_alerts() {
    if is_fedora; then
        $SUDO sealert -a /var/log/audit/audit.log
        if $SUDO grep -iq 'type=AVC' /var/log/audit/audit.log; then
            echo "AVC detected in /var/log/audit/audit.log"
            # TODO: figure why latest rabbitmq deployed with SSL tries to write in SSL pem file.
            # https://bugzilla.redhat.com/show_bug.cgi?id=1341738
            if $SUDO grep -iqE 'denied.*system_r:rabbitmq_t' /var/log/audit/audit.log; then
                echo "non-critical RabbitMQ AVC, ignoring it now."
            else
                echo "Please file a bug on https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20OpenStack&component=openstack-selinux showing sealert output."
                exit 1
            fi
        else
            echo 'No AVC detected in /var/log/audit/audit.log'
        fi
    fi
}

function timestamp_puppet_log() {
    $SUDO mv ${WORKSPACE}/puppet.log ${WORKSPACE}/puppet-$(date +%Y%m%d_%H%M%S).log
}

function catch_puppet_failures() {
    grep -wiE '(Error|\(err\))' ${WORKSPACE}/puppet.log
}
Create functions for common bits * Move out some code from install_modules.sh to have a functions script. * Update install_modules.sh script to use functions. Change-Id: Ie87b8eac71d5edb555e9a1637bea84bc9e268497 2015-10-05 16:39:26 -04:00			`#!/bin/bash`
			`#`
			`# functions - puppet-openstack-integration specific functions`
			`#`

			`# Install external Puppet modules with r10k`
			`# Uses the following variables:`
			`#`
			# - ``SCRIPT_DIR`` must be set to script path
			# - ``GEM_BIN_DIR`` must be set to Gem bin directory
			`install_external() {`
Revert "Remove r10k env vars with proper args" It broke all unit tests jobs: http://logs.openstack.org/98/535698/16/gate/puppet-openstack-unit-4.8-centos-7/bd7dedf/job-output.txt.gz#_2018-02-05_23_19_05_369251 This reverts commit 9f14f75ec650a4563c95cbbe4ccf1aa65f2ba0c7. Change-Id: Ibcb2bb60a668d232371e4d87febad6d67b3302d8 2018-02-06 03:34:34 +00:00			`PUPPETFILE=${SCRIPT_DIR}/Puppetfile1 r10k -v DEBUG puppetfile install`
Create functions for common bits * Move out some code from install_modules.sh to have a functions script. * Update install_modules.sh script to use functions. Change-Id: Ie87b8eac71d5edb555e9a1637bea84bc9e268497 2015-10-05 16:39:26 -04:00			`}`

			`# Install Puppet OpenStack modules with zuul-cloner`
			`# Uses the following variables:`
			`#`
Revert "Remove r10k env vars with proper args" It broke all unit tests jobs: http://logs.openstack.org/98/535698/16/gate/puppet-openstack-unit-4.8-centos-7/bd7dedf/job-output.txt.gz#_2018-02-05_23_19_05_369251 This reverts commit 9f14f75ec650a4563c95cbbe4ccf1aa65f2ba0c7. Change-Id: Ibcb2bb60a668d232371e4d87febad6d67b3302d8 2018-02-06 03:34:34 +00:00			# - ``PUPPETFILE_DIR`` must be set to Puppet modules directory
Create functions for common bits * Move out some code from install_modules.sh to have a functions script. * Update install_modules.sh script to use functions. Change-Id: Ie87b8eac71d5edb555e9a1637bea84bc9e268497 2015-10-05 16:39:26 -04:00			# - ``SCRIPT_DIR`` must be set to script path
functions: add defaults for ZUUL_BRANCH & ZUUL_REF When running periodic jobs, ZUUL_BRANCH & ZUUL_REF are empty because we don't have any reference or branch set for the jobs. To not make zuul failing when cloning Puppet modules, let's set defaults values: ZUUL_BRANCH default to master (we are running tests against master now) If we need to test stable branches, we'll revisit later but it would be a bigger change (job names, etc). ZUUL_REF default to None. Change-Id: I34b298230bc174a3fdd431095043543c4c223296 2016-04-20 09:38:56 -04:00			# - ``ZUUL_BRANCH`` must be set to Zuul branch. Fallback to 'master'.
Create functions for common bits * Move out some code from install_modules.sh to have a functions script. * Update install_modules.sh script to use functions. Change-Id: Ie87b8eac71d5edb555e9a1637bea84bc9e268497 2015-10-05 16:39:26 -04:00			`install_openstack() {`
			`cat > clonemap.yaml <<EOF`
			`clonemap:`
			`- name: '(.?)/puppet-(.)'`
Revert "Remove r10k env vars with proper args" It broke all unit tests jobs: http://logs.openstack.org/98/535698/16/gate/puppet-openstack-unit-4.8-centos-7/bd7dedf/job-output.txt.gz#_2018-02-05_23_19_05_369251 This reverts commit 9f14f75ec650a4563c95cbbe4ccf1aa65f2ba0c7. Change-Id: Ibcb2bb60a668d232371e4d87febad6d67b3302d8 2018-02-06 03:34:34 +00:00			`dest: '$PUPPETFILE_DIR/\2'`
Create functions for common bits * Move out some code from install_modules.sh to have a functions script. * Update install_modules.sh script to use functions. Change-Id: Ie87b8eac71d5edb555e9a1637bea84bc9e268497 2015-10-05 16:39:26 -04:00			`EOF`

functions: add defaults for ZUUL_BRANCH & ZUUL_REF When running periodic jobs, ZUUL_BRANCH & ZUUL_REF are empty because we don't have any reference or branch set for the jobs. To not make zuul failing when cloning Puppet modules, let's set defaults values: ZUUL_BRANCH default to master (we are running tests against master now) If we need to test stable branches, we'll revisit later but it would be a bigger change (job names, etc). ZUUL_REF default to None. Change-Id: I34b298230bc174a3fdd431095043543c4c223296 2016-04-20 09:38:56 -04:00			`# Periodic jobs run without ref on master`
			`ZUUL_BRANCH=${ZUUL_BRANCH:-master}`

Create functions for common bits * Move out some code from install_modules.sh to have a functions script. * Update install_modules.sh script to use functions. Change-Id: Ie87b8eac71d5edb555e9a1637bea84bc9e268497 2015-10-05 16:39:26 -04:00			`local project_names=$(awk '{ if ($1 == ":git") print $3 }' \`
			`${SCRIPT_DIR}/Puppetfile0 \| tr -d "'," \| cut -d '/' -f 4- \| xargs`
			`)`
Allow p-o-i to install itself from current source when used without Zuul puppet-openstack-integration currently takes care of installing itself. This is done through the Puppetfile which references the p-o-i repository. This works with zuul-cloner because Zuul with ensure the current reference is cloned. However, when running outside of the gate, this means that p-o-i will completely disregard any local code and instead install from the git source specified in the Puppetfile. Change-Id: I665347dbede2c53bd5537d4a29d07bfe679c50e5 2016-09-16 11:48:00 -04:00			`project_names="${project_names} openstack/puppet-openstack-integration"`
Create functions for common bits * Move out some code from install_modules.sh to have a functions script. * Update install_modules.sh script to use functions. Change-Id: Ie87b8eac71d5edb555e9a1637bea84bc9e268497 2015-10-05 16:39:26 -04:00			`/usr/zuul-env/bin/zuul-cloner -m clonemap.yaml \`
			`--cache-dir /opt/git \`
			`--zuul-branch $ZUUL_BRANCH \`
			`git://git.openstack.org $project_names`
Create manifests directory for common bits Change-Id: Ibf7d3aa962e2e0727f0593f70186521602c48ca6 2015-11-06 14:43:25 -05:00
			`# Because openstack-integration can't be a class name.`
			`# https://projects.puppetlabs.com/issues/5268`
Revert "Remove r10k env vars with proper args" It broke all unit tests jobs: http://logs.openstack.org/98/535698/16/gate/puppet-openstack-unit-4.8-centos-7/bd7dedf/job-output.txt.gz#_2018-02-05_23_19_05_369251 This reverts commit 9f14f75ec650a4563c95cbbe4ccf1aa65f2ba0c7. Change-Id: Ibcb2bb60a668d232371e4d87febad6d67b3302d8 2018-02-06 03:34:34 +00:00			`mv $PUPPETFILE_DIR/openstack-integration $PUPPETFILE_DIR/openstack_integration`
Create functions for common bits * Move out some code from install_modules.sh to have a functions script. * Update install_modules.sh script to use functions. Change-Id: Ie87b8eac71d5edb555e9a1637bea84bc9e268497 2015-10-05 16:39:26 -04:00			`}`

			`# Install all Puppet modules with r10k`
			`# Uses the following variables:`
			`#`
			# - ``SCRIPT_DIR`` must be set to script path
			`install_all() {`
Allow p-o-i to install itself from current source when used without Zuul puppet-openstack-integration currently takes care of installing itself. This is done through the Puppetfile which references the p-o-i repository. This works with zuul-cloner because Zuul with ensure the current reference is cloned. However, when running outside of the gate, this means that p-o-i will completely disregard any local code and instead install from the git source specified in the Puppetfile. Change-Id: I665347dbede2c53bd5537d4a29d07bfe679c50e5 2016-09-16 11:48:00 -04:00			`# When installing from local source, we want to install the current source`
			`# we're working from.`
Revert "Remove r10k env vars with proper args" It broke all unit tests jobs: http://logs.openstack.org/98/535698/16/gate/puppet-openstack-unit-4.8-centos-7/bd7dedf/job-output.txt.gz#_2018-02-05_23_19_05_369251 This reverts commit 9f14f75ec650a4563c95cbbe4ccf1aa65f2ba0c7. Change-Id: Ibcb2bb60a668d232371e4d87febad6d67b3302d8 2018-02-06 03:34:34 +00:00			`PUPPETFILE=${SCRIPT_DIR}/Puppetfile r10k -v DEBUG puppetfile install`
			`cp -a ${SCRIPT_DIR} ${PUPPETFILE_DIR}/openstack_integration`
Create functions for common bits * Move out some code from install_modules.sh to have a functions script. * Update install_modules.sh script to use functions. Change-Id: Ie87b8eac71d5edb555e9a1637bea84bc9e268497 2015-10-05 16:39:26 -04:00			`}`

			`# Install Puppet OpenStack modules and dependencies by using`
			`# zuul-cloner or r10k.`
			`# Uses the following variables:`
			`#`
Revert "Remove r10k env vars with proper args" It broke all unit tests jobs: http://logs.openstack.org/98/535698/16/gate/puppet-openstack-unit-4.8-centos-7/bd7dedf/job-output.txt.gz#_2018-02-05_23_19_05_369251 This reverts commit 9f14f75ec650a4563c95cbbe4ccf1aa65f2ba0c7. Change-Id: Ibcb2bb60a668d232371e4d87febad6d67b3302d8 2018-02-06 03:34:34 +00:00			# - ``PUPPETFILE_DIR`` must be set to Puppet modules directory
Create functions for common bits * Move out some code from install_modules.sh to have a functions script. * Update install_modules.sh script to use functions. Change-Id: Ie87b8eac71d5edb555e9a1637bea84bc9e268497 2015-10-05 16:39:26 -04:00			# - ``SCRIPT_DIR`` must be set to script path
			# - ``ZUUL_BRANCH`` must be set to Zuul branch
			`install_modules() {`
			`# If zuul-cloner is there, have it install modules using zuul refs`
			`if [ -e /usr/zuul-env/bin/zuul-cloner ] ; then`
			`csplit ${SCRIPT_DIR}/Puppetfile /'External modules'/ \`
			`--prefix ${SCRIPT_DIR}/Puppetfile \`
			`--suffix '%d'`
			`install_external`
			`install_openstack`
			`else`
			`install_all`
			`fi`
			`}`
Implement all-in-one.sh script This script will help newcomers to run this script and deploy a simple scenario of an OpenStack Cloud with Puppet OpenStack modules. Change-Id: I559e5e0a0d21a02d04b3d999b77dee23bb38c341 2015-11-05 12:02:15 -05:00
Add hiera support This change adds hiera support into the scenarios so we can override items via the common.yaml heira file if need be. This change adds support for two environment variables with run_tests.sh. HIERA_CONFIG - full path to the hiera yaml configuration file MANAGE_HIERA - used to enable/disable writing out a hiera.yaml config file Change-Id: Iad0050e09e0cc610e0eadc00e328151e88eee10e 2016-07-13 13:50:17 -06:00			`# Write out basic hiera configuration`
			`#`
			`# Uses the following variables:`
			# - ``SCRIPT_DIR`` must be set to the dir that contains a /hiera folder to use
			# - ``HIERA_CONFIG`` must be set to the hiera config file location
			`#`
			`configure_hiera() {`
			`cat <<EOF >$HIERA_CONFIG`
			`---`
			`:backends:`
			`- yaml`
			`:yaml:`
			`:datadir: "${SCRIPT_DIR}/hiera"`
			`:hierarchy:`
			`- "%{::operatingsystem}"`
			`- "%{::osfamily}"`
			`- common`
			`EOF`
			`}`

Implement all-in-one.sh script This script will help newcomers to run this script and deploy a simple scenario of an OpenStack Cloud with Puppet OpenStack modules. Change-Id: I559e5e0a0d21a02d04b3d999b77dee23bb38c341 2015-11-05 12:02:15 -05:00			`is_fedora() {`
			`if [ -f /etc/os-release ]; then`
			`source /etc/os-release`
			`test "$ID" = "fedora" -o "$ID" = "centos"`
			`else`
			`return 1`
			`fi`
			`}`

			`uses_debs() {`
			`# check if apt-get is installed, valid for debian based`
			`type "apt-get" 2>/dev/null`
			`}`

Add a function for generating action headers In order to help be able to determine what part of the script a failure occurs in, this change adds a print header function and updates the shell scripts to print some header information for various actions. Change-Id: I8e622c4d1c9c03aa3dbcb27712a346ce3284003f 2016-04-14 14:04:57 -06:00			`print_header() {`
			`if [ -n "$(set \| grep xtrace)" ]; then`
			`set +x`
			`local enable_xtrace='yes'`
			`fi`
			`local msg=$1`
			`printf '%.0s-' {1..80}; echo`
			`printf '\| %-76s \|\n' "${msg}"`
			`printf '%.0s-' {1..80}; echo`
			`if [ -n "${enable_xtrace}" ]; then`
			`set -x`
			`fi`
			`}`
refacto: create install_puppet function Change-Id: Iefed86a09eaf4e571d38c801f79e9fc989bc57d6 2016-06-08 11:31:00 -04:00
			`install_puppet() {`
			`if uses_debs; then`
			`print_header 'Setup (Debian based)'`
			`# Puppetlabs packaging:`
			`# - xenial: puppet4 only`
Drop puppet3 support Puppet 3 was EOL as of December 31, 2016. Since we don't use it in the gate for Pike, let's drop the configuration bits in p-o-i for it. This change leaves the PUPPET_MAJ_VERSION support on the off chance we need it in the future but basically 4 is currently the only supported version. Change-Id: I0f04a3cb194ec2225010fb4e062703195b79baf1 2017-05-26 13:42:25 -06:00			`if dpkg -l $PUPPET_RELEASE_FILE >/dev/null 2>&1; then`
			`$SUDO apt-get purge -y $PUPPET_RELEASE_FILE`
refacto: create install_puppet function Change-Id: Iefed86a09eaf4e571d38c801f79e9fc989bc57d6 2016-06-08 11:31:00 -04:00			`fi`
Use mirrors to deploy Puppet from Puppetlabs Change-Id: Ia832c1f8dd27bd1ec919f9156df38a67b4d51cc1 2018-01-24 23:01:06 -08:00			`echo "deb ${NODEPOOL_PUPPETLABS_MIRROR} xenial PC1" \| $SUDO tee /etc/apt/sources.list.d/puppetlabs.list`
			`$SUDO apt-key add files/GPG-KEY-puppetlabs`
Drop puppet3 support Puppet 3 was EOL as of December 31, 2016. Since we don't use it in the gate for Pike, let's drop the configuration bits in p-o-i for it. This change leaves the PUPPET_MAJ_VERSION support on the off chance we need it in the future but basically 4 is currently the only supported version. Change-Id: I0f04a3cb194ec2225010fb4e062703195b79baf1 2017-05-26 13:42:25 -06:00			`# TODO(emilien): figure what installed /etc/default/puppet on the xenial nodepool image`
			`# We have no problem on Trusty but on Xenial we need to remove /etc/default/puppet before`
			`# trying to deploy puppet-agent from puppetlabs.com.`
			`$SUDO rm -rf /etc/default/puppet`
refacto: create install_puppet function Change-Id: Iefed86a09eaf4e571d38c801f79e9fc989bc57d6 2016-06-08 11:31:00 -04:00			`$SUDO apt-get update`
			`$SUDO apt-get install -y ${PUPPET_PKG}`
			`elif is_fedora; then`
			`print_header 'Setup (RedHat based)'`
			`if rpm --quiet -q $PUPPET_RELEASE_FILE; then`
			`$SUDO rpm -e $PUPPET_RELEASE_FILE`
			`fi`
			`# EPEL does not work fine with RDO, we need to make sure EPEL is really disabled`
			`if rpm --quiet -q epel-release; then`
			`$SUDO rpm -e epel-release`
			`fi`

Don't install puppetlabs repo when MANAGE_REPOS=false Currently, p-o-i allways tries to install puppet package from puppetlabs repo. In some cases, as RDO-CI we use p-o-i to test puppet modules from RDO distro and it's recommended to test it using puppet version provided in RDO repos which uses different paths. This patch provides a way to override this behavior by using env variables as: MANAGE_REPOS=false PUPPET_PKG=puppet PUPPETFILE_DIR=/etc/puppet/modules Change-Id: I680504ab65d780deba53387e9b6604d3102de47b 2017-05-30 11:48:50 +02:00			`if [ "${MANAGE_REPOS}" == "true" ] ; then`
Use mirrors to deploy Puppet from Puppetlabs Change-Id: Ia832c1f8dd27bd1ec919f9156df38a67b4d51cc1 2018-01-24 23:01:06 -08:00			`$SUDO rpm --import files/GPG-KEY-puppetlabs`
			`$SUDO rpm --import files/GPG-KEY-puppet`
			`$SUDO bash -c "cat << EOF > /etc/yum.repos.d/puppetlabs.repo`
			`[puppetlabs-products]`
			`name=Puppet Labs Products El 7 - x86_64`
			`baseurl=${NODEPOOL_PUPPETLABS_MIRROR}/el/7/PC1/x86_64/`
			`gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-puppetlabs`
			`file:///etc/pki/rpm-gpg/GPG-KEY-puppet`
			`enabled=1`
			`gpgcheck=1`
			`EOF"`
Don't install puppetlabs repo when MANAGE_REPOS=false Currently, p-o-i allways tries to install puppet package from puppetlabs repo. In some cases, as RDO-CI we use p-o-i to test puppet modules from RDO distro and it's recommended to test it using puppet version provided in RDO repos which uses different paths. This patch provides a way to override this behavior by using env variables as: MANAGE_REPOS=false PUPPET_PKG=puppet PUPPETFILE_DIR=/etc/puppet/modules Change-Id: I680504ab65d780deba53387e9b6604d3102de47b 2017-05-30 11:48:50 +02:00			`fi`
refacto: create install_puppet function Change-Id: Iefed86a09eaf4e571d38c801f79e9fc989bc57d6 2016-06-08 11:31:00 -04:00			`$SUDO yum install -y ${PUPPET_PKG}`
			`fi`
			`}`
refacto: move run_puppet & catch_selinux_alerts into functions Change-Id: I78324c8787b129e91f1ac32694085bde5b6043fe 2016-06-08 11:44:10 -04:00
			`function run_puppet() {`
			`local manifest=$1`
			`$SUDO $PUPPET_FULL_PATH apply $PUPPET_ARGS fixtures/${manifest}.pp`
			`local res=$?`
			`return $res`
			`}`

			`function catch_selinux_alerts() {`
			`if is_fedora; then`
			`$SUDO sealert -a /var/log/audit/audit.log`
			`if $SUDO grep -iq 'type=AVC' /var/log/audit/audit.log; then`
			`echo "AVC detected in /var/log/audit/audit.log"`
			`# TODO: figure why latest rabbitmq deployed with SSL tries to write in SSL pem file.`
			`# https://bugzilla.redhat.com/show_bug.cgi?id=1341738`
			`if $SUDO grep -iqE 'denied.*system_r:rabbitmq_t' /var/log/audit/audit.log; then`
			`echo "non-critical RabbitMQ AVC, ignoring it now."`
			`else`
			`echo "Please file a bug on https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20OpenStack&component=openstack-selinux showing sealert output."`
			`exit 1`
			`fi`
			`else`
			`echo 'No AVC detected in /var/log/audit/audit.log'`
			`fi`
			`fi`
			`}`
Split out puppet logs To improve troubleshooting and readability, let's not have the puppet logs print to the console. This change updates the puppet apply to output the logs to puppet.log which will still be captured and provided in the CI results. When the puppet apply fails, we will grep for warnings and errors from the puppet log and only print those out which should simplify troubleshooting failures. Change-Id: I1084223f805f1960aebb9c5868fdef84ff3667e4 2016-10-31 15:15:34 -06:00
			`function timestamp_puppet_log() {`
Fix puppet log move for non-root If you run something like all-in-one.sh as a non-root user, it will fail when it goes to move the puppet log file. We need to run it as sudo if the user is not root. Change-Id: I8b9d7e587f31a82fb4b59de770882139fd168667 2016-12-02 10:45:17 -07:00			`$SUDO mv ${WORKSPACE}/puppet.log ${WORKSPACE}/puppet-$(date +%Y%m%d_%H%M%S).log`
Split out puppet logs To improve troubleshooting and readability, let's not have the puppet logs print to the console. This change updates the puppet apply to output the logs to puppet.log which will still be captured and provided in the CI results. When the puppet apply fails, we will grep for warnings and errors from the puppet log and only print those out which should simplify troubleshooting failures. Change-Id: I1084223f805f1960aebb9c5868fdef84ff3667e4 2016-10-31 15:15:34 -06:00			`}`

			`function catch_puppet_failures() {`
Clean messages in console in puppet errors I think warning messages doesn't add much value in console and sometimes we miss messages with (err). Change-Id: Ic06ad59f71393dcc2f0f861e45d367fb835a14fc 2017-03-08 17:10:32 +01:00			`grep -wiE '(Error\|\(err\))' ${WORKSPACE}/puppet.log`
Split out puppet logs To improve troubleshooting and readability, let's not have the puppet logs print to the console. This change updates the puppet apply to output the logs to puppet.log which will still be captured and provided in the CI results. When the puppet apply fails, we will grep for warnings and errors from the puppet log and only print those out which should simplify troubleshooting failures. Change-Id: I1084223f805f1960aebb9c5868fdef84ff3667e4 2016-10-31 15:15:34 -06:00			`}`