eaacd3f841
We are closing in on adding Ceph Mimic support and want to ensure we can select either Luminous or Mimic for running our tests. For example Ubuntu 18.04 must run Ceph Mimic because Luminous is not available (yet), Debian doesn't have Ceph Mimic packages so we must run Luminous there. Depends-On: https://review.openstack.org/#/c/576247/ Change-Id: If84ecbf86f3ebde8e69a1a26759ad967d061725a
215 lines
6.4 KiB
Bash
215 lines
6.4 KiB
Bash
#!/bin/bash
|
|
#
|
|
# functions - puppet-openstack-integration specific functions
|
|
#
|
|
|
|
# Install external Puppet modules with r10k
|
|
# Uses the following variables:
|
|
#
|
|
# - ``SCRIPT_DIR`` must be set to script path
|
|
# - ``GEM_BIN_DIR`` must be set to Gem bin directory
|
|
install_external() {
|
|
PUPPETFILE=${SCRIPT_DIR}/Puppetfile1 r10k -v DEBUG puppetfile install
|
|
}
|
|
|
|
# Install Puppet OpenStack modules with zuul-cloner
|
|
# Uses the following variables:
|
|
#
|
|
# - ``PUPPETFILE_DIR`` must be set to Puppet modules directory
|
|
# - ``SCRIPT_DIR`` must be set to script path
|
|
# - ``ZUUL_BRANCH`` must be set to Zuul branch. Fallback to 'master'.
|
|
install_openstack() {
|
|
# Periodic jobs run without ref on master
|
|
ZUUL_BRANCH=${ZUUL_BRANCH:-master}
|
|
|
|
if [ $ZUUL_PROJECT != "openstack/puppet-ceph" ] && [ -n "$CEPH_VERSION" ]; then
|
|
if [ $CEPH_VERSION == "mimic" ]; then
|
|
ZUUL_BRANCH="master"
|
|
else
|
|
ZUUL_BRANCH="stable/$CEPH_VERSION"
|
|
fi
|
|
fi
|
|
|
|
cat > clonemap.yaml <<EOF
|
|
clonemap:
|
|
- name: '(.*?)/puppet-(.*)'
|
|
dest: '$PUPPETFILE_DIR/\2'
|
|
EOF
|
|
|
|
local project_names=$(awk '{ if ($1 == ":git") print $3 }' \
|
|
${SCRIPT_DIR}/Puppetfile0 | tr -d "'," | cut -d '/' -f 4- | xargs
|
|
)
|
|
project_names="${project_names} openstack/puppet-openstack-integration"
|
|
/usr/zuul-env/bin/zuul-cloner -m clonemap.yaml \
|
|
--cache-dir /opt/git \
|
|
--zuul-branch $ZUUL_BRANCH \
|
|
git://git.openstack.org $project_names
|
|
|
|
# Because openstack-integration can't be a class name.
|
|
# https://projects.puppetlabs.com/issues/5268
|
|
mv $PUPPETFILE_DIR/openstack-integration $PUPPETFILE_DIR/openstack_integration
|
|
}
|
|
|
|
# Install all Puppet modules with r10k
|
|
# Uses the following variables:
|
|
#
|
|
# - ``SCRIPT_DIR`` must be set to script path
|
|
install_all() {
|
|
# When installing from local source, we want to install the current source
|
|
# we're working from.
|
|
PUPPETFILE=${SCRIPT_DIR}/Puppetfile r10k -v DEBUG puppetfile install
|
|
cp -a ${SCRIPT_DIR} ${PUPPETFILE_DIR}/openstack_integration
|
|
}
|
|
|
|
# Install Puppet OpenStack modules and dependencies by using
|
|
# zuul-cloner or r10k.
|
|
# Uses the following variables:
|
|
#
|
|
# - ``PUPPETFILE_DIR`` must be set to Puppet modules directory
|
|
# - ``SCRIPT_DIR`` must be set to script path
|
|
# - ``ZUUL_BRANCH`` must be set to Zuul branch
|
|
install_modules() {
|
|
# If zuul-cloner is there, have it install modules using zuul refs
|
|
if [ -e /usr/zuul-env/bin/zuul-cloner ] ; then
|
|
csplit ${SCRIPT_DIR}/Puppetfile /'External modules'/ \
|
|
--prefix ${SCRIPT_DIR}/Puppetfile \
|
|
--suffix '%d'
|
|
install_external
|
|
install_openstack
|
|
else
|
|
install_all
|
|
fi
|
|
}
|
|
|
|
# Write out basic hiera configuration
|
|
#
|
|
# Uses the following variables:
|
|
# - ``SCRIPT_DIR`` must be set to the dir that contains a /hiera folder to use
|
|
# - ``HIERA_CONFIG`` must be set to the hiera config file location
|
|
#
|
|
configure_hiera() {
|
|
cat <<EOF >$HIERA_CONFIG
|
|
---
|
|
:backends:
|
|
- yaml
|
|
:yaml:
|
|
:datadir: "${SCRIPT_DIR}/hiera"
|
|
:hierarchy:
|
|
- "%{::operatingsystem}"
|
|
- "%{::osfamily}"
|
|
- common
|
|
EOF
|
|
}
|
|
|
|
is_fedora() {
|
|
if [ -f /etc/os-release ]; then
|
|
source /etc/os-release
|
|
test "$ID" = "fedora" -o "$ID" = "centos"
|
|
else
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
uses_debs() {
|
|
# check if apt-get is installed, valid for debian based
|
|
type "apt-get" 2>/dev/null
|
|
}
|
|
|
|
if type "dnf" 2>/dev/null;then
|
|
export YUM=dnf
|
|
else
|
|
export YUM=yum
|
|
fi
|
|
|
|
print_header() {
|
|
if [ -n "$(set | grep xtrace)" ]; then
|
|
set +x
|
|
local enable_xtrace='yes'
|
|
fi
|
|
local msg=$1
|
|
printf '%.0s-' {1..80}; echo
|
|
printf '| %-76s |\n' "${msg}"
|
|
printf '%.0s-' {1..80}; echo
|
|
if [ -n "${enable_xtrace}" ]; then
|
|
set -x
|
|
fi
|
|
}
|
|
|
|
install_puppet() {
|
|
if uses_debs; then
|
|
print_header 'Setup (Debian based)'
|
|
if [ "${MANAGE_REPOS}" == "true" ] ; then
|
|
if [ $PUPPET_MAJ_VERSION == 4 ]; then
|
|
local PUPPET_APT_POOL="PC1"
|
|
elif [ $PUPPET_MAJ_VERSION == 5 ]; then
|
|
local PUPPET_APT_POOL="puppet5"
|
|
fi
|
|
echo "deb ${NODEPOOL_PUPPETLABS_MIRROR} `lsb_release -s -c` ${PUPPET_APT_POOL}" | $SUDO tee /etc/apt/sources.list.d/puppetlabs.list
|
|
$SUDO apt-key add files/GPG-KEY-puppetlabs
|
|
$SUDO apt-key add files/GPG-KEY-ceph
|
|
$SUDO apt-get update
|
|
fi
|
|
$SUDO apt-get install -y ${PUPPET_PKG}
|
|
elif is_fedora; then
|
|
print_header 'Setup (RedHat based)'
|
|
# EPEL does not work fine with RDO, we need to make sure EPEL is really disabled
|
|
if rpm --quiet -q epel-release; then
|
|
$SUDO rpm -e epel-release
|
|
fi
|
|
|
|
if [ "${MANAGE_REPOS}" == "true" ] ; then
|
|
if [ $PUPPET_MAJ_VERSION == 4 ]; then
|
|
local PUPPET_YUM_SUFFIX="/el/7/PC1/x86_64/"
|
|
elif [ $PUPPET_MAJ_VERSION == 5 ]; then
|
|
local PUPPET_YUM_SUFFIX="/puppet5/el/7/x86_64/"
|
|
fi
|
|
$SUDO rpm --import files/GPG-KEY-puppetlabs
|
|
$SUDO rpm --import files/GPG-KEY-puppet
|
|
$SUDO bash -c "cat << EOF > /etc/yum.repos.d/puppetlabs.repo
|
|
[puppetlabs-products]
|
|
name=Puppet Labs Products El 7 - x86_64
|
|
baseurl=${NODEPOOL_PUPPETLABS_MIRROR}${PUPPET_YUM_SUFFIX}
|
|
gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-puppetlabs
|
|
file:///etc/pki/rpm-gpg/GPG-KEY-puppet
|
|
enabled=1
|
|
gpgcheck=1
|
|
EOF"
|
|
fi
|
|
$SUDO $YUM install -y ${PUPPET_PKG}
|
|
fi
|
|
}
|
|
|
|
function run_puppet() {
|
|
local manifest=$1
|
|
$SUDO $PUPPET_FULL_PATH apply $PUPPET_ARGS fixtures/${manifest}.pp
|
|
local res=$?
|
|
return $res
|
|
}
|
|
|
|
function catch_selinux_alerts() {
|
|
if is_fedora; then
|
|
$SUDO sealert -a /var/log/audit/audit.log
|
|
if $SUDO grep -iq 'type=AVC' /var/log/audit/audit.log; then
|
|
echo "AVC detected in /var/log/audit/audit.log"
|
|
# TODO: figure why latest rabbitmq deployed with SSL tries to write in SSL pem file.
|
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1341738
|
|
if $SUDO grep -iqE 'denied.*system_r:rabbitmq_t' /var/log/audit/audit.log; then
|
|
echo "non-critical RabbitMQ AVC, ignoring it now."
|
|
else
|
|
echo "Please file a bug on https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20OpenStack&component=openstack-selinux showing sealert output."
|
|
exit 1
|
|
fi
|
|
else
|
|
echo 'No AVC detected in /var/log/audit/audit.log'
|
|
fi
|
|
fi
|
|
}
|
|
|
|
function timestamp_puppet_log() {
|
|
$SUDO mv ${WORKSPACE}/puppet.log ${WORKSPACE}/puppet-$(date +%Y%m%d_%H%M%S).log
|
|
}
|
|
|
|
function catch_puppet_failures() {
|
|
$SUDO grep -wiE '(Error|\(err\))' ${WORKSPACE}/puppet.log
|
|
}
|