yatinkarel
b44d0bdd5a
- scenario001 and 004 will be running without ceph
until ceph repos get available for CentOS8
- scenario003 will run not run with linuxbridge until next CentOS
minor version as it has issues:-
- https://bugzilla.redhat.com/show_bug.cgi?id=1720637
- Add Puppetfile_centos7 to have different puppet modules
as compared to other distros. Currently only puppet-mysql
needs to be kept pinned for centos7 as newere mariadb version
is required to remove the pin, CentOS8 and ubuntu have required
mariadb version so pin is removed. So automatic updates of puppet
modules will not be applied for CentOS7 as those jobs are going to
be removed in coming months.
- check for rdo_dlrn url existence only for RedHat distros.
Change-Id: I98fc088cd87c1412544f9590ce7a925b413297e2
258 lines
8.4 KiB
Bash
258 lines
8.4 KiB
Bash
#!/bin/bash
|
|
#
|
|
# functions - puppet-openstack-integration specific functions
|
|
#
|
|
|
|
# Install external Puppet modules with r10k
|
|
# Uses the following variables:
|
|
#
|
|
# - ``SCRIPT_DIR`` must be set to script path
|
|
# - ``GEM_BIN_DIR`` must be set to Gem bin directory
|
|
BASE_PUPPETFILE=Puppetfile
|
|
source /etc/os-release
|
|
if [[ "${REDHAT_SUPPORT_PRODUCT,,}" = "centos" && ${REDHAT_SUPPORT_PRODUCT_VERSION} = "7" ]]; then
|
|
BASE_PUPPETFILE=Puppetfile_centos7
|
|
fi
|
|
install_external() {
|
|
PUPPETFILE=${SCRIPT_DIR}/Puppetfile1 r10k -v DEBUG puppetfile install
|
|
}
|
|
|
|
# Install Puppet OpenStack modules from zuul checkouts
|
|
# Uses the following variables:
|
|
#
|
|
# - ``PUPPETFILE_DIR`` must be set to Puppet modules directory
|
|
# - ``SCRIPT_DIR`` must be set to script path
|
|
# - ``ZUUL_BRANCH`` must be set to Zuul branch. Fallback to 'master'.
|
|
# - ``CEPH_VERSION`` can be set to override Ceph version.
|
|
install_openstack() {
|
|
# Periodic jobs run without ref on master
|
|
ZUUL_BRANCH=${ZUUL_BRANCH:-master}
|
|
|
|
if [ "$ZUUL_PROJECT" != "openstack/puppet-ceph" ] && [ -n "$CEPH_VERSION" ]; then
|
|
if [ "$CEPH_VERSION" == "nautilus" ]; then
|
|
ZUUL_BRANCH="master"
|
|
else
|
|
ZUUL_BRANCH="stable/$CEPH_VERSION"
|
|
fi
|
|
fi
|
|
|
|
local project_names=$(awk '{ if ($1 == ":git") print $3 }' \
|
|
${SCRIPT_DIR}/Puppetfile0 | tr -d "'," | cut -d '/' -f 4- | xargs
|
|
)
|
|
|
|
for project in $project_names openstack/puppet-openstack-integration
|
|
do
|
|
local module_name=$(echo $project | cut -d "-" -f2-)
|
|
|
|
if [ -d /home/zuul/src/opendev.org/$project ]; then
|
|
cp -R /home/zuul/src/opendev.org/$project $PUPPETFILE_DIR/$module_name
|
|
else
|
|
git clone -b $ZUUL_BRANCH https://opendev.org/$project $PUPPETFILE_DIR/$module_name
|
|
fi
|
|
done
|
|
|
|
# Because openstack-integration can't be a class name.
|
|
# https://projects.puppetlabs.com/issues/5268
|
|
mv $PUPPETFILE_DIR/openstack-integration $PUPPETFILE_DIR/openstack_integration
|
|
}
|
|
|
|
# Install all Puppet modules with r10k
|
|
# Uses the following variables:
|
|
#
|
|
# - ``SCRIPT_DIR`` must be set to script path
|
|
install_all() {
|
|
# When installing from local source, we want to install the current source
|
|
# we're working from.
|
|
PUPPETFILE=${SCRIPT_DIR}/${BASE_PUPPETFILE} r10k -v DEBUG puppetfile install
|
|
cp -a ${SCRIPT_DIR} ${PUPPETFILE_DIR}/openstack_integration
|
|
}
|
|
|
|
# Install Puppet OpenStack modules and dependencies by using
|
|
# zuul checkouts or r10k.
|
|
# Uses the following variables:
|
|
#
|
|
# - ``PUPPETFILE_DIR`` must be set to Puppet modules directory
|
|
# - ``SCRIPT_DIR`` must be set to script path
|
|
# - ``ZUUL_BRANCH`` must be set to Zuul branch
|
|
install_modules() {
|
|
if [ -d /home/zuul/src/opendev.org ] ; then
|
|
csplit ${SCRIPT_DIR}/${BASE_PUPPETFILE} /'External modules'/ \
|
|
--prefix ${SCRIPT_DIR}/Puppetfile \
|
|
--suffix '%d'
|
|
install_external
|
|
install_openstack
|
|
else
|
|
install_all
|
|
fi
|
|
}
|
|
|
|
# This is only executed from install_modules_unit.sh because we have
|
|
# some modules that is only required for puppet6 unit testing.
|
|
# Uses the following variables:
|
|
#
|
|
# - ``PUPPETFILE_DIR`` must be set to Puppet modules directory
|
|
# - ``SCRIPT_DIR`` must be set to script path
|
|
# - ``ZUUL_BRANCH`` must be set to Zuul branch
|
|
install_modules_unit() {
|
|
if [ -d /home/zuul/src/opendev.org ] ; then
|
|
csplit ${SCRIPT_DIR}/${BASE_PUPPETFILE} /'External modules'/ \
|
|
--prefix ${SCRIPT_DIR}/Puppetfile \
|
|
--suffix '%d'
|
|
cat ${SCRIPT_DIR}/Puppetfile_unit >> ${SCRIPT_DIR}/Puppetfile1
|
|
install_external
|
|
install_openstack
|
|
else
|
|
cat ${SCRIPT_DIR}/Puppetfile_unit >> ${SCRIPT_DIR}/Puppetfile
|
|
install_all
|
|
fi
|
|
}
|
|
|
|
# Write out basic hiera configuration
|
|
#
|
|
# Uses the following variables:
|
|
# - ``SCRIPT_DIR`` must be set to the dir that contains a /hiera folder to use
|
|
# - ``HIERA_CONFIG`` must be set to the hiera config file location
|
|
#
|
|
configure_hiera() {
|
|
cat <<EOF >$HIERA_CONFIG
|
|
---
|
|
version: 5
|
|
defaults:
|
|
datadir: ${SCRIPT_DIR}/hiera
|
|
data_hash: yaml_data
|
|
hierarchy:
|
|
- name: "OS specific"
|
|
path: "%{::operatingsystem}.yaml"
|
|
- name: "OS family specific"
|
|
path: "%{::osfamily}.yaml"
|
|
- name: "Common"
|
|
path: "common.yaml"
|
|
EOF
|
|
}
|
|
|
|
is_fedora() {
|
|
if [ -f /etc/os-release ]; then
|
|
source /etc/os-release
|
|
test "$ID" = "fedora" -o "$ID" = "centos"
|
|
else
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
uses_debs() {
|
|
# check if apt-get is installed, valid for debian based
|
|
type "apt-get" 2>/dev/null
|
|
}
|
|
|
|
if type "dnf" 2>/dev/null;then
|
|
export YUM=dnf
|
|
else
|
|
export YUM=yum
|
|
fi
|
|
|
|
print_header() {
|
|
if [ -n "$(set | grep xtrace)" ]; then
|
|
set +x
|
|
local enable_xtrace='yes'
|
|
fi
|
|
local msg=$1
|
|
printf '%.0s-' {1..80}; echo
|
|
printf '| %-76s |\n' "${msg}"
|
|
printf '%.0s-' {1..80}; echo
|
|
if [ -n "${enable_xtrace}" ]; then
|
|
set -x
|
|
fi
|
|
}
|
|
|
|
install_puppet() {
|
|
if uses_debs; then
|
|
print_header 'Setup (Debian based)'
|
|
if [ "${MANAGE_REPOS}" == "true" ] ; then
|
|
if [ $PUPPET_MAJ_VERSION == 4 ]; then
|
|
local PUPPET_APT_POOL="PC1"
|
|
else
|
|
local PUPPET_APT_POOL="puppet${PUPPET_MAJ_VERSION}"
|
|
fi
|
|
PUPPET_CODENAME=$(lsb_release -s -c)
|
|
if [ $PUPPET_CODENAME == "bionic" ]; then
|
|
# For some reason this directory does not exist in Bionic
|
|
$SUDO mkdir -p /etc/apt/sources.list.d
|
|
fi
|
|
echo "deb ${NODEPOOL_PUPPETLABS_MIRROR} ${PUPPET_CODENAME} ${PUPPET_APT_POOL}" | $SUDO tee /etc/apt/sources.list.d/puppetlabs.list
|
|
$SUDO apt-key add files/GPG-KEY-puppetlabs
|
|
$SUDO apt-key add files/GPG-KEY-ceph
|
|
$SUDO apt-get update
|
|
fi
|
|
$SUDO apt-get install -y ${PUPPET_PKG}
|
|
elif is_fedora; then
|
|
print_header 'Setup (RedHat based)'
|
|
# EPEL does not work fine with RDO, we need to make sure EPEL is really disabled
|
|
if rpm --quiet -q epel-release; then
|
|
$SUDO rpm -e epel-release
|
|
fi
|
|
|
|
if [ "${MANAGE_REPOS}" == "true" ] ; then
|
|
if [ $PUPPET_MAJ_VERSION == 4 ]; then
|
|
local PUPPET_YUM_SUFFIX="/el/7/PC1/x86_64/"
|
|
else
|
|
local PUPPET_YUM_SUFFIX="/puppet${PUPPET_MAJ_VERSION}/el/7/x86_64/"
|
|
fi
|
|
$SUDO rpm --import files/GPG-KEY-puppetlabs
|
|
$SUDO rpm --import files/GPG-KEY-puppet
|
|
$SUDO bash -c "cat << EOF > /etc/yum.repos.d/puppetlabs.repo
|
|
[puppetlabs-products]
|
|
name=Puppet Labs Products El 7 - x86_64
|
|
baseurl=${NODEPOOL_PUPPETLABS_MIRROR}${PUPPET_YUM_SUFFIX}
|
|
gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-puppetlabs
|
|
file:///etc/pki/rpm-gpg/GPG-KEY-puppet
|
|
enabled=1
|
|
gpgcheck=1
|
|
EOF"
|
|
fi
|
|
$SUDO $YUM install -y ${PUPPET_PKG}
|
|
fi
|
|
}
|
|
|
|
function run_puppet() {
|
|
local manifest=$1
|
|
$SUDO $PUPPET_FULL_PATH apply $PUPPET_ARGS fixtures/${manifest}.pp
|
|
local res=$?
|
|
return $res
|
|
}
|
|
|
|
function catch_selinux_alerts() {
|
|
if is_fedora; then
|
|
$SUDO sealert -a /var/log/audit/audit.log
|
|
if $SUDO grep -iq 'type=AVC' /var/log/audit/audit.log; then
|
|
echo "AVC detected in /var/log/audit/audit.log"
|
|
source /etc/os-release
|
|
# TODO: figure why latest rabbitmq deployed with SSL tries to write in SSL pem file.
|
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1341738
|
|
if $SUDO grep -iqE 'denied.*system_r:rabbitmq_t' /var/log/audit/audit.log; then
|
|
echo "non-critical RabbitMQ AVC, ignoring it now."
|
|
# FIXME(ykarel) catch_selinux_alerts not work with non ssl scenarios(no rabbitmq alert),
|
|
# currently running all scenarios without ssl in Fedora and CentOS8,
|
|
# because glance,nova,mistral py3 has issues when running with eventlet + ssl:
|
|
# glance https://bugs.launchpad.net/glance/+bug/1769006
|
|
# nova https://bugs.launchpad.net/nova/+bug/1808975
|
|
# mistral https://bugs.launchpad.net/mistral/+bug/1808953
|
|
elif [ -f /etc/fedora-release ] || [[ "${REDHAT_SUPPORT_PRODUCT,,}" = "centos" && ${REDHAT_SUPPORT_PRODUCT_VERSION} = "8" ]]; then
|
|
echo "non ssl scenario, ignoring it now."
|
|
else
|
|
echo "Please file a bug on https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20OpenStack&component=openstack-selinux showing sealert output."
|
|
exit 1
|
|
fi
|
|
else
|
|
echo 'No AVC detected in /var/log/audit/audit.log'
|
|
fi
|
|
fi
|
|
}
|
|
|
|
function timestamp_puppet_log() {
|
|
$SUDO mv ${WORKSPACE}/puppet.log ${WORKSPACE}/puppet-$(date +%Y%m%d_%H%M%S).log
|
|
}
|
|
|
|
function catch_puppet_failures() {
|
|
$SUDO grep -wiE '(Error|\(err\))' ${WORKSPACE}/puppet.log
|
|
}
|