openstack/puppet-openstack-integration
Code Issues Proposed changes
b69ea6177a
puppet-openstack-integration/functions
Takashi Kajinami 02e65c7fc1 Refactor puppet installation in integration job 
This splits the existing function to repository set up and actual
package installation and adds an additional knob to skip setting up
puppetlabs repo (and install puppet from distributions).

Change-Id: I3568883537e8cc29f234754c78fc2425ad6a8f4b
2023-11-09 23:37:51 +09:00

276 lines
8.5 KiB
Bash
Raw Blame History

#!/bin/bash
#
# functions - puppet-openstack-integration specific functions
#
# To retry a command until it succeed for a given
# number of retries(default to 3).
retry_cmd() {
local cmd=$1
local total_tries=${2:-3}
local delay=${3:-5}
local retry_count=1
local ret_code=1
until [[ ${ret_code} -eq 0 || ${retry_count} -gt ${total_tries} ]]; do
echo Retry count:-${retry_count}, Command:-$cmd
set +e
$cmd
ret_code=$?
set -e
((retry_count++))
sleep ${delay}
done
if [ ${ret_code} -ne 0 ]; then
echo Failed even after ${total_tries} retries, Exiting
exit ${ret_code}
fi
}
# Install external Puppet modules with r10k
# Uses the following variables:
#
# - ``SCRIPT_DIR`` must be set to script path
# - ``GEM_BIN_DIR`` must be set to Gem bin directory
install_external() {
install_cmd="r10k -v DEBUG puppetfile install \
--puppetfile ${SCRIPT_DIR}/Puppetfile1 \
--moduledir ${PUPPETFILE_DIR}"
retry_cmd "${install_cmd}"
}
# Install Puppet OpenStack modules from zuul checkouts
# Uses the following variables:
#
# - ``PUPPETFILE_DIR`` must be set to Puppet modules directory
# - ``SCRIPT_DIR`` must be set to script path
# - ``ZUUL_BRANCH`` must be set to Zuul branch. Fallback to 'master'.
# - ``CEPH_VERSION`` can be set to override Ceph version.
install_openstack() {
# Periodic jobs run without ref on master
ZUUL_BRANCH=${ZUUL_BRANCH:-master}
if [ "$ZUUL_PROJECT" != "openstack/puppet-ceph" ] && [ -n "$CEPH_VERSION" ]; then
if [ "$CEPH_VERSION" == "jewel" ] || [ "$CEPH_VERSION" == "luminous" ] || [ "$CEPH_VERSION" == "mimic" ]; then
ZUUL_BRANCH="stable/$CEPH_VERSION"
else
ZUUL_BRANCH="master"
fi
fi
local project_names=$(awk '{ if ($1 == ":git") print $3 }' \
${SCRIPT_DIR}/Puppetfile0 | tr -d "'," | cut -d '/' -f 4- | xargs
)
for project in $project_names openstack/puppet-openstack-integration
do
local module_name=$(echo $project | cut -d "-" -f2-)
if [ -d /home/zuul/src/opendev.org/$project ]; then
cp -R /home/zuul/src/opendev.org/$project $PUPPETFILE_DIR/$module_name
else
git clone -b $ZUUL_BRANCH https://opendev.org/$project $PUPPETFILE_DIR/$module_name
fi
done
# Because openstack-integration can't be a class name.
# https://projects.puppetlabs.com/issues/5268
mv $PUPPETFILE_DIR/openstack-integration $PUPPETFILE_DIR/openstack_integration
}
# Install all Puppet modules with r10k
# Uses the following variables:
#
# - ``PUPPETFILE_DIR`` must be set to Puppet modules directory
# - ``SCRIPT_DIR`` must be set to script path
install_all() {
# When installing from local source, we want to install the current source
# we're working from.
install_cmd="r10k -v DEBUG puppetfile install \
--puppetfile ${SCRIPT_DIR}/Puppetfile \
--moduledir ${PUPPETFILE_DIR}"
retry_cmd "${install_cmd}"
cp -a ${SCRIPT_DIR} ${PUPPETFILE_DIR}/openstack_integration
}
# Install Puppet OpenStack modules and dependencies by using
# zuul checkouts or r10k.
# Uses the following variables:
#
# - ``PUPPETFILE_DIR`` must be set to Puppet modules directory
# - ``SCRIPT_DIR`` must be set to script path
# - ``ZUUL_BRANCH`` must be set to Zuul branch
install_modules() {
if [ -d /home/zuul/src/opendev.org ] ; then
csplit ${SCRIPT_DIR}/Puppetfile /'External modules'/ \
--prefix ${SCRIPT_DIR}/Puppetfile \
--suffix '%d'
install_external
install_openstack
else
install_all
fi
}
# This is only executed from install_modules_unit.sh because we have
# some modules that is only required for puppet6 unit testing.
# Uses the following variables:
#
# - ``PUPPETFILE_DIR`` must be set to Puppet modules directory
# - ``SCRIPT_DIR`` must be set to script path
# - ``ZUUL_BRANCH`` must be set to Zuul branch
install_modules_unit() {
if [ -d /home/zuul/src/opendev.org ] ; then
csplit ${SCRIPT_DIR}/Puppetfile /'External modules'/ \
--prefix ${SCRIPT_DIR}/Puppetfile \
--suffix '%d'
cat ${SCRIPT_DIR}/Puppetfile_unit >> ${SCRIPT_DIR}/Puppetfile1
install_external
install_openstack
else
cat ${SCRIPT_DIR}/Puppetfile_unit >> ${SCRIPT_DIR}/Puppetfile
install_all
fi
}
# Write out basic hiera configuration
#
# Uses the following variables:
# - ``SCRIPT_DIR`` must be set to the dir that contains a /hiera folder to use
# - ``HIERA_CONFIG`` must be set to the hiera config file location
#
configure_hiera() {
cat <<EOF >$HIERA_CONFIG
---
version: 5
defaults:
datadir: ${SCRIPT_DIR}/hiera
data_hash: yaml_data
hierarchy:
- name: "OS specific"
path: "%{facts.os.name}.yaml"
- name: "OS family specific"
path: "%{facts.os.family}.yaml"
- name: "Common"
path: "common.yaml"
EOF
}
is_fedora() {
if [ -f /etc/os-release ]; then
source /etc/os-release
test "$ID" = "fedora" -o "$ID" = "centos"
else
return 1
fi
}
uses_debs() {
# check if apt-get is installed, valid for debian based
type "apt-get" 2>/dev/null
}
if type "dnf" 2>/dev/null;then
export YUM=dnf
else
export YUM=yum
fi
print_header() {
if [ -n "$(set | grep xtrace)" ]; then
set +x
local enable_xtrace='yes'
fi
local msg=$1
printf '%.0s-' {1..80}; echo
printf '| %-76s |\n' "${msg}"
printf '%.0s-' {1..80}; echo
if [ -n "${enable_xtrace}" ]; then
set -x
fi
}
install_puppetlabs_repo() {
print_header 'Install Puppetlabs repo'
if uses_debs; then
PUPPET_CODENAME=$(lsb_release -s -c)
$SUDO mkdir -p /etc/apt/sources.list.d
echo "deb ${NODEPOOL_PUPPETLABS_MIRROR} ${PUPPET_CODENAME} puppet${PUPPET_MAJ_VERSION}" | $SUDO tee /etc/apt/sources.list.d/puppetlabs.list
$SUDO apt-key add files/GPG-KEY-puppetlabs
$SUDO apt-key add files/GPG-KEY-ceph
$SUDO apt-get update
elif is_fedora; then
source /etc/os-release
$SUDO rpm --import ${NODEPOOL_PUPPETLABS_MIRROR}/RPM-GPG-KEY-puppetlabs
$SUDO rpm --import ${NODEPOOL_PUPPETLABS_MIRROR}/RPM-GPG-KEY-puppet
$SUDO rpm --import ${NODEPOOL_PUPPETLABS_MIRROR}/RPM-GPG-KEY-puppet-20250406
$SUDO bash -c "cat << EOF > /etc/yum.repos.d/puppetlabs.repo
[puppetlabs-products]
name=Puppet Labs Products El ${VERSION_ID} - x86_64
baseurl=${NODEPOOL_PUPPETLABS_MIRROR}/puppet${PUPPET_MAJ_VERSION}/el/${VERSION_ID}/x86_64/
gpgkey=${NODEPOOL_PUPPETLABS_MIRROR}/RPM-GPG-KEY-puppetlabs
${NODEPOOL_PUPPETLABS_MIRROR}/RPM-GPG-KEY-puppet
${NODEPOOL_PUPPETLABS_MIRROR}/RPM-GPG-KEY-puppet-20250406
enabled=1
gpgcheck=1
EOF"
fi
}
install_puppet() {
print_header 'Install Puppet'
if uses_debs; then
$SUDO apt-get install -y ${PUPPET_PKG}
DISTRIBUTION_VENDOR=$(lsb_release -s -i)
if [ ${DISTRIBUTION_VENDOR} = 'Debian' ]; then
if [ "${USE_PUPPETLABS}" != 'true' ] && [ "${PUPPET_PKG}" = 'puppet' ]; then
# NOTE(tkajinam): puppet pacakge in Debian is separated to
# sub packages.
$SUDO apt-get install -y \
puppet-module-puppetlabs-augeas-core \
puppet-module-puppetlabs-cron-core \
puppet-module-puppetlabs-mount-core \
puppet-module-puppetlabs-sshkeys-core
fi
fi
elif is_fedora; then
$SUDO $YUM install -y ${PUPPET_PKG}
fi
}
function run_puppet() {
local manifest=$1
$SUDO $PUPPET_FULL_PATH apply $PUPPET_ARGS fixtures/${manifest}.pp
local res=$?
return $res
}
function catch_selinux_alerts() {
if is_fedora; then
sealert_cmd="$SUDO sealert -a /var/log/audit/audit.log"
retry_cmd "$sealert_cmd"
if $SUDO grep -iq 'type=AVC' /var/log/audit/audit.log; then
echo "AVC detected in /var/log/audit/audit.log"
source /etc/os-release
# TODO: figure why latest rabbitmq deployed with SSL tries to write in SSL pem file.
# https://bugzilla.redhat.com/show_bug.cgi?id=1341738
if $SUDO grep -iqE 'denied.*system_r:rabbitmq_t' /var/log/audit/audit.log; then
echo "non-critical RabbitMQ AVC, ignoring it now."
else
echo "Please file a bug on https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20OpenStack&component=openstack-selinux showing sealert output."
exit 1
fi
else
echo 'No AVC detected in /var/log/audit/audit.log'
fi
fi
}
function timestamp_puppet_log() {
$SUDO mv ${WORKSPACE}/puppet.log ${WORKSPACE}/puppet-$(date +%Y%m%d_%H%M%S).log
}
function catch_puppet_failures() {
$SUDO grep -wiE '(Error|\(err\))' ${WORKSPACE}/puppet.log
}
View Git Blame Copy Permalink