d2b34d006b
mariadb has been updated in RDO CentOS7 for Ussuri so we can bump puppet-mysql and use the same Puppetfile for all cases, no more exceptions for CentOS8 are needed. Change-Id: I1c4204c5b9fb893a2209666894792938f72b7548
253 lines
8.2 KiB
Bash
253 lines
8.2 KiB
Bash
#!/bin/bash
|
|
#
|
|
# functions - puppet-openstack-integration specific functions
|
|
#
|
|
|
|
# Install external Puppet modules with r10k
|
|
# Uses the following variables:
|
|
#
|
|
# - ``SCRIPT_DIR`` must be set to script path
|
|
# - ``GEM_BIN_DIR`` must be set to Gem bin directory
|
|
install_external() {
|
|
PUPPETFILE=${SCRIPT_DIR}/Puppetfile1 r10k -v DEBUG puppetfile install
|
|
}
|
|
|
|
# Install Puppet OpenStack modules from zuul checkouts
|
|
# Uses the following variables:
|
|
#
|
|
# - ``PUPPETFILE_DIR`` must be set to Puppet modules directory
|
|
# - ``SCRIPT_DIR`` must be set to script path
|
|
# - ``ZUUL_BRANCH`` must be set to Zuul branch. Fallback to 'master'.
|
|
# - ``CEPH_VERSION`` can be set to override Ceph version.
|
|
install_openstack() {
|
|
# Periodic jobs run without ref on master
|
|
ZUUL_BRANCH=${ZUUL_BRANCH:-master}
|
|
|
|
if [ "$ZUUL_PROJECT" != "openstack/puppet-ceph" ] && [ -n "$CEPH_VERSION" ]; then
|
|
if [ "$CEPH_VERSION" == "nautilus" ]; then
|
|
ZUUL_BRANCH="master"
|
|
else
|
|
ZUUL_BRANCH="stable/$CEPH_VERSION"
|
|
fi
|
|
fi
|
|
|
|
local project_names=$(awk '{ if ($1 == ":git") print $3 }' \
|
|
${SCRIPT_DIR}/Puppetfile0 | tr -d "'," | cut -d '/' -f 4- | xargs
|
|
)
|
|
|
|
for project in $project_names openstack/puppet-openstack-integration
|
|
do
|
|
local module_name=$(echo $project | cut -d "-" -f2-)
|
|
|
|
if [ -d /home/zuul/src/opendev.org/$project ]; then
|
|
cp -R /home/zuul/src/opendev.org/$project $PUPPETFILE_DIR/$module_name
|
|
else
|
|
git clone -b $ZUUL_BRANCH https://opendev.org/$project $PUPPETFILE_DIR/$module_name
|
|
fi
|
|
done
|
|
|
|
# Because openstack-integration can't be a class name.
|
|
# https://projects.puppetlabs.com/issues/5268
|
|
mv $PUPPETFILE_DIR/openstack-integration $PUPPETFILE_DIR/openstack_integration
|
|
}
|
|
|
|
# Install all Puppet modules with r10k
|
|
# Uses the following variables:
|
|
#
|
|
# - ``SCRIPT_DIR`` must be set to script path
|
|
install_all() {
|
|
# When installing from local source, we want to install the current source
|
|
# we're working from.
|
|
PUPPETFILE=${SCRIPT_DIR}/Puppetfile r10k -v DEBUG puppetfile install
|
|
cp -a ${SCRIPT_DIR} ${PUPPETFILE_DIR}/openstack_integration
|
|
}
|
|
|
|
# Install Puppet OpenStack modules and dependencies by using
|
|
# zuul checkouts or r10k.
|
|
# Uses the following variables:
|
|
#
|
|
# - ``PUPPETFILE_DIR`` must be set to Puppet modules directory
|
|
# - ``SCRIPT_DIR`` must be set to script path
|
|
# - ``ZUUL_BRANCH`` must be set to Zuul branch
|
|
install_modules() {
|
|
if [ -d /home/zuul/src/opendev.org ] ; then
|
|
csplit ${SCRIPT_DIR}/Puppetfile /'External modules'/ \
|
|
--prefix ${SCRIPT_DIR}/Puppetfile \
|
|
--suffix '%d'
|
|
install_external
|
|
install_openstack
|
|
else
|
|
install_all
|
|
fi
|
|
}
|
|
|
|
# This is only executed from install_modules_unit.sh because we have
|
|
# some modules that is only required for puppet6 unit testing.
|
|
# Uses the following variables:
|
|
#
|
|
# - ``PUPPETFILE_DIR`` must be set to Puppet modules directory
|
|
# - ``SCRIPT_DIR`` must be set to script path
|
|
# - ``ZUUL_BRANCH`` must be set to Zuul branch
|
|
install_modules_unit() {
|
|
if [ -d /home/zuul/src/opendev.org ] ; then
|
|
csplit ${SCRIPT_DIR}/Puppetfile /'External modules'/ \
|
|
--prefix ${SCRIPT_DIR}/Puppetfile \
|
|
--suffix '%d'
|
|
cat ${SCRIPT_DIR}/Puppetfile_unit >> ${SCRIPT_DIR}/Puppetfile1
|
|
install_external
|
|
install_openstack
|
|
else
|
|
cat ${SCRIPT_DIR}/Puppetfile_unit >> ${SCRIPT_DIR}/Puppetfile
|
|
install_all
|
|
fi
|
|
}
|
|
|
|
# Write out basic hiera configuration
|
|
#
|
|
# Uses the following variables:
|
|
# - ``SCRIPT_DIR`` must be set to the dir that contains a /hiera folder to use
|
|
# - ``HIERA_CONFIG`` must be set to the hiera config file location
|
|
#
|
|
configure_hiera() {
|
|
cat <<EOF >$HIERA_CONFIG
|
|
---
|
|
version: 5
|
|
defaults:
|
|
datadir: ${SCRIPT_DIR}/hiera
|
|
data_hash: yaml_data
|
|
hierarchy:
|
|
- name: "OS specific"
|
|
path: "%{::operatingsystem}.yaml"
|
|
- name: "OS family specific"
|
|
path: "%{::osfamily}.yaml"
|
|
- name: "Common"
|
|
path: "common.yaml"
|
|
EOF
|
|
}
|
|
|
|
is_fedora() {
|
|
if [ -f /etc/os-release ]; then
|
|
source /etc/os-release
|
|
test "$ID" = "fedora" -o "$ID" = "centos"
|
|
else
|
|
return 1
|
|
fi
|
|
}
|
|
|
|
uses_debs() {
|
|
# check if apt-get is installed, valid for debian based
|
|
type "apt-get" 2>/dev/null
|
|
}
|
|
|
|
if type "dnf" 2>/dev/null;then
|
|
export YUM=dnf
|
|
else
|
|
export YUM=yum
|
|
fi
|
|
|
|
print_header() {
|
|
if [ -n "$(set | grep xtrace)" ]; then
|
|
set +x
|
|
local enable_xtrace='yes'
|
|
fi
|
|
local msg=$1
|
|
printf '%.0s-' {1..80}; echo
|
|
printf '| %-76s |\n' "${msg}"
|
|
printf '%.0s-' {1..80}; echo
|
|
if [ -n "${enable_xtrace}" ]; then
|
|
set -x
|
|
fi
|
|
}
|
|
|
|
install_puppet() {
|
|
if uses_debs; then
|
|
print_header 'Setup (Debian based)'
|
|
if [ "${MANAGE_REPOS}" == "true" ] ; then
|
|
if [ $PUPPET_MAJ_VERSION == 4 ]; then
|
|
local PUPPET_APT_POOL="PC1"
|
|
else
|
|
local PUPPET_APT_POOL="puppet${PUPPET_MAJ_VERSION}"
|
|
fi
|
|
PUPPET_CODENAME=$(lsb_release -s -c)
|
|
if [ $PUPPET_CODENAME == "bionic" ]; then
|
|
# For some reason this directory does not exist in Bionic
|
|
$SUDO mkdir -p /etc/apt/sources.list.d
|
|
fi
|
|
echo "deb ${NODEPOOL_PUPPETLABS_MIRROR} ${PUPPET_CODENAME} ${PUPPET_APT_POOL}" | $SUDO tee /etc/apt/sources.list.d/puppetlabs.list
|
|
$SUDO apt-key add files/GPG-KEY-puppetlabs
|
|
$SUDO apt-key add files/GPG-KEY-ceph
|
|
$SUDO apt-get update
|
|
fi
|
|
$SUDO apt-get install -y ${PUPPET_PKG}
|
|
elif is_fedora; then
|
|
print_header 'Setup (RedHat based)'
|
|
# EPEL does not work fine with RDO, we need to make sure EPEL is really disabled
|
|
if rpm --quiet -q epel-release; then
|
|
$SUDO rpm -e epel-release
|
|
fi
|
|
|
|
if [ "${MANAGE_REPOS}" == "true" ] ; then
|
|
if [ $PUPPET_MAJ_VERSION == 4 ]; then
|
|
local PUPPET_YUM_SUFFIX="/el/7/PC1/x86_64/"
|
|
else
|
|
local PUPPET_YUM_SUFFIX="/puppet${PUPPET_MAJ_VERSION}/el/7/x86_64/"
|
|
fi
|
|
$SUDO rpm --import files/GPG-KEY-puppetlabs
|
|
$SUDO rpm --import files/GPG-KEY-puppet
|
|
$SUDO bash -c "cat << EOF > /etc/yum.repos.d/puppetlabs.repo
|
|
[puppetlabs-products]
|
|
name=Puppet Labs Products El 7 - x86_64
|
|
baseurl=${NODEPOOL_PUPPETLABS_MIRROR}${PUPPET_YUM_SUFFIX}
|
|
gpgkey=file:///etc/pki/rpm-gpg/GPG-KEY-puppetlabs
|
|
file:///etc/pki/rpm-gpg/GPG-KEY-puppet
|
|
enabled=1
|
|
gpgcheck=1
|
|
EOF"
|
|
fi
|
|
$SUDO $YUM install -y ${PUPPET_PKG}
|
|
fi
|
|
}
|
|
|
|
function run_puppet() {
|
|
local manifest=$1
|
|
$SUDO $PUPPET_FULL_PATH apply $PUPPET_ARGS fixtures/${manifest}.pp
|
|
local res=$?
|
|
return $res
|
|
}
|
|
|
|
function catch_selinux_alerts() {
|
|
if is_fedora; then
|
|
$SUDO sealert -a /var/log/audit/audit.log
|
|
if $SUDO grep -iq 'type=AVC' /var/log/audit/audit.log; then
|
|
echo "AVC detected in /var/log/audit/audit.log"
|
|
source /etc/os-release
|
|
# TODO: figure why latest rabbitmq deployed with SSL tries to write in SSL pem file.
|
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1341738
|
|
if $SUDO grep -iqE 'denied.*system_r:rabbitmq_t' /var/log/audit/audit.log; then
|
|
echo "non-critical RabbitMQ AVC, ignoring it now."
|
|
# FIXME(ykarel) catch_selinux_alerts not work with non ssl scenarios(no rabbitmq alert),
|
|
# currently running all scenarios without ssl in Fedora and CentOS8,
|
|
# because glance,nova,mistral py3 has issues when running with eventlet + ssl:
|
|
# glance https://bugs.launchpad.net/glance/+bug/1769006
|
|
# nova https://bugs.launchpad.net/nova/+bug/1808975
|
|
# mistral https://bugs.launchpad.net/mistral/+bug/1808953
|
|
elif [ -f /etc/fedora-release ] || [[ "${REDHAT_SUPPORT_PRODUCT,,}" = "centos" && ${REDHAT_SUPPORT_PRODUCT_VERSION} = "8" ]]; then
|
|
echo "non ssl scenario, ignoring it now."
|
|
else
|
|
echo "Please file a bug on https://bugzilla.redhat.com/enter_bug.cgi?product=Red%20Hat%20OpenStack&component=openstack-selinux showing sealert output."
|
|
exit 1
|
|
fi
|
|
else
|
|
echo 'No AVC detected in /var/log/audit/audit.log'
|
|
fi
|
|
fi
|
|
}
|
|
|
|
function timestamp_puppet_log() {
|
|
$SUDO mv ${WORKSPACE}/puppet.log ${WORKSPACE}/puppet-$(date +%Y%m%d_%H%M%S).log
|
|
}
|
|
|
|
function catch_puppet_failures() {
|
|
$SUDO grep -wiE '(Error|\(err\))' ${WORKSPACE}/puppet.log
|
|
}
|