stackforge/puppet-openstack-cloud
Code Issues Proposed changes

Allow module to be deployed in a masterless way

Browse Source 
This commit aims to let the module being installed in a masterless way.
The bootstrap has been changed to not configure anymore puppetmaster.

Change-Id: I4506ac1f0afc01d2495fd06c68ad09d476d6f0ea
This commit is contained in:
Yanis Guenane
2015-01-23 04:35:20 -05:00
parent 4cc15bf362
commit 7c13ac4900
8 changed files with 107 additions and 393 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
manifests/install/puppetdb.pp → manifests/install/puppetdb/config.pp
View File

@@ -1,5 +1,5 @@
# #
# Copyright (C) 2014 eNovance SAS <licensing@enovance.com> # Copyright (C) 2015 eNovance SAS <licensing@enovance.com>
# #
# Licensed under the Apache License, Version 2.0 (the "License"); you may # Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain # not use this file except in compliance with the License. You may obtain
@@ -13,18 +13,12 @@
# License for the specific language governing permissions and limitations # License for the specific language governing permissions and limitations
# under the License. # under the License.
# #
# == Class: cloud::install::puppetdb # == Class: cloud::install::puppetdb::config
# #
# Configure the puppetdb server # Configure the puppetdb connection
# #
class cloud::install::puppetdb { class cloud::install::puppetdb::config {
exec { 'puppetdb ssl-setup' : include ::puppetdb::master::config
unless => 'stat /etc/puppetdb/ssl',
path => ['/bin', '/sbin', '/usr/bin', '/usr/sbin'],
before => Class['puppetdb::server'],
}
include ::puppetdb
} }

40
manifests/install/puppetdb/server.pp Normal file
View File

@@ -0,0 +1,40 @@
#
# Copyright (C) 2015 eNovance SAS <licensing@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: cloud::install::puppetdb::server
#
# Configure the puppetdb server
#
class cloud::install::puppetdb::server {
include ::puppetdb
include ::apache
apache::vhost { 'puppetdb' :
docroot => '/tmp',
ssl => true,
ssl_cert => '/etc/ssl/certs/puppetdb.pem',
port => '8081',
servername => $::fqdn,
proxy_pass => [
{
'path' => '/',
'url' => 'http://localhost:8080/'
}
],
require => Class['puppetdb'],
}
}

143
manifests/install/puppetmaster.pp
View File

@@ -1,143 +0,0 @@
#
# Copyright (C) 2014 eNovance SAS <licensing@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# == Class: cloud::install::puppetmaster
#
# Configure the puppet master on the install-server
#
# == Parameters:
#
# [*puppetmaster_package_name*]
# (optional) Name of the puppetmaster package name
# Default: cloud::params::puppetmaster_package_name
#
# [*puppetmaster_service_name*]
# (optional) Name of the puppetmaster service name
# Default: cloud::params::puppetmaster_service_name
#
# [*main_configuration*]
# (optional) Hash of ini settings to set in the main section of the configuration
# Default: {}
#
# [*agent_configuration*]
# (optional) Hash of ini settings to set in the agent section of the configuration
# Default: {}
#
# [*master_configuration*]
# (optional) Hash of ini settings to set in the master section of the configuration
# Default: {}
#
# [*puppetmaster_vhost_configuration*]
# (optional) Hash of vhost configuration for the puppetmaster vhost
# Default: {}
#
# [*puppetconf_path*]
# (optional) Path to the puppet master configuration file
# Default: /etc/puppet/puppet.conf
#
# [*puppetdb_enable*]
# (optional) Whether the configuration for puppetdb should be enabled
# Default: true
#
# [*autosign_domains*]
# (optional) Array of domain origin to be auto signed
# Default: empty
#
class cloud::install::puppetmaster (
$puppetmaster_package_name = $cloud::params::puppetmaster_package_name,
$puppetmaster_service_name = $cloud::params::puppetmaster_service_name,
$main_configuration = {},
$agent_configuration = {},
$master_configuration = {},
$puppetmaster_vhost_configuration = {},
$puppetconf_path = '/etc/puppet/puppet.conf',
$puppetdb_enable = true,
$autosign_domains = [],
) inherits cloud::params {
package { $puppetmaster_package_name :
ensure => present,
before => File['/usr/share/puppet/rack'],
} ->
service { $puppetmaster_service_name :
ensure => stopped,
hasstatus => true,
hasrestart => true,
} ->
exec { "puppet cert generate ${::fqdn}":
unless => "stat /var/lib/puppet/ssl/certs/${::fqdn}.pem",
path => ['/usr/bin', '/bin']
}
# TODO (spredzy): Dirty hack
# to have the package in the catalog
# so puppetlabs/apache won't try to install it
# and fail since it's not present on rhel7
if $::osfamily == 'RedHat' and $::operatingsystemmajrelease == 7 {
package { 'mod_passenger' :
ensure => absent,
before => Class['apache'],
}
}
# Create the proper passenger configuration
# Per https://docs.puppetlabs.com/guides/passenger.html
file {
'/usr/share/puppet/rack' :
ensure => directory;
'/usr/share/puppet/rack/puppetmasterd' :
ensure => directory;
'/usr/share/puppet/rack/puppetmasterd/public' :
ensure => directory;
'/usr/share/puppet/rack/puppetmasterd/tmp' :
ensure => directory;
'/usr/share/puppet/rack/puppetmasterd/config.ru' :
ensure => link,
owner => 'puppet',
group => 'puppet',
target => '/usr/share/puppet/ext/rack/config.ru';
}
class { 'hiera' :
datadir => '/etc/puppet/data',
hierarchy => [
'%{::type}/%{::fqdn}',
'%{::type}/common',
'common',
]
}
if $puppetdb_enable {
Class['::puppetdb::master::config'] ~> Service['httpd']
include ::puppetdb::master::config
}
include ::apache
create_resources('apache::vhost', $puppetmaster_vhost_configuration, { 'require' => "Exec[puppet cert generate ${::fqdn}]" })
create_resources('ini_setting', $main_configuration, { 'section' => 'main', 'path' => $puppetconf_path, 'require' => "Package[${puppetmaster_package_name}]", 'notify' => 'Service[httpd]' })
create_resources('ini_setting', $agent_configuration, { 'section' => 'agent', 'path' => $puppetconf_path, 'require' => "Package[${puppetmaster_package_name}]", 'notify' => 'Service[httpd]' })
create_resources('ini_setting', $master_configuration, { 'section' => 'master', 'path' => $puppetconf_path, 'require' => "Package[${puppetmaster_package_name}]", 'notify' => 'Service[httpd]' })
file { '/etc/puppet/autosign.conf' :
ensure => present,
owner => 'puppet',
group => 'puppet',
content => template('cloud/installserver/autosign.conf.erb'),
require => Package[$puppetmaster_package_name],
notify => Service['httpd'],
}
}

101
scripts/bootstrap.pp
View File

@@ -1,78 +1,29 @@
case $::osfamily { Class['hiera'] -> Class['apache']
'RedHat': {
augeas {'httpd-lang' : class { 'hiera' :
context => '/files/etc/sysconfig/httpd/', datadir => '/etc/puppet/data',
changes => 'set LANG en_US.UTF-8', hierarchy => [
notify => Service['httpd'], '%{::type}/%{::fqdn}',
require => Package['httpd'], '%{::type}/common',
} 'common',
} ]
'Debian': {
# Bug Puppet: https://tickets.puppetlabs.com/browse/PUP-1386
exec { 'echo \'. /etc/default/locale\' >> /etc/apache2/envvars' :
path => ['/bin', '/usr/bin'],
unless => 'grep \'^. /etc/default/locale$\' /etc/apache2/envvars',
notify => Service['httpd'],
require => Package['httpd'],
}
# Bug Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=736849
exec { 'echo \'umask 022\' >> /etc/apache2/envvars' :
path => ['/bin', '/usr/bin'],
unless => 'grep \'umask 022\' /etc/apache2/envvars',
notify => Service['httpd'],
require => Package['httpd'],
}
}
default: {
fail("Unsupported osfamily (${::osfamily})")
}
} }
class { 'cloud::install::puppetmaster' : class {'::apache' :
puppetdb_enable => false, purge_configs => false,
autosign_domains => ['*'], }
agent_configuration => { include 'apache::mod::wsgi'
'agent-ssl_client_header' => {
'setting' => 'ssl_client_header', apache::vhost { 'puppetdb' :
'value' => 'SSL_CLIENT_S_DN' docroot => '/tmp',
}, ssl => true,
'agent-ssl_client_verify_header' => { ssl_cert => '/etc/ssl/certs/puppetdb.pem',
'setting' => 'ssl_client_verify_header', port => '8081',
'value' => 'SSL_CLIENT_VERIFY' servername => $::fqdn,
}, proxy_pass => [
'agent-certname' => { {
'setting' => 'certname', 'path' => '/',
'value' => $::fqdn 'url' => 'http://localhost:8080/'
}, }
'agent-server' => { ]
'setting' => 'server',
'value' => $::fqdn
},
},
main_configuration => {
'main-configtimeout' => {
'setting' => 'configtimeout',
'value' => '10m'
},
},
puppetmaster_vhost_configuration => {
'puppetmasterd' => {
'docroot' => '/usr/share/puppet/rack/puppetmasterd/public',
'port' => 8140,
'ssl' => true,
'ssl_protocol' => 'ALL -SSLv2 -SSLv3',
'ssl_cipher' => 'ALL:!aNULL:!eNULL:!DES:!3DES:!IDEA:!SEED:!DSS:!PSK:!RC4:!MD5:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXP',
'ssl_honorcipherorder' => 'On',
'ssl_cert' => "/var/lib/puppet/ssl/certs/${::fqdn}.pem",
'ssl_key' => "/var/lib/puppet/ssl/private_keys/${::fqdn}.pem",
'ssl_chain' => '/var/lib/puppet/ssl/certs/ca.pem',
'ssl_ca' => '/var/lib/puppet/ssl/certs/ca.pem',
'ssl_verify_client' => 'optional',
'ssl_verify_depth' => 1,
'ssl_options' => ['+StdEnvVars', '+ExportCertData'],
'request_headers' => ['unset X-Forwarded-For', 'set X-SSL-Subject %{SSL_CLIENT_S_DN}e', 'set X-Client-DN %{SSL_CLIENT_S_DN}e', 'set X-Client-Verify %{SSL_CLIENT_VERIFY}e'],
'rack_base_uris' => '/',
'add_default_charset' => 'UTF-8',
}
}
} }

48
scripts/bootstrap_post_puppetdb.pp
View File

@@ -1,48 +0,0 @@
class { 'cloud::install::puppetmaster' :
puppetdb_enable => true,
autosign_domains => ['*'],
agent_configuration => {
'agent-ssl_client_header' => {
'setting' => 'ssl_client_header',
'value' => 'SSL_CLIENT_S_DN'
},
'agent-ssl_client_verify_header' => {
'setting' => 'ssl_client_verify_header',
'value' => 'SSL_CLIENT_VERIFY'
},
'agent-certname' => {
'setting' => 'certname',
'value' => $::fqdn
},
'agent-server' => {
'setting' => 'server',
'value' => $::fqdn
},
},
main_configuration => {
'main-configtimeout' => {
'setting' => 'configtimeout',
'value' => '10m'
},
},
puppetmaster_vhost_configuration => {
'puppetmasterd' => {
'docroot' => '/usr/share/puppet/rack/puppetmasterd/public',
'port' => 8140,
'ssl' => true,
'ssl_protocol' => 'ALL -SSLv2 -SSLv3',
'ssl_cipher' => 'ALL:!aNULL:!eNULL:!DES:!3DES:!IDEA:!SEED:!DSS:!PSK:!RC4:!MD5:+HIGH:+MEDIUM:!LOW:!SSLv2:!EXP',
'ssl_honorcipherorder' => 'On',
'ssl_cert' => "/var/lib/puppet/ssl/certs/${::fqdn}.pem",
'ssl_key' => "/var/lib/puppet/ssl/private_keys/${::fqdn}.pem",
'ssl_chain' => '/var/lib/puppet/ssl/certs/ca.pem',
'ssl_ca' => '/var/lib/puppet/ssl/certs/ca.pem',
'ssl_verify_client' => 'optional',
'ssl_verify_depth' => 1,
'ssl_options' => ['+StdEnvVars', '+ExportCertData'],
'request_headers' => ['unset X-Forwarded-For', 'set X-SSL-Subject %{SSL_CLIENT_S_DN}e', 'set X-Client-DN %{SSL_CLIENT_S_DN}e', 'set X-Client-Verify %{SSL_CLIENT_VERIFY}e'],
'rack_base_uris' => '/',
'add_default_charset' => 'UTF-8',
}
}
}

8
spec/classes/cloud_install_puppetdb_server.rb → spec/classes/cloud_install_puppetdb_config_spec.rb
View File

@@ -1,16 +1,15 @@
require 'spec_helper' require 'spec_helper'
describe 'cloud::install::puppetdb_server' do describe 'cloud::install::puppetdb::config' do
shared_examples_for 'puppetdb' do shared_examples_for 'puppetdb' do
it 'install puppetdb' do it 'configure puppetdb' do
is_exptected.to contain_class('puppetdb::server') is_expected.to contain_class('puppetdb::master::config')
end end
end end
context 'on Debian platforms' do context 'on Debian platforms' do
let :facts do let :facts do
{ :osfamily => 'Debian' } { :osfamily => 'Debian' }
@@ -23,6 +22,7 @@ describe 'cloud::install::puppetdb_server' do
let :facts do let :facts do
{ :osfamily => 'RedHat' } { :osfamily => 'RedHat' }
end end
it_configures 'puppetdb' it_configures 'puppetdb'
end end
end end

32
spec/classes/cloud_install_puppetdb_server_spec.rb Normal file
View File

@@ -0,0 +1,32 @@
require 'spec_helper'
describe 'cloud::install::puppetdb::server' do
shared_examples_for 'puppetdb' do
it 'install puppetdb' do
is_expected.to contain_class('puppetdb')
end
end
context 'on Debian platforms' do
let :facts do
{ :osfamily => 'Debian',
:operatingsystem => 'Debian',
:operatingsystemrelease => '7.4'}
end
it_configures 'puppetdb'
end
context 'on RedHat platforms' do
let :facts do
{ :osfamily => 'RedHat',
:operatingsystem => 'RedHat',
:operatingsystemrelease => '7.0'}
end
it_configures 'puppetdb'
end
end

112
spec/classes/cloud_install_puppetmaster.rb
View File

@@ -1,112 +0,0 @@
require 'spec_helper'
describe 'cloud::install::puppetmaster' do
shared_examples_for 'puppetmaster' do
let :params do
{ :puppetconf_path => '/etc/puppet/puppet.conf',
:main_configuration => {},
:agent_configuration => {
'certname' => { 'setting' => 'certname', 'value' => 'foo.bar' }
},
:master_configuration => {
'timeout' => { 'setting' => 'timeout', 'value' => '0' }
}}
end
it 'install puppetmaster package' do
is_expected.to contain_package(platform_params[:puppetmaster_package_name]).with({
:ensure => 'present',
})
end
it 'ensure puppetmaster is stopped' do
is_exptected.to contain_server(platform_params[:puppetmaster_service_name]).with({
:ensure => 'stopped',
:hasstatus => true,
:hasrestart => true,
})
end
it 'generate certificate if necessary' do
is_expected.to contain_exec('puppet cert generate node.example.com')
end
it 'install hiera' do
is_expected.to contain_class('hiera')
end
it 'configure the puppetdb settings of puppetmaster' do
is_exptected.to contain_class('puppetdb::master::config')
end
it 'configure the puppet master configuration file' do
is_expected.to contain_init_setting('certname').with(
:setting => 'certname',
:value => 'foo.bar',
:section => 'agent',
:path => '/etc/puppet/puppet.conf',
)
is_expected.to contain_init_setting('timeout').with(
:setting => 'timeout',
:value => '0',
:section => 'master',
:path => '/etc/puppet/puppet.conf',
)
end
it 'configure the autosign.conf' do
is_expected.to contain_file('/etc/puppet/autosign/conf').with({
:ensure => 'present',
:owner => 'puppet',
:group => 'puppet',
:conent => 'template(\'cloud/installserver/autosign.conf.erb\')',
})
end
end
context 'on Debian platforms' do
let :facts do
{ :osfamily => 'Debian',
:fqdn => 'node.example.com'
}
end
let :platform_params do
{ :puppetmaster_package_name => 'puppet-server',
:puppetmaster_service_name => 'puppetmaster',
}
end
it_configures 'puppetmaster'
end
context 'on RedHat platforms' do
let :facts do
{ :osfamily => 'RedHat',
:fqdn => 'node.example.com'
}
end
let :platform_params do
{ :puppetmaster_package_name => 'puppetmaster',
:puppetmaster_service_name => 'puppetmaster',
}
end
it_configures 'puppetmaster'
context 'on Maj Release 7' do
facts.merge!(:operatingsystemmajrelease => '7')
it 'ensure package mod_passenger is not installed' do
is_expected.to contain_package('mod_passenger').with({
:ensure => 'absent',
})
end
end
end
end