From 1216c7db20e0691410cbc464b868e27b2a65b54e Mon Sep 17 00:00:00 2001 From: Spencer Krum Date: Mon, 9 Mar 2015 18:49:13 -0700 Subject: [PATCH] Refactor o_p::base into o_p::template From spec: http://specs.openstack.org/openstack-infra/infra-specs/specs/server_base_template_refactor.html This flattens openstack_project::base into o_p::template. It does not modify o_p::server. It also adds some delimiting sections as comments, and refactors some if/case statements where it makes sense. Change-Id: I95a7aa168c16f10c63723ead28504038a9845ce2 Story: 2000172 --- modules/openstack_project/manifests/base.pp | 208 ----------- .../openstack_project/manifests/puppetdb.pp | 2 +- .../openstack_project/manifests/template.pp | 338 +++++++++++++++--- 3 files changed, 280 insertions(+), 268 deletions(-) delete mode 100644 modules/openstack_project/manifests/base.pp diff --git a/modules/openstack_project/manifests/base.pp b/modules/openstack_project/manifests/base.pp deleted file mode 100644 index dd88ac5855..0000000000 --- a/modules/openstack_project/manifests/base.pp +++ /dev/null @@ -1,208 +0,0 @@ -# == Class: openstack_project::base -# -class openstack_project::base( - $certname = $::fqdn, - $install_users = true, - $pin_puppet = '3.', - $ca_server = undef, - $puppetmaster_server = 'puppetmaster.openstack.org', -) { - if ($::osfamily == 'Debian') { - include apt - } - include openstack_project::params - include openstack_project::users - include sudoers - - case $pin_puppet { - '2.7.': { - $pin_facter = '1.' - $pin_puppetdb = '1.' - } - /^3\./: { - $pin_facter = '2.' - $pin_puppetdb = '2.' - } - default: { - fail("Puppet version not supported") - } - } - - file { '/etc/profile.d/Z98-byobu.sh': - ensure => absent, - } - - package { 'popularity-contest': - ensure => absent, - } - - package { 'git': - ensure => present, - } - - if ($::operatingsystem == 'Fedora') { - - package { 'hiera': - ensure => latest, - provider => 'gem', - } - - exec { 'symlink hiera modules' : - command => 'ln -s /usr/local/share/gems/gems/hiera-puppet-* /etc/puppet/modules/', - path => '/bin:/usr/bin', - subscribe => Package['hiera'], - refreshonly => true, - } - - } - - package { $::openstack_project::params::packages: - ensure => present - } - - include pip - - package { 'virtualenv': - ensure => latest, - provider => pip, - require => Class['pip'], - } - file { '/etc/pip.conf': - owner => 'root', - group => 'root', - mode => '0444', - source => 'puppet:///modules/openstack_project/pip.conf', - replace => true, - } - - if ($install_users) { - package { $::openstack_project::params::user_packages: - ensure => present - } - - realize ( - User::Virtual::Localuser['mordred'], - User::Virtual::Localuser['corvus'], - User::Virtual::Localuser['clarkb'], - User::Virtual::Localuser['fungi'], - User::Virtual::Localuser['slukjanov'], - User::Virtual::Localuser['elizabeth'], - ) - } - - if ! defined(File['/root/.ssh']) { - file { '/root/.ssh': - ensure => directory, - mode => '0700', - } - } - - ssh_authorized_key { 'puppet-remote-2014-04-17': - ensure => absent, - user => 'root', - } - ssh_authorized_key { 'puppet-remote-2014-05-24': - ensure => absent, - user => 'root', - } - ssh_authorized_key { 'puppet-remote-2014-09-11': - ensure => absent, - user => 'root', - } - - ssh_authorized_key { 'puppet-remote-2014-09-15': - ensure => present, - user => 'root', - type => 'ssh-rsa', - key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDSLlN41ftgxkNeUi/kATYPwMPjJdMaSbgokSb9PSkRPZE7GeNai60BCfhu+ky8h5eMe70Bpwb7mQ7GAtHGXPNU1SRBPhMuVN9EYrQbt5KSiwuiTXtQHsWyYrSKtB+XGbl2PhpMQ/TPVtFoL5usxu/MYaakVkCEbt5IbPYNg88/NKPixicJuhi0qsd+l1X1zoc1+Fn87PlwMoIgfLIktwaL8hw9mzqr+pPcDIjCFQQWnjqJVEObOcMstBT20XwKj/ymiH+6p123nnlIHilACJzXhmIZIZO+EGkNF7KyXpcBSfv9efPI+VCE2TOv/scJFdEHtDFkl2kdUBYPC0wQ92rp', - options => [ - 'from="puppetmaster.openstack.org"', - ], - require => File['/root/.ssh'], - } - ssh_authorized_key { '/root/.ssh/authorized_keys': - ensure => absent, - user => 'root', - } - - # Which Puppet do I take? - # Take $puppet_version and pin to that version - if ($::osfamily == 'Debian') { - apt::source { 'puppetlabs': - location => 'http://apt.puppetlabs.com', - repos => 'main', - key => '4BD6EC30', - key_server => 'pgp.mit.edu', - } - - file { '/etc/apt/apt.conf.d/80retry': - owner => 'root', - group => 'root', - mode => '0444', - source => 'puppet:///modules/openstack_project/80retry', - replace => true, - } - - file { '/etc/apt/apt.conf.d/90no-translations': - owner => 'root', - group => 'root', - mode => '0444', - source => 'puppet:///modules/openstack_project/90no-translations', - replace => true, - } - - file { '/etc/apt/preferences.d/00-puppet.pref': - ensure => present, - owner => 'root', - group => 'root', - mode => '0444', - content => template('openstack_project/00-puppet.pref.erb'), - replace => true, - } - - file { '/etc/default/puppet': - ensure => present, - owner => 'root', - group => 'root', - mode => '0444', - source => 'puppet:///modules/openstack_project/puppet.default', - replace => true, - } - - } - - if ($::operatingsystem == 'CentOS') { - file { '/etc/yum.repos.d/puppetlabs.repo': - ensure => present, - owner => 'root', - group => 'root', - mode => '0444', - source => 'puppet:///modules/openstack_project/centos-puppetlabs.repo', - replace => true, - } - file { '/etc/yum.conf': - ensure => present, - owner => 'root', - group => 'root', - mode => '0444', - source => 'puppet:///modules/openstack_project/yum.conf', - replace => true, - } - } - - $puppet_version = $pin_puppet - file { '/etc/puppet/puppet.conf': - ensure => present, - owner => 'root', - group => 'root', - mode => '0444', - content => template('openstack_project/puppet.conf.erb'), - replace => true, - } - - service { 'puppet': - ensure => stopped, - } -} - -# vim:sw=2:ts=2:expandtab:textwidth=79 diff --git a/modules/openstack_project/manifests/puppetdb.pp b/modules/openstack_project/manifests/puppetdb.pp index 6ce9bbbb9d..078986d9d3 100644 --- a/modules/openstack_project/manifests/puppetdb.pp +++ b/modules/openstack_project/manifests/puppetdb.pp @@ -33,7 +33,7 @@ class openstack_project::puppetdb ( class { 'puppetdb::database::postgresql': require => [User['postgres'], - Class['openstack_project::base'],], + Class['openstack_project::template'],], } class { '::puppetdb::server': diff --git a/modules/openstack_project/manifests/template.pp b/modules/openstack_project/manifests/template.pp index f858fbc210..d01cf393c5 100644 --- a/modules/openstack_project/manifests/template.pp +++ b/modules/openstack_project/manifests/template.pp @@ -17,9 +17,29 @@ class openstack_project::template ( $afs = false, $puppetmaster_server = 'puppetmaster.openstack.org', ) { + + ########################################################### + # Classes for all hosts + include ntp - include ssh include snmpd + include ssh + include sudoers + + include openstack_project::params + include openstack_project::users + + class { 'iptables': + public_tcp_ports => $iptables_public_tcp_ports, + public_udp_ports => $all_udp, + rules4 => $iptables_rules4, + rules6 => $iptables_rules6, + } + + + ########################################################### + # Process if ( $high_level_directive ) blocks + if $automatic_upgrades == true { class { 'openstack_project::automatic_upgrades': origins => ["Puppetlabs:${lsbdistcodename}"], @@ -43,35 +63,10 @@ class openstack_project::template ( $all_udp = $iptables_public_udp_ports } - class { 'iptables': - public_tcp_ports => $iptables_public_tcp_ports, - public_udp_ports => $all_udp, - rules4 => $iptables_rules4, - rules6 => $iptables_rules6, - } - - class { 'openstack_project::base': - install_users => $install_users, - certname => $certname, - pin_puppet => $pin_puppet, - ca_server => $ca_server, - puppetmaster_server => $puppetmaster_server, - } - - package { 'lvm2': - ensure => present, - } - - package { 'strace': - ensure => present, - } - - package { 'tcpdump': - ensure => present, - } - - package { 'rsyslog': - ensure => present, + if ($install_users) { + package { $::openstack_project::params::user_packages: + ensure => present + } } if ($enable_unbound) { @@ -80,31 +75,6 @@ class openstack_project::template ( } } - if $::osfamily == 'Debian' { - # Make sure dig is installed - package { 'dnsutils': - ensure => present, - } - - # Custom rsyslog config to disable /dev/xconsole noise on Debuntu servers - file { '/etc/rsyslog.d/50-default.conf': - ensure => present, - owner => 'root', - group => 'root', - mode => '0644', - source => - 'puppet:///modules/openstack_project/rsyslog.d_50-default.conf', - replace => true, - notify => $rsyslog_notify, - } - - # Ubuntu installs their whoopsie package by default, but it eats through - # memory and we don't need it on servers - package { 'whoopsie': - ensure => absent, - } - } - if ($::in_chroot) { notify { 'rsyslog in chroot': message => 'rsyslog not refreshed, running in chroot', @@ -120,6 +90,9 @@ class openstack_project::template ( $rsyslog_notify = [ Service['rsyslog'] ] } + ########################################################### + # System tweaks + # Increase syslog message size in order to capture # python tracebacks with syslog. file { '/etc/rsyslog.d/99-maxsize.conf': @@ -132,10 +105,257 @@ class openstack_project::template ( notify => $rsyslog_notify, } - if ($::osfamily == 'RedHat') { - # Make sure dig is installed - package { 'bind-utils': - ensure => present, + # We don't like byobu + file { '/etc/profile.d/Z98-byobu.sh': + ensure => absent, + } + + if $::osfamily == 'Debian' { + + # Custom rsyslog config to disable /dev/xconsole noise on Debuntu servers + file { '/etc/rsyslog.d/50-default.conf': + ensure => present, + owner => 'root', + group => 'root', + mode => '0644', + source => + 'puppet:///modules/openstack_project/rsyslog.d_50-default.conf', + replace => true, + notify => $rsyslog_notify, + } + + # Ubuntu installs their whoopsie package by default, but it eats through + # memory and we don't need it on servers + package { 'whoopsie': + ensure => absent, + } + + package { 'popularity-contest': + ensure => absent, } } + + ########################################################### + # Package resources for all operating systems + + package { 'lvm2': + ensure => present, + } + + package { 'strace': + ensure => present, + } + + package { 'tcpdump': + ensure => present, + } + + package { 'rsyslog': + ensure => present, + } + + package { 'git': + ensure => present, + } + + package { $::openstack_project::params::packages: + ensure => present + } + + ########################################################### + # Package resources for specific operating systems + + case $::osfamily { + 'Debian': { + include apt + + # Make sure dig is installed + package { 'dnsutils': + ensure => present, + } + } + 'RedHat': { + # Make sure dig is installed + package { 'bind-utils': + ensure => present, + } + } + } + + ########################################################### + # Manage python/pip + + include pip + $desired_virtualenv = '1.11.4' + + if (( versioncmp($::virtualenv_version, $desired_virtualenv) < 0 )) { + $virtualenv_ensure = $desired_virtualenv + } else { + $virtualenv_ensure = present + } + package { 'virtualenv': + ensure => $virtualenv_ensure, + provider => pip, + require => Class['pip'], + } + file { '/etc/pip.conf': + owner => 'root', + group => 'root', + mode => '0444', + source => 'puppet:///modules/openstack_project/pip.conf', + replace => true, + } + + ########################################################### + # Manage Root ssh + + if ! defined(File['/root/.ssh']) { + file { '/root/.ssh': + ensure => directory, + mode => '0700', + } + } + + ssh_authorized_key { 'puppet-remote-2014-04-17': + ensure => absent, + user => 'root', + } + ssh_authorized_key { 'puppet-remote-2014-05-24': + ensure => absent, + user => 'root', + } + ssh_authorized_key { 'puppet-remote-2014-09-11': + ensure => absent, + user => 'root', + } + + ssh_authorized_key { 'puppet-remote-2014-09-15': + ensure => present, + user => 'root', + type => 'ssh-rsa', + key => 'AAAAB3NzaC1yc2EAAAADAQABAAABAQDSLlN41ftgxkNeUi/kATYPwMPjJdMaSbgokSb9PSkRPZE7GeNai60BCfhu+ky8h5eMe70Bpwb7mQ7GAtHGXPNU1SRBPhMuVN9EYrQbt5KSiwuiTXtQHsWyYrSKtB+XGbl2PhpMQ/TPVtFoL5usxu/MYaakVkCEbt5IbPYNg88/NKPixicJuhi0qsd+l1X1zoc1+Fn87PlwMoIgfLIktwaL8hw9mzqr+pPcDIjCFQQWnjqJVEObOcMstBT20XwKj/ymiH+6p123nnlIHilACJzXhmIZIZO+EGkNF7KyXpcBSfv9efPI+VCE2TOv/scJFdEHtDFkl2kdUBYPC0wQ92rp', + options => [ + 'from="puppetmaster.openstack.org"', + ], + require => File['/root/.ssh'], + } + ssh_authorized_key { '/root/.ssh/authorized_keys': + ensure => absent, + user => 'root', + } + + ########################################################### + # Manage Puppet + # possible TODO: break this into openstack_project::puppet + + case $pin_puppet { + '2.7.': { + $pin_facter = '1.' + $pin_puppetdb = '1.' + } + /^3\./: { + $pin_facter = '2.' + $pin_puppetdb = '2.' + } + default: { + fail("Puppet version not supported") + } + } + + if ($::operatingsystem == 'Fedora') { + + package { 'hiera': + ensure => latest, + provider => 'gem', + } + + exec { 'symlink hiera modules' : + command => 'ln -s /usr/local/share/gems/gems/hiera-puppet-* /etc/puppet/modules/', + path => '/bin:/usr/bin', + subscribe => Package['hiera'], + refreshonly => true, + } + + } + + # Which Puppet do I take? + # Take $puppet_version and pin to that version + if ($::osfamily == 'Debian') { + apt::source { 'puppetlabs': + location => 'http://apt.puppetlabs.com', + repos => 'main', + key => '4BD6EC30', + key_server => 'pgp.mit.edu', + } + + file { '/etc/apt/apt.conf.d/80retry': + owner => 'root', + group => 'root', + mode => '0444', + source => 'puppet:///modules/openstack_project/80retry', + replace => true, + } + + file { '/etc/apt/apt.conf.d/90no-translations': + owner => 'root', + group => 'root', + mode => '0444', + source => 'puppet:///modules/openstack_project/90no-translations', + replace => true, + } + + file { '/etc/apt/preferences.d/00-puppet.pref': + ensure => present, + owner => 'root', + group => 'root', + mode => '0444', + content => template('openstack_project/00-puppet.pref.erb'), + replace => true, + } + + file { '/etc/default/puppet': + ensure => present, + owner => 'root', + group => 'root', + mode => '0444', + source => 'puppet:///modules/openstack_project/puppet.default', + replace => true, + } + + } + + if ($::operatingsystem == 'CentOS') { + file { '/etc/yum.repos.d/puppetlabs.repo': + ensure => present, + owner => 'root', + group => 'root', + mode => '0444', + source => 'puppet:///modules/openstack_project/centos-puppetlabs.repo', + replace => true, + } + file { '/etc/yum.conf': + ensure => present, + owner => 'root', + group => 'root', + mode => '0444', + source => 'puppet:///modules/openstack_project/yum.conf', + replace => true, + } + } + + $puppet_version = $pin_puppet + file { '/etc/puppet/puppet.conf': + ensure => present, + owner => 'root', + group => 'root', + mode => '0444', + content => template('openstack_project/puppet.conf.erb'), + replace => true, + } + + service { 'puppet': + ensure => stopped, + } + ########################################################### + }