From 07d8b0ff24c4bb35c52759eb3a868b4bb6462c32 Mon Sep 17 00:00:00 2001
From: Clark Boylan <clark.boylan@gmail.com>
Date: Wed, 10 Sep 2014 13:46:17 -0700
Subject: [PATCH] Make ansible speak to appropriate puppetmaster

With split puppet master infrastructure ansible needs to be told which
puppetmaster to talk to. Do this by making puppetmaster a required
argument to the puppet ansible playbook.

Since we can't rely on the cert listing while this is happening also add
puppet master specific host list files which can be used to specify
which hosts talk to which puppetmaster via the new ansible playbook
feature.

Change-Id: I412c2bd6cb390d00d1b9d0e4630e75776edabbb9
---
 .../files/library/config_management/puppet    |  5 ++++-
 modules/ansible/manifests/init.pp             |  9 ++++++--
 .../ansible.cfg => templates/ansible.cfg.erb} |  2 +-
 .../files/ansible/remote_puppet2.yaml         | 14 ++++++++++++
 ...remote_puppet.yaml => remote_puppet3.yaml} |  6 ++---
 .../manifests/puppetmaster.pp                 | 22 +++++++++++++++++--
 6 files changed, 49 insertions(+), 9 deletions(-)
 rename modules/ansible/{files/ansible.cfg => templates/ansible.cfg.erb} (68%)
 create mode 100644 modules/openstack_project/files/ansible/remote_puppet2.yaml
 rename modules/openstack_project/files/ansible/{remote_puppet.yaml => remote_puppet3.yaml} (51%)

diff --git a/modules/ansible/files/library/config_management/puppet b/modules/ansible/files/library/config_management/puppet
index 763454bfac..0b429c4ae8 100644
--- a/modules/ansible/files/library/config_management/puppet
+++ b/modules/ansible/files/library/config_management/puppet
@@ -53,6 +53,7 @@ def main():
     module = AnsibleModule(
         argument_spec=dict(
             timeout=dict(default="30m"),
+            puppetmaster=dict(required=True),
             show_diff=dict(
                 default=False, aliases=['show-diff'], type='bool'),
         ),
@@ -67,9 +68,11 @@ def main():
             msg="Could not find puppet. Please ensure it is installed.")
 
     cmd = ("timeout -s 9 %(timeout)s %(puppet_cmd)s agent --onetime"
+           " --server %(puppetmaster)s"
            " --ignorecache --no-daemonize --no-usecacheonfailure --no-splay"
            " --detailed-exitcodes --verbose") % dict(
-               timeout=pipes.quote(p['timeout']), puppet_cmd=PUPPET_CMD)
+               timeout=pipes.quote(p['timeout']), puppet_cmd=PUPPET_CMD,
+               puppetmaster=pipes.quote(p['puppetmaster']))
     if p['show_diff']:
         cmd += " --show-diff"
     rc, stdout, stderr = module.run_command(cmd)
diff --git a/modules/ansible/manifests/init.pp b/modules/ansible/manifests/init.pp
index 409bf5794f..fea6db3d1d 100644
--- a/modules/ansible/manifests/init.pp
+++ b/modules/ansible/manifests/init.pp
@@ -1,6 +1,8 @@
 # == Class: ansible
 #
-class ansible {
+class ansible (
+  $ansible_hostfile = '/usr/local/bin/puppet-inventory'
+) {
 
   include logrotate
   include pip
@@ -18,7 +20,10 @@ class ansible {
 
   file { '/etc/ansible/ansible.cfg':
     ensure  => present,
-    source  => 'puppet:///modules/ansible/ansible.cfg',
+    mode   => '0644',
+    owner  => 'root',
+    group  => 'root',
+    content => template('ansible/ansible.cfg.erb'),
     require => File['/etc/ansible'],
   }
 
diff --git a/modules/ansible/files/ansible.cfg b/modules/ansible/templates/ansible.cfg.erb
similarity index 68%
rename from modules/ansible/files/ansible.cfg
rename to modules/ansible/templates/ansible.cfg.erb
index 1f0319c8e4..94fd27c47d 100644
--- a/modules/ansible/files/ansible.cfg
+++ b/modules/ansible/templates/ansible.cfg.erb
@@ -1,4 +1,4 @@
 [defaults]
-hostfile=/usr/local/bin/puppet-inventory
+hostfile=<%= @ansible_hostfile %>
 library=/usr/share/ansible:/etc/ansible/library
 log_path=/var/log/ansible.log
diff --git a/modules/openstack_project/files/ansible/remote_puppet2.yaml b/modules/openstack_project/files/ansible/remote_puppet2.yaml
new file mode 100644
index 0000000000..0af830441e
--- /dev/null
+++ b/modules/openstack_project/files/ansible/remote_puppet2.yaml
@@ -0,0 +1,14 @@
+---
+- hosts: git0*
+  gather_facts: false
+  max_fail_percentage: 1
+  roles:
+    - { role: puppet, puppetmaster: ci-puppetmaster.openstack.org }
+- hosts: review.openstack.org
+  gather_facts: false
+  roles:
+    - { role: puppet, puppetmaster: ci-puppetmaster.openstack.org }
+- hosts: "!review.openstack.org:!git0*"
+  gather_facts: false
+  roles:
+    - { role: puppet, puppetmaster: ci-puppetmaster.openstack.org }
diff --git a/modules/openstack_project/files/ansible/remote_puppet.yaml b/modules/openstack_project/files/ansible/remote_puppet3.yaml
similarity index 51%
rename from modules/openstack_project/files/ansible/remote_puppet.yaml
rename to modules/openstack_project/files/ansible/remote_puppet3.yaml
index 82accf163f..2bf9285274 100644
--- a/modules/openstack_project/files/ansible/remote_puppet.yaml
+++ b/modules/openstack_project/files/ansible/remote_puppet3.yaml
@@ -3,12 +3,12 @@
   gather_facts: false
   max_fail_percentage: 1
   roles:
-    - puppet
+    - { role: puppet, puppetmaster: puppetmaster.openstack.org }
 - hosts: review.openstack.org
   gather_facts: false
   roles:
-    - puppet
+    - { role: puppet, puppetmaster: puppetmaster.openstack.org }
 - hosts: "!review.openstack.org:!git0*"
   gather_facts: false
   roles:
-    - puppet
+    - { role: puppet, puppetmaster: puppetmaster.openstack.org }
diff --git a/modules/openstack_project/manifests/puppetmaster.pp b/modules/openstack_project/manifests/puppetmaster.pp
index f84f23cf7c..78808c84a1 100644
--- a/modules/openstack_project/manifests/puppetmaster.pp
+++ b/modules/openstack_project/manifests/puppetmaster.pp
@@ -9,7 +9,6 @@ class openstack_project::puppetmaster (
   $puppetdb = true,
   $puppetdb_server = 'puppetdb.openstack.org',
 ) {
-  include ansible
   include logrotate
   include openstack_project::params
 
@@ -20,6 +19,25 @@ class openstack_project::puppetmaster (
     ca_server                 => $ca_server,
   }
 
+  if ($version == '2.7.'){
+    $ansible_remote_puppet_source = 'puppet:///modules/openstack_project/ansible/remote_puppet2.yaml'
+  }
+  else {
+    $ansible_remote_puppet_source = 'puppet:///modules/openstack_project/ansible/remote_puppet3.yaml'
+  }
+
+  class { 'ansible':
+    ansible_hostfile => '/etc/ansible/hostfile',
+  }
+
+  file { '/etc/ansible/hostfile':
+    ensure  => present,
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0644',
+    require => Class['ansible'],
+  }
+
   if ($update_slave) {
     $cron_command = 'bash /opt/config/production/run_all.sh'
     logrotate::file { 'updatepuppetmaster':
@@ -123,7 +141,7 @@ class openstack_project::puppetmaster (
 #
   file { '/etc/ansible/remote_puppet.yaml':
     ensure  => present,
-    source  => 'puppet:///modules/openstack_project/ansible/remote_puppet.yaml',
+    source  => $ansible_remote_puppet_source,
     require => Class[ansible],
   }