Pass sysadmins list into node defs.

Pass the sysadmins list into each node definition. This allows us to retrieve the data from hiera rather than hard coding it in the puppet manifests. Also, update test script to use bogus sysadmin data when testing. Change-Id: Ide3560f16bce4d66fb95cc5021fc879476e6a712 Reviewed-on: https://review.openstack.org/12512 Reviewed-by: James E. Blair <corvus@inaugust.com> Approved: Monty Taylor <mordred@inaugust.com> Reviewed-by: Monty Taylor <mordred@inaugust.com> Tested-by: Jenkins
2012-09-06 10:32:48 -07:00 · 2012-09-06 10:32:48 -07:00 · 94a7768dc3
commit 94a7768dc3
parent 1150793436
20 changed files with 136 additions and 73 deletions
--- a/manifests/site.pp
+++ b/manifests/site.pp
@ -3,7 +3,9 @@
 #
 node default {
  include openstack_project::puppet_cron
-  include openstack_project::server
+  class { 'openstack_project::server':
    sysadmins => hiera('sysadmins'),
  }
 }
 #
@ -16,6 +18,7 @@ node "review.openstack.org" {
    mysql_root_password => hiera('gerrit_mysql_root_password'),
    email_private_key => hiera('gerrit_email_private_key'),
    gerritbot_password => hiera('gerrit_gerritbot_password'),
    sysadmins => hiera('sysadmins'),
  }
 }
@ -24,7 +27,8 @@ node "gerrit-dev.openstack.org", "review-dev.openstack.org" {
    github_oauth_token => hiera('gerrit_dev_github_token'),
    mysql_password => hiera('gerrit_dev_mysql_password'),
    mysql_root_password => hiera('gerrit_dev_mysql_root_password'),
-    email_private_key => hiera('gerrit_dev_email_private_key')
+    email_private_key => hiera('gerrit_dev_email_private_key'),
    sysadmins => hiera('sysadmins'),
  }
 }
@ -38,20 +42,27 @@ node "jenkins.openstack.org" {
    jenkins_apikey => hiera('zuul_jenkins_apikey'),
    gerrit_server => 'review.openstack.org',
    gerrit_user => 'jenkins',
-    url_pattern => 'http://logs.openstack.org/{change.number}/{change.patchset}/{pipeline.name}/{job.name}/{build.number}'
+    url_pattern => 'http://logs.openstack.org/{change.number}/{change.patchset}/{pipeline.name}/{job.name}/{build.number}',
    sysadmins => hiera('sysadmins'),
  }
 }
 node "jenkins-dev.openstack.org" {
-  include openstack_project::jenkins_dev
+  class { 'openstack_project::jenkins_dev':
    sysadmins => hiera('sysadmins'),
  }
 }
 node "community.openstack.org" {
-  include openstack_project::community
+  class { 'openstack_project::community':
    sysadmins => hiera('sysadmins'),
  }
 }
 node "ci-puppetmaster.openstack.org" {
-  include openstack_project::puppetmaster
+  class { 'openstack_project::puppetmaster':
    sysadmins => hiera('sysadmins'),
  }
 }
 node "lists.openstack.org" {
@ -61,21 +72,28 @@ node "lists.openstack.org" {
 }
 node "paste.openstack.org" {
-  include openstack_project::paste
+  class { 'openstack_project::paste':
    sysadmins => hiera('sysadmins'),
  }
 }
 node "planet.openstack.org" {
-  include openstack_project::planet
+  class { 'openstack_project::planet':
    sysadmins => hiera('sysadmins'),
  }
 }
 node "eavesdrop.openstack.org" {
  class { 'openstack_project::eavesdrop':
    nickpass => hiera('openstack_meetbot_password'),
    sysadmins => hiera('sysadmins'),
  }
 }
 node "pypi.openstack.org" {
-  include openstack_project::pypi
+  class { 'openstack_project::pypi':
    sysadmins => hiera('sysadmins'),
  }
 }
 node 'etherpad.openstack.org' {
@ -83,12 +101,14 @@ node 'etherpad.openstack.org' {
    etherpad_crt => hiera('etherpad_crt'),
    etherpad_key => hiera('etherpad_key'),
    database_password => hiera('etherpad_db_password'),
    sysadmins => hiera('sysadmins'),
  }
 }
 node 'wiki.openstack.org' {
  class { 'openstack_project::wiki':
    mysql_root_password => hiera('wiki_db_password'),
    sysadmins => hiera('sysadmins'),
  }
 }
@ -96,12 +116,15 @@ node 'puppet-dashboard.openstack.org' {
  class { 'openstack_project::dashboard':
    password => hiera('dashboard_password'),
    mysql_password => hiera('dashboard_mysql_password'),
    sysadmins => hiera('sysadmins'),
  }
 }
 # A machine to serve static content.
 node 'static.openstack.org' {
-  include openstack_project::static
+  class { 'openstack_project::static':
    sysadmins => hiera('sysadmins'),
  }
 }
 # A bare machine, but with a jenkins user
@ -123,6 +146,7 @@ node /^precise.*\.slave\.openstack\.org$/ {
  include openstack_project::puppet_cron
  class { 'openstack_project::slave':
    certname => 'precise.slave.openstack.org',
    sysadmins => hiera('sysadmins'),
  }
  class { 'openstack_project::glancetest':
    s3_store_access_key => hiera('s3_store_access_key'),
@ -147,6 +171,7 @@ node /^oneiric.*\.slave\.openstack\.org$/ {
  include openstack_project::puppet_cron
  class { 'openstack_project::slave':
    certname => 'oneiric.slave.openstack.org',
    sysadmins => hiera('sysadmins'),
  }
  class { 'openstack_project::glancetest':
    s3_store_access_key => hiera('s3_store_access_key'),
--- a/modules/openstack_project/manifests/community.pp
+++ b/modules/openstack_project/manifests/community.pp
@ -1,6 +1,9 @@
-class openstack_project::community {
+class openstack_project::community (
  $sysadmins = []
 ) {
  class { 'openstack_project::server':
-    iptables_public_tcp_ports => [80, 443, 8099, 8080]
+    iptables_public_tcp_ports => [80, 443, 8099, 8080],
    sysadmins => $sysadmins
  }
  realize (
--- a/modules/openstack_project/manifests/dashboard.pp
+++ b/modules/openstack_project/manifests/dashboard.pp
@ -1,21 +1,24 @@
-class openstack_project::dashboard(
+class openstack_project::dashboard (
    $password,
-    $mysql_password) {
+    $mysql_password,
    $sysadmins = []
 ) {
-  class { 'openstack_project::template':
+  class { 'openstack_project::server':
-     iptables_public_tcp_ports => [80, 443, 3000]
+    iptables_public_tcp_ports => [80, 443, 3000],
    sysadmins => $sysadmins
  }
  class {'::dashboard':
-     dashboard_ensure          => 'present',
+    dashboard_ensure          => 'present',
-     dashboard_user            => 'www-data',
+    dashboard_user            => 'www-data',
-     dashboard_group           => 'www-data',
+    dashboard_group           => 'www-data',
-     dashboard_password        => $password,
+    dashboard_password        => $password,
-     dashboard_db              => 'dashboard_prod',
+    dashboard_db              => 'dashboard_prod',
-     dashboard_charset         => 'utf8',
+    dashboard_charset         => 'utf8',
-     dashboard_site            => $fqdn,
+    dashboard_site            => $fqdn,
-     dashboard_port            => '3000',
+    dashboard_port            => '3000',
-     mysql_root_pw             => $mysql_password,
+    mysql_root_pw             => $mysql_password,
-     passenger                 => true,
+    passenger                 => true,
  }
 }
--- a/modules/openstack_project/manifests/eavesdrop.pp
+++ b/modules/openstack_project/manifests/eavesdrop.pp
@ -1,7 +1,10 @@
-class openstack_project::eavesdrop($nickpass) {
+class openstack_project::eavesdrop (
  $nickpass,
  $sysadmins = []
 ) {
  class { 'openstack_project::server':
-
+    iptables_public_tcp_ports => [80],
-    iptables_public_tcp_ports => [80]
+    sysadmins => $sysadmins
  }
  include meetbot
--- a/modules/openstack_project/manifests/etherpad.pp
+++ b/modules/openstack_project/manifests/etherpad.pp
@ -1,9 +1,12 @@
-class openstack_project::etherpad(
+class openstack_project::etherpad (
  $etherpad_crt,
  $etherpad_key,
-  $database_password) {
+  $database_password,
  $sysadmins = []
 ) {
  class { 'openstack_project::server':
-    iptables_public_tcp_ports => [22, 80, 443]
+    iptables_public_tcp_ports => [22, 80, 443],
    sysadmins => $sysadmins
  }
  include etherpad_lite
--- a/modules/openstack_project/manifests/gerrit.pp
+++ b/modules/openstack_project/manifests/gerrit.pp
@ -32,9 +32,11 @@ class openstack_project::gerrit (
      $mysql_root_password,
      $email_private_key,
      $testmode=false,
      $sysadmins=[]
 ) {
  class { 'openstack_project::server':
-    iptables_public_tcp_ports => [80, 443, 29418]
+    iptables_public_tcp_ports => [80, 443, 29418],
    sysadmins => $sysadmins
  }
  class { '::gerrit':
--- a/modules/openstack_project/manifests/init.pp
+++ b/modules/openstack_project/manifests/init.pp
@ -2,11 +2,4 @@ class openstack_project {
  $jenkins_ssh_key = "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEAtioTW2wh3mBRuj+R0Jyb/mLt5sjJ8dEvYyA8zfur1dnqEt5uQNLacW4fHBDFWJoLHfhdfbvray5wWMAcIuGEiAA2WEH23YzgIbyArCSI+z7gB3SET8zgff25ukXlN+1mBSrKWxIza+tB3NU62WbtO6hmelwvSkZ3d7SDfHxrc4zEpmHDuMhxALl8e1idqYzNA+1EhZpbcaf720mX+KD3oszmY2lqD1OkKMquRSD0USXPGlH3HK11MTeCArKRHMgTdIlVeqvYH0v0Wd1w/8mbXgHxfGzMYS1Ej0fzzJ0PC5z5rOqsMqY1X2aC1KlHIFLAeSf4Cx0JNlSpYSrlZ/RoiQ== hudson@hudson\n"
  $sysadmins = [
    'corvus@inaugust.com',
    'mordred@inaugust.com',
    'andrew@linuxjedi.co.uk',
    'devananda.vdv@gmail.com',
    'clark.boylan@gmail.com'
    ]
 }
--- a/modules/openstack_project/manifests/jenkins.pp
+++ b/modules/openstack_project/manifests/jenkins.pp
@ -1,7 +1,11 @@
-class openstack_project::jenkins($jenkins_jobs_password) {
+class openstack_project::jenkins (
  $jenkins_jobs_password,
  $sysadmins = []
 ) {
  class { 'openstack_project::server':
-    iptables_public_tcp_ports => [80, 443, 4155]
+    iptables_public_tcp_ports => [80, 443, 4155],
    sysadmins => $sysadmins
  }
  class { '::jenkins::master':
--- a/modules/openstack_project/manifests/jenkins_dev.pp
+++ b/modules/openstack_project/manifests/jenkins_dev.pp
@ -1,6 +1,9 @@
-class openstack_project::jenkins_dev {
+class openstack_project::jenkins_dev (
  $sysadmins = []
 ) {
  class { 'openstack_project::server':
-    iptables_public_tcp_ports => [80, 443, 4155]
+    iptables_public_tcp_ports => [80, 443, 4155],
    sysadmins => $sysadmins
  }
  include bup
  bup::site { 'rs-ord':
--- a/modules/openstack_project/manifests/paste.pp
+++ b/modules/openstack_project/manifests/paste.pp
@ -1,6 +1,9 @@
-class openstack_project::paste {
+class openstack_project::paste (
  $sysadmins = []
 ) {
  class { 'openstack_project::server':
-    iptables_public_tcp_ports => [80]
+    iptables_public_tcp_ports => [80],
    sysadmins => $sysadmins
  }
  include lodgeit
  lodgeit::site { "openstack":
--- a/modules/openstack_project/manifests/planet.pp
+++ b/modules/openstack_project/manifests/planet.pp
@ -1,6 +1,9 @@
-class openstack_project::planet {
+class openstack_project::planet (
  $sysadmins = []
 ) {
  class { 'openstack_project::server':
-    iptables_public_tcp_ports => [80]
+    iptables_public_tcp_ports => [80],
    sysadmins => $sysadmins
  }
  include ::planet
--- a/modules/openstack_project/manifests/puppetmaster.pp
+++ b/modules/openstack_project/manifests/puppetmaster.pp
@ -1,6 +1,9 @@
-class openstack_project::puppetmaster {
+class openstack_project::puppetmaster (
  $sysadmins = []
 ) {
  class { 'openstack_project::server':
-    iptables_public_tcp_ports => [8140]
+    iptables_public_tcp_ports => [8140],
    sysadmins => $sysadmins
  }
  cron { "updatepuppetmaster":
    user => root,
--- a/modules/openstack_project/manifests/pypi.pp
+++ b/modules/openstack_project/manifests/pypi.pp
@ -1,7 +1,8 @@
-class openstack_project::pypi {
+class openstack_project::pypi (
  $sysadmins = []
 ) {
  include tmpreaper
  include unattended_upgrades
  include openstack_project
  # include jenkins slave so that build deps are there for the pip download
  class { 'jenkins::slave':
@ -10,7 +11,8 @@ class openstack_project::pypi {
  }
  class { 'openstack_project::server':
-    iptables_public_tcp_ports => [80]
+    iptables_public_tcp_ports => [80],
    sysadmins => $sysadmins
  }
  class { "pypimirror":
--- a/modules/openstack_project/manifests/review.pp
+++ b/modules/openstack_project/manifests/review.pp
@ -24,13 +24,14 @@
 # 12:08 <@spearce> to a method that accepts milliseconds
 # 12:09 <@spearce> so. you get 5 milliseconds before aborting
 # thus, set it to 5000minutes until the bug is fixed.
-class openstack_project::review(
+class openstack_project::review (
  $github_oauth_token,
  $mysql_password,
  $mysql_root_password,
  $email_private_key,
-  $gerritbot_password) {
+  $gerritbot_password,
-  include openstack_project
+  $sysadmins = []
 ) {
  class { 'openstack_project::gerrit':
    ssl_cert_file => '/etc/ssl/certs/review.openstack.org.pem',
    ssl_key_file => '/etc/ssl/private/review.openstack.org.key',
@ -53,6 +54,7 @@ class openstack_project::review(
    mysql_password => $mysql_password,
    mysql_root_password => $mysql_root_password,
    email_private_key => $email_private_key,
    sysadmins => $sysadmins
  }
  class { 'gerritbot':
    nick => 'openstackgerrit',
--- a/modules/openstack_project/manifests/review_dev.pp
+++ b/modules/openstack_project/manifests/review_dev.pp
@ -1,8 +1,10 @@
-class openstack_project::review_dev(
+class openstack_project::review_dev (
  $github_oauth_token,
  $mysql_password,
  $mysql_root_password,
-  $email_private_key) {
+  $email_private_key,
  $sysadmins = []
 ) {
  class { 'openstack_project::gerrit':
    vhost_name => 'review-dev.openstack.org',
    canonicalweburl => "https://review-dev.openstack.org/",
@ -20,6 +22,7 @@ class openstack_project::review_dev(
    mysql_password => $mysql_password,
    mysql_root_password => $mysql_root_password,
    email_private_key => $email_private_key,
    sysadmins => $sysadmins
  }
  file { '/var/log/gerrit_user_sync':
--- a/modules/openstack_project/manifests/server.pp
+++ b/modules/openstack_project/manifests/server.pp
@ -1,14 +1,14 @@
 # A server that we expect to run for some time
 class openstack_project::server (
  $iptables_public_tcp_ports = [],
-  $certname=$fqdn
+  $sysadmins                 = [],
-  ) {
+  $certname                  = $fqdn
-  include openstack_project
+) {
  class { 'openstack_project::template':
    iptables_public_tcp_ports => $iptables_public_tcp_ports,
    certname => $certname,
  }
  class { 'exim':
-    sysadmin => $openstack_project::sysadmins
+    sysadmin => $sysadmins
  }
 }
--- a/modules/openstack_project/manifests/slave.pp
+++ b/modules/openstack_project/manifests/slave.pp
@ -1,16 +1,16 @@
-class openstack_project::slave(
+class openstack_project::slave (
-  $certname=$fqdn
+  $certname=$fqdn,
-  ) {
+  $sysadmins=[]
 ) {
  include openstack_project
  include tmpreaper
  include unattended_upgrades
  class { 'openstack_project::server':
    iptables_public_tcp_ports => [],
    certname => $certname,
    sysadmins => $sysadmins
  }
  class { 'jenkins::slave':
    ssh_key => $openstack_project::jenkins_ssh_key
  }
 }
--- a/modules/openstack_project/manifests/static.pp
+++ b/modules/openstack_project/manifests/static.pp
@ -1,7 +1,10 @@
-class openstack_project::static() {
+class openstack_project::static (
  $sysadmins = []
 ) {
  class { 'openstack_project::server':
-    iptables_public_tcp_ports => [22, 80, 443]
+    iptables_public_tcp_ports => [22, 80, 443],
    sysadmins => $sysadmins
  }
  class { 'jenkins::jenkinsuser':
--- a/modules/openstack_project/manifests/wiki.pp
+++ b/modules/openstack_project/manifests/wiki.pp
@ -1,10 +1,14 @@
-class openstack_project::wiki($mysql_root_password) {
+class openstack_project::wiki (
  $mysql_root_password,
  $sysadmins = []
 ) {
  include openssl
  include subversion
  class { 'openstack_project::server':
-    iptables_public_tcp_ports => [80, 443]
+    iptables_public_tcp_ports => [80, 443],
    sysadmins => $sysadmins
  }
  realize (
--- a/test.sh
+++ b/test.sh
@ -9,6 +9,7 @@ fi
 csplit -sf applytest/puppetapplytest manifests/site.pp '/^$/' {*}
 sed -i -e 's/^[^[:space:]]/#&/g' applytest/puppetapplytest*
 sed -i -e 's/hiera..sysadmins../["admin"]/' applytest/puppetapplytest*
 sed -i -e 's/hiera..listadmins../["admin"]/' applytest/puppetapplytest*
 sed -i -e 's/hiera.*/PASSWORD,/' applytest/puppetapplytest*
 for f in `find applytest -name 'puppetapplytest*' -print` ; do