From ea17fc43a6f0bd40b1ad4221e528f1fd24bf4834 Mon Sep 17 00:00:00 2001
From: Michael Krotscheck <krotscheck@gmail.com>
Date: Wed, 27 Jan 2016 05:51:36 -0800
Subject: [PATCH] Added afs to wheel mirror slaves
This removes the SSH keys from the wheel mirror slaves, and
replaces them with the AFS share. It does not yet add afs
credentials. As we have not yet provisioned our wheel slaves,
no manual updates of the servers should be required.
Hiera keys for the previous approach should be removed.
Change-Id: Ifebf5d53d80e934674704078f7dd675f77aef5aa
---
manifests/site.pp | 10 ------
modules/openstack_project/manifests/slave.pp | 2 ++
.../manifests/wheel_mirror_slave.pp | 35 ++-----------------
3 files changed, 4 insertions(+), 43 deletions(-)
diff --git a/manifests/site.pp b/manifests/site.pp
index bec70d39db..f4fdad9b33 100644
--- a/manifests/site.pp
+++ b/manifests/site.pp
@@ -1139,16 +1139,6 @@ node /.*wheel-mirror-.*\.openstack\.org/ {
class { 'openstack_project::wheel_mirror_slave':
sysadmins => hiera('sysadmins', []),
jenkins_ssh_public_key => $openstack_project::jenkins_ssh_key,
- pypi_mirror_bhs1_host_key => hiera('pypi_mirror_bhs1_host_key'),
- pypi_mirror_dfw_host_key => hiera('pypi_mirror_dfw_host_key'),
- pypi_mirror_gra1_host_key => hiera('pypi_mirror_gra1_host_key'),
- pypi_mirror_iad_host_key => hiera('pypi_mirror_iad_host_key'),
- pypi_mirror_nyj01_host_key => hiera('pypi_mirror_nyj01_host_key'),
- pypi_mirror_ord_host_key => hiera('pypi_mirror_ord_host_key'),
- pypi_mirror_hp1_host_key => hiera('pypi_mirror_hp1_host_key'),
- pypi_mirror_regionone_host_key => hiera('pypi_mirror_regionone_host_key'),
- wheel_mirror_ssh_public_key => hiera('wheel_mirror_ssh_public_key_contents'),
- wheel_mirror_ssh_private_key => hiera('wheel_mirror_ssh_private_key_contents'),
}
}
diff --git a/modules/openstack_project/manifests/slave.pp b/modules/openstack_project/manifests/slave.pp
index 7acdf98697..c4169f32a0 100644
--- a/modules/openstack_project/manifests/slave.pp
+++ b/modules/openstack_project/manifests/slave.pp
@@ -8,6 +8,7 @@ class openstack_project::slave (
$jenkins_gitfullname = 'OpenStack Jenkins',
$jenkins_gitemail = 'jenkins@openstack.org',
$project_config_repo = 'https://git.openstack.org/openstack-infra/project-config',
+ $afs = false,
) {
include openstack_project
@@ -18,6 +19,7 @@ class openstack_project::slave (
iptables_public_udp_ports => [],
certname => $certname,
sysadmins => $sysadmins,
+ afs => $afs
}
class { 'jenkins::slave':
diff --git a/modules/openstack_project/manifests/wheel_mirror_slave.pp b/modules/openstack_project/manifests/wheel_mirror_slave.pp
index d343b3792a..8c1e59c5ac 100644
--- a/modules/openstack_project/manifests/wheel_mirror_slave.pp
+++ b/modules/openstack_project/manifests/wheel_mirror_slave.pp
@@ -17,16 +17,7 @@
#
class openstack_project::wheel_mirror_slave (
$jenkins_ssh_public_key,
- $pypi_mirror_bhs1_host_key,
- $pypi_mirror_dfw_host_key,
- $pypi_mirror_gra1_host_key,
- $pypi_mirror_iad_host_key,
- $pypi_mirror_nyj01_host_key,
- $pypi_mirror_ord_host_key,
- $pypi_mirror_hp1_host_key,
- $pypi_mirror_regionone_host_key,
- $wheel_mirror_ssh_public_key,
- $wheel_mirror_ssh_private_key,
+ $project_config_repo = 'https://git.openstack.org/openstack-infra/project-config',
$sysadmins = [],
$jenkins_gitfullname = 'OpenStack Jenkins',
$jenkins_gitemail = 'jenkins@openstack.org',
@@ -37,29 +28,7 @@ class openstack_project::wheel_mirror_slave (
jenkins_gitfullname => $jenkins_gitfullname,
jenkins_gitemail => $jenkins_gitemail,
project_config_repo => $project_config_repo,
- }
-
- file { '/home/jenkins/.ssh/id_rsa':
- owner => 'jenkins',
- group => 'jenkins',
- mode => '0400',
- require => File['/home/jenkins/.ssh'],
- content => $wheel_mirror_ssh_private_key,
- }
-
- file { '/home/jenkins/.ssh/id_rsa.pub':
- owner => 'jenkins',
- group => 'jenkins',
- mode => '0400',
- require => File['/home/jenkins/.ssh'],
- content => $wheel_mirror_ssh_public_key,
- }
-
- file { '/home/jenkins/.ssh/known_hosts':
- owner => 'jenkins',
- group => 'jenkins',
- mode => '0600',
- content => template('openstack_project/wheel_mirror/known_hosts.erb')
+ afs => true,
}
# below follows a rough list of things required to build binary