Add vexxhost account credentials to our various clouds.yaml files. This
covers the all clouds, ansible, and nodepool clouds.yaml files. With
this in place we can work to deploying tests onto vexxhost.
Change-Id: I42101e9acc9f62897a3f63b85dd34a14adcf2394
This adds clouds.yaml information to our three clouds.yaml files for our
two users in the OSIC cloud. This will let us manage the OSIC cloud
resources and start deploying tests to OSIC with nodepool.
Change-Id: I5a392d165fb6db2e70036008a55cd99eed237ab4
We need to open the firewall to allow access of our log files.
Change-Id: Ifb8469c737766bd7f1b147f733444c2185bfa47f
Depends-On: I569b4fc58bae8aba4d3451f9eb544304cef89e5d
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Here we are updating our defaults to have hiera store our question /
answers for mediawiki captcha.
Change-Id: Iff0c326401ed9a4c3b40f8d43826603e599dc4a4
Depends-On: I102ff6991831901c578dab4107b0c23245da9d4b
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
Without this change, puppetting an infracloud machine from scratch
results in an error[1]. The order of events that causes this issue is:
1) Puppet purges /etc/apt/sources.list, removing all of apt's knowledge
of other sources
2) Puppet creates /etc/apt/sources.list.d/openstack-infra.list, but
this will have no effect on apt's knowledge of other sources until
an apt-get update is run
3) The puppet-openstack_extras module runs an exec to install the
ubuntu-cloud-keyring package. (This is done with an exec type rather
than a package type because it needs to be run before
Exec['apt_update'] which is defined in the puppetlabs-apt module.)
Since apt at this point knows of no apt sources in the world, it
fails to find the package.
4) Apt-get update is run and the world is right again, so subsequent
puppet runs or manual installs of ubuntu-cloud-keyring are
confusingly successful.
A potential fix for this is to create another exec resource that runs
apt-get update after adding openstack-infra.list but before installing
ubuntu-cloud-keyring, after which apt-get update will run once again.
This is inefficient and ugly. Since on these particular nodes we
control the base images, and the default apt sources list is sane and
matches what we have set in openstack-infra.list anyway, we can just
disable the purging of the original sources.list and there will no
longer be any point during which apt has no sources.
[1] http://paste.openstack.org/show/488079/
Change-Id: I2cb375979d55e612fe8acc4cc7abdd393f39c2b9
This should be a noop change, we are just moving the settings into
puppet.
Change-Id: Ic533a5fb125125e9791c40312318be79cbbe4826
Depends-On: I1ad6da353c25aed8976806f00cc39d6c3c93e7ae
Signed-off-by: Paul Belanger <pabelanger@redhat.com>
We are installing a cert to trust the infracloud but were trying to put
it in a dir that does not exist. Put it next to the clouds.yaml in
~nodepool/.config/openstack as that will exist because nodepool consumes
clouds.yaml from there.
Change-Id: I27e1a1d340e9864308c89c660ae014d7110fbe9f
Add definition for baremetal nodes for hpuswest, plus a script to
one-time enroll and deploy nodes in bifrost.
Co-Authored-By: Clint Byrum <clint@fewbar.com>
Co-Authored-By: greghaynes <greg@greghaynes.net>
Co-Authored-By: Yolanda Robla <info@ysoft.biz>
Depends-On: I949344c16cf9ee3965b0bc96850eb208ac65b168
Change-Id: I947add7e8e8aa88fe6e881d77fd3278910b3b903
This adds the omfracloud jenkins account credentials to nodepool.
I'm not pleased with the file resource in the node definition, but that
node definiton grew huge and needs a refactor anyways so we can do that
when we do it.
I have verified that the correct keys are in hiera.
Change-Id: Iafca5e86f72321c6aa7bef748ac2b1942539d15f
Avoid using the private management address for rabbitmq, which was the
only service using this address, and instead use the public address
with SSL for security.
Change-Id: I6a00fed66dc8f3202ff31b6905011cfd95b528b8
Depends-On: I5a25a5e4aa70db66db2d9331d7f5e4ac8b785002
Update the system-config manifest to support the simplifying changes
made in the puppet-infracloud module.
This patch will require updates to hiera. We need keys
hpuswest_ssl_cert_file_contents and ssl_key_file_contents added, and
hpuswest_ssl_cert_file_contents must be in the 'infracloud' hiera group
since it is shared to the compute nodes.
Change-Id: I39c70b1077e8b467e0a7e123a694d037ffc77f7a
Depends-On: Ibeea608e965e58c496a95b2f02a4bf6b13e15f0e
We cannot use default guest/guest as it has been disabled
on our rabbit. So we need to generate a pass in hiera for that,
and pass it properly to the manifest.
Change-Id: I407119383b232f07888dc9821771f1ece383a431
Depends-On: I9582d68ca93f2f7b5742523e273ebf6b5a9c0c13
The reprepro class in this is in-tree rather than in its own module
purely for ease of getting started. It's also highly hard-coded rather
than flexible.
This change will need a mirror.apt volume and service/reprepro principal
and keytab to be created before it lands.
Allow for pool trimming after a 2 hour delay. Each devstack run of
apt-get update should be able to be assumed to be valid for the length
of the devstack. For that reason, only delete files that are
unreferenced during the subsequent mirror run, ensuring at least a 2
hour delay between becoming unreferenced and going away.
Local testing indicates that a trusty mirror is 86G.
Change-Id: I84f6a0391f80e6bf567c4bfc18a41bd270fe8c01
This patch adds AFS, and the admin keytab, to our release slave,
so that we may execute `vos release` when a mirror update
is requested.
Change-Id: I9c8531304fb74b9bafca85d58b5e9c1c0bc21f6a
This adds a hiera-loaded keytab for the wheel slaves. It may
be used when writing wheels to the AFS share directory.
Note: This will require the creation of a keytab for the
wheel mirror, as well as appropriate folders and access rights
on AFS.
Change-Id: I81c39d420d8ac70def57949ea0d4c323b8797086
This removes the SSH keys from the wheel mirror slaves, and
replaces them with the AFS share. It does not yet add afs
credentials. As we have not yet provisioned our wheel slaves,
no manual updates of the servers should be required.
Hiera keys for the previous approach should be removed.
Change-Id: Ifebf5d53d80e934674704078f7dd675f77aef5aa
