PyPy jobs are failing and it appears that old pip/setuptools may be to
blame. Fix this by pulling in latest current virtualenv which bundles
both of these libraries at much newer versions.
Change-Id: Iaf5c782f7ec5515469d154a0e2958a051e196d07
We can't update the rsyslog config before we install rsyslog because
then /etc/rsyslog.d/ isn't on the file system. Fix this by adding
rsyslog config after we install the package.
Change-Id: I187cdb9f774a3765d89e94c3b34775a49470a626
Managing exim is the one thing sever can do that template cannot.
This is part of a multi stage process for merging server and template.
Change-Id: I354da6b5d489669b6a2fb4ae4a4a64c2d363b758
The template.pp manifest did not realize users base was doing that.
Unfortunately this was not moved into template.pp when we removed base.
Add the user realization to template.pp via
openstack-project::users_install to correct this.
Change-Id: I7e4e1e707bf613ba7e021f60f5de580491ba95b1
Use puppetmaster_server parameter to setup the ssh class.
This patch depends on puppet-ssh change that should be
merged before this one.
Depends-On: I4b07f78ed455841cc2301227e42222ca96b24821
Change-Id: I691b8d4b13fef0b88ec075bd8ef13bcd5b5d691e
Currently the puppetmaster was hardcoded on a template.
Add the matching vars to the manifests that use them,
to make that setting configurable.
Change-Id: I2b641ec11284f325c22c242fabba26d0433bf85b
My previous attempt (I363ed7927954ecba9f83c38604b5dba2b4ce3045) added
the rsyslog package, but did not ensure it was installed before the
config update.
This adds the package as a requirement of the service class, which
should do it.
Change-Id: I910ba1fcce141fccf3fd3e472904274e6c03fb0a
Some images on some platforms (fedora21 on rax) may not have rsyslog
installed. There is some custom configuration and a restart done
which assumes the presence of rsyslog. Since many other things might
rely on /var/log/messages just ensure we have rsyslog installed.
Change-Id: I363ed7927954ecba9f83c38604b5dba2b4ce3045
Was only passing in a single string to the template but it expects a
list of strings. Change the type of the origin passed in to list of
string to fix this issue.
Change-Id: I5bf4207b54ad7d6a13c240005dae6f685e544b6c
This reverts commit 5be2e2f18ac1f4489be760717519252ba20d4fba.
Yay! We've sucessfully upgraded to puppet3 and the sun is shining!
Start managing apt pins for puppet again, and also, set the default
to be 3.x everywhere.
Change-Id: I80db5b5e154a3849914aa348e1eabadd0a2ad936
Since the puppet 3 release puppet versions are semver and we should be
able to rely on minor version releases not breaking the world. To get
security updates and the like allow puppet to be automatically upgraded.
Do this by setting an additional origin for the puppetlabs apt repo in
our unattended upgrades template.
Change-Id: I6224ef68aeb891431661f3afc553c4c3433e583a
In some 3rd party ci systems, the installation of unbound
cause node image creation to fail and/or devstack-gate to fail.
Since it is not strictly necessary, allow it to be disabled in
environments that do not support it.
Change-Id: I906ae3ccf946e208e17c7087f89641d645db7111
Partial-Bug: #1307702
When we put a conditional around rsyslog, it got pulled into
the if debian block - but git.o.o runs on redhat.
Change-Id: I0abea4075d216bf40b2e20e8afe186273e99b7ad
Builds running in a chroot are failing when notifying to rsyslog.
Assuming that an env var called FACTER_in_chroot is sent on this
case (as done by disk-image-builder elements), ignore the
declaration and interaction with rsyslog.
Change-Id: Id4c7a3e0c3503904540c59d940b52481d263d5b9
This change modifies install_puppet.sh to accept a --three option
setting it to install the latest puppet available. It also creates
a node definition for the puppetmaster.o.o node, the new 3 master,
and the master of the future. Changes were made to various classes
to allow the pinning to version 2.x to be turned off.
Change-Id: I805d6dc50b9de0d8a99cf818d22d06c2dea6090a
diskimage-builder does not run services that it installs, but this
is a problem when we lay down the resolv.conf file in puppet with
the service not running. So, put in a flag which defaults to true
(which is current behavior) that a dib invocation of the puppet
can turn off and then dib can plop the file down at the end of the
process.
Change-Id: I05d89ffacfdaf3563b8cb1460af12f114e1a0340
On all machines, set up unbound as a caching recursive resolver.
On single-use slaves, set it up to forward cache misses to the
DNS servers obtained by the template host on boot.
Change-Id: I8505f5a277f20b1328900a9a515cd84db77b2b3b
* modules/openstack_project/manifests/template.pp: Add the lvm2
package, since we use it in some places and it's really a fairly
base-level system block device management toolset these days. The
package name is the same in CentOS, Debian, Fedora and Ubuntu.
Change-Id: I5f1d5794559de268ab009c4875b44d360f7ebd59
The differences between openstack_project::slave,
openstack_project::slave_template, and openstack_project::bare_slave
were not always clear. Keep openstack_project::slave as the default long
running slave manifest, but replace slave_template with a
single_use_slave.pp to make it clear where single use slave config
begins. Add the ability to toggle automatic upgrades and jenkins sudo
rights to this new manifest. Finally, add a more verbose comment to
bare_slave explaining what it is useful for (having a jenkins like slave
host that doesn't need a firewall or ntp or automatic upgrades).
Change-Id: I3989c9e6ad9469f441ca5d3627f7b3b704d8a8da
Puppet doesn't allow non unique namevars. Having mutliple rsyslog
service definitions violates this rule. Work around this by
consolidating all rsyslog configs in openstack_project::template.
In the process of doing this it became apparent that the ensure whoopsie
was absent resource should be consolidated in to template.pp as well so
this was done as part of the larger consolidation.
Change-Id: I7effed7bacb85386f0cf36edffe442e2cad944d0
The iptables class allowed specifying a list of public UDP ports,
just like it has support for TCP. However, a couple of places needed
to be updated to pass through the UDP port list to make it usable.
Change-Id: I00764bf1d7baff862fa51a6cd03211fe9a29ecdd
* modules/openstack_project/manifests/template.pp: Some images we
use, notably CentOS, lack strace and tcpdump which our Ubuntu images
have by default. The package names are the same across the platforms
we use, so it's safe to just ensure they're present everywhere and
be done with it.
Change-Id: I2fe9469c27ed8db8e718bb4923c45ad22491ed1c
Reviewed-on: https://review.openstack.org/34270
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Approved: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Tested-by: Jenkins
Updates our install_modules.sh file so that it uses
puppetlabs-ntp instead of kickstandproject-ntp. This provides
better multi distro NTP support.
Change-Id: I7b11e8c67a2e38653be281b5e6aa1d08768cc617
Reviewed-on: https://review.openstack.org/23204
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
Create abstractions for tmpcleanup and automatic_upgrades
which can be used to install/include distro specific
modules modules for these features.
On Ubuntu this will still install unattended_upgrades and tmpreaper.
On RHEL we need to implement similar functionality and modules.
Change-Id: I9209610582e23c86dccb5e70691bb598dad36950
Reviewed-on: https://review.openstack.org/23197
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
A list of iptables commands that come after the "-A OPENSTACK-INPUT"
bit.
Change-Id: Iee595d9267738365c208f8ecb6f0fd4941b357e3
Reviewed-on: https://review.openstack.org/17172
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Approved: Jeremy Stanley <fungi@yuggoth.org>
Tested-by: Jenkins
Now with extra unwrap!
Change-Id: I7c622ffa77821f33f911793fc6b6cdaaba37904a
Reviewed-on: https://review.openstack.org/15052
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: Jeremy Stanley <fungi@yuggoth.org>
Reviewed-by: Jeremy Stanley <fungi@yuggoth.org>
Tested-by: Jenkins
Killed trailing whitespace in the puppet repo files using
`sed -r 's/\s+$//'`. Skip binary files and html templates for lodgeit
and mailman.
Change-Id: Ib43493161d8f0e8fae1426b22fb1737832ca14cd
Reviewed-on: https://review.openstack.org/12969
Reviewed-by: Paul Belanger <paul.belanger@polybeacon.com>
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
After some discussion in #openstack-infra using modules from puppetforge
is a good thing. So, this is a simple change to use an existing module
that I maintain.
Change-Id: Ic2290ef10ff96220b6620958537730e828e59402
Signed-off-by: Paul Belanger <paul.belanger@polybeacon.com>
Reviewed-on: https://review.openstack.org/13959
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Approved: James E. Blair <corvus@inaugust.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Tested-by: Jenkins
Use puppet agent --test for puppet cron.
We don't need the private ssh or gpg key on the slaves anymore.
We do need the glance testing stuff, so stick that into hiera.
Change-Id: If94fc3f150bf569efe9461f80d3565f9825eebce
Reviewed-on: https://review.openstack.org/10851
Approved: Monty Taylor <mordred@inaugust.com>
Reviewed-by: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
Change-Id: Ia0b5c80c479f8acd5cc1e0dc0a4515d88e6b5db8
Reviewed-on: https://review.openstack.org/11091
Reviewed-by: Devananda van der Veen <devananda.vdv@gmail.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
Change-Id: Idcf8af9712f8d10b50cfffc0aa74f7caa1a24c77
Reviewed-on: https://review.openstack.org/10833
Reviewed-by: Clark Boylan <clark.boylan@gmail.com>
Reviewed-by: James E. Blair <corvus@inaugust.com>
Approved: Monty Taylor <mordred@inaugust.com>
Tested-by: Jenkins
Also, moved depends for launchpad sync script to the launchpad sync
module, and put the ntp stuff into an ntp module.
Change-Id: I2568752493fefa305f9108a23da101d80a311552
