From 817187f7c60abbb81522e6215d268fd659a7c714 Mon Sep 17 00:00:00 2001 From: Yolanda Robla Mota Date: Thu, 18 Aug 2016 10:45:31 +0200 Subject: Add initial puppet and hiera files Include the basic site.pp and initial modules, as long as default hieras, to manage opnfv infracloud. Change-Id: I891bc414b102257534f1d28df8299bf41c12e8f2 Signed-Off-By: Yolanda Robla --- .../modules/opnfv/manifests/server.pp | 222 +++++++++++++++++++++ 1 file changed, 222 insertions(+) create mode 100644 prototypes/puppet-infracloud/modules/opnfv/manifests/server.pp (limited to 'prototypes/puppet-infracloud/modules/opnfv/manifests/server.pp') diff --git a/prototypes/puppet-infracloud/modules/opnfv/manifests/server.pp b/prototypes/puppet-infracloud/modules/opnfv/manifests/server.pp new file mode 100644 index 000000000..5bbcd7506 --- /dev/null +++ b/prototypes/puppet-infracloud/modules/opnfv/manifests/server.pp @@ -0,0 +1,222 @@ +# SPDX-license-identifier: Apache-2.0 +############################################################################## +# Copyright (c) 2016 RedHat and others. +# All rights reserved. This program and the accompanying materials +# are made available under the terms of the Apache License, Version 2.0 +# which accompanies this distribution, and is available at +# http://www.apache.org/licenses/LICENSE-2.0 +############################################################################## +class opnfv::server ( + $iptables_public_tcp_ports = [], + $iptables_public_udp_ports = [], + $iptables_rules4 = [], + $iptables_rules6 = [], + $sysadmins = [], + $enable_unbound = true, + $purge_apt_sources = true, +) { + ########################################################### + # Classes for all hosts + + include snmpd + include sudoers + + class { 'iptables': + public_tcp_ports => $iptables_public_tcp_ports, + public_udp_ports => $all_udp, + rules4 => $iptables_rules4, + rules6 => $iptables_rules6, + } + + class { 'timezone': + timezone => 'Etc/UTC', + } + + if ($enable_unbound) { + class { 'unbound': + install_resolv_conf => $install_resolv_conf + } + } + + if ($::in_chroot) { + notify { 'rsyslog in chroot': + message => 'rsyslog not refreshed, running in chroot', + } + $rsyslog_notify = [] + } else { + service { 'rsyslog': + ensure => running, + enable => true, + hasrestart => true, + require => Package['rsyslog'], + } + $rsyslog_notify = [ Service['rsyslog'] ] + } + + ########################################################### + # System tweaks + + # Increase syslog message size in order to capture + # python tracebacks with syslog. + file { '/etc/rsyslog.d/99-maxsize.conf': + ensure => present, + # Note MaxMessageSize is not a puppet variable. + content => '$MaxMessageSize 6k', + owner => 'root', + group => 'root', + mode => '0644', + notify => $rsyslog_notify, + require => Package['rsyslog'], + } + + # We don't like byobu + file { '/etc/profile.d/Z98-byobu.sh': + ensure => absent, + } + + if $::osfamily == 'Debian' { + + # Ubuntu installs their whoopsie package by default, but it eats through + # memory and we don't need it on servers + package { 'whoopsie': + ensure => absent, + } + + package { 'popularity-contest': + ensure => absent, + } + } + + ########################################################### + # Package resources for all operating systems + + package { 'at': + ensure => present, + } + + package { 'lvm2': + ensure => present, + } + + package { 'strace': + ensure => present, + } + + package { 'tcpdump': + ensure => present, + } + + package { 'rsyslog': + ensure => present, + } + + package { 'git': + ensure => present, + } + + package { 'rsync': + ensure => present, + } + + case $::osfamily { + 'RedHat': { + $packages = ['parted', 'puppet', 'wget', 'iputils'] + $user_packages = ['emacs-nox', 'vim-enhanced'] + $update_pkg_list_cmd = '' + } + 'Debian': { + $packages = ['parted', 'puppet', 'wget', 'iputils-ping'] + case $::operatingsystemrelease { + /^(12|14)\.(04|10)$/: { + $user_packages = ['emacs23-nox', 'vim-nox', 'iftop', + 'sysstat', 'iotop'] + } + default: { + $user_packages = ['emacs-nox', 'vim-nox'] + } + } + $update_pkg_list_cmd = 'apt-get update >/dev/null 2>&1;' + } + default: { + fail("Unsupported osfamily: ${::osfamily} The 'openstack_project' module only supports osfamily Debian or RedHat (slaves only).") + } + } + package { $packages: + ensure => present + } + + ########################################################### + # Package resources for specific operating systems + + case $::osfamily { + 'Debian': { + # Purge and augment existing /etc/apt/sources.list if requested, and make + # sure apt-get update is run before any packages are installed + class { '::apt': + purge => { 'sources.list' => $purge_apt_sources } + } + + # Make sure dig is installed + package { 'dnsutils': + ensure => present, + } + } + 'RedHat': { + # Make sure dig is installed + package { 'bind-utils': + ensure => present, + } + } + } + + ########################################################### + # Manage ntp + + include '::ntp' + + if ($::osfamily == "RedHat") { + # Utils in ntp-perl are included in Debian's ntp package; we + # add it here for consistency. See also + # https://tickets.puppetlabs.com/browse/MODULES-3660 + package { 'ntp-perl': + ensure => present + } + # NOTE(pabelanger): We need to ensure ntpdate service starts on boot for + # centos-7. Currently, ntpd explicitly require ntpdate to be running before + # the sync process can happen in ntpd. As a result, if ntpdate is not + # running, ntpd will start but fail to sync because of DNS is not properly + # setup. + package { 'ntpdate': + ensure => present, + } + service { 'ntpdate': + enable => true, + require => Package['ntpdate'], + } + } + + ########################################################### + # Manage python/pip + + $desired_virtualenv = '13.1.0' + class { '::pip': + optional_settings => { + 'extra-index-url' => '', + }, + manage_pip_conf => true, + } + + if (( versioncmp($::virtualenv_version, $desired_virtualenv) < 0 )) { + $virtualenv_ensure = $desired_virtualenv + } else { + $virtualenv_ensure = present + } + package { 'virtualenv': + ensure => $virtualenv_ensure, + provider => openstack_pip, + require => Class['pip'], + } + + # add hosts entries + create_resources('host', hiera_hash('hosts')) +} -- cgit 1.2.3-korg