stackforge/puppet-openstack-cloud
Code Issues Proposed changes

Move system to init

Browse Source 
- Delete common folder
- Move system to init.pp
- Update site.pp

Signed-off-by: Emilien Macchi <emilien.macchi@enovance.com>
This commit is contained in:
Emilien Macchi 2013-12-29 01:18:46 +01:00
parent d28069ea78
commit 11063d001c
5 changed files with 65 additions and 265 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

48
manifests/common/authorized_keys.pp
View File

@ -1,48 +0,0 @@
#
# Copyright (C) 2013 eNovance SAS <licensing@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# SSH authorized_keys
#
class authorized_keys ($keys, $account='root', $home = '') {
# This line allows default homedir based on $account variable.
# If $home is empty, the default is used.
$rhome = $account ? {'root' => '/root', default => $home}
$homedir = $rhome ? {'' => "/home/${account}", default => $rhome}
file { "${homedir}/.ssh":
ensure => directory,
owner => $ensure ? {'present' => $account, default => undef },
group => $ensure ? {'present' => $account, default => undef },
mode => '0755',
}
file { "${homedir}/.ssh/authorized_keys":
owner => $ensure ? {'present' => $account, default => undef },
group => $ensure ? {'present' => $account, default => undef },
mode => '0644',
require => File["${homedir}/.ssh"],
}
define addkey{
exec{"key-${name}":
command => "/bin/echo '${name}' >> ${homedir}/.ssh/authorized_keys",
unless => "/bin/grep -xFq '${name}' ${homedir}/.ssh/authorized_keys",
require => File["${homedir}/.ssh/authorized_keys"],
}
}
addkey{$keys:;}
}

143
manifests/common/packages_config.pp
View File

@ -1,143 +0,0 @@
#
# Copyright (C) 2013 eNovance SAS <licensing@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# APT configuration
#
class os_packages_config {
case $::osfamily {
'Debian': {
class{'apt':
always_apt_update => false,
purge_sources_list => true,
purge_sources_list_d => true,
purge_preferences_d => true,
}
# Ensure apt is configured before every package installation
Class['os_packages_config'] -> Package <| |>
# configure apt periodic updates
apt::conf { 'periodic':
priority => '10',
content => "APT::Periodic::Update-Package-Lists 1;\nAPT::Periodic::Download-Upgradeable-Packages 1;\n";
}
# OS specific repositories
case $::operatingsystem {
'Debian': {
# Official Debian repositories
apt::source {'debian_main':
location => 'http://ftp2.fr.debian.org/debian/',
release => 'wheezy',
repos => 'main contrib non-free',
include_src => false,
}
apt::source {'debian_backports':
location => 'http://ftp2.fr.debian.org/debian/',
release => 'wheezy-backports',
include_src => false,
}
apt::source {'debian_security':
location => 'http://security.debian.org/',
release => 'wheezy/updates',
repos => 'main',
include_src => false,
}
apt::source {'mariadb':
location => 'http://ftp.igh.cnrs.fr/pub/mariadb/repo/5.5/debian',
release => 'wheezy',
include_src => false,
key_server => 'keyserver.ubuntu.com',
key => '1BB943DB',
}
} # Debian
'Ubuntu': {
apt::source { 'ubuntu_precise':
location => 'http://fr.archive.ubuntu.com/ubuntu',
release => 'precise',
repos => 'main universe multiverse',
include_src => false
}
apt::source { 'ubuntu_precise_update':
location => 'http://fr.archive.ubuntu.com/ubuntu',
release => 'precise-updates',
repos => 'main universe multiverse',
include_src => false
}
apt::source { 'ubuntu_precise_security':
location => 'http://security.ubuntu.com/ubuntu',
release => 'precise-security',
repos => 'main universe multiverse',
include_src => false
}
apt::source {'mariadb':
location => 'http://ftp.igh.cnrs.fr/pub/mariadb/repo/5.5/ubuntu',
release => 'precise',
include_src => false,
key_server => 'keyserver.ubuntu.com',
key => '1BB943DB',
}
} # Ubuntu
default: {
fail("Operating system (${::operatingsystem}) not supported yet" )
}
}
# Common packages for Debian / Ubuntu
case $::operatingsystem {
/^(Debian|Ubuntu)$/: {
# OpenStack / Ceph / Specific Backports
apt::source {'cloud.pkgs.enovance.com':
location => "[trusted=1 arch=amd64] http://cloud.pkgs.enovance.com/${::lsbdistcodename}-${os_params::os_release}",
release => $os_params::os_release,
include_src => false,
key_server => 'keyserver.ubuntu.com',
key => '5D964F0B',
}
# # Specific to eNovance (SSH keys, etc)
# apt::source {'enovance':
# location => 'http://***REMOVED***@repo.enovance.com/apt/',
# release => 'squeeze',
# repos => 'main contrib non-free',
# key => '3A964515',
# key_source => 'http://***REMOVED***@repo.enovance.com/apt/key/enovance.gpg',
# include_src => true,
# }
}
default: {
fail("Operating system (${::operatingsystem}) not supported yet" )
}
}
} # os family Debian
'RedHat': {
notice("${::osfamily} (${::operatingsystem})")
}
default: {
err "${::osfamily} not supported yet"
}
} # Case $::osfamily
# We don't include Ceph here, since APT is managed by Ceph Puppet module
}

73
manifests/common/system.pp
View File

@ -1,73 +0,0 @@
#
# Copyright (C) 2013 eNovance SAS <licensing@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Operating System
#
class os_common_system{
# motd
file
{
'/etc/motd':
ensure => file,
mode => '0644',
content => "
############################################################################
# eNovance IT Operations #
############################################################################
# #
# *** RESTRICTED ACCESS *** #
# Only the authorized users may access this system. #
# Any attempted unauthorized access or any action affecting the computer #
# system of eNovance is punishable under articles 323-1 to 323-7 of #
# French criminal law. #
# #
############################################################################
This node is under the control of Puppet ${::puppetversion}.
";
}
# APT repositories
class{ 'os_packages_config': }
# DNS
$datacenter = 'ci'
class{ 'resolver':
dcinfo => { ci => $os_params::dns_ips, },
domainname => $os_params::site_domain,
searchpath => $os_params::site_domain,
}
# NTP
class { 'ntp': }
# SSH Keys
#FIXME
#if $::osfamily == 'Debian' {
# package { 'enovance-config-sshkeys-dev':
# ensure => 'installed'
# }
#}
# Strong root password for all servers
user { 'root':
ensure => 'present',
gid => '0',
password => $os_params::root_password,
uid => '0',
}
}

64
manifests/init.pp
View File

@ -0,0 +1,64 @@
#
# Copyright (C) 2013 eNovance SAS <licensing@enovance.com>
#
# Licensed under the Apache License, Version 2.0 (the "License"); you may
# not use this file except in compliance with the License. You may obtain
# a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
# License for the specific language governing permissions and limitations
# under the License.
#
# Class: privatecloud
#
# Installs the private cloud system requirements
#
class privatecloud {
# motd
file
{
'/etc/motd':
ensure => file,
mode => '0644',
content => "
############################################################################
# eNovance IT Operations #
############################################################################
# #
# *** RESTRICTED ACCESS *** #
# Only the authorized users may access this system. #
# Any attempted unauthorized access or any action affecting the computer #
# system of eNovance is punishable under articles 323-1 to 323-7 of #
# French criminal law. #
# #
############################################################################
This node is under the control of Puppet ${::puppetversion}.
";
}
# DNS
$datacenter = 'ci'
class{ 'resolver':
dcinfo => { ci => $os_params::dns_ips, },
domainname => $os_params::site_domain,
searchpath => $os_params::site_domain,
}
# NTP
class { 'ntp': }
# Strong root password for all servers
user { 'root':
ensure => 'present',
gid => '0',
password => $os_params::root_password,
uid => '0',
}
}

2
site.pp
View File

@ -41,7 +41,7 @@ node common {
class { 'os_params': }
# Common system configuration
class { 'os_common_system': }
class { 'privatecloud': }
}