[Puppet] Class for building puppet cluster

Change-Id: Idd1ef2dabf6146d62c9e9bee1831127c3c967b7e

murano-apps/Puppet/package/Classes/PuppetClient.yaml

@@ -0,0 +1,47 @@
+#  Licensed under the Apache License, Version 2.0 (the "License"); you may
+#  not use this file except in compliance with the License. You may obtain
+#  a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#  License for the specific language governing permissions and limitations
+#  under the License.
+
+Namespaces:
+    =: org.openstack.ci_cd_pipeline_murano_app.puppet
+    conf: io.murano.configuration
+    sys: io.murano.system
+
+Name: PuppetClient
+
+Properties:
+  instance:
+    Contract: $.class('org.openstack.ci_cd_pipeline_murano_app.puppet.PuppetInstance').notNull()
+
+  role:
+    Contract: $.string().notNull()
+
+Methods:
+
+  configure:
+    Body:
+      - $this.instance.setHieraValue( 'node_role', $this.role)
+      - $this.instance.applyManifest(
+          new(sys:Resources).string('scripts/server/puppet_client.pp'))
+
+  #
+  # useful to be sure that certificate request was sent to a server
+  #
+  testRun:
+    Body:
+
+      # non zero return until certificate is not signed
+      - $res: new(conf:Linux).runCommand(
+          agent => $this.instance.agent,
+          command => 'puppet agent --test',
+          ignoreErrors => true).stdout
+
+      - Return: $res

murano-apps/Puppet/package/Classes/PuppetServer.yaml

@@ -0,0 +1,125 @@
+#  Licensed under the Apache License, Version 2.0 (the "License"); you may
+#  not use this file except in compliance with the License. You may obtain
+#  a copy of the License at
+#
+#       http://www.apache.org/licenses/LICENSE-2.0
+#
+#  Unless required by applicable law or agreed to in writing, software
+#  distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+#  WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+#  License for the specific language governing permissions and limitations
+#  under the License.
+
+Namespaces:
+    =: org.openstack.ci_cd_pipeline_murano_app.puppet
+    conf: io.murano.configuration
+    sys: io.murano.system
+    net: org.openstack.ci_cd_pipeline_murano_app.utils.net
+    puppet: org.openstack.ci_cd_pipeline_murano_app.puppet
+
+Name: PuppetServer
+
+Properties:
+  masterInstance:
+    Contract: $.class(puppet:PuppetInstance).notNull()
+
+  clients:
+    Contract:
+      - $.class('org.openstack.ci_cd_pipeline_murano_app.puppet.PuppetClient')
+    Usage: Out
+    Default: []
+
+  manifest:
+    Contract: $.string().notNull()
+
+  _hosts:
+    Contract: $.class(net:Hosts)
+    Usage: Out
+
+  _log:
+    Contract: $.class('io.murano.system.Logger')
+
+Methods:
+  .init:
+    Body:
+      - $this.hosts: new(net:Hosts)
+      - $this._log: logger('org.openstack.ci_cd_pipeline_murano_app.puppet.PuppetServer')
+
+  configure:
+    Body:
+      - $this._configureHosts()
+
+      - $this._installPuppetModules()
+
+      - $data: dict( 'environment:production:manifest' => $this.manifest)
+      - $this.masterInstance.putHieraData( $data)
+
+      - $resources: new(sys:Resources)
+      - $this.masterInstance.applyManifest(
+          $resources.string('scripts/server/puppet_server.pp'))
+
+      - $this.clients.pselect($.configure())
+
+      - $this.clients.pselect($.testRun())
+      # sign obtained requests
+      - $this.clients.pselect($this.signClientCertificate($.role))
+
+  _configureHosts:
+    Body:
+      - $this._hosts: new(net:Hosts)
+      - $this._hosts.addHostByInstance($this.masterInstance, 'puppet')
+      - $this.clients.pselect($this._hosts.addHostByInstance($.instance, $.role))
+      - $this._hosts.applyTo($this.masterInstance)
+      - $this.clients.pselect($this._hosts.applyTo($.instance))
+
+  addClient:
+    Arguments:
+      - client:
+          Contract: $.class(puppet:PuppetClient).notNull()
+    Body:
+      - $this.clients: $this.clients.append($client)
+
+
+  #
+  # Sign client's certificate request
+  #
+  signClientCertificate:
+    Arguments:
+      - name:
+          Contract: $.string()
+    Body:
+      # sign cerificate or check it signed erlier
+      # in case of redeploying
+      - $res: new(conf:Linux).runCommand(
+          $this.masterInstance.agent,
+          'puppet cert sign {0} || puppet cert verify {0}'.format($name)).stdout
+
+      - Return: $res
+
+  #
+  # Install all modules on every instance
+  #
+  _installPuppetModules:
+    Body:
+      - $modules:
+        - 'puppetlabs-vcsrepo'
+        - 'theforeman-git'
+        - 'theforeman-puppet'
+
+      - $this.clients.select($.instance).append($this.masterInstance).selectMany(
+            let(x => $) -> $modules.select(
+              {instance => $x, module => $}))
+          .select( $.instance.installPuppetModule($.module))
+
+  installDependencies:
+    Arguments:
+      - environment:
+          Contract: $.string().notNull()
+      - puppetfileLink:
+          Contract: $.string().notNull()
+    Body:
+      - $resources: new(sys:Resources)
+      - $template: $resources.yaml('InstallDependencies.template').bind(dict(
+          environment => $environment,
+          puppetfile => $puppetfileLink))
+      - Return: $this.masterInstance.agent.call($template, $resources)

murano-apps/Puppet/package/Resources/InstallDependencies.template

@@ -0,0 +1,21 @@
+FormatVersion: 2.1.0
+Version: 1.0.0
+Name: CreateEnvironment
+
+Parameters:
+  environment: $environment
+  puppetfile: $puppetfile
+
+Body:
+  return createEnvironment('{0} "{1}"'.format(args.environment,  args.puppetfile)).stdout
+
+Scripts:
+  createEnvironment:
+    Type: Application
+    Version: 1.0.0
+    EntryPoint: 'server/install_dependencies.sh'
+    Files: []
+    Options:
+      captureStdout: true
+      captureStderr: true
+      verifyExitcode: true

murano-apps/Puppet/package/Resources/scripts/server/install_dependencies.sh

@@ -0,0 +1,11 @@
+#!/usr/bin/env bash
+
+
+ENV_NAME="$1"
+PUPPETFILE_LINK="$2"
+ENV_DIR="/etc/puppet/environments/${ENV_NAME}"
+
+cd ${ENV_DIR}
+wget --quiet -c ${PUPPETFILE_LINK} -O Puppetfile
+
+librarian-puppet install

murano-apps/Puppet/package/Resources/scripts/server/puppet_client.pp

@@ -0,0 +1,11 @@
+node default{
+  package {'iptables-persistent':
+    ensure => 'installed'
+  }
+  class { '::puppet':
+    server  => false,
+    runmode => 'cron',
+    puppetmaster => 'puppet',
+    client_certname => hiera('node_role')
+  }
+}

murano-apps/Puppet/package/Resources/scripts/server/puppet_server.pp

@@ -0,0 +1,33 @@
+node default{
+  package { 'ntp':
+    ensure => 'installed',
+  }
+
+  package {'iptables-persistent':
+    ensure => 'installed'
+  }
+
+  class { '::puppet':
+    server                => true,
+    server_foreman        => false,
+    server_reports        => 'store',
+    server_http           => true,
+    server_http_port      => 8130, # default: 8139
+    server_http_allow     => [],
+    server_external_nodes => '',
+    server_git_repo       => true,
+    puppetmaster =>  'puppet',
+    server_puppetserver_version => '2.4.99',
+    environment => 'production'
+  }
+
+  puppet::server::env { 'production':
+    manifest => hiera('environment:production:manifest'),
+    config_version => ''
+  }
+
+  package {'librarian-puppet':
+    ensure => 'installed',
+    provider => 'gem'
+  }
+}

murano-apps/Puppet/package/manifest.yaml

@@ -11,6 +11,10 @@ Author: 'Mirantis, Inc'
 Tags: [Server, Puppet]
 Classes:
   org.openstack.ci_cd_pipeline_murano_app.puppet.PuppetInstance: PuppetInstance.yaml
+  org.openstack.ci_cd_pipeline_murano_app.puppet.PuppetServer: PuppetServer.yaml
+  org.openstack.ci_cd_pipeline_murano_app.puppet.PuppetClient: PuppetClient.yaml
   org.openstack.ci_cd_pipeline_murano_app.puppet.Hiera: Hiera.yaml
   org.openstack.ci_cd_pipeline_murano_app.puppet.YamlTool: YamlTool.yaml
   org.openstack.ci_cd_pipeline_murano_app.puppet.YamlFile: YamlFile.yaml
+Require:
+  org.openstack.ci_cd_pipeline_murano_app.utils.CiCdUtils: