Andrew Bogott has uploaded a new change for review. https://gerrit.wikimedia.org/r/179765
Change subject: Support bootstrap-vz for buildign labs debian images ...................................................................... Support bootstrap-vz for buildign labs debian images Change-Id: I0b635305c0adb9d648fc30a393c22b1d4fc37116 --- A modules/labs_bootstrapvz/files/firstboot.sh A modules/labs_bootstrapvz/files/firstbootrc A modules/labs_bootstrapvz/files/install_sudo.sh A modules/labs_bootstrapvz/files/labs-jessie.manifest.yaml A modules/labs_bootstrapvz/manifests/init.pp 5 files changed, 345 insertions(+), 0 deletions(-) git pull ssh://gerrit.wikimedia.org:29418/operations/puppet refs/changes/65/179765/1 diff --git a/modules/labs_bootstrapvz/files/firstboot.sh b/modules/labs_bootstrapvz/files/firstboot.sh new file mode 100644 index 0000000..994bb9f --- /dev/null +++ b/modules/labs_bootstrapvz/files/firstboot.sh @@ -0,0 +1,55 @@ +#!/bin/bash + +set -x + +echo 'Enabling console logging for puppet while it does the initial run' +echo 'daemon.* |/dev/console' > /etc/rsyslog.d/60-puppet.conf +systemctl restart rsyslog.service + +binddn=`grep 'binddn' /etc/ldap.conf | sed 's/.* //'` +bindpw=`grep 'bindpw' /etc/ldap.conf | sed 's/.* //'` +hostsou=`grep 'nss_base_hosts' /etc/ldap.conf | sed 's/.* //'` +id=`curl http://169.254.169.254/1.0/meta-data/instance-id 2> /dev/null` +hostname=`hostname` +domain=`hostname -d` +idfqdn=${id}.${domain} +fqdn=${hostname}.${domain} +#TODO: get project a saner way +project=`ldapsearch -x -D ${binddn} -w ${bindpw} -b ${hostsou} "dc=${idfqdn}" puppetvar | grep 'instanceproject' | sed 's/.*=//'` +saltfinger="c5:b1:35:45:3e:0a:19:70:aa:5f:3a:cf:bf:a0:61:dd" +if [ "${domain}" == "eqiad.wmflabs" ] +then + master="virt1000.wikimedia.org" + master_secondary="labcontrol2001.wikimedia.org" +fi + +# Finish LDAP configuration +sed -i "s/_PROJECT_/${project}/g" /etc/security/access.conf +sed -i "s/_PROJECT_/${project}/g" /etc/ldap/ldap.conf +sed -i "s/_PROJECT_/${project}/g" /etc/sudo-ldap.conf +sed -i "s/_PROJECT_/${project}/g" /etc/nslcd.conf +sed -i "s/_FQDN_/${idfqdn}/g" /etc/puppet/puppet.conf +sed -i "s/_MASTER_/${master}/g" /etc/puppet/puppet.conf + +# This really shouldn't be necessary. +mkdir /var/lib/puppet/client + +puppet agent --enable + +/etc/init.d/nslcd restart +/etc/init.d/nscd restart +dpkg-reconfigure -fnoninteractive -pcritical openssh-server +/etc/init.d/ssh stop +/etc/init.d/ssh start + +# set mailname +echo $fqdn > /etc/mailname + +# Initial salt config +echo -e "master:\n - ${master}\n - ${master_secondary}" > /etc/salt/minion +echo "id: ${idfqdn}" >> /etc/salt/minion +echo "master_finger: ${saltfinger}" >> /etc/salt/minion +/etc/init.d/salt-minion restart + +# Force initial puppet run +puppet agent --onetime --verbose --no-daemonize --no-splay --show_diff --waitforcert=10 --certname=${idfqdn} --server=${master} diff --git a/modules/labs_bootstrapvz/files/firstbootrc b/modules/labs_bootstrapvz/files/firstbootrc new file mode 100644 index 0000000..74e66ac --- /dev/null +++ b/modules/labs_bootstrapvz/files/firstbootrc @@ -0,0 +1,9 @@ +#!/bin/sh -e +#execute firstboot.sh only once +if [ ! -e /root/firstboot_done ]; then + if [ -e /root/firstboot.sh ]; then + /root/firstboot.sh + fi + touch /root/firstboot_done +fi +exit 0 diff --git a/modules/labs_bootstrapvz/files/install_sudo.sh b/modules/labs_bootstrapvz/files/install_sudo.sh new file mode 100644 index 0000000..138fe7d --- /dev/null +++ b/modules/labs_bootstrapvz/files/install_sudo.sh @@ -0,0 +1,4 @@ +#!/bin/bash + +export SUDO_FORCE_REMOVE=yes +apt-get --force-yes --assume-yes install sudo-ldap diff --git a/modules/labs_bootstrapvz/files/labs-jessie.manifest.yaml b/modules/labs_bootstrapvz/files/labs-jessie.manifest.yaml new file mode 100644 index 0000000..b85e101 --- /dev/null +++ b/modules/labs_bootstrapvz/files/labs-jessie.manifest.yaml @@ -0,0 +1,188 @@ +--- +provider: + name: kvm +bootstrapper: + workspace: /target +image: + name: debian-{system.release}-{system.architecture}-{%y}{%m}{%d} + description: Debian {system.release} {system.architecture} +system: + release: jessie + architecture: amd64 + bootloader: grub + charmap: UTF-8 + locale: en_US + timezone: UTC +volume: + backing: raw + partitions: + type: msdos + boot: + filesystem: ext2 + size: 512MiB + root: + filesystem: ext4 + size: 6GiB + swap: + size: 128MiB +packages: + install_standard: true + install: + - coreutils + - snmp + - wipe + - tzdata + - zsh-beta + - jfsutils + - xfsprogs + - screen + - gdb + - iperf + - htop + - vim + - sysstat + - ngrep + - acct + - git-core + - lldpd + - emacs + - nslcd + - nslcd-utils + - libpam-ldapd + - ldap-utils + - libnss-ldapd + - nss-updatedb + - libnss-db + - nscd + - libpam-ldapd + - python-ldap + - python-pycurl + - openssl + - ca-certificates + - ssl-cert + - rsyslog + - exim4-config + - exim4-daemon-light + - cloud-init + - cloud-utils + - euca2ools + - openssh-server + - curl + - nfs-client +plugins: + root_password: + password: test + cloud_init: + username: admin + metadata_sources: ConfigDrive + puppet: + assets: /etc/bootstrap-vz/puppet + salt: + install_source: stable + image_copy: + files: + - + src: /etc/bootstrap-vz/firstscripts/firstboot.sh + dst: /root/firstboot.sh + permissions: 755 + owner: root + - + src: /etc/bootstrap-vz/firstscripts/firstbootrc + dst: /etc/rc.local + permissions: 755 + owner: root + - + src: /etc/bootstrap-vz/install_sudo.sh + dst: /root/install_sudo.sh + permissions: 755 + owner: root + - + src: /etc/bootstrap-vz/access.conf + dst: /etc/security/access.conf + - + src: /etc/ldap.conf + dst: /etc/ldap.conf + - + src: /etc/bootstrap-vz/nss_ldap.conf + dst: /etc/ldap/ldap.conf + - + src: /etc/nscd.conf + dst: /etc/nscd.conf + - + src: /etc/bootstrap-vz/nslcd.conf + dst: /etc/nslcd.conf + - + src: /etc/nsswitch.conf + dst: /etc/nsswitch.conf + - + src: /etc/pam.d/common-auth + dst: /etc/pam.d/common-auth + - + src: /etc/pam.d/sshd + dst: /etc/pam.d/sshd + - + src: /etc/pam.d/common-account + dst: /etc/pam.d/common-account + - + src: /etc/pam.d/common-password + dst: /etc/pam.d/common-password + - + src: /etc/pam.d/common-session + dst: /etc/pam.d/common-session + - + src: /etc/pam.d/common-session-noninteractive + dst: /etc/pam.d/common-session-noninteractive + - + src: /etc/exim4/exim4.conf + dst: /etc/exim4/exim4.conf + - + src: /etc/sudoers + dst: /etc/sudoers + - + src: /etc/sudoers.d/ops + dst: /etc/sudoers.d/ops + - + src: /etc/ssh/sshd_config + dst: /etc/ssh/sshd_config + - + src: /etc/ssh/sshd_banner + dst: /etc/ssh/sshd_banner + - + src: /etc/apt/trusted.gpg + dst: /etc/apt/trusted.gpg + - + src: /etc/apt/sources.list.d/wikimedia.list + dst: /etc/apt/sources.list.d/wikimedia.list + - + src: /etc/apt/preferences.d/wikimedia.pref + dst: /etc/apt/preferences.d/wikimedia.pref + - + src: /etc/apt/apt.conf.d/80old-releases-proxy + dst: /etc/apt/apt.conf.d/80old-releases-proxy + - + src: /etc/apt/apt.conf.d/80workaround-squid-issues + dst: /etc/apt/apt.conf.d/80workaround-squid-issues + - + src: /etc/apt/apt.conf.d/80security-ubuntu-proxy + dst: /etc/apt/apt.conf.d/80security-ubuntu-proxy + - + src: /etc/cron.d/puppet + dst: /etc/cron.d/puppet + image_commands: + commands: + - ['chroot', '{root}', 'passwd', '-ld', 'root'] + - ['chroot', '{root}', 'passwd', '-ld', 'debian'] + - ['chroot', '{root}', '/root/install_sudo.sh'] + - ['chroot', '{root}', 'rm', '/root/install_sudo.sh'] + - ['chroot', '{root}', 'rm', '/etc/ssh/ssh_host*key*'] + - ['chroot', '{root}', 'sed', '-i', '/^kernel/s/$/ console=ttyS0/', '/boot/grub/menu.lst'] + - ['chroot', '{root}', 'sed', '-i', '/console=hvc0/xencons=hvc0 console=hvc0/', '/boot/grub/menu.lst'] + - ['chroot', '{root}', 'rm', '-f', '/etc/sudo-ldap.conf'] + - ['chroot', '{root}', 'ln', '-s', '/etc/ldap/ldap.conf', '/etc/sudo-ldap.conf'] + - ['chroot', '{root}', 'rm', '-f', '/etc/resolv.conf'] + - ['chroot', '{root}', 'rm', '-f', '/etc/resolvconf/resolv.conf.d/original'] + + unattended_upgrades: + update_interval: 1 + download_interval: 1 + upgrade_interval: 1 diff --git a/modules/labs_bootstrapvz/manifests/init.pp b/modules/labs_bootstrapvz/manifests/init.pp new file mode 100644 index 0000000..dd3ef1b --- /dev/null +++ b/modules/labs_bootstrapvz/manifests/init.pp @@ -0,0 +1,89 @@ +class labs_bootstrapvz() { + package { 'bootstrap-vz': + ensure => present, + } + + $bootstrap_filepath = '/etc/bootstrap-vz/' + + file { $bootstrap_filepath: + ensure => directory + } + + file { "${bootstrap_filepath}/manifests": + ensure => directory, + require => File[$bootstrap_filepath], + } + + file { "${bootstrap_filepath}/firstscripts": + ensure => directory, + require => File[$bootstrap_filepath], + } + + file { "${bootstrap_filepath}/puppet": + ensure => directory, + require => File[$bootstrap_filepath], + } + + file { "${bootstrap_filepath}/manifests/labs-jessie.manifest.yaml": + mode => '0444', + source => 'puppet:///modules/labs_bootstrapvz/labs-jessie.manifest.yaml', + require => File["${bootstrap_filepath}/manifests"], + } + + file { "${bootstrap_filepath}/firstscripts/firstboot.sh": + mode => '0555', + source => 'puppet:///modules/labs_bootstrapvz/firstboot.sh', + require => File["${bootstrap_filepath}/firstscripts"], + } + + file { "${bootstrap_filepath}/firstscripts/firstbootrc": + mode => '0555', + source => 'puppet:///modules/labs_bootstrapvz/firstbootrc', + require => File["${bootstrap_filepath}/firstscripts"], + } + + file { "${bootstrap_filepath}/install_sudo.sh": + mode => '0555', + source => 'puppet:///modules/labs_bootstrapvz/install_sudo.sh', + require => [Package['bootstrap-vz'], + File["${bootstrap_filepath}"], + ], + } + + $projectregex = "s/${instanceproject}/_PROJECT_/g" + $fqdnregex = "s/${::ec2id}.${::domain}/_FQDN_/g" + $masterregex = "s/${servername}/_MASTER_/g" + + Exec { path => '/bin' } + + exec { "cp /etc/security/access.conf ${bootstrap_filepath}/access.conf": + } ~> + + exec { "sed -i '${projectregex}' ${bootstrap_filepath}/access.conf": + } + + exec { "cp /etc/nslcd.conf ${bootstrap_filepath}/nslcd.conf": + } ~> + + exec { "sed -i '${projectregex}' ${bootstrap_filepath}/nslcd.conf": + } + + exec { "cp /etc/ldap/ldap.conf ${bootstrap_filepath}/nss_ldap.conf": + } ~> + + exec { "sed -i '${projectregex}' ${bootstrap_filepath}/nss_ldap.conf": + } + + exec { "cp /etc/puppet/puppet.conf ${bootstrap_filepath}/puppet/puppet.conf": + require => File["${bootstrap_filepath}/puppet"], + } ~> + + exec { "sed -i '${projectregex}' ${bootstrap_filepath}/puppet/puppet.conf": + } ~> + + exec { "sed -i '${fqdnregex}' ${bootstrap_filepath}/puppet/puppet.conf": + } ~> + + exec { "sed -i '${masterregex}' ${bootstrap_filepath}/puppet/puppet.conf": + } +} -- To view, visit https://gerrit.wikimedia.org/r/179765 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I0b635305c0adb9d648fc30a393c22b1d4fc37116 Gerrit-PatchSet: 1 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Andrew Bogott <[email protected]> _______________________________________________ MediaWiki-commits mailing list [email protected] https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
