Andrew Bogott has uploaded a new change for review.
https://gerrit.wikimedia.org/r/225332
Change subject: Set up a keypair for cold migration.
......................................................................
Set up a keypair for cold migration.
Bug: T106145
Change-Id: Iafd5161829c6098dd5a98608c678a77caefb2f03
---
M modules/openstack/files/icehouse/virtscripts/cold-migrate
M modules/openstack/manifests/adminscripts.pp
M modules/openstack/manifests/nova/compute.pp
3 files changed, 67 insertions(+), 19 deletions(-)
git pull ssh://gerrit.wikimedia.org:29418/operations/puppet
refs/changes/32/225332/1
diff --git a/modules/openstack/files/icehouse/virtscripts/cold-migrate
b/modules/openstack/files/icehouse/virtscripts/cold-migrate
index 1f64726..2043028 100755
--- a/modules/openstack/files/icehouse/virtscripts/cold-migrate
+++ b/modules/openstack/files/icehouse/virtscripts/cold-migrate
@@ -3,12 +3,8 @@
### THIS FILE IS MANAGED BY PUPPET
### puppet:///modules/openstack/icehouse/virtscripts/cold-migrate
#####################################################################
-ssh-add -l > /dev/null
-if [ "$?" != "0" ]
-then
- echo "You must have a forwarded agent to use this script"
- exit 1
-fi
+source ~/novaenv.sh
+
if [ "$#" -ne 2 ]; then
echo "Usage: $0 <instance-id> <destination-host>"
exit 1
@@ -115,3 +111,7 @@
echo "Rebooting the instance"
echo ""
nova start ${INSTANCE}
+echo " ---- note --- "
+echo "For safety, the instance files on the old host (${FROMHOST}) have not
been removed."
+echo "After verifying that the migration has completed safely, ssh to
${FROMHOST} and"
+echo " rm -rf /var/lib/nova/instances/${INSTANCE}"
diff --git a/modules/openstack/manifests/adminscripts.pp
b/modules/openstack/manifests/adminscripts.pp
index a350dec..8f43f10 100644
--- a/modules/openstack/manifests/adminscripts.pp
+++ b/modules/openstack/manifests/adminscripts.pp
@@ -17,21 +17,10 @@
# Script to cold-migrate instances between compute nodes
file { '/root/cold-migrate':
- ensure => present,
- source =>
"puppet:///modules/openstack/${openstack_version}/virtscripts/cold-migrate",
- mode => '0755',
- owner => 'root',
- group => 'root',
+ ensure => absent,
}
-
- # Script to migrate instance from one dc to another
- # (specifically, pmtpa to eqiad)
file { '/root/dc-migrate':
- ensure => present,
- source =>
"puppet:///modules/openstack/${openstack_version}/virtscripts/dc-migrate",
- mode => '0755',
- owner => 'root',
- group => 'root',
+ ensure => absent,
}
# Log analysis tool
diff --git a/modules/openstack/manifests/nova/compute.pp
b/modules/openstack/manifests/nova/compute.pp
index 073c259..0e8052e 100644
--- a/modules/openstack/manifests/nova/compute.pp
+++ b/modules/openstack/manifests/nova/compute.pp
@@ -175,4 +175,63 @@
description => 'nova-compute process',
nrpe_command => "/usr/lib/nagios/plugins/check_procs -c 1:
--ereg-argument-array '^/usr/bin/python /usr/bin/nova-compute'",
}
+
+ # Set up users and scripts to permit cold-migration between compute nodes.
+ # This requires a keypair for scp
+ user { 'novamigrate':
+ ensure => present,
+ name => 'novamigrate',
+ shell => '/bin/sh',
+ comment => 'nova user for cold-migration',
+ gid => 'nova',
+ managehome => true,
+ require => Package['nova-compute'],
+ system => true,
+ }
+ ssh::userkey { 'novamigrate':
+ content => secret('novamigrate/novamigrate.pub'),
+ require => user['novamigrate'],
+ ensure => present,
+ }
+ file { '/home/novamigrate/.ssh':
+ ensure => directory,
+ owner => 'novamigrate',
+ group => 'nova',
+ mode => '0700',
+ require => user['novamigrate'],
+ }
+ file { '/home/novamigrate/.ssh/id_rsa':
+ content => secret('novamigrate/novamigrate'),
+ owner => 'novamigrate',
+ group => 'nova',
+ mode => '0600',
+ require => File['/home/novamigrate/.ssh'],
+ }
+
+ # Script to cold-migrate instances between compute nodes
+ file { '/home/novamigrate/cold-migrate':
+ ensure => present,
+ source =>
"puppet:///modules/openstack/${openstack_version}/virtscripts/cold-migrate",
+ mode => '0755',
+ owner => 'novamigrate',
+ group => 'nova',
+ }
+
+ # Script to migrate instance from one dc to another
+ # (specifically, pmtpa to eqiad)
+ file { '/home/novamigrate/dc-migrate':
+ ensure => present,
+ source =>
"puppet:///modules/openstack/${openstack_version}/virtscripts/dc-migrate",
+ mode => '0755',
+ owner => 'novamigrate',
+ group => 'nova',
+ }
+
+ # Handy script to set up environment for commandline nova magic
+ file { '/home/novamigrate/novaenv.sh':
+ content => template('openstack/novaenv.sh.erb'),
+ mode => '0755',
+ owner => 'novamigrate',
+ group => 'nova',
+ }
}
--
To view, visit https://gerrit.wikimedia.org/r/225332
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: newchange
Gerrit-Change-Id: Iafd5161829c6098dd5a98608c678a77caefb2f03
Gerrit-PatchSet: 1
Gerrit-Project: operations/puppet
Gerrit-Branch: production
Gerrit-Owner: Andrew Bogott <[email protected]>
_______________________________________________
MediaWiki-commits mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
