Andrew Bogott has submitted this change and it was merged. Change subject: nodepool: preliminary role and config file ......................................................................
nodepool: preliminary role and config file Bug: T89143 Change-Id: Icb2f9b9fe7dbef60f293870e223edfa849cf0951 --- A manifests/role/nodepool.pp M manifests/site.pp A modules/nodepool/manifests/init.pp A modules/nodepool/templates/nodepool.yaml.erb 4 files changed, 249 insertions(+), 0 deletions(-) Approvals: Andrew Bogott: Looks good to me, approved jenkins-bot: Verified diff --git a/manifests/role/nodepool.pp b/manifests/role/nodepool.pp new file mode 100644 index 0000000..962aaed --- /dev/null +++ b/manifests/role/nodepool.pp @@ -0,0 +1,25 @@ +# == Class role::nodepool +# +# See our and upstream documentations: +# https://wikitech.wikimedia.org/wiki/Nodepool +# http://docs.openstack.org/infra/nodepool/ +# +class role::nodepool { + + system::role { 'role::nodepool': description => 'CI Nodepool' } + + include role::nova::config + include passwords::nodepool + + class { '::nodepool': + jenkins_api_user => 'nodepoolmanager', + jenkins_api_key => $passwords::nodepool::jenkins_api_key, + jenkins_credentials_id => 'nodepool-dib-jenkins', + jenkins_ssh_private_key_source => 'puppet:///private/nodepool/dib_jenkins_id_rsa', + openstack_auth_uri => $novaconfig['auth_uri'], + openstack_username => 'nodepoolmanager', + openstack_password => $passwords::nodepool::manager_pass, + openstack_tenant_id => 'contintcloud', + } + +} diff --git a/manifests/site.pp b/manifests/site.pp index 5be9eaa..20da1cb 100644 --- a/manifests/site.pp +++ b/manifests/site.pp @@ -1248,6 +1248,7 @@ node 'labnodepool1001.eqiad.wmnet' { include standard + include role::nodepool } diff --git a/modules/nodepool/manifests/init.pp b/modules/nodepool/manifests/init.pp new file mode 100644 index 0000000..3856fc8 --- /dev/null +++ b/modules/nodepool/manifests/init.pp @@ -0,0 +1,114 @@ +# == Class nodepool +# +# Install Nodepool and craft a setting file matching Wikimedia usage. +# For further configuration see the YAML configuration file: +# modules/nodepool/templates/nodepool.yaml.erb +# +# Parameters: +# +# [*dib_base_path*] +# Directory holding python-diskimagebuilder material. Will create +# subdirectories 'cache', 'images' and 'tmp'. +# +# [*jenkins_api_user*] +# A Jenkins username that has the rights to attach/detach a slave on the +# Jenkins masters. +# +# [*jenkins_api_key*] +# API token (not password) for *jenkins_api_user* +# +# [*jenkins_credentials_id*] +# Reference to a SSH user/private key hold in the Jenkins credential stores. +# Used by Jenkins to ssh to instances. +# +# [*jenkins_ssh_private_key_source*] +# Puppet resource providing a private SSH key. Used by Jenkins and Nodepool to +# ssh to instances. +# +# [*jenkins_ssh_public_key*] +# Public SSH key for above private key. Used by Jenkins and Nodepool to ssh to +# instances. +# +# [*openstack_auth_uri*] +# URI to the OpenStack authentication service. +# +# [*openstack_username*] +# User for the OpenStack API, must be able to upload/delete images and +# spawn/terminate instances. +# +# [*openstack_password*] +# OpenStack password for *openstack_username*. +# +# [*openstack_tenant_id*] +# OpenStack tenant holding the instances. Equivalent of wmflabs 'project name'. +class nodepool( + $dib_base_path, + $jenkins_api_user, + $jenkins_api_key, + $jenkins_credentials_id, + $jenkins_ssh_private_key_source, + $jenkins_ssh_public_key, + $openstack_auth_uri, + $openstack_username, + $openstack_password, + $openstack_tenant_id, +) { + + package { 'nodepool': + ensure => present, + } + # python-diskimage-builder 0.1.46 missing dependency: + # https://bugs.debian.org/791655 + package { 'uuid-runtime': + ensure => present, + } + + $dib_cache_dir = "${dib_base_path}/cache" + $dib_images_dir = "${dib_base_path}/images" + $dib_tmp_dir = "${dib_base_path}/tmp" + + file { [ + $dib_cache_dir, + $dib_images_dir, + $dib_tmp_dir, + ]: + ensure => directory, + owner => 'nodepool', + group => 'nodepool', + mode => '0775', + require => Package['nodepool'], + } + + # OpenStack CLI + package { 'python-openstackclient': + ensure => present, + } + + file { '/var/lib/nodepool/.ssh': + ensure => directory, + owner => 'nodepool', + group => 'nodepool', + mode => '0700', + } + # Private SSH key + file { '/var/lib/nodepool/.ssh/dib_jenkins_id_rsa': + ensure => present, + source => $jenkins_ssh_private_key, + owner => 'nodepool', + group => 'nodepool', + mode => '0600', + } + # Matching public SSH key + file { '/var/lib/nodepool/.ssh/dib_jenkins_id_rsa.pub': + ensure => present, + content => $jenkins_ssh_public_key, + owner => 'nodepool', + group => 'nodepool', + mode => '0600', + } + + file { '/etc/nodepool/nodepool.yaml': + content => template('nodepool/nodepool.yaml.erb'), + require => Package['nodepool'], + } +} diff --git a/modules/nodepool/templates/nodepool.yaml.erb b/modules/nodepool/templates/nodepool.yaml.erb new file mode 100644 index 0000000..590e33c --- /dev/null +++ b/modules/nodepool/templates/nodepool.yaml.erb @@ -0,0 +1,109 @@ +# Nodepool database backend +dburi: 'mysql+pymysql://nodepool:nodepool@localhost/nodepool' + +# Directory providing additional diskimage-builder elements. +# http://docs.openstack.org/infra/nodepool/configuration.html#elements-dir +elements-dir: /etc/nodepool/elements + +# Directory where Nodepool / diskimage-builder stores created images. +# http://docs.openstack.org/infra/nodepool/configuration.html#images-dir +images-dir: '<%= $dib_images_dir -%>' + +# Utilities to prepare an image. Copied to the image while it is being created. +# http://docs.openstack.org/infra/nodepool/configuration.html#script-dir +script-dir: /etc/nodepool/scripts + +# Internal Nodepool recurring tasks +# http://docs.openstack.org/infra/nodepool/configuration.html#cron +cron: + # Deletes old images and servers + cleanup: '*/1 * * * *' + + # Logs into waiting nodes to ensure they are still operationals + check: '*/15 * * * *' + + # Creates new images, typically to refresh images build-in caches + image-update: '14 14 * * *' + +# Zuul / Gearman server +gearman-servers: + - host: gallium.wikimedia.org + port: 4730 + +# Jenkins masters emits jobs start/completion over zeromq +zmq-publishers: + - tcp://gallium.wikimedia.org:8888 + +# CI systems to attach instances to +targets: + - name: gallium.wikimedia.org + jenkins: + url: 'https://integration.wikimedia.org/ci/' + user: '<%= @jenkins_api_user -%>' + apikey: '<%= @jenkins_api_key -%>' + credentials-id: '<%= @jenkins_credentials_id -%>' + hostname: '{label.name}-{node_id}.<%= @openstack_tenant_id -%>.eqiad.wmflabs' + subnode-hostname: '{label.name}-{node_id}-{subnode_id}.<%= @openstack_tenant_id -%>.eqiad.wmflabs' + +# Jenkins labels +labels: + - name: ci-dib-jessie-wikimedia + image: ci-dib-jessie-wikimedia + #ready-script: ready.sh + min-ready: 1 + providers: + - name: wmflabs-eqiad + +providers: + - name: wmflabs-eqiad + service-type: 'compute' + service-name: 'nova' + project-id: '<%= @openstack_tenant_id -%>' + region-name: 'eqiad' + username: '<%= @openstack_username -%>' + password: '<%= @openstack_password -%>' + auth-url: '<%= @openstack_auth_uri -%>' + boot-timeout: 300 # seconds + max-servers: 5 + rate: 10.0 # seconds + # 'eqiad.wmflabs' is magically added by wmflabs + template-hostname: '{image.name}-{timestamp}' + images: + - name: ci-dib-jessie-wikimedia + diskimage: ci-dib-jessie-wikimedia + meta: + properties: + # Let Horizon/Wikitech display the image (T105015) + show: 'true' + min-ram: 0 + name-filter: 'm1.medium' + #setup: setup.sh + username: jenkins + private-key: /var/lib/nodepool/.ssh/dib_jenkins_id_rsa + +# See doc at http://docs.openstack.org/developer/diskimage-builder/ +diskimages: + - name: ci-dib-jessie-wikimedia + elements: + - debian + - debian-systemd + - cloud-init-datasources + - vm + - devuser + - wikimedia-networking + - nodepool-base + release: jessie + env-vars: + DIB_IMAGE_CACHE: '<% $dib_cache_dir -%>' + QEMU_IMG_OPTIONS: compat=0.10 + + # debian element + DIB_RELEASE: jessie + DIB_DISTRIBUTION_MIRROR: http://mirrors.wikimedia.org/debian/ + + # cloud-init-datasources + DIB_CLOUD_INIT_DATASOURCES: Ec2 + + # devuser element + DIB_DEV_USER_USERNAME: jenkins + DIB_DEV_USER_AUTHORIZED_KEYS: /var/lib/nodepool/.ssh/dib_jenkins_id_rsa.pub -- To view, visit https://gerrit.wikimedia.org/r/201728 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Icb2f9b9fe7dbef60f293870e223edfa849cf0951 Gerrit-PatchSet: 18 Gerrit-Project: operations/puppet Gerrit-Branch: production Gerrit-Owner: Hashar <has...@free.fr> Gerrit-Reviewer: Andrew Bogott <abog...@wikimedia.org> Gerrit-Reviewer: Chasemp <chas...@gmail.com> Gerrit-Reviewer: Dduvall <dduv...@wikimedia.org> Gerrit-Reviewer: Greg Grossmeier <g...@wikimedia.org> Gerrit-Reviewer: Hashar <has...@free.fr> Gerrit-Reviewer: JanZerebecki <jan.wikime...@zerebecki.de> Gerrit-Reviewer: Zfilipin <zfili...@wikimedia.org> Gerrit-Reviewer: jenkins-bot <> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits