import
This commit is contained in:
commit
7515782eb5
24
README
Normal file
24
README
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
|
||||||
|
Initial setup:
|
||||||
|
|
||||||
|
git clone git://github.com/leifj/multiverse.git myproj-cosmos
|
||||||
|
cd myproj-cosmos
|
||||||
|
|
||||||
|
- rename the github upstream
|
||||||
|
|
||||||
|
git remote rename origin github
|
||||||
|
|
||||||
|
- add a new upstream & ro branch
|
||||||
|
|
||||||
|
git remote add origin git@//yourhost/myproj-cosmos.git
|
||||||
|
git remote add ro git://yourhost/myproj-cosmos.git
|
||||||
|
|
||||||
|
- add stuff...
|
||||||
|
|
||||||
|
make bump
|
||||||
|
|
||||||
|
To add a new host:
|
||||||
|
|
||||||
|
- Make sure you have root access using an SSH key
|
||||||
|
- ./addhost <fqdn>
|
||||||
|
|
45
addhost
Executable file
45
addhost
Executable file
|
@ -0,0 +1,45 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
cmd_hostname=""
|
||||||
|
cmd_do_bootstrap="no"
|
||||||
|
|
||||||
|
set -- $(getopt b?h? "$@")
|
||||||
|
|
||||||
|
while [ $# -gt 0 ]; do
|
||||||
|
case "$1" in
|
||||||
|
(-h) echo "Usage: $0 [-h] [-b] [--] [<host>]"; exit 0;;
|
||||||
|
(-b) cmd_do_bootstrap="yes" ;;
|
||||||
|
(--) shift; break;;
|
||||||
|
(-*) echo "Unknown option $1\nUsage: $0 [-b] [-h] [--] <host>"; exit 1;;
|
||||||
|
(*) break;;
|
||||||
|
esac
|
||||||
|
shift
|
||||||
|
done
|
||||||
|
|
||||||
|
if [ ! -z "$1" -a -z "$cmd_hostname" ]; then
|
||||||
|
cmd_hostname="$1"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if test -z "$cmd_hostname"; then
|
||||||
|
echo "Usage: $0 [-h] [-b] [--] <host>"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
test -f cosmos.conf && . ./cosmos.conf
|
||||||
|
|
||||||
|
defrepo=`git remote -v | grep ${remote:="ro"} | grep fetch | awk '{print $2}'`
|
||||||
|
rrepo=${repo:="$defrepo"}
|
||||||
|
|
||||||
|
if [ ! -d $cmd_hostname ]; then
|
||||||
|
cp -pr default $cmd_hostname
|
||||||
|
git add $cmd_hostname
|
||||||
|
git commit -m "$cmd_hostname added" $cmd_hostname
|
||||||
|
./bump-tag
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ "$cmd_do_bootstrap" = "yes" ]; then
|
||||||
|
scp apt/cosmos_1.2-2_all.deb apt/bootstrap-cosmos.sh root@$cmd_hostname:
|
||||||
|
ssh root@$cmd_hostname ./bootstrap-cosmos.sh $cmd_hostname $rrepo
|
||||||
|
ssh root@$cmd_hostname cosmos update
|
||||||
|
ssh root@$cmd_hostname cosmos apply
|
||||||
|
fi
|
35
apt/bootstrap-cosmos.sh
Executable file
35
apt/bootstrap-cosmos.sh
Executable file
|
@ -0,0 +1,35 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
cmd_hostname="$1"
|
||||||
|
if test -z "$cmd_hostname"; then
|
||||||
|
echo "Usage: $0 HOSTNAME REPO"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
|
||||||
|
cmd_repo="$2"
|
||||||
|
if test -z "$cmd_repo"; then
|
||||||
|
echo "Usage $0 HOSTNAME REPO"
|
||||||
|
exit 2
|
||||||
|
fi
|
||||||
|
|
||||||
|
set -x
|
||||||
|
|
||||||
|
apt-get -y install rsync git-core
|
||||||
|
dpkg -i cosmos_1.2-2_all.deb
|
||||||
|
|
||||||
|
if ! test -d /var/cache/cosmos/repo; then
|
||||||
|
cosmos clone "$cmd_repo"
|
||||||
|
fi
|
||||||
|
|
||||||
|
hostname $cmd_hostname
|
||||||
|
|
||||||
|
perl -pi -e "s,#COSMOS_REPO_MODELS=.*,COSMOS_REPO_MODELS=\"\\\$COSMOS_REPO/global/:\\\$COSMOS_REPO/$cmd_hostname/\"," /etc/cosmos/cosmos.conf
|
||||||
|
perl -pi -e 's,#COSMOS_UPDATE_VERIFY_GIT_TAG_PATTERN=.*,COSMOS_UPDATE_VERIFY_GIT_TAG_PATTERN="eduid-cosmos*",' /etc/cosmos/cosmos.conf
|
||||||
|
|
||||||
|
COSMOS_BASE=/var/cache/cosmos /var/cache/cosmos/repo/global/pre-tasks.d/010cosmos-trust
|
||||||
|
|
||||||
|
(date; nohup cosmos -v update && nohup cosmos -v apply; date) > /var/log/cosmos.log 2>&1
|
||||||
|
|
||||||
|
exit 0
|
BIN
apt/cosmos_1.2-2_all.deb
Normal file
BIN
apt/cosmos_1.2-2_all.deb
Normal file
Binary file not shown.
1
cosmos-rules.yaml
Symbolic link
1
cosmos-rules.yaml
Symbolic link
|
@ -0,0 +1 @@
|
||||||
|
global/overlay/etc/puppet/cosmos-rules.yaml
|
2
cosmos.conf
Normal file
2
cosmos.conf
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
tag="eduid-cosmos"
|
||||||
|
#repo=git://override-repo-URL
|
1
default/README
Symbolic link
1
default/README
Symbolic link
|
@ -0,0 +1 @@
|
||||||
|
../README
|
53
fabfile/__init__.py
Normal file
53
fabfile/__init__.py
Normal file
|
@ -0,0 +1,53 @@
|
||||||
|
from fabric.api import run,env
|
||||||
|
from fabric.operations import get
|
||||||
|
import os
|
||||||
|
import yaml
|
||||||
|
import re
|
||||||
|
|
||||||
|
def _all_hosts():
|
||||||
|
return filter(lambda fn: '.' in fn and not fn.startswith('.') and os.path.isdir(fn),os.listdir("."))
|
||||||
|
|
||||||
|
def _roledefs():
|
||||||
|
rules = dict()
|
||||||
|
|
||||||
|
rules_file = "cosmos-rules.yaml";
|
||||||
|
if os.path.exists(rules_file):
|
||||||
|
with open(rules_file) as fd:
|
||||||
|
rules.update(yaml.load(fd))
|
||||||
|
|
||||||
|
roles = dict()
|
||||||
|
for node_name in _all_hosts():
|
||||||
|
for reg,cls in rules.iteritems():
|
||||||
|
if re.search(reg,node_name):
|
||||||
|
for cls_name in cls.keys():
|
||||||
|
h = roles.get(cls_name,[])
|
||||||
|
h.append(node_name)
|
||||||
|
roles[cls_name] = h
|
||||||
|
return roles
|
||||||
|
|
||||||
|
env.user = 'root'
|
||||||
|
env.timeout = 30
|
||||||
|
env.connection_attempts = 3
|
||||||
|
env.warn_only = True
|
||||||
|
env.skip_bad_hosts = True
|
||||||
|
env.roledefs = _roledefs()
|
||||||
|
|
||||||
|
print repr(env.roledefs)
|
||||||
|
|
||||||
|
def all():
|
||||||
|
env.hosts = _all_hosts()
|
||||||
|
|
||||||
|
def cosmos():
|
||||||
|
run("cosmos update && cosmos apply");
|
||||||
|
|
||||||
|
def upgrade():
|
||||||
|
run("apt-get -qq update && apt-get -y -q dist-upgrade");
|
||||||
|
|
||||||
|
def facts():
|
||||||
|
get("/var/run/facts.yaml",local_path="facts/%(host)s.yaml")
|
||||||
|
|
||||||
|
def chassis():
|
||||||
|
run("ipmi-chassis --get-chassis-status")
|
||||||
|
|
||||||
|
def newvm(fqdn,ip,domain):
|
||||||
|
run("vmbuilder kvm ubuntu --domain %s --dest /var/lib/libvirt/images/%s.img --arch x86_64 --hostname %s --mem 512 --ip %s --addpkg openssh-server" % (domain,fqdn,fqdn,ip))
|
BIN
fabfile/__init__.pyc
Normal file
BIN
fabfile/__init__.pyc
Normal file
Binary file not shown.
0
global/overlay/etc/cosmos/keys/.placeholder
Normal file
0
global/overlay/etc/cosmos/keys/.placeholder
Normal file
4
global/overlay/etc/cron.d/cosmos
Normal file
4
global/overlay/etc/cron.d/cosmos
Normal file
|
@ -0,0 +1,4 @@
|
||||||
|
SHELL=/bin/sh
|
||||||
|
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
||||||
|
|
||||||
|
*/15 * * * * root test -f /etc/no-automatic-cosmos || (cosmos update && cosmos apply)
|
11
global/overlay/etc/puppet/cosmos-modules.conf
Normal file
11
global/overlay/etc/puppet/cosmos-modules.conf
Normal file
|
@ -0,0 +1,11 @@
|
||||||
|
#
|
||||||
|
# name source (puppetlabs fq name or git url) upgrade (yes/no)
|
||||||
|
#
|
||||||
|
concat puppetlabs/concat no
|
||||||
|
stdlib puppetlabs/stdlib no
|
||||||
|
ufw attachmentgenie/ufw no
|
||||||
|
apt puppetlabs/apt no
|
||||||
|
vcsrepo puppetlabs/vcsrepo no
|
||||||
|
xinetd puppetlabs/xinetd no
|
||||||
|
#golang elithrar/golang yes
|
||||||
|
#python git://github.com/stankevich/puppet-python.git yes
|
2
global/overlay/etc/puppet/cosmos-rules.yaml
Normal file
2
global/overlay/etc/puppet/cosmos-rules.yaml
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
'ns[0-9]?.mnt.se$':
|
||||||
|
nameserver:
|
24
global/overlay/etc/puppet/cosmos_enc.py
Executable file
24
global/overlay/etc/puppet/cosmos_enc.py
Executable file
|
@ -0,0 +1,24 @@
|
||||||
|
#!/usr/bin/env python
|
||||||
|
|
||||||
|
import sys
|
||||||
|
import yaml
|
||||||
|
import os
|
||||||
|
import re
|
||||||
|
|
||||||
|
rules_path = os.environ.get("COSMOS_RULES_PATH","/etc/puppet")
|
||||||
|
|
||||||
|
node_name = sys.argv[1]
|
||||||
|
|
||||||
|
rules = dict()
|
||||||
|
for p in rules_path.split(":"):
|
||||||
|
rules_file = os.path.join(p,"cosmos-rules.yaml")
|
||||||
|
if os.path.exists(rules_file):
|
||||||
|
with open(rules_file) as fd:
|
||||||
|
rules.update(yaml.load(fd))
|
||||||
|
|
||||||
|
classes = dict()
|
||||||
|
for reg,cls in rules.iteritems():
|
||||||
|
if re.search(reg,node_name):
|
||||||
|
classes.update(cls)
|
||||||
|
|
||||||
|
print yaml.dump(dict(classes=classes))
|
0
global/overlay/etc/puppet/hiera.yaml
Normal file
0
global/overlay/etc/puppet/hiera.yaml
Normal file
52
global/overlay/etc/puppet/manifests/cosmos-site.pp
Normal file
52
global/overlay/etc/puppet/manifests/cosmos-site.pp
Normal file
|
@ -0,0 +1,52 @@
|
||||||
|
# This manifest is managed using cosmos
|
||||||
|
|
||||||
|
Exec {
|
||||||
|
path => "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
|
||||||
|
}
|
||||||
|
|
||||||
|
# include some of this stuff for additional features
|
||||||
|
|
||||||
|
#include cosmos::tools
|
||||||
|
#include cosmos::motd
|
||||||
|
#include cosmos::ntp
|
||||||
|
#include cosmos::rngtools
|
||||||
|
#include cosmos::preseed
|
||||||
|
include ufw
|
||||||
|
include apt
|
||||||
|
include cosmos
|
||||||
|
|
||||||
|
# you need a default node
|
||||||
|
|
||||||
|
node default {
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
# edit and uncomment to manage ssh root keys in a simple way
|
||||||
|
|
||||||
|
#class { 'cosmos::access':
|
||||||
|
# keys => [
|
||||||
|
# "ssh-rsa ..."
|
||||||
|
# ]
|
||||||
|
#}
|
||||||
|
|
||||||
|
# example config for the nameserver class which is matched in cosmos-rules.yaml
|
||||||
|
|
||||||
|
#class nameserver {
|
||||||
|
# package {'bind9':
|
||||||
|
# ensure => latest
|
||||||
|
# }
|
||||||
|
# service {'bind9':
|
||||||
|
# ensure => running
|
||||||
|
# }
|
||||||
|
# ufw::allow { "allow-dns-udp":
|
||||||
|
# ip => 'any',
|
||||||
|
# port => 53,
|
||||||
|
# proto => "udp"
|
||||||
|
# }
|
||||||
|
# ufw::allow { "allow-dns-tcp":
|
||||||
|
# ip => 'any',
|
||||||
|
# port => 53,
|
||||||
|
# proto => "tcp"
|
||||||
|
# }
|
||||||
|
#}
|
||||||
|
|
14
global/overlay/etc/puppet/puppet.conf
Normal file
14
global/overlay/etc/puppet/puppet.conf
Normal file
|
@ -0,0 +1,14 @@
|
||||||
|
[main]
|
||||||
|
logdir=/var/log/puppet
|
||||||
|
vardir=/var/lib/puppet
|
||||||
|
ssldir=/var/lib/puppet/ssl
|
||||||
|
rundir=/var/run/puppet
|
||||||
|
factpath=$vardir/lib/facter
|
||||||
|
templatedir=$confdir/templates
|
||||||
|
node_terminus = exec
|
||||||
|
external_nodes = /etc/puppet/cosmos_enc.py
|
||||||
|
|
||||||
|
[master]
|
||||||
|
# These are needed when the puppetmaster is run by passenger
|
||||||
|
# and can safely be removed if webrick is used.
|
||||||
|
ssl_client_header = SSL_CLIENT_S_DN
|
23
global/post-tasks.d/010fix-ssh-perms
Executable file
23
global/post-tasks.d/010fix-ssh-perms
Executable file
|
@ -0,0 +1,23 @@
|
||||||
|
#!/bin/sh
|
||||||
|
#
|
||||||
|
# Re-used example from SJD
|
||||||
|
#
|
||||||
|
|
||||||
|
if test -d /root/.ssh && \
|
||||||
|
test `stat -t /root/.ssh | cut -d\ -f5` != 0; then
|
||||||
|
chown root.root /root/.ssh
|
||||||
|
fi
|
||||||
|
|
||||||
|
if test -d /root/.ssh && \
|
||||||
|
test `stat -c %a /root/.ssh` != 700; then
|
||||||
|
chmod 700 /root/.ssh
|
||||||
|
fi
|
||||||
|
|
||||||
|
if test -f /root/.ssh/authorized_keys; then
|
||||||
|
if test `stat -t /root/.ssh/authorized_keys | cut -d\ -f5` != 0; then
|
||||||
|
chown root.root /root/.ssh/authorized_keys
|
||||||
|
fi
|
||||||
|
if test `stat --printf=%a /root/.ssh/authorized_keys` != 600; then
|
||||||
|
chmod 600 /root/.ssh/authorized_keys
|
||||||
|
fi
|
||||||
|
fi
|
16
global/post-tasks.d/015cosmos-trust
Executable file
16
global/post-tasks.d/015cosmos-trust
Executable file
|
@ -0,0 +1,16 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
for k in /etc/cosmos/keys/*.pub; do
|
||||||
|
fp=`cosmos gpg --with-colons --with-fingerprint < $k| awk -F: '$1 == "pub" {print $5}'`
|
||||||
|
cosmos gpg --with-colons --fingerprint | grep -q ":$fp:" || cosmos gpg --import < $k
|
||||||
|
done
|
||||||
|
|
||||||
|
for fp in `cosmos gpg --with-colons --fingerprint | awk -F: '$1 == "pub" {print $5}'`; do
|
||||||
|
seen="no"
|
||||||
|
for k in /etc/cosmos/keys/*.pub; do
|
||||||
|
cosmos gpg --with-colons --with-fingerprint < $k | grep -q ":$fp:" && seen="yes"
|
||||||
|
done
|
||||||
|
if [ "x$seen" = "xno" ]; then
|
||||||
|
cosmos gpg --yes --batch --delete-key $fp || true
|
||||||
|
fi
|
||||||
|
done
|
4
global/post-tasks.d/020reports
Executable file
4
global/post-tasks.d/020reports
Executable file
|
@ -0,0 +1,4 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
rm -f /var/run/facts.json
|
||||||
|
facter -p -y > /var/run/facts.yaml
|
13
global/post-tasks.d/030puppet
Executable file
13
global/post-tasks.d/030puppet
Executable file
|
@ -0,0 +1,13 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
if [ "x$COSMOS_VERBOSE" = "xy" ]; then
|
||||||
|
args="--verbose"
|
||||||
|
else
|
||||||
|
args="--logdest=syslog"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -f /usr/bin/puppet -a -d /etc/puppet/manifests ]; then
|
||||||
|
for m in `find /etc/puppet/manifests -name \*.pp`; do
|
||||||
|
puppet apply $args $m
|
||||||
|
done
|
||||||
|
fi
|
4
global/post-tasks.d/099autoremove
Executable file
4
global/post-tasks.d/099autoremove
Executable file
|
@ -0,0 +1,4 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
apt-get -qq update
|
||||||
|
apt-get -qq -y autoremove
|
3
global/post-tasks.d/999reboot
Executable file
3
global/post-tasks.d/999reboot
Executable file
|
@ -0,0 +1,3 @@
|
||||||
|
#!/bin/sh
|
||||||
|
|
||||||
|
test -f /var/run/reboot-required -a ! -f /etc/cosmos-manual-reboot && reboot
|
16
global/pre-tasks.d/020common-tools
Executable file
16
global/pre-tasks.d/020common-tools
Executable file
|
@ -0,0 +1,16 @@
|
||||||
|
#!/bin/sh
|
||||||
|
#
|
||||||
|
# Re-used example from SJD
|
||||||
|
#
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
stamp="$COSMOS_BASE/stamps/common-tools-v01.stamp"
|
||||||
|
|
||||||
|
if ! test -f $stamp; then
|
||||||
|
apt-get -y install vim traceroute tcpdump molly-guard less rsync git-core unattended-upgrades ntp
|
||||||
|
update-alternatives --set editor /usr/bin/vim.basic
|
||||||
|
|
||||||
|
mkdir -p `dirname $stamp`
|
||||||
|
touch $stamp
|
||||||
|
fi
|
35
global/pre-tasks.d/030puppet
Executable file
35
global/pre-tasks.d/030puppet
Executable file
|
@ -0,0 +1,35 @@
|
||||||
|
#!/bin/sh
|
||||||
|
#
|
||||||
|
# Re-used example from SJD
|
||||||
|
#
|
||||||
|
|
||||||
|
set -e
|
||||||
|
|
||||||
|
stamp="$COSMOS_BASE/stamps/puppet-tools-v01.stamp"
|
||||||
|
|
||||||
|
if ! test -f $stamp -a -f /usr/bin/puppet; then
|
||||||
|
codename=`lsb_release -c| awk '{print $2}'`
|
||||||
|
wget -c http://apt.puppetlabs.com/puppetlabs-release-${codename}.deb
|
||||||
|
dpkg -i puppetlabs-release-${codename}.deb
|
||||||
|
rm -f puppetlabs-release-${codename}.deb*
|
||||||
|
apt-get update
|
||||||
|
apt-get -y install puppet-common
|
||||||
|
|
||||||
|
mkdir -p `dirname $stamp`
|
||||||
|
touch $stamp
|
||||||
|
fi
|
||||||
|
|
||||||
|
python -c "import yaml" 2>/dev/null || apt-get -y install python-yaml
|
||||||
|
|
||||||
|
if [ -f /etc/puppet/cosmos-modules.conf ]; then
|
||||||
|
grep -E -v "^#" /etc/puppet/cosmos-modules.conf | (
|
||||||
|
cd /etc/puppet/modules && while read module src update; do
|
||||||
|
if [ ! -d /etc/puppet/modules/$module ]; then
|
||||||
|
echo $src | grep -q "://" && git clone $src $module || puppet module install $src
|
||||||
|
else
|
||||||
|
if [ "x$update" = "xyes" ]; then
|
||||||
|
echo $src | grep -q "://" && (cd /etc/puppet/modules/$module && git pull -q) || puppet module upgrade $src
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
done)
|
||||||
|
fi
|
Loading…
Reference in a new issue