import
This commit is contained in:
commit
7515782eb5
24
README
Normal file
24
README
Normal file
|
@ -0,0 +1,24 @@
|
|||
|
||||
Initial setup:
|
||||
|
||||
git clone git://github.com/leifj/multiverse.git myproj-cosmos
|
||||
cd myproj-cosmos
|
||||
|
||||
- rename the github upstream
|
||||
|
||||
git remote rename origin github
|
||||
|
||||
- add a new upstream & ro branch
|
||||
|
||||
git remote add origin git@//yourhost/myproj-cosmos.git
|
||||
git remote add ro git://yourhost/myproj-cosmos.git
|
||||
|
||||
- add stuff...
|
||||
|
||||
make bump
|
||||
|
||||
To add a new host:
|
||||
|
||||
- Make sure you have root access using an SSH key
|
||||
- ./addhost <fqdn>
|
||||
|
45
addhost
Executable file
45
addhost
Executable file
|
@ -0,0 +1,45 @@
|
|||
#!/bin/sh
|
||||
|
||||
cmd_hostname=""
|
||||
cmd_do_bootstrap="no"
|
||||
|
||||
set -- $(getopt b?h? "$@")
|
||||
|
||||
while [ $# -gt 0 ]; do
|
||||
case "$1" in
|
||||
(-h) echo "Usage: $0 [-h] [-b] [--] [<host>]"; exit 0;;
|
||||
(-b) cmd_do_bootstrap="yes" ;;
|
||||
(--) shift; break;;
|
||||
(-*) echo "Unknown option $1\nUsage: $0 [-b] [-h] [--] <host>"; exit 1;;
|
||||
(*) break;;
|
||||
esac
|
||||
shift
|
||||
done
|
||||
|
||||
if [ ! -z "$1" -a -z "$cmd_hostname" ]; then
|
||||
cmd_hostname="$1"
|
||||
fi
|
||||
|
||||
if test -z "$cmd_hostname"; then
|
||||
echo "Usage: $0 [-h] [-b] [--] <host>"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
test -f cosmos.conf && . ./cosmos.conf
|
||||
|
||||
defrepo=`git remote -v | grep ${remote:="ro"} | grep fetch | awk '{print $2}'`
|
||||
rrepo=${repo:="$defrepo"}
|
||||
|
||||
if [ ! -d $cmd_hostname ]; then
|
||||
cp -pr default $cmd_hostname
|
||||
git add $cmd_hostname
|
||||
git commit -m "$cmd_hostname added" $cmd_hostname
|
||||
./bump-tag
|
||||
fi
|
||||
|
||||
if [ "$cmd_do_bootstrap" = "yes" ]; then
|
||||
scp apt/cosmos_1.2-2_all.deb apt/bootstrap-cosmos.sh root@$cmd_hostname:
|
||||
ssh root@$cmd_hostname ./bootstrap-cosmos.sh $cmd_hostname $rrepo
|
||||
ssh root@$cmd_hostname cosmos update
|
||||
ssh root@$cmd_hostname cosmos apply
|
||||
fi
|
35
apt/bootstrap-cosmos.sh
Executable file
35
apt/bootstrap-cosmos.sh
Executable file
|
@ -0,0 +1,35 @@
|
|||
#!/bin/sh
|
||||
|
||||
set -e
|
||||
|
||||
cmd_hostname="$1"
|
||||
if test -z "$cmd_hostname"; then
|
||||
echo "Usage: $0 HOSTNAME REPO"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
cmd_repo="$2"
|
||||
if test -z "$cmd_repo"; then
|
||||
echo "Usage $0 HOSTNAME REPO"
|
||||
exit 2
|
||||
fi
|
||||
|
||||
set -x
|
||||
|
||||
apt-get -y install rsync git-core
|
||||
dpkg -i cosmos_1.2-2_all.deb
|
||||
|
||||
if ! test -d /var/cache/cosmos/repo; then
|
||||
cosmos clone "$cmd_repo"
|
||||
fi
|
||||
|
||||
hostname $cmd_hostname
|
||||
|
||||
perl -pi -e "s,#COSMOS_REPO_MODELS=.*,COSMOS_REPO_MODELS=\"\\\$COSMOS_REPO/global/:\\\$COSMOS_REPO/$cmd_hostname/\"," /etc/cosmos/cosmos.conf
|
||||
perl -pi -e 's,#COSMOS_UPDATE_VERIFY_GIT_TAG_PATTERN=.*,COSMOS_UPDATE_VERIFY_GIT_TAG_PATTERN="eduid-cosmos*",' /etc/cosmos/cosmos.conf
|
||||
|
||||
COSMOS_BASE=/var/cache/cosmos /var/cache/cosmos/repo/global/pre-tasks.d/010cosmos-trust
|
||||
|
||||
(date; nohup cosmos -v update && nohup cosmos -v apply; date) > /var/log/cosmos.log 2>&1
|
||||
|
||||
exit 0
|
BIN
apt/cosmos_1.2-2_all.deb
Normal file
BIN
apt/cosmos_1.2-2_all.deb
Normal file
Binary file not shown.
1
cosmos-rules.yaml
Symbolic link
1
cosmos-rules.yaml
Symbolic link
|
@ -0,0 +1 @@
|
|||
global/overlay/etc/puppet/cosmos-rules.yaml
|
2
cosmos.conf
Normal file
2
cosmos.conf
Normal file
|
@ -0,0 +1,2 @@
|
|||
tag="eduid-cosmos"
|
||||
#repo=git://override-repo-URL
|
1
default/README
Symbolic link
1
default/README
Symbolic link
|
@ -0,0 +1 @@
|
|||
../README
|
53
fabfile/__init__.py
Normal file
53
fabfile/__init__.py
Normal file
|
@ -0,0 +1,53 @@
|
|||
from fabric.api import run,env
|
||||
from fabric.operations import get
|
||||
import os
|
||||
import yaml
|
||||
import re
|
||||
|
||||
def _all_hosts():
|
||||
return filter(lambda fn: '.' in fn and not fn.startswith('.') and os.path.isdir(fn),os.listdir("."))
|
||||
|
||||
def _roledefs():
|
||||
rules = dict()
|
||||
|
||||
rules_file = "cosmos-rules.yaml";
|
||||
if os.path.exists(rules_file):
|
||||
with open(rules_file) as fd:
|
||||
rules.update(yaml.load(fd))
|
||||
|
||||
roles = dict()
|
||||
for node_name in _all_hosts():
|
||||
for reg,cls in rules.iteritems():
|
||||
if re.search(reg,node_name):
|
||||
for cls_name in cls.keys():
|
||||
h = roles.get(cls_name,[])
|
||||
h.append(node_name)
|
||||
roles[cls_name] = h
|
||||
return roles
|
||||
|
||||
env.user = 'root'
|
||||
env.timeout = 30
|
||||
env.connection_attempts = 3
|
||||
env.warn_only = True
|
||||
env.skip_bad_hosts = True
|
||||
env.roledefs = _roledefs()
|
||||
|
||||
print repr(env.roledefs)
|
||||
|
||||
def all():
|
||||
env.hosts = _all_hosts()
|
||||
|
||||
def cosmos():
|
||||
run("cosmos update && cosmos apply");
|
||||
|
||||
def upgrade():
|
||||
run("apt-get -qq update && apt-get -y -q dist-upgrade");
|
||||
|
||||
def facts():
|
||||
get("/var/run/facts.yaml",local_path="facts/%(host)s.yaml")
|
||||
|
||||
def chassis():
|
||||
run("ipmi-chassis --get-chassis-status")
|
||||
|
||||
def newvm(fqdn,ip,domain):
|
||||
run("vmbuilder kvm ubuntu --domain %s --dest /var/lib/libvirt/images/%s.img --arch x86_64 --hostname %s --mem 512 --ip %s --addpkg openssh-server" % (domain,fqdn,fqdn,ip))
|
BIN
fabfile/__init__.pyc
Normal file
BIN
fabfile/__init__.pyc
Normal file
Binary file not shown.
0
global/overlay/etc/cosmos/keys/.placeholder
Normal file
0
global/overlay/etc/cosmos/keys/.placeholder
Normal file
4
global/overlay/etc/cron.d/cosmos
Normal file
4
global/overlay/etc/cron.d/cosmos
Normal file
|
@ -0,0 +1,4 @@
|
|||
SHELL=/bin/sh
|
||||
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
|
||||
|
||||
*/15 * * * * root test -f /etc/no-automatic-cosmos || (cosmos update && cosmos apply)
|
11
global/overlay/etc/puppet/cosmos-modules.conf
Normal file
11
global/overlay/etc/puppet/cosmos-modules.conf
Normal file
|
@ -0,0 +1,11 @@
|
|||
#
|
||||
# name source (puppetlabs fq name or git url) upgrade (yes/no)
|
||||
#
|
||||
concat puppetlabs/concat no
|
||||
stdlib puppetlabs/stdlib no
|
||||
ufw attachmentgenie/ufw no
|
||||
apt puppetlabs/apt no
|
||||
vcsrepo puppetlabs/vcsrepo no
|
||||
xinetd puppetlabs/xinetd no
|
||||
#golang elithrar/golang yes
|
||||
#python git://github.com/stankevich/puppet-python.git yes
|
2
global/overlay/etc/puppet/cosmos-rules.yaml
Normal file
2
global/overlay/etc/puppet/cosmos-rules.yaml
Normal file
|
@ -0,0 +1,2 @@
|
|||
'ns[0-9]?.mnt.se$':
|
||||
nameserver:
|
24
global/overlay/etc/puppet/cosmos_enc.py
Executable file
24
global/overlay/etc/puppet/cosmos_enc.py
Executable file
|
@ -0,0 +1,24 @@
|
|||
#!/usr/bin/env python
|
||||
|
||||
import sys
|
||||
import yaml
|
||||
import os
|
||||
import re
|
||||
|
||||
rules_path = os.environ.get("COSMOS_RULES_PATH","/etc/puppet")
|
||||
|
||||
node_name = sys.argv[1]
|
||||
|
||||
rules = dict()
|
||||
for p in rules_path.split(":"):
|
||||
rules_file = os.path.join(p,"cosmos-rules.yaml")
|
||||
if os.path.exists(rules_file):
|
||||
with open(rules_file) as fd:
|
||||
rules.update(yaml.load(fd))
|
||||
|
||||
classes = dict()
|
||||
for reg,cls in rules.iteritems():
|
||||
if re.search(reg,node_name):
|
||||
classes.update(cls)
|
||||
|
||||
print yaml.dump(dict(classes=classes))
|
0
global/overlay/etc/puppet/hiera.yaml
Normal file
0
global/overlay/etc/puppet/hiera.yaml
Normal file
52
global/overlay/etc/puppet/manifests/cosmos-site.pp
Normal file
52
global/overlay/etc/puppet/manifests/cosmos-site.pp
Normal file
|
@ -0,0 +1,52 @@
|
|||
# This manifest is managed using cosmos
|
||||
|
||||
Exec {
|
||||
path => "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
|
||||
}
|
||||
|
||||
# include some of this stuff for additional features
|
||||
|
||||
#include cosmos::tools
|
||||
#include cosmos::motd
|
||||
#include cosmos::ntp
|
||||
#include cosmos::rngtools
|
||||
#include cosmos::preseed
|
||||
include ufw
|
||||
include apt
|
||||
include cosmos
|
||||
|
||||
# you need a default node
|
||||
|
||||
node default {
|
||||
|
||||
}
|
||||
|
||||
# edit and uncomment to manage ssh root keys in a simple way
|
||||
|
||||
#class { 'cosmos::access':
|
||||
# keys => [
|
||||
# "ssh-rsa ..."
|
||||
# ]
|
||||
#}
|
||||
|
||||
# example config for the nameserver class which is matched in cosmos-rules.yaml
|
||||
|
||||
#class nameserver {
|
||||
# package {'bind9':
|
||||
# ensure => latest
|
||||
# }
|
||||
# service {'bind9':
|
||||
# ensure => running
|
||||
# }
|
||||
# ufw::allow { "allow-dns-udp":
|
||||
# ip => 'any',
|
||||
# port => 53,
|
||||
# proto => "udp"
|
||||
# }
|
||||
# ufw::allow { "allow-dns-tcp":
|
||||
# ip => 'any',
|
||||
# port => 53,
|
||||
# proto => "tcp"
|
||||
# }
|
||||
#}
|
||||
|
14
global/overlay/etc/puppet/puppet.conf
Normal file
14
global/overlay/etc/puppet/puppet.conf
Normal file
|
@ -0,0 +1,14 @@
|
|||
[main]
|
||||
logdir=/var/log/puppet
|
||||
vardir=/var/lib/puppet
|
||||
ssldir=/var/lib/puppet/ssl
|
||||
rundir=/var/run/puppet
|
||||
factpath=$vardir/lib/facter
|
||||
templatedir=$confdir/templates
|
||||
node_terminus = exec
|
||||
external_nodes = /etc/puppet/cosmos_enc.py
|
||||
|
||||
[master]
|
||||
# These are needed when the puppetmaster is run by passenger
|
||||
# and can safely be removed if webrick is used.
|
||||
ssl_client_header = SSL_CLIENT_S_DN
|
23
global/post-tasks.d/010fix-ssh-perms
Executable file
23
global/post-tasks.d/010fix-ssh-perms
Executable file
|
@ -0,0 +1,23 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# Re-used example from SJD
|
||||
#
|
||||
|
||||
if test -d /root/.ssh && \
|
||||
test `stat -t /root/.ssh | cut -d\ -f5` != 0; then
|
||||
chown root.root /root/.ssh
|
||||
fi
|
||||
|
||||
if test -d /root/.ssh && \
|
||||
test `stat -c %a /root/.ssh` != 700; then
|
||||
chmod 700 /root/.ssh
|
||||
fi
|
||||
|
||||
if test -f /root/.ssh/authorized_keys; then
|
||||
if test `stat -t /root/.ssh/authorized_keys | cut -d\ -f5` != 0; then
|
||||
chown root.root /root/.ssh/authorized_keys
|
||||
fi
|
||||
if test `stat --printf=%a /root/.ssh/authorized_keys` != 600; then
|
||||
chmod 600 /root/.ssh/authorized_keys
|
||||
fi
|
||||
fi
|
16
global/post-tasks.d/015cosmos-trust
Executable file
16
global/post-tasks.d/015cosmos-trust
Executable file
|
@ -0,0 +1,16 @@
|
|||
#!/bin/sh
|
||||
|
||||
for k in /etc/cosmos/keys/*.pub; do
|
||||
fp=`cosmos gpg --with-colons --with-fingerprint < $k| awk -F: '$1 == "pub" {print $5}'`
|
||||
cosmos gpg --with-colons --fingerprint | grep -q ":$fp:" || cosmos gpg --import < $k
|
||||
done
|
||||
|
||||
for fp in `cosmos gpg --with-colons --fingerprint | awk -F: '$1 == "pub" {print $5}'`; do
|
||||
seen="no"
|
||||
for k in /etc/cosmos/keys/*.pub; do
|
||||
cosmos gpg --with-colons --with-fingerprint < $k | grep -q ":$fp:" && seen="yes"
|
||||
done
|
||||
if [ "x$seen" = "xno" ]; then
|
||||
cosmos gpg --yes --batch --delete-key $fp || true
|
||||
fi
|
||||
done
|
4
global/post-tasks.d/020reports
Executable file
4
global/post-tasks.d/020reports
Executable file
|
@ -0,0 +1,4 @@
|
|||
#!/bin/sh
|
||||
|
||||
rm -f /var/run/facts.json
|
||||
facter -p -y > /var/run/facts.yaml
|
13
global/post-tasks.d/030puppet
Executable file
13
global/post-tasks.d/030puppet
Executable file
|
@ -0,0 +1,13 @@
|
|||
#!/bin/sh
|
||||
|
||||
if [ "x$COSMOS_VERBOSE" = "xy" ]; then
|
||||
args="--verbose"
|
||||
else
|
||||
args="--logdest=syslog"
|
||||
fi
|
||||
|
||||
if [ -f /usr/bin/puppet -a -d /etc/puppet/manifests ]; then
|
||||
for m in `find /etc/puppet/manifests -name \*.pp`; do
|
||||
puppet apply $args $m
|
||||
done
|
||||
fi
|
4
global/post-tasks.d/099autoremove
Executable file
4
global/post-tasks.d/099autoremove
Executable file
|
@ -0,0 +1,4 @@
|
|||
#!/bin/sh
|
||||
|
||||
apt-get -qq update
|
||||
apt-get -qq -y autoremove
|
3
global/post-tasks.d/999reboot
Executable file
3
global/post-tasks.d/999reboot
Executable file
|
@ -0,0 +1,3 @@
|
|||
#!/bin/sh
|
||||
|
||||
test -f /var/run/reboot-required -a ! -f /etc/cosmos-manual-reboot && reboot
|
16
global/pre-tasks.d/020common-tools
Executable file
16
global/pre-tasks.d/020common-tools
Executable file
|
@ -0,0 +1,16 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# Re-used example from SJD
|
||||
#
|
||||
|
||||
set -e
|
||||
|
||||
stamp="$COSMOS_BASE/stamps/common-tools-v01.stamp"
|
||||
|
||||
if ! test -f $stamp; then
|
||||
apt-get -y install vim traceroute tcpdump molly-guard less rsync git-core unattended-upgrades ntp
|
||||
update-alternatives --set editor /usr/bin/vim.basic
|
||||
|
||||
mkdir -p `dirname $stamp`
|
||||
touch $stamp
|
||||
fi
|
35
global/pre-tasks.d/030puppet
Executable file
35
global/pre-tasks.d/030puppet
Executable file
|
@ -0,0 +1,35 @@
|
|||
#!/bin/sh
|
||||
#
|
||||
# Re-used example from SJD
|
||||
#
|
||||
|
||||
set -e
|
||||
|
||||
stamp="$COSMOS_BASE/stamps/puppet-tools-v01.stamp"
|
||||
|
||||
if ! test -f $stamp -a -f /usr/bin/puppet; then
|
||||
codename=`lsb_release -c| awk '{print $2}'`
|
||||
wget -c http://apt.puppetlabs.com/puppetlabs-release-${codename}.deb
|
||||
dpkg -i puppetlabs-release-${codename}.deb
|
||||
rm -f puppetlabs-release-${codename}.deb*
|
||||
apt-get update
|
||||
apt-get -y install puppet-common
|
||||
|
||||
mkdir -p `dirname $stamp`
|
||||
touch $stamp
|
||||
fi
|
||||
|
||||
python -c "import yaml" 2>/dev/null || apt-get -y install python-yaml
|
||||
|
||||
if [ -f /etc/puppet/cosmos-modules.conf ]; then
|
||||
grep -E -v "^#" /etc/puppet/cosmos-modules.conf | (
|
||||
cd /etc/puppet/modules && while read module src update; do
|
||||
if [ ! -d /etc/puppet/modules/$module ]; then
|
||||
echo $src | grep -q "://" && git clone $src $module || puppet module install $src
|
||||
else
|
||||
if [ "x$update" = "xyes" ]; then
|
||||
echo $src | grep -q "://" && (cd /etc/puppet/modules/$module && git pull -q) || puppet module upgrade $src
|
||||
fi
|
||||
fi
|
||||
done)
|
||||
fi
|
Loading…
Reference in a new issue