This commit is contained in:
Leif Johansson 2013-09-02 16:01:50 +02:00
commit 7515782eb5
25 changed files with 382 additions and 0 deletions

24
README Normal file
View file

@ -0,0 +1,24 @@
Initial setup:
git clone git://github.com/leifj/multiverse.git myproj-cosmos
cd myproj-cosmos
- rename the github upstream
git remote rename origin github
- add a new upstream & ro branch
git remote add origin git@//yourhost/myproj-cosmos.git
git remote add ro git://yourhost/myproj-cosmos.git
- add stuff...
make bump
To add a new host:
- Make sure you have root access using an SSH key
- ./addhost <fqdn>

45
addhost Executable file
View file

@ -0,0 +1,45 @@
#!/bin/sh
cmd_hostname=""
cmd_do_bootstrap="no"
set -- $(getopt b?h? "$@")
while [ $# -gt 0 ]; do
case "$1" in
(-h) echo "Usage: $0 [-h] [-b] [--] [<host>]"; exit 0;;
(-b) cmd_do_bootstrap="yes" ;;
(--) shift; break;;
(-*) echo "Unknown option $1\nUsage: $0 [-b] [-h] [--] <host>"; exit 1;;
(*) break;;
esac
shift
done
if [ ! -z "$1" -a -z "$cmd_hostname" ]; then
cmd_hostname="$1"
fi
if test -z "$cmd_hostname"; then
echo "Usage: $0 [-h] [-b] [--] <host>"
exit 1
fi
test -f cosmos.conf && . ./cosmos.conf
defrepo=`git remote -v | grep ${remote:="ro"} | grep fetch | awk '{print $2}'`
rrepo=${repo:="$defrepo"}
if [ ! -d $cmd_hostname ]; then
cp -pr default $cmd_hostname
git add $cmd_hostname
git commit -m "$cmd_hostname added" $cmd_hostname
./bump-tag
fi
if [ "$cmd_do_bootstrap" = "yes" ]; then
scp apt/cosmos_1.2-2_all.deb apt/bootstrap-cosmos.sh root@$cmd_hostname:
ssh root@$cmd_hostname ./bootstrap-cosmos.sh $cmd_hostname $rrepo
ssh root@$cmd_hostname cosmos update
ssh root@$cmd_hostname cosmos apply
fi

35
apt/bootstrap-cosmos.sh Executable file
View file

@ -0,0 +1,35 @@
#!/bin/sh
set -e
cmd_hostname="$1"
if test -z "$cmd_hostname"; then
echo "Usage: $0 HOSTNAME REPO"
exit 1
fi
cmd_repo="$2"
if test -z "$cmd_repo"; then
echo "Usage $0 HOSTNAME REPO"
exit 2
fi
set -x
apt-get -y install rsync git-core
dpkg -i cosmos_1.2-2_all.deb
if ! test -d /var/cache/cosmos/repo; then
cosmos clone "$cmd_repo"
fi
hostname $cmd_hostname
perl -pi -e "s,#COSMOS_REPO_MODELS=.*,COSMOS_REPO_MODELS=\"\\\$COSMOS_REPO/global/:\\\$COSMOS_REPO/$cmd_hostname/\"," /etc/cosmos/cosmos.conf
perl -pi -e 's,#COSMOS_UPDATE_VERIFY_GIT_TAG_PATTERN=.*,COSMOS_UPDATE_VERIFY_GIT_TAG_PATTERN="eduid-cosmos*",' /etc/cosmos/cosmos.conf
COSMOS_BASE=/var/cache/cosmos /var/cache/cosmos/repo/global/pre-tasks.d/010cosmos-trust
(date; nohup cosmos -v update && nohup cosmos -v apply; date) > /var/log/cosmos.log 2>&1
exit 0

BIN
apt/cosmos_1.2-2_all.deb Normal file

Binary file not shown.

1
cosmos-rules.yaml Symbolic link
View file

@ -0,0 +1 @@
global/overlay/etc/puppet/cosmos-rules.yaml

2
cosmos.conf Normal file
View file

@ -0,0 +1,2 @@
tag="eduid-cosmos"
#repo=git://override-repo-URL

1
default/README Symbolic link
View file

@ -0,0 +1 @@
../README

53
fabfile/__init__.py Normal file
View file

@ -0,0 +1,53 @@
from fabric.api import run,env
from fabric.operations import get
import os
import yaml
import re
def _all_hosts():
return filter(lambda fn: '.' in fn and not fn.startswith('.') and os.path.isdir(fn),os.listdir("."))
def _roledefs():
rules = dict()
rules_file = "cosmos-rules.yaml";
if os.path.exists(rules_file):
with open(rules_file) as fd:
rules.update(yaml.load(fd))
roles = dict()
for node_name in _all_hosts():
for reg,cls in rules.iteritems():
if re.search(reg,node_name):
for cls_name in cls.keys():
h = roles.get(cls_name,[])
h.append(node_name)
roles[cls_name] = h
return roles
env.user = 'root'
env.timeout = 30
env.connection_attempts = 3
env.warn_only = True
env.skip_bad_hosts = True
env.roledefs = _roledefs()
print repr(env.roledefs)
def all():
env.hosts = _all_hosts()
def cosmos():
run("cosmos update && cosmos apply");
def upgrade():
run("apt-get -qq update && apt-get -y -q dist-upgrade");
def facts():
get("/var/run/facts.yaml",local_path="facts/%(host)s.yaml")
def chassis():
run("ipmi-chassis --get-chassis-status")
def newvm(fqdn,ip,domain):
run("vmbuilder kvm ubuntu --domain %s --dest /var/lib/libvirt/images/%s.img --arch x86_64 --hostname %s --mem 512 --ip %s --addpkg openssh-server" % (domain,fqdn,fqdn,ip))

BIN
fabfile/__init__.pyc Normal file

Binary file not shown.

View file

@ -0,0 +1,4 @@
SHELL=/bin/sh
PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
*/15 * * * * root test -f /etc/no-automatic-cosmos || (cosmos update && cosmos apply)

View file

@ -0,0 +1,11 @@
#
# name source (puppetlabs fq name or git url) upgrade (yes/no)
#
concat puppetlabs/concat no
stdlib puppetlabs/stdlib no
ufw attachmentgenie/ufw no
apt puppetlabs/apt no
vcsrepo puppetlabs/vcsrepo no
xinetd puppetlabs/xinetd no
#golang elithrar/golang yes
#python git://github.com/stankevich/puppet-python.git yes

View file

@ -0,0 +1,2 @@
'ns[0-9]?.mnt.se$':
nameserver:

View file

@ -0,0 +1,24 @@
#!/usr/bin/env python
import sys
import yaml
import os
import re
rules_path = os.environ.get("COSMOS_RULES_PATH","/etc/puppet")
node_name = sys.argv[1]
rules = dict()
for p in rules_path.split(":"):
rules_file = os.path.join(p,"cosmos-rules.yaml")
if os.path.exists(rules_file):
with open(rules_file) as fd:
rules.update(yaml.load(fd))
classes = dict()
for reg,cls in rules.iteritems():
if re.search(reg,node_name):
classes.update(cls)
print yaml.dump(dict(classes=classes))

View file

View file

@ -0,0 +1,52 @@
# This manifest is managed using cosmos
Exec {
path => "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin",
}
# include some of this stuff for additional features
#include cosmos::tools
#include cosmos::motd
#include cosmos::ntp
#include cosmos::rngtools
#include cosmos::preseed
include ufw
include apt
include cosmos
# you need a default node
node default {
}
# edit and uncomment to manage ssh root keys in a simple way
#class { 'cosmos::access':
# keys => [
# "ssh-rsa ..."
# ]
#}
# example config for the nameserver class which is matched in cosmos-rules.yaml
#class nameserver {
# package {'bind9':
# ensure => latest
# }
# service {'bind9':
# ensure => running
# }
# ufw::allow { "allow-dns-udp":
# ip => 'any',
# port => 53,
# proto => "udp"
# }
# ufw::allow { "allow-dns-tcp":
# ip => 'any',
# port => 53,
# proto => "tcp"
# }
#}

View file

@ -0,0 +1,14 @@
[main]
logdir=/var/log/puppet
vardir=/var/lib/puppet
ssldir=/var/lib/puppet/ssl
rundir=/var/run/puppet
factpath=$vardir/lib/facter
templatedir=$confdir/templates
node_terminus = exec
external_nodes = /etc/puppet/cosmos_enc.py
[master]
# These are needed when the puppetmaster is run by passenger
# and can safely be removed if webrick is used.
ssl_client_header = SSL_CLIENT_S_DN

View file

@ -0,0 +1,23 @@
#!/bin/sh
#
# Re-used example from SJD
#
if test -d /root/.ssh && \
test `stat -t /root/.ssh | cut -d\ -f5` != 0; then
chown root.root /root/.ssh
fi
if test -d /root/.ssh && \
test `stat -c %a /root/.ssh` != 700; then
chmod 700 /root/.ssh
fi
if test -f /root/.ssh/authorized_keys; then
if test `stat -t /root/.ssh/authorized_keys | cut -d\ -f5` != 0; then
chown root.root /root/.ssh/authorized_keys
fi
if test `stat --printf=%a /root/.ssh/authorized_keys` != 600; then
chmod 600 /root/.ssh/authorized_keys
fi
fi

View file

@ -0,0 +1,16 @@
#!/bin/sh
for k in /etc/cosmos/keys/*.pub; do
fp=`cosmos gpg --with-colons --with-fingerprint < $k| awk -F: '$1 == "pub" {print $5}'`
cosmos gpg --with-colons --fingerprint | grep -q ":$fp:" || cosmos gpg --import < $k
done
for fp in `cosmos gpg --with-colons --fingerprint | awk -F: '$1 == "pub" {print $5}'`; do
seen="no"
for k in /etc/cosmos/keys/*.pub; do
cosmos gpg --with-colons --with-fingerprint < $k | grep -q ":$fp:" && seen="yes"
done
if [ "x$seen" = "xno" ]; then
cosmos gpg --yes --batch --delete-key $fp || true
fi
done

4
global/post-tasks.d/020reports Executable file
View file

@ -0,0 +1,4 @@
#!/bin/sh
rm -f /var/run/facts.json
facter -p -y > /var/run/facts.yaml

13
global/post-tasks.d/030puppet Executable file
View file

@ -0,0 +1,13 @@
#!/bin/sh
if [ "x$COSMOS_VERBOSE" = "xy" ]; then
args="--verbose"
else
args="--logdest=syslog"
fi
if [ -f /usr/bin/puppet -a -d /etc/puppet/manifests ]; then
for m in `find /etc/puppet/manifests -name \*.pp`; do
puppet apply $args $m
done
fi

View file

@ -0,0 +1,4 @@
#!/bin/sh
apt-get -qq update
apt-get -qq -y autoremove

3
global/post-tasks.d/999reboot Executable file
View file

@ -0,0 +1,3 @@
#!/bin/sh
test -f /var/run/reboot-required -a ! -f /etc/cosmos-manual-reboot && reboot

View file

@ -0,0 +1,16 @@
#!/bin/sh
#
# Re-used example from SJD
#
set -e
stamp="$COSMOS_BASE/stamps/common-tools-v01.stamp"
if ! test -f $stamp; then
apt-get -y install vim traceroute tcpdump molly-guard less rsync git-core unattended-upgrades ntp
update-alternatives --set editor /usr/bin/vim.basic
mkdir -p `dirname $stamp`
touch $stamp
fi

35
global/pre-tasks.d/030puppet Executable file
View file

@ -0,0 +1,35 @@
#!/bin/sh
#
# Re-used example from SJD
#
set -e
stamp="$COSMOS_BASE/stamps/puppet-tools-v01.stamp"
if ! test -f $stamp -a -f /usr/bin/puppet; then
codename=`lsb_release -c| awk '{print $2}'`
wget -c http://apt.puppetlabs.com/puppetlabs-release-${codename}.deb
dpkg -i puppetlabs-release-${codename}.deb
rm -f puppetlabs-release-${codename}.deb*
apt-get update
apt-get -y install puppet-common
mkdir -p `dirname $stamp`
touch $stamp
fi
python -c "import yaml" 2>/dev/null || apt-get -y install python-yaml
if [ -f /etc/puppet/cosmos-modules.conf ]; then
grep -E -v "^#" /etc/puppet/cosmos-modules.conf | (
cd /etc/puppet/modules && while read module src update; do
if [ ! -d /etc/puppet/modules/$module ]; then
echo $src | grep -q "://" && git clone $src $module || puppet module install $src
else
if [ "x$update" = "xyes" ]; then
echo $src | grep -q "://" && (cd /etc/puppet/modules/$module && git pull -q) || puppet module upgrade $src
fi
fi
done)
fi