blob: 0f2e81dc18917f4f607d602b5d53af7a42f7edc4 [file] [log] [blame]
# Install salt to the config node
- description: Configure tcpcloud repository on the cfg01 node
cmd: echo 'deb [arch=amd64] http://apt.tcpcloud.eu/nightly/ xenial main security tcp tcp-salt' > /etc/apt/sources.list;
echo 'deb [arch=amd64] http://apt.tcpcloud.eu/nightly/ trusty tcp-salt' >> /etc/apt/sources.list;
wget -O - http://apt.tcpcloud.eu/public.gpg | apt-key add -;
echo "deb http://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest xenial main" > /etc/apt/sources.list.d/saltstack.list;
wget -O - https://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest/SALTSTACK-GPG-KEY.pub | apt-key add -;
node_name: cfg01.mk22-qa-lab01.local
retry: {count: 1, delay: 1}
skip_fail: false
#- description: Configure tcpcloud and saltstack repositories on the rest of nodes
# cmd: echo 'deb [arch=amd64] http://apt.tcpcloud.eu/nightly/ trusty main security extra tcp tcp-salt' > /etc/apt/sources.list;
# wget -O - http://apt.tcpcloud.eu/public.gpg | apt-key add - ;
# echo 'deb http://repo.saltstack.com/apt/ubuntu/14.04/amd64/latest trusty main' > /etc/apt/sources.list.d/saltstack.list;
# wget -O - https://repo.saltstack.com/apt/ubuntu/14.04/amd64/latest/SALTSTACK-GPG-KEY.pub | apt-key add -
# node_name: ***
# retry: {count: 1, delay: 1}
# skip_fail: false
- description: Update packages on cfg01
cmd: apt-get clean; apt-get update && apt-get -y upgrade
node_name: cfg01.mk22-qa-lab01.local
retry: {count: 3, delay: 10}
skip_fail: false
- description: Install common packages on cfg01
cmd: apt-get install -y python-pip wget curl tmux byobu iputils-ping traceroute htop tree
node_name: cfg01.mk22-qa-lab01.local
retry: {count: 3, delay: 10}
skip_fail: false
- description: Install salt formulas, master and minion on cfg01
cmd: apt-get install -y salt-formula-* salt-master salt-minion reclass
node_name: cfg01.mk22-qa-lab01.local
retry: {count: 3, delay: 10}
skip_fail: false
- description: Configure salt-master on cfg01
cmd: |
cat << 'EOF' >> /etc/salt/master.d/master.conf
file_roots:
base:
- /usr/share/salt-formulas/env
pillar_opts: False
open_mode: True
reclass: &reclass
storage_type: yaml_fs
inventory_base_uri: /srv/salt/reclass
ext_pillar:
- reclass: *reclass
master_tops:
reclass: *reclass
EOF
node_name: cfg01.mk22-qa-lab01.local
retry: {count: 1, delay: 1}
skip_fail: false
- description: Configure GIT settings and certificates
cmd: touch /root/.git_trusted_certs.pem;
for server in git.tcpcloud.eu github.com; do
openssl s_client -showcerts -connect $server:443 </dev/null
| openssl x509 -outform PEM
>> /root/.git_trusted_certs.pem;
done;
HOME=/root git config --global http.sslCAInfo /root/.git_trusted_certs.pem;
HOME=/root git config --global user.email "tcp-qa@example.com";
HOME=/root git config --global user.name "TCP QA";
node_name: cfg01.mk22-qa-lab01.local
retry: {count: 1, delay: 1}
skip_fail: false
- description: Clone reclass models and perform a workaround for https://mirantis.jira.com/browse/PROD-8078
cmd: |
git clone https://github.com/Mirantis/mk-lab-salt-model.git /srv/salt/reclass -b dash;
cat << 'EOF' >> /srv/salt/reclass/nodes/control/cfg01.mk22-qa-lab01.local.yml
# local storage
reclass:
storage:
data_source:
engine: local
EOF
sed -i '/nagios/d' /srv/salt/reclass/classes/system/salt/master/formula/pkg/stacklight.yml
cd /srv/salt/reclass; git add -A;git commit -m"use dash repo";
node_name: cfg01.mk22-qa-lab01.local
retry: {count: 1, delay: 1}
skip_fail: false
- description: Configure reclass
cmd: |
mkdir -p /srv/salt/reclass/classes/service;
for i in /usr/share/salt-formulas/reclass/service/*; do
ln -s $i /srv/salt/reclass/classes/service/;
done;
[ ! -d /etc/reclass ] && mkdir /etc/reclass;
cat << 'EOF' >> /etc/reclass/reclass-config.yml
storage_type: yaml_fs
pretty_print: True
output: yaml
inventory_base_uri: /srv/salt/reclass
EOF
node_name: cfg01.mk22-qa-lab01.local
retry: {count: 1, delay: 1}
skip_fail: false
- description: Configure salt-minion on cfg01
cmd: |
[ ! -d /etc/salt/minion.d ] && mkdir -p /etc/salt/minion.d;
cat << "EOF" >> /etc/salt/minion.d/minion.conf
id: cfg01.mk22-qa-lab01.local
master: localhost
EOF
node_name: cfg01.mk22-qa-lab01.local
retry: {count: 1, delay: 1}
skip_fail: false
- description: Restarting salt services with workarounds
cmd: service salt-master restart;
sleep 60;
rm -f /etc/salt/pki/minion/minion_master.pub;
service salt-minion restart;
reclass -n cfg01.mk22-qa-lab01.local;
node_name: cfg01.mk22-qa-lab01.local
retry: {count: 3, delay: 10}
skip_fail: false
- description: * Workaround for VMs: set low 'max_heap_size' for Cassandra
cmd: |
cat << 'EOF' >> /srv/salt/reclass/classes/system/linux/system/single.yml
# opencontrail lowmem
opencontrail:
database:
max_heap_size: "1G"
heap_newsize: "200M"
EOF
node_name: cfg01.mk22-qa-lab01.local
retry: {count: 1, delay: 1}
skip_fail: false
# Prepare salt services and nodes settings
- description: Run 'linux' formula on cfg01
cmd: salt-call --hard-crash --state-output=mixed --state-verbose=False state.sls
linux
node_name: cfg01.mk22-qa-lab01.local
retry: {count: 3, delay: 5}
skip_fail: false
- description: Run 'openssh' formula on cfg01
cmd: salt-call --hard-crash --state-output=mixed --state-verbose=False state.sls
openssh;sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/' /etc/ssh/sshd_config
&& service ssh restart
node_name: cfg01.mk22-qa-lab01.local
retry: {count: 3, delay: 5}
skip_fail: false
- description: '*Workaround* of the bug https://mirantis.jira.com/browse/PROD-7962'
cmd: echo ' StrictHostKeyChecking no' >> /root/.ssh/config
node_name: cfg01.mk22-qa-lab01.local
retry: {count: 1, delay: 1}
skip_fail: false
- description: Run 'salt' formula on cfg01
cmd: salt-call --hard-crash --state-output=mixed --state-verbose=False state.sls
salt
node_name: cfg01.mk22-qa-lab01.local
retry: {count: 3, delay: 5}
skip_fail: true
- description: Accept salt keys from all the nodes
cmd: salt-key -A -y
node_name: cfg01.mk22-qa-lab01.local
retry: {count: 1, delay: 5}
skip_fail: false
- description: Generate inventory for all the nodes to the /srv/salt/reclass/nodes/_generated
cmd: salt-call --hard-crash --state-output=mixed --state-verbose=False state.sls
reclass.storage
node_name: cfg01.mk22-qa-lab01.local
retry: {count: 3, delay: 5}
skip_fail: false
- description: Refresh pillars on all minions
cmd: salt --hard-crash --state-output=mixed --state-verbose=False '*' saltutil.refresh_pillar
node_name: cfg01.mk22-qa-lab01.local
retry: {count: 3, delay: 5}
skip_fail: false
# Bootstrap all nodes
- description: Configure linux on controllers
cmd: salt --hard-crash --state-output=mixed --state-verbose=False '*' state.sls
linux
node_name: cfg01.mk22-qa-lab01.local
retry: {count: 5, delay: 5}
skip_fail: false
- description: Configure openssh on controllers
cmd: salt --hard-crash --state-output=mixed --state-verbose=False -C '* and not
cfg*' state.sls openssh;salt --hard-crash --state-output=mixed --state-verbose=False
-C '* and not cfg*' cmd.run "sed -i 's/PasswordAuthentication no/PasswordAuthentication
yes/' /etc/ssh/sshd_config && service ssh restart"
node_name: cfg01.mk22-qa-lab01.local
retry: {count: 3, delay: 5}
skip_fail: false
- description: '*Workaround* for the bug https://mirantis.jira.com/browse/PROD-8025'
cmd: salt --hard-crash --state-output=mixed --state-verbose=False '*' cmd.run 'apt-get
update && apt-get -y upgrade'
node_name: cfg01.mk22-qa-lab01.local
retry: {count: 3, delay: 5}
skip_fail: true
- description: '*Workaround* for the bug https://mirantis.jira.com/browse/PROD-8021'
cmd: salt --hard-crash --state-output=mixed --state-verbose=False '*' cmd.run 'apt-get
-y install linux-image-extra-$(uname -r)'
node_name: cfg01.mk22-qa-lab01.local
retry: {count: 3, delay: 5}
skip_fail: false
- description: '*Workaround* for the bug https://mirantis.jira.com/browse/PROD-8025'
cmd: salt --hard-crash --state-output=mixed --state-verbose=False '*' cmd.run 'apt-get
-y install python-requests'
node_name: cfg01.mk22-qa-lab01.local
retry: {count: 3, delay: 5}
skip_fail: false
#- description: '*Workaround* of the bug https://mirantis.jira.com/browse/PROD-8063'
# cmd: salt --hard-crash --state-output=mixed --state-verbose=False '*' cmd.run 'dhclient
# -r;dhclient'
# node_name: cfg01.mk22-qa-lab01.local
# retry: {count: 1, delay: 1}
# skip_fail: false
- description: Configure salt.minion on controllers
cmd: salt --hard-crash --state-output=mixed --state-verbose=False '*' state.sls
salt.minion
node_name: cfg01.mk22-qa-lab01.local
retry: {count: 3, delay: 5}
skip_fail: false
- description: Configure ntp on controllers
cmd: salt --hard-crash --state-output=mixed --state-verbose=False '*' state.sls
ntp
node_name: cfg01.mk22-qa-lab01.local
retry: {count: 5, delay: 10}
skip_fail: false