blob: aad75346499063bb0ed6a2034efd4a76adf9acfc [file] [log] [blame]
dis2b2d8632016-12-08 17:56:57 +02001{% from 'mk22-lab-dvr-defaults.jinja' import DOMAIN_NAME %}
2{% from 'mk22-lab-dvr-defaults.jinja' import HOSTNAME_CFG01 %}
3
4# Install salt to the config node
5
6- description: Configure tcpcloud repository on the cfg01 node
7 cmd: echo 'deb [arch=amd64] http://apt.tcpcloud.eu/nightly/ xenial main security extra tcp tcp-salt' > /etc/apt/sources.list;
8 echo 'deb [arch=amd64] http://apt.tcpcloud.eu/nightly/ trusty tcp-salt' >> /etc/apt/sources.list;
9 wget -O - http://apt.tcpcloud.eu/public.gpg | apt-key add -;
10 echo "deb http://repo.saltstack.com/apt/ubuntu/16.04/amd64/2016.3 xenial main" > /etc/apt/sources.list.d/saltstack.list;
11 wget -O - https://repo.saltstack.com/apt/ubuntu/16.04/amd64/2016.3/SALTSTACK-GPG-KEY.pub | apt-key add -;
12 #echo "deb http://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest xenial main" > /etc/apt/sources.list.d/saltstack.list;
13 #wget -O - https://repo.saltstack.com/apt/ubuntu/16.04/amd64/latest/SALTSTACK-GPG-KEY.pub | apt-key add -;
14 node_name: {{ HOSTNAME_CFG01 }}
15 retry: {count: 1, delay: 1}
16 skip_fail: false
17
18#- description: Configure tcpcloud and saltstack repositories on the rest of nodes
19# cmd: echo 'deb [arch=amd64] http://apt.tcpcloud.eu/nightly/ trusty main security extra tcp tcp-salt' > /etc/apt/sources.list;
20# wget -O - http://apt.tcpcloud.eu/public.gpg | apt-key add - ;
21# echo 'deb http://repo.saltstack.com/apt/ubuntu/14.04/amd64/latest trusty main' > /etc/apt/sources.list.d/saltstack.list;
22# wget -O - https://repo.saltstack.com/apt/ubuntu/14.04/amd64/latest/SALTSTACK-GPG-KEY.pub | apt-key add -
23# node_name: ***
24# retry: {count: 1, delay: 1}
25# skip_fail: false
26
27- description: Update packages on cfg01
28 cmd: apt-get clean; apt-get update && apt-get -y upgrade
29 node_name: {{ HOSTNAME_CFG01 }}
30 retry: {count: 3, delay: 10}
31 skip_fail: false
32
33- description: Install common packages on cfg01
34 cmd: apt-get install -y python-pip wget curl tmux byobu iputils-ping traceroute htop tree
35 node_name: {{ HOSTNAME_CFG01 }}
36 retry: {count: 3, delay: 10}
37 skip_fail: false
38
39- description: Install salt formulas, master and minion on cfg01
40 # cmd: apt-get install -y salt-formula-* salt-master salt-minion reclass
41 cmd: apt-get install -y
42 salt-master
43 salt-minion
44 reclass
45 salt-formula-linux
46 salt-formula-reclass
47 salt-formula-salt
48 salt-formula-openssh
49 salt-formula-ntp
50 salt-formula-git
51 salt-formula-nginx
52 salt-formula-collectd
53 salt-formula-sensu
54 salt-formula-heka
55 salt-formula-sphinx
56 salt-formula-keystone
57 salt-formula-mysql
58 salt-formula-grafana
59 salt-formula-haproxy
60 node_name: {{ HOSTNAME_CFG01 }}
61 retry: {count: 3, delay: 10}
62 skip_fail: false
63
64- description: Configure salt-master on cfg01
65 cmd: |
66 cat << 'EOF' >> /etc/salt/master.d/master.conf
67 file_roots:
68 base:
69 - /usr/share/salt-formulas/env
70 pillar_opts: False
71 open_mode: True
72 reclass: &reclass
73 storage_type: yaml_fs
74 inventory_base_uri: /srv/salt/reclass
75 ext_pillar:
76 - reclass: *reclass
77 master_tops:
78 reclass: *reclass
79 EOF
80 node_name: {{ HOSTNAME_CFG01 }}
81 retry: {count: 1, delay: 1}
82 skip_fail: false
83
84- description: Configure GIT settings and certificates
85 cmd: touch /root/.git_trusted_certs.pem;
86 for server in git.tcpcloud.eu github.com; do
87 openssl s_client -showcerts -connect $server:443 </dev/null
88 | openssl x509 -outform PEM
89 >> /root/.git_trusted_certs.pem;
90 done;
91 HOME=/root git config --global http.sslCAInfo /root/.git_trusted_certs.pem;
92 HOME=/root git config --global user.email "tcp-qa@example.com";
93 HOME=/root git config --global user.name "TCP QA";
94 node_name: {{ HOSTNAME_CFG01 }}
95 retry: {count: 1, delay: 1}
96 skip_fail: false
97
98- description: Clone reclass models and perform a workaround for https://mirantis.jira.com/browse/PROD-8078
99 cmd: |
100 git clone https://github.com/Mirantis/mk-lab-salt-model.git /srv/salt/reclass;
101 cd /srv/salt/reclass;
102 git checkout master;
103 cat << 'EOF' >> /srv/salt/reclass/nodes/control/{{ HOSTNAME_CFG01 }}.yml
104 # local storage
105 reclass:
106 storage:
107 data_source:
108 engine: local
109 EOF
110 sed -i '/nagios/d' /srv/salt/reclass/classes/system/salt/master/formula/pkg/stacklight.yml
111 cd /srv/salt/reclass; git add -A;git commit -m"use dash repo";
112 node_name: {{ HOSTNAME_CFG01 }}
113 retry: {count: 1, delay: 1}
114 skip_fail: false
115
116- description: Configure reclass
117 cmd: |
118 mkdir -p /srv/salt/reclass/classes/service;
119 for i in /usr/share/salt-formulas/reclass/service/*; do
120 ln -s $i /srv/salt/reclass/classes/service/;
121 done;
122 [ ! -d /etc/reclass ] && mkdir /etc/reclass;
123 cat << 'EOF' >> /etc/reclass/reclass-config.yml
124 storage_type: yaml_fs
125 pretty_print: True
126 output: yaml
127 inventory_base_uri: /srv/salt/reclass
128 EOF
129 node_name: {{ HOSTNAME_CFG01 }}
130 retry: {count: 1, delay: 1}
131 skip_fail: false
132
133- description: Configure salt-minion on cfg01
134 cmd: |
135 [ ! -d /etc/salt/minion.d ] && mkdir -p /etc/salt/minion.d;
136 cat << "EOF" >> /etc/salt/minion.d/minion.conf
137 id: {{ HOSTNAME_CFG01 }}
138 master: localhost
139 EOF
140 node_name: {{ HOSTNAME_CFG01 }}
141 retry: {count: 1, delay: 1}
142 skip_fail: false
143
144- description: Workaround set low max_heap_size for Cassandra
145 cmd: |
146 cat << 'EOF' >> /srv/salt/reclass/classes/system/opencontrail/control/cluster.yml
147 # opencontrail lowmem
148 opencontrail:
149 database:
150 max_heap_size: "1G"
151 heap_newsize: "200M"
152 EOF
153 node_name: {{ HOSTNAME_CFG01 }}
154 retry: {count: 1, delay: 1}
155 skip_fail: false
156
157- description: Restarting salt serviceswith workarounds
158 cmd: service salt-master restart;
159 sleep 30;
160 service salt-master restart;
161 sleep 30;
162 rm -f /etc/salt/pki/minion/minion_master.pub;
163 service salt-minion restart;
164 reclass -n {{ HOSTNAME_CFG01 }};
165 sleep 10;
166 node_name: {{ HOSTNAME_CFG01 }}
167 retry: {count: 3, delay: 10}
168 skip_fail: false
169
170
171# Prepare salt services and nodes settings
172- description: Run 'linux' formula on cfg01
173 cmd: salt --hard-crash --state-output=mixed --state-verbose=False
174 -C 'I@salt:master' state.sls linux
175 node_name: {{ HOSTNAME_CFG01 }}
176 retry: {count: 3, delay: 5}
177 skip_fail: false
178
179- description: Run 'openssh' formula on cfg01
180 cmd: salt --hard-crash --state-output=mixed --state-verbose=False
181 -C 'I@salt:master' state.sls openssh;
182 salt --hard-crash --state-output=mixed --state-verbose=False
183 -C 'I@salt:master' cmd.run "sed -i 's/PasswordAuthentication no/PasswordAuthentication
184 yes/' /etc/ssh/sshd_config && service ssh restart";
185 node_name: {{ HOSTNAME_CFG01 }}
186 retry: {count: 3, delay: 5}
187 skip_fail: false
188
189- description: '*Workaround* of the bug https://mirantis.jira.com/browse/PROD-7962'
190 cmd: salt --hard-crash --state-output=mixed --state-verbose=False
191 '*' cmd.run "echo ' StrictHostKeyChecking no' >> /root/.ssh/config"
192 node_name: {{ HOSTNAME_CFG01 }}
193 retry: {count: 1, delay: 1}
194 skip_fail: false
195
196- description: Run 'salt' formula on cfg01
197 cmd: timeout 120 salt --hard-crash --state-output=mixed --state-verbose=False
198 -C 'I@salt:master' state.sls salt.master
199 node_name: {{ HOSTNAME_CFG01 }}
200 retry: {count: 3, delay: 5}
201 skip_fail: true
202
203- description: Accept salt keys from all the nodes
204 cmd: salt-key -A -y
205 node_name: {{ HOSTNAME_CFG01 }}
206 retry: {count: 1, delay: 5}
207 skip_fail: false
208
209- description: Generate inventory for all the nodes to the /srv/salt/reclass/nodes/_generated
210 cmd: salt --hard-crash --state-output=mixed --state-verbose=False
211 -C 'I@salt:master' state.sls reclass
212 node_name: {{ HOSTNAME_CFG01 }}
213 retry: {count: 3, delay: 5}
214 skip_fail: false
215
216- description: Refresh pillars on all minions
217 cmd: salt --hard-crash --state-output=mixed --state-verbose=False '*' saltutil.refresh_pillar
218 node_name: {{ HOSTNAME_CFG01 }}
219 retry: {count: 3, delay: 5}
220 skip_fail: false
221
222- description: Sync all salt resources
223 cmd: salt --hard-crash --state-output=mixed --state-verbose=False '*' saltutil.sync_all
224 node_name: {{ HOSTNAME_CFG01 }}
225 retry: {count: 3, delay: 5}
226 skip_fail: false
227
228
229# Bootstrap all nodes
230
231- description: Configure linux on all nodes
232 cmd: salt --hard-crash --state-output=mixed --state-verbose=False '*' state.sls
233 linux
234 node_name: {{ HOSTNAME_CFG01 }}
235 retry: {count: 5, delay: 5}
236 skip_fail: false
237
238- description: Configure openssh on all nodes
239 cmd: salt --hard-crash --state-output=mixed --state-verbose=False -C '* and not
240 cfg*' state.sls openssh;salt --hard-crash --state-output=mixed --state-verbose=False
241 -C '* and not cfg*' cmd.run "sed -i 's/PasswordAuthentication no/PasswordAuthentication
242 yes/' /etc/ssh/sshd_config && service ssh restart"
243 node_name: {{ HOSTNAME_CFG01 }}
244 retry: {count: 3, delay: 5}
245 skip_fail: false
246
247- description: '*Workaround* for the bug https://mirantis.jira.com/browse/PROD-8021'
248 cmd: salt --hard-crash --state-output=mixed --state-verbose=False '*' cmd.run 'apt-get
249 -y install linux-image-extra-$(uname -r)'
250 node_name: {{ HOSTNAME_CFG01 }}
251 retry: {count: 3, delay: 5}
252 skip_fail: false
253
254- description: Configure salt.minion on controllers
255 cmd: salt --hard-crash --state-output=mixed --state-verbose=False '*' state.sls
256 salt.minion
257 node_name: {{ HOSTNAME_CFG01 }}
258 retry: {count: 3, delay: 5}
259 skip_fail: false
260
261- description: Check salt minion versions on slaves
262 cmd: salt '*' test.version
263 node_name: {{ HOSTNAME_CFG01 }}
264 retry: {count: 3, delay: 5}
265 skip_fail: false
266
267- description: Configure ntp on controllers
268 cmd: salt --hard-crash --state-output=mixed --state-verbose=False '*' state.sls
269 ntp
270 node_name: {{ HOSTNAME_CFG01 }}
271 retry: {count: 5, delay: 10}
272 skip_fail: false
273