initial commit

README.md

@@ -0,0 +1,75 @@
+---
+= Astapor
+
+Configurations to set up foreman quickly, install openstack puppet modules
+and rapidly provision openstack compute & controller nodes with puppet.
+
+This install is based on the redhat packstack quickstart rpm that can be found here: http:https://openstack.redhat.com/Quickstart with a few modifications
+ - ntp module added
+ - nova module "default_target" function added
+
+Prerequisites:
+
+RHEL 6.4
+ - This *should* work on other operating systems, but has only been tested on RHEL6.4
+
+At least 3 machines
+ - You need 1 machine to run foreman, 1 machine to run the openstack controller
+ and at least one openstack compute node
+
+Machines subscribed + configured
+ - These machines should already be running RHEL 6.4, subscribed, have their
+ networking (with FQDN) set up, be able to reach each other, etc
+
+= Instructions
+
+1. scp foreman_server.sh to your foreman host
+2. sh foreman_server.sh on your foreman host
+3. This will result in a running foreman instance on your machine! 
+4. scp puppet/* to {foreman_host}:/etc/puppet/manifests/production
+5. Log in to foreman. The default username and password are admin/changeme
+6. Set up your smart proxy in foreman!
+ a. Select MORE -> CONFIGURATION -> SMART PROXIES
+ b. Select NEW PROXY
+ c. Name it whatever you want, eg proxy1
+ d. Set the URL to the FQDN of this machine
+ e. Set the port to 8443
+ f. Select SUBMIT
+7. Import your shiny new puppet modules in foreman!
+ a. Select MORE -> CONFIGURATION -> PUPPET CLASSES
+ b. Select Import from {SmartProxyName}
+ c. Select SUBMIT
+8. Set up host groups for openstack controller & compute
+ a. Select MORE -> CONFIGURATION -> HOST GROUPS
+ b. Enter "openstack-compute" as the name
+ c. Enviroment -> Production
+ d. Smart Proxy -> {SmartProxyName}
+ e. Click the "puppet classes" tab
+ f. Select + next to TryStack and TryStack::Compute
+ g. Select SUBMIT
+ h. Repeat this step for openstack-controller, replacing TryStack::Compute with TryStack::Controller and name with openstack-controller
+9. Define global parameters
+ a. Select MORE -> CONFIGURATION -> GLOBAL PARAMETERS
+ b. This is where you have to enter all of the information for your environment
+ c. Read the "answers" file that ships in this repo. For each "answer" in the answer file, 
+ enter a new parameter with that name. You *MUST* have every parameter in the answer file.
+ d. You can make most of the passwords whatever you want. The pacemaker priv/pub, pub & private network interface & network ranges apply to your controller node. 
+10. You're done setting up the server! Time to set up the controller node.
+11. scp foreman_client.sh to your client nodes. 
+ a. Replace puppetmaster with FQDN of your foreman server
+ b. On the foreman server, cat {controller_host} >> /etc/puppet/autosign.conf
+ c. Run foreman_client.sh
+12. Give puppet a test run (puppetd --test). This will register it with the foreman server
+13. On the foreman server, click on "HOSTS". You should see your host.
+ a. Click on your hostname. Click EDIT in the top right.
+ b. Select openstack-controller under hostgroup. 
+ c. Click SUBMIT
+ d. On your client, run puppet agent -tv. This will take quite a while (~10 min)
+ e. You're done setting up the controller node! Let's set up a compute node
+14. Repeat step 11 & 12 for your compute node. 
+15. On the foreman server, click on HOSTS. You should see your host.
+ a. Click on your compute node hostname. Click EDIT in the top right
+ b. Select openstack-compute under hostgroup
+ c. Click SUBMIT
+ d. On your client, run puppet agent -tv. This will take a while (~5 min)
+16. You have your compute node setup! Get to openstacking

answers

@@ -0,0 +1,20 @@
+nova_db_password : changeme
+verbose : true
+mysql_root_password : changeme
+keystone_db_password : changeme
+glance_db_password : changeme
+keystone_admin_token : secret
+admin_email : [email protected]
+admin_password : changeme
+glance_user_password : changeme
+nova_user_password : changeme
+horizon_secret_key : secret
+private_interface : eth0
+public_interface : eth0
+fixed_network_range : 10.13.129.0/24
+floating_network_range : 8.21.28.128/25
+controller_node_public : 10.13.129.75
+pacemaker_priv_floating_ip : 10.13.129.172
+pacemaker_pub_floating_ip : 10.13.129.172
+keystone_password : changeme
+cinder_user_password : changeme

foreman_client.sh

@@ -0,0 +1,17 @@
+# start with a subscribed RHEL6 box
+yum install -y yum-utils yum-rhn-plugin -y
+
+rpm -Uvh http:https://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
+yum-config-manager --enable rhel-6-server-optional-rpms
+yum clean all
+
+# install dependent packages
+yum install -y augeas puppet git policycoreutils-python
+
+export PUPPETMASTER='$PUPPETMASTER'
+
+# Set PuppetServer
+augtool -s set /files/etc/puppet/puppet.conf/agent/server $PUPPETMASTER
+
+# Puppet Plugins
+augtool -s set /files/etc/puppet/puppet.conf/main/pluginsync true

foreman_server.sh

@@ -0,0 +1,30 @@
+# start with a subscribed RHEL6 box
+yum install -y yum-utils yum-rhn-plugin -y
+
+rpm -Uvh http:https://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
+yum-config-manager --enable rhel-6-server-optional-rpms
+yum clean all
+
+# install dependent packages
+yum install -y augeas puppet git policycoreutils-python
+
+# disable selinux in /etc/selinux/config
+# TODO: selinux policy
+setenforce 0
+
+export PUPPETMASTER='puppet.example.org'
+
+# Set PuppetServer
+augtool -s set /files/etc/puppet/puppet.conf/agent/server $PUPPETMASTER
+
+# Puppet Plugins
+augtool -s set /files/etc/puppet/puppet.conf/main/pluginsync true
+
+# TODO: correctly configure iptables
+service iptables stop
+
+# Get foreman-installer modules
+git clone --recursive https://github.com/theforeman/foreman-installer.git /root/foreman-installer
+
+# Install Foreman
+puppet -v --modulepath=/root/foreman-installer -e "include puppet, puppet::server, passenger, foreman_proxy, foreman"

puppet/apache/CHANGELOG

@@ -0,0 +1,42 @@
+2012-08-24 Release 0.4.0
+Changes:
+- `include apache` is now required when using apache::mod::*
+
+Bugfixes:
+- Fix syntax for validate_re
+- Fix formatting in vhost template
+- Fix spec tests such that they pass
+
+2012-05-08 Puppet Labs <[email protected]> - 0.0.4
+e62e362 Fix broken tests for ssl, vhost, vhost::*
+42c6363 Changes to match style guide and pass puppet-lint without error
+42bc8ba changed name => path for file resources in order to name namevar by it's name
+72e13de One end too much
+0739641 style guide fixes: 'true' <> true, $operatingsystem needs to be $::operatingsystem, etc.
+273f94d fix tests
+a35ede5 (#13860) Make a2enmod/a2dismo commands optional
+98d774e (#13860) Autorequire Package['httpd']
+05fcec5 (#13073) Add missing puppet spec tests
+541afda (#6899) Remove virtual a2mod definition
+976cb69 (#13072) Move mod python and wsgi package names to params
+323915a (#13060) Add .gitignore to repo
+fdf40af (#13060) Remove pkg directory from source tree
+fd90015 Add LICENSE file and update the ModuleFile
+d3d0d23 Re-enable local php class
+d7516c7 Make management of firewalls configurable for vhosts
+60f83ba Explicitly lookup scope of apache_name in templates.
+f4d287f (#12581) Add explicit ordering for vdir directory
+88a2ac6 (#11706) puppetlabs-apache depends on puppetlabs-firewall
+a776a8b (#11071) Fix to work with latest firewall module
+2b79e8b (#11070) Add support for Scientific Linux
+405b3e9 Fix for a2mod
+57b9048 Commit apache::vhost::redirect Manifest
+8862d01 Commit apache::vhost::proxy Manifest
+d5c1fd0 Commit apache::mod::wsgi Manifest
+a825ac7 Commit apache::mod::python Manifest
+b77062f Commit Templates
+9a51b4a Vhost File Declarations
+6cf7312 Defaults for Parameters
+6a5b11a Ensure installed
+f672e46 a2mod fix
+8a56ee9 add pthon support to apache

puppet/apache/LICENSE

@@ -0,0 +1,15 @@
+Copyright (C) 2012 Puppet Labs Inc
+
+Puppet Labs can be contacted at: [email protected]
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http:https://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

puppet/apache/Modulefile

@@ -0,0 +1,12 @@
+name 'puppetlabs-apache'
+version '0.4.0'
+source 'git:https://github.com/puppetlabs/puppetlabs-apache.git'
+author 'puppetlabs'
+license 'Apache 2.0'
+summary 'Puppet module for Apache'
+description 'Module for Apache configuration'
+project_page 'https://github.com/puppetlabs/puppetlabs-apache'
+
+## Add dependencies, if any:
+dependency 'puppetlabs/firewall', '>= 0.0.4'
+dependency 'puppetlabs/stdlib', '>= 2.2.1'

puppet/apache/README.md

@@ -0,0 +1,80 @@
+Puppetlabs module for Apache
+============================
+
+Apache is widely-used web server and this module will allow to configure
+various modules and setup virtual hosts with minimal effort.
+
+Basic usage
+-----------
+
+To install Apache
+
+ class {'apache': }
+
+To install the Apache PHP module
+
+ class {'apache::mod::php': }
+
+Configure a virtual host
+------------------------
+
+You can easily configure many parameters of a virtual host. A minimal
+example is:
+
+ apache::vhost { 'www.example.com':
+  priority => '10',
+  vhost_name => '192.0.2.1',
+  port => '80',
+ }
+
+A slightly more complicated example, which moves the docroot and
+logfile to an alternate location, might be:
+
+ apache::vhost { 'www.example.com':
+  priority => '10',
+  vhost_name => '192.0.2.1',
+  port => '80',
+  docroot => '/home/www.example.com/docroot/',
+  logroot => '/srv/www.example.com/logroot/',
+  serveradmin => '[email protected]',
+  serveraliases => ['example.com',],
+ }
+
+Dependencies
+------------
+
+Some functionality is dependent on other modules:
+
+- [stdlib](https://github.com/puppetlabs/puppetlabs-stdlib)
+- [firewall](https://github.com/puppetlabs/puppetlabs-firewall)
+
+Notes
+-----
+
+Since Puppet cannot ensure that all parent directories exist you need to
+manage these yourself. In the more advanced example above, you need to ensure 
+that `/home/www.example.com` and `/srv/www.example.com` directories exist.
+
+Contributors
+------------
+
+ * A cast of hundreds, hopefully you too soon
+
+Copyright and License
+---------------------
+
+Copyright (C) 2012 [Puppet Labs](https://www.puppetlabs.com/) Inc
+
+Puppet Labs can be contacted at: [email protected]
+
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+ http:https://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.

puppet/apache/Rakefile

@@ -0,0 +1 @@
+require 'puppetlabs_spec_helper/rake_tasks'

puppet/apache/files/httpd

@@ -0,0 +1,24 @@
+# Configuration file for the httpd service.
+
+#
+# The default processing model (MPM) is the process-based
+# 'prefork' model. A thread-based model, 'worker', is also
+# available, but does not work with some modules (such as PHP).
+# The service must be stopped before changing this variable.
+#
+#HTTPD=/usr/sbin/httpd.worker
+
+#
+# To pass additional options (for instance, -D definitions) to the
+# httpd binary at startup, set OPTIONS here.
+#
+#OPTIONS=
+#OPTIONS=-DDOWN
+
+#
+# By default, the httpd process is started in the C locale; to 
+# change the locale in which the server runs, the HTTPD_LANG
+# variable can be set.
+#
+#HTTPD_LANG=C
+export SHORTHOST=`hostname -s`

puppet/apache/lib/puppet/provider/a2mod/a2mod.rb

@@ -0,0 +1,22 @@
+Puppet::Type.type(:a2mod).provide(:a2mod) do
+ desc "Manage Apache 2 modules on Debian and Ubuntu"
+
+ optional_commands :encmd => "a2enmod"
+ optional_commands :discmd => "a2dismod"
+
+ confine :osfamily => :debian
+ defaultfor :operatingsystem => [:debian, :ubuntu]
+
+ def create
+ encmd resource[:name]
+ end
+
+ def destroy
+ discmd resource[:name]
+ end
+
+ def exists?
+ mod= "/etc/apache2/mods-enabled/" + resource[:name] + ".load"
+ File.exists?(mod)
+ end
+end