Skip to content

Instantly share code, notes, and snippets.

@Apsu

Apsu/chef-uninstall.sh

Last active December 25, 2015 11:49
Show Gist options
  • Save Apsu/6971530 to your computer and use it in GitHub Desktop.
Save Apsu/6971530 to your computer and use it in GitHub Desktop.
Download ZIP
Chef environment reconfiguration wrapper and helpers. This setup assumes you have GNU parallel installed. The list of nodes and their names are at the top of the "reconfigure" script. There's also an example environment file "grizzly.json". Modify both to suit your needs.
Raw
chef-uninstall.sh
#!/usr/bin/env bash
chef-server-ctl uninstall
dpkg -P chef-server
apt-get autoremove -y
apt-get purge -y
rm -rf /etc/chef-server /etc/chef /opt/chef-server /opt/chef /root/.chef /var/opt/chef-server/ /var/chef /var/log/chef-server/
sed -i '/export PATH=\${PATH}:\/opt\/chef-server\/bin/d' /root/.bash_profile
pkill -9 -f /opt/chef
pkill -9 -f beam
pkill -9 -f postgres
Raw
grizzly.json
{
"name": "grizzly",
"description": "OpenStack Grizzly",
"cookbook_versions": {
},
"json_class": "Chef::Environment",
"chef_type": "environment",
"default_attributes": {
},
"override_attributes": {
"glance": {
"image_upload": true,
"images": [
"cirros",
"precise"
]
},
"nova": {
"network": {
"provider": "quantum"
}
},
"rabbitmq": {
"use_distro_version": false
},
"quantum": {
"ovs": {
"network_type": "gre",
"provider_networks": [
{
"label": "ph-10g",
"bridge": "br-10g",
"vlans": "1:1000"
}
]
}
},
"ha": {
"available_services": {
"quantum-server": {
"lb_options": [
"forwardfor",
"httpchk",
"httplog",
"activebackup"
]
}
}
},
"vips": {
"rabbitmq-queue": "10.127.83.100",
"horizon-dash": "10.127.83.101",
"quantum-api": "10.127.83.101",
"horizon-dash_ssl": "10.127.83.101",
"keystone-service-api": "10.127.83.101",
"keystone-admin-api": "10.127.83.101",
"keystone-internal-api": "10.127.83.101",
"nova-xvpvnc-proxy": "10.127.83.101",
"nova-api": "10.127.83.101",
"nova-ec2-public": "10.127.83.101",
"nova-novnc-proxy": "10.127.83.101",
"cinder-api": "10.127.83.101",
"glance-api": "10.127.83.101",
"glance-registry": "10.127.83.101",
"swift-proxy": "10.127.83.101",
"mysql-db": "10.127.83.102",
"config": {
"10.127.83.100": {
"vrid": 11,
"network": "public"
},
"10.127.83.101": {
"vrid": 12,
"network": "public"
},
"10.127.83.102": {
"vrid": 10,
"network": "public"
}
}
},
"mysql": {
"allow_remote_root": true,
"root_network_acl": "%"
},
"osops_networks": {
"nova": "10.127.83.0/25",
"public": "10.127.83.0/25",
"management": "10.127.83.0/25"
}
}
}
Raw
install-chef-client.sh
#!/bin/bash
#
# Copyright 2013 Rackspace US, Inc
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
CLIENT_VERSION=${CLIENT_VERSION:-"11.2.0-1"}
ENVIRONMENT=${ENVIRONMENT:-_default}
PRIMARY_INTERFACE=$(ip route list match 0.0.0.0 | awk 'NR==1 {print $5}')
MY_IP=$(ip addr show dev ${PRIMARY_INTERFACE} | awk 'NR==3 {print $2}' | cut -d '/' -f1)
CHEF_FE_SSL_PORT=${CHEF_FE_SSL_PORT:-443}
CHEF_URL=${CHEF_URL:-https://${MY_IP}:${CHEF_FE_SSL_PORT}}
cat > /tmp/install_$1.sh <<EOF
sudo apt-get install -y curl
curl -skS -L http://www.opscode.com/chef/install.sh | bash -s - -v ${CLIENT_VERSION}
mkdir -p /etc/chef
cp /tmp/validation.pem /etc/chef/validation.pem
cat <<EOF2 > /etc/chef/client.rb
Ohai::Config[:disabled_plugins] = ["passwd"]
chef_server_url "${CHEF_URL}"
chef_environment "${ENVIRONMENT}"
EOF2
cat <<EOF2 > /etc/chef/knife.rb
chef_server_url "${CHEF_URL}"
chef_environment "${ENVIRONMENT}"
node_name "${1}"
EOF2
EOF
if [ ! -e validation.pem ]; then
sudo cp /etc/chef-server/chef-validator.pem ./validation.pem
sudo chown ${USER}: ./validation.pem
fi
scp ./validation.pem $1:/tmp/validation.pem
scp /tmp/install_$1.sh $1:/tmp/install.sh
ssh $1 sudo /bin/bash /tmp/install.sh
ssh $1 sudo chef-client
Raw
install-chef-server.sh
#!/bin/bash
#
# Copyright 2013 Rackspace US, Inc
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
CLIENT_VERSION=${CLIENT_VERSION:-"11.2.0-1"}
ENVIRONMENT=${ENVIRONMENT:-_default}
PRIMARY_INTERFACE=$(ip route list match 0.0.0.0 | awk 'NR==1 {print $5}')
MY_IP=$(ip addr show dev ${PRIMARY_INTERFACE} | awk 'NR==3 {print $2}' | cut -d '/' -f1)
CHEF_FE_SSL_PORT=${CHEF_FE_SSL_PORT:-443}
CHEF_URL=${CHEF_URL:-https://${MY_IP}:${CHEF_FE_SSL_PORT}}
CHEF_SERVER_VERSION=${CHEF_SERVER_VERSION:-11.0.8-1}
if [[ $OS_TYPE = "ubuntu" ]]; then
apt-get update -y --force-yes
locale-gen en_US.UTF-8
apt-get install -y --force-yes lsb-release curl wget
cp /etc/resolv.conf /tmp/rc
apt-get remove --purge resolvconf -y --force-yes
cp /tmp/rc /etc/resolv.conf
elif [[ $OS_TYPE = "redhat" ]] || [[ $OS_TYPE = "centos" ]] || [[ $OS_TYPE = "fedora" ]]; then
yum -y install curl wget
else
echo "Your distribution is not supported"
exit 1
fi
PRIMARY_INTERFACE=$(ip route list match 0.0.0.0 | awk 'NR==1 {print $5}')
MY_IP=$(ip addr show dev ${PRIMARY_INTERFACE} | awk 'NR==3 {print $2}' | cut -d '/' -f1)
CHEF_UNIX_USER=${CHEF_UNIX_USER:-root}
# due to http://tickets.opscode.com/browse/CHEF-3849 CHEF_FE_PORT is not used yet
CHEF_FE_PORT=${CHEF_FE_PORT:-80}
CHEF_FE_SSL_PORT=${CHEF_FE_SSL_PORT:-443}
CHEF_URL=${CHEF_URL:-https://${MY_IP}:${CHEF_FE_SSL_PORT}}
if [ ! -e "/etc/chef-server/chef-server.rb" ]; then
# defaults if not set
CHEF_WEBUI_PASSWORD=${CHEF_WEBUI_PASSWORD:-$(pwgen)}
CHEF_AMQP_PASSWORD=${CHEF_AMQP_PASSWORD:-$(pwgen)}
CHEF_POSTGRESQL_PASSWORD=${CHEF_POSTGRESQL_PASSWORD:-$(pwgen)}
CHEF_POSTGRESQL_RO_PASSWORD=${CHEF_POSTGRESQL_PASSWORD:-$(pwgen)}
mkdir -p /etc/chef-server
cat > /etc/chef-server/chef-server.rb <<EOF
node.override["chef_server"]["chef-server-webui"]["web_ui_admin_default_password"] = "${CHEF_WEBUI_PASSWORD}"
node.override["chef_server"]["rabbitmq"]["password"] = "${CHEF_AMQP_PASSWORD}"
node.override["chef_server"]["postgresql"]["sql_password"] = "${CHEF_POSTGRESQL_PASSWORD}"
node.override["chef_server"]["postgresql"]["sql_ro_password"] = "${CHEF_POSTGRESQL_RO_PASSWORD}"
node.override["chef_server"]["nginx"]["url"] = "${CHEF_URL}"
node.override["chef_server"]["nginx"]["ssl_port"] = ${CHEF_FE_SSL_PORT}
node.override["chef_server"]["nginx"]["non_ssl_port"] = ${CHEF_FE_PORT}
node.override["chef_server"]["nginx"]["enable_non_ssl"] = true
if (node['memory']['total'].to_i / 4) > ((node['chef_server']['postgresql']['shmmax'].to_i / 1024) - 2097152)
# guard against setting shared_buffers > shmmax on hosts with installed RAM > 64GB
# use 2GB less than shmmax as the default for these large memory machines
node.override['chef_server']['postgresql']['shared_buffers'] = "14336MB"
else
node.override['chef_server']['postgresql']['shared_buffers'] = "#{(node['memory']['total'].to_i / 4) / (1024)}MB"
end
EOF
HOMEDIR=$(getent passwd ${CHEF_UNIX_USER} | cut -d: -f6)
export HOME=${HOMEDIR}
if [[ $OS_TYPE = "ubuntu" ]]; then
if ! dpkg -s chef-server &>/dev/null; then
curl -L "http://www.opscode.com/chef/download-server?p=ubuntu&pv=${OS_VER}&m=x86_64&v=${CHEF_SERVER_VERSION}" > /tmp/chef-server.deb
dpkg -i /tmp/chef-server.deb
chef-server-ctl reconfigure
rm -f /tmp/chef-server.deb
fi
else
if ! rpm -q chef-server &>/dev/null; then
curl -L "http://www.opscode.com/chef/download-server?p=el&pv=${OS_VER}&m=x86_64&v=${CHEF_SERVER_VERSION}" > /tmp/chef-server.rpm
rpm -ivh /tmp/chef-server.rpm
chef-server-ctl reconfigure
rm -f /tmp/chef-server.rpm
fi
fi
mkdir -p ${HOMEDIR}/.chef
cp /etc/chef-server/{chef-validator.pem,admin.pem} ${HOMEDIR}/.chef
chown -R ${CHEF_UNIX_USER}: ${HOMEDIR}/.chef
if [[ ! -e ${HOMEDIR}/.chef/knife.rb ]]; then
/opt/chef-server/embedded/bin/knife configure <<EOF
${HOMEDIR}/.chef/knife.rb
${CHEF_URL}
admin
chef-validator
${HOMEDIR}/.chef/chef-validator.pem
EOF
# setup the path
echo 'export PATH=${PATH}:/opt/chef-server/embedded/bin' >> ${HOMEDIR}/.bash_profile
fi
# these are only returned on a run where we actually install chef-server
source ${HOMEDIR}/.bash_profile
knife cookbook upload -o ${HOMEDIR}/chef-cookbooks/cookbooks -a
knife role from_file ${HOMEDIR}/chef-cookbooks/roles/*.rb
knife environment from_file grizzly.json
fi
Raw
reconfigure.sh
#!/usr/bin/env bash
set -e
# Exit on ^C
trap exit INT
controllers=(evinfra{1,2})
computes=(evcompute{1,2,4,5})
items="{apache,openvswitch,mysql,monit,rabbitmq,nova,glance,cinder,quantum,keystone,keepalived,memcached,haproxy,chef}"
temp=($(eval echo ${items}))
procs=$(IFS='|'; echo "(${temp[*]})")
_nuke() {
echo "===== Nuking chef-server from orbit. It's the only way to be sure. ====="
./chef-uninstall
./install-chef-server.sh
rm validation.pem
}
_clean() {
echo "===== Cleaning boxes ====="
parallel --tag --onall --sshlogin $(IFS=,; echo "${controllers[*]},${computes[*]}") :::: <<EOF || true
mkdir -p tmp
cd tmp
pkill -9 -f "${procs}"
ipvsadm -C
DEBIAN_FRONTEND=noninteractive dpkg --configure -a
DEBIAN_FRONTEND=noninteractive apt-get purge ${items}* -y -qq
rm -rf /etc/${items}* /var/lib/${items}* /var/log/${items}* /root/.{erlang,my,chef}* /var/chef* /var/opt/chef*
cd
rmdir tmp
EOF
}
_reload() {
echo "===== Reconfigure chef clients ====="
for i in "${controllers[@]}" "${computes[@]}"
do
knife node delete $i -y || true
knife client delete $i -y || true
/root/install-chef-client.sh $i
done
}
_envs() {
echo "===== Setting environments -- Chef sucks so this is usually slow ====="
knife exec -E "nodes.search('chef_environment:_default') {|n| n.chef_environment('grizzly'); n.save}"
nodes=($(knife exec -E "nodes.search('chef_environment:_default') {|n| puts n.name}"))
while [[ ${#nodes[@]} -gt 0 ]]
do
echo -n .
knife exec -E "nodes.search('chef_environment:_default') {|n| n.chef_environment('grizzly'); n.save}"
nodes=($(knife exec -E "nodes.search('chef_environment:_default') {|n| puts n.name}"))
done
echo
}
_runlists() {
echo "===== Setting runlists ====="
# Setup controller runlists
knife node run_list add ${controllers[0]} "role[ha-controller1],role[single-network-node]"
knife node run_list add ${controllers[1]} "role[ha-controller2],role[single-network-node]"
# Setup compute runlists
for i in "${computes[@]}"
do
knife node run_list add $i "role[single-compute]"
done
}
_chef() {
# Rerun chef-client on controllers in order
echo "===== Chef'ing controllers ====="
ssh ${controllers[0]} chef-client -l info
ssh ${controllers[1]} chef-client -l info
ssh ${controllers[0]} chef-client -l info
# Rerun chef-client on computes simultaneously
echo "===== Chef'ing computes ====="
parallel --tag --nonall --sshlogin $(IFS=,; echo "${computes[*]}") chef-client -l info
}
# Check ze args
for arg in $@
do
case "${arg,,}" in
nuke)
# Nuke chef-server
_nuke
;;
clean)
# Clean up boxes
_clean
;;
reload)
# Reconfigure chef clients
_reload
;;
envs)
# Setup environments
_envs
;;
runlists)
# Setup runlists
_runlists
;;
chef)
# And go!
_chef
;;
esac
done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment